Received: by mail.netbsd.org (Postfix, from userid 605) id DD07984E8F; Wed, 5 Apr 2023 10:58:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1691684CFA for ; Wed, 5 Apr 2023 10:58:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id m3F_oOJl8ynk for ; Wed, 5 Apr 2023 10:58:40 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id CE27084C13 for ; Wed, 5 Apr 2023 10:58:40 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id C6A28FA81; Wed, 5 Apr 2023 10:58:40 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_168069232087460" MIME-Version: 1.0 Date: Wed, 5 Apr 2023 10:58:40 +0000 From: "Nikita" Subject: CVS commit: pkgsrc/security/libressl To: pkgsrc-changes@NetBSD.org Reply-To: nikita@netbsd.org X-Mailer: log_accum Message-Id: <20230405105840.C6A28FA81@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_168069232087460 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: nikita Date: Wed Apr 5 10:58:40 UTC 2023 Modified Files: pkgsrc/security/libressl: Makefile PLIST buildlink3.mk distinfo Log Message: libressl: update to version 3.6.2 Changelog: 3.6.2 - Stable release * Security fix - A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory. 3.6.1 - Stable release * Bug fixes - Custom verification callbacks could cause the X.509 verifier to fail to store errors resulting from leaf certificate verification. Reported by Ilya Shipitsin. - Unbreak ASN.1 indefinite length encoding. Reported by Niklas Hallqvist. 3.6.0 - Development release * Internal improvements - Avoid expensive RFC 3779 checks during cert verification. - The templated ASN.1 decoder has been cleaned up, refactored, modernized with parts rewritten using CBB and CBS. - The ASN.1 time parser has been rewritten. - Rewrite and fix ASN1_STRING_to_UTF8(). - Use asn1_abs_set_unused_bits() rather than inlining it. - Simplify ec_asn1_group2curve(). - First pass at a clean up of ASN1_item_sign_ctx() - ssl_txt.c was cleaned up. - Internal function arguments and struct member have been changed to size_t. - Lots of missing error checks of EVP API were added. - Clean up and clarify BN_kronecker(). - Simplify ASN1_INTEGER_cmp() - Rewrite ASN1_INTEGER_{get,set}() using CBS and CBB and reuse the ASN1_INTEGER functions for ASN1_ENUMERATED. - Use ASN1_INTEGER to parse and build {Z,}LONG_it - Refactored and cleaned up group (elliptic curve) handling in t1_lib.c. - Simplify certificate list handling code in the legacy server. - Make CBB_finish() fail if *out_data is not NULL. - Remove tls_buffer_set_data() and remove/revise callers. - Rewrite SSL{_CTX,}_set_alpn_protos() using CBS. - Simplify tlsext_supported_groups_server_parse(). - Remove redundant length checks in tlsext parse functions. - Simplify tls13_server_encrypted_extensions_recv(). - Add read and write support to tls_buffer. - Convert TLS transcript from BUF_MEM to tls_buffer. - Clear key on exit in PKCS12_gen_mac(). - Minor fixes in PKCS12_parse(). - Provide and use a primitive clear function for BIGNUM_it. - Use ASN1_INTEGER to encode/decode BIGNUM_it. - Add stack frames to AES-NI x86_64 assembly. - Use named initialisers for BIGNUMs. - Tidy up some of BN_nist_mod_*. - Expand BLOCK_CIPHER_* and related macros. - Avoid shadowing the cbs function parameter in tlsext_alpn_server_parse() - Deduplicate peer certificate chain processing code. - Make it possible to signal an error from an i2c_* function. - Rewrite i2c_ASN1_INTEGER() using CBB/CBS. - Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20(). - Remove bogus length checks from EVP_aead_chacha20_poly1305(). - Reworked DSA_size() and ECDSA_size(). - Stop using CBIGNUM_it internal to libcrypto. - Provide c2i_ASN1_ENUMERATED_cbs() and call it from asn1_c2i_primitive(). - Ensure ASN.1 types are appropriately encoded. - Avoid recycling ASN1_STRINGs when decoding ASN.1. - Tidy up asn1_c2i_primitive() slightly. - Mechanically expand IMPLEMENT_BLOCK_CIPHER, IMPLEMENT_CFBR, BLOCK_CIPHER and the looney M_do_cipher macros. - Use correct length for EVP CFB mode ciphers. - Provide a version of ssl_msg_callback() that takes a CBS. - Use CBS to parse TLS alerts in the legacy stack. - Increment the input and output position for EVP AES CFB1. - Ensure there is no trailing data for a CCS received by the TLSv1.3 stack. - Use CBS when procesing a CCS message in the legacy stack. - Be stricter with middlebox compatibility mode in the TLSv1.3 server. * Compatibility changes - The ASN.1 time parser has been refactored and rewritten using CBS. It has been made stricter in that it now enforces the rules from RFC 5280. - ASN1_AFLG_BROKEN was removed. - Error check tls_session_secret_cb() like OpenSSL. - Added ASN1_INTEGER_{get,set}_{u,}int64() - Move leaf certificate checks to the last thing after chain validation. - Added -s option to openssl(1) ciphers that only shows the ciphers supported by the specified protocol. - Use TLS_client_method() instead of TLSv1_client_method() in the openssl(1) ciphers command. - Validate the protocols in SSL{_CTX,}_set_alpn_protos(). - Made TS and PKCS12 opaque. - Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF. - Align PKCS12_key_gen_uni() with OpenSSL - Various PKCS12 and TS accessors were added. In particular, the TS_RESP_CTX_set_time_cb() function was added back. - Allow a NULL header in PEM_write{,_bio}() - Allow empty attribute sets in CSRs. - Adjust signatures of BIO_ctrl functions. - Provide additional defines for EVP AEAD. - Provide OPENSSL_cleanup(). - Make BIO_info_cb() identical to bio_info_cb(). * Bug fixes - Avoid use of uninitialized in BN_mod_exp_recp(). - Fix X509_get_extension_flags() by ensuring that EXFLAG_INVALID is set on X509_get_purpose() failure. - Fix HMAC() with NULL key. - Add ERR_load_{COMP,CT,KDF}_strings() to ERR_load_crypto_strings(). - Avoid strict aliasing violations in BN_nist_mod_*(). - Do not return X509_V_ERR_UNSPECIFIED from X509_check_ca(). No return value of X509_check_ca() indicates failure. Application code should therefore issue a checked call to X509_check_purpose() before calling X509_check_ca(). - Rewrite and fix X509v3_asid_subset() to avoid segfaults on some valid input. - Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new(). - Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly. - Avoid use of uninitialized in ASN1_STRING_to_UTF8(). - Do not pass uninitialized pointer to ASN1_STRING_to_UTF8(). - Do not refuse valid IPv6 addresses in nc(1)'s HTTP CONNECT proxy. - Do not reject primes in trial divisions. - Error out on negative shifts in BN_{r,l}shift() instead of accessing arrays out of bounds. - Fix URI name constraints, allow for URI's with no host part. - Fix the legacy verifier callback behaviour for untrusted certs. - Correct serfver-side handling of TLSv1.3 key updates. - Plug leak in PKCS12_setup_mac(). - Plug leak in X509V3_add1_i2d(). - Only print X.509 versions we know about. - Avoid signed integer overflow due to unary negation - Initialize readbytes in BIO_gets(). - Plug memory leak in CMS_add_simple_smimecap(). - Plug memory leak in X509_REQ_print_ex(). - Check HMAC() return value to avoid a later use of uninitialized. - Avoid potential NULL dereference in ssl_set_pkey(). - Check return values in ssl_print_tmp_key(). - Switch loop bounds from size_t to int in check_hosts(). - Avoid division by zero if no connection was made in s_time.c. - Check sk_SSL_CIPHER_push() return value - Avoid out-of-bounds read in ssl_cipher_process_rulestr(). - Use LONG_MAX as the limit for ciphers with long based APIs. * New features - EVP API for HKDF ported from OpenSSL and subsequently cleaned up. - The security level API (SSL_{,CTX}_{get,set}_security_level()) is now available. Callbacks and ex_data are not supported. Sane software will not be using this. - Experimental support for the BoringSSL QUIC API. - Add initial support for TS ESSCertIDv2 verification. - LibreSSL now uses the Baillie-PSW primality test instead of Miller-Rabin . 