pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
openssl3: update to 3.1.0
Module Name: pkgsrc-wip
Committed By: Thomas Klausner <wiz%gatalith.at@localhost>
Pushed By: wiz
Date: Thu Mar 23 07:23:38 2023 +0100
Changeset: fbfb61068d34d3b9aa44f15d473071f3933bce8c
Modified Files:
openssl3/Makefile
openssl3/PLIST
openssl3/distinfo
Log Message:
openssl3: update to 3.1.0
* Add FIPS provider configuration option to enforce the
Extended Master Secret (EMS) check during the TLS1_PRF KDF.
The option '-ems-check' can optionally be supplied to
'openssl fipsinstall'.
* The FIPS provider includes a few non-approved algorithms for
backward compatibility purposes and the "fips=yes" property query
must be used for all algorithm fetches to ensure FIPS compliance.
The algorithms that are included but not approved are Triple DES ECB,
Triple DES CBC and EdDSA.
* Added support for KMAC in KBKDF.
* RNDR and RNDRRS support in provider functions to provide
random number generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS version
does not include the renegotiation mechanism. This avoids confusion
between that scenario versus when the TLS version includes secure
renegotiation but the peer lacks support for it.
* AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
* The various OBJ_* functions have been made thread safe.
* Parallel dual-prime 1536/2048-bit modular exponentiation for
AVX512_IFMA capable processors.
* The functions `OPENSSL_LH_stats`, `OPENSSL_LH_node_stats`,
`OPENSSL_LH_node_usage_stats`, `OPENSSL_LH_stats_bio`,
`OPENSSL_LH_node_stats_bio` and `OPENSSL_LH_node_usage_stats_bio` are now
marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
`OPENSSL_NO_DEPRECATED_3_1`.
The macro `DEFINE_LHASH_OF` is now deprecated in favour of the macro
`DEFINE_LHASH_OF_EX`, which omits the corresponding type-specific function
definitions for these functions regardless of whether
`OPENSSL_NO_DEPRECATED_3_1` is defined.
Users of `DEFINE_LHASH_OF` may start receiving deprecation warnings for these
functions regardless of whether they are using them. It is recommended that
users transition to the new macro, `DEFINE_LHASH_OF_EX`.
* When generating safe-prime DH parameters set the recommended private key
length equivalent to minimum key lengths as in RFC 7919.
* Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
maximum size that is smaller or equal to the digest length to comply with
FIPS 186-4 section 5. This is implemented by a new option
`OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX` ("auto-digestmax") for the
`rsa_pss_saltlen` parameter, which is now the default. Signature
verification is not affected by this change and continues to work as before.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=fbfb61068d34d3b9aa44f15d473071f3933bce8c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
openssl3/Makefile | 2 +-
openssl3/PLIST | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
openssl3/distinfo | 6 +++---
3 files changed, 55 insertions(+), 5 deletions(-)
diffs:
