aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2018-11-20 21:35:20 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2018-11-20 21:35:20 +0000
commitcb4e98802be771d5e12e87adece3c351ad69aa38 (patch)
tree431af2e98111dd209d126a5433e987b2f2a26c08
parent500d06c3a6ca4713ef18e67cef861326fe9601ad (diff)
downloadsrc-cb4e98802be771d5e12e87adece3c351ad69aa38.tar.gz
src-cb4e98802be771d5e12e87adece3c351ad69aa38.zip
MFC: r340703
Merge OpenSSL 1.1.1a.
Notes
Notes: svn path=/stable/12/; revision=340705
-rw-r--r--crypto/openssl/CHANGES37
-rwxr-xr-xcrypto/openssl/Configure79
-rw-r--r--crypto/openssl/INSTALL10
-rw-r--r--crypto/openssl/NEWS5
-rw-r--r--crypto/openssl/README2
-rw-r--r--crypto/openssl/apps/app_rand.c3
-rw-r--r--crypto/openssl/apps/apps.c6
-rw-r--r--crypto/openssl/apps/apps.h6
-rw-r--r--crypto/openssl/apps/ca.c21
-rw-r--r--crypto/openssl/apps/ocsp.c2
-rw-r--r--crypto/openssl/apps/openssl.cnf2
-rw-r--r--crypto/openssl/apps/opt.c1
-rw-r--r--crypto/openssl/apps/rehash.c2
-rw-r--r--crypto/openssl/apps/rsa.c7
-rw-r--r--crypto/openssl/apps/s_cb.c3
-rw-r--r--crypto/openssl/apps/s_server.c10
-rw-r--r--crypto/openssl/apps/speed.c2
-rw-r--r--crypto/openssl/apps/x509.c4
-rw-r--r--crypto/openssl/crypto/LPdir_unix.c2
-rw-r--r--crypto/openssl/crypto/async/arch/async_posix.h3
-rw-r--r--crypto/openssl/crypto/bio/b_sock2.c2
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c4
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c5
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c8
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c2
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c42
-rw-r--r--crypto/openssl/crypto/build.info2
-rw-r--r--crypto/openssl/crypto/conf/conf_api.c5
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c7
-rw-r--r--crypto/openssl/crypto/cryptlib.c2
-rw-r--r--crypto/openssl/crypto/ct/ct_log.c2
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c6
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c61
-rw-r--r--crypto/openssl/crypto/ec/ec_ameth.c4
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c6
-rw-r--r--crypto/openssl/crypto/ec/ec_pmeth.c4
-rw-r--r--crypto/openssl/crypto/ec/ecdh_kdf.c19
-rw-r--r--crypto/openssl/crypto/engine/eng_devcrypto.c132
-rw-r--r--crypto/openssl/crypto/engine/eng_list.c3
-rw-r--r--crypto/openssl/crypto/err/openssl.txt1
-rw-r--r--crypto/openssl/crypto/evp/e_aes.c2
-rw-r--r--crypto/openssl/crypto/evp/e_rc2.c10
-rw-r--r--crypto/openssl/crypto/evp/pmeth_lib.c6
-rw-r--r--crypto/openssl/crypto/getenv.c31
-rw-r--r--crypto/openssl/crypto/include/internal/ec_int.h8
-rw-r--r--crypto/openssl/crypto/include/internal/rand_int.h7
-rw-r--r--crypto/openssl/crypto/kdf/hkdf.c14
-rw-r--r--crypto/openssl/crypto/mem_sec.c50
-rw-r--r--crypto/openssl/crypto/o_fopen.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c18
-rw-r--r--crypto/openssl/crypto/poly1305/poly1305_ieee754.c2
-rw-r--r--crypto/openssl/crypto/rand/drbg_ctr.c12
-rw-r--r--crypto/openssl/crypto/rand/drbg_lib.c225
-rw-r--r--crypto/openssl/crypto/rand/rand_err.c1
-rw-r--r--crypto/openssl/crypto/rand/rand_lcl.h69
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c136
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c56
-rw-r--r--crypto/openssl/crypto/rand/randfile.c44
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c16
-rw-r--r--crypto/openssl/crypto/rsa/rsa_meth.c4
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ossl.c3
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/keccak1600-s390x.pl4
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha512p8-ppc.pl29
-rw-r--r--crypto/openssl/crypto/siphash/siphash.c14
-rw-r--r--crypto/openssl/crypto/sm2/sm2_crypt.c5
-rw-r--r--crypto/openssl/crypto/sm2/sm2_sign.c1
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c18
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c2
-rw-r--r--crypto/openssl/crypto/x509/by_file.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c11
-rw-r--r--crypto/openssl/doc/man1/ca.pod6
-rw-r--r--crypto/openssl/doc/man1/enc.pod48
-rw-r--r--crypto/openssl/doc/man1/openssl.pod57
-rw-r--r--crypto/openssl/doc/man1/req.pod6
-rw-r--r--crypto/openssl/doc/man1/rsa.pod25
-rw-r--r--crypto/openssl/doc/man1/s_server.pod14
-rw-r--r--crypto/openssl/doc/man1/storeutl.pod7
-rw-r--r--crypto/openssl/doc/man1/x509.pod11
-rw-r--r--crypto/openssl/doc/man3/DES_random_key.pod28
-rw-r--r--crypto/openssl/doc/man3/EVP_DigestInit.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod283
-rw-r--r--crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod4
-rw-r--r--crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod4
-rw-r--r--crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod35
-rw-r--r--crypto/openssl/doc/man3/EVP_aes.pod8
-rw-r--r--crypto/openssl/doc/man3/EVP_aria.pod8
-rw-r--r--crypto/openssl/doc/man3/EVP_bf_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_camellia.pod8
-rw-r--r--crypto/openssl/doc/man3/EVP_cast5_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_des.pod32
-rw-r--r--crypto/openssl/doc/man3/EVP_idea_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_md5.pod4
-rw-r--r--crypto/openssl/doc/man3/EVP_rc2_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_seed_cbc.pod5
-rw-r--r--crypto/openssl/doc/man3/EVP_sm4_cbc.pod3
-rw-r--r--crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod7
-rw-r--r--crypto/openssl/doc/man3/RSA_meth_new.pod4
-rw-r--r--crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod148
-rw-r--r--crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod5
-rw-r--r--crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod103
-rw-r--r--crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod6
-rw-r--r--crypto/openssl/doc/man3/SSL_get_client_CA_list.pod62
-rw-r--r--crypto/openssl/doc/man3/SSL_get_error.pod2
-rw-r--r--crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod12
-rw-r--r--crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod53
-rw-r--r--crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod43
-rw-r--r--crypto/openssl/doc/man3/SSL_set_bio.pod4
-rw-r--r--crypto/openssl/doc/man3/SSL_set_shutdown.pod10
-rw-r--r--crypto/openssl/doc/man3/SSL_shutdown.pod78
-rw-r--r--crypto/openssl/doc/man7/RAND_DRBG.pod2
-rw-r--r--crypto/openssl/e_os.h15
-rw-r--r--crypto/openssl/include/internal/cryptlib.h2
-rw-r--r--crypto/openssl/include/internal/tsan_assist.h6
-rw-r--r--crypto/openssl/include/openssl/cryptoerr.h3
-rw-r--r--crypto/openssl/include/openssl/ec.h13
-rw-r--r--crypto/openssl/include/openssl/ocsp.h3
-rw-r--r--crypto/openssl/include/openssl/opensslv.h4
-rw-r--r--crypto/openssl/include/openssl/rand_drbg.h24
-rw-r--r--crypto/openssl/include/openssl/randerr.h1
-rw-r--r--crypto/openssl/include/openssl/rsa.h6
-rw-r--r--crypto/openssl/include/openssl/ssl.h18
-rw-r--r--crypto/openssl/include/openssl/symhacks.h17
-rw-r--r--crypto/openssl/include/openssl/tls1.h1
-rw-r--r--crypto/openssl/ssl/d1_lib.c93
-rw-r--r--crypto/openssl/ssl/record/rec_layer_d1.c5
-rw-r--r--crypto/openssl/ssl/record/record.h6
-rw-r--r--crypto/openssl/ssl/record/record_locl.h2
-rw-r--r--crypto/openssl/ssl/record/ssl3_record.c25
-rw-r--r--crypto/openssl/ssl/s3_cbc.c7
-rw-r--r--crypto/openssl/ssl/s3_enc.c8
-rw-r--r--crypto/openssl/ssl/s3_lib.c24
-rw-r--r--crypto/openssl/ssl/ssl_cert.c17
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c2
-rw-r--r--crypto/openssl/ssl/ssl_lib.c62
-rw-r--r--crypto/openssl/ssl/ssl_locl.h22
-rw-r--r--crypto/openssl/ssl/statem/extensions.c12
-rw-r--r--crypto/openssl/ssl/statem/extensions_clnt.c13
-rw-r--r--crypto/openssl/ssl/statem/statem.c5
-rw-r--r--crypto/openssl/ssl/statem/statem_clnt.c12
-rw-r--r--crypto/openssl/ssl/statem/statem_lib.c59
-rw-r--r--crypto/openssl/ssl/statem/statem_locl.h3
-rw-r--r--crypto/openssl/ssl/statem/statem_srvr.c44
-rw-r--r--crypto/openssl/ssl/t1_lib.c45
-rw-r--r--crypto/openssl/ssl/tls13_enc.c16
-rw-r--r--secure/lib/libcrypto/Makefile6
-rw-r--r--secure/lib/libcrypto/Makefile.inc4
-rw-r--r--secure/lib/libcrypto/Makefile.man80
-rw-r--r--secure/lib/libcrypto/man/ADMISSIONS.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_ITEM_lookup.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_TIME_set.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_TYPE_get.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.32
-rw-r--r--secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/ASYNC_start_job.32
-rw-r--r--secure/lib/libcrypto/man/BF_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/BIO_ADDR.32
-rw-r--r--secure/lib/libcrypto/man/BIO_ADDRINFO.32
-rw-r--r--secure/lib/libcrypto/man/BIO_connect.32
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.32
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.32
-rw-r--r--secure/lib/libcrypto/man/BIO_get_data.32
-rw-r--r--secure/lib/libcrypto/man/BIO_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/BIO_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/BIO_new.32
-rw-r--r--secure/lib/libcrypto/man/BIO_new_CMS.32
-rw-r--r--secure/lib/libcrypto/man/BIO_parse_hostserv.32
-rw-r--r--secure/lib/libcrypto/man/BIO_printf.32
-rw-r--r--secure/lib/libcrypto/man/BIO_push.32
-rw-r--r--secure/lib/libcrypto/man/BIO_read.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.32
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.32
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.32
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.32
-rw-r--r--secure/lib/libcrypto/man/BN_add.32
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.32
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.32
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.32
-rw-r--r--secure/lib/libcrypto/man/BN_copy.32
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.32
-rw-r--r--secure/lib/libcrypto/man/BN_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.32
-rw-r--r--secure/lib/libcrypto/man/BN_rand.32
-rw-r--r--secure/lib/libcrypto/man/BN_security_bits.32
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.32
-rw-r--r--secure/lib/libcrypto/man/BN_swap.32
-rw-r--r--secure/lib/libcrypto/man/BN_zero.32
-rw-r--r--secure/lib/libcrypto/man/BUF_MEM_new.32
-rw-r--r--secure/lib/libcrypto/man/CMS_add0_cert.32
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_recipient_cert.32
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_signer.32
-rw-r--r--secure/lib/libcrypto/man/CMS_compress.32
-rw-r--r--secure/lib/libcrypto/man/CMS_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_final.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_RecipientInfos.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_SignerInfos.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_type.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.32
-rw-r--r--secure/lib/libcrypto/man/CMS_sign.32
-rw-r--r--secure/lib/libcrypto/man/CMS_sign_receipt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_uncompress.32
-rw-r--r--secure/lib/libcrypto/man/CMS_verify.32
-rw-r--r--secure/lib/libcrypto/man/CMS_verify_receipt.32
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.32
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.32
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.32
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.32
-rw-r--r--secure/lib/libcrypto/man/CTLOG_STORE_new.32
-rw-r--r--secure/lib/libcrypto/man/CTLOG_new.32
-rw-r--r--secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/DEFINE_STACK_OF.32
-rw-r--r--secure/lib/libcrypto/man/DES_random_key.330
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.32
-rw-r--r--secure/lib/libcrypto/man/DH_get0_pqg.32
-rw-r--r--secure/lib/libcrypto/man/DH_get_1024_160.32
-rw-r--r--secure/lib/libcrypto/man/DH_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/DH_new.32
-rw-r--r--secure/lib/libcrypto/man/DH_new_by_nid.32
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.32
-rw-r--r--secure/lib/libcrypto/man/DH_size.32
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.32
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.32
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.32
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.32
-rw-r--r--secure/lib/libcrypto/man/DSA_get0_pqg.32
-rw-r--r--secure/lib/libcrypto/man/DSA_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/DSA_new.32
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.32
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.32
-rw-r--r--secure/lib/libcrypto/man/DSA_size.32
-rw-r--r--secure/lib/libcrypto/man/DTLS_get_data_mtu.32
-rw-r--r--secure/lib/libcrypto/man/DTLS_set_timer_cb.32
-rw-r--r--secure/lib/libcrypto/man/DTLSv1_listen.32
-rw-r--r--secure/lib/libcrypto/man/ECDSA_SIG_new.32
-rw-r--r--secure/lib/libcrypto/man/ECPKParameters_print.32
-rw-r--r--secure/lib/libcrypto/man/EC_GFp_simple_method.32
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_copy.32
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_new.32
-rw-r--r--secure/lib/libcrypto/man/EC_KEY_get_enc_flags.32
-rw-r--r--secure/lib/libcrypto/man/EC_KEY_new.32
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_add.32
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_new.32
-rw-r--r--secure/lib/libcrypto/man/ENGINE_add.32
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.32
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.32
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.32
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.32
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.32
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.32
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.32
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.32
-rw-r--r--secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.32
-rw-r--r--secure/lib/libcrypto/man/EVP_CIPHER_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.39
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestSignInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestVerifyInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_EncodeInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_MD_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3248
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_cmp.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_derive.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_keygen.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_print_private.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.333
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_sign.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify_recover.32
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_aes.310
-rw-r--r--secure/lib/libcrypto/man/EVP_aria.310
-rw-r--r--secure/lib/libcrypto/man/EVP_bf_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_blake2b512.32
-rw-r--r--secure/lib/libcrypto/man/EVP_camellia.310
-rw-r--r--secure/lib/libcrypto/man/EVP_cast5_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_chacha20.32
-rw-r--r--secure/lib/libcrypto/man/EVP_des.328
-rw-r--r--secure/lib/libcrypto/man/EVP_desx_cbc.32
-rw-r--r--secure/lib/libcrypto/man/EVP_idea_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_md2.32
-rw-r--r--secure/lib/libcrypto/man/EVP_md4.32
-rw-r--r--secure/lib/libcrypto/man/EVP_md5.35
-rw-r--r--secure/lib/libcrypto/man/EVP_mdc2.32
-rw-r--r--secure/lib/libcrypto/man/EVP_rc2_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_rc4.32
-rw-r--r--secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_ripemd160.32
-rw-r--r--secure/lib/libcrypto/man/EVP_seed_cbc.311
-rw-r--r--secure/lib/libcrypto/man/EVP_sha1.32
-rw-r--r--secure/lib/libcrypto/man/EVP_sha224.32
-rw-r--r--secure/lib/libcrypto/man/EVP_sha3_224.32
-rw-r--r--secure/lib/libcrypto/man/EVP_sm3.32
-rw-r--r--secure/lib/libcrypto/man/EVP_sm4_cbc.39
-rw-r--r--secure/lib/libcrypto/man/EVP_whirlpool.32
-rw-r--r--secure/lib/libcrypto/man/HMAC.32
-rw-r--r--secure/lib/libcrypto/man/MD5.32
-rw-r--r--secure/lib/libcrypto/man/MDC2_Init.32
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_REQUEST_new.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_cert_to_id.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_request_add1_nonce.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_resp_find_status.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_response_status.32
-rw-r--r--secure/lib/libcrypto/man/OCSP_sendreq_new.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_LH_stats.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.311
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_fork_prepare.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_init_crypto.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_init_ssl.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_instrument_bus.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_malloc.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_secure_malloc.32
-rw-r--r--secure/lib/libcrypto/man/OSSL_STORE_INFO.32
-rw-r--r--secure/lib/libcrypto/man/OSSL_STORE_LOADER.32
-rw-r--r--secure/lib/libcrypto/man/OSSL_STORE_SEARCH.32
-rw-r--r--secure/lib/libcrypto/man/OSSL_STORE_expect.32
-rw-r--r--secure/lib/libcrypto/man/OSSL_STORE_open.32
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.32
-rw-r--r--secure/lib/libcrypto/man/PEM_bytes_read_bio.32
-rw-r--r--secure/lib/libcrypto/man/PEM_read.32
-rw-r--r--secure/lib/libcrypto/man/PEM_read_CMS.32
-rw-r--r--secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.32
-rw-r--r--secure/lib/libcrypto/man/PEM_read_bio_ex.32
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.32
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.32
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.32
-rw-r--r--secure/lib/libcrypto/man/PKCS12_newpass.32
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.32
-rw-r--r--secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign_add_signer.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_generate.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_get0_master.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_new.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_reseed.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.32
-rw-r--r--secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.32
-rw-r--r--secure/lib/libcrypto/man/RAND_add.32
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.32
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.32
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.32
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.32
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.32
-rw-r--r--secure/lib/libcrypto/man/RC4_set_key.32
-rw-r--r--secure/lib/libcrypto/man/RIPEMD160_Init.32
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.32
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.32
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/RSA_get0_key.32
-rw-r--r--secure/lib/libcrypto/man/RSA_meth_new.36
-rw-r--r--secure/lib/libcrypto/man/RSA_new.32
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.32
-rw-r--r--secure/lib/libcrypto/man/RSA_print.32
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.32
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.32
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.32
-rw-r--r--secure/lib/libcrypto/man/RSA_size.32
-rw-r--r--secure/lib/libcrypto/man/SCT_new.32
-rw-r--r--secure/lib/libcrypto/man/SCT_print.32
-rw-r--r--secure/lib/libcrypto/man/SCT_validate.32
-rw-r--r--secure/lib/libcrypto/man/SHA256_Init.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_CMS.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_CMS.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CIPHER_get_name.32
-rw-r--r--secure/lib/libcrypto/man/SSL_COMP_add_compression_method.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_cmd.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CONF_cmd_argv.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add_session.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_config.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_ctrl.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_dane_enable.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_flush_sessions.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_free.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_get0_param.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_number.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sessions.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3136
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set1_curves.37
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cert_store.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3222
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ex_data.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_info_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_mode.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_options.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.38
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_security_level.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_timeout.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_verify.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_use_certificate.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.32
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_free.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get0_peer.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_time.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_has_ticket.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_is_resumable.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_print.32
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_set1_id.32
-rw-r--r--secure/lib/libcrypto/man/SSL_accept.32
-rw-r--r--secure/lib/libcrypto/man/SSL_alert_type_string.32
-rw-r--r--secure/lib/libcrypto/man/SSL_alloc_buffers.32
-rw-r--r--secure/lib/libcrypto/man/SSL_check_chain.32
-rw-r--r--secure/lib/libcrypto/man/SSL_clear.32
-rw-r--r--secure/lib/libcrypto/man/SSL_connect.32
-rw-r--r--secure/lib/libcrypto/man/SSL_do_handshake.32
-rw-r--r--secure/lib/libcrypto/man/SSL_export_keying_material.32
-rw-r--r--secure/lib/libcrypto/man/SSL_extension_supported.32
-rw-r--r--secure/lib/libcrypto/man/SSL_free.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get0_peer_scts.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_SSL_CTX.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_all_async_fds.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_ciphers.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_client_CA_list.3184
-rw-r--r--secure/lib/libcrypto/man/SSL_get_client_random.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_current_cipher.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_default_timeout.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_error.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_extms_support.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_fd.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_cert_chain.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_certificate.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_signature_nid.311
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 (renamed from secure/lib/libcrypto/man/SSL_get_server_tmp_key.3)26
-rw-r--r--secure/lib/libcrypto/man/SSL_get_psk_identity.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_rbio.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_session.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_shared_sigalgs.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_verify_result.32
-rw-r--r--secure/lib/libcrypto/man/SSL_get_version.32
-rw-r--r--secure/lib/libcrypto/man/SSL_in_init.32
-rw-r--r--secure/lib/libcrypto/man/SSL_key_update.32
-rw-r--r--secure/lib/libcrypto/man/SSL_library_init.32
-rw-r--r--secure/lib/libcrypto/man/SSL_load_client_CA_file.32
-rw-r--r--secure/lib/libcrypto/man/SSL_new.32
-rw-r--r--secure/lib/libcrypto/man/SSL_pending.32
-rw-r--r--secure/lib/libcrypto/man/SSL_read.32
-rw-r--r--secure/lib/libcrypto/man/SSL_read_early_data.32
-rw-r--r--secure/lib/libcrypto/man/SSL_rstate_string.32
-rw-r--r--secure/lib/libcrypto/man/SSL_session_reused.32
-rw-r--r--secure/lib/libcrypto/man/SSL_set1_host.32
-rw-r--r--secure/lib/libcrypto/man/SSL_set_bio.36
-rw-r--r--secure/lib/libcrypto/man/SSL_set_connect_state.32
-rw-r--r--secure/lib/libcrypto/man/SSL_set_fd.32
-rw-r--r--secure/lib/libcrypto/man/SSL_set_session.32
-rw-r--r--secure/lib/libcrypto/man/SSL_set_shutdown.312
-rw-r--r--secure/lib/libcrypto/man/SSL_set_verify_result.32
-rw-r--r--secure/lib/libcrypto/man/SSL_shutdown.380
-rw-r--r--secure/lib/libcrypto/man/SSL_state_string.32
-rw-r--r--secure/lib/libcrypto/man/SSL_want.32
-rw-r--r--secure/lib/libcrypto/man/SSL_write.32
-rw-r--r--secure/lib/libcrypto/man/UI_STRING.32
-rw-r--r--secure/lib/libcrypto/man/UI_UTIL_read_pw.32
-rw-r--r--secure/lib/libcrypto/man/UI_create_method.32
-rw-r--r--secure/lib/libcrypto/man/UI_new.32
-rw-r--r--secure/lib/libcrypto/man/X509V3_get_d2i.32
-rw-r--r--secure/lib/libcrypto/man/X509_ALGOR_dup.32
-rw-r--r--secure/lib/libcrypto/man/X509_CRL_get0_by_serial.32
-rw-r--r--secure/lib/libcrypto/man/X509_EXTENSION_set_object.32
-rw-r--r--secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.32
-rw-r--r--secure/lib/libcrypto/man/X509_LOOKUP_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get0_der.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.32
-rw-r--r--secure/lib/libcrypto/man/X509_PUBKEY_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_SIG_get0.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_error.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_add_cert.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_get0_param.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.32
-rw-r--r--secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.32
-rw-r--r--secure/lib/libcrypto/man/X509_check_ca.32
-rw-r--r--secure/lib/libcrypto/man/X509_check_host.32
-rw-r--r--secure/lib/libcrypto/man/X509_check_issued.32
-rw-r--r--secure/lib/libcrypto/man/X509_check_private_key.32
-rw-r--r--secure/lib/libcrypto/man/X509_cmp_time.32
-rw-r--r--secure/lib/libcrypto/man/X509_digest.32
-rw-r--r--secure/lib/libcrypto/man/X509_dup.32
-rw-r--r--secure/lib/libcrypto/man/X509_get0_notBefore.32
-rw-r--r--secure/lib/libcrypto/man/X509_get0_signature.32
-rw-r--r--secure/lib/libcrypto/man/X509_get0_uids.32
-rw-r--r--secure/lib/libcrypto/man/X509_get_extension_flags.32
-rw-r--r--secure/lib/libcrypto/man/X509_get_pubkey.32
-rw-r--r--secure/lib/libcrypto/man/X509_get_serialNumber.32
-rw-r--r--secure/lib/libcrypto/man/X509_get_subject_name.32
-rw-r--r--secure/lib/libcrypto/man/X509_get_version.32
-rw-r--r--secure/lib/libcrypto/man/X509_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_sign.32
-rw-r--r--secure/lib/libcrypto/man/X509_verify_cert.32
-rw-r--r--secure/lib/libcrypto/man/X509v3_get_ext_by_NID.32
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.32
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.32
-rw-r--r--secure/lib/libcrypto/man/d2i_PrivateKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_SSL_SESSION.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.32
-rw-r--r--secure/lib/libcrypto/man/i2d_CMS_bio_stream.32
-rw-r--r--secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.32
-rw-r--r--secure/lib/libcrypto/man/i2d_re_X509_tbs.32
-rw-r--r--secure/lib/libcrypto/man/o2i_SCT_LIST.32
-rw-r--r--secure/lib/libssl/Version.map7
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.12
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.12
-rw-r--r--secure/usr.bin/openssl/man/ca.18
-rw-r--r--secure/usr.bin/openssl/man/ciphers.12
-rw-r--r--secure/usr.bin/openssl/man/cms.12
-rw-r--r--secure/usr.bin/openssl/man/crl.12
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.12
-rw-r--r--secure/usr.bin/openssl/man/dgst.12
-rw-r--r--secure/usr.bin/openssl/man/dhparam.12
-rw-r--r--secure/usr.bin/openssl/man/dsa.12
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.12
-rw-r--r--secure/usr.bin/openssl/man/ec.12
-rw-r--r--secure/usr.bin/openssl/man/ecparam.12
-rw-r--r--secure/usr.bin/openssl/man/enc.156
-rw-r--r--secure/usr.bin/openssl/man/engine.12
-rw-r--r--secure/usr.bin/openssl/man/errstr.12
-rw-r--r--secure/usr.bin/openssl/man/gendsa.12
-rw-r--r--secure/usr.bin/openssl/man/genpkey.12
-rw-r--r--secure/usr.bin/openssl/man/genrsa.12
-rw-r--r--secure/usr.bin/openssl/man/list.12
-rw-r--r--secure/usr.bin/openssl/man/nseq.12
-rw-r--r--secure/usr.bin/openssl/man/ocsp.12
-rw-r--r--secure/usr.bin/openssl/man/openssl.146
-rw-r--r--secure/usr.bin/openssl/man/passwd.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.12
-rw-r--r--secure/usr.bin/openssl/man/pkey.12
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.12
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.12
-rw-r--r--secure/usr.bin/openssl/man/prime.12
-rw-r--r--secure/usr.bin/openssl/man/rand.12
-rw-r--r--secure/usr.bin/openssl/man/req.18
-rw-r--r--secure/usr.bin/openssl/man/rsa.131
-rw-r--r--secure/usr.bin/openssl/man/rsautl.12
-rw-r--r--secure/usr.bin/openssl/man/s_client.12
-rw-r--r--secure/usr.bin/openssl/man/s_server.116
-rw-r--r--secure/usr.bin/openssl/man/s_time.12
-rw-r--r--secure/usr.bin/openssl/man/sess_id.12
-rw-r--r--secure/usr.bin/openssl/man/smime.12
-rw-r--r--secure/usr.bin/openssl/man/speed.12
-rw-r--r--secure/usr.bin/openssl/man/spkac.12
-rw-r--r--secure/usr.bin/openssl/man/srp.12
-rw-r--r--secure/usr.bin/openssl/man/storeutl.19
-rw-r--r--secure/usr.bin/openssl/man/ts.12
-rw-r--r--secure/usr.bin/openssl/man/tsget.12
-rw-r--r--secure/usr.bin/openssl/man/verify.12
-rw-r--r--secure/usr.bin/openssl/man/version.12
-rw-r--r--secure/usr.bin/openssl/man/x509.117
662 files changed, 3303 insertions, 2204 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 0d66a556b7b6..4b68f4832909 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,42 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+ *) Timing vulnerability in DSA signature generation
+
+ The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+ (CVE-2018-0734)
+ [Paul Dale]
+
+ *) Timing vulnerability in ECDSA signature generation
+
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+ (CVE-2018-0735)
+ [Paul Dale]
+
+ *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+ the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+ are retained for backwards compatibility.
+ [Antoine Salon]
+
+ *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+ if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+ of two gigabytes and the error handling improved.
+
+ This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+ categorized as a normal bug, not a security issue, because the DRBG reseeds
+ automatically and is fully functional even without additional randomness
+ provided by the application.
+
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
*) Add a new ClientHello callback. Provides a callback interface that gives
@@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]
-
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 3baa8ce016f8..d5dc36c285ba 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) {
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
-You have selected the --with-rand-seed=none option, which effectively disables
-automatic reseeding of the OpenSSL random generator. All operations depending
-on the random generator such as creating keys will not work unless the random
-generator is seeded manually by the application.
-Please read the 'Note on random number generation' section in the INSTALL
-instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+You have selected the --with-rand-seed=none option, which effectively
+disables automatic reseeding of the OpenSSL random generator.
+All operations depending on the random generator such as creating keys
+will not work unless the random generator is seeded manually by the
+application.
+
+Please read the 'Note on random number generation' section in the
+INSTALL instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+
_____
}
push @{$config{openssl_other_defines}},
@@ -2174,6 +2179,16 @@ EOF
# Massage the result
+ # If the user configured no-shared, we allow no shared sources
+ if ($disabled{shared}) {
+ foreach (keys %{$unified_info{shared_sources}}) {
+ foreach (keys %{$unified_info{shared_sources}->{$_}}) {
+ delete $unified_info{sources}->{$_};
+ }
+ }
+ $unified_info{shared_sources} = {};
+ }
+
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
@@ -2198,8 +2213,8 @@ EOF
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
- (keys %{$unified_info{sources}->{$dest}},
- keys %{$unified_info{shared_sources}->{$dest}})) {
+ (keys %{$unified_info{sources}->{$dest} // {}},
+ keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@@ -2238,6 +2253,42 @@ EOF
[ @{$unified_info{includes}->{$dest}->{source}} ];
}
}
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable. Then, add build rules for those
+ # directories
+ my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
+ "dso" => [ @{$unified_info{engines}} ],
+ "bin" => [ @{$unified_info{programs}} ],
+ "script" => [ @{$unified_info{scripts}} ] );
+ foreach my $type (keys %loopinfo) {
+ foreach my $product (@{$loopinfo{$type}}) {
+ my %dirs = ();
+ my $pd = dirname($product);
+
+ foreach (@{$unified_info{sources}->{$product} // []},
+ @{$unified_info{shared_sources}->{$product} // []}) {
+ my $d = dirname($_);
+
+ # We don't want to create targets for source directories
+ # when building out of source
+ next if ($config{sourcedir} ne $config{builddir}
+ && $d =~ m|^\Q$config{sourcedir}\E|);
+ # We already have a "test" target, and the current directory
+ # is just silly to make a target for
+ next if $d eq "test" || $d eq ".";
+
+ $dirs{$d} = 1;
+ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+ if $d ne $pd;
+ }
+ foreach (keys %dirs) {
+ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+ $product;
+ }
+ }
+ }
}
# For the schemes that need it, we provide the old *_obj configs
@@ -2712,10 +2763,16 @@ print <<"EOF";
**********************************************************************
*** ***
-*** If you want to report a building issue, please include the ***
-*** output from this command: ***
+*** OpenSSL has been successfully configured ***
+*** ***
+*** If you encounter a problem while building, please open an ***
+*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
+*** and include the output from the following command: ***
+*** ***
+*** perl configdata.pm --dump ***
*** ***
-*** perl configdata.pm --dump ***
+*** (If you are new to OpenSSL, you might want to consult the ***
+*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
EOF
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index ff0aa6d12792..4ce6651b6b34 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -614,8 +614,8 @@
Windows, and as a comma separated list of
libraries on VMS.
RANLIB The library archive indexer.
- RC The Windows resources manipulator.
- RCFLAGS Flags for the Windows reources manipulator.