3.5.3 - Reliability fix * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for reporting the issue and testing the fix. 3.5.2 - Stable release * Bug fixes - Avoid single byte overread in asn1_parse2(). - Allow name constraints with a leading dot. From Alex Wilson. - Relax a check in x509_constraints_dirname() to allow prefixes. From Alex Wilson. - Fix NULL dereferences in openssl(1) cms option parsing. - Do not zero the computed cofactor on ec_guess_cofactor() success. - Bound cofactor in EC_GROUP_set_generator() to reduce the number of bogus groups that can be described with nonsensical parameters. - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low memory conditions. Reported for HMAC by Masaru Masuda. - Plug leak in ASN1_TIME_adj_internal(). - Avoid infinite loop for custom curves of order 1. Issue reported by Hanno Boeck, comments by David Benjamin. - Avoid an infinite loop on parsing DSA private keys by validating that the provided parameters conform to FIPS 186-4. Issue reported by Hanno Boeck, comments by David Benjamin. * Compatibility improvements - Allow non-standard name constraints of the form @domain.com. * Internal improvements - Limit OID text conversion to 64 bits per arc. - Clean up and simplify memory BIO code. - Reduce number of memmove() calls in memory BIOs. - Factor out alert handling code in the legacy stack. - Add sanity checks on p and q in old_dsa_priv_decode() - Cache the SHA-512 hash instead of the SHA-1 for CRLs. - Suppress various compiler warnings for old gcc versions. - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). - Rework ownership handling in x509_constraints_validate(). - Rework ASN1_STRING_set(). - Remove const from tls1_transcript_hash_value(). - Clean up and simplify ssl3_renegotiate{,_check}(). - Rewrite legacy TLS and DTLS unexpected handshake message handling. - Simplify SSL_do_handshake(). - Rewrite ASCII/text to ASN.1 object conversion. - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). - Split armv7 and aarch64 code into separate locations. - Rewrote openssl(1) ts to use the new option handling and cleaned up the C code. - Provide asn1_get_primitive(). - Convert {c2i,d2i}_ASN1_OBJECT() to CBS. - Remove the minimum record length checks from dtls1_read_bytes(). - Clean up {dtls1,ssl3}_read_bytes(). - Be more careful with embedded and terminating NULs in the new name constraints code. - Check EVP_Digest* return codes in openssl(1) ts - Various minor code cleanup in openssl(1) pkcs12 - Use calloc() in pkey_hmac_init(). - Simplify priv_key handling in d2i_ECPrivateKey(). * Documentation improvements - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after refactoring and bug fixes. - Fixed numerous minor grammar, spelling, wording, and punctuation issues. 3.5.1 - Security release * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google. 3.5.0 - Development release * New Features - The RFC 3779 API was ported from OpenSSL. Many bugs were fixed, regression tests were added and the code was cleaned up. - Certificate Transparency was ported from OpenSSL. Many internal improvements were made, resulting in cleaner and safer code. Regress coverage was added. libssl does not yet make use of it. * Portable Improvements - Fixed various POSIX compliance and other portability issues found by the port to the Sortix operating system. - Add libmd as platform specific libraries for Solaris. Issue reported from (ihsan opencsw org) on libressl ML. - Set IA-64 compiler flag only if it is HP-UX with IA-64. Suggested from Larkin Nickle (me larbob org) by libressl ML. - Enabled and scheduled Coverity scan. Contributed by Ilya Shipitsin (chipitsine gmail com> on github. * Compatibility Changes - Most structs that were previously defined in the following headers are now opaque as they are in OpenSSL 1.1: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, x509.h, x509v3.h, x509_vfy.h - Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead of using something consistent with the previous naming. Various test suites expect these names (instead of checking for the much more sensible cipher numbers). The old names are still accepted as aliases. - Subject alternative names and name constraints are now validated when they are added to certificates. Various interoperability problems with stacks that validate certificates more strictly than OpenSSL can be avoided this way. - Attempt to opportunistically use the host name for SNI in s_client * Bug fixes - In some situations, the verifier would discard the error on an unvalidated certificate chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software. - Avoid an infinite loop in SSL_shutdown() - Fix another return 0 bug in SSL_shutdown() - Handle zero byte reads/writes that trigger handshakes in the TLSv1.3 stack - A long standing memleak in libtls CRL handling was fixed * Internal Improvements - Cache the SHA-512 hash instead of the SHA-1 hash and cache notBefore and notAfter times when X.509 certificates are parsed. - The X.509 lookup code has been simplified and cleaned up. - Fixed numerous issues flagged by coverity and the cryptofuzz project - Increased the number of Miller-Rabin checks in DH and DSA key/parameter generation - Started using the bytestring API in libcrypto for cleaner and safer code - Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1 - Convert ASN1_OBJECT_new() to calloc() - Convert ASN1_STRING_type_new() to calloc() - Rewrite ASN1_STRING_cmp() - Use calloc() for X509_CRL_METHOD_new() instead of malloc() - Convert ASN1_PCTX_new() to calloc() - Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function - Consolidate {d2i,i2d}_{pr,pu}.c - Remove handling of a NULL BUF_MEM from asn1_collect() - Pull the recursion depth check up to the top of asn1_collect() - Inline collect_data() in asn1_collect() - Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB - Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN() - Consolidate ASN.1 universal tag type data - Rewrite ASN.1 identifier/length parsing in CBS - Make OBJ_obj2nid() work correctly with NID_undef - tlsext_tick_lifetime_hint is now an uint32_t - Untangle ssl3_get_message() return values - Rename tls13_buffer to tls_buffer - Fold DTLS_STATE_INTERNAL into DTLS1_STATE - Provide a way to determine our maximum legacy version - Mop up enc_read_ctx and read_hash - Fold SSL_SESSION_INTERNAL into SSL_SESSION - Use ssl_force_want_read in the DTLS code - Add record processing limit to DTLS code - Add explicit CBS_contains_zero_byte() check in CBS_strdup() - Improve SNI hostname validation - Ensure SSL_set_tlsext_host_name() is given a valid hostname - Fix a strange check in the auto DH codepath - Factor out/rewrite DHE key exchange - Convert server serialisation of DHE parameters/public key to new functions - Check DH public key in ssl_kex_peer_public_dhe() - Move the minimum DHE key size check into ssl_kex_peer_params_dhe() - Clean up and refactor server side DHE key exchange - Provide CBS_get_last_u8() - Provide CBS_get_u64() - Provide CBS_add_u64() - Provide various CBS_peek_* functions - Use CBS_get_last_u8() to find the content type in TLSv1.3 records - unifdef TLS13_USE_LEGACY_CLIENT_AUTH - Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack - Only allow zero length key shares when we know we're doing HRR - Pull key share group/length CBB code up from tls13_key_share_public() - Refactor ssl3_get_server_kex_ecdhe() to separate parsing and validation - Return 0 on failure from send/get kex functions in the legacy stack - Rename tls13_key_share to tls_key_share - Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection - Convert legacy TLS client to tls_key_share - Convert legacy TLS server to tls_key_share - Stop attempting to duplicate the public and private key of dh_tmp - Rename dh_tmp to dhe_params - Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY - Clean up pkey handling in ssl3_get_server_key_exchange() - Fix GOST skip certificate verify handling - Simplify tlsext_keyshare_server_parse() - Plumb decode errors through key share parsing code - Simplify SSL_get_peer_certificate() - Cleanup/simplify ssl_cert_type() - The S3I macro was removed - The openssl(1) cms and smime subcommands option handling was converted and the C source was cleaned up. * Documentation improvements - 45 new manual pages, most of which were written from scratch. Documentation coverage of ASN.1 and X.509 code has been significantly improved. * API additions and removals - libssl API additions SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex API stubs for compatibility SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets SSL_get_num_tickets SSL_set_num_tickets - libcrypto added API (some of these were previously available as macros): ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex BIO_get_init BIO_set_callback_ex BIO_set_next BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old BN_abs_is_word BN_get_flags BN_is_negative BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert CT_POLICY_EVAL_CTX_set1_issuer CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final EVP_MD_meth_set_flags EVP_MD_meth_set_init EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size EVP_MD_meth_set_update EVP_PKEY_asn1_set_check EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check EVP_PKEY_check EVP_PKEY_meth_set_check EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode FIPS_mode_set IPAddressChoice_free IPAddressChoice_new IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free IPAddressOrRange_new IPAddressRange_free IPAddressRange_new OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id OCSP_resp_get0_produced_at OCSP_resp_get0_respdata OCSP_resp_get0_signature OCSP_resp_get0_signer OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free SCT_get0_extensions SCT_get0_log_id SCT_get0_signature SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source SCT_get_timestamp SCT_get_validation_status SCT_get_version SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions SCT_set0_log_id SCT_set0_signature SCT_set1_extensions SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type SCT_set_signature_nid SCT_set_source SCT_set_timestamp SCT_set_version SCT_validate SCT_validation_status_string X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject X509_STORE_CTX_get_num_untrusted X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth X509_STORE_CTX_set_verify X509_STORE_get_verify X509_STORE_get_verify_cb X509_STORE_set_verify X509_get_X509_PUBKEY X509_get_extended_key_usage X509_get_extension_flags X509_get_key_usage X509v3_addr_add_inherit X509v3_addr_add_prefix X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi X509v3_addr_get_range X509v3_addr_inherits X509v3_addr_is_canonical X509v3_addr_subset X509v3_addr_validate_path X509v3_addr_validate_resource_set X509v3_asid_add_id_or_range X509v3_asid_add_inherit X509v3_asid_canonize X509v3_asid_inherits X509v3_asid_is_canonical X509v3_asid_subset X509v3_asid_validate_path X509v3_asid_validate_resource_set d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT i2o_SCT_LIST o2i_SCT o2i_SCT_LIST removed API: ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit PEM_SealUpdate PEM_read_X509_CERT_PAIR PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore asn1_enc_save asn1_ex_c2i asn1_get_choice_selector asn1_get_field_ptr asn1_set_choice_selector check_defer d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer 3.4.1 - Stable release * New Features - Added support for OpenSSL 1.1.1 TLSv1.3 APIs. - Enabled the new X.509 validator to allow verification of modern certificate chains. * Portable Improvements - Ported continuous integration and test infrastructure to Github actions. - Added Universal Windows Platform (UWP) build support. - Fixed mingw-w64 builds on newer versions with missing SSP support. - Added non-executable stack annotations for CMake builds. * API and Documentation Enhancements - Added the following APIs from OpenSSL BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve EC_GROUP_order_bits EC_GROUP_set_curve EC_POINT_get_affine_coordinates EC_POINT_set_affine_coordinates EC_POINT_set_compressed_coordinates EVP_DigestSign EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable SSL_SESSION_set_max_early_data SSL_get_early_data_status SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio SSL_set_ciphersuites SSL_set_max_early_data SSL_set_post_handshake_auth SSL_set_psk_use_session_callback SSL_verify_client_post_handshake SSL_write_early_data - Added AES-GCM constants from RFC 7714 for SRTP. * Compatibility Changes - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache. - Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay. - Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE. - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback. * Testing and Proactive Security - Added additional state machine test coverage. - Improved integration test support with ruby/openssl tests. - Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests. * Internal Improvements - Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes and callback support compatible with the legacy OpenSSL validator. 3.4.0 - Development release * Add support for OpenSSL 1.1.1 TLSv1.3 APIs. * Enable new x509 validator. * More details to come, testing is appreciated. 3.3.5 - Security fix * A stack overread could occur when checking X.509 name constraints. From GoldBinocle on GitHub. * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier. This compensates for the expiry of the DST Root X3 certificate. 3.3.4 - Security fix * In LibreSSL, printing a certificate can result in a crash in X509_CERT_AUX_print(). From Ingo Schwarze * Ensure GNU-stack is set on ELF platforms when building with CMake to enable non-executable stack annotations for the GNU toolchain. From Tobias Heider 3.3.3 - Stable release * This is the first stable release from the 3.3.x series. There are no changes from 3.3.2. 