diff --git a/openssl3/Makefile b/openssl3/Makefile
index 7986f97590..c82876e89f 100644
--- a/openssl3/Makefile
+++ b/openssl3/Makefile
@@ -3,7 +3,7 @@
# Remember to upload-distfiles when updating OpenSSL -- otherwise it
# is not possible for users who have bootstrapped without OpenSSL
# to install it and enable HTTPS fetching.
-DISTNAME= openssl-3.0.5
+DISTNAME= openssl-3.1.0
CATEGORIES= security
MASTER_SITES= https://www.openssl.org/source/
diff --git a/openssl3/PLIST b/openssl3/PLIST
index 2415e61a08..dc45d5c39e 100644
--- a/openssl3/PLIST
+++ b/openssl3/PLIST
@@ -155,6 +155,7 @@ man/man1/c_rehash.1
man/man1/openssl-asn1parse.1
man/man1/openssl-ca.1
man/man1/openssl-ciphers.1
+man/man1/openssl-cmp.1
man/man1/openssl-cms.1
man/man1/openssl-crl.1
man/man1/openssl-crl2pkcs7.1
@@ -397,14 +398,21 @@ man/man3/BIO_callback_fn_ex.3
man/man3/BIO_closesocket.3
man/man3/BIO_connect.3
man/man3/BIO_ctrl.3
+man/man3/BIO_ctrl_dgram_connect.3
man/man3/BIO_ctrl_get_read_request.3
man/man3/BIO_ctrl_get_write_guarantee.3
man/man3/BIO_ctrl_pending.3
man/man3/BIO_ctrl_reset_read_request.3
+man/man3/BIO_ctrl_set_connected.3
man/man3/BIO_ctrl_wpending.3
man/man3/BIO_debug_callback.3
man/man3/BIO_debug_callback_ex.3
man/man3/BIO_destroy_bio_pair.3
+man/man3/BIO_dgram_get_mtu_overhead.3
+man/man3/BIO_dgram_get_peer.3
+man/man3/BIO_dgram_recv_timedout.3
+man/man3/BIO_dgram_send_timedout.3
+man/man3/BIO_dgram_set_peer.3
man/man3/BIO_do_accept.3
man/man3/BIO_do_connect.3
man/man3/BIO_do_connect_retry.3
@@ -502,6 +510,7 @@ man/man3/BIO_new_accept.3
man/man3/BIO_new_bio_pair.3
man/man3/BIO_new_buffer_ssl_connect.3
man/man3/BIO_new_connect.3
+man/man3/BIO_new_dgram.3
man/man3/BIO_new_ex.3
man/man3/BIO_new_fd.3
man/man3/BIO_new_file.3
@@ -529,6 +538,7 @@ man/man3/BIO_s_accept.3
man/man3/BIO_s_bio.3
man/man3/BIO_s_connect.3
man/man3/BIO_s_core.3
+man/man3/BIO_s_datagram.3
man/man3/BIO_s_fd.3
man/man3/BIO_s_file.3
man/man3/BIO_s_mem.3
@@ -634,6 +644,7 @@ man/man3/BN_RECP_CTX_set.3
man/man3/BN_abs_is_word.3
man/man3/BN_add.3
man/man3/BN_add_word.3
+man/man3/BN_are_coprime.3
man/man3/BN_bin2bn.3
man/man3/BN_bn2bin.3
man/man3/BN_bn2binpad.3
@@ -794,6 +805,7 @@ man/man3/CMS_compress.3
man/man3/CMS_data_create.3
man/man3/CMS_data_create_ex.3
man/man3/CMS_decrypt.3
+man/man3/CMS_decrypt_set1_password.3
man/man3/CMS_decrypt_set1_pkey.3
man/man3/CMS_decrypt_set1_pkey_and_peer.3
man/man3/CMS_digest_create.3
@@ -902,8 +914,9 @@ man/man3/CT_POLICY_EVAL_CTX_set1_issuer.3
man/man3/CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE.3
man/man3/CT_POLICY_EVAL_CTX_set_time.3
man/man3/DECLARE_ASN1_FUNCTIONS.3