+ RC The Windows resource compiler.
+ RCFLAGS Flags for the Windows resource compiler.
RM The command to remove files and directories.
These cannot be mixed with compiling / linking flags given
@@ -969,7 +969,7 @@
BUILDFILE
Use a different build file name than the platform default
- ("Makefile" on Unixly platforms, "makefile" on native Windows,
+ ("Makefile" on Unix-like platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template. See Configurations/README
for further information.
@@ -1171,7 +1171,7 @@
part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
the name.
- On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ On most POSIX platforms, shared libraries are named libcrypto.so.1.1
and libssl.so.1.1.
on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
@@ -1202,7 +1202,7 @@
The seeding method can be configured using the --with-rand-seed option,
which can be used to specify a comma separated list of seed methods.
However in most cases OpenSSL will choose a suitable default method,
- so it is not necessary to explicitely provide this option. Note also
+ so it is not necessary to explicitly provide this option. Note also
that not all methods are available on all platforms.
I) On operating systems which provide a suitable randomness source (in
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 45c183c9b291..b95e93027f83 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
diff --git a/crypto/openssl/README b/crypto/openssl/README
index e70acb3139b6..affb172e8ba8 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1 11 Sep 2018
+ OpenSSL 1.1.1a 20 Nov 2018
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 28caad41a7d8..2b0bbde03423 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section)
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
- return;
}
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 9be656054a45..653e3973e04d 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
opt_getprog(), typestr);
continue;
}
+ if (*valstr == '\0') {
+ BIO_printf(bio_err,
+ "%s: No value provided for Subject Attribute %s, skipped\n",
+ opt_getprog(), typestr);
+ continue;
+ }
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0))
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 5b98d27500ce..d9eb650eb211 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -369,7 +369,7 @@ typedef struct string_int_pair_st {
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
-# define OPT_FMT_NETSCAPE (1L << 6)
+/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
@@ -378,8 +378,8 @@ typedef struct string_int_pair_st {
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
- OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 48f7cd197387..69207c0662ed 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -605,7 +605,7 @@ end_of_options:
/*
* outdir is a directory spec, but access() for VMS demands a
* filename. We could use the DEC C routine to convert the
- * directory syntax to Unixly, and give that to app_isdir,
+ * directory syntax to Unix, and give that to app_isdir,
* but for now the fopen will catch the error if it's not a
* directory
*/
@@ -976,7 +976,7 @@ end_of_options:
BIO_printf(bio_err, "Write out database with %d new entries\n",
sk_X509_num(cert_sk));
- if (!rand_ser
+ if (serialfile != NULL
&& !save_serial(serialfile, "new", serial, NULL))
goto end;
@@ -1044,7 +1044,8 @@ end_of_options:
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
- if (!rotate_serial(serialfile, "new", "old"))
+ if (serialfile != NULL
+ && !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
@@ -1177,10 +1178,9 @@ end_of_options:
}
/* we have a CRL number that need updating */
- if (crlnumberfile != NULL)
- if (!rand_ser
- && !save_serial(crlnumberfile, "new", crlnumber, NULL))
- goto end;
+ if (crlnumberfile != NULL
+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto end;
BN_free(crlnumber);
crlnumber = NULL;
@@ -1195,9 +1195,10 @@ end_of_options:
PEM_write_bio_X509_CRL(Sout, crl);
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile, "new", "old"))
- goto end;
+ /* Rename the crlnumber file */
+ if (crlnumberfile != NULL
+ && !rotate_serial(crlnumberfile, "new", "old"))
+ goto end;
}
/*****************************************************************/
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index eb822c2696eb..7fd78624bbcc 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -950,6 +950,7 @@ static void spawn_loop(void)
sleep(30);
break;
case 0: /* child */
+ OPENSSL_free(kidpids);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
if (termsig)
@@ -976,6 +977,7 @@ static void spawn_loop(void)
}
/* The loop above can only break on termsig */
+ OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index a1520e496915..24538651ebb7 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -11,7 +11,6 @@
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@@ -58,7 +57,6 @@ crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
diff --git a/crypto/openssl/apps/opt.c b/crypto/openssl/apps/opt.c
index cc1418449e29..666856535d5e 100644
--- a/crypto/openssl/apps/opt.c
+++ b/crypto/openssl/apps/opt.c
@@ -168,7 +168,6 @@ static OPT_PAIR formats[] = {
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
- {"netscape", OPT_FMT_NETSCAPE},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
diff --git a/crypto/openssl/apps/rehash.c b/crypto/openssl/apps/rehash.c
index de7217cb1003..bb41d3129f9c 100644
--- a/crypto/openssl/apps/rehash.c
+++ b/crypto/openssl/apps/rehash.c
@@ -1,6 +1,6 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index 6458b3d9c5aa..fdd02dce3241 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -38,8 +38,8 @@ typedef enum OPTION_choice {
const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
- {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+ {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+ {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
{"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
@@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
+ if (pk == NULL)
+ goto end;
+
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index 46b386428461..2d4568f40ccb 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c
@@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
- if (!SSL_get_server_tmp_key(s, &key))
+
+ if (!SSL_get_peer_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key)) {
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index e3bb1a672d01..ac7dca607ba4 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
@@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[])
goto end;
}
#endif
+ if (early_data && (www > 0 || rev)) {
+ BIO_printf(bio_err,
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index a4879179e414..40e990408ab9 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (testnum++; testnum < EC_NUM; testnum++)
+ for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index d40960c0b93f..81291a9a4f90 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -67,10 +67,10 @@ typedef enum OPTION_choice {
const OPTIONS x509_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f',
- "Input format - default PEM (one of DER, NET or PEM)"},
+ "Input format - default PEM (one of DER or PEM)"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'f',
- "Output format - default PEM (one of DER, NET or PEM)"},
+ "Output format - default PEM (one of DER or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
diff --git a/crypto/openssl/crypto/LPdir_unix.c b/crypto/openssl/crypto/LPdir_unix.c
index 356089d7fd34..b1022895c855 100644
--- a/crypto/openssl/crypto/LPdir_unix.c
+++ b/crypto/openssl/crypto/LPdir_unix.c
@@ -51,7 +51,7 @@
#endif
/*
- * The POSIXly macro for the maximum number of characters in a file path is
+ * The POSIX macro for the maximum number of characters in a file path is
* NAME_MAX. However, some operating systems use PATH_MAX instead.
* Therefore, it seems natural to first check for PATH_MAX and use that, and
* if it doesn't exist, use NAME_MAX.
diff --git a/crypto/openssl/crypto/async/arch/async_posix.h b/crypto/openssl/crypto/async/arch/async_posix.h
index b07c2cb01beb..62449fe60e04 100644
--- a/crypto/openssl/crypto/async/arch/async_posix.h
+++ b/crypto/openssl/crypto/async/arch/async_posix.h
@@ -17,7 +17,8 @@
# include <unistd.h>
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include <pthread.h>
diff --git a/crypto/openssl/crypto/bio/b_sock2.c b/crypto/openssl/crypto/bio/b_sock2.c
index 823732d64e1a..5d82ab22dc30 100644
--- a/crypto/openssl/crypto/bio/b_sock2.c
+++ b/crypto/openssl/crypto/bio/b_sock2.c
@@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
*/
int BIO_bind(int sock, const BIO_ADDR *addr, int options)
{
+# ifndef OPENSSL_SYS_WINDOWS
int on = 1;
+# endif
if (sock == -1) {
BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c
index 95eef7d4bf5b..ca375b911ae8 100644
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
argi = (int)len;
}
- if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (*processed > INT_MAX)
return -1;
inret = *processed;
@@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
ret = b->callback(b, oper, argp, argi, argl, inret);
- if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
*processed = (size_t)ret;
ret = 1;
}
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c
index 4324f2412681..e9ab932ec295 100644
--- a/crypto/openssl/crypto/bio/bss_log.c
+++ b/crypto/openssl/crypto/bio/bss_log.c
@@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
# endif /* Unix */
+#else /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+ return NULL;
+}
#endif /* NO_SYSLOG */
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
index d38f33716477..31839ba060fa 100644
--- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -64,12 +64,6 @@
* machine.
*/
-# if defined(_WIN64) || !defined(__LP64__)
-# define BN_ULONG unsigned long long
-# else
-# define BN_ULONG unsigned long
-# endif
-
# undef mul
# undef mul_add
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index 2c92d7eac9d5..c026ffcb339c 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* is not only slower but also makes each bit vulnerable to
* EM (and likely other) side-channel attacks like One&Done
* (for details see "One&Done: A Single-Decryption EM-Based
- * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+ * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
* M. Prvulovic, in USENIX Security'18)
*/
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 266a3dd3046b..80f910c80779 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
b->neg ^= t;
/*-
- * Idea behind BN_FLG_STATIC_DATA is actually to
- * indicate that data may not be written to.
- * Intention is actually to treat it as it's
- * read-only data, and some (if not most) of it does
- * reside in read-only segment. In other words
- * observation of BN_FLG_STATIC_DATA in
- * BN_consttime_swap should be treated as fatal
- * condition. It would either cause SEGV or
- * effectively cause data corruption.
- * BN_FLG_MALLOCED refers to BN structure itself,
- * and hence must be preserved. Remaining flags are
- * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
- * preserved, because it determines how x->d was
- * allocated and hence how to free it. This leaves
- * BN_FLG_CONSTTIME that one can do something about.
- * To summarize it's sufficient to mask and swap
- * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
- * be treated as fatal.
+ * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+ * is actually to treat it as it's read-only data, and some (if not most)
+ * of it does reside in read-only segment. In other words observation of
+ * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+ * condition. It would either cause SEGV or effectively cause data
+ * corruption.
+ *
+ * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+ * preserved.
+ *
+ * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+ * allocated and hence how to free it.
+ *
+ * BN_FLG_CONSTTIME: sufficient to mask and swap
+ *
+ * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+ * the data, so the d array may be padded with additional 0 values (i.e.
+ * top could be greater than the minimal value that it could be). We should
+ * be swapping it
*/
- t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+ t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;
diff --git a/crypto/openssl/crypto/build.info b/crypto/openssl/crypto/build.info
index b515b7318efb..2c619c62e843 100644
--- a/crypto/openssl/crypto/build.info
+++ b/crypto/openssl/crypto/build.info
@@ -2,7 +2,7 @@ LIBS=../libcrypto
SOURCE[../libcrypto]=\
cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
- threads_pthread.c threads_win.c threads_none.c \
+ threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/crypto/openssl/crypto/conf/conf_api.c b/crypto/openssl/crypto/conf/conf_api.c
index 72fe2da1ad78..5e57d749ce5e 100644
--- a/crypto/openssl/crypto/conf/conf_api.c
+++ b/crypto/openssl/crypto/conf/conf_api.c
@@ -10,6 +10,7 @@
/* Part of the code in here was originally in conf.c, which is now removed */
#include "e_os.h"
+#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
if (v != NULL)
return v->value;
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return p;
}
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
else
return NULL;
} else
- return getenv(name);
+ return ossl_safe_getenv(name);
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c
index df53609cc47e..51f262e774dd 100644
--- a/crypto/openssl/crypto/conf/conf_mod.c
+++ b/crypto/openssl/crypto/conf/conf_mod.c
@@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void)
char *file, *sep = "";
int len;
- if (!OPENSSL_issetugid()) {
- file = getenv("OPENSSL_CONF");
- if (file)
- return OPENSSL_strdup(file);
- }
+ if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+ return OPENSSL_strdup(file);
len = strlen(X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
index b1e535a69596..1cd77c96d2f7 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
if (_OPENSSL_isservice.p == NULL) {
HANDLE mod = GetModuleHandle(NULL);
- FARPROC f;
+ FARPROC f = NULL;
if (mod != NULL)
f = GetProcAddress(mod, "_OPENSSL_isservice");
diff --git a/crypto/openssl/crypto/ct/ct_log.c b/crypto/openssl/crypto/ct/ct_log.c
index be6681dca74e..c1bca3e1415e 100644
--- a/crypto/openssl/crypto/ct/ct_log.c
+++ b/crypto/openssl/crypto/ct/ct_log.c
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *sec
int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
- const char *fpath = getenv(CTLOG_FILE_EVP);
+ const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
if (fpath == NULL)
fpath = CTLOG_FILE;
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c
index 46f4f01ee0e4..383d853b6d37 100644
--- a/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
if (mctx == NULL)
goto err;
+ /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+ if (L <= N) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
+
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index ac1f65a51a75..7a0b0874c54e 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -9,6 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx);
static DSA_METHOD openssl_dsa_meth = {
"OpenSSL DSA method",
@@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
{
BN_CTX *ctx = NULL;
BIGNUM *k, *kinv = NULL, *r = *rp;
- BIGNUM *l, *m;
+ BIGNUM *l;
int ret = 0;
- int q_bits;
+ int q_bits, q_words;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
k = BN_new();
l = BN_new();
- m = BN_new();
- if (k == NULL || l == NULL || m == NULL)
+ if (k == NULL || l == NULL)
goto err;
if (ctx_in == NULL) {
@@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
- if (!BN_set_bit(k, q_bits)
- || !BN_set_bit(l, q_bits)
- || !BN_set_bit(m, q_bits))
+ q_words = bn_get_top(dsa->q);
+ if (!bn_wexpand(k, q_words + 2)
+ || !bn_wexpand(l, q_words + 2))
goto err;
/* Get random k */
@@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} while (BN_is_zero(k));
BN_set_flags(k, BN_FLG_CONSTTIME);
+ BN_set_flags(l, BN_FLG_CONSTTIME);
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
@@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
- * TODO: revisit the BN_copy aiming for a memory access agnostic
- * conditional copy.
+ * There are some concerns about the efficacy of doing this. More
+ * specificly refer to the discussion starting with:
+ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+ * The fix is to rework BN so these gymnastics aren't required.
*/
if (!BN_add(l, k, dsa->q)
- || !BN_add(m, l, dsa->q)
- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+ || !BN_add(k, l, dsa->q))
goto err;
+ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
if ((dsa)->meth->bn_mod_exp != NULL) {
if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
dsa->method_mont_p))
@@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
goto err;
BN_clear_free(*kinvp);
@@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
BN_CTX_free(ctx);
BN_clear_free(k);
BN_clear_free(l);
- BN_clear_free(m);
return ret;
}
@@ -393,3 +398,31 @@ static int dsa_finish(DSA *dsa)
BN_MONT_CTX_free(dsa->method_mont_p);
return 1;
}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation. Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient. A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx)
+{
+ BIGNUM *res = NULL;
+ BIGNUM *r, *e;
+
+ if ((r = BN_new()) == NULL)
+ return NULL;
+
+ BN_CTX_start(ctx);
+ if ((e = BN_CTX_get(ctx)) != NULL
+ && BN_set_word(r, 2)
+ && BN_sub(e, q, r)
+ && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+ res = r;
+ else
+ BN_free(r);
+ BN_CTX_end(ctx);
+ return res;
+}
diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c
index 21302685d877..a3164b5b2ed9 100644
--- a/crypto/openssl/crypto/ec/ec_ameth.c
+++ b/crypto/openssl/crypto/ec/ec_ameth.c
@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
- if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+ if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
- kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+ kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 7e1b3650e76a..0e0a5e1394af 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
*/
cardinality_bits = BN_num_bits(cardinality);
group_top = bn_get_top(cardinality);
- if ((bn_wexpand(k, group_top + 1) == NULL)
- || (bn_wexpand(lambda, group_top + 1) == NULL)) {
+ if ((bn_wexpand(k, group_top + 2) == NULL)
+ || (bn_wexpand(lambda, group_top + 2) == NULL)) {
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
goto err;
}
@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
* k := scalar + 2*cardinality
*/
kbit = BN_is_bit_set(lambda, cardinality_bits);
- BN_consttime_swap(kbit, k, lambda, group_top + 1);
+ BN_consttime_swap(kbit, k, lambda, group_top + 2);
group_top = bn_get_top(group->field);
if ((bn_wexpand(s->X, group_top) == NULL)
diff --git a/crypto/openssl/crypto/ec/ec_pmeth.c b/crypto/openssl/crypto/ec/ec_pmeth.c
index 5bee031b9201..f4ad0749ef45 100644
--- a/crypto/openssl/crypto/ec/ec_pmeth.c
+++ b/crypto/openssl/crypto/ec/ec_pmeth.c
@@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
goto err;
/* Do KDF stuff */
- if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+ if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
goto err;
rv = 1;
@@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
- if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+ if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
return -2;
dctx->kdf_type = p1;
return 1;
diff --git a/crypto/openssl/crypto/ec/ecdh_kdf.c b/crypto/openssl/crypto/ec/ecdh_kdf.c
index d47486eb346d..d686f9d897df 100644
--- a/crypto/openssl/crypto/ec/ecdh_kdf.c
+++ b/crypto/openssl/crypto/ec/ecdh_kdf.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,12 +10,13 @@
#include <string.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
+#include "ec_lcl.h"
-/* Key derivation function from X9.62/SECG */
+/* Key derivation function from X9.63/SECG */
/* Way more than we will ever need */
#define ECDH_KDF_MAX (1 << 30)
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
@@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
EVP_MD_CTX_free(mctx);
return rv;
}
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md)
+{
+ return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
diff --git a/crypto/openssl/crypto/engine/eng_devcrypto.c b/crypto/openssl/crypto/engine/eng_devcrypto.c
index 9deaf5c6188c..4a0ba09a38be 100644
--- a/crypto/openssl/crypto/engine/eng_devcrypto.c
+++ b/crypto/openssl/crypto/engine/eng_devcrypto.c
@@ -28,6 +28,13 @@
# define CHECK_BSD_STYLE_MACROS
#endif
+/*
+ * ONE global file descriptor for all sessions. This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner... why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
/******************************************************************************
*
* Ciphers
@@ -39,7 +46,6 @@
*****/
struct cipher_ctx {
- int cfd;
struct session_op sess;
/* to pass from init to do_cipher */
@@ -69,7 +75,7 @@ static const struct cipher_data_st {
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
#ifndef OPENSSL_NO_RC4
- { NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
+ { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
{ NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
@@ -135,19 +141,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
- if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
- if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(cipher_ctx->cfd);
return 0;
}
@@ -186,7 +186,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
cryp.flags = COP_FLAG_WRITE_IV;
#endif
- if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
+ if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@@ -212,14 +212,10 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (close(cipher_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
- return 0;
- }
return 1;
}
@@ -233,14 +229,10 @@ static int known_cipher_nids[OSSL_NELEM(cipher_data)];
static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
-static void prepare_cipher_methods()
+static void prepare_cipher_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
@@ -255,7 +247,7 @@ static void prepare_cipher_methods()
sess.cipher = cipher_data[i].devcryptoid;
sess.keylen = cipher_data[i].keylen;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_cipher_methods[i] =
@@ -281,8 +273,6 @@ static void prepare_cipher_methods()
cipher_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_CIPHER *get_cipher_method(int nid)
@@ -308,7 +298,7 @@ static void destroy_cipher_method(int nid)
known_cipher_methods[i] = NULL;
}
-static void destroy_all_cipher_methods()
+static void destroy_all_cipher_methods(void)
{
size_t i;
@@ -329,11 +319,12 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
/*
* We only support digests if the cryptodev implementation supports multiple
- * data updates. Otherwise, we would be forced to maintain a cache, which is
- * perilous if there's a lot of data coming in (if someone wants to checksum
- * an OpenSSL tarball, for example).
+ * data updates and session copying. Otherwise, we would be forced to maintain
+ * a cache, which is perilous if there's a lot of data coming in (if someone
+ * wants to checksum an OpenSSL tarball, for example).
*/
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#define IMPLEMENT_DIGEST
/******************************************************************************
*
@@ -346,7 +337,6 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
*****/
struct digest_ctx {
- int cfd;
struct session_op sess;
int init;
};
@@ -413,19 +403,12 @@ static int digest_init(EVP_MD_CTX *ctx)
const struct digest_data_st *digest_d =
get_digest_data(EVP_MD_CTX_type(ctx));
- if (digest_ctx->init == 0
- && (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
digest_ctx->init = 1;
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
digest_ctx->sess.mac = digest_d->devcryptoid;
- if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(digest_ctx->cfd);
return 0;
}
@@ -444,7 +427,7 @@ static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
cryp.dst = NULL;
cryp.mac = res;
cryp.flags = flags;
- return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
+ return ioctl(cfd, CIOCCRYPT, &cryp);
}
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -472,7 +455,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@@ -480,16 +463,38 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
return 1;
}
-static int digest_cleanup(EVP_MD_CTX *ctx)
+static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
- struct digest_ctx *digest_ctx =
- (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+ struct digest_ctx *digest_from =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+ struct digest_ctx *digest_to =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+ struct cphash_op cphash;
+
+ if (digest_from == NULL)
+ return 1;
- if (close(digest_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
+ if (digest_from->init != 1) {
+ SYSerr(SYS_F_IOCTL, EINVAL);
return 0;
}
+ if (!digest_init(to)) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+
+ cphash.src_ses = digest_from->sess.ses;
+ cphash.dst_ses = digest_to->sess.ses;
+ if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+ return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
return 1;
}
@@ -502,14 +507,10 @@ static int known_digest_nids[OSSL_NELEM(digest_data)];
static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
-static void prepare_digest_methods()
+static void prepare_digest_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
@@ -522,7 +523,7 @@ static void prepare_digest_methods()
*/
sess.mac = digest_data[i].devcryptoid;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
@@ -532,6 +533,7 @@ static void prepare_digest_methods()
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
|| !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
|| !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+ || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
|| !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
|| !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
sizeof(struct digest_ctx))) {
@@ -541,8 +543,6 @@ static void prepare_digest_methods()
known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_MD *get_digest_method(int nid)
@@ -568,7 +568,7 @@ static void destroy_digest_method(int nid)
known_digest_methods[i] = NULL;
}
-static void destroy_all_digest_methods()
+static void destroy_all_digest_methods(void)
{
size_t i;
@@ -598,9 +598,12 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
static int devcrypto_unload(ENGINE *e)
{
destroy_all_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
destroy_all_digest_methods();
#endif
+
+ close(cfd);
+
return 1;
}
/*
@@ -611,23 +614,30 @@ void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
- if (access("/dev/crypto", R_OK | W_OK) < 0) {
- fprintf(stderr,
- "/dev/crypto not present, not enabling devcrypto engine\n");
+ if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
return;
}
prepare_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
prepare_digest_methods();
#endif
- if ((e = ENGINE_new()) == NULL)
+ if ((e = ENGINE_new()) == NULL
+ || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+ ENGINE_free(e);
+ /*
+ * We know that devcrypto_unload() won't be called when one of the
+ * above two calls have failed, so we close cfd explicitly here to
+ * avoid leaking resources.
+ */
+ close(cfd);
return;
+ }
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
- || !ENGINE_set_destroy_function(e, devcrypto_unload)
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
@@ -664,7 +674,7 @@ void engine_load_devcrypto_int()
# endif
#endif
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
|| !ENGINE_set_digests(e, devcrypto_digests)
#endif
) {
diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c
index 4bc7ea173cdc..45c339c54157 100644
--- a/crypto/openssl/crypto/engine/eng_list.c
+++ b/crypto/openssl/crypto/engine/eng_list.c
@@ -317,8 +317,7 @@ ENGINE *ENGINE_by_id(const char *id)
* Prevent infinite recursion if we're looking for the dynamic engine.