3.3.2 - Development release * This release adds support for DTLSv1.2 and continues the rewrite of the record layer for the legacy stack. Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default. The OpenSSL 1.1 TLSv1.3 API is not yet available. * Switch finish{,_peer}_md_len from an int to a size_t. * Make SSL_get{,_peer}_finished() work when used with TLSv1.3. * Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 was a historical artefact. * Correct the return value type from ERR_peek_error() to a long. * Avoid use of uninitialized in ASN1_time_parse() which could happen on parsing UTCTime if the caller did not initialise the passed struct tm. * Destroy the mutex in a tls_config object on tls_config_free(). * Free alert_data and phh_data in tls13_record_layer_free() these could leak if SSL_shutdown() or tls_close() were called after closing the underlying socket(). * Free struct members in tls13_record_layer_free() in their natural order for reviewability. * Gracefully handle root certificates being both trusted and untrusted. * Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new verifier. * Use the legacy verifier when building auto chains for TLS. * Use consistent names in tls13_{client,server}_finished_{recv,send}(). * Add tls13_secret_{init,cleanup}() and use them throughout the TLSv1.3 code base. * Move the read MAC key into the TLSv1.2 record layer. * Make tls12_record_layer_free() NULL safe. * Search the intermediates only after searching the root certs in the new verifier to avoid problems with the legacy callback. * Bail out early after finding a single chain in the new verifier, if we have been called via the legacy verifier API. * Set (invalid and likely incomplete) chain on the xsc on chain build failure prior to calling the callback. This is required by various callers, including auto chain. * Align SSL_get_shared_ciphers() with OpenSSL. This takes into account that it never returned server ciphers, so now it will fail when called from the client side. * Add support for SSL_get_shared_ciphers() with TLSv1.3. * Split the record protection from the TLSv1.2 record layer. * Clean up sequence number handling in the new TLSv1.2 record layer. * Clean up sequence number handling in DTLS. * Clean up dtls1_reset_seq_numbers(). * Factor out code for explicit IV length, block size and MAC length from tls12_record_layer_open_record_protected_cipher(). * Provide record layer overhead for DTLS. * Provide functions to determine if TLSv1.2 record protection is engaged. * Add code to handle change of cipher state in the new TLSv1.2 record layer. * Mop up now unused dtls1_build_sequence_numbers() function. * Allow setting a keypair on a tls context without specifying the private key, and fake it internally in libtls. This removes the need for privsep engines like relayd to use bogus keys. * Skip the private key check for fake private keys. * Move the private key setup from tls_configure_ssl_keypair() to a helper function with proper error checking. * Change the internal tls_configure_ssl_keypair() function to return -1 instead of 1 on failure. * Move sequence numbers into the new TLSv1.2 record layer. * Move AEAD handling into the new TLSv1.2 record layer. * Remove direct assignment of aead_ctx to avoid a leak. * Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360, draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. * Fail early in legacy exporter if the master secret is not available to avoid a segfault if it is called when the handshake is not completed. * Factor out legacy stack version checks. * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which were originally added with the default handshake MAC and PRF rather than the SHA256 handshake MAC and PRF. * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). * Use dtls1_record_retrieve_buffered_record() to load buffered application data. * Enforce read ahead with DTLS. * Remove bogus DTLS checks that disabled ECC and OCSP. * Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA". * Only print the certificate file once on verification failure. * Pull in fix for EVP_CipherUpdate() overflow from OpenSSL. * Clean up and simplify dtls1_get_cipher(). * Group HelloVerifyRequest decoding and add missing check for trailing data. * Revise HelloVerifyRequest handling for DTLSv1.2. * Handle DTLS1_2_VERSION in various places. * Add DTLSv1.2 methods. * Make SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero if the minimum or maximum has been set to zero to match OpenSSL's behavior. * Rename the "truncated" label into "decode_err" and the "f_err" label into "fatal_err". * Factor out and change some of the legacy client version code. * Simplify version checks in the TLSv1.3 client. Ensure that the server announced TLSv1.3 and nothing higher and check that the legacy_version is set to TLSv1.2 as required by RFC 8446. * Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that the new validator checks for EXFLAG_CRITICAL in x509_vfy_check_chain_extension() for all untrusted certs in the chain. Take into account that the root is not necessarily trusted. * Avoid passing last and depth to x509_verify_cert_error() on ENOMEM. * Rename depth to num_untrusted. * Only use TLS versions internally rather than both TLS and DTLS versions since the latter are the one's complement of the human readable version numbers, which means that newer versions decrease in value. * Fix two bugs in the legacy verifier that resulted from refactoring of X509_verify_cert() for the new verifier: a return value was incorrectly treated as boolean, making it insufficient to decide whether validation should carry on or not. * Identify DTLS based on the version major value. * Move handling of cipher/hash based cipher suites into the new record layer. * Add tls12_record_protection_unused() and call it from CCS functions. * Move key/IV length checks closer to usage sites. Also add explicit checks against EVP_CIPHER_{iv,key}_length(). * Replace two handrolled tls12_record_protection_engaged(). * Improve internal version handling: add handshake fields for our minimum version, our maximum version and the TLS version negotiated during the handshake. Convert most of the internal code to use these version fields. * Guard against future internal use of TLS1_get_{client,}_version() macros. * Remove the internal ssl_downgrade_max_version() function which is no longer needed. * Fix checks for memory caps of constraints names. There are internal caps on the number of name constraints and other names, that the new name constraints code allocates per cert chain. These limits were checked too late, making them only partially effective. * Use EXFLAG_INVALID to handle out of memory and parse errors in x509v3_cache_extensions(). * Add support for DTLSv1.2 version handling. * Enable DTLSv1.2 support. * Add DTLSv1.2 support to openssl s_client/s_server. * Remove no longer needed read ahead workarounds in the s_client and s_server. * Fix a copy-paste error - skid was confused with an akid when checking for EXFLAG_INVALID. This broke OCSP validation with certain mirrors. * Make supported protocols and options for DHE params more prominent in tls_config_set_protocols.3. * Avoid a use-after-scope in tls13_cert_add(). * Split TLSv1.3 record protection from record