-man/man3/DECLARE_LHASH_OF.3
man/man3/DECLARE_PEM_rw.3
+man/man3/DEFINE_LHASH_OF.3
+man/man3/DEFINE_LHASH_OF_EX.3
man/man3/DEFINE_SPECIAL_STACK_OF.3
man/man3/DEFINE_SPECIAL_STACK_OF_CONST.3
man/man3/DEFINE_STACK_OF.3
@@ -1423,7 +1436,9 @@ man/man3/EVP_BytesToKey.3
man/man3/EVP_CIPHER_CTX_block_size.3
man/man3/EVP_CIPHER_CTX_cipher.3
man/man3/EVP_CIPHER_CTX_clear_flags.3
+man/man3/EVP_CIPHER_CTX_copy.3
man/man3/EVP_CIPHER_CTX_ctrl.3
+man/man3/EVP_CIPHER_CTX_dup.3
man/man3/EVP_CIPHER_CTX_encrypting.3
man/man3/EVP_CIPHER_CTX_flags.3
man/man3/EVP_CIPHER_CTX_free.3
@@ -1659,6 +1674,7 @@ man/man3/EVP_MD_CTX_clear_flags.3
man/man3/EVP_MD_CTX_copy.3
man/man3/EVP_MD_CTX_copy_ex.3
man/man3/EVP_MD_CTX_ctrl.3
+man/man3/EVP_MD_CTX_dup.3
man/man3/EVP_MD_CTX_free.3
man/man3/EVP_MD_CTX_get0_md.3
man/man3/EVP_MD_CTX_get0_md_data.3
@@ -1737,6 +1753,8 @@ man/man3/EVP_OpenInit.3
man/man3/EVP_OpenUpdate.3
man/man3/EVP_PBE_CipherInit.3
man/man3/EVP_PBE_CipherInit_ex.3
+man/man3/EVP_PBE_alg_add.3
+man/man3/EVP_PBE_alg_add_type.3
man/man3/EVP_PBE_find.3
man/man3/EVP_PBE_find_ex.3
man/man3/EVP_PBE_scrypt.3
@@ -1757,6 +1775,8 @@ man/man3/EVP_PKEY_CTX_get0_dh_kdf_oid.3
man/man3/EVP_PKEY_CTX_get0_dh_kdf_ukm.3
man/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3
man/man3/EVP_PKEY_CTX_get0_libctx.3
+man/man3/EVP_PKEY_CTX_get0_peerkey.3
+man/man3/EVP_PKEY_CTX_get0_pkey.3
man/man3/EVP_PKEY_CTX_get0_propq.3
man/man3/EVP_PKEY_CTX_get0_provider.3
man/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3
@@ -2079,6 +2099,7 @@ man/man3/EVP_RAND_CTX_gettable_params.3
man/man3/EVP_RAND_CTX_new.3
man/man3/EVP_RAND_CTX_set_params.3
man/man3/EVP_RAND_CTX_settable_params.3
+man/man3/EVP_RAND_CTX_up_ref.3
man/man3/EVP_RAND_STATE_ERROR.3
man/man3/EVP_RAND_STATE_READY.3
man/man3/EVP_RAND_STATE_UNINITIALISED.3
@@ -2373,6 +2394,7 @@ man/man3/ISSUING_DIST_POINT_it.3
man/man3/ISSUING_DIST_POINT_new.3
man/man3/LHASH.3
man/man3/LHASH_DOALL_ARG_FN_TYPE.3
+man/man3/LHASH_OF.3
man/man3/MD2.3
man/man3/MD2_Final.3
man/man3/MD2_Init.3
@@ -2564,6 +2586,9 @@ man/man3/OPENSSL_fork_child.3
man/man3/OPENSSL_fork_parent.3
man/man3/OPENSSL_fork_prepare.3
man/man3/OPENSSL_free.3
+man/man3/OPENSSL_gmtime.3
+man/man3/OPENSSL_gmtime_adj.3
+man/man3/OPENSSL_gmtime_diff.3
man/man3/OPENSSL_hexchar2int.3
man/man3/OPENSSL_hexstr2buf.3
man/man3/OPENSSL_hexstr2buf_ex.3
@@ -2626,6 +2651,8 @@ man/man3/OPENSSL_version_minor.3
man/man3/OPENSSL_version_patch.3
man/man3/OPENSSL_version_pre_release.3
man/man3/OPENSSL_zalloc.3
+man/man3/OSSL_ALGORITHM.3
+man/man3/OSSL_CALLBACK.3
man/man3/OSSL_CMP_CR.3
man/man3/OSSL_CMP_CTX_build_cert_chain.3