*/
if (strcmp(id, "dynamic")) {
- if (OPENSSL_issetugid()
- || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
load_dir = ENGINESDIR;
iterator = ENGINE_by_id("dynamic");
if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt
index 2c8572ba64ad..5003d8735a4d 100644
--- a/crypto/openssl/crypto/err/openssl.txt
+++ b/crypto/openssl/crypto/err/openssl.txt
@@ -1014,6 +1014,7 @@ RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy
RAND_F_RAND_POOL_ADD:103:rand_pool_add
RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
RAND_F_RAND_POOL_NEW:116:rand_pool_new
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c
index 0add393276bc..39eb4f379a99 100644
--- a/crypto/openssl/crypto/evp/e_aes.c
+++ b/crypto/openssl/crypto/evp/e_aes.c
@@ -2241,7 +2241,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->aes.ccm.len_set) {
/*-
- * In case message length was not previously set explicitely via
+ * In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/openssl/crypto/evp/e_rc2.c
index 80afe316d764..aa0d14018687 100644
--- a/crypto/openssl/crypto/evp/e_rc2.c
+++ b/crypto/openssl/crypto/evp/e_rc2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -92,7 +92,8 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
{
int i;
- EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+ if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
+ return 0;
if (i == 128)
return RC2_128_MAGIC;
else if (i == 64)
@@ -136,8 +137,9 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
return -1;
if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
return -1;
- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
- if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+ if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
+ NULL) <= 0
+ || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
return -1;
}
return i;
diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c
index 633cb8863d6d..7fbf895e0732 100644
--- a/crypto/openssl/crypto/evp/pmeth_lib.c
+++ b/crypto/openssl/crypto/evp/pmeth_lib.c
@@ -837,21 +837,21 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->check;
}
void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->public_check;
}
void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->param_check;
}
diff --git a/crypto/openssl/crypto/getenv.c b/crypto/openssl/crypto/getenv.c
new file mode 100644
index 000000000000..7e98b645b0d1
--- /dev/null
+++ b/crypto/openssl/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+# define SECURE_GETENV
+ return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+ if (OPENSSL_issetugid())
+ return NULL;
+ return getenv(name);
+#endif
+}
diff --git a/crypto/openssl/crypto/include/internal/ec_int.h b/crypto/openssl/crypto/include/internal/ec_int.h
index bb4b5129d001..182c39cc8056 100644
--- a/crypto/openssl/crypto/include/internal/ec_int.h
+++ b/crypto/openssl/crypto/include/internal/ec_int.h
@@ -41,5 +41,13 @@
__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
const BIGNUM *x, BN_CTX *ctx);
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md);
+
# endif /* OPENSSL_NO_EC */
#endif
diff --git a/crypto/openssl/crypto/include/internal/rand_int.h b/crypto/openssl/crypto/include/internal/rand_int.h
index d91ee4c9342c..888cab1b8f66 100644
--- a/crypto/openssl/crypto/include/internal/rand_int.h
+++ b/crypto/openssl/crypto/include/internal/rand_int.h
@@ -45,18 +45,21 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
-void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen);
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
/*
* RAND_POOL functions
*/
RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+ size_t entropy);
void rand_pool_free(RAND_POOL *pool);
const unsigned char *rand_pool_buffer(RAND_POOL *pool);
unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
size_t rand_pool_entropy(RAND_POOL *pool);
size_t rand_pool_length(RAND_POOL *pool);
diff --git a/crypto/openssl/crypto/kdf/hkdf.c b/crypto/openssl/crypto/kdf/hkdf.c
index ec6090ad6a7b..ae46fad609ac 100644
--- a/crypto/openssl/crypto/kdf/hkdf.c
+++ b/crypto/openssl/crypto/kdf/hkdf.c
@@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
return -2;
}
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+ HKDF_PKEY_CTX *kctx = ctx->data;
+
+ OPENSSL_clear_free(kctx->key, kctx->key_len);
+ OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+ OPENSSL_cleanse(kctx->info, kctx->info_len);
+ memset(kctx, 0, sizeof(*kctx));
+
+ return 1;
+}
+
static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
0, 0,
- 0,
+ pkey_hkdf_derive_init,
pkey_hkdf_derive,
pkey_hkdf_ctrl,
pkey_hkdf_ctrl_str
diff --git a/crypto/openssl/crypto/mem_sec.c b/crypto/openssl/crypto/mem_sec.c
index c4190bed3348..9e0f6702f406 100644
--- a/crypto/openssl/crypto/mem_sec.c
+++ b/crypto/openssl/crypto/mem_sec.c
@@ -20,12 +20,8 @@
#include <string.h>
-/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
-#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
- && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
- || defined(__sun) || defined(__hpux) || defined(__sgi) \
- || defined(__osf__) )
-# define IMPLEMENTED
+/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
+#ifdef OPENSSL_SECURE_MEMORY
# include <stdlib.h>
# include <assert.h>
# include <unistd.h>
@@ -51,7 +47,7 @@
# define MAP_ANON MAP_ANONYMOUS
#endif
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
static size_t secure_mem_used;
static int secure_mem_initialized;
@@ -71,7 +67,7 @@ static int sh_allocated(const char *ptr);
int CRYPTO_secure_malloc_init(size_t size, int minsize)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
int ret = 0;
if (!secure_mem_initialized) {
@@ -89,12 +85,12 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize)
return ret;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
int CRYPTO_secure_malloc_done(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
if (secure_mem_used == 0) {
sh_done();
secure_mem_initialized = 0;
@@ -102,22 +98,22 @@ int CRYPTO_secure_malloc_done(void)
sec_malloc_lock = NULL;
return 1;
}
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
return 0;
}
int CRYPTO_secure_malloc_initialized(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
return secure_mem_initialized;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
void *ret;
size_t actual_size;
@@ -132,12 +128,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
return ret;
#else
return CRYPTO_malloc(num, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
if (secure_mem_initialized)
/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
return CRYPTO_secure_malloc(num, file, line);
@@ -147,7 +143,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
if (ptr == NULL)
@@ -164,13 +160,13 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line)
CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void CRYPTO_secure_clear_free(void *ptr, size_t num,
const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
if (ptr == NULL)
@@ -191,12 +187,12 @@ void CRYPTO_secure_clear_free(void *ptr, size_t num,
return;
OPENSSL_cleanse(ptr, num);
CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
int CRYPTO_secure_allocated(const void *ptr)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
int ret;
if (!secure_mem_initialized)
@@ -207,21 +203,21 @@ int CRYPTO_secure_allocated(const void *ptr)
return ret;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
size_t CRYPTO_secure_used(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
return secure_mem_used;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
size_t CRYPTO_secure_actual_size(void *ptr)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
CRYPTO_THREAD_write_lock(sec_malloc_lock);
@@ -239,7 +235,7 @@ size_t CRYPTO_secure_actual_size(void *ptr)
/*
* SECURE HEAP IMPLEMENTATION
*/
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
/*
@@ -647,4 +643,4 @@ static size_t sh_actual_size(char *ptr)
OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
return sh.arena_size / (ONE << list);
}
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
diff --git a/crypto/openssl/crypto/o_fopen.c b/crypto/openssl/crypto/o_fopen.c
index f08f99b414f5..7d51ad725426 100644
--- a/crypto/openssl/crypto/o_fopen.c
+++ b/crypto/openssl/crypto/o_fopen.c
@@ -25,14 +25,12 @@
# endif
# endif
+#include "e_os.h"
#include "internal/cryptlib.h"
#if !defined(OPENSSL_NO_STDIO)
# include <stdio.h>
-# ifdef _WIN32
-# include <windows.h>
-# endif
# ifdef __DJGPP__
# include <unistd.h>
# endif
diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c
index 88d1d66324e3..0cbbed364a21 100644
--- a/crypto/openssl/crypto/pkcs12/p12_mutl.c
+++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c
@@ -7,13 +7,13 @@
* https://www.openssl.org/source/license.html
*/
-# include <stdio.h>
-# include "internal/cryptlib.h"
-# include <openssl/crypto.h>
-# include <openssl/hmac.h>
-# include <openssl/rand.h>
-# include <openssl/pkcs12.h>
-# include "p12_lcl.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
int PKCS12_mac_present(const PKCS12 *p12)
{
@@ -44,7 +44,7 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
}
}
-# define TK26_MAC_KEY_LEN 32
+#define TK26_MAC_KEY_LEN 32
static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
const unsigned char *salt, int saltlen,
@@ -112,7 +112,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if ((md_type_nid == NID_id_GostR3411_94
|| md_type_nid == NID_id_GostR3411_2012_256
|| md_type_nid == NID_id_GostR3411_2012_512)
- && !getenv("LEGACY_GOST_PKCS12")) {
+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
md_size = TK26_MAC_KEY_LEN;
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
diff --git a/crypto/openssl/crypto/poly1305/poly1305_ieee754.c b/crypto/openssl/crypto/poly1305/poly1305_ieee754.c
index 995a02e5c139..7cfd968645ff 100644
--- a/crypto/openssl/crypto/poly1305/poly1305_ieee754.c
+++ b/crypto/openssl/crypto/poly1305/poly1305_ieee754.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-20018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/crypto/rand/drbg_ctr.c b/crypto/openssl/crypto/rand/drbg_ctr.c
index fe15164451e8..a243361b56e4 100644
--- a/crypto/openssl/crypto/rand/drbg_ctr.c
+++ b/crypto/openssl/crypto/rand/drbg_ctr.c
@@ -402,10 +402,10 @@ int drbg_ctr_init(RAND_DRBG *drbg)
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
/* df initialisation */
static const unsigned char df_key[32] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
if (ctr->ctx_df == NULL)
@@ -417,9 +417,9 @@ int drbg_ctr_init(RAND_DRBG *drbg)
return 0;
drbg->min_entropylen = ctr->keylen;
- drbg->max_entropylen = DRBG_MINMAX_FACTOR * drbg->min_entropylen;
+ drbg->max_entropylen = DRBG_MAX_LENGTH;
drbg->min_noncelen = drbg->min_entropylen / 2;
- drbg->max_noncelen = DRBG_MINMAX_FACTOR * drbg->min_noncelen;
+ drbg->max_noncelen = DRBG_MAX_LENGTH;
drbg->max_perslen = DRBG_MAX_LENGTH;
drbg->max_adinlen = DRBG_MAX_LENGTH;
} else {
diff --git a/crypto/openssl/crypto/rand/drbg_lib.c b/crypto/openssl/crypto/rand/drbg_lib.c
index 729b49c94372..a13282181d6d 100644
--- a/crypto/openssl/crypto/rand/drbg_lib.c
+++ b/crypto/openssl/crypto/rand/drbg_lib.c
@@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL;
static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+ RAND_DRBG_FLAG_CTR_NO_DF;
+
static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
static RAND_DRBG *rand_drbg_new(int secure,
@@ -105,16 +109,27 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
flags = rand_drbg_flags;
}
+ /* If set is called multiple times - clear the old one */
+ if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) {
+ drbg->meth->uninstantiate(drbg);
+ rand_pool_free(drbg->adin_pool);
+ drbg->adin_pool = NULL;
+ }
+
drbg->state = DRBG_UNINITIALISED;
drbg->flags = flags;
drbg->type = type;
switch (type) {
default:
+ drbg->type = 0;
+ drbg->flags = 0;
+ drbg->meth = NULL;
RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
return 0;
case 0:
/* Uninitialized; that's okay. */
+ drbg->meth = NULL;
return 1;
case NID_aes_128_ctr:
case NID_aes_192_ctr:
@@ -123,8 +138,10 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
break;
}
- if (ret == 0)
+ if (ret == 0) {
+ drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+ }
return ret;
}
@@ -147,7 +164,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
break;
}
- if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+ if ((flags & ~rand_drbg_used_flags) != 0) {
RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
return 0;
}
@@ -224,11 +241,8 @@ static RAND_DRBG *rand_drbg_new(int secure,
return drbg;
-err:
- if (drbg->secure)
- OPENSSL_secure_free(drbg);
- else
- OPENSSL_free(drbg);
+ err:
+ RAND_DRBG_free(drbg);
return NULL;
}
@@ -253,6 +267,7 @@ void RAND_DRBG_free(RAND_DRBG *drbg)
if (drbg->meth != NULL)
drbg->meth->uninstantiate(drbg);
+ rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
@@ -312,11 +327,18 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
max_entropylen += drbg->max_noncelen;
}
+ drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (drbg->reseed_next_counter) {
+ drbg->reseed_next_counter++;
+ if(!drbg->reseed_next_counter)
+ drbg->reseed_next_counter = 1;
+ }
+
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
min_entropylen, max_entropylen, 0);
if (entropylen < min_entropylen
- || entropylen > max_entropylen) {
+ || entropylen > max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
goto end;
}
@@ -337,29 +359,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
}
drbg->state = DRBG_READY;
- drbg->generate_counter = 0;
+ drbg->reseed_gen_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->reseed_counter > 0) {
- if (drbg->parent == NULL)
- drbg->reseed_counter++;
- else
- drbg->reseed_counter = drbg->parent->reseed_counter;
- }
+ tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
-end:
+ end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
drbg->cleanup_entropy(drbg, entropy, entropylen);
- if (nonce != NULL && drbg->cleanup_nonce!= NULL )
+ if (nonce != NULL && drbg->cleanup_nonce != NULL)
drbg->cleanup_nonce(drbg, nonce, noncelen);
- if (drbg->pool != NULL) {
- if (drbg->state == DRBG_READY) {
- RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
- RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
- drbg->state = DRBG_ERROR;
- }
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
- }
if (drbg->state == DRBG_READY)
return 1;
return 0;
@@ -375,6 +383,7 @@ end:
int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
{
if (drbg->meth == NULL) {
+ drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
return 0;
@@ -419,13 +428,21 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
}
drbg->state = DRBG_ERROR;
+
+ drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (drbg->reseed_next_counter) {
+ drbg->reseed_next_counter++;
+ if(!drbg->reseed_next_counter)
+ drbg->reseed_next_counter = 1;
+ }
+
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen,
drbg->max_entropylen,
prediction_resistance);
if (entropylen < drbg->min_entropylen
- || entropylen > drbg->max_entropylen) {
+ || entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
goto end;
}
@@ -434,16 +451,11 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
goto end;
drbg->state = DRBG_READY;
- drbg->generate_counter = 0;
+ drbg->reseed_gen_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->reseed_counter > 0) {
- if (drbg->parent == NULL)
- drbg->reseed_counter++;
- else
- drbg->reseed_counter = drbg->parent->reseed_counter;
- }
+ tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
-end:
+ end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
drbg->cleanup_entropy(drbg, entropy, entropylen);
if (drbg->state == DRBG_READY)
@@ -475,10 +487,12 @@ int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *adin = NULL;
size_t adinlen = 0;
- if (drbg->pool != NULL) {
+ if (drbg->seed_pool != NULL) {
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
+ drbg->state = DRBG_ERROR;
+ rand_pool_free(drbg->seed_pool);
+ drbg->seed_pool = NULL;
+ return 0;
}
if (buffer != NULL) {
@@ -486,24 +500,25 @@ int rand_drbg_restart(RAND_DRBG *drbg,
if (drbg->max_entropylen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
RAND_R_ENTROPY_INPUT_TOO_LONG);
+ drbg->state = DRBG_ERROR;
return 0;
}
if (entropy > 8 * len) {
RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+ drbg->state = DRBG_ERROR;
return 0;
}
/* will be picked up by the rand_drbg_get_entropy() callback */
- drbg->pool = rand_pool_new(entropy, len, len);
- if (drbg->pool == NULL)
+ drbg->seed_pool = rand_pool_attach(buffer, len, entropy);
+ if (drbg->seed_pool == NULL)
return 0;
-
- rand_pool_add(drbg->pool, buffer, len, entropy);
} else {
if (drbg->max_adinlen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+ drbg->state = DRBG_ERROR;
return 0;
}
adin = buffer;
@@ -543,14 +558,8 @@ int rand_drbg_restart(RAND_DRBG *drbg,
}
}
- /* check whether a given entropy pool was cleared properly during reseed */
- if (drbg->pool != NULL) {
- drbg->state = DRBG_ERROR;
- RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
- return 0;
- }
+ rand_pool_free(drbg->seed_pool);
+ drbg->seed_pool = NULL;
return drbg->state == DRBG_READY;
}
@@ -600,7 +609,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
}
if (drbg->reseed_interval > 0) {
- if (drbg->generate_counter >= drbg->reseed_interval)
+ if (drbg->reseed_gen_counter >= drbg->reseed_interval)
reseed_required = 1;
}
if (drbg->reseed_time_interval > 0) {
@@ -609,8 +618,11 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
|| now - drbg->reseed_time >= drbg->reseed_time_interval)
reseed_required = 1;
}
- if (drbg->reseed_counter > 0 && drbg->parent != NULL) {
- if (drbg->reseed_counter != drbg->parent->reseed_counter)
+ if (drbg->parent != NULL) {
+ unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (reseed_counter > 0
+ && tsan_load(&drbg->parent->reseed_prop_counter)
+ != reseed_counter)
reseed_required = 1;
}
@@ -629,7 +641,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
return 0;
}
- drbg->generate_counter++;
+ drbg->reseed_gen_counter++;
return 1;
}
@@ -647,9 +659,18 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
unsigned char *additional = NULL;
size_t additional_len;
size_t chunk;
- size_t ret;
+ size_t ret = 0;
+
+ if (drbg->adin_pool == NULL) {
+ if (drbg->type == 0)
+ goto err;
+ drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+ if (drbg->adin_pool == NULL)
+ goto err;
+ }
- additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen);
+ additional_len = rand_drbg_get_additional_data(drbg->adin_pool,
+ &additional);
for ( ; outlen > 0; outlen -= chunk, out += chunk) {
chunk = outlen;
@@ -661,9 +682,9 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
}
ret = 1;
-err:
- if (additional_len != 0)
- OPENSSL_secure_clear_free(additional, additional_len);
+ err:
+ if (additional != NULL)
+ rand_drbg_cleanup_additional_data(drbg->adin_pool, additional);
return ret;
}
@@ -682,7 +703,8 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
RAND_DRBG_get_nonce_fn get_nonce,
RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
{
- if (drbg->state != DRBG_UNINITIALISED)
+ if (drbg->state != DRBG_UNINITIALISED
+ || drbg->parent != NULL)
return 0;
drbg->get_entropy = get_entropy;
drbg->cleanup_entropy = cleanup_entropy;
@@ -859,7 +881,7 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
goto err;
/* enable seed propagation */
- drbg->reseed_counter = 1;
+ tsan_store(&drbg->reseed_prop_counter, 1);
/*
* Ignore instantiation error to support just-in-time instantiation.
@@ -948,11 +970,49 @@ static int drbg_bytes(unsigned char *out, int count)
return ret;
}
+/*
+ * Calculates the minimum length of a full entropy buffer
+ * which is necessary to seed (i.e. instantiate) the DRBG
+ * successfully.
+ */
+size_t rand_drbg_seedlen(RAND_DRBG *drbg)
+{
+ /*
+ * If no os entropy source is available then RAND_seed(buffer, bufsize)
+ * is expected to succeed if and only if the buffer length satisfies
+ * the following requirements, which follow from the calculations
+ * in RAND_DRBG_instantiate().
+ */
+ size_t min_entropy = drbg->strength;
+ size_t min_entropylen = drbg->min_entropylen;
+
+ /*
+ * Extra entropy for the random nonce in the absence of a
+ * get_nonce callback, see comment in RAND_DRBG_instantiate().
+ */
+ if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+ min_entropy += drbg->strength / 2;
+ min_entropylen += drbg->min_noncelen;
+ }
+
+ /*
+ * Convert entropy requirement from bits to bytes
+ * (dividing by 8 without rounding upwards, because
+ * all entropy requirements are divisible by 8).
+ */
+ min_entropy >>= 3;
+
+ /* Return a value that satisfies both requirements */
+ return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+}
+
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
int ret = 0;
RAND_DRBG *drbg = RAND_DRBG_get0_master();
+ size_t buflen;
+ size_t seedlen;
if (drbg == NULL)
return 0;
@@ -960,20 +1020,49 @@ static int drbg_add(const void *buf, int num, double randomness)
if (num < 0 || randomness < 0.0)
return 0;
- if (randomness > (double)drbg->max_entropylen) {
+ rand_drbg_lock(drbg);
+ seedlen = rand_drbg_seedlen(drbg);
+
+ buflen = (size_t)num;
+
+ if (buflen < seedlen || randomness < (double) seedlen) {
+#if defined(OPENSSL_RAND_SEED_NONE)
+ /*
+ * If no os entropy source is available, a reseeding will fail
+ * inevitably. So we use a trick to mix the buffer contents into
+ * the DRBG state without forcing a reseeding: we generate a
+ * dummy random byte, using the buffer content as additional data.
+ * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
+ */
+ unsigned char dummy[1];
+
+ ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+ rand_drbg_unlock(drbg);
+ return ret;
+#else
+ /*
+ * If an os entropy source is avaible then we declare the buffer content
+ * as additional data by setting randomness to zero and trigger a regular
+ * reseeding.
+ */
+ randomness = 0.0;
+#endif
+ }
+
+
+ if (randomness > (double)seedlen) {
/*
* The purpose of this check is to bound |randomness| by a
* relatively small value in order to prevent an integer
* overflow when multiplying by 8 in the rand_drbg_restart()
- * call below.
+ * call below. Note that randomness is measured in bytes,
+ * not bits, so this value corresponds to eight times the
+ * security strength.
*/
- return 0;
+ randomness = (double)seedlen;
}
- rand_drbg_lock(drbg);
- ret = rand_drbg_restart(drbg, buf,
- (size_t)(unsigned int)num,
- (size_t)(8*randomness));
+ ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
rand_drbg_unlock(drbg);
return ret;
diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/openssl/crypto/rand/rand_err.c
index 31480a682838..6a870455d50a 100644
--- a/crypto/openssl/crypto/rand/rand_err.c
+++ b/crypto/openssl/crypto/rand/rand_err.c
@@ -44,6 +44,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
"rand_pool_add_begin"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
"rand_pool_bytes_needed"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
diff --git a/crypto/openssl/crypto/rand/rand_lcl.h b/crypto/openssl/crypto/rand/rand_lcl.h
index 94ffc96f20e2..c3e9804dc07e 100644
--- a/crypto/openssl/crypto/rand/rand_lcl.h
+++ b/crypto/openssl/crypto/rand/rand_lcl.h
@@ -16,6 +16,9 @@
# include <openssl/hmac.h>
# include <openssl/ec.h>
# include <openssl/rand_drbg.h>
+# include "internal/tsan_assist.h"
+
+# include "internal/numbers.h"
/* How many times to read the TSC as a randomness source. */
# define TSC_READ_COUNT 4
@@ -32,18 +35,42 @@
-/* Max size of additional input and personalization string. */
-# define DRBG_MAX_LENGTH 4096
+/*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+ *
+ * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
+ *
+ * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
+ */
+# define DRBG_MAX_LENGTH INT32_MAX
+
+
/*
- * The quotient between max_{entropy,nonce}len and min_{entropy,nonce}len
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
*
- * The current factor is large enough that the RAND_POOL can store a
- * random input which has a lousy entropy rate of 0.0625 bits per byte.
- * This input will be sent through the derivation function which 'compresses'
- * the low quality input into a high quality output.
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR 256
+# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \
+ 3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ * = (RAND_POOL_FACTOR * \
+ * 1.5 * (RAND_DRBG_STRENGTH / 8))
*/
-# define DRBG_MINMAX_FACTOR 128
/* DRBG status values */
@@ -54,7 +81,7 @@ typedef enum drbg_status_e {
} DRBG_STATUS;
-/* intantiate */
+/* instantiate */
typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
const unsigned char *ent,
size_t entlen,
@@ -68,7 +95,7 @@ typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
size_t entlen,
const unsigned char *adin,
size_t adinlen);
-/* generat output */
+/* generate output */
typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
unsigned char *out,
size_t outlen,
@@ -122,10 +149,12 @@ struct rand_pool_st {
unsigned char *buffer; /* points to the beginning of the random pool */
size_t len; /* current number of random bytes contained in the pool */
+ int attached; /* true pool was attached to existing buffer */
+
size_t min_len; /* minimum number of random bytes requested */
size_t max_len; /* maximum number of random bytes (allocated buffer size) */
size_t entropy; /* current entropy count in bits */
- size_t requested_entropy; /* requested entropy count in bits */
+ size_t entropy_requested; /* requested entropy count in bits */
};
/*
@@ -139,7 +168,7 @@ struct rand_drbg_st {
int type; /* the nid of the underlying algorithm */
/*
* Stores the value of the rand_fork_count global as of when we last
- * reseeded. The DRG reseeds automatically whenever drbg->fork_count !=
+ * reseeded. The DRBG reseeds automatically whenever drbg->fork_count !=
* rand_fork_count. Used to provide fork-safety and reseed this DRBG in
* the child process.
*/
@@ -147,14 +176,19 @@ struct rand_drbg_st {
unsigned short flags; /* various external flags */
/*
- * The random pool is used by RAND_add()/drbg_add() to attach random
+ * The random_data is used by RAND_add()/drbg_add() to attach random
* data to the global drbg, such that the rand_drbg_get_entropy() callback
* can pull it during instantiation and reseeding. This is necessary to
* reconcile the different philosophies of the RAND and the RAND_DRBG
* with respect to how randomness is added to the RNG during reseeding
* (see PR #4328).
*/
- struct rand_pool_st *pool;
+ struct rand_pool_st *seed_pool;
+
+ /*
+ * Auxiliary pool for additional data.
+ */
+ struct rand_pool_st *adin_pool;
/*
* The following parameters are setup by the per-type "init" function.
@@ -180,7 +214,7 @@ struct rand_drbg_st {
size_t max_perslen, max_adinlen;
/* Counts the number of generate requests since the last reseed. */
- unsigned int generate_counter;
+ unsigned int reseed_gen_counter;
/*
* Maximum number of generate requests until a reseed is required.
* This value is ignored if it is zero.
@@ -203,7 +237,8 @@ struct rand_drbg_st {
* is added by RAND_add() or RAND_seed() will have an immediate effect on
* the output of RAND_bytes() resp. RAND_priv_bytes().
*/
- unsigned int reseed_counter;
+ TSAN_QUALIFIER unsigned int reseed_prop_counter;
+ unsigned int reseed_next_counter;
size_t seedlen;
DRBG_STATUS state;
@@ -245,7 +280,7 @@ extern int rand_fork_count;
/* DRBG helpers */
int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *buffer, size_t len, size_t entropy);
-
+size_t rand_drbg_seedlen(RAND_DRBG *drbg);
/* locking api */
int rand_drbg_lock(RAND_DRBG *drbg);
int rand_drbg_unlock(RAND_DRBG *drbg);
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c
index e9bc9522101c..d8639c4a03f3 100644
--- a/crypto/openssl/crypto/rand/rand_lib.c
+++ b/crypto/openssl/crypto/rand/rand_lib.c
@@ -31,7 +31,7 @@ int rand_fork_count;
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
-static int rand_cleaning_up = 0;
+static int rand_inited = 0;
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
@@ -146,17 +146,13 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
return 0;
}
- pool = rand_pool_new(entropy, min_len, max_len);
- if (pool == NULL)
- return 0;
-
- if (drbg->pool) {
- rand_pool_add(pool,
- rand_pool_buffer(drbg->pool),
- rand_pool_length(drbg->pool),
- rand_pool_entropy(drbg->pool));
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
+ if (drbg->seed_pool != NULL) {
+ pool = drbg->seed_pool;
+ pool->entropy_requested = entropy;
+ } else {
+ pool = rand_pool_new(entropy, min_len, max_len);
+ if (pool == NULL)
+ return 0;
}
if (drbg->parent) {
@@ -178,6 +174,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
prediction_resistance,
NULL, 0) != 0)
bytes = bytes_needed;
+ drbg->reseed_next_counter
+ = tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes);
@@ -206,7 +204,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
}
err:
- rand_pool_free(pool);
+ if (drbg->seed_pool == NULL)
+ rand_pool_free(pool);
return ret;
}
@@ -217,7 +216,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- OPENSSL_secure_clear_free(out, outlen);
+ if (drbg->seed_pool == NULL)
+ OPENSSL_secure_clear_free(out, outlen);
}
@@ -279,14 +279,9 @@ void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
* On success it allocates a buffer at |*pout| and returns the length of
* the data. The buffer should get freed using OPENSSL_secure_clear_free().
*/
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
{
size_t ret = 0;
- RAND_POOL *pool;
-
- pool = rand_pool_new(0, 0, max_len);
- if (pool == NULL)
- return 0;
if (rand_pool_add_additional_data(pool) == 0)
goto err;
@@ -295,14 +290,12 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
*pout = rand_pool_detach(pool);
err:
- rand_pool_free(pool);
-
return ret;
}
-void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen)
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
{
- OPENSSL_secure_clear_free(out, outlen);
+ rand_pool_reattach(pool, out);
}
void rand_fork(void)
@@ -326,13 +319,15 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
if (rand_nonce_lock == NULL)
goto err2;
- if (!rand_cleaning_up && !rand_pool_init())
+ if (!rand_pool_init())
goto err3;
+ rand_inited = 1;
return 1;
err3:
- rand_pool_cleanup();
+ CRYPTO_THREAD_lock_free(rand_nonce_lock);
+ rand_nonce_lock = NULL;
err2:
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
@@ -348,7 +343,8 @@ void rand_cleanup_int(void)
{
const RAND_METHOD *meth = default_RAND_meth;
- rand_cleaning_up = 1;
+ if (!rand_inited)
+ return;
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
@@ -362,6 +358,7 @@ void rand_cleanup_int(void)
rand_meth_lock = NULL;
CRYPTO_THREAD_lock_free(rand_nonce_lock);
rand_nonce_lock = NULL;
+ rand_inited = 0;
}
/*
@@ -370,7 +367,8 @@ void rand_cleanup_int(void)
*/
void RAND_keep_random_devices_open(int keep)
{
- rand_pool_keep_random_devices_open(keep);
+ if (RUN_ONCE(&rand_init, do_rand_init))
+ rand_pool_keep_random_devices_open(keep);
}
/*
@@ -405,7 +403,7 @@ int RAND_poll(void)
/* fill random pool and seed the current legacy RNG */
pool = rand_pool_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
- DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
+ RAND_POOL_MAX_LENGTH);
if (pool == NULL)
return 0;
@@ -430,17 +428,18 @@ err:
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
- goto err;
+ return NULL;
}
pool->min_len = min_len;
- pool->max_len = max_len;
+ pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
+ RAND_POOL_MAX_LENGTH : max_len;
pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
if (pool->buffer == NULL) {
@@ -448,7 +447,7 @@ RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
goto err;
}
- pool->requested_entropy = entropy;
+ pool->entropy_requested = entropy_requested;
return pool;
@@ -458,6 +457,38 @@ err:
}
/*
+ * Attach new random pool to the given buffer
+ *
+ * This function is intended to be used only for feeding random data
+ * provided by RAND_add() and RAND_seed() into the <master> DRBG.
+ */
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+ size_t entropy)
+{
+ RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+ if (pool == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ /*
+ * The const needs to be cast away, but attached buffers will not be
+ * modified (in contrary to allocated buffers which are zeroed and
+ * freed in the end).
+ */
+ pool->buffer = (unsigned char *) buffer;
+ pool->len = len;
+
+ pool->attached = 1;
+
+ pool->min_len = pool->max_len = pool->len;
+ pool->entropy = entropy;
+
+ return pool;
+}
+
+/*
* Free |pool|, securely erasing its buffer.
*/
void rand_pool_free(RAND_POOL *pool)
@@ -465,7 +496,14 @@ void rand_pool_free(RAND_POOL *pool)
if (pool == NULL)
return;
- OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ /*
+ * Although it would be advisable from a cryptographical viewpoint,
+ * we are not allowed to clear attached buffers, since they are passed
+ * to rand_pool_attach() as `const unsigned char*`.
+ * (see corresponding comment in rand_pool_attach()).
+ */
+ if (!pool->attached)
+ OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
OPENSSL_free(pool);
}
@@ -496,15 +534,27 @@ size_t rand_pool_length(RAND_POOL *pool)
/*
* Detach the |pool| buffer and return it to the caller.
* It's the responsibility of the caller to free the buffer
- * using OPENSSL_secure_clear_free().
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
*/
unsigned char *rand_pool_detach(RAND_POOL *pool)
{
unsigned char *ret = pool->buffer;
pool->buffer = NULL;
+ pool->entropy = 0;
return ret;
}
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+ pool->buffer = buffer;
+ OPENSSL_cleanse(pool->buffer, pool->len);
+ pool->len = 0;
+}
/*
* If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
@@ -524,7 +574,7 @@ unsigned char *rand_pool_detach(RAND_POOL *pool)
*/
size_t rand_pool_entropy_available(RAND_POOL *pool)
{
- if (pool->entropy < pool->requested_entropy)
+ if (pool->entropy < pool->entropy_requested)
return 0;
if (pool->len < pool->min_len)
@@ -540,8 +590,8 @@ size_t rand_pool_entropy_available(RAND_POOL *pool)
size_t rand_pool_entropy_needed(RAND_POOL *pool)
{
- if (pool->entropy < pool->requested_entropy)
- return pool->requested_entropy - pool->entropy;
+ if (pool->entropy < pool->entropy_requested)
+ return pool->entropy_requested - pool->entropy;
return 0;
}
@@ -601,6 +651,11 @@ int rand_pool_add(RAND_POOL *pool,
return 0;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (len > 0) {
memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len;
@@ -632,6 +687,11 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
return NULL;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
return pool->buffer + pool->len;
}
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c
index 9c62a04ebf89..9d8ffdd53796 100644
--- a/crypto/openssl/crypto/rand/rand_unix.c
+++ b/crypto/openssl/crypto/rand/rand_unix.c
@@ -77,6 +77,17 @@ static uint64_t get_timer_bits(void);
# endif
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
!defined(OPENSSL_RAND_SEED_NONE)
# error "UEFI and VXWorks only support seeding NONE"
@@ -86,8 +97,6 @@ static uint64_t get_timer_bits(void);
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|| defined(OPENSSL_SYS_UEFI))
-static ssize_t syscall_random(void *buf, size_t buflen);
-
# if defined(OPENSSL_SYS_VOS)
# ifndef OPENSSL_RAND_SEED_OS
@@ -244,6 +253,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
}
# endif
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
/*
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
@@ -254,7 +264,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* Note: 'buflen' equals the size of the buffer which is used by the
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
*
- * 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
+ * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
*
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
@@ -302,8 +312,9 @@ static ssize_t syscall_random(void *buf, size_t buflen)
return -1;
# endif
}
+# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
-#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
static const char *random_device_paths[] = { DEVRANDOM };
static struct random_device {
int fd;
@@ -375,21 +386,13 @@ static void close_random_device(size_t n)
rd->fd = -1;
}
-static void open_random_devices(void)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(random_devices); i++)
- (void)get_random_device(i);
-}
-
int rand_pool_init(void)
{
size_t i;
for (i = 0; i < OSSL_NELEM(random_devices); i++)
random_devices[i].fd = -1;
- open_random_devices();
+
return 1;
}
@@ -403,16 +406,13 @@ void rand_pool_cleanup(void)
void rand_pool_keep_random_devices_open(int keep)
{
- if (keep)
- open_random_devices();
- else
+ if (!keep)
rand_pool_cleanup();
+
keep_random_devices_open = keep;
}
-# else /* defined(OPENSSL_RAND_SEED_NONE)
- * || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
int rand_pool_init(void)
{
@@ -427,9 +427,7 @@ void rand_pool_keep_random_devices_open(int keep)
{
}
-# endif /* !defined(OPENSSL_RAND_SEED_NONE)
- * && defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
/*
* Try the various seeding methods in turn, exit when successful.
@@ -450,14 +448,14 @@ void rand_pool_keep_random_devices_open(int keep)
*/
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
-# ifdef OPENSSL_RAND_SEED_NONE
+# if defined(OPENSSL_RAND_SEED_NONE)
return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
-# ifdef OPENSSL_RAND_SEED_GETRANDOM
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
{
ssize_t bytes;
/* Maximum allowed number of consecutive unsuccessful attempts */
@@ -487,7 +485,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
}
# endif
-# ifdef OPENSSL_RAND_SEED_DEVRANDOM
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
{
size_t i;
@@ -524,19 +522,19 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
}
# endif
-# ifdef OPENSSL_RAND_SEED_RDTSC
+# if defined(OPENSSL_RAND_SEED_RDTSC)
entropy_available = rand_acquire_entropy_from_tsc(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_RDCPU
+# if defined(OPENSSL_RAND_SEED_RDCPU)
entropy_available = rand_acquire_entropy_from_cpu(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_EGD
+# if defined(OPENSSL_RAND_SEED_EGD)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
@@ -577,7 +575,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
/*
* Add process id, thread id, and a high resolution timestamp to
- * ensure that the nonce is unique whith high probability for
+ * ensure that the nonce is unique with high probability for
* different process instances.
*/
data.pid = getpid();
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c
index c652ddcf1e6c..1b737d1ba2ba 100644
--- a/crypto/openssl/crypto/rand/randfile.c
+++ b/crypto/openssl/crypto/rand/randfile.c
@@ -16,6 +16,7 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
@@ -48,7 +49,7 @@
# define S_ISREG(m) ((m) & S_IFREG)
# endif
-#define RAND_FILE_SIZE 1024
+#define RAND_BUF_SIZE 1024
#define RFILE ".rnd"
#ifdef OPENSSL_SYS_VMS
@@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
*/
int RAND_load_file(const char *file, long bytes)
{
- unsigned char buf[RAND_FILE_SIZE];
+ /*
+ * The load buffer size exceeds the chunk size by the comfortable amount
+ * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+ * to avoid calling RAND_add() with a small final chunk. Instead, such
+ * a small final chunk will be added together with the previous chunk
+ * (unless it's the only one).