layer. * Move the TLSv1.3 handshake struct inside the shared handshake struct. * Fully initialize rrec in tls12_record_layer_open_record_protected() to avoid confusing some static analyzers. * Use tls_set_errorx() on OCSP_basic_verify() failure since the latter does not set errno. * Convert openssl(1) x509 to new option handling and do the usual clean up that goes along with it. * Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data. * Rename new_cipher to cipher to align naming with keyblock or other parts of the handshake data. * Avoid mangled output in BIO_debug_callback(). * Fix client initiated renegotiation by replacing use of s->internal-type with s->server. * Move the TLSv1.2 record number increment into the new record layer. * Move finished and peer finished into the handshake struct. * Avoid transcript initialization when sending a TLS HelloRequest, fixing server initiated renegotiation. * Remove pointless assignment in SSL_get0_alpn_selected(). * Provide EVP_PKEY_new_CMAC_KEY(3). * Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. * Add DTLSv1.2 to openssl(1) s_server and s_client protocol message logging. * Avoid leaking param->name in x509_verify_param_zero(). * Avoid a leak in an error path in openssl(1) x509. * Add some error checking to openssl(1) x509. * When sending an alert in TLSv1.3, only set its error code when no other error was set previously. Certain clients rely on specific SSL_R_ error codes to identify that they are dealing with a self signed cert. * Switch to the legacy verifier for the stable release. * Provide SSL_use_certificate_chain_file(3). * Provide SSL_set_hostflags(3) and SSL_get0_peername(3). * Provide various DTLSv1.2 specific functions and defines. * Document meaning of '*' in the genrsa output. * Updated documentation for SSL_get_shared_ciphers(3). * Add documentation for SSL_get_finished(3). * Document EVP_PKEY_new_CMAC_key(3) * Document SSL_use_certificate_chain_file(3). * Document SSL_set_hostflags(3) and SSL_get0_peername(3). * Update SSL_get_version.3 manual for DTLSv.1.2 support. * Added '--enable-libtls-only' build option, which builds and installs a statically-linked libtls, skipping libcrypto and libssl. This is useful for systems that ship with OpenSSL but wish to also package libtls. 3.3.1 - Security fix * Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference. Bug fixes * Move point-on-curve check to set_affine_coordinates to avoid verifying ECDSA signatures with unchecked public keys. * Fix SSL_is_server() to behave as documented by re-introducing the client-specific methods. * Avoid undefined behavior due to memcpy(NULL, NULL, 0). * Mark a few more internal static tables const. 3.3.0 - Development release * Make openssl(1) s_server ignore -4 and -6 for compatibility with OpenSSL. * Further cleanup of the DTLS record handling. * Continue the replacement of the TLSv1.2 record layer by reimplementing the read side of the TLSv1.2 record handling. * Replace DTLSv1_enc_data() with TLSv1_1_enc_data(). * Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c. * When switching from the TLSv1.3 stack to the legacy stack include a TLS record header. This is necessary if there is more than one handshake message in the TLS plaintext record. * Set SO_REUSEADDR on the server socket in the openssl(1) ocsp command. * Fix resource handling on error in OCSP_request_add0_id(). * Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into .data.rel.ro and .rodata, respectively. * Add a const qualifier to srtp_known_profiles. * Simplify TLS method by removing the client and server specific methods internally. * Avoid casting away const in ssl_ctx_make_profiles(). * Make sure there is enough room for stashing the handshake message when switching to the legacy TLS stack. * Avoid explicitly conditioning an assert on DTLS1_VERSION to make the assert work for newer DTLS versions. * Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL. * Send a host header with OCSP queries to make openssl(1) ocsp work with some widely used OCSP responders. * Fix a memory leak in the openssl(1) s_client. * Add a flag to mark DTLS methods as DTLS to have an easy way to recognize DTLS methods that avoids inspecting the version number. * Implement SSL_is_dtls() and use it internally in place of the SSL_IS_DTLS macro. * Unbreak DTLS retransmissions for flights that include a CCS. * Add ability to ocspcheck(8) to parse a port in the specified OCSP URL. * Refactor and clean up ocspcheck(8) and add regression tests. * If x509_verify() fails, ensure that the error is set on both the x509_verify_ctx() and its store context to make some failures visible from SSL_get_verify_result(). * Use the X509_STORE_CTX get_issuer() callback from the new X.509 verifier to fix hashed certificate directories. * Only check BIO_should_read() on read and BIO_should_write() on write. Previously, BIO_should_write() was also checked after read and BIO_should_read() after write which could cause stalls in software that uses the same BIO for read and write. * In openssl(1) verify, also check for error on the store context since the return value of X509_verify_cert() is unreliable in presence of a callback that returns 1 too often. * Update getentropy on Windows to use Cryptography Next Generation (CNG). wincrypt is deprecated and no longer works with newer Windows environments, such as in Windows Store apps. * Implement auto chain for the TLSv1.3 server since some software relies on this. * Handle additional certificate error cases in the new X.509 verifier. Keep track of the errors encountered if a verify callback tells the verifier to continue and report them back via the error on the store context. This mimics the behavior of the old verifier that would persist the first error encountered while building the chain. * Report specific failures for "self signed certificates" in a way compatible with the old verifier since software relies on the error code. * Implement key exporter for TLSv1.3. * Plug a large memory leak in the new verifier caused by calling X509_policy_check() repeatedly. * Avoid leaking memory in x509_verify_chain_dup(). * Various documentation improvements, particularly around TLS methods. 3.2.3 - Security fix * Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference. 