man/man3/OSSL_CMP_CTX_free.3
@@ -2651,6 +2678,7 @@ man/man3/OSSL_CMP_CTX_push0_policy.3
man/man3/OSSL_CMP_CTX_push1_subjectAltName.3
man/man3/OSSL_CMP_CTX_reinit.3
man/man3/OSSL_CMP_CTX_reqExtensions_have_SAN.3
+man/man3/OSSL_CMP_CTX_reset_geninfo_ITAVs.3
man/man3/OSSL_CMP_CTX_server_perform.3
man/man3/OSSL_CMP_CTX_set0_newPkey.3
man/man3/OSSL_CMP_CTX_set0_reqExtensions.3
@@ -2870,6 +2898,7 @@ man/man3/OSSL_DECODER_is_a.3
man/man3/OSSL_DECODER_names_do_all.3
man/man3/OSSL_DECODER_settable_ctx_params.3
man/man3/OSSL_DECODER_up_ref.3
+man/man3/OSSL_DISPATCH.3
man/man3/OSSL_EC_curve_nid2name.3
man/man3/OSSL_ENCODER.3
man/man3/OSSL_ENCODER_CLEANUP.3
@@ -2941,6 +2970,7 @@ man/man3/OSSL_HTTP_parse_url.3
man/man3/OSSL_HTTP_proxy_connect.3
man/man3/OSSL_HTTP_set1_request.3
man/man3/OSSL_HTTP_transfer.3
+man/man3/OSSL_ITEM.3
man/man3/OSSL_LIB_CTX.3
man/man3/OSSL_LIB_CTX_free.3
man/man3/OSSL_LIB_CTX_get0_global_default.3
@@ -3049,6 +3079,7 @@ man/man3/OSSL_PARAM_uint64.3
man/man3/OSSL_PARAM_ulong.3
man/man3/OSSL_PARAM_utf8_ptr.3
man/man3/OSSL_PARAM_utf8_string.3
+man/man3/OSSL_PASSPHRASE_CALLBACK.3
man/man3/OSSL_PROVIDER.3
man/man3/OSSL_PROVIDER_add_builtin.3
man/man3/OSSL_PROVIDER_available.3
@@ -3441,6 +3472,8 @@ man/man3/PKCS7_SIGNER_INFO_free.3
man/man3/PKCS7_SIGNER_INFO_new.3
man/man3/PKCS7_SIGN_ENVELOPE_free.3
man/man3/PKCS7_SIGN_ENVELOPE_new.3
+man/man3/PKCS7_add_certificate.3
+man/man3/PKCS7_add_crl.3
man/man3/PKCS7_decrypt.3
man/man3/PKCS7_dup.3
man/man3/PKCS7_encrypt.3
@@ -3520,6 +3553,8 @@ man/man3/RAND_pseudo_bytes.3
man/man3/RAND_query_egd_bytes.3
man/man3/RAND_screen.3
man/man3/RAND_seed.3
+man/man3/RAND_set0_private.3
+man/man3/RAND_set0_public.3
man/man3/RAND_set_DRBG_type.3
man/man3/RAND_set_rand_method.3
man/man3/RAND_set_seed_source_type.3
@@ -4890,6 +4925,7 @@ man/man3/X509_get_subject_name.3
man/man3/X509_get_version.3
man/man3/X509_getm_notAfter.3
man/man3/X509_getm_notBefore.3
+man/man3/X509_gmtime_adj.3
man/man3/X509_http_nbio.3
man/man3/X509_issuer_and_serial_cmp.3
man/man3/X509_issuer_name_cmp.3
@@ -5433,6 +5469,7 @@ man/man3/ssl_ct_validation_cb.3
man/man5/config.5
man/man5/fips_config.5
man/man5/x509v3_config.5
+man/man7/EVP_ASYM_CIPHER-RSA.7
man/man7/EVP_ASYM_CIPHER-SM2.7
man/man7/EVP_CIPHER-AES.7
man/man7/EVP_CIPHER-ARIA.7
@@ -5442,6 +5479,7 @@ man/man7/EVP_CIPHER-CAST.7
man/man7/EVP_CIPHER-CHACHA.7
man/man7/EVP_CIPHER-DES.7
man/man7/EVP_CIPHER-IDEA.7
+man/man7/EVP_CIPHER-NULL.7
man/man7/EVP_CIPHER-RC2.7
man/man7/EVP_CIPHER-RC4.7
man/man7/EVP_CIPHER-RC5.7
@@ -5498,6 +5536,7 @@ man/man7/EVP_MD-MD4.7
man/man7/EVP_MD-MD5-SHA1.7