+ */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+ unsigned char buf[RAND_LOAD_BUF_SIZE];
+
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
#endif
@@ -98,8 +108,12 @@ int RAND_load_file(const char *file, long bytes)
return -1;
}
- if (!S_ISREG(sb.st_mode) && bytes < 0)
- bytes = 256;
+ if (bytes < 0) {
+ if (S_ISREG(sb.st_mode))
+ bytes = sb.st_size;
+ else
+ bytes = RAND_DRBG_STRENGTH;
+ }
#endif
/*
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
@@ -124,9 +138,9 @@ int RAND_load_file(const char *file, long bytes)
for ( ; ; ) {
if (bytes > 0)
- n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
+ n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
else
- n = RAND_FILE_SIZE;
+ n = RAND_LOAD_BUF_SIZE;
i = fread(buf, 1, n, in);
#ifdef EINTR
if (ferror(in) && errno == EINTR){
@@ -148,12 +162,18 @@ int RAND_load_file(const char *file, long bytes)
OPENSSL_cleanse(buf, sizeof(buf));
fclose(in);
+ if (!RAND_status()) {
+ RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+ ERR_add_error_data(2, "Filename=", file);
+ return -1;
+ }
+
return ret;
}
int RAND_write_file(const char *file)
{
- unsigned char buf[RAND_FILE_SIZE];
+ unsigned char buf[RAND_BUF_SIZE];
int ret = -1;
FILE *out = NULL;
#ifndef OPENSSL_NO_POSIX_IO
@@ -222,9 +242,9 @@ int RAND_write_file(const char *file)
chmod(file, 0600);
#endif
- ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
+ ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
fclose(out);
- OPENSSL_cleanse(buf, RAND_FILE_SIZE);
+ OPENSSL_cleanse(buf, RAND_BUF_SIZE);
return ret;
}
@@ -262,11 +282,9 @@ const char *RAND_file_name(char *buf, size_t size)
}
}
#else
- if (OPENSSL_issetugid() != 0) {
- use_randfile = 0;
- } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
+ if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
- s = getenv("HOME");
+ s = ossl_safe_getenv("HOME");
}
#endif
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 72d1b5e0715d..49c34b7c36c9 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -125,8 +125,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_clear_free(r->n);
- BN_clear_free(r->e);
+ BN_free(r->n);
+ BN_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
@@ -196,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
r->e = e;
}
if (d != NULL) {
- BN_free(r->d);
+ BN_clear_free(r->d);
r->d = d;
}
@@ -213,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
return 0;
if (p != NULL) {
- BN_free(r->p);
+ BN_clear_free(r->p);
r->p = p;
}
if (q != NULL) {
- BN_free(r->q);
+ BN_clear_free(r->q);
r->q = q;
}
@@ -235,15 +235,15 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
return 0;
if (dmp1 != NULL) {
- BN_free(r->dmp1);
+ BN_clear_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
- BN_free(r->dmq1);
+ BN_clear_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
- BN_free(r->iqmp);
+ BN_clear_free(r->iqmp);
r->iqmp = iqmp;
}
diff --git a/crypto/openssl/crypto/rsa/rsa_meth.c b/crypto/openssl/crypto/rsa/rsa_meth.c
index f5880a73d0f7..def19f375f92 100644
--- a/crypto/openssl/crypto/rsa/rsa_meth.c
+++ b/crypto/openssl/crypto/rsa/rsa_meth.c
@@ -163,13 +163,13 @@ int RSA_meth_set_priv_dec(RSA_METHOD *meth,
/* Can be null */
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)
{
return meth->rsa_mod_exp;
}
int RSA_meth_set_mod_exp(RSA_METHOD *meth,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx))
{
meth->rsa_mod_exp = mod_exp;
diff --git a/crypto/openssl/crypto/rsa/rsa_ossl.c b/crypto/openssl/crypto/rsa/rsa_ossl.c
index d581777eec9b..2b1b006c2801 100644
--- a/crypto/openssl/crypto/rsa/rsa_ossl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ossl.c
@@ -680,10 +680,11 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
*/
|| !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
- /* r0 = r0 * iqmp mod p */
+ /* r1 = r1 * iqmp mod p */
|| !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
|| !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
ctx)
+ /* r0 = r1 * q + m1 */
|| !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
|| !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
goto err;
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
index 3bce19be9ea4..1184cf233eba 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
@@ -432,9 +432,9 @@ SHA3_absorb:
lrvg %r0,0($inp)
la $inp,8($inp)
xg %r0,0(%r1)
- la %r1,8(%r1)
a${g}hi $len,-8
- stg %r0,-8(%r1)
+ stg %r0,0(%r1)
+ la %r1,8(%r1)
brct $bsz,.Lblock_absorb
stm${g} $inp,$len,$frame+3*$SIZE_T($sp)
diff --git a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
index 2792800b475c..0d4fdd292c07 100755
--- a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
@@ -166,8 +166,8 @@ $func:
addi r11,r11,32
stvx v30,r10,$sp
stvx v31,r11,$sp
- li r11,-4096+255
- stw $vrsave,`$FRAME+6*$SIZE_T-4`($sp) # save vrsave
+ li r11,-4096+255 # 0xfffff0ff
+ stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave
li $x10,0x10
$PUSH r26,`$FRAME-6*$SIZE_T`($sp)
li $x20,0x20
@@ -286,24 +286,17 @@ $code.=<<___ if ($SZ==8);
stvx_u $G,$x30,$ctx
___
$code.=<<___;
- li r10,`$LOCALS+15`
+ addi $offload,$sp,`$LOCALS+15`
mtlr $lrsave
- li r11,`$LOCALS+31`
mtspr 256,$vrsave
- lvx v24,r10,$sp # ABI says so
- addi r10,r10,32
- lvx v25,r11,$sp
- addi r11,r11,32
- lvx v26,r10,$sp
- addi r10,r10,32
- lvx v27,r11,$sp
- addi r11,r11,32
- lvx v28,r10,$sp
- addi r10,r10,32
- lvx v29,r11,$sp
- addi r11,r11,32
- lvx v30,r10,$sp
- lvx v31,r11,$sp
+ lvx v24,$x00,$offload # ABI says so
+ lvx v25,$x10,$offload
+ lvx v26,$x20,$offload
+ lvx v27,$x30,$offload
+ lvx v28,$x40,$offload
+ lvx v29,$x50,$offload
+ lvx v30,$x60,$offload
+ lvx v31,$x70,$offload
$POP r26,`$FRAME-6*$SIZE_T`($sp)
$POP r27,`$FRAME-5*$SIZE_T`($sp)
$POP r28,`$FRAME-4*$SIZE_T`($sp)
diff --git a/crypto/openssl/crypto/siphash/siphash.c b/crypto/openssl/crypto/siphash/siphash.c
index ff84a29f8215..be74a38d934d 100644
--- a/crypto/openssl/crypto/siphash/siphash.c
+++ b/crypto/openssl/crypto/siphash/siphash.c
@@ -94,7 +94,19 @@ int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
&& hash_size != SIPHASH_MAX_DIGEST_SIZE)
return 0;
- ctx->hash_size = hash_size;
+ /*
+ * It's possible that the key was set first. If the hash size changes,
+ * we need to adjust v1 (see SipHash_Init().
+ */
+
+ /* Start by adjusting the stored size, to make things easier */
+ ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+ /* Now, adjust ctx->v1 if the old and the new size differ */
+ if ((size_t)ctx->hash_size != hash_size) {
+ ctx->v1 ^= 0xee;
+ ctx->hash_size = hash_size;
+ }
return 1;
}
diff --git a/crypto/openssl/crypto/sm2/sm2_crypt.c b/crypto/openssl/crypto/sm2/sm2_crypt.c
index 9c69a4505487..4389fc731edd 100644
--- a/crypto/openssl/crypto/sm2/sm2_crypt.c
+++ b/crypto/openssl/crypto/sm2/sm2_crypt.c
@@ -11,6 +11,7 @@
#include "internal/sm2.h"
#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
@@ -203,7 +204,7 @@ int sm2_encrypt(const EC_KEY *key,
}
/* X9.63 with no salt happens to match the KDF used in SM2 */
- if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+ if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
@@ -344,7 +345,7 @@ int sm2_decrypt(const EC_KEY *key,
if (BN_bn2binpad(x2, x2y2, field_size) < 0
|| BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
- || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+ || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
goto done;
diff --git a/crypto/openssl/crypto/sm2/sm2_sign.c b/crypto/openssl/crypto/sm2/sm2_sign.c
index e594ffd10a0b..0f9c14cb5f4c 100644
--- a/crypto/openssl/crypto/sm2/sm2_sign.c
+++ b/crypto/openssl/crypto/sm2/sm2_sign.c
@@ -12,6 +12,7 @@
#include "internal/sm2.h"
#include "internal/sm2err.h"
#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include "internal/numbers.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/err.h>
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
index 45d48202b561..6b996134df49 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -415,6 +415,24 @@ static int open_console(UI *ui)
is_a_tty = 0;
else
# endif
+# ifdef ENXIO
+ /*
+ * Solaris can return ENXIO.
+ * This should be ok
+ */
+ if (errno == ENXIO)
+ is_a_tty = 0;
+ else
+# endif
+# ifdef EIO
+ /*
+ * Linux can return EIO.
+ * This should be ok
+ */
+ if (errno == EIO)
+ is_a_tty = 0;
+ else
+# endif
# ifdef ENODEV
/*
* MacOS X returns ENODEV (Operation not supported by device),
diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c
index 11ac52ce3c55..b3760dbadf3a 100644
--- a/crypto/openssl/crypto/x509/by_dir.c
+++ b/crypto/openssl/crypto/x509/by_dir.c
@@ -73,7 +73,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- const char *dir = getenv(X509_get_default_cert_dir_env());
+ const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
index 78d7fbdf4488..244512c9352b 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -46,7 +46,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 3a60d412daf8..61e81922b4da 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
/* check_purpose() makes the callback as needed */
if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
return 0;
- /* Check pathlen if not self issued */
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
- && (x->ex_pathlen != -1)
- && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+ /* Check pathlen */
+ if ((i > 1) && (x->ex_pathlen != -1)
+ && (plen > (x->ex_pathlen + proxy_path_length))) {
if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
return 0;
}
- /* Increment path length if not self issued */
- if (!(x->ex_flags & EXFLAG_SI))
+ /* Increment path length if not a self issued intermediate CA */
+ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
plen++;
/*
* If this certificate is a proxy certificate, the next certificate
diff --git a/crypto/openssl/doc/man1/ca.pod b/crypto/openssl/doc/man1/ca.pod
index 9b282e6479a8..e998eabf8358 100644
--- a/crypto/openssl/doc/man1/ca.pod
+++ b/crypto/openssl/doc/man1/ca.pod
@@ -250,8 +250,10 @@ for all available algorithms.
=item B<-subj arg>
Supersedes subject name given in the request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the resulting certificate.
=item B<-utf8>
diff --git a/crypto/openssl/doc/man1/enc.pod b/crypto/openssl/doc/man1/enc.pod
index 01cca4ea93f1..2136a9497849 100644
--- a/crypto/openssl/doc/man1/enc.pod
+++ b/crypto/openssl/doc/man1/enc.pod
@@ -257,7 +257,7 @@ ones provided by configured engines.
The B<enc> program does not support authenticated encryption modes
like CCM and GCM, and will not support such modes in the future.
The B<enc> interface by necessity must begin streaming output (e.g.,
-to standard output when B<-out> is not used before the authentication
+to standard output when B<-out> is not used) before the authentication
tag could be validated, leading to the usage of B<enc> in pipelines
that begin processing untrusted data and are not capable of rolling
back upon authentication failure. The AEAD modes currently in common
@@ -277,6 +277,7 @@ standard data format and performs the needed key/iv/nonce management.
bf-cbc Blowfish in CBC mode
bf Alias for bf-cbc
+ blowfish Alias for bf-cbc
bf-cfb Blowfish in CFB mode
bf-ecb Blowfish in ECB mode
bf-ofb Blowfish in OFB mode
@@ -288,6 +289,8 @@ standard data format and performs the needed key/iv/nonce management.
cast5-ecb CAST5 in ECB mode
cast5-ofb CAST5 in OFB mode
+ chacha20 ChaCha20 algorithm
+
des-cbc DES in CBC mode
des Alias for des-cbc
des-cfb DES in CFB mode
@@ -334,6 +337,19 @@ standard data format and performs the needed key/iv/nonce management.
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
+ seed-cbc SEED cipher in CBC mode
+ seed Alias for seed-cbc
+ seed-cfb SEED cipher in CFB mode
+ seed-ecb SEED cipher in ECB mode
+ seed-ofb SEED cipher in OFB mode
+
+ sm4-cbc SM4 cipher in CBC mode
+ sm4 Alias for sm4-cbc
+ sm4-cfb SM4 cipher in CFB mode
+ sm4-ctr SM4 cipher in CTR mode
+ sm4-ecb SM4 cipher in ECB mode
+ sm4-ofb SM4 cipher in OFB mode
+
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
@@ -343,6 +359,15 @@ standard data format and performs the needed key/iv/nonce management.
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
+ aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
+ aria[128|192|256] Alias for aria-[128|192|256]-cbc
+ aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
+ aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+ aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+ aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
+ aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
+ aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
+
camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
@@ -362,26 +387,25 @@ Decode the same file
openssl base64 -d -in file.b64 -out file.bin
-Encrypt a file using triple DES in CBC mode using a prompted password:
+Encrypt a file using AES-128 using a prompted password
+and PBKDF2 key derivation:
- openssl des3 -salt -in file.txt -out file.des3
+ openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
Decrypt a file using a supplied password:
- openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+ openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+ -pass pass:<password>
Encrypt a file then base64 encode it (so it can be sent via mail for example)
-using Blowfish in CBC mode:
-
- openssl bf -a -salt -in file.txt -out file.bf
-
-Base64 decode a file then decrypt it:
+using AES-256 in CTR mode and PBKDF2 key derivation:
- openssl bf -d -salt -a -in file.bf -out file.txt
+ openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
-Decrypt some data using a supplied 40 bit RC4 key:
+Base64 decode a file then decrypt it using a password supplied in a file:
- openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+ openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+ -pass file:<passfile>
=head1 BUGS
diff --git a/crypto/openssl/doc/man1/openssl.pod b/crypto/openssl/doc/man1/openssl.pod
index c656a34ec032..a39cf963d988 100644
--- a/crypto/openssl/doc/man1/openssl.pod
+++ b/crypto/openssl/doc/man1/openssl.pod
@@ -40,6 +40,9 @@ The B<openssl> program provides a rich variety of commands (I<command> in the
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Detailed documentation and use cases for most standard subcommands are available
+(e.g., L<x509(1)> or L<openssl-x509(1)>).
+
Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The environment variable B<OPENSSL_CONF> can be used to specify
@@ -369,8 +372,38 @@ SM3 Digest
=head2 Encoding and Cipher Commands
+The following aliases provide convenient access to the most used encodings
+and ciphers.
+
+Depending on how OpenSSL was configured and built, not all ciphers listed
+here may be present. See L<enc(1)> for more information and command usage.
+
=over 4
+=item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
+
+AES-128 Cipher
+
+=item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
+
+AES-192 Cipher
+
+=item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
+
+AES-256 Cipher
+
+=item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
+
+Aria-128 Cipher
+
+=item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
+
+Aria-192 Cipher
+
+=item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
+
+Aria-256 Cipher
+
=item B<base64>
Base64 Encoding
@@ -379,6 +412,18 @@ Base64 Encoding
Blowfish Cipher
+=item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
+
+Camellia-128 Cipher
+
+=item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
+
+Camellia-192 Cipher
+
+=item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
+
+Camellia-256 Cipher
+
=item B<cast>, B<cast-cbc>
CAST Cipher
@@ -387,6 +432,10 @@ CAST Cipher
CAST5 Cipher
+=item B<chacha20>
+
+Chacha20 Cipher
+
=item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
DES Cipher
@@ -411,6 +460,14 @@ RC4 Cipher
RC5 Cipher
+=item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
+
+SEED Cipher
+
+=item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
+
+SM4 Cipher
+
=back
=head1 OPTIONS
diff --git a/crypto/openssl/doc/man1/req.pod b/crypto/openssl/doc/man1/req.pod
index 113cd9b6c985..c76d63d6fd81 100644
--- a/crypto/openssl/doc/man1/req.pod
+++ b/crypto/openssl/doc/man1/req.pod
@@ -221,8 +221,10 @@ see L<openssl(1)/COMMAND SUMMARY>.
Sets subject name for new request or supersedes the subject name
when processing a request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the request.
=item B<-multivalue-rdn>
diff --git a/crypto/openssl/doc/man1/rsa.pod b/crypto/openssl/doc/man1/rsa.pod
index 14a8fb1e2989..37f64616c00f 100644
--- a/crypto/openssl/doc/man1/rsa.pod
+++ b/crypto/openssl/doc/man1/rsa.pod
@@ -9,8 +9,8 @@ rsa - RSA key processing tool
B<openssl> B<rsa>
[B<-help>]
-[B<-inform PEM|NET|DER>]
-[B<-outform PEM|NET|DER>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
@@ -53,16 +53,15 @@ utility.
Print out a usage message.
-=item B<-inform DER|NET|PEM>
+=item B<-inform DER|PEM>
This specifies the input format. The B<DER> option uses an ASN1 DER encoded
form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
-section.
+keys are also accepted.
-=item B<-outform DER|NET|PEM>
+=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning and default
as the B<-inform> option.
@@ -158,17 +157,6 @@ The PEM B<RSAPublicKey> format uses the header and footer lines:
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
-The B<NET> form is a format compatible with older Netscape servers
-and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
-It is not very secure and so should only be used when necessary.
-
-Some newer version of IIS have additional data in the exported .key
-files. To use these with the utility, view the file with a binary editor
-and look for the string "private-key", then trace back to the byte
-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
-from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option.
-
=head1 EXAMPLES
To remove the pass phrase on an RSA private key:
@@ -197,9 +185,6 @@ Output the public part of a private key in B<RSAPublicKey> format:
=head1 BUGS
-The command line password arguments don't currently work with
-B<NET> format.
-
There should be an option that automatically handles .key files,
without having to manually edit them.
diff --git a/crypto/openssl/doc/man1/s_server.pod b/crypto/openssl/doc/man1/s_server.pod
index 07016fc46131..f4c4eda35313 100644
--- a/crypto/openssl/doc/man1/s_server.pod
+++ b/crypto/openssl/doc/man1/s_server.pod
@@ -405,13 +405,14 @@ Inhibit printing of session and certificate information.
Sends a status message back to the client when it connects. This includes
information about the ciphers used and various session parameters.
The output is in HTML format so this option will normally be used with a
-web browser.
+web browser. Cannot be used in conjunction with B<-early_data>.
=item B<-WWW>
Emulates a simple web server. Pages will be resolved relative to the
current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded.
+requested the file ./page.html will be loaded. Cannot be used in conjunction
+with B<-early_data>.
=item B<-tlsextdebug>
@@ -423,7 +424,8 @@ Emulates a simple web server. Pages will be resolved relative to the
current directory, for example if the URL https://myhost/page.html is
requested the file ./page.html will be loaded. The files loaded are
assumed to contain a complete and correct HTTP response (lines that
-are part of the HTTP response line and headers must end with CRLF).
+are part of the HTTP response line and headers must end with CRLF). Cannot be
+used in conjunction with B<-early_data>.
=item B<-id_prefix val>
@@ -488,7 +490,8 @@ output.
=item B<-rev>
Simple test server which just reverses the text received from the client
-and sends it back to the server. Also sets B<-brief>.
+and sends it back to the server. Also sets B<-brief>. Cannot be used in
+conjunction with B<-early_data>.
=item B<-async>
@@ -711,7 +714,8 @@ greater than or equal to 0.
=item B<-early_data>
-Accept early data where possible.
+Accept early data where possible. Cannot be used in conjunction with B<-www>,
+B<-WWW>, B<-HTTP> or B<-rev>.
=item B<-anti_replay>, B<-no_anti_replay>
diff --git a/crypto/openssl/doc/man1/storeutl.pod b/crypto/openssl/doc/man1/storeutl.pod
index 3f26ab500b83..083f0282469e 100644
--- a/crypto/openssl/doc/man1/storeutl.pod
+++ b/crypto/openssl/doc/man1/storeutl.pod
@@ -82,8 +82,11 @@ returned.
=item B<-subject arg>
Search for an object having the subject name B<arg>.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted but are ignored for the search. That is,
+a search with an empty value will have the same effect as not specifying
+the type at all.
=item B<-issuer arg>
diff --git a/crypto/openssl/doc/man1/x509.pod b/crypto/openssl/doc/man1/x509.pod
index 6e4d28815530..547da5da2368 100644
--- a/crypto/openssl/doc/man1/x509.pod
+++ b/crypto/openssl/doc/man1/x509.pod
@@ -9,8 +9,8 @@ x509 - Certificate display and signing utility
B<openssl> B<x509>
[B<-help>]
-[B<-inform DER|PEM|NET>]
-[B<-outform DER|PEM|NET>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
[B<-keyform DER|PEM>]
[B<-CAform DER|PEM>]
[B<-CAkeyform DER|PEM>]
@@ -86,16 +86,15 @@ various sections.
Print out a usage message.
-=item B<-inform DER|PEM|NET>
+=item B<-inform DER|PEM>
This specifies the input format normally the command will expect an X509
certificate but this can change if other options such as B<-req> are
present. The DER format is the DER encoding of the certificate and PEM
is the base64 encoding of the DER encoding with header and footer lines
-added. The NET option is an obscure Netscape server format that is now
-obsolete. The default format is PEM.
+added. The default format is PEM.
-=item B<-outform DER|PEM|NET>
+=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning and default
as the B<-inform> option.
diff --git a/crypto/openssl/doc/man3/DES_random_key.pod b/crypto/openssl/doc/man3/DES_random_key.pod
index f543bea1ee7b..6e0394d637b2 100644
--- a/crypto/openssl/doc/man3/DES_random_key.pod
+++ b/crypto/openssl/doc/man3/DES_random_key.pod
@@ -99,7 +99,7 @@ algorithm.
There are two phases to the use of DES encryption. The first is the
generation of a I<DES_key_schedule> from a key, the second is the
-actual encryption. A DES key is of type I<DES_cblock>. This type is
+actual encryption. A DES key is of type I<DES_cblock>. This type
consists of 8 bytes with odd parity. The least significant bit in
each byte is the parity bit. The key schedule is an expanded form of
the key; it is used to speed the encryption process.
@@ -170,42 +170,42 @@ of 24 bytes. This is much better than CBC DES.
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
This form of Triple-DES is used by the RSAREF library.
-DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block
chaining mode used by Kerberos v4. Its parameters are the same as
DES_ncbc_encrypt().
-DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
-method takes an array of characters as input and outputs and array of
+DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This
+method takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the I<ivec> variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
a complete DES ECB encryption per I<numbits>, this function is only
-suggested for use when sending small numbers of characters.
+suggested for use when sending a small number of characters.
DES_cfb64_encrypt()
-implements CFB mode of DES with 64bit feedback. Why is this
+implements CFB mode of DES with 64-bit feedback. Why is this
useful you ask? Because this routine will allow you to encrypt an
-arbitrary number of bytes, no 8 byte padding. Each call to this
+arbitrary number of bytes, without 8 byte padding. Each call to this
routine will encrypt the input bytes to output and then update ivec
and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of DES :-).
+not make much sense, read more about CFB mode of DES.
DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
DES_cfb64_encrypt() except that Triple-DES is used.
DES_ofb_encrypt() encrypts using output feedback mode. This method
-takes an array of characters as input and outputs and array of
+takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the I<ivec> variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete DES ECB encryption per numbits, this function is only
-suggested for use when sending small numbers of characters.
+a complete DES ECB encryption per I<numbits>, this function is only
+suggested for use when sending a small number of characters.
DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
Feed Back mode.
@@ -232,10 +232,10 @@ The following are DES-based transformations:
DES_fcrypt() is a fast version of the Unix crypt(3) function. This
version takes only a small amount of space relative to other fast
-crypt() implementations. This is different to the normal crypt in
+crypt() implementations. This is different to the normal crypt() in
that the third parameter is the buffer that the return value is
written into. It needs to be at least 14 bytes long. This function
-is thread safe, unlike the normal crypt.
+is thread safe, unlike the normal crypt().
DES_crypt() is a faster replacement for the normal system crypt().
This function calls DES_fcrypt() with a static array passed as the
diff --git a/crypto/openssl/doc/man3/EVP_DigestInit.pod b/crypto/openssl/doc/man3/EVP_DigestInit.pod
index 0fedd17ce6c6..5ecbcc5e8992 100644
--- a/crypto/openssl/doc/man3/EVP_DigestInit.pod
+++ b/crypto/openssl/doc/man3/EVP_DigestInit.pod
@@ -310,16 +310,17 @@ This example digests the data "Test Message\n" and "Hello World\n", using the
digest name passed on the command line.
#include <stdio.h>
+ #include <string.h>
#include <openssl/evp.h>
- main(int argc, char *argv[])
+ int main(int argc, char *argv[])
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
char mess1[] = "Test Message\n";
char mess2[] = "Hello World\n";
unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
+ unsigned int md_len, i;
if (argv[1] == NULL) {
printf("Usage: mdtest digestname\n");
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
index e1a107c06e3c..4982e9205305 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -4,20 +4,55 @@
EVP_PKEY_CTX_ctrl,
EVP_PKEY_CTX_ctrl_str,
+EVP_PKEY_CTX_ctrl_uint64,
+EVP_PKEY_CTX_md,
EVP_PKEY_CTX_set_signature_md,
EVP_PKEY_CTX_get_signature_md,
EVP_PKEY_CTX_set_mac_key,
EVP_PKEY_CTX_set_rsa_padding,
+EVP_PKEY_CTX_get_rsa_padding,
EVP_PKEY_CTX_set_rsa_pss_saltlen,
+EVP_PKEY_CTX_get_rsa_pss_saltlen,
EVP_PKEY_CTX_set_rsa_keygen_bits,
EVP_PKEY_CTX_set_rsa_keygen_pubexp,
+EVP_PKEY_CTX_set_rsa_keygen_primes,
+EVP_PKEY_CTX_set_rsa_mgf1_md,
+EVP_PKEY_CTX_get_rsa_mgf1_md,
+EVP_PKEY_CTX_set_rsa_oaep_md,
+EVP_PKEY_CTX_get_rsa_oaep_md,
+EVP_PKEY_CTX_set0_rsa_oaep_label,
+EVP_PKEY_CTX_get0_rsa_oaep_label,
EVP_PKEY_CTX_set_dsa_paramgen_bits,
EVP_PKEY_CTX_set_dh_paramgen_prime_len,
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
EVP_PKEY_CTX_set_dh_paramgen_generator,
+EVP_PKEY_CTX_set_dh_paramgen_type,
+EVP_PKEY_CTX_set_dh_rfc5114,
+EVP_PKEY_CTX_set_dhx_rfc5114,
EVP_PKEY_CTX_set_dh_pad,
EVP_PKEY_CTX_set_dh_nid,
+EVP_PKEY_CTX_set_dh_kdf_type,
+EVP_PKEY_CTX_get_dh_kdf_type,
+EVP_PKEY_CTX_set0_dh_kdf_oid,
+EVP_PKEY_CTX_get0_dh_kdf_oid,
+EVP_PKEY_CTX_set_dh_kdf_md,
+EVP_PKEY_CTX_get_dh_kdf_md,
+EVP_PKEY_CTX_set_dh_kdf_outlen,
+EVP_PKEY_CTX_get_dh_kdf_outlen,
+EVP_PKEY_CTX_set0_dh_kdf_ukm,
+EVP_PKEY_CTX_get0_dh_kdf_ukm,
EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
EVP_PKEY_CTX_set_ec_param_enc,
+EVP_PKEY_CTX_set_ecdh_cofactor_mode,
+EVP_PKEY_CTX_get_ecdh_cofactor_mode,
+EVP_PKEY_CTX_set_ecdh_kdf_type,
+EVP_PKEY_CTX_get_ecdh_kdf_type,
+EVP_PKEY_CTX_set_ecdh_kdf_md,
+EVP_PKEY_CTX_get_ecdh_kdf_md,
+EVP_PKEY_CTX_set_ecdh_kdf_outlen,
+EVP_PKEY_CTX_get_ecdh_kdf_outlen,
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm,
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm,
EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
- algorithm specific control operations
@@ -27,9 +62,13 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+ int cmd, uint64_t value);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
+ int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
@@ -38,22 +77,58 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
#include <openssl/rsa.h>
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
#include <openssl/dsa.h>
+
int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
#include <openssl/dh.h>
+
int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
#include <openssl/ec.h>
+
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+ int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+ int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
@@ -73,6 +148,9 @@ and B<p2> is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.
Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
instead call one of the algorithm specific macros below.
+The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a
+uint64 value as B<p2> to EVP_PKEY_CTX_ctrl().
+
The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm
specific control operation to a context B<ctx> in string form. This is
intended to be used for options specified on the command line or in text
@@ -80,6 +158,9 @@ files. The commands supported are documented in the openssl utility
command line pages for the option B<-pkeyopt> which is supported by the
B<pkeyutl>, B<genpkey> and B<req> commands.
+The function EVP_PKEY_CTX_md() sends a message digest control operation
+to the context B<ctx>. The message digest is specified by its name B<md>.
+
All the remaining "functions" are implemented as macros.
The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
@@ -99,12 +180,14 @@ L<EVP_PKEY_new_raw_private_key(3)> or similar functions instead of this macro.
The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
supported by the L<EVP_PKEY_new_raw_private_key(3)> function.
-The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
-The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
-RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
-RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
-RSA_X931_PADDING for X9.31 padding (signature operations only) and
-RSA_PKCS1_PSS_PADDING (sign and verify only).
+=head2 RSA parameters
+
+The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value B<RSA_PKCS1_PADDING> for PKCS#1
+padding, B<RSA_SSLV23_PADDING> for SSLv23 padding, B<RSA_NO_PADDING> for
+no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and
+decrypt only), B<RSA_X931_PADDING> for X9.31 padding (signature operations
+only) and B<RSA_PKCS1_PSS_PADDING> (sign and verify only).
Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
@@ -116,41 +199,154 @@ padding for RSA the algorithm identifier byte is added or checked and removed
if this control is called. If it is not called then the first byte of the plaintext
buffer is expected to be the algorithm identifier byte.
+The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for B<ctx>.
+
The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
-B<len> as its name implies it is only supported for PSS padding. Three special
-values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the
-digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum
-permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length
+B<len>. As its name implies it is only supported for PSS padding. Three special
+values are supported: B<RSA_PSS_SALTLEN_DIGEST> sets the salt length to the
+digest length, B<RSA_PSS_SALTLEN_MAX> sets the salt length to the maximum
+permissible value. When verifying B<RSA_PSS_SALTLEN_AUTO> causes the salt length
to be automatically determined based on the B<PSS> block structure. If this
macro is not called maximum salt length is used when signing and auto detection
when verifying is used by default.
+The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length
+for B<ctx>. The padding mode must have been set to B<RSA_PKCS1_PSS_PADDING>.
+
The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for
RSA key generation to B<bits>. If not specified 1024 bits is used.
The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
-for RSA key generation to B<pubexp> currently it should be an odd integer. The
+for RSA key generation to B<pubexp>. Currently it should be an odd integer. The
B<pubexp> pointer is used internally by this function so it should not be
-modified or free after the call. If this macro is not called then 65537 is used.
+modified or freed after the call. If not specified 65537 is used.
+
+The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for
+RSA key generation to B<primes>. If not specified 2 is used.
+
+The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding
+schemes to B<md>. If not explicitly set the signing digest is used. The
+padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>
+or B<RSA_PKCS1_PSS_PADDING>.
+
+The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for B<ctx>.
+If not explicitly set the signing digest is used. The padding mode must have
+been set to B<RSA_PKCS1_OAEP_PADDING> or B<RSA_PKCS1_PSS_PADDING>.
+
+The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used
+in RSA OAEP to B<md>. The padding mode must have been set to
+B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used
+in RSA OAEP to B<md>. The padding mode must have been set to
+B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to
+B<label> and its length to B<len>. If B<label> is NULL or B<len> is 0,
+the label is cleared. The library takes ownership of the label so the
+caller should not free the original memory pointed to by B<label>.
+The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to
+B<label>. The return value is the label length. The padding mode
+must have been set to B<RSA_PKCS1_OAEP_PADDING>. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 DSA parameters
-The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used
for DSA parameter generation to B<bits>. If not specified 1024 is used.
-The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+=head2 DH parameters
+
+The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH
prime parameter B<p> for DH parameter generation. If this macro is not called
-then 1024 is used.
+then 1024 is used. Only accepts lengths greater than or equal to 256.
+
+The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH
+optional subprime parameter B<q> for DH parameter generation. The default is
+256 if the prime is at least 2048 bits long or 160 otherwise. The DH
+paramgen type must have been set to x9.42.
The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
for DH parameter generation. If not specified 2 is used.
+The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH
+parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
+The default is 0.
+
The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is
1 the shared secret is padded with zeroes up to the size of the DH prime B<p>.
If B<pad> is zero (the default) then no padding is performed.
EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to
-B<nid>. The B<nid> parameter must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
-B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>. This macro can be
-called during parameter or key generation.
+B<nid> as defined in RFC7919. The B<nid> parameter must be B<NID_ffdhe2048>,
+B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>
+or B<NID_undef> to clear the stored value. This macro can be called during
+parameter or key generation.
+The nid parameter and the rfc5114 parameter are mutually exclusive.
+
+The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
+synonymous. They set the DH parameters to the values defined in RFC5114. The
+B<rfc5114> parameter must be 1, 2 or 3 corresponding to RFC5114 sections
+2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called
+during parameter generation. The B<ctx> must have a key type of
+B<EVP_PKEY_DHX>.
+The rfc5114 parameter and the nid parameter are mutually exclusive.
+
+=head2 DH key derivation function parameters
+
+Note that all of the following functions require that the B<ctx> parameter has
+a private key type of B<EVP_PKEY_DHX>. When using key derivation, the output of
+EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret.
+The KDF output is typically used as a Key Encryption Key (KEK) that in turn
+encrypts a Content Encryption Key (CEK).
+
+The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type
+to B<kdf> for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
+and B<EVP_PKEY_DH_KDF_X9_42> which uses the key derivation specified in RFC2631
+(based on the keying algorithm described in X9.42). When using key derivation,
+the B<kdf_oid>, B<kdf_md> and B<kdf_outlen> parameters must also be specified.