3.2.2 - Stable release * This is the first stable release with the new TLSv1.3 implementation enabled by default for both client and server. The OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided in an upcoming release. * New X509 certificate chain validator that correctly handles multiple paths through intermediate certificates. Loosely based on Go's X509 validator. * New name constraints verification implementation which passes the bettertls.com certificate validation check suite. * Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack. * Start replacing the existing TLSv1.2 record layer. * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. * Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. * Send alert on ssl_get_prev_session() failure. * Zero out variable on the stack to avoid leaving garbage in the tail of short session IDs. * Move state initialization from SSL_clear() to ssl3_clear() to ensure that it gets correctly reinitialized across a SSL_set_ssl_method() call. * Avoid an out-of-bounds write in BN_rand(). * Fix numerous leaks in the UI_dup_* functions. Simplify and tidy up the code in ui_lib.c. * Correctly track selected ALPN length to avoid a potential segmentation fault with SSL_get0_alpn_selected() when alpn_selected is NULL. * Include machine/endian.h gost2814789.c in order to pick up the __STRICT_ALIGNMENT define. * Simplify SSL method lookups. * Clean up and simplify SSL_get_ciphers(), SSL_set_session(), SSL_set_ssl_method() and several internal functions. * Correctly handle ssl_cert_dup() failure in SSL_set_SSL_CTX(). * Refactor dtls1_new(), dtls1_hm_fragment_new(), dtls1_drain_fragments(), dtls1_clear_queues(). * Copy the session ID directly in ssl_get_prev_session() instead of handing it through several functions for copying. * Clean up and refactor ssl_get_prev_session(); simplify tls_decrypt_ticket() and tls1_process_ticket() exit paths. * Avoid memset() before memcpy() in CBS_add_bytes(). * Rewrite X509_INFO_{new,free}() more idiomatically. * Remove unnecessary zeroing after recallocarray() in ASN1_BIT_STRING_set_bit(). * Convert openssl(1) ocsp new option handling. * Document SSL_set1_host(3), SSL_set_SSL_CTX(3). * Document return value from EC_KEY_get0_public_key(3). * Greatly expanded test coverage via the tlsfuzzer test scripts. * Expanded test coverage via the bettertls certificate test suite. * Test interoperability with the Botan TLS client. * Make pthread_mutex static initialisation work on Windows. * Get __STRICT_ALIGNMENT from machine/endian.h with portable build. 3.2.1 - Development release * Propagate alerts from the read half of the TLSv1.3 record layer to I/O functions. * Send a record overflow alert for TLSv1.3 messages having overlong plaintext or inner plaintext. * Send an illegal parameter alert if a client sends an invalid DH key share. * Document PKCS7_final(3), PKCS7_add_attribute(3). * Collapse x509v3 directory into x509. * Improve TLSv1.3 client certificate selection to allow EC certificates instead of only RSA certificates. * Fail on receiving an invalid NID in X509_ATTRIBUTE_create() instead of constructing a broken objects that may cause NULL pointer accesses. * Add support for additional GOST curves from RFC 7836 and draft-deremin-rfc4491-bis. * Add OIDs for HMAC using the Streebog hash function. * Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. * Enable GOST_SIG_FORMAT_RS_LE when verifying certificate signatures. * Handle GOST in ssl_cert_dup(). * Stop sending GOST R 34.10-94 as a CertificateType. * Use IANA allocated GOST ClientCertificateTypes. * Add a custom copy handler for AES keywrap to fix a use-after-free. * Enforce in the TLSv1.3 server that that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2 * Document more PKCS7 attribute functions. * Document PKCS7_get_signer_info(3). * Document PEM_ASN1_read(3) and PEM_ASN1_read_bio(3). * Document PEM_def_callback(3). * Document EVP_read_pw_string_min(3). * Merge documentation of X509_get0_serialNumber from OpenSSL 1.1.1. * Document error handling of X509_PUBKEY_get0(3) and X509_PUBKEY_get(3) * Document X509_get0_pubkey_bitstr(3). * Fix an off-by-one in the CBC padding removal. From BoringSSL. * Enforce restrictions on extensions present in the ClientHello as per RFC 8446, section 9.2. * Add new CMAC_Init(3) and ChaCha(3) manual pages. * Fix SSL_shutdown behavior to match the legacy stack. The previous behavior could cause a hang. * Add initial support for openbsd/powerpc64. * Make the message type available in the internal TLS extensions API functions. * Enable TLSv1.3 for the generic TLS_method(). * Convert openssl(1) s_client option handling. * Document openssl(1) certhash. * Convert openssl(1) verify option handling. * Fix a longstanding bug in PEM_X509_INFO_read_bio(3) that could cause use-after-free and double-free issues in calling programs. * Document PEM_X509_INFO_read(3) and PEM_X509_INFO_read_bio(3). * Handle SSL_MODE_AUTO_RETRY being changed during a TLSv1.3 session. * Convert openssl(1) s_server option handling. * Add minimal info callback support for TLSv1.3. * Refactor, clean up and simplify some SSL3/DTLS1 record writing code. * Correctly handle server requests for an OCSP response. * Add the P-521 curve to the list of curves supported by default in the client. * Convert openssl(1) req option handling. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Send an unexpected message alert if no valid content type is found in a TLSv1.3 record. 3.2.0 - Development release * Enable TLS 1.3 server side in addition to client by default. With this change TLS 1.3 is handled entirely on the new stack and state machine, with fallback to the legacy stack and state machine for older versions. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Improve length checks in the TLS 1.3 record layer and provide appropriate alerts for violations of record layer limits. * Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic retry of handshake messages. * Modify I/O behavior so that SSL_MODE_AUTO_RETRY is the default similar to new OpenSSL releases. * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in various commands. * Add tlsfuzzer based regression tests. * Support sending certificate status requests from the TLS 1.3 client to request OCSP staples for leaf certificates. * Support sending certificate status replies from the TLS 1.3 server in order to send OCSP staples for leaf certificates. * Send correct alerts when handling failed key share extensions on the TLS 1.3 server. * Various compatibility fixes for TLS 1.3 to 1.2 fallback for switching from the new to legacy stacks. * Support TLS 1.3 options in the openssl(1) command. * Many alert cleanups in TLS 1.3 to provide expected alerts in failure conditions. * Modify "openssl x509" to display invalid certificate times as invalid, and correctly deal with the failing return case from X509_cmp_time so that a certificate with an invalid NotAfter does not appear valid. * Support sending dummy change_cipher_spec records for TLS 1.3 middlebox compatibility. * Ensure only PSS signatures are used with RSA in TLS 1.3. * Ensure that TLS 1.3 clients advertise exactly the "null" compression method in its legacy_compression_methods. * Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode. * Use non-expired certificates first when building a certificate chain. 3.1.5 - Security fix * Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference. 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. 3.1.3 - Bug fix * libcrypto may fail to build a valid certificate chain due to expired untrusted issuer certificates. 3.1.2 - Bug fix * A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list. 3.1.1 - Stable release * Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. * Improved handling of TLSv1.3 HelloRetryRequests, simplifying state transitions and ensuring that the legacy session identifer retains the same value across the handshake. * Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446. * Improved TLSv1.3 client key share handling to allow the use of any groups in our configured NID list. * Fixed printing the serialNumber with X509_print_ex() fall back to the colon separated hex bytes in case greater than int value. * Fix to disallow setting the AES-GCM IV length to zero. * Added -groups option to openssl(1) s_server subcommand. * Fix to show TLSv1.3 extension types with openssl(1) -tlsextdebug. * Improved portable builds to support the use of static MSVC runtimes. * Fixed portable builds to avoid exporting a sleep() symbol. 