man/man7/EVP_MD-MD5.7
man/man7/EVP_MD-MDC2.7
+man/man7/EVP_MD-NULL.7
man/man7/EVP_MD-RIPEMD160.7
man/man7/EVP_MD-SHA1.7
man/man7/EVP_MD-SHA2.7
@@ -5700,6 +5739,7 @@ share/doc/openssl/html/man3/BIO_s_accept.html
share/doc/openssl/html/man3/BIO_s_bio.html
share/doc/openssl/html/man3/BIO_s_connect.html
share/doc/openssl/html/man3/BIO_s_core.html
+share/doc/openssl/html/man3/BIO_s_datagram.html
share/doc/openssl/html/man3/BIO_s_fd.html
share/doc/openssl/html/man3/BIO_s_file.html
share/doc/openssl/html/man3/BIO_s_mem.html
@@ -5785,6 +5825,7 @@ share/doc/openssl/html/man3/DTLS_get_data_mtu.html
share/doc/openssl/html/man3/DTLS_set_timer_cb.html
share/doc/openssl/html/man3/DTLSv1_listen.html
share/doc/openssl/html/man3/ECDSA_SIG_new.html
+share/doc/openssl/html/man3/ECDSA_sign.html
share/doc/openssl/html/man3/ECPKParameters_print.html
share/doc/openssl/html/man3/EC_GFp_simple_method.html
share/doc/openssl/html/man3/EC_GROUP_copy.html
@@ -5827,6 +5868,7 @@ share/doc/openssl/html/man3/EVP_PKEY2PKCS8.html
share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html
share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html
share/doc/openssl/html/man3/EVP_PKEY_CTX_get0_libctx.html
+share/doc/openssl/html/man3/EVP_PKEY_CTX_get0_pkey.html
share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html
share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html
share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html
@@ -5911,6 +5953,7 @@ share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html
share/doc/openssl/html/man3/OPENSSL_LH_stats.html
share/doc/openssl/html/man3/OPENSSL_config.html
share/doc/openssl/html/man3/OPENSSL_fork_prepare.html
+share/doc/openssl/html/man3/OPENSSL_gmtime.html
share/doc/openssl/html/man3/OPENSSL_hexchar2int.html
share/doc/openssl/html/man3/OPENSSL_ia32cap.html
share/doc/openssl/html/man3/OPENSSL_init_crypto.html
@@ -5921,6 +5964,8 @@ share/doc/openssl/html/man3/OPENSSL_malloc.html
share/doc/openssl/html/man3/OPENSSL_s390xcap.html
share/doc/openssl/html/man3/OPENSSL_secure_malloc.html
share/doc/openssl/html/man3/OPENSSL_strcasecmp.html
+share/doc/openssl/html/man3/OSSL_ALGORITHM.html
+share/doc/openssl/html/man3/OSSL_CALLBACK.html
share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html
share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html
share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html
@@ -5941,6 +5986,7 @@ share/doc/openssl/html/man3/OSSL_DECODER.html
share/doc/openssl/html/man3/OSSL_DECODER_CTX.html
share/doc/openssl/html/man3/OSSL_DECODER_CTX_new_for_pkey.html