+
+The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type
+for B<ctx> used for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
+and B<EVP_PKEY_DH_KDF_X9_42>.
+
+The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function
+object identifier to B<oid> for DH key derivation. This OID should identify
+the algorithm to be used with the Content Encryption Key.
+The library takes ownership of the object identifier so the caller should not
+free the original memory pointed to by B<oid>.
+
+The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid
+for B<ctx> used for DH key derivation. The resulting pointer is owned by the
+library and should not be freed by the caller.
+
+The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function
+message digest to B<md> for DH key derivation. Note that RFC2631 specifies
+that this digest should be SHA1 but OpenSSL tolerates other digests.
+
+The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function
+message digest for B<ctx> used for DH key derivation.
+
+The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function
+output length to B<len> for DH key derivation.
+
+The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function
+output length for B<ctx> used for DH key derivation.
+
+The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to
+B<ukm> and its length to B<len> for DH key derivation. This parameter is optional
+and corresponds to the partyAInfo field in RFC2631 terms. The specification
+requires that it is 512 bits long but this is not enforced by OpenSSL.
+The library takes ownership of the user key material so the caller should not
+free the original memory pointed to by B<ukm>.
+
+The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for B<ctx>.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 EC parameters
The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
generation to B<nid>. For EC parameter generation this macro must be called
@@ -158,7 +354,7 @@ or an error occurs because there is no default curve.
This function can also be called to set the curve explicitly when
generating an EC key.
-The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to
+The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to
B<param_enc> when generating EC parameters or an EC key. The encoding can be
B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
@@ -166,6 +362,53 @@ For maximum compatibility the named curve form should be used. Note: the
B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
versions should use 0 instead.
+=head2 ECDH parameters
+
+The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to
+B<cofactor_mode> for ECDH key derivation. Possible values are 1 to enable
+cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor
+mode and fallback to the private key cofactor mode.
+
+The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for
+B<ctx> used for ECDH key derivation. Possible values are 1 when cofactor key
+derivation is enabled and 0 otherwise.
+
+=head2 ECDH key derivation function parameters
+
+The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type
+to B<kdf> for ECDH key derivation. Possible values are B<EVP_PKEY_ECDH_KDF_NONE>
+and B<EVP_PKEY_ECDH_KDF_X9_63> which uses the key derivation specified in X9.63.
+When using key derivation, the B<kdf_md> and B<kdf_outlen> parameters must
+also be specified.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function
+type for B<ctx> used for ECDH key derivation. Possible values are
+B<EVP_PKEY_ECDH_KDF_NONE> and B<EVP_PKEY_ECDH_KDF_X9_63>.
+
+The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function
+message digest to B<md> for ECDH key derivation. Note that X9.63 specifies
+that this digest should be SHA1 but OpenSSL tolerates other digests.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function
+message digest for B<ctx> used for ECDH key derivation.
+
+The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function
+output length to B<len> for ECDH key derivation.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function
+output length for B<ctx> used for ECDH key derivation.
+
+The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to B<ukm>
+for ECDH key derivation. This parameter is optional and corresponds to the
+shared info in X9.63 terms. The library takes ownership of the user key material
+so the caller should not free the original memory pointed to by B<ukm>.
+
+The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for B<ctx>.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 Other parameters
+
The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
macros are used to manipulate the special identifier field for specific signature
algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with
@@ -191,7 +434,7 @@ L<EVP_PKEY_decrypt(3)>,
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)>
+L<EVP_PKEY_derive(3)>,
L<EVP_PKEY_keygen(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
index 1433a50a6ffe..e8f19cfc9980 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
@@ -68,12 +68,12 @@ error occurs.
=back
-EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
+EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.
EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
buffer B<salt>. Any existing value is replaced.
-EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
+EVP_PKEY_CTX_set1_hkdf_key() sets the key to B<keylen> bytes of the buffer
B<key>. Any existing value is replaced.
EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
index bd1193e24a5b..7578278a6cfc 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
@@ -32,7 +32,7 @@ The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length.
If the key has usage restrictions then an error is returned if an attempt is
made to set the salt length below the minimum value. It is otherwise similar
to the B<RSA> operation except detection of the salt length (using
-RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has
+RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has
usage restrictions.
The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros
@@ -43,7 +43,7 @@ similar to the B<RSA> versions.
=head2 Key Generation
-As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits()
+As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits()
and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
they have exactly the same meaning as for the RSA algorithm.
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod b/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod
index 749c52c375af..d10fc59d8bcc 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod
@@ -6,8 +6,10 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
-EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
-EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
+EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
+EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
+EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
+EVP_PKEY_set1_engine - EVP_PKEY assignment functions
=head1 SYNOPSIS
@@ -24,6 +26,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -33,6 +37,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+ int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+ int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_id(const EVP_PKEY *pkey);
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
@@ -50,14 +56,15 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
B<NULL> if the key is not of the correct type.
-EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
-EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
-referenced key in B<pkey> or B<NULL> if the key is not of the
-correct type but the reference count of the returned key is
-B<not> incremented and so must not be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
+EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH()
+and EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or B<NULL>
+if the key is not of the correct type but the reference count of the
+returned key is B<not> incremented and so must not be freed up after use.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
+EVP_PKEY_assign_SIPHASH() also set the referenced key to B<key>
however these use the supplied B<key> internally and so B<key>
will be freed when the parent B<pkey> is freed.
@@ -89,8 +96,9 @@ In accordance with the OpenSSL naming convention the key obtained
from or assigned to the B<pkey> using the B<1> functions must be
freed as well as B<pkey>.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() are implemented as macros.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() are implemented as macros.
Most applications wishing to know a key type will simply call
EVP_PKEY_base_id() and will not care about the actual type:
@@ -119,8 +127,9 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
an error occurred.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
diff --git a/crypto/openssl/doc/man3/EVP_aes.pod b/crypto/openssl/doc/man3/EVP_aes.pod
index 6a893993c6a8..4192a9ec369f 100644
--- a/crypto/openssl/doc/man3/EVP_aes.pod
+++ b/crypto/openssl/doc/man3/EVP_aes.pod
@@ -14,6 +14,9 @@ EVP_aes_256_cfb1,
EVP_aes_128_cfb8,
EVP_aes_192_cfb8,
EVP_aes_256_cfb8,
+EVP_aes_128_cfb128,
+EVP_aes_192_cfb128,
+EVP_aes_256_cfb128,
EVP_aes_128_ctr,
EVP_aes_192_ctr,
EVP_aes_256_ctr,
@@ -75,6 +78,9 @@ EVP_aes_256_cfb1(),
EVP_aes_128_cfb8(),
EVP_aes_192_cfb8(),
EVP_aes_256_cfb8(),
+EVP_aes_128_cfb128(),
+EVP_aes_192_cfb128(),
+EVP_aes_256_cfb128(),
EVP_aes_128_ctr(),
EVP_aes_192_ctr(),
EVP_aes_256_ctr(),
@@ -170,7 +176,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_aria.pod b/crypto/openssl/doc/man3/EVP_aria.pod
index 3b6ad3576ed1..fbb79187546c 100644
--- a/crypto/openssl/doc/man3/EVP_aria.pod
+++ b/crypto/openssl/doc/man3/EVP_aria.pod
@@ -14,6 +14,9 @@ EVP_aria_256_cfb1,
EVP_aria_128_cfb8,
EVP_aria_192_cfb8,
EVP_aria_256_cfb8,
+EVP_aria_128_cfb128,
+EVP_aria_192_cfb128,
+EVP_aria_256_cfb128,
EVP_aria_128_ctr,
EVP_aria_192_ctr,
EVP_aria_256_ctr,
@@ -60,6 +63,9 @@ EVP_aria_256_cfb1(),
EVP_aria_128_cfb8(),
EVP_aria_192_cfb8(),
EVP_aria_256_cfb8(),
+EVP_aria_128_cfb128(),
+EVP_aria_192_cfb128(),
+EVP_aria_256_cfb128(),
EVP_aria_128_ctr(),
EVP_aria_192_ctr(),
EVP_aria_256_ctr(),
@@ -100,7 +106,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_bf_cbc.pod b/crypto/openssl/doc/man3/EVP_bf_cbc.pod
index 4a9d3a9f5e76..505d41b4943f 100644
--- a/crypto/openssl/doc/man3/EVP_bf_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_bf_cbc.pod
@@ -4,6 +4,7 @@
EVP_bf_cbc,
EVP_bf_cfb,
+EVP_bf_cfb64,
EVP_bf_ecb,
EVP_bf_ofb
- EVP Blowfish cipher
@@ -14,6 +15,7 @@ EVP_bf_ofb
const EVP_CIPHER *EVP_bf_cbc(void)
const EVP_CIPHER *EVP_bf_cfb(void)
+ const EVP_CIPHER *EVP_bf_cfb64(void)
const EVP_CIPHER *EVP_bf_ecb(void)
const EVP_CIPHER *EVP_bf_ofb(void)
@@ -27,6 +29,7 @@ This is a variable key length cipher.
=item EVP_bf_cbc(),
EVP_bf_cfb(),
+EVP_bf_cfb64(),
EVP_bf_ecb(),
EVP_bf_ofb()
@@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_camellia.pod b/crypto/openssl/doc/man3/EVP_camellia.pod
index 75602cf64573..6ad59f84b110 100644
--- a/crypto/openssl/doc/man3/EVP_camellia.pod
+++ b/crypto/openssl/doc/man3/EVP_camellia.pod
@@ -14,6 +14,9 @@ EVP_camellia_256_cfb1,
EVP_camellia_128_cfb8,
EVP_camellia_192_cfb8,
EVP_camellia_256_cfb8,
+EVP_camellia_128_cfb128,
+EVP_camellia_192_cfb128,
+EVP_camellia_256_cfb128,
EVP_camellia_128_ctr,
EVP_camellia_192_ctr,
EVP_camellia_256_ctr,
@@ -54,6 +57,9 @@ EVP_camellia_256_cfb1(),
EVP_camellia_128_cfb8(),
EVP_camellia_192_cfb8(),
EVP_camellia_256_cfb8(),
+EVP_camellia_128_cfb128(),
+EVP_camellia_192_cfb128(),
+EVP_camellia_256_cfb128(),
EVP_camellia_128_ctr(),
EVP_camellia_192_ctr(),
EVP_camellia_256_ctr(),
@@ -83,7 +89,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod
index 01c38414698b..0be07279259f 100644
--- a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod
@@ -4,6 +4,7 @@
EVP_cast5_cbc,
EVP_cast5_cfb,
+EVP_cast5_cfb64,
EVP_cast5_ecb,
EVP_cast5_ofb
- EVP CAST cipher
@@ -14,6 +15,7 @@ EVP_cast5_ofb
const EVP_CIPHER *EVP_cast5_cbc(void)
const EVP_CIPHER *EVP_cast5_cfb(void)
+ const EVP_CIPHER *EVP_cast5_cfb64(void)
const EVP_CIPHER *EVP_cast5_ecb(void)
const EVP_CIPHER *EVP_cast5_ofb(void)
@@ -28,6 +30,7 @@ This is a variable key length cipher.
=item EVP_cast5_cbc(),
EVP_cast5_ecb(),
EVP_cast5_cfb(),
+EVP_cast5_cfb64(),
EVP_cast5_ofb()
CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
@@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_des.pod b/crypto/openssl/doc/man3/EVP_des.pod
index 836c399c849e..a05149ff8586 100644
--- a/crypto/openssl/doc/man3/EVP_des.pod
+++ b/crypto/openssl/doc/man3/EVP_des.pod
@@ -6,19 +6,24 @@ EVP_des_cbc,
EVP_des_cfb,
EVP_des_cfb1,
EVP_des_cfb8,
+EVP_des_cfb64,
EVP_des_ecb,
+EVP_des_ofb,
EVP_des_ede,
+EVP_des_ede_cbc,
EVP_des_ede_cfb,
+EVP_des_ede_cfb64,
+EVP_des_ede_ecb,
EVP_des_ede_ofb,
-EVP_des_ofb,
EVP_des_ede3,
EVP_des_ede3_cbc,
EVP_des_ede3_cfb,
EVP_des_ede3_cfb1,
EVP_des_ede3_cfb8,
+EVP_des_ede3_cfb64,
+EVP_des_ede3_ecb,
EVP_des_ede3_ofb,
-EVP_des_ede3_wrap,
-EVP_des_ede_cbc
+EVP_des_ede3_wrap
- EVP DES cipher
=head1 SYNOPSIS
@@ -43,27 +48,32 @@ EVP_des_ecb(),
EVP_des_cfb(),
EVP_des_cfb1(),
EVP_des_cfb8(),
+EVP_des_cfb64(),
EVP_des_ofb()
-DES in CBC, ECB, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit
-shift and OFB modes respectively.
+DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit
+shift and OFB modes.
=item EVP_des_ede(),
EVP_des_ede_cbc(),
-EVP_des_ede_ofb(),
-EVP_des_ede_cfb()
+EVP_des_ede_cfb(),
+EVP_des_ede_cfb64(),
+EVP_des_ede_ecb(),
+EVP_des_ede_ofb()
-Two key triple DES in ECB, CBC, CFB and OFB modes respectively.
+Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.
=item EVP_des_ede3(),
EVP_des_ede3_cbc(),
EVP_des_ede3_cfb(),
EVP_des_ede3_cfb1(),
EVP_des_ede3_cfb8(),
+EVP_des_ede3_cfb64(),
+EVP_des_ede3_ecb(),
EVP_des_ede3_ofb()
-Three-key triple DES in ECB, CBC, CFB with 128-bit shift, CFB with 1-bit shift,
-CFB with 8-bit shift and OFB modes respectively.
+Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift,
+CFB with 8-bit shift and OFB modes.
=item EVP_des_ede3_wrap()
@@ -85,7 +95,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_idea_cbc.pod b/crypto/openssl/doc/man3/EVP_idea_cbc.pod
index ace79885e9a3..14dcc903b525 100644
--- a/crypto/openssl/doc/man3/EVP_idea_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_idea_cbc.pod
@@ -4,6 +4,7 @@
EVP_idea_cbc,
EVP_idea_cfb,
+EVP_idea_cfb64,
EVP_idea_ecb,
EVP_idea_ofb
- EVP IDEA cipher
@@ -14,6 +15,7 @@ EVP_idea_ofb
const EVP_CIPHER *EVP_idea_cbc(void)
const EVP_CIPHER *EVP_idea_cfb(void)
+ const EVP_CIPHER *EVP_idea_cfb64(void)
const EVP_CIPHER *EVP_idea_ecb(void)
const EVP_CIPHER *EVP_idea_ofb(void)
@@ -25,6 +27,7 @@ The IDEA encryption algorithm for EVP.
=item EVP_idea_cbc(),
EVP_idea_cfb(),
+EVP_idea_cfb64(),
EVP_idea_ecb(),
EVP_idea_ofb()
@@ -46,7 +49,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_md5.pod b/crypto/openssl/doc/man3/EVP_md5.pod
index 8101143b54ec..725fcbf5e227 100644
--- a/crypto/openssl/doc/man3/EVP_md5.pod
+++ b/crypto/openssl/doc/man3/EVP_md5.pod
@@ -2,7 +2,8 @@
=head1 NAME
-EVP_md5
+EVP_md5,
+EVP_md5_sha1
- MD5 For EVP
=head1 SYNOPSIS
@@ -10,6 +11,7 @@ EVP_md5
#include <openssl/evp.h>
const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_md5_sha1(void);
=head1 DESCRIPTION
diff --git a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod
index 0958e930537e..79769b82635a 100644
--- a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod
@@ -4,6 +4,7 @@
EVP_rc2_cbc,
EVP_rc2_cfb,
+EVP_rc2_cfb64,
EVP_rc2_ecb,
EVP_rc2_ofb,
EVP_rc2_40_cbc,
@@ -16,6 +17,7 @@ EVP_rc2_64_cbc
const EVP_CIPHER *EVP_rc2_cbc(void)
const EVP_CIPHER *EVP_rc2_cfb(void)
+ const EVP_CIPHER *EVP_rc2_cfb64(void)
const EVP_CIPHER *EVP_rc2_ecb(void)
const EVP_CIPHER *EVP_rc2_ofb(void)
const EVP_CIPHER *EVP_rc2_40_cbc(void)
@@ -29,6 +31,7 @@ The RC2 encryption algorithm for EVP.
=item EVP_rc2_cbc(),
EVP_rc2_cfb(),
+EVP_rc2_cfb64(),
EVP_rc2_ecb(),
EVP_rc2_ofb()
@@ -62,7 +65,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
index 56175e99c44b..442a114ea9ce 100644
--- a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
@@ -4,6 +4,7 @@
EVP_rc5_32_12_16_cbc,
EVP_rc5_32_12_16_cfb,
+EVP_rc5_32_12_16_cfb64,
EVP_rc5_32_12_16_ecb,
EVP_rc5_32_12_16_ofb
- EVP RC5 cipher
@@ -14,6 +15,7 @@ EVP_rc5_32_12_16_ofb
const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
@@ -25,6 +27,7 @@ The RC5 encryption algorithm for EVP.
=item EVP_rc5_32_12_16_cbc(),
EVP_rc5_32_12_16_cfb(),
+EVP_rc5_32_12_16_cfb64(),
EVP_rc5_32_12_16_ecb(),
EVP_rc5_32_12_16_ofb()
@@ -53,7 +56,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_seed_cbc.pod b/crypto/openssl/doc/man3/EVP_seed_cbc.pod
index e9f1f695a915..0d2329510d5e 100644
--- a/crypto/openssl/doc/man3/EVP_seed_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_seed_cbc.pod
@@ -4,6 +4,7 @@
EVP_seed_cbc,
EVP_seed_cfb,
+EVP_seed_cfb128,
EVP_seed_ecb,
EVP_seed_ofb
- EVP SEED cipher
@@ -14,6 +15,7 @@ EVP_seed_ofb
const EVP_CIPHER *EVP_seed_cbc(void)
const EVP_CIPHER *EVP_seed_cfb(void)
+ const EVP_CIPHER *EVP_seed_cfb128(void)
const EVP_CIPHER *EVP_seed_ecb(void)
const EVP_CIPHER *EVP_seed_ofb(void)
@@ -27,6 +29,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128-bits.
=item EVP_seed_cbc(),
EVP_seed_cfb(),
+EVP_seed_cfb128(),
EVP_seed_ecb(),
EVP_seed_ofb()
@@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod
index 4e0240919836..ecd51f09d41f 100644
--- a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod
+++ b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod
@@ -5,6 +5,7 @@
EVP_sm4_cbc,
EVP_sm4_ecb,
EVP_sm4_cfb,
+EVP_sm4_cfb128,
EVP_sm4_ofb,
EVP_sm4_ctr
- EVP SM4 cipher
@@ -16,6 +17,7 @@ EVP_sm4_ctr
const EVP_CIPHER *EVP_sm4_cbc(void);
const EVP_CIPHER *EVP_sm4_ecb(void);
const EVP_CIPHER *EVP_sm4_cfb(void);
+ const EVP_CIPHER *EVP_sm4_cfb128(void);
const EVP_CIPHER *EVP_sm4_ofb(void);
const EVP_CIPHER *EVP_sm4_ctr(void);
@@ -30,6 +32,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128 bits.
=item EVP_sm4_cbc(),
EVP_sm4_ecb(),
EVP_sm4_cfb(),
+EVP_sm4_cfb128(),
EVP_sm4_ofb(),
EVP_sm4_ctr()
diff --git a/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod b/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod
index 6eca1134b161..55a55c706a51 100644
--- a/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod
+++ b/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod
@@ -2,13 +2,14 @@
=head1 NAME
-OPENSSL_VERSION_NUMBER, OpenSSL_version,
+OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version,
OpenSSL_version_num - get OpenSSL version number
=head1 SYNOPSIS
#include <openssl/opensslv.h>
#define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
#include <openssl/crypto.h>
@@ -45,6 +46,10 @@ Version 0.9.5a had an interim interpretation that is like the current one,
except the patch level got the highest bit set, to keep continuity. The
number was therefore 0x0090581f.
+OPENSSL_VERSION_TEXT is the text variant of the version number and the
+release date. For example,
+"OpenSSL 1.0.1a 15 Oct 2015".
+
OpenSSL_version_num() returns the version number.
OpenSSL_version() returns different strings depending on B<t>:
diff --git a/crypto/openssl/doc/man3/RSA_meth_new.pod b/crypto/openssl/doc/man3/RSA_meth_new.pod
index 69ba9dfc5ac3..f21095156c0f 100644
--- a/crypto/openssl/doc/man3/RSA_meth_new.pod
+++ b/crypto/openssl/doc/man3/RSA_meth_new.pod
@@ -64,10 +64,10 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen
unsigned char *to, RSA *rsa, int padding));
/* Can be null */
- int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *I,
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
- int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx));
/* Can be null */
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
index 618bd73e0420..d7ed89775b2e 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
@@ -2,14 +2,32 @@
=head1 NAME
-SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list,
-SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list,
-SSL_get0_peer_CA_list - get or set CA list
+SSL_CTX_set_client_CA_list,
+SSL_set_client_CA_list,
+SSL_get_client_CA_list,
+SSL_CTX_get_client_CA_list,
+SSL_CTX_add_client_CA,
+SSL_add_client_CA,
+SSL_set0_CA_list,
+SSL_CTX_set0_CA_list,
+SSL_get0_CA_list,
+SSL_CTX_get0_CA_list,
+SSL_add1_to_CA_list,
+SSL_CTX_add1_to_CA_list,
+SSL_get0_peer_CA_list
+- get or set CA list
=head1 SYNOPSIS
#include <openssl/ssl.h>
+ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
@@ -21,6 +39,70 @@ SSL_get0_peer_CA_list - get or set CA list
=head1 DESCRIPTION
+The functions described here set and manage the list of CA names that are sent
+between two communicating peers.
+
+For TLS versions 1.2 and earlier the list of CA names is only sent from the
+server to the client when requesting a client certificate. So any list of CA
+names set is never sent from client to server and the list of CA names retrieved
+by SSL_get0_peer_CA_list() is always B<NULL>.
+
+For TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
+extension and may be sent by a client (in the ClientHello message) or by
+a server (when requesting a certificate).
+
+In most cases it is not necessary to set CA names on the client side. The list
+of CA names that are acceptable to the client will be sent in plaintext to the
+server. This has privacy implications and may also have performance implications
+if the list is large. This optional capability was introduced as part of TLSv1.3
+and therefore setting CA names on the client side will have no impact if that
+protocol version has been disabled. Most servers do not need this and so this
+should be avoided unless required.
+
+The "client CA list" functions below only have an effect when called on the
+server side.
+
+SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for B<ctx>. Ownership of B<list> is transferred
+to B<ctx> and it should not be freed by the caller.
+
+SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for the chosen B<ssl>, overriding the
+setting valid for B<ssl>'s SSL_CTX object. Ownership of B<list> is transferred
+to B<s> and it should not be freed by the caller.
+
+SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
+B<ctx> using SSL_CTX_set_client_CA_list(). The returned list should not be freed
+by the caller.
+
+SSL_get_client_CA_list() returns the list of client CAs explicitly
+set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
+SSL_CTX_set_client_CA_list(), when in server mode. In client mode,
+SSL_get_client_CA_list returns the list of client CAs sent from the server, if
+any. The returned list should not be freed by the caller.
+
+SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+B<ctx>.
+
+SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
+
+SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer
+has sent. This can be called on either the server or the client side. The
+returned list should not be freed by the caller.
+
+The "generic CA list" functions below are very similar to the "client CA
+list" functions except that they have an effect on both the server and client
+sides. The lists of CA names managed are separate - so you cannot (for example)
+set CA names using the "client CA list" functions and then get them using the
+"generic CA list" functions. Where a mix of the two types of functions has been
+used on the server side then the "client CA list" functions take precedence.
+Typically, on the server side, the "client CA list " functions should be used in
+preference. As noted above in most cases it is not necessary to set CA names on
+the client side.
+
SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and
it should not be freed by the caller.
@@ -30,10 +112,11 @@ overriding any list set in the parent B<SSL_CTX> of B<s>. Ownership of
B<name_list> is transferred to B<s> and it should not be freed by the caller.
SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
-B<ctx>.
+B<ctx>. The returned list should not be freed by the caller.
-SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
-B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved.
+SSL_get0_CA_list() retrieves any previously set list of CAs set for
+B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved. The
+returned list should not be freed by the caller.
SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from B<x> to the
list of CAs sent to peer for B<ctx>.
@@ -42,47 +125,60 @@ SSL_add1_to_CA_list() appends the CA subject name extracted from B<x> to the
list of CAs sent to the peer for B<s>, overriding the setting in the parent
B<SSL_CTX>.
-SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer
-has sent.
-
=head1 NOTES
-These functions are generalised versions of the client authentication
-CA list functions such as L<SSL_CTX_set_client_CA_list(3)>.
+When a TLS/SSL server requests a client certificate (see
+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which it will accept
+certificates, to the client.
-For TLS versions before 1.3 the list of CA names is only sent from the server
-to client when requesting a client certificate. So any list of CA names set
-is never sent from client to server and the list of CA names retrieved by
-SSL_get0_peer_CA_list() is always B<NULL>.
+This list must explicitly be set using SSL_CTX_set_client_CA_list() or
+SSL_CTX_set0_CA_list() for B<ctx> and SSL_set_client_CA_list() or
+SSL_set0_CA_list() for the specific B<ssl>. The list specified
+overrides the previous setting. The CAs listed do not become trusted (B<list>
+only contains the names, not the complete certificates); use
+L<SSL_CTX_load_verify_locations(3)> to additionally load them for verification.
-For TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
-extension and will be sent by a client (in the ClientHello message) or by
-a server (when requesting a certificate).
+If the list of acceptable CAs is compiled in a file, the
+L<SSL_load_client_CA_file(3)> function can be used to help to import the
+necessary data.
+
+SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and
+SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no
+list was specified before using SSL_CTX_set_client_CA_list(),
+SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a
+new CA list for B<ctx> or B<ssl> (as appropriate) is opened.
=head1 RETURN VALUES
-SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.
+SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(),
+SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list()
+and SSL_set0_CA_list() do not return a value.
-SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names
-or B<NULL> is no CA names are set.
+SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list()
+and SSL_get0_CA_list() return a stack of CA names or B<NULL> is no CA names are
+set.
-SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0
-for failure.
+SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and
+SSL_add1_to_CA_list() return 1 for success and 0 for failure.
SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or
B<NULL> or an empty stack if no list was sent.
+=head1 EXAMPLES
+
+Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
=head1 SEE ALSO
L<ssl(7)>,
-L<SSL_CTX_set_client_CA_list(3)>,
-L<SSL_get_client_CA_list(3)>,
L<SSL_load_client_CA_file(3)>,
L<SSL_CTX_load_verify_locations(3)>
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
index a250f20c2206..7dca0e0161d9 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
@@ -32,6 +32,9 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
=head1 DESCRIPTION
+For all of the functions below that set the supported groups there must be at
+least one group in the list.
+
SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
groups in the array B<glist>. The array consist of all NIDs of groups in
preference order. For a TLS client the groups are used directly in the
@@ -99,7 +102,7 @@ functions were first added to OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod
deleted file mode 100644
index 76fd65e6fcaa..000000000000
--- a/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod
+++ /dev/null
@@ -1,103 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
-SSL_add_client_CA - set list of CAs sent to the client when requesting a
-client certificate
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
- void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
- int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
- int SSL_add_client_CA(SSL *ssl, X509 *cacert);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for B<ctx>.
-
-SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for the chosen B<ssl>, overriding the
-setting valid for B<ssl>'s SSL_CTX object.
-
-SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-B<ctx>.
-
-SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
-
-=head1 NOTES
-
-When a TLS/SSL server requests a client certificate (see
-B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
-it will accept certificates, to the client.
-
-This list must explicitly be set using SSL_CTX_set_client_CA_list() for
-B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
-specified overrides the previous setting. The CAs listed do not become
-trusted (B<list> only contains the names, not the complete certificates); use
-L<SSL_CTX_load_verify_locations(3)>
-to additionally load them for verification.
-
-If the list of acceptable CAs is compiled in a file, the
-L<SSL_load_client_CA_file(3)>
-function can be used to help importing the necessary data.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
-items the list of client CAs. If no list was specified before using
-SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
-CA list for B<ctx> or B<ssl> (as appropriate) is opened.
-
-These functions are only useful for TLS/SSL servers.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item Z<>0
-
-A failure while manipulating the STACK_OF(X509_NAME) object occurred or
-the X509_NAME could not be extracted from B<cacert>. Check the error stack
-to find out the reason.
-
-=item Z<>1
-
-The operation succeeded.
-
-=back
-
-=head1 EXAMPLES
-
-Scan all certificates in B<CAfile> and list them as acceptable CAs:
-
- SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-
-=head1 SEE ALSO
-
-L<ssl(7)>,
-L<SSL_get_client_CA_list(3)>,
-L<SSL_load_client_CA_file(3)>,
-L<SSL_CTX_load_verify_locations(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod
index 99922eb5bf8d..8ed9315df5c4 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod
@@ -33,7 +33,7 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
=head1 NOTES
Normally when a SSL connection is finished, the parties must send out
-"close notify" alert messages using L<SSL_shutdown(3)>
+close_notify alert messages using L<SSL_shutdown(3)>
for a clean shutdown.
When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)>
@@ -41,7 +41,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
(L<SSL_shutdown(3)> then behaves like
L<SSL_set_shutdown(3)> called with
SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
-The session is thus considered to be shutdown, but no "close notify" alert
+The session is thus considered to be shutdown, but no close_notify alert
is sent to the peer. This behaviour violates the TLS standard.
The default is normal shutdown behaviour as described by the TLS standard.
@@ -62,7 +62,7 @@ L<SSL_clear(3)>, L<SSL_free(3)>
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod b/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod
deleted file mode 100644
index 40c3561efcee..000000000000
--- a/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
- STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
-B<ctx> using L<SSL_CTX_set_client_CA_list(3)>.
-
-SSL_get_client_CA_list() returns the list of client CAs explicitly
-set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
-L<SSL_CTX_set_client_CA_list(3)>, when in
-server mode. In client mode, SSL_get_client_CA_list returns the list of
-client CAs sent from the server, if any.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item STACK_OF(X509_NAMES)
-
-List of CA names explicitly set (for B<ctx> or in server mode) or send
-by the server (client mode).
-
-=item NULL
-
-No client CA list was explicitly set (for B<ctx> or in server mode) or
-the server did not send a list of CAs (client mode).
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(7)>,
-L<SSL_CTX_set_client_CA_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/crypto/openssl/doc/man3/SSL_get_error.pod b/crypto/openssl/doc/man3/SSL_get_error.pod
index 01446a24a1e1..b3ab50568731 100644
--- a/crypto/openssl/doc/man3/SSL_get_error.pod
+++ b/crypto/openssl/doc/man3/SSL_get_error.pod
@@ -39,7 +39,7 @@ if and only if B<ret E<gt> 0>.
=item SSL_ERROR_ZERO_RETURN
The TLS/SSL peer has closed the connection for writing by sending the
-"close notify" alert.
+close_notify alert.
No more data can be read.
Note that B<SSL_ERROR_ZERO_RETURN> does not necessarily
indicate that the underlying transport has been closed.
diff --git a/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod b/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod
index ce6ab61f5e11..dbca8cffb920 100644
--- a/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod
+++ b/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod
@@ -2,8 +2,9 @@
=head1 NAME
-SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS
-message signing types
+SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid,
+SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing
+types
=head1 SYNOPSIS
@@ -11,6 +12,8 @@ message signing types
int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
=head1 DESCRIPTION
@@ -24,12 +27,15 @@ where it is B<EVP_PKEY_RSA_PSS>. To differentiate between
B<rsa_pss_rsae_*> and B<rsa_pss_pss_*> signatures, it's necessary to check
the type of public key in the peer's certificate.
+SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent
+information for the local end of the connection.