3.1.0 - Development release * Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Many more code cleanups, fixes, and improvements to memory handling and protocol parsing. * Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. * Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL 1.1.1 and enabled by default. * Improved compatibility by backporting functionality and documentation from OpenSSL 1.1.1. * Added many new additional crypto test vectors. * Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. * Default CA bundle location is now configurable in portable builds. * Added cms subcommand to openssl(1). * Added -addext option to openssl(1) req subcommand. 3.0.2 - Stable release * Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (Note that the CMS code is currently disabled) Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) * Avoid a path traversal bug in s_server on Windows when run with the -WWW or -HTTP options, due to incomplete path check logic. Issue reported and fix tested by Jobert Abma 3.0.1 - Development release * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL or zero cofactor is passed to EC_GROUP_set_generator(), try to compute it using Hasse's bound. This works as long as the cofactor is small enough. * Fixed a memory leak in error paths for eckey_type2param(). * Initial work on supporting Cryptographic Message Syntax (CMS) in libcrypto (not enabled). * Various manual page improvements and additions. * Added a CMake check for an existing uninstall target, facilitating embedding LibreSSL in larger CMake projects, from Matthew Albrecht. 3.0.0 - Development release * Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API. * Documented undescribed options and removed unfunctional options description in openssl(1) manual. * A plethora of small fixes due to regular oss-fuzz testing. * Various side channels in DSA and ECDSA were addressed. These are some of the many issues found in an extensive systematic analysis of bignum usage by Samuel Weiser, David Schrammel et al. * Enabled openssl(1) speed subcommand on Windows platform. * Enabled performance optimizations when building with Visual Studio on Windows. * Fixed incorrect carry operation in 512 addition for Streebog. * Fixed -modulus option with openssl(1) dsa subcommand. * Fixed PVK format output issue with openssl(1) dsa and rsa subcommand. 2.9.2 - Bug fixes * Fixed portable builds with older versions of MacOS, Android targets < API 21, and Solaris 10 * Fixed SRTP profile advertisement for DTLS servers. 2.9.1 - Stable release * Added support for XChaCha20 and XChaCha20-Poly1305. * Added support for AES key wrap constructions via the EVP interface. * Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH. * Added pbkdf2 key derivation support to openssl(1) * Removed SHA224 based handshake signatures from consideration for use in a TLS 1.2 handshake. * Changed the default digest type of openssl(1) enc to to sha256. * Changed the default digest type of openssl(1) dgst to sha256. * Changed the default digest type of openssl(1) x509 -fingerprint to sha256. * Changed the default digest type of openssl(1) crl -fingerprint to sha256. * Improved Windows, Android, and ARM compatibility, including assembly optimizations on Mingw-w64 targets. 2.9.0 - Development release * Added the SM4 block cipher from the Chinese standard GB/T 32907-2016. * Fixed warnings about clock_gettime on Windows Visual Studio builds. * Fixed CMake builds on systems where getpagesize is defined as an inline function. * CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility. * Added the SM3 hash function from the Chinese standard GB/T 32905-2016. * Added more OPENSSL_NO_* macros for compatibility with OpenSSL. * Added extensive interoperability tests between LibreSSL and OpenSSL 1.0 and 1.1. * Added additional Wycheproof tests and related bug fixes. * Simplified sigalgs option processing and handshake signing algorithm * Added the ability to use the RSA PSS algorithm for handshake signatures. * Added bn_rand_interval() and use it in code needing ranges of random bn values. * Added functionality to derive early, handshake, and application secrets as per RFC8446. * Added handshake state machine from RFC8446. * Removed some ASN.1 related code from libcrypto that had not been used since around 2000. * Unexported internal symbols and internalized more record layer structs. * Added support for assembly optimizations on 32-bit ARM ELF targets. * Improved protection against timing side channels in ECDSA signature generation. * Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability. * Ensure transcript handshake is always freed with TLS 1.2. 2.8.2 - Stable release * Added Wycheproof support for ECDH and ECDSA Web Crypto test vectors, along with test harness fixes. * Fixed memory leak in nc(1) 2.8.1 - Test and compatibility improvements * Added Wycheproof support for ECDH, RSASSA-PSS, AES-GCM, AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, and X25519 test vectors. Applied appropriate fixes for errors uncovered by tests. * Simplified key exchange signature generation and verification. * Fixed a one-byte buffer overrun in callers of EVP_read_pw_string * Converted more code paths to use CBB/CBS. All handshake messages are now created by CBB. * Fixed various memory leaks found by Coverity. * Simplified session ticket parsing and handling, inspired by BoringSSL. * Modified signature of CRYPTO_mem_leaks_* to return -1. This function is a no-op in LibreSSL, so this function returns an error to not indicate the (non-)existence of memory leaks. * SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher, X509_OBJECT_up_ref_count now return an int for error handling, matching OpenSSL. * Converted a number of #defines into proper functions, matching OpenSSL's ABI. * Added X509_get0_serialNumber from OpenSSL. * Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching OpenSSL. * Removed broken pkcs8 formats from openssl(1). * Converted more functions in public API to use const arguments. * Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the EVP_AEAD interface. * Stopped using composite EVP_CIPHER AEADs. * Added timing-safe compares for checking results of signature verification. There are no known attacks, this is just inexpensive prudence. * Correctly clear the current cipher state, when changing cipher state. This fixed an issue where renegotiation of cipher suites would fail when switched from AEAD to non-AEAD or vice-versa. Issue reported by Bernard Spil. * Added more cipher tests to appstest.sh, including all TLSv1.2 ciphers. * Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL. * Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV to be retrieved and set with appropriate validation. 