share/doc/openssl/html/man3/OSSL_DECODER_from_bio.html
+share/doc/openssl/html/man3/OSSL_DISPATCH.html
share/doc/openssl/html/man3/OSSL_ENCODER.html
share/doc/openssl/html/man3/OSSL_ENCODER_CTX.html
share/doc/openssl/html/man3/OSSL_ENCODER_CTX_new_for_pkey.html
@@ -5949,6 +5995,7 @@ share/doc/openssl/html/man3/OSSL_ESS_check_signing_certs.html
share/doc/openssl/html/man3/OSSL_HTTP_REQ_CTX.html
share/doc/openssl/html/man3/OSSL_HTTP_parse_url.html
share/doc/openssl/html/man3/OSSL_HTTP_transfer.html
+share/doc/openssl/html/man3/OSSL_ITEM.html
share/doc/openssl/html/man3/OSSL_LIB_CTX.html
share/doc/openssl/html/man3/OSSL_PARAM.html
share/doc/openssl/html/man3/OSSL_PARAM_BLD.html
@@ -6252,6 +6299,7 @@ share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html
share/doc/openssl/html/man5/config.html
share/doc/openssl/html/man5/fips_config.html
share/doc/openssl/html/man5/x509v3_config.html
+share/doc/openssl/html/man7/EVP_ASYM_CIPHER-RSA.html
share/doc/openssl/html/man7/EVP_ASYM_CIPHER-SM2.html
share/doc/openssl/html/man7/EVP_CIPHER-AES.html
share/doc/openssl/html/man7/EVP_CIPHER-ARIA.html
@@ -6261,6 +6309,7 @@ share/doc/openssl/html/man7/EVP_CIPHER-CAST.html
share/doc/openssl/html/man7/EVP_CIPHER-CHACHA.html
share/doc/openssl/html/man7/EVP_CIPHER-DES.html
share/doc/openssl/html/man7/EVP_CIPHER-IDEA.html
+share/doc/openssl/html/man7/EVP_CIPHER-NULL.html
share/doc/openssl/html/man7/EVP_CIPHER-RC2.html
share/doc/openssl/html/man7/EVP_CIPHER-RC4.html
share/doc/openssl/html/man7/EVP_CIPHER-RC5.html
@@ -6297,6 +6346,7 @@ share/doc/openssl/html/man7/EVP_MD-MD4.html
share/doc/openssl/html/man7/EVP_MD-MD5-SHA1.html
share/doc/openssl/html/man7/EVP_MD-MD5.html
share/doc/openssl/html/man7/EVP_MD-MDC2.html
+share/doc/openssl/html/man7/EVP_MD-NULL.html
share/doc/openssl/html/man7/EVP_MD-RIPEMD160.html
share/doc/openssl/html/man7/EVP_MD-SHA1.html
share/doc/openssl/html/man7/EVP_MD-SHA2.html
diff --git a/openssl3/distinfo b/openssl3/distinfo
index 856ab915b9..297b895289 100644
--- a/openssl3/distinfo
+++ b/openssl3/distinfo
@@ -1,5 +1,5 @@
$NetBSD: distinfo,v 1.161 2022/07/11 23:03:51 wiz Exp $
-BLAKE2s (openssl-3.0.5.tar.gz) = 602d3fb7b23c1fd68b884560e3a6aa53510cba235d96f6aedcfab5fd4b1e1b4c
-SHA512 (openssl-3.0.5.tar.gz) = 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
-Size (openssl-3.0.5.tar.gz) = 15074407 bytes
+BLAKE2s (openssl-3.1.0.tar.gz) = 4403556d8d27dedd739a7ae5f33a371c92eadcd3238f84e9874f8cd34558ad92
+SHA512 (openssl-3.1.0.tar.gz) = 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
+Size (openssl-3.1.0.tar.gz) = 15525381 bytes
Home |
Main Index |
Thread Index |
Old Index