+
=head1 RETURN VALUES
These functions return 1 for success and 0 for failure. There are several
possible reasons for failure: the cipher suite has no signature (e.g. it
uses RSA key exchange or is anonymous), the TLS version is below 1.2 or
-the functions were called before the peer signed a message.
+the functions were called too early, e.g. before the peer signed a message.
=head1 SEE ALSO
diff --git a/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod b/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod
new file mode 100644
index 000000000000..a722a813bff8
--- /dev/null
+++ b/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information
+about temporary keys used during a handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_tmp_key() returns the temporary key provided by the peer and
+used during key exchange. For example, if ECDHE is in use, then this represents
+the peer's public ECDHE key. On success a pointer to the key is stored in
+B<*key>. It is the caller's responsibility to free this key after use using
+L<EVP_PKEY_free(3)>.
+
+SSL_get_server_tmp_key() is a backwards compatibility alias for
+SSL_get_peer_tmp_key().
+Under that name it worked just on the client side of the connection, its
+behaviour on the server end is release-dependent.
+
+SSL_get_tmp_key() returns the equivalent information for the local
+end of the connection.
+
+=head1 RETURN VALUES
+
+All these functions return 1 on success and 0 otherwise.
+
+=head1 NOTES
+
+This function is implemented as a macro.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<EVP_PKEY_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod b/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod
deleted file mode 100644
index fda891b7a837..000000000000
--- a/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_server_tmp_key - get information about the server's temporary key used
-during a handshake
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
-
-=head1 DESCRIPTION
-
-SSL_get_server_tmp_key() returns the temporary key provided by the server and
-used during key exchange. For example, if ECDHE is in use, then this represents
-the server's public ECDHE key. On success a pointer to the key is stored in
-B<*key>. It is the caller's responsibility to free this key after use using
-L<EVP_PKEY_free(3)>. This function may only be called by the client.
-
-=head1 RETURN VALUES
-
-SSL_get_server_tmp_key() returns 1 on success or 0 otherwise.
-
-=head1 NOTES
-
-This function is implemented as a macro.
-
-=head1 SEE ALSO
-
-L<ssl(7)>, L<EVP_PKEY_free(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/crypto/openssl/doc/man3/SSL_set_bio.pod b/crypto/openssl/doc/man3/SSL_set_bio.pod
index 01617521bf52..1fa0d3492600 100644
--- a/crypto/openssl/doc/man3/SSL_set_bio.pod
+++ b/crypto/openssl/doc/man3/SSL_set_bio.pod
@@ -90,7 +90,7 @@ use SSL_set0_rbio() and SSL_set0_wbio() instead.
=head1 RETURN VALUES
-SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail.
+SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.
=head1 SEE ALSO
@@ -104,7 +104,7 @@ SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_set_shutdown.pod b/crypto/openssl/doc/man3/SSL_set_shutdown.pod
index 04bcc47814e3..b1cf58920be4 100644
--- a/crypto/openssl/doc/man3/SSL_set_shutdown.pod
+++ b/crypto/openssl/doc/man3/SSL_set_shutdown.pod
@@ -30,12 +30,12 @@ No shutdown setting, yet.
=item SSL_SENT_SHUTDOWN
-A "close notify" shutdown alert was sent to the peer, the connection is being
+A close_notify shutdown alert was sent to the peer, the connection is being
considered closed and the session is closed and correct.
=item SSL_RECEIVED_SHUTDOWN
-A shutdown alert was received form the peer, either a normal "close notify"
+A shutdown alert was received form the peer, either a normal close_notify
or a fatal error.
=back
@@ -47,13 +47,13 @@ the ssl session. If the session is still open, when
L<SSL_clear(3)> or L<SSL_free(3)> is called,
it is considered bad and removed according to RFC2246.
The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
-(according to the TLS RFC, it is acceptable to only send the "close notify"
+(according to the TLS RFC, it is acceptable to only send the close_notify
alert but to not wait for the peer's answer, when the underlying connection
is closed).
SSL_set_shutdown() can be used to set this state without sending a
close alert to the peer (see L<SSL_shutdown(3)>).
-If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
+If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set,
for setting SSL_SENT_SHUTDOWN the application must however still call
L<SSL_shutdown(3)> or SSL_set_shutdown() itself.
@@ -71,7 +71,7 @@ L<SSL_clear(3)>, L<SSL_free(3)>
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_shutdown.pod b/crypto/openssl/doc/man3/SSL_shutdown.pod
index 453853d672fc..0a3d6d370d8b 100644
--- a/crypto/openssl/doc/man3/SSL_shutdown.pod
+++ b/crypto/openssl/doc/man3/SSL_shutdown.pod
@@ -13,27 +13,36 @@ SSL_shutdown - shut down a TLS/SSL connection
=head1 DESCRIPTION
SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
-"close notify" shutdown alert to the peer.
+close_notify shutdown alert to the peer.
=head1 NOTES
-SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
+SSL_shutdown() tries to send the close_notify shutdown alert to the peer.
Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
-The shutdown procedure consists of 2 steps: the sending of the "close notify"
-shutdown alert and the reception of the peer's "close notify" shutdown
-alert. According to the TLS standard, it is acceptable for an application
-to only send its shutdown alert and then close the underlying connection
-without waiting for the peer's response (this way resources can be saved,
-as the process can already terminate or serve another connection).
-When the underlying connection shall be used for more communications, the
-complete shutdown procedure (bidirectional "close notify" alerts) must be
-performed, so that the peers stay synchronized.
+The shutdown procedure consists of two steps: sending of the close_notify
+shutdown alert, and reception of the peer's close_notify shutdown alert.
+The order of those two steps depends on the application.
+
+It is acceptable for an application to only send its shutdown alert and
+then close the underlying connection without waiting for the peer's response.
+This way resources can be saved, as the process can already terminate or
+serve another connection.
+This should only be done when it is known that the other side will not send more
+data, otherwise there is a risk of a truncation attack.
-SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
-behaviour.
+When a client only writes and never reads from the connection, and the server
+has sent a session ticket to establish a session, the client might not be able
+to resume the session because it did not received and process the session ticket
+from the server.
+In case the application wants to be able to resume the session, it is recommended to
+do a complete shutdown procedure (bidirectional close_notify alerts).
+
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure must be performed, so that the peers stay
+synchronized.
SSL_shutdown() only closes the write direction.
It is not possible to call SSL_write() after calling SSL_shutdown().
@@ -41,45 +50,43 @@ The read direction is closed by the peer.
=head2 First to close the connection
-When the application is the first party to send the "close notify"
+When the application is the first party to send the close_notify
alert, SSL_shutdown() will only send the alert and then set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in the cache).
-SSL_shutdown() will then return with 0.
+If successful, SSL_shutdown() will return 0.
+
If a unidirectional shutdown is enough (the underlying connection shall be
-closed anyway), this first call to SSL_shutdown() is sufficient.
+closed anyway), this first successful call to SSL_shutdown() is sufficient.
In order to complete the bidirectional shutdown handshake, the peer needs
-to send back a "close notify" alert.
+to send back a close_notify alert.
The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing
it.
-SSL_shutdown() will return 1 when it has been received.
-The peer is still allowed to send data after receiving the "close notify"
+The peer is still allowed to send data after receiving the close_notify
event.
-If the peer did send data it needs to be processed by calling SSL_read()
-before calling SSL_shutdown() a second time.
+When it is done sending data, it will send the close_notify alert.
+SSL_read() should be called until all data is received.
SSL_read() will indicate the end of the peer data by returning <= 0
and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.
-It is recommended to call SSL_read() between SSL_shutdown() calls.
=head2 Peer closes the connection
-If the peer already sent the "close notify" alert B<and> it was
+If the peer already sent the close_notify alert B<and> it was
already processed implicitly inside another function
(L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
SSL_read() will return <= 0 in that case, and SSL_get_error() will return
SSL_ERROR_ZERO_RETURN.
-SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
-flag and will immediately return with 1.
+SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN
+flag.
+If successful, SSL_shutdown() will return 1.
+
Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call.
=head1 NOTES
-It is recommended to do a bidirectional shutdown by checking the return value
-of SSL_shutdown() and call it again until it returns 1 or a fatal error.
-
The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
handshake step has been finished or an error occurred.
@@ -95,8 +102,13 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
+After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again
+to wait for the peer's close_notify alert.
+SSL_shutdown() will return 1 in that case.
+However, it is recommended to wait for it using SSL_read() instead.
+
SSL_shutdown() can be modified to only set the connection to "shutdown"
-state but not actually send the "close notify" alert messages,
+state but not actually send the close_notify alert messages,
see L<SSL_CTX_set_quiet_shutdown(3)>.
When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
and return 1.
@@ -109,16 +121,16 @@ The following return values can occur:
=item Z<>0
-The shutdown is not yet finished: the "close notify" was send but the peer
+The shutdown is not yet finished: the close_notify was sent but the peer
did not send it back yet.
-Call SSL_shutdown() again to do a bidirectional shutdown.
+Call SSL_read() to do a bidirectional shutdown.
The output of L<SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
=item Z<>1
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
+The shutdown was successfully completed. The close_notify alert was sent
+and the peer's close_notify alert was received.
=item E<lt>0
diff --git a/crypto/openssl/doc/man7/RAND_DRBG.pod b/crypto/openssl/doc/man7/RAND_DRBG.pod
index b89c30d43edd..ba457f050483 100644
--- a/crypto/openssl/doc/man7/RAND_DRBG.pod
+++ b/crypto/openssl/doc/man7/RAND_DRBG.pod
@@ -189,7 +189,7 @@ In addition to automatic reseeding, the caller can request an immediate
reseeding of the DRBG with fresh entropy by setting the
I<prediction resistance> parameter to 1 when calling L<RAND_DRBG_generate(3)>.
-The dcoument [NIST SP 800-90C] describes prediction resistance requests
+The document [NIST SP 800-90C] describes prediction resistance requests
in detail and imposes strict conditions on the entropy sources that are
approved for providing prediction resistance.
Since the default DRBG implementation does not have access to such an approved
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index 5769029b7281..534059382b0a 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -245,7 +245,7 @@ extern FILE *_imp___iob;
Finally, we add the VMS C facility code 0x35a000, because there are some
programs, such as Perl, that will reinterpret the code back to something
- POSIXly. 'man perlvms' explains it further.
+ POSIX. 'man perlvms' explains it further.
NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
codes (status type = 1). I couldn't disagree more. Fortunately, the
@@ -317,8 +317,15 @@ struct servent *getservbyname(const char *name, const char *proto);
# endif
/* end vxworks */
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-# define CRYPTO_memcmp memcmp
-#endif
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
+# endif
+/* unistd.h defines _POSIX_VERSION */
+# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+ && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+ || defined(__sun) || defined(__hpux) || defined(__sgi) \
+ || defined(__osf__) )
+# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */
+# endif
#endif
diff --git a/crypto/openssl/include/internal/cryptlib.h b/crypto/openssl/include/internal/cryptlib.h
index a608735187f8..329ef62014f6 100644
--- a/crypto/openssl/include/internal/cryptlib.h
+++ b/crypto/openssl/include/internal/cryptlib.h
@@ -81,6 +81,8 @@ void OPENSSL_showfatal(const char *fmta, ...);
void crypto_cleanup_all_ex_data_int(void);
int openssl_init_fork_handlers(void);
+char *ossl_safe_getenv(const char *name);
+
extern CRYPTO_RWLOCK *memdbg_lock;
int openssl_strerror_r(int errnum, char *buf, size_t buflen);
# if !defined(OPENSSL_NO_STDIO)
diff --git a/crypto/openssl/include/internal/tsan_assist.h b/crypto/openssl/include/internal/tsan_assist.h
index 2c7638344a00..f30ffe398ac7 100644
--- a/crypto/openssl/include/internal/tsan_assist.h
+++ b/crypto/openssl/include/internal/tsan_assist.h
@@ -57,6 +57,7 @@
# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
# endif
@@ -69,6 +70,7 @@
# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
# endif
@@ -113,8 +115,11 @@
# pragma intrinsic(_InterlockedExchangeAdd64)
# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
: _InterlockedExchangeAdd((ptr), 1))
+# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
+ : _InterlockedExchangeAdd((ptr), -1))
# else
# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
# endif
# if !defined(_ISO_VOLATILE)
# define tsan_ld_acq(ptr) (*(ptr))
@@ -129,6 +134,7 @@
# define tsan_load(ptr) (*(ptr))
# define tsan_store(ptr, val) (*(ptr) = (val))
# define tsan_counter(ptr) ((*(ptr))++)
+# define tsan_decr(ptr) ((*(ptr))--)
/*
* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
* sophisticated enough to support them. Code that relies on them should be
diff --git a/crypto/openssl/include/openssl/cryptoerr.h b/crypto/openssl/include/openssl/cryptoerr.h
index e127ff602c4b..10723d0454b3 100644
--- a/crypto/openssl/include/openssl/cryptoerr.h
+++ b/crypto/openssl/include/openssl/cryptoerr.h
@@ -14,6 +14,9 @@
# ifdef __cplusplus
extern "C"
# endif
+
+# include <openssl/symhacks.h>
+
int ERR_load_CRYPTO_strings(void);
/*
diff --git a/crypto/openssl/include/openssl/ec.h b/crypto/openssl/include/openssl/ec.h
index 4d70da70a614..347cfb6d097b 100644
--- a/crypto/openssl/include/openssl/ec.h
+++ b/crypto/openssl/include/openssl/ec.h
@@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
EC_KEY *EC_KEY_new_method(ENGINE *engine);
+/** The old name for ecdh_KDF_X9_63
+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ * it is actually specified in ANSI X9.63.
+ * This identifier is retained for backwards compatibility
+ */
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
@@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13)
/* KDF types */
# define EVP_PKEY_ECDH_KDF_NONE 1
-# define EVP_PKEY_ECDH_KDF_X9_62 2
+# define EVP_PKEY_ECDH_KDF_X9_63 2
+/** The old name for EVP_PKEY_ECDH_KDF_X9_63
+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ * it is actually specified in ANSI X9.63.
+ * This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
# ifdef __cplusplus
diff --git a/crypto/openssl/include/openssl/ocsp.h b/crypto/openssl/include/openssl/ocsp.h
index 937b32271b21..0a17166b5bf6 100644
--- a/crypto/openssl/include/openssl/ocsp.h
+++ b/crypto/openssl/include/openssl/ocsp.h
@@ -93,7 +93,6 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
# define V_OCSP_RESPID_KEY 1
DEFINE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
@@ -162,8 +161,6 @@ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
const ASN1_ITEM *it);
BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
- ASN1_VALUE *val);
int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h
index 363359d9ef46..e8790316eabd 100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010100fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-freebsd 11 Sep 2018"
+# define OPENSSL_VERSION_NUMBER 0x1010101fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a-freebsd 20 Nov 2018"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/crypto/openssl/include/openssl/rand_drbg.h b/crypto/openssl/include/openssl/rand_drbg.h
index 282356e16176..45b731b73c26 100644
--- a/crypto/openssl/include/openssl/rand_drbg.h
+++ b/crypto/openssl/include/openssl/rand_drbg.h
@@ -12,23 +12,31 @@
# include <time.h>
# include <openssl/ossl_typ.h>
+# include <openssl/obj_mac.h>
+/*
+ * RAND_DRBG flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ * in drbg_lib.c needs to be updated accordingly.
+ */
/* In CTR mode, disable derivation function ctr_df */
# define RAND_DRBG_FLAG_CTR_NO_DF 0x1
-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS ( \
- RAND_DRBG_FLAG_CTR_NO_DF \
- )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
/*
* Default security strength (in the sense of [NIST SP 800-90Ar1])
*
* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
- * of the cipher by collecting less entropy. The current DRBG implemantion does
- * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
- * to that of the cipher.
+ * of the cipher by collecting less entropy. The current DRBG implementation
+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
+ * DRBG to that of the cipher.
*
* RAND_DRBG_STRENGTH is currently only used for the legacy RAND
* implementation.
@@ -37,7 +45,9 @@
* NID_aes_256_ctr
*/
# define RAND_DRBG_STRENGTH 256
+/* Default drbg type */
# define RAND_DRBG_TYPE NID_aes_256_ctr
+/* Default drbg flags */
# define RAND_DRBG_FLAGS 0
diff --git a/crypto/openssl/include/openssl/randerr.h b/crypto/openssl/include/openssl/randerr.h
index 128f4dea751c..599a2a18d41f 100644
--- a/crypto/openssl/include/openssl/randerr.h
+++ b/crypto/openssl/include/openssl/randerr.h
@@ -40,6 +40,7 @@ int ERR_load_RAND_strings(void);
# define RAND_F_RAND_POOL_ADD 103
# define RAND_F_RAND_POOL_ADD_BEGIN 113
# define RAND_F_RAND_POOL_ADD_END 114
+# define RAND_F_RAND_POOL_ATTACH 124
# define RAND_F_RAND_POOL_BYTES_NEEDED 115
# define RAND_F_RAND_POOL_NEW 116
# define RAND_F_RAND_WRITE_FILE 112
diff --git a/crypto/openssl/include/openssl/rsa.h b/crypto/openssl/include/openssl/rsa.h
index a611b6a0be92..cdce1264eb5c 100644
--- a/crypto/openssl/include/openssl/rsa.h
+++ b/crypto/openssl/include/openssl/rsa.h
@@ -160,7 +160,7 @@ extern "C" {
# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
- EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD, \
+ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
0, (void *)(md))
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
@@ -456,9 +456,9 @@ int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx));
int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h
index 0a18a43544cb..d6b1b4e6a670 100644
--- a/crypto/openssl/include/openssl/ssl.h
+++ b/crypto/openssl/include/openssl/ssl.h
@@ -1271,7 +1271,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_VERIFY_CERT_STORE 106
# define SSL_CTRL_SET_CHAIN_CERT_STORE 107
# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
-# define SSL_CTRL_GET_SERVER_TMP_KEY 109
+# define SSL_CTRL_GET_PEER_TMP_KEY 109
# define SSL_CTRL_GET_RAW_CIPHERLIST 110
# define SSL_CTRL_GET_EC_POINT_FORMATS 111
# define SSL_CTRL_GET_CHAIN_CERTS 115
@@ -1290,6 +1290,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
# define SSL_CTRL_GET_MIN_PROTO_VERSION 130
# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
+# define SSL_CTRL_GET_SIGNATURE_NID 132
+# define SSL_CTRL_GET_TMP_KEY 133
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@@ -1410,10 +1412,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
(char *)(clist))
# define SSL_set1_client_certificate_types(s, clist, clistlen) \
SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_signature_nid(s, pn) \
+ SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)
# define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
-# define SSL_get_server_tmp_key(s, pk) \
- SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+# define SSL_get_peer_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)
+# define SSL_get_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)
# define SSL_get0_raw_cipherlist(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
@@ -1435,6 +1441,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_get_max_proto_version(s) \
SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+/* Backwards compatibility, original 1.1.0 names */
+# define SSL_CTRL_GET_SERVER_TMP_KEY \
+ SSL_CTRL_GET_PEER_TMP_KEY
+# define SSL_get_server_tmp_key(s, pk) \
+ SSL_get_peer_tmp_key(s, pk)
+
/*
* The following symbol names are old and obsolete. They are kept
* for compatibility reasons only and should not be used anymore.
diff --git a/crypto/openssl/include/openssl/symhacks.h b/crypto/openssl/include/openssl/symhacks.h
index caf1f1a75d02..156ea6e4ee95 100644
--- a/crypto/openssl/include/openssl/symhacks.h
+++ b/crypto/openssl/include/openssl/symhacks.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,21 +28,6 @@
# undef i2d_ECPKPARAMETERS
# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS
-/*
- * These functions do not seem to exist! However, I'm paranoid... Original
- * command in x509v3.h: These functions are being redefined in another
- * directory, and clash when the linker is case-insensitive, so let's hide
- * them a little, by giving them an extra 'o' at the beginning of the name...
- */
-# undef X509v3_cleanup_extensions
-# define X509v3_cleanup_extensions oX509v3_cleanup_extensions
-# undef X509v3_add_extension
-# define X509v3_add_extension oX509v3_add_extension
-# undef X509v3_add_netscape_extensions
-# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
-# undef X509v3_add_standard_extensions
-# define X509v3_add_standard_extensions oX509v3_add_standard_extensions
-
/* This one clashes with CMS_data_create */
# undef cms_Data_create
# define cms_Data_create priv_cms_Data_create
diff --git a/crypto/openssl/include/openssl/tls1.h b/crypto/openssl/include/openssl/tls1.h
index 2e46cf80d342..e13b5dd4bc65 100644
--- a/crypto/openssl/include/openssl/tls1.h
+++ b/crypto/openssl/include/openssl/tls1.h
@@ -241,6 +241,7 @@ __owur int SSL_export_keying_material_early(SSL *s, unsigned char *out,
size_t contextlen);
int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+int SSL_get_signature_type_nid(const SSL *s, int *pnid);
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c
index f80851251fe2..fcda32754735 100644
--- a/crypto/openssl/ssl/d1_lib.c
+++ b/crypto/openssl/ssl/d1_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t)
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
- int next, n, ret = 0, clearpkt = 0;
+ int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
- unsigned char *buf;
- size_t fragoff, fraglen, msglen;
+ unsigned char *buf, *wbuf;
+ size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
- BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
@@ -477,13 +476,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
/*
- * We only peek at incoming ClientHello's until we're sure we are going to
- * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
- * cookie then we leave it in the BIO for accept to handle.
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
- /*
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
@@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
- if (s->init_buf == NULL) {
- if ((bufm = BUF_MEM_new()) == NULL) {
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-
- if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
- BUF_MEM_free(bufm);
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- s->init_buf = bufm;
+ if (!ssl3_setup_buffers(s)) {
+ /* SSLerr already called */
+ return -1;
}
- buf = (unsigned char *)s->init_buf->data;
+ buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+ wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+ /*
+ * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+ * consistency with ssl3_read_n. In practice it should make no difference
+ * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+ * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+ */
+ align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+ buf += align;
do {
/* Get a packet */
clear_sys_error();
- /*
- * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
- * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
- * the record header as well, but we do here. We've set up init_buf to
- * be the standard size for simplicity. In practice we shouldn't ever
- * receive a ClientHello as long as this. If we do it will get dropped
- * in the record length check below.
- */
- n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
-
+ n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+ + DTLS1_RT_HEADER_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
/* Non-blocking IO */
@@ -532,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
- /* If we hit any problems we need to clear this packet from the BIO */
- clearpkt = 1;
-
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
return -1;
@@ -587,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
+ reclen = PACKET_remaining(&msgpkt);
/*
* We allow data remaining at the end of the packet because there could
* be a second record (but we ignore it)
@@ -706,14 +693,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* to resend, we just drop it.
*/
- /*
- * Dump the read packet, we don't need it any more. Ignore return
- * value
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
@@ -732,7 +711,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
: s->version;
/* Construct the record and message headers */
- if (!WPACKET_init(&wpkt, s->init_buf)
+ if (!WPACKET_init_static_len(&wpkt,
+ wbuf,
+ ssl_get_max_send_fragment(s)
+ + DTLS1_RT_HEADER_LENGTH,
+ 0)
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|| !WPACKET_put_bytes_u16(&wpkt, version)
/*
@@ -790,8 +773,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* plus one byte for the message content type. The source is the
* last 3 bytes of the message header
*/
- memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
- &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+ memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+ &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
if (s->msg_callback)
@@ -815,7 +798,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
tmpclient = NULL;
/* TODO(size_t): convert this call */
- if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
+ if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
@@ -865,15 +848,13 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
+ /* Buffer the record in the processed_rcds queue */
+ if (!dtls_buffer_listen_record(s, reclen, seq, align))
+ return -1;
+
ret = 1;
- clearpkt = 0;
end:
BIO_ADDR_free(tmpclient);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- if (clearpkt) {
- /* Dump this packet. Ignore return value */
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- }
return ret;
}
#endif
diff --git a/crypto/openssl/ssl/record/rec_layer_d1.c b/crypto/openssl/ssl/record/rec_layer_d1.c
index 43e1f9895319..1f9b31969d82 100644
--- a/crypto/openssl/ssl/record/rec_layer_d1.c
+++ b/crypto/openssl/ssl/record/rec_layer_d1.c
@@ -185,14 +185,11 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
return -1;
}
- /* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
- ERR_R_INTERNAL_ERROR);
+ /* Must be a duplicate so ignore it */
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return -1;
}
return 1;
diff --git a/crypto/openssl/ssl/record/record.h b/crypto/openssl/ssl/record/record.h
index 32db8212aa14..af56206e07c9 100644
--- a/crypto/openssl/ssl/record/record.h
+++ b/crypto/openssl/ssl/record/record.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -188,6 +188,8 @@ typedef struct record_layer_st {
((rl)->d->processed_rcds)
#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
@@ -230,3 +232,5 @@ __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written);
void dtls1_reset_seq_numbers(SSL *s, int rw);
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
+ size_t off);
diff --git a/crypto/openssl/ssl/record/record_locl.h b/crypto/openssl/ssl/record/record_locl.h
index 07fd7ab640ba..5e8dd7f70442 100644
--- a/crypto/openssl/ssl/record/record_locl.h
+++ b/crypto/openssl/ssl/record/record_locl.h
@@ -18,8 +18,6 @@
/* Functions/macros provided by the RECORD_LAYER component */
-#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
-#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec)
#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p))
#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0)
diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c
index a616bf040932..e59ac5a67676 100644
--- a/crypto/openssl/ssl/record/ssl3_record.c
+++ b/crypto/openssl/ssl/record/ssl3_record.c
@@ -2030,3 +2030,28 @@ int dtls1_get_record(SSL *s)
return 1;
}
+
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off)
+{
+ SSL3_RECORD *rr;
+
+ rr = RECORD_LAYER_get_rrec(&s->rlayer);
+ memset(rr, 0, sizeof(SSL3_RECORD));
+
+ rr->length = len;
+ rr->type = SSL3_RT_HANDSHAKE;
+ memcpy(rr->seq_num, seq, sizeof(rr->seq_num));
+ rr->off = off;
+
+ s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+ s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len;
+ rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH;
+
+ if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+ SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+}
diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c
index 7d9c3776973d..8377d7fe13dc 100644
--- a/crypto/openssl/ssl/s3_cbc.c
+++ b/crypto/openssl/ssl/s3_cbc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -256,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
* of hash termination (0x80 + 64-bit length) don't fit in the final
* block, we say that the final two blocks can vary based on the padding.
* TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
- * required to be minimal. Therefore we say that the final six blocks can
+ * required to be minimal. Therefore we say that the final |variance_blocks|
+ * blocks can
* vary based on the padding. Later in the function, if the message is
* short and there obviously cannot be this many blocks then
* variance_blocks can be reduced.
*/
- variance_blocks = is_sslv3 ? 2 : 6;
+ variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 5f403817b4d5..fca84ef99acf 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -442,15 +442,16 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- return 0;
+ ret = 0;
+ goto err;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- EVP_MD_CTX_reset(ctx);
- return 0;
+ ret = 0;
+ goto err;
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
@@ -463,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
ret = 0;
}
+ err:
EVP_MD_CTX_free(ctx);
return ret;
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 7713f767b2d3..866ca4dfa9b0 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
return 1;
- case SSL_CTRL_GET_SERVER_TMP_KEY:
+ case SSL_CTRL_GET_SIGNATURE_NID:
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *(int *)parg = s->s3->tmp.sigalg->hash;
+ return 1;
+
+ case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
+ if (s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->peer_tmp);
@@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#else
return 0;
#endif
+
+ case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+ if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+ return 0;
+ } else {
+ EVP_PKEY_up_ref(s->s3->tmp.pkey);
+ *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+ return 1;
+ }
+#else
+ return 0;
+#endif
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 52a4a7eaadd2..33145078963d 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -501,17 +501,17 @@ const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
{
- SSL_CTX_set0_CA_list(ctx, name_list);
+ set0_CA_list(&ctx->client_ca_names, name_list);
}
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
{
- return ctx->ca_names;
+ return ctx->client_ca_names;
}
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
- SSL_set0_CA_list(s, name_list);
+ set0_CA_list(&s->client_ca_names, name_list);
}
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
@@ -523,7 +523,8 @@ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{
if (!s->server)
return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;
- return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
+ return s->client_ca_names != NULL ? s->client_ca_names
+ : s->ctx->client_ca_names;
}
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
@@ -561,12 +562,12 @@ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
- return add_ca_name(&ssl->ca_names, x);
+ return add_ca_name(&ssl->client_ca_names, x);
}
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
- return add_ca_name(&ctx->ca_names, x);
+ return add_ca_name(&ctx->client_ca_names, x);
}
static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
@@ -951,8 +952,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
- if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+ if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
return 0;
break;
}
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
index b60cc79a2f53..14066d0ea451 100644
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
return 1;
}
-int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
{
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index d75158e30c4f..61a0ea2cc974 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -654,6 +654,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth;
+ if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+ }
sk = ssl_create_cipher_list(ctx->method,
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
@@ -1192,6 +1196,7 @@ void SSL_free(SSL *s)
EVP_MD_CTX_free(s->pha_dgst);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
sk_X509_pop_free(s->verified_chain, X509_free);
@@ -2951,6 +2956,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
+ if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
goto err;
@@ -3108,6 +3116,7 @@ void SSL_CTX_free(SSL_CTX *a)
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
@@ -3653,10 +3662,38 @@ const char *SSL_get_version(const SSL *s)
return ssl_protocol_to_string(s->version);
}
-SSL *SSL_dup(SSL *s)
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;
+ int i;
+
+ if (src == NULL) {
+ *dst = NULL;
+ return 1;
+ }
+
+ if ((sk = sk_X509_NAME_new_null()) == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_NAME_num(src); i++) {
+ xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+ if (xn == NULL) {
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+ X509_NAME_free(xn);
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ }
+ *dst = sk;
+
+ return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
SSL *ret;
int i;
@@ -3761,18 +3798,10 @@ SSL *SSL_dup(SSL *s)
goto err;
/* Dup the client_CA list */
- if (s->ca_names != NULL) {
- if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
- goto err;
- ret->ca_names = sk;
- for (i = 0; i < sk_X509_NAME_num(sk); i++) {
- xn = sk_X509_NAME_value(sk, i);
- if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
+ if (!dup_ca_names(&ret->ca_names, s->ca_names)
+ || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+ goto err;
+
return ret;
err:
@@ -5102,7 +5131,8 @@ static int nss_keylog_int(const char *prefix,
size_t i;
size_t prefix_len;
- if (ssl->ctx->keylog_callback == NULL) return 1;
+ if (ssl->ctx->keylog_callback == NULL)
+ return 1;
/*
* Our output buffer will contain the following strings, rendered with
@@ -5113,7 +5143,7 @@ static int nss_keylog_int(const char *prefix,
* hexadecimal, so we need a buffer that is twice their lengths.
*/
prefix_len = strlen(prefix);
- out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+ out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
ERR_R_MALLOC_FAILURE);
@@ -5137,7 +5167,7 @@ static int nss_keylog_int(const char *prefix,
*cursor = '\0';
ssl->ctx->keylog_callback(ssl, (const char *)out);
- OPENSSL_free(out);
+ OPENSSL_clear_free(out, out_len);
return 1;
}
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
index e8819e7a2838..70e5a1740f9c 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -471,7 +471,11 @@ struct ssl_method_st {
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
-# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
/*-
* Lets make this into an ASN.1 type structure as follows
@@ -850,9 +854,11 @@ struct ssl_ctx_st {
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
- * earlier versions.
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
@@ -1229,8 +1235,14 @@ struct ssl_st {
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
- /* for server side, keep the list of CA_dn we can use */
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
+ */
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
@@ -2251,7 +2263,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -2561,6 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+# ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+# endif
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c
index 8422161dc103..63e61c6184ac 100644
--- a/crypto/openssl/ssl/statem/extensions.c
+++ b/crypto/openssl/ssl/statem/extensions.c
@@ -962,7 +962,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
*/
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
tsan_counter(&s->ctx->stats.sess_accept);
- tsan_counter(&s->session_ctx->stats.sess_accept);
+ tsan_decr(&s->session_ctx->stats.sess_accept);
}
/*
@@ -1198,7 +1198,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
X509 *x,
size_t chainidx)
{
- const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+ const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)
return EXT_RETURN_NOT_SENT;
@@ -1211,7 +1211,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
- if (!construct_ca_names(s, pkt)) {
+ if (!construct_ca_names(s, ca_sk, pkt)) {
/* SSLfatal() already called */
return EXT_RETURN_FAIL;
}
@@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
*/
if (s->hello_retry_request == SSL_HRR_PENDING) {
size_t hdatalen;
+ long hdatalen_l;
void *hdata;
- hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
- if (hdatalen <= 0) {
+ hdatalen = hdatalen_l =
+ BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+ if (hdatalen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c
index 4b5e6fe2b87f..ab4dbf67131e 100644
--- a/crypto/openssl/ssl/statem/extensions_clnt.c
+++ b/crypto/openssl/ssl/statem/extensions_clnt.c
@@ -115,7 +115,7 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_EC
static int use_ecc(SSL *s)
{
- int i, end;
+ int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
@@ -123,7 +123,7 @@ static int use_ecc(SSL *s)
if (s->version == SSL3_VERSION)
return 0;
- cipher_stack = SSL_get_ciphers(s);
+ cipher_stack = SSL_get1_supported_ciphers(s);
end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
@@ -132,11 +132,14 @@ static int use_ecc(SSL *s)
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA)
- || c->min_tls >= TLS1_3_VERSION)
- return 1;
+ || c->min_tls >= TLS1_3_VERSION) {
+ ret = 1;
+ break;
+ }
}
- return 0;
+ sk_SSL_CIPHER_free(cipher_stack);
+ return ret;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
diff --git a/crypto/openssl/ssl/statem/statem.c b/crypto/openssl/ssl/statem/statem.c
index d75f9ea03608..f76c0e48034b 100644
--- a/crypto/openssl/ssl/statem/statem.c
+++ b/crypto/openssl/ssl/statem/statem.c
@@ -118,11 +118,12 @@ void ossl_statem_set_renegotiate(SSL *s)
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
int line)
{
+ ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
/* We shouldn't call SSLfatal() twice. Once is enough */
- assert(s->statem.state != MSG_FLOW_ERROR);
+ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+ return;
s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR;
- ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
if (al != SSL_AD_NO_ALERT
&& s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c
index 8c658da8990d..0a11b88183e3 100644
--- a/crypto/openssl/ssl/statem/statem_clnt.c
+++ b/crypto/openssl/ssl/statem/statem_clnt.c
@@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
+ case TLS_ST_CR_CERT_VRFY:
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
}
@@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
+ /*
+ * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+ * after the CertificateVerify message has been received. This is because
+ * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+ * but in TLSv1.2 it is the other way around. We want to make sure that
+ * SSL_get_peer_certificate() returns something sensible in
+ * client_cert_cb.
+ */
+ if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+ return MSG_PROCESS_CONTINUE_READING;
+
return MSG_PROCESS_CONTINUE_PROCESSING;
}
diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c
index 508bb88767a7..4324896f500a 100644
--- a/crypto/openssl/ssl/statem/statem_lib.c
+++ b/crypto/openssl/ssl/statem/statem_lib.c
@@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
*hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
} else {
size_t retlen;
+ long retlen_l;
- retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
- if (retlen <= 0) {
+ retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+ if (retlen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
ERR_R_INTERNAL_ERROR);
return 0;
@@ -494,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
}
- ret = MSG_PROCESS_CONTINUE_READING;
+ /*
+ * In TLSv1.3 on the client side we make sure we prepare the client
+ * certificate after the CertVerify instead of when we get the
+ * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+ * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+ * want to make sure that SSL_get_peer_certificate() will return the actual
+ * server certificate from the client_cert_cb callback.
+ */
+ if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+ ret = MSG_PROCESS_CONTINUE_PROCESSING;
+ else
+ ret = MSG_PROCESS_CONTINUE_READING;
err:
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
@@ -1495,6 +1507,10 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
static int is_tls13_capable(const SSL *s)
{
int i;
+#ifndef OPENSSL_NO_EC
+ int curve;
+ EC_KEY *eckey;
+#endif
#ifndef OPENSSL_NO_PSK
if (s->psk_server_callback != NULL)
@@ -1515,8 +1531,25 @@ static int is_tls13_capable(const SSL *s)
default:
break;
}
- if (ssl_has_cert(s, i))
+ if (!ssl_has_cert(s, i))
+ continue;
+#ifndef OPENSSL_NO_EC
+ if (i != SSL_PKEY_ECC)
+ return 1;
+ /*
+ * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is
+ * more restrictive so check that our sig algs are consistent with this
+ * EC cert. See section 4.2.3 of RFC8446.
+ */
+ eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+ if (eckey == NULL)
+ continue;
+ curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ if (tls_check_sigalg_curve(s, curve))
return 1;
+#else
+ return 1;
+#endif
}
return 0;
@@ -2261,10 +2294,24 @@ int parse_ca_names(SSL *s, PACKET *pkt)
return 0;
}
-int construct_ca_names(SSL *s, WPACKET *pkt)
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
{
- const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+ const STACK_OF(X509_NAME) *ca_sk = NULL;;
+
+ if (s->server) {
+ ca_sk = SSL_get_client_CA_list(s);
+ if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
+ ca_sk = NULL;
+ }
+
+ if (ca_sk == NULL)
+ ca_sk = SSL_get0_CA_list(s);
+ return ca_sk;
+}
+
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
+{
/* Start sub-packet for client CA list */
if (!WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
diff --git a/crypto/openssl/ssl/statem/statem_locl.h b/crypto/openssl/ssl/statem/statem_locl.h
index 25e56e4e8ddf..6b8cf37faa01 100644
--- a/crypto/openssl/ssl/statem/statem_locl.h
+++ b/crypto/openssl/ssl/statem/statem_locl.h
@@ -61,7 +61,8 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr,
size_t hrrlen);
int parse_ca_names(SSL *s, PACKET *pkt);
-int construct_ca_names(SSL *s, WPACKET *pkt);
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
const void *param, size_t paramlen);
diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c
index 346b1e398916..e7c11c4bea4d 100644
--- a/crypto/openssl/ssl/statem/statem_srvr.c
+++ b/crypto/openssl/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
* So check cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
- if (clienthello->dtls_cookie_len == 0)
+ if (clienthello->dtls_cookie_len == 0) {
+ OPENSSL_free(clienthello);
return MSG_PROCESS_FINISHED_READING;
+ }
}
}
@@ -2056,10 +2058,6 @@ static int tls_early_post_process_client_hello(SSL *s)
#else
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
#endif
- if (!tls1_set_server_sigalgs(s)) {
- /* SSLfatal() already called */
- goto err;
- }
}
sk_SSL_CIPHER_free(ciphers);
@@ -2227,19 +2225,25 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
if (wst == WORK_MORE_B) {
if (!s->hit || SSL_IS_TLS13(s)) {
/* Let cert callback update server certificates if required */
- if (!s->hit && s->cert->cert_cb != NULL) {
- int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
- if (rv == 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
- SSL_R_CERT_CB_ERROR);
- goto err;
+ if (!s->hit) {
+ if (s->cert->cert_cb != NULL) {
+ int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+ if (rv == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_CERT_CB_ERROR);
+ goto err;
+ }
+ if (rv < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return WORK_MORE_B;
+ }
+ s->rwstate = SSL_NOTHING;
}
- if (rv < 0) {
- s->rwstate = SSL_X509_LOOKUP;
- return WORK_MORE_B;
+ if (!tls1_set_server_sigalgs(s)) {
+ /* SSLfatal already called */
+ goto err;
}
- s->rwstate = SSL_NOTHING;
}
/* In TLSv1.3 we selected the ciphersuite before resumption */
@@ -2876,7 +2880,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
}
}
- if (!construct_ca_names(s, pkt)) {
+ if (!construct_ca_names(s, get_ca_names(s), pkt)) {
/* SSLfatal() already called */
return 0;
}
@@ -3222,6 +3226,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
SSL_R_LENGTH_MISMATCH);
goto err;
}
+ if (skey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto err;
+ }
+
ckey = EVP_PKEY_new();
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index 156497988a62..fc41ed90e710 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
*/
unsigned long dup_list = 0;
+ if (ngroups == 0) {
+ SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+ return 0;
+ }
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
return 0;
@@ -945,6 +949,39 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
}
}
+#ifndef OPENSSL_NO_EC
+/*
+ * Called by servers only. Checks that we have a sig alg that supports the
+ * specified EC curve.
+ */
+int tls_check_sigalg_curve(const SSL *s, int curve)
+{
+ const uint16_t *sigs;
+ size_t siglen, i;
+
+ if (s->cert->conf_sigalgs) {
+ sigs = s->cert->conf_sigalgs;
+ siglen = s->cert->conf_sigalgslen;
+ } else {
+ sigs = tls12_sigalgs;
+ siglen = OSSL_NELEM(tls12_sigalgs);
+ }
+
+ for (i = 0; i < siglen; i++) {
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
+
+ if (lu == NULL)
+ continue;
+ if (lu->sig == EVP_PKEY_EC
+ && lu->curve != NID_undef
+ && curve == lu->curve)
+ return 1;
+ }
+
+ return 0;
+}
+#endif
+
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
@@ -1087,6 +1124,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
return 1;
}
+int SSL_get_signature_type_nid(const SSL *s, int *pnid)
+{
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *pnid = s->s3->tmp.sigalg->sig;
+ return 1;
+}
+
/*
* Set a mask of disabled algorithms: an algorithm is disabled if it isn't
* supported, doesn't appear in supported signature algorithms, isn't supported
diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c
index f7ab0fa47040..b6825d20c2dc 100644
--- a/crypto/openssl/ssl/tls13_enc.c
+++ b/crypto/openssl/ssl/tls13_enc.c
@@ -13,7 +13,14 @@
#include <openssl/evp.h>
#include <openssl/kdf.h>
-#define TLS13_MAX_LABEL_LEN 246
+/*
+ * RFC 8446, 7.1 Key Schedule, says:
+ * Note: With common hash functions, any label longer than 12 characters
+ * requires an additional iteration of the hash function to compute.
+ * The labels in this specification have all been chosen to fit within
+ * this limit.
+ */
+#define TLS13_MAX_LABEL_LEN 12
/* Always filled with zeros */
static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
@@ -29,14 +36,15 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen)
{
- const unsigned char label_prefix[] = "tls13 ";
+ static const unsigned char label_prefix[] = "tls13 ";
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
int ret;
size_t hkdflabellen;
size_t hashlen;
/*
- * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
- * prefix and label + bytes for the label itself + bytes for the hash
+ * 2 bytes for length of derived secret + 1 byte for length of combined
+ * prefix and label + bytes for the label itself + 1 byte length of hash
+ * + bytes for the hash itself
*/
unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+ sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index b44a51b7ebf7..63fe342c199c 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -16,9 +16,9 @@ NO_LINT=
.endif
.include "Makefile.inc"
-SRCS= cpt_err.c cryptlib.c ctype.c cversion.c ex_data.c init.c mem.c
-SRCS+= mem_dbg.c mem_sec.c o_dir.c o_fips.c o_fopen.c o_init.c o_str.c
-SRCS+= o_time.c threads_pthread.c uid.c
+SRCS= cpt_err.c cryptlib.c ctype.c cversion.c ex_data.c getenv.c init.c
+SRCS+= mem.c mem_dbg.c mem_sec.c o_dir.c o_fips.c o_fopen.c o_init.c
+SRCS+= o_str.c o_time.c threads_pthread.c uid.c
.if defined(ASM_aarch64)
SRCS+= arm64cpuid.S armcap.c
ACFLAGS.arm64cpuid.S= -march=armv8-a+crypto
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index 75b67763e1dd..ef8c131ff32c 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.1.1
-OPENSSL_DATE= 2018-09-11
+OPENSSL_VER= 1.1.1a
+OPENSSL_DATE= 2018-11-20
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man
index 7b734aec0781..61d6d071d96e 100644
--- a/secure/lib/libcrypto/Makefile.man
+++ b/secure/lib/libcrypto/Makefile.man
@@ -308,7 +308,6 @@ MAN+= SSL_CTX_set_cert_cb.3
MAN+= SSL_CTX_set_cert_store.3
MAN+= SSL_CTX_set_cert_verify_callback.3
MAN+= SSL_CTX_set_cipher_list.3
-MAN+= SSL_CTX_set_client_CA_list.3
MAN+= SSL_CTX_set_client_cert_cb.3
MAN+= SSL_CTX_set_client_hello_cb.3
MAN+= SSL_CTX_set_ct_validation_callback.3
@@ -372,7 +371,6 @@ MAN+= SSL_get0_peer_scts.3
MAN+= SSL_get_SSL_CTX.3
MAN+= SSL_get_all_async_fds.3
MAN+= SSL_get_ciphers.3
-MAN+= SSL_get_client_CA_list.3
MAN+= SSL_get_client_random.3
MAN+= SSL_get_current_cipher.3
MAN+= SSL_get_default_timeout.3
@@ -382,9 +380,9 @@ MAN+= SSL_get_fd.3
MAN+= SSL_get_peer_cert_chain.3
MAN+= SSL_get_peer_certificate.3
MAN+= SSL_get_peer_signature_nid.3
+MAN+= SSL_get_peer_tmp_key.3
MAN+= SSL_get_psk_identity.3
MAN+= SSL_get_rbio.3
-MAN+= SSL_get_server_tmp_key.3
MAN+= SSL_get_session.3
MAN+= SSL_get_shared_sigalgs.3
MAN+= SSL_get_verify_result.3
@@ -1511,20 +1509,55 @@ MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3
MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3
MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_str.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_uint64.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_oid.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_ukm.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_rsa_oaep_label.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id_len.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_outlen.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_type.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_cofactor_mode.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_outlen.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_type.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_padding.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_pss_saltlen.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_signature_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_oid.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_ukm.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_rsa_oaep_label.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_id.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_outlen.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_type.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_nid.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_pad.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_generator.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_prime_len.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_subprime_len.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_type.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_rfc5114.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dhx_rfc5114.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_bits.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_param_enc.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_cofactor_mode.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_outlen.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_type.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_mac_key.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_bits.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_primes.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md.3
+MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_padding.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3
MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3
@@ -1623,13 +1656,17 @@ MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3
MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3
@@ -1660,6 +1697,7 @@ MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha256.3
MLINKS+= EVP_aes.3 EVP_aes_128_ccm.3
MLINKS+= EVP_aes.3 EVP_aes_128_cfb.3
MLINKS+= EVP_aes.3 EVP_aes_128_cfb1.3
+MLINKS+= EVP_aes.3 EVP_aes_128_cfb128.3
MLINKS+= EVP_aes.3 EVP_aes_128_cfb8.3
MLINKS+= EVP_aes.3 EVP_aes_128_ctr.3
MLINKS+= EVP_aes.3 EVP_aes_128_ecb.3
@@ -1673,6 +1711,7 @@ MLINKS+= EVP_aes.3 EVP_aes_192_cbc.3
MLINKS+= EVP_aes.3 EVP_aes_192_ccm.3
MLINKS+= EVP_aes.3 EVP_aes_192_cfb.3
MLINKS+= EVP_aes.3 EVP_aes_192_cfb1.3
+MLINKS+= EVP_aes.3 EVP_aes_192_cfb128.3
MLINKS+= EVP_aes.3 EVP_aes_192_cfb8.3
MLINKS+= EVP_aes.3 EVP_aes_192_ctr.3
MLINKS+= EVP_aes.3 EVP_aes_192_ecb.3
@@ -1687,6 +1726,7 @@ MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha256.3
MLINKS+= EVP_aes.3 EVP_aes_256_ccm.3
MLINKS+= EVP_aes.3 EVP_aes_256_cfb.3
MLINKS+= EVP_aes.3 EVP_aes_256_cfb1.3
+MLINKS+= EVP_aes.3 EVP_aes_256_cfb128.3
MLINKS+= EVP_aes.3 EVP_aes_256_cfb8.3
MLINKS+= EVP_aes.3 EVP_aes_256_ctr.3
MLINKS+= EVP_aes.3 EVP_aes_256_ecb.3
@@ -1700,6 +1740,7 @@ MLINKS+= EVP_aria.3 EVP_aria_128_cbc.3
MLINKS+= EVP_aria.3 EVP_aria_128_ccm.3
MLINKS+= EVP_aria.3 EVP_aria_128_cfb.3
MLINKS+= EVP_aria.3 EVP_aria_128_cfb1.3
+MLINKS+= EVP_aria.3 EVP_aria_128_cfb128.3
MLINKS+= EVP_aria.3 EVP_aria_128_cfb8.3
MLINKS+= EVP_aria.3 EVP_aria_128_ctr.3
MLINKS+= EVP_aria.3 EVP_aria_128_ecb.3
@@ -1709,6 +1750,7 @@ MLINKS+= EVP_aria.3 EVP_aria_192_cbc.3
MLINKS+= EVP_aria.3 EVP_aria_192_ccm.3
MLINKS+= EVP_aria.3 EVP_aria_192_cfb.3
MLINKS+= EVP_aria.3 EVP_aria_192_cfb1.3
+MLINKS+= EVP_aria.3 EVP_aria_192_cfb128.3
MLINKS+= EVP_aria.3 EVP_aria_192_cfb8.3
MLINKS+= EVP_aria.3 EVP_aria_192_ctr.3
MLINKS+= EVP_aria.3 EVP_aria_192_ecb.3
@@ -1718,18 +1760,21 @@ MLINKS+= EVP_aria.3 EVP_aria_256_cbc.3
MLINKS+= EVP_aria.3 EVP_aria_256_ccm.3
MLINKS+= EVP_aria.3 EVP_aria_256_cfb.3
MLINKS+= EVP_aria.3 EVP_aria_256_cfb1.3
+MLINKS+= EVP_aria.3 EVP_aria_256_cfb128.3
MLINKS+= EVP_aria.3 EVP_aria_256_cfb8.3
MLINKS+= EVP_aria.3 EVP_aria_256_ctr.3
MLINKS+= EVP_aria.3 EVP_aria_256_ecb.3
MLINKS+= EVP_aria.3 EVP_aria_256_gcm.3
MLINKS+= EVP_aria.3 EVP_aria_256_ofb.3
MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb.3
+MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb64.3
MLINKS+= EVP_bf_cbc.3 EVP_bf_ecb.3
MLINKS+= EVP_bf_cbc.3 EVP_bf_ofb.3
MLINKS+= EVP_blake2b512.3 EVP_blake2s256.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_cbc.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb1.3
+MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb128.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb8.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_ctr.3
MLINKS+= EVP_camellia.3 EVP_camellia_128_ecb.3
@@ -1737,6 +1782,7 @@ MLINKS+= EVP_camellia.3 EVP_camellia_128_ofb.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_cbc.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb1.3
+MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb128.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb8.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_ctr.3
MLINKS+= EVP_camellia.3 EVP_camellia_192_ecb.3
@@ -1744,17 +1790,20 @@ MLINKS+= EVP_camellia.3 EVP_camellia_192_ofb.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_cbc.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb1.3
+MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb128.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb8.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_ctr.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_ecb.3
MLINKS+= EVP_camellia.3 EVP_camellia_256_ofb.3
MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb.3
+MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb64.3
MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ecb.3
MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ofb.3
MLINKS+= EVP_chacha20.3 EVP_chacha20_poly1305.3
MLINKS+= EVP_des.3 EVP_des_cbc.3
MLINKS+= EVP_des.3 EVP_des_cfb.3
MLINKS+= EVP_des.3 EVP_des_cfb1.3
+MLINKS+= EVP_des.3 EVP_des_cfb64.3
MLINKS+= EVP_des.3 EVP_des_cfb8.3
MLINKS+= EVP_des.3 EVP_des_ecb.3
MLINKS+= EVP_des.3 EVP_des_ede.3
@@ -1762,27 +1811,36 @@ MLINKS+= EVP_des.3 EVP_des_ede3.3
MLINKS+= EVP_des.3 EVP_des_ede3_cbc.3
MLINKS+= EVP_des.3 EVP_des_ede3_cfb.3
MLINKS+= EVP_des.3 EVP_des_ede3_cfb1.3
+MLINKS+= EVP_des.3 EVP_des_ede3_cfb64.3
MLINKS+= EVP_des.3 EVP_des_ede3_cfb8.3
+MLINKS+= EVP_des.3 EVP_des_ede3_ecb.3
MLINKS+= EVP_des.3 EVP_des_ede3_ofb.3
MLINKS+= EVP_des.3 EVP_des_ede3_wrap.3
MLINKS+= EVP_des.3 EVP_des_ede_cbc.3
MLINKS+= EVP_des.3 EVP_des_ede_cfb.3
+MLINKS+= EVP_des.3 EVP_des_ede_cfb64.3
+MLINKS+= EVP_des.3 EVP_des_ede_ecb.3
MLINKS+= EVP_des.3 EVP_des_ede_ofb.3
MLINKS+= EVP_des.3 EVP_des_ofb.3
MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb.3
+MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb64.3
MLINKS+= EVP_idea_cbc.3 EVP_idea_ecb.3
MLINKS+= EVP_idea_cbc.3 EVP_idea_ofb.3
+MLINKS+= EVP_md5.3 EVP_md5_sha1.3
MLINKS+= EVP_rc2_cbc.3 EVP_rc2_40_cbc.3
MLINKS+= EVP_rc2_cbc.3 EVP_rc2_64_cbc.3
MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb.3
+MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb64.3
MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ecb.3
MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ofb.3
MLINKS+= EVP_rc4.3 EVP_rc4_40.3
MLINKS+= EVP_rc4.3 EVP_rc4_hmac_md5.3
MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb.3
+MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb64.3
MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ecb.3
MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ofb.3
MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb.3
+MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb128.3
MLINKS+= EVP_seed_cbc.3 EVP_seed_ecb.3
MLINKS+= EVP_seed_cbc.3 EVP_seed_ofb.3
MLINKS+= EVP_sha224.3 EVP_sha256.3
@@ -1796,6 +1854,7 @@ MLINKS+= EVP_sha3_224.3 EVP_sha3_512.3
MLINKS+= EVP_sha3_224.3 EVP_shake128.3
MLINKS+= EVP_sha3_224.3 EVP_shake256.3
MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb.3
+MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb128.3
MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ctr.3
MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ecb.3
MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ofb.3
@@ -1901,6 +1960,7 @@ MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats_bio.3
MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats.3
MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats_bio.3
MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_stats_bio.3
+MLINKS+= OPENSSL_VERSION_NUMBER.3 OPENSSL_VERSION_TEXT.3
MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version.3
MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version_num.3
MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3
@@ -2417,11 +2477,17 @@ MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3
MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3
MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3
MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3
+MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3
MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3
MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups.3
MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups_list.3
@@ -2460,9 +2526,6 @@ MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3
MLINKS+= SSL_CTX_set_cipher_list.3 SSL_CTX_set_ciphersuites.3
MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3
MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3
-MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3
-MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3
-MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3
MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3
MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3
MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3
@@ -2677,7 +2740,6 @@ MLINKS+= SSL_get_ciphers.3 SSL_get1_supported_ciphers.3
MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3
MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3
MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3
-MLINKS+= SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3
MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3
MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3
MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3
@@ -2690,6 +2752,10 @@ MLINKS+= SSL_get_fd.3 SSL_get_rfd.3
MLINKS+= SSL_get_fd.3 SSL_get_wfd.3
MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3
MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3
+MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_nid.3
+MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_type_nid.3
+MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3
+MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_tmp_key.3
MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3
MLINKS+= SSL_get_rbio.3 SSL_get_wbio.3
MLINKS+= SSL_get_session.3 SSL_get0_session.3
diff --git a/secure/lib/libcrypto/man/ADMISSIONS.3 b/secure/lib/libcrypto/man/ADMISSIONS.3
index aaeb6031febe..dd9b4240f99e 100644
--- a/secure/lib/libcrypto/man/ADMISSIONS.3
+++ b/secure/lib/libcrypto/man/ADMISSIONS.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ADMISSIONS 3"
-.TH ADMISSIONS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ADMISSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
index 9a3f910feb82..2d382df14f87 100644
--- a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
+++ b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_INTEGER_GET_INT64 3"
-.TH ASN1_INTEGER_GET_INT64 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_INTEGER_GET_INT64 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
index 96cc5d413490..cdf3d6727894 100644
--- a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
+++ b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_ITEM_LOOKUP 3"
-.TH ASN1_ITEM_LOOKUP 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_ITEM_LOOKUP 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index ec50615f6955..6b7017deb6b2 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_NEW 3"
-.TH ASN1_OBJECT_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_OBJECT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
index 519a6efd39fd..ab97f42b67b3 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_TABLE_ADD 3"
-.TH ASN1_STRING_TABLE_ADD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_STRING_TABLE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index f33855999fcc..6d35b461eb48 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_LENGTH 3"
-.TH ASN1_STRING_LENGTH 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_STRING_LENGTH 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index af959985f97c..ce33ba401a8e 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_NEW 3"
-.TH ASN1_STRING_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_STRING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index 6684262df88b..47ac8ec74a6c 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_PRINT_EX 3"
-.TH ASN1_STRING_PRINT_EX 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_STRING_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3
index bc75640881fd..1a1f2d2633cb 100644
--- a/secure/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TIME_SET 3"
-.TH ASN1_TIME_SET 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_TIME_SET 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/ASN1_TYPE_get.3
index 20f8be910001..8fdf9ee50422 100644
--- a/secure/lib/libcrypto/man/ASN1_TYPE_get.3
+++ b/secure/lib/libcrypto/man/ASN1_TYPE_get.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TYPE_GET 3"
-.TH ASN1_TYPE_GET 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_TYPE_GET 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index 192463e9dbcc..f4f64a5405f0 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_GENERATE_NCONF 3"
-.TH ASN1_GENERATE_NCONF 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1_GENERATE_NCONF 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
index 3c4d63ec93d7..b24f5c7e9d91 100644
--- a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
+++ b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASYNC_WAIT_CTX_NEW 3"
-.TH ASYNC_WAIT_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASYNC_WAIT_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASYNC_start_job.3 b/secure/lib/libcrypto/man/ASYNC_start_job.3
index e788935f7746..2d3a7ebe3a5f 100644
--- a/secure/lib/libcrypto/man/ASYNC_start_job.3
+++ b/secure/lib/libcrypto/man/ASYNC_start_job.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASYNC_START_JOB 3"
-.TH ASYNC_START_JOB 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASYNC_START_JOB 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BF_encrypt.3 b/secure/lib/libcrypto/man/BF_encrypt.3
index ac2d3421a013..59228ee4e851 100644
--- a/secure/lib/libcrypto/man/BF_encrypt.3
+++ b/secure/lib/libcrypto/man/BF_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BF_ENCRYPT 3"
-.TH BF_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BF_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_ADDR.3 b/secure/lib/libcrypto/man/BIO_ADDR.3
index 3e647d7283bf..cc36a3cc8506 100644
--- a/secure/lib/libcrypto/man/BIO_ADDR.3
+++ b/secure/lib/libcrypto/man/BIO_ADDR.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ADDR 3"
-.TH BIO_ADDR 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_ADDR 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/BIO_ADDRINFO.3
index 86b1ddc224c6..c53494d1afeb 100644
--- a/secure/lib/libcrypto/man/BIO_ADDRINFO.3
+++ b/secure/lib/libcrypto/man/BIO_ADDRINFO.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ADDRINFO 3"
-.TH BIO_ADDRINFO 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_ADDRINFO 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_connect.3 b/secure/lib/libcrypto/man/BIO_connect.3
index 07ce276e19f6..6c7d42714b52 100644
--- a/secure/lib/libcrypto/man/BIO_connect.3
+++ b/secure/lib/libcrypto/man/BIO_connect.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_CONNECT 3"
-.TH BIO_CONNECT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index 6ecb3024c4d4..ae20965da287 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_CTRL 3"
-.TH BIO_CTRL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index 450f1e15b2a7..d8c7dd82beb4 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_BASE64 3"
-.TH BIO_F_BASE64 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_BASE64 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index ecb04e40adf0..fd6d4dbe1e8e 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_BUFFER 3"
-.TH BIO_F_BUFFER 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_BUFFER 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index 858b3280f2fd..b823f52d71fa 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_CIPHER 3"
-.TH BIO_F_CIPHER 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index 73f5fccb51e4..44da6c6d9fa7 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_MD 3"
-.TH BIO_F_MD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index 912c7bcb57cd..acdcc779a188 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_NULL 3"
-.TH BIO_F_NULL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index 0713da633b63..161b72258c69 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_F_SSL 3"
-.TH BIO_F_SSL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_F_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index 20e5092079e9..fa8a342ca89e 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_FIND_TYPE 3"
-.TH BIO_FIND_TYPE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_FIND_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_get_data.3 b/secure/lib/libcrypto/man/BIO_get_data.3
index 406720865988..7c4c2e020142 100644
--- a/secure/lib/libcrypto/man/BIO_get_data.3
+++ b/secure/lib/libcrypto/man/BIO_get_data.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_GET_DATA 3"
-.TH BIO_GET_DATA 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_GET_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
index 382a809a05f7..3f7bcb048289 100644
--- a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_GET_EX_NEW_INDEX 3"
-.TH BIO_GET_EX_NEW_INDEX 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_meth_new.3 b/secure/lib/libcrypto/man/BIO_meth_new.3
index 04f5328dfe20..8143095162f8 100644
--- a/secure/lib/libcrypto/man/BIO_meth_new.3
+++ b/secure/lib/libcrypto/man/BIO_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_METH_NEW 3"
-.TH BIO_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index 349814e78bc1..9ce06a5f167e 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_NEW 3"
-.TH BIO_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index 9dd871a24ea4..ca5447bb3e8d 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_NEW_CMS 3"
-.TH BIO_NEW_CMS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_NEW_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/BIO_parse_hostserv.3
index a90e96f3bbe0..098bdd163034 100644
--- a/secure/lib/libcrypto/man/BIO_parse_hostserv.3
+++ b/secure/lib/libcrypto/man/BIO_parse_hostserv.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_PARSE_HOSTSERV 3"
-.TH BIO_PARSE_HOSTSERV 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_PARSE_HOSTSERV 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_printf.3 b/secure/lib/libcrypto/man/BIO_printf.3
index 07a41d73ad75..9a583b97db13 100644
--- a/secure/lib/libcrypto/man/BIO_printf.3
+++ b/secure/lib/libcrypto/man/BIO_printf.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_PRINTF 3"
-.TH BIO_PRINTF 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_PRINTF 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index fa927ad7ad54..59ad305882e1 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_PUSH 3"
-.TH BIO_PUSH 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_PUSH 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 0f08129151f2..a18f78da4392 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_READ 3"
-.TH BIO_READ 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_READ 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index 0821758edc4f..f916bea479e6 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_ACCEPT 3"
-.TH BIO_S_ACCEPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index e9a186b7693f..61175dbc874d 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_BIO 3"
-.TH BIO_S_BIO 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index 39a6f1842f68..b46212f08174 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_CONNECT 3"
-.TH BIO_S_CONNECT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 1bffafc6ffc1..3a7f9689de77 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_FD 3"
-.TH BIO_S_FD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_FD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index 8aca1b90e520..a9cdb3570df4 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_FILE 3"
-.TH BIO_S_FILE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 21bdd95faecd..43c18c6f4450 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_MEM 3"
-.TH BIO_S_MEM 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_MEM 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index a8ca782dbe22..87ecfc2c1cdf 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_NULL 3"
-.TH BIO_S_NULL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 368ee4941f5e..689201382d1b 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_S_SOCKET 3"
-.TH BIO_S_SOCKET 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_S_SOCKET 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index 965e80ba7902..347f585e943d 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_SET_CALLBACK 3"
-.TH BIO_SET_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_SET_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index e107c5c4605c..c58a4844ba11 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_SHOULD_RETRY 3"
-.TH BIO_SHOULD_RETRY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BIO_SHOULD_RETRY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index 6bdbf13691b7..ac9569420e6a 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_NEW 3"
-.TH BN_BLINDING_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_BLINDING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index c4827f416e8d..03e526090125 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_NEW 3"
-.TH BN_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 89397f4d2b34..292aa1d1b0e2 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_START 3"
-.TH BN_CTX_START 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_CTX_START 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index b92fd09daec3..a8ada7644435 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_ADD 3"
-.TH BN_ADD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index 18e1677cffe3..efdba7606f8b 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_ADD_WORD 3"
-.TH BN_ADD_WORD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_ADD_WORD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index 36c461a90526..da4d59360c79 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BN2BIN 3"
-.TH BN_BN2BIN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_BN2BIN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index d47db6d83780..5fe1492d11f5 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CMP 3"
-.TH BN_CMP 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 353be4ecd49a..58b4d6963059 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_COPY 3"
-.TH BN_COPY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index bc73c105e8dc..ddca791ee047 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_GENERATE_PRIME 3"
-.TH BN_GENERATE_PRIME 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_GENERATE_PRIME 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index 3d04fb8b72a5..5e54711e3b32 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_MOD_INVERSE 3"
-.TH BN_MOD_INVERSE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_MOD_INVERSE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index c6bd62cf6af0..fe0ad15327b8 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_MOD_MUL_MONTGOMERY 3"
-.TH BN_MOD_MUL_MONTGOMERY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_MOD_MUL_MONTGOMERY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index 8d177927867b..6e1392c8255a 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_MOD_MUL_RECIPROCAL 3"
-.TH BN_MOD_MUL_RECIPROCAL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_MOD_MUL_RECIPROCAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 289666c85f51..62a640928f18 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_NEW 3"
-.TH BN_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 426cb8d00625..6ef112c3be09 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_NUM_BYTES 3"
-.TH BN_NUM_BYTES 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_NUM_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index d6b01e9d2c47..ceb927e95401 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_RAND 3"
-.TH BN_RAND 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_RAND 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_security_bits.3 b/secure/lib/libcrypto/man/BN_security_bits.3
index 4b7ee981531a..4bf266b1bebe 100644
--- a/secure/lib/libcrypto/man/BN_security_bits.3
+++ b/secure/lib/libcrypto/man/BN_security_bits.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_SECURITY_BITS 3"
-.TH BN_SECURITY_BITS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_SECURITY_BITS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index b7b7274bd4ee..915cfa20f442 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_SET_BIT 3"
-.TH BN_SET_BIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_SET_BIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index ad59f046804f..04fed56410b5 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_SWAP 3"
-.TH BN_SWAP 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_SWAP 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 7d966edeb068..0a07d8b50e85 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_ZERO 3"
-.TH BN_ZERO 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BN_ZERO 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BUF_MEM_new.3 b/secure/lib/libcrypto/man/BUF_MEM_new.3
index 385da3c98fcb..b9016c9e3586 100644
--- a/secure/lib/libcrypto/man/BUF_MEM_new.3
+++ b/secure/lib/libcrypto/man/BUF_MEM_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BUF_MEM_NEW 3"
-.TH BUF_MEM_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH BUF_MEM_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index 6bfa10e30f8a..18210d30aad8 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_ADD0_CERT 3"
-.TH CMS_ADD0_CERT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_ADD0_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index 6e759c494ed3..3007120e83df 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_ADD1_RECIPIENT_CERT 3"
-.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 51727a5f2421..513f8233ba35 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_ADD1_SIGNER 3"
-.TH CMS_ADD1_SIGNER 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_ADD1_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index 5c1f38b3209f..86a03c0e4d37 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_COMPRESS 3"
-.TH CMS_COMPRESS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_COMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index 313e83718586..97f0c97948ac 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_DECRYPT 3"
-.TH CMS_DECRYPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index 4f5d22722930..65c1547f62ab 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_ENCRYPT 3"
-.TH CMS_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index dcb86d2d92be..28e3db23eb41 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_FINAL 3"
-.TH CMS_FINAL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_FINAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index 0feae24c893d..24cfdf9796ac 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_GET0_RECIPIENTINFOS 3"
-.TH CMS_GET0_RECIPIENTINFOS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_GET0_RECIPIENTINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index 5fecf14927d8..db2a6123dcfb 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_GET0_SIGNERINFOS 3"
-.TH CMS_GET0_SIGNERINFOS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_GET0_SIGNERINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 528913a3c47e..9adeddc37807 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_GET0_TYPE 3"
-.TH CMS_GET0_TYPE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_GET0_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index 629cc28b3118..9e8c9788771a 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_GET1_RECEIPTREQUEST 3"
-.TH CMS_GET1_RECEIPTREQUEST 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_GET1_RECEIPTREQUEST 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index cbe3beca41f0..d86d1f0e8e82 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_SIGN 3"
-.TH CMS_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index 787017df9298..41f3b77648f4 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_SIGN_RECEIPT 3"
-.TH CMS_SIGN_RECEIPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_SIGN_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index 8aba27c6a0d9..fac85d450c5d 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_UNCOMPRESS 3"
-.TH CMS_UNCOMPRESS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_UNCOMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index 3a1113d4a579..46604b02a442 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_VERIFY 3"
-.TH CMS_VERIFY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index 505655e0bf8e..cdb1d7a18a80 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_VERIFY_RECEIPT 3"
-.TH CMS_VERIFY_RECEIPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS_VERIFY_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index 1e1de651ccd2..89b34363e82a 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_MODULES_FREE 3"
-.TH CONF_MODULES_FREE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CONF_MODULES_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 8d027239349c..70f49cebb66b 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_MODULES_LOAD_FILE 3"
-.TH CONF_MODULES_LOAD_FILE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CONF_MODULES_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
index 9d3700ed3ce0..e3bd897ddb18 100644
--- a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
+++ b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_THREAD_RUN_ONCE 3"
-.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
index 104edc5b044a..dc2f41c13aad 100644
--- a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_GET_EX_NEW_INDEX 3"
-.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
index d1bc970fbe93..9bb35424c9e7 100644
--- a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
+++ b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3"
-.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/CTLOG_STORE_new.3
index 2ad7914d1c59..e314e5eca93f 100644
--- a/secure/lib/libcrypto/man/CTLOG_STORE_new.3
+++ b/secure/lib/libcrypto/man/CTLOG_STORE_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CTLOG_STORE_NEW 3"
-.TH CTLOG_STORE_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CTLOG_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CTLOG_new.3 b/secure/lib/libcrypto/man/CTLOG_new.3
index 23f715a3b54d..ca38aa135623 100644
--- a/secure/lib/libcrypto/man/CTLOG_new.3
+++ b/secure/lib/libcrypto/man/CTLOG_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CTLOG_NEW 3"
-.TH CTLOG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CTLOG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
index 0ecc1f823975..4a677fd929d7 100644
--- a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
+++ b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CT_POLICY_EVAL_CTX_NEW 3"
-.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
index d0106afd8f26..98abe054a027 100644
--- a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
+++ b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DEFINE_STACK_OF 3"
-.TH DEFINE_STACK_OF 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DEFINE_STACK_OF 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DES_random_key.3 b/secure/lib/libcrypto/man/DES_random_key.3
index c50c95bbd8b6..ad4173cdade0 100644
--- a/secure/lib/libcrypto/man/DES_random_key.3
+++ b/secure/lib/libcrypto/man/DES_random_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DES_RANDOM_KEY 3"
-.TH DES_RANDOM_KEY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DES_RANDOM_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -224,7 +224,7 @@ algorithm.
.PP
There are two phases to the use of \s-1DES\s0 encryption. The first is the
generation of a \fIDES_key_schedule\fR from a key, the second is the
-actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is
+actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type
consists of 8 bytes with odd parity. The least significant bit in
each byte is the parity bit. The key schedule is an expanded form of
the key; it is used to speed the encryption process.
@@ -295,42 +295,42 @@ of 24 bytes. This is much better than \s-1CBC DES.\s0
.PP
\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
-an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0
+\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0
.PP
The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
This form of Triple-DES is used by the \s-1RSAREF\s0 library.
.PP
-\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block
+\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block
chaining mode used by Kerberos v4. Its parameters are the same as
\&\fIDES_ncbc_encrypt()\fR.
.PP
-\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This
-method takes an array of characters as input and outputs and array of
+\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This
+method takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
-suggested for use when sending small numbers of characters.
+suggested for use when sending a small number of characters.
.PP
\&\fIDES_cfb64_encrypt()\fR
-implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this
+implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this
useful you ask? Because this routine will allow you to encrypt an
-arbitrary number of bytes, no 8 byte padding. Each call to this
+arbitrary number of bytes, without 8 byte padding. Each call to this
routine will encrypt the input bytes to output and then update ivec
and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of \s-1DES :\-\s0).
+not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0
.PP
\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
.PP
\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method
-takes an array of characters as input and outputs and array of
+takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete \s-1DES ECB\s0 encryption per numbits, this function is only
-suggested for use when sending small numbers of characters.
+a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
+suggested for use when sending a small number of characters.
.PP
\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
Feed Back mode.
@@ -357,10 +357,10 @@ The following are DES-based transformations:
.PP
\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This
version takes only a small amount of space relative to other fast
-\&\fIcrypt()\fR implementations. This is different to the normal crypt in
+\&\fIcrypt()\fR implementations. This is different to the normal \fIcrypt()\fR in
that the third parameter is the buffer that the return value is
written into. It needs to be at least 14 bytes long. This function
-is thread safe, unlike the normal crypt.
+is thread safe, unlike the normal \fIcrypt()\fR.
.PP
\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.
This function calls \fIDES_fcrypt()\fR with a static array passed as the
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index 562ce6045f53..51c098116311 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_GENERATE_KEY 3"
-.TH DH_GENERATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index e260c1915754..acdadf8987d0 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_GENERATE_PARAMETERS 3"
-.TH DH_GENERATE_PARAMETERS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_get0_pqg.3 b/secure/lib/libcrypto/man/DH_get0_pqg.3
index ea0bb61b1a0c..4d900d008a47 100644
--- a/secure/lib/libcrypto/man/DH_get0_pqg.3
+++ b/secure/lib/libcrypto/man/DH_get0_pqg.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_GET0_PQG 3"
-.TH DH_GET0_PQG 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_get_1024_160.3 b/secure/lib/libcrypto/man/DH_get_1024_160.3
index 645af1f6be2e..593aadeedeca 100644
--- a/secure/lib/libcrypto/man/DH_get_1024_160.3
+++ b/secure/lib/libcrypto/man/DH_get_1024_160.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_GET_1024_160 3"
-.TH DH_GET_1024_160 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_GET_1024_160 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_meth_new.3 b/secure/lib/libcrypto/man/DH_meth_new.3
index 6e878da60030..0903e7408a8b 100644
--- a/secure/lib/libcrypto/man/DH_meth_new.3
+++ b/secure/lib/libcrypto/man/DH_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_METH_NEW 3"
-.TH DH_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index 4ca5899affa1..292eb9b710a7 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_NEW 3"
-.TH DH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new_by_nid.3 b/secure/lib/libcrypto/man/DH_new_by_nid.3
index a545178ead83..d49e9f9b1546 100644
--- a/secure/lib/libcrypto/man/DH_new_by_nid.3
+++ b/secure/lib/libcrypto/man/DH_new_by_nid.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_NEW_BY_NID 3"
-.TH DH_NEW_BY_NID 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_NEW_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index 5ec83fad3bf3..cd0f6560ecbc 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_SET_METHOD 3"
-.TH DH_SET_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index d06b79948868..6a63cb458085 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_SIZE 3"
-.TH DH_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DH_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index dd3388fb69c8..6b91e3c4b12d 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_NEW 3"
-.TH DSA_SIG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index edd789070dc9..7a27cda24f4b 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_DO_SIGN 3"
-.TH DSA_DO_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_DO_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index 81fc0ead1f3d..cfbd7edb0726 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_DUP_DH 3"
-.TH DSA_DUP_DH 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_DUP_DH 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index 9374da3c9d08..9cf96992cc61 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_GENERATE_KEY 3"
-.TH DSA_GENERATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 856365229e71..4b30a73215d7 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_GENERATE_PARAMETERS 3"
-.TH DSA_GENERATE_PARAMETERS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/DSA_get0_pqg.3
index f47b09da1769..0cd356b05b4c 100644
--- a/secure/lib/libcrypto/man/DSA_get0_pqg.3
+++ b/secure/lib/libcrypto/man/DSA_get0_pqg.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_GET0_PQG 3"
-.TH DSA_GET0_PQG 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_meth_new.3 b/secure/lib/libcrypto/man/DSA_meth_new.3
index b07278844dca..5167565a2fb7 100644
--- a/secure/lib/libcrypto/man/DSA_meth_new.3
+++ b/secure/lib/libcrypto/man/DSA_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_METH_NEW 3"
-.TH DSA_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 7990c39ce56a..2f046affd999 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_NEW 3"
-.TH DSA_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index f6cbc9a02be8..54e5fa3b2fcd 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SET_METHOD 3"
-.TH DSA_SET_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index 120a1a325fe7..f5f896c59c24 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIGN 3"
-.TH DSA_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index de014387bb05..e2cb1d00ba0e 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIZE 3"
-.TH DSA_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
index dc70d4f7b943..56c3754ee13c 100644
--- a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
+++ b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DTLS_GET_DATA_MTU 3"
-.TH DTLS_GET_DATA_MTU 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DTLS_GET_DATA_MTU 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
index 95652604dbcf..8b955732e86d 100644
--- a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
+++ b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DTLS_SET_TIMER_CB 3"
-.TH DTLS_SET_TIMER_CB 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DTLS_SET_TIMER_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DTLSv1_listen.3 b/secure/lib/libcrypto/man/DTLSv1_listen.3
index 28e594647325..27245e982fff 100644
--- a/secure/lib/libcrypto/man/DTLSv1_listen.3
+++ b/secure/lib/libcrypto/man/DTLSv1_listen.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DTLSV1_LISTEN 3"
-.TH DTLSV1_LISTEN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DTLSV1_LISTEN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/ECDSA_SIG_new.3
index 9ea98f64626e..f4e44d09f6e8 100644
--- a/secure/lib/libcrypto/man/ECDSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/ECDSA_SIG_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ECDSA_SIG_NEW 3"
-.TH ECDSA_SIG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ECDSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ECPKParameters_print.3 b/secure/lib/libcrypto/man/ECPKParameters_print.3
index 8d117a063ed9..9c376ca8a0bb 100644
--- a/secure/lib/libcrypto/man/ECPKParameters_print.3
+++ b/secure/lib/libcrypto/man/ECPKParameters_print.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ECPKPARAMETERS_PRINT 3"
-.TH ECPKPARAMETERS_PRINT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ECPKPARAMETERS_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
index 026e99773418..26f231246ac3 100644
--- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3
+++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GFP_SIMPLE_METHOD 3"
-.TH EC_GFP_SIMPLE_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_GFP_SIMPLE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3
index 1db7af0c54e2..b3f95d40b1c7 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_copy.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_COPY 3"
-.TH EC_GROUP_COPY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_GROUP_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3
index 2194aecb3105..45053dff2c9d 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_new.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_NEW 3"
-.TH EC_GROUP_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_GROUP_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
index 3ad6fca1932b..31e93dd058e4 100644
--- a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
+++ b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_KEY_GET_ENC_FLAGS 3"
-.TH EC_KEY_GET_ENC_FLAGS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_KEY_GET_ENC_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3
index f29cb4da5b4f..aa156b2ac6e2 100644
--- a/secure/lib/libcrypto/man/EC_KEY_new.3
+++ b/secure/lib/libcrypto/man/EC_KEY_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_KEY_NEW 3"
-.TH EC_KEY_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_KEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3
index 4f2217de44f3..251e76d8309c 100644
--- a/secure/lib/libcrypto/man/EC_POINT_add.3
+++ b/secure/lib/libcrypto/man/EC_POINT_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_ADD 3"
-.TH EC_POINT_ADD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_POINT_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3
index 8fbf2daf71e5..6f28ac9bef7a 100644
--- a/secure/lib/libcrypto/man/EC_POINT_new.3
+++ b/secure/lib/libcrypto/man/EC_POINT_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_NEW 3"
-.TH EC_POINT_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC_POINT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ENGINE_add.3 b/secure/lib/libcrypto/man/ENGINE_add.3
index 961dde3845ff..c4bc47d90c99 100644
--- a/secure/lib/libcrypto/man/ENGINE_add.3
+++ b/secure/lib/libcrypto/man/ENGINE_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ENGINE_ADD 3"
-.TH ENGINE_ADD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ENGINE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index bb8a0230f506..46248538cff5 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_GET_LIB 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index 76403d7e43f4..a3b82dbe9b4b 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_CLEAR_ERROR 3"
-.TH ERR_CLEAR_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_CLEAR_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index b4eb84dd69dd..10c6e61d5284 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_ERROR_STRING 3"
-.TH ERR_ERROR_STRING 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_ERROR_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index fa2cdf983b60..83b8fd9c381c 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_ERROR 3"
-.TH ERR_GET_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index b10e29f5f556..c3ead8f6345d 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_LOAD_CRYPTO_STRINGS 3"
-.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 48621256e895..9fbf91857c9c 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_LOAD_STRINGS 3"
-.TH ERR_LOAD_STRINGS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_LOAD_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index 228d0ee736b1..a8b8bc4cb7ad 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_PRINT_ERRORS 3"
-.TH ERR_PRINT_ERRORS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_PRINT_ERRORS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index b2acd60dfdc8..4e5c5aac2c9b 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_PUT_ERROR 3"
-.TH ERR_PUT_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_PUT_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index 0a24d8f61af1..ee335a31dcf0 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_REMOVE_STATE 3"
-.TH ERR_REMOVE_STATE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_REMOVE_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index 15afc061abae..f9ff981ae7f4 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_SET_MARK 3"
-.TH ERR_SET_MARK 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERR_SET_MARK 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 0966cdd096dd..8fd3b341dc9d 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BYTESTOKEY 3"
-.TH EVP_BYTESTOKEY 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_BYTESTOKEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
index edabe4f6cb8b..9088cb489104 100644
--- a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
+++ b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3"
-.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
index 7b4244b0a7fc..6f31f3f3174a 100644
--- a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER_METH_NEW 3"
-.TH EVP_CIPHER_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_CIPHER_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index b8b392b953d9..5f59cda8f416 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DIGESTINIT 3"
-.TH EVP_DIGESTINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_DIGESTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -363,18 +363,19 @@ or control.
This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
digest name passed on the command line.
.PP
-.Vb 2
+.Vb 3
\& #include <stdio.h>
+\& #include <string.h>
\& #include <openssl/evp.h>
\&
-\& main(int argc, char *argv[])
+\& int main(int argc, char *argv[])
\& {
\& EVP_MD_CTX *mdctx;
\& const EVP_MD *md;
\& char mess1[] = "Test Message\en";
\& char mess2[] = "Hello World\en";
\& unsigned char md_value[EVP_MAX_MD_SIZE];
-\& int md_len, i;
+\& unsigned int md_len, i;
\&
\& if (argv[1] == NULL) {
\& printf("Usage: mdtest digestname\en");
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index b7eb419593b5..d33bc7ea47cf 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DIGESTSIGNINIT 3"
-.TH EVP_DIGESTSIGNINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_DIGESTSIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 720de6b09fe5..9b4fc7217faa 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DIGESTVERIFYINIT 3"
-.TH EVP_DIGESTVERIFYINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_DIGESTVERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3
index 291f2d2137cc..0cc531b9eb7c 100644
--- a/secure/lib/libcrypto/man/EVP_EncodeInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_ENCODEINIT 3"
-.TH EVP_ENCODEINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_ENCODEINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 34335291b1b0..ace2df58d457 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_ENCRYPTINIT 3"
-.TH EVP_ENCRYPTINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_ENCRYPTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/EVP_MD_meth_new.3
index dbc88b68a83d..3fb1079a55af 100644
--- a/secure/lib/libcrypto/man/EVP_MD_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_MD_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_MD_METH_NEW 3"
-.TH EVP_MD_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_MD_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index 782f48de42a5..dbea8cf6caa5 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_OPENINIT 3"
-.TH EVP_OPENINIT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_OPENINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
index c239dcd2812a..0e302ea4ffe8 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_ASN1_METHOD 3"
-.TH EVP_PKEY_ASN1_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_ASN1_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 908aed63fefc..209076cc7f22 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -129,13 +129,13 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_CTRL 3"
-.TH EVP_PKEY_CTX_CTRL 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations
+EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
@@ -143,9 +143,13 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKE
\&
\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
\& int cmd, int p1, void *p2);
+\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+\& int cmd, uint64_t value);
\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
\& const char *value);
\&
+\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+\&
\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
\&
@@ -154,22 +158,58 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKE
\& #include <openssl/rsa.h>
\&
\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
\&
\& #include <openssl/dsa.h>
+\&
\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
\&
\& #include <openssl/dh.h>
+\&
\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
\&
\& #include <openssl/ec.h>
+\&
\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
\&
\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
@@ -189,6 +229,9 @@ and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 a
Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will
instead call one of the algorithm specific macros below.
.PP
+The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a
+uint64 value as \fBp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR.
+.PP
The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm
specific control operation to a context \fBctx\fR in string form. This is
intended to be used for options specified on the command line or in text
@@ -196,6 +239,9 @@ files. The commands supported are documented in the openssl utility
command line pages for the option \fB\-pkeyopt\fR which is supported by the
\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands.
.PP
+The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation
+to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR.
+.PP
All the remaining \*(L"functions\*(R" are implemented as macros.
.PP
The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used
@@ -214,13 +260,14 @@ provided by that macro. Normally applications would call
.PP
The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms
supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function.
-.PP
-The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR.
-The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding,
-\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding,
-\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only),
-\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and
-\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only).
+.SS "\s-1RSA\s0 parameters"
+.IX Subsection "RSA parameters"
+The \fIEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR.
+The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1
+padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for
+no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and
+decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations
+only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only).
.PP
Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
@@ -232,56 +279,209 @@ padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and rem
if this control is called. If it is not called then the first byte of the plaintext
buffer is expected to be the algorithm identifier byte.
.PP
+The \fIEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR.
+.PP
The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to
-\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding. Three special
-values are supported: \s-1RSA_PSS_SALTLEN_DIGEST\s0 sets the salt length to the
-digest length, \s-1RSA_PSS_SALTLEN_MAX\s0 sets the salt length to the maximum
-permissible value. When verifying \s-1RSA_PSS_SALTLEN_AUTO\s0 causes the salt length
+\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special
+values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the
+digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum
+permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length
to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this
macro is not called maximum salt length is used when signing and auto detection
when verifying is used by default.
.PP
+The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length
+for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
+.PP
The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for
\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used.
.PP
The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value
-for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The
+for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The
\&\fBpubexp\fR pointer is used internally by this function so it should not be
-modified or free after the call. If this macro is not called then 65537 is used.
+modified or freed after the call. If not specified 65537 is used.
.PP
-The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used
-for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used.
+The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for
+\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used.
+.PP
+The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding
+schemes to \fBmd\fR. If not explicitly set the signing digest is used. The
+padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR
+or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR.
+If not explicitly set the signing digest is used. The padding mode must have
+been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used
+in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to
+\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used
+in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to
+\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
.PP
-The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0
+The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to
+\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0,
+the label is cleared. The library takes ownership of the label so the
+caller should not free the original memory pointed to by \fBlabel\fR.
+The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to
+\&\fBlabel\fR. The return value is the label length. The padding mode
+must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned
+by the library and should not be freed by the caller.
+.SS "\s-1DSA\s0 parameters"
+.IX Subsection "DSA parameters"
+The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used
+for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used.
+.SS "\s-1DH\s0 parameters"
+.IX Subsection "DH parameters"
+The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0
prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called
-then 1024 is used.
+then 1024 is used. Only accepts lengths greater than or equal to 256.
+.PP
+The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0
+optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is
+256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0
+paramgen type must have been set to x9.42.
.PP
The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR
for \s-1DH\s0 parameter generation. If not specified 2 is used.
.PP
+The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0
+parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0
+The default is 0.
+.PP
The \fIEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is
1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR.
If \fBpad\fR is zero (the default) then no padding is performed.
.PP
\&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to
-\&\fBnid\fR. The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR,
-\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. This macro can be
-called during parameter or key generation.
+\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR,
+\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR
+or \fBNID_undef\fR to clear the stored value. This macro can be called during
+parameter or key generation.
+The nid parameter and the rfc5114 parameter are mutually exclusive.
.PP
+The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are
+synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The
+\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections
+2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called
+during parameter generation. The \fBctx\fR must have a key type of
+\&\fB\s-1EVP_PKEY_DHX\s0\fR.
+The rfc5114 parameter and the nid parameter are mutually exclusive.
+.SS "\s-1DH\s0 key derivation function parameters"
+.IX Subsection "DH key derivation function parameters"
+Note that all of the following functions require that the \fBctx\fR parameter has
+a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of
+\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret.
+The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn
+encrypts a Content Encryption Key (\s-1CEK\s0).
+.PP
+The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type
+to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR
+and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0
+(based on the keying algorithm described in X9.42). When using key derivation,
+the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified.
+.PP
+The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type
+for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR
+and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function
+object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify
+the algorithm to be used with the Content Encryption Key.
+The library takes ownership of the object identifier so the caller should not
+free the original memory pointed to by \fBoid\fR.
+.PP
+The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid
+for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the
+library and should not be freed by the caller.
+.PP
+The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function
+message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies
+that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests.
+.PP
+The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function
+message digest for \fBctx\fR used for \s-1DH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function
+output length to \fBlen\fR for \s-1DH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function
+output length for \fBctx\fR used for \s-1DH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to
+\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional
+and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification
+requires that it is 512 bits long but this is not enforced by OpenSSL.
+The library takes ownership of the user key material so the caller should not
+free the original memory pointed to by \fBukm\fR.
+.PP
+The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+.SS "\s-1EC\s0 parameters"
+.IX Subsection "EC parameters"
The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter
generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called
or an error occurs because there is no default curve.
This function can also be called to set the curve explicitly when
generating an \s-1EC\s0 key.
.PP
-The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR sets the \s-1EC\s0 parameter encoding to
+The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to
\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be
\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions
of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form.
For maximum compatibility the named curve form should be used. Note: the
\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was only added to OpenSSL 1.1.0; previous
versions should use 0 instead.
+.SS "\s-1ECDH\s0 parameters"
+.IX Subsection "ECDH parameters"
+The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to
+\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable
+cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor
+mode and fallback to the private key cofactor mode.
+.PP
+The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for
+\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key
+derivation is enabled and 0 otherwise.
+.SS "\s-1ECDH\s0 key derivation function parameters"
+.IX Subsection "ECDH key derivation function parameters"
+The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type
+to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR
+and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63.
+When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must
+also be specified.
+.PP
+The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function
+type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are
+\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR.
+.PP
+The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function
+message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies
+that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests.
+.PP
+The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function
+message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function
+output length to \fBlen\fR for \s-1ECDH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function
+output length for \fBctx\fR used for \s-1ECDH\s0 key derivation.
+.PP
+The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR
+for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the
+shared info in X9.63 terms. The library takes ownership of the user key material
+so the caller should not free the original memory pointed to by \fBukm\fR.
.PP
+The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+.SS "Other parameters"
+.IX Subsection "Other parameters"
The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR
macros are used to manipulate the special identifier field for specific signature
algorithms such as \s-1SM2.\s0 The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with
@@ -305,7 +505,7 @@ indicates the operation is not supported by the public key algorithm.
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fIEVP_PKEY_derive\fR\|(3),
\&\fIEVP_PKEY_keygen\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index a9f5ab713e02..4cb06710825b 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_NEW 3"
-.TH EVP_PKEY_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
index 64afd6f84e19..87cf931a203f 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3"
-.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
index db926c1d28a7..7eec64fa9678 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3"
-.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,12 +191,12 @@ pseudorandom key K returned from a previous extract operation.
The digest, key and info values must be set before a key is derived or an
error occurs.
.PP
-\&\fIEVP_PKEY_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0
+\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0
.PP
\&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the
buffer \fBsalt\fR. Any existing value is replaced.
.PP
-\&\fIEVP_PKEY_CTX_set_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer
+\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer
\&\fBkey\fR. Any existing value is replaced.
.PP
\&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
index 8c58dcd5ba0f..33d70752a1f3 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3"
-.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,7 +161,7 @@ The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt lengt
If the key has usage restrictions then an error is returned if an attempt is
made to set the salt length below the minimum value. It is otherwise similar
to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using
-\&\s-1RSA_PSS_SALTLEN_AUTO\s0 is not supported for verification if the key has
+\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has
usage restrictions.
.PP
The \fIEVP_PKEY_CTX_set_signature_md()\fR and \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros
@@ -171,7 +171,7 @@ digest to anything other than the restricted value. Otherwise these are
similar to the \fB\s-1RSA\s0\fR versions.
.SS "Key Generation"
.IX Subsection "Key Generation"
-As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR
+As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR
and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS:
they have exactly the same meaning as for the \s-1RSA\s0 algorithm.
.PP
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
index c51b7c6a431a..a34d354ab383 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3"
-.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
index 3115d636d28c..1b08c5286262 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3"
-.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
index b1f6c8b27128..93e27d9732d8 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_ASN1_GET_COUNT 3"
-.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
index ca8ff8dadeeb..44c4fc1ffa07 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CMP 3"
-.TH EVP_PKEY_CMP 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
index 5a0b2d563da7..03a1e5c36dea 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_DECRYPT 3"
-.TH EVP_PKEY_DECRYPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
index 105031f266d3..58c0eb082c88 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_DERIVE 3"
-.TH EVP_PKEY_DERIVE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_DERIVE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
index 7e30e8705912..08bdd09dfee5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_ENCRYPT 3"
-.TH EVP_PKEY_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
index dab05522fc7d..0b55bb1d25a5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3"
-.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
index 514e36383f5a..9eaf4acac95e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_KEYGEN 3"
-.TH EVP_PKEY_KEYGEN 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_KEYGEN 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
index 3b8b36fcbd26..0c378ff5d29d 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_METH_GET_COUNT 3"
-.TH EVP_PKEY_METH_GET_COUNT 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_METH_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
index 17c7e82c8ca9..4e9fe173b13f 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_METH_NEW 3"
-.TH EVP_PKEY_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 3c7a5b22262e..15c9d567aa48 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_NEW 3"
-.TH EVP_PKEY_NEW 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
index f12e7a725de9..a0c80534dbb4 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_PRINT_PRIVATE 3"
-.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index dd99916bfdcf..411d592a5364 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -129,13 +129,13 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_SET1_RSA 3"
-.TH EVP_PKEY_SET1_RSA 3 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EVP_PKEY_SET1_RSA 3 "2018-11-20" "1.1.1a" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine \- EVP_PKEY assignment functions
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine \- EVP_PKEY assignment functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
@@ -152,6 +152,8 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV
\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
\&
\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -161,6 +163,8 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV
\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
\&
\& int EVP_PKEY_id(const EVP_PKEY *pkey);
\& int EVP_PKEY_base_id(const EVP_PKEY *pkey);
@@ -178,14 +182,15 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV
\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
\&\fB\s-1NULL\s0\fR if the key is not of the correct type.
.PP
-\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR,
-\&\fIEVP_PKEY_get0_DH()\fR and \fIEVP_PKEY_get0_EC_KEY()\fR also return the
-referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR if the key is not of the
-correct type but the reference count of the returned key is
-\&\fBnot\fR incremented and so must not be freed up after use.
+\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR,
+\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR
+and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR
+if the key is not of the correct type but the reference count of the
+returned key is \fBnot\fR incremented and so must not be freed up after use.
.PP
-\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
-and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR
+\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR,
+\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and
+\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key