2.8.0 - Bug fixes, security, and compatibility improvements * Extensive documentation updates and additional API history. * Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry * Tighten up checks for various X509_VERIFY_PARAM functions, 'poisoning' parameters so that an unverified certificate cannot be used if it fails verification. * Fixed a potential memory leak on failure in ASN1_item_digest * Fixed a potential memory alignment crash in asn1_item_combine_free * Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths. * Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds. * Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers and matching OpenSSL behavior, rewrote ENGINE_* documentation. * Added const annotations to many existing APIs from OpenSSL, making interoperability easier for downstream applications. * Fixed small timing side-channels in ecdsa_sign_setup and dsa_sign_setup. * Documented security pitfalls with BN_FLG_CONSTTIME and constant-time operation of BN_* functions. * Updated BN_clear to use explicit_bzero. * Added a missing bounds check in c2i_ASN1_BIT_STRING. * More CBS conversions, including simplifications to RSA key exchange, and converted code to use dedicated buffers for secrets. * Removed three remaining single DES cipher suites. * Fixed a potential leak/incorrect return value in DSA signature generation. * Added a blinding value when generating DSA and ECDSA signatures, in order to reduce the possibility of a side-channel attack leaking the private key. * Added ECC constant time scalar multiplication support. From Billy Brumley and his team at Tampere University of Technology. * Revised the implementation of RSASSA-PKCS1-v1_5 to match the specification in RFC 8017. Based on an OpenSSL commit by David Benjamin. * Cleaned up BN_* implementations following changes made in OpenSSL by Davide Galassi and others. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/libressl/Makefile cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libressl/PLIST cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/libressl/buildlink3.mk cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/libressl/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_168069232087460 Content-Disposition: inline Content-Length: 94352 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/libressl/Makefile diff -u pkgsrc/security/libressl/Makefile:1.17 pkgsrc/security/libressl/Makefile:1.18 --- pkgsrc/security/libressl/Makefile:1.17 Mon Jul 25 11:12:27 2022 +++ pkgsrc/security/libressl/Makefile Wed Apr 5 10:58:40 2023 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.17 2022/07/25 11:12:27 wiz Exp $ +# $NetBSD: Makefile,v 1.18 2023/04/05 10:58:40 nikita Exp $ -DISTNAME= libressl-2.7.4 -PKGREVISION= 1 +DISTNAME= libressl-3.6.2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=LibreSSL/} @@ -37,17 +36,11 @@ LDFLAGS+= ${COMPILER_RPATH_FLAG}${LIBRE BUILDLINK_PASSTHRU_RPATHDIRS+= ${LIBRESSL_PREFIX:Q}/lib TEST_TARGET= check -PLIST_VARS+= man .include "../../mk/bsd.prefs.mk" -.if ${OPSYS} != "Darwin" -# bn_print(3) and BN_print(3) conflict on case-insensitive file system -PLIST.man= yes -.endif - post-install: - cd ${WRKSRC}/apps/openssl; ${INSTALL_DATA} ${CONFS} ${DESTDIR}${EGDIR} + cd ${DESTDIR}${PKG_SYSCONFDIR}; ${INSTALL_DATA} ${CONFS} ${DESTDIR}${EGDIR} ${RM} -r ${DESTDIR}${PKG_SYSCONFDIR} .include "../../mk/bsd.pkg.mk" Index: pkgsrc/security/libressl/PLIST diff -u pkgsrc/security/libressl/PLIST:1.10 pkgsrc/security/libressl/PLIST:1.11 --- pkgsrc/security/libressl/PLIST:1.10 Thu Nov 26 15:49:58 2020 +++ pkgsrc/security/libressl/PLIST Wed Apr 5 10:58:40 2023 @@ -1,9 +1,8 @@ -@comment $NetBSD: PLIST,v 1.10 2020/11/26 15:49:58 schmonz Exp $ +@comment $NetBSD: PLIST,v 1.11 2023/04/05 10:58:40 nikita Exp $ libressl/bin/ocspcheck libressl/bin/openssl libressl/include/openssl/aes.h libressl/include/openssl/asn1.h -libressl/include/openssl/asn1_mac.h libressl/include/openssl/asn1t.h libressl/include/openssl/bio.h libressl/include/openssl/blowfish.h @@ -13,10 +12,12 @@ libressl/include/openssl/camellia.h libressl/include/openssl/cast.h libressl/include/openssl/chacha.h libressl/include/openssl/cmac.h +libressl/include/openssl/cms.h libressl/include/openssl/comp.h libressl/include/openssl/conf.h libressl/include/openssl/conf_api.h libressl/include/openssl/crypto.h +libressl/include/openssl/ct.h libressl/include/openssl/curve25519.h libressl/include/openssl/des.h libressl/include/openssl/dh.h @@ -33,6 +34,7 @@ libressl/include/openssl/gost.h libressl/include/openssl/hkdf.h libressl/include/openssl/hmac.h libressl/include/openssl/idea.h +libressl/include/openssl/kdf.h libressl/include/openssl/lhash.h libressl/include/openssl/md4.h libressl/include/openssl/md5.h @@ -56,6 +58,8 @@ libressl/include/openssl/ripemd.h libressl/include/openssl/rsa.h libressl/include/openssl/safestack.h libressl/include/openssl/sha.h +libressl/include/openssl/sm3.h +libressl/include/openssl/sm4.h libressl/include/openssl/srtp.h libressl/include/openssl/ssl.h libressl/include/openssl/ssl2.h @@ -69,6 +73,7 @@ libressl/include/openssl/ui.h libressl/include/openssl/ui_compat.h libressl/include/openssl/whrlpool.h libressl/include/openssl/x509.h +libressl/include/openssl/x509_verify.h libressl/include/openssl/x509_vfy.h libressl/include/openssl/x509v3.h libressl/include/tls.h @@ -82,12 +87,29 @@ libressl/lib/pkgconfig/openssl.pc libressl/man/man1/openssl.1 libressl/man/man3/ACCESS_DESCRIPTION_free.3 libressl/man/man3/ACCESS_DESCRIPTION_new.3 +libressl/man/man3/AES_cbc_encrypt.3 +libressl/man/man3/AES_decrypt.3 +libressl/man/man3/AES_encrypt.3 +libressl/man/man3/AES_set_decrypt_key.3 +libressl/man/man3/AES_set_encrypt_key.3 +libressl/man/man3/ASN1_BIT_STRING_check.3 libressl/man/man3/ASN1_BIT_STRING_free.3 +libressl/man/man3/ASN1_BIT_STRING_get_bit.3 +libressl/man/man3/ASN1_BIT_STRING_name_print.3 libressl/man/man3/ASN1_BIT_STRING_new.3 +libressl/man/man3/ASN1_BIT_STRING_num_asc.3 +libressl/man/man3/ASN1_BIT_STRING_set.3 +libressl/man/man3/ASN1_BIT_STRING_set_asc.3 +libressl/man/man3/ASN1_BIT_STRING_set_bit.3 libressl/man/man3/ASN1_BMPSTRING_free.3 libressl/man/man3/ASN1_BMPSTRING_new.3 libressl/man/man3/ASN1_ENUMERATED_free.3 +libressl/man/man3/ASN1_ENUMERATED_get.3 +libressl/man/man3/ASN1_ENUMERATED_get_int64.3 libressl/man/man3/ASN1_ENUMERATED_new.3 +libressl/man/man3/ASN1_ENUMERATED_set.3 +libressl/man/man3/ASN1_ENUMERATED_set_int64.3 +libressl/man/man3/ASN1_ENUMERATED_to_BN.3 libressl/man/man3/ASN1_GENERALIZEDTIME_adj.3 libressl/man/man3/ASN1_GENERALIZEDTIME_check.3 libressl/man/man3/ASN1_GENERALIZEDTIME_free.3 @@ -99,24 +121,42 @@ libressl/man/man3/ASN1_GENERALSTRING_fre libressl/man/man3/ASN1_GENERALSTRING_new.3 libressl/man/man3/ASN1_IA5STRING_free.3 libressl/man/man3/ASN1_IA5STRING_new.3 +libressl/man/man3/ASN1_INTEGER_cmp.3 +libressl/man/man3/ASN1_INTEGER_dup.3 libressl/man/man3/ASN1_INTEGER_free.3 +libressl/man/man3/ASN1_INTEGER_get.3 +libressl/man/man3/ASN1_INTEGER_get_int64.3 +libressl/man/man3/ASN1_INTEGER_get_uint64.3 libressl/man/man3/ASN1_INTEGER_new.3 +libressl/man/man3/ASN1_INTEGER_set.3 +libressl/man/man3/ASN1_INTEGER_set_int64.3 +libressl/man/man3/ASN1_INTEGER_set_uint64.3 +libressl/man/man3/ASN1_INTEGER_to_BN.3 +libressl/man/man3/ASN1_NULL_free.3 +libressl/man/man3/ASN1_NULL_new.3 +libressl/man/man3/ASN1_OBJECT_create.3 libressl/man/man3/ASN1_OBJECT_free.3 libressl/man/man3/ASN1_OBJECT_new.3 +libressl/man/man3/ASN1_OCTET_STRING_cmp.3 +libressl/man/man3/ASN1_OCTET_STRING_dup.3 libressl/man/man3/ASN1_OCTET_STRING_free.3 libressl/man/man3/ASN1_OCTET_STRING_new.3 +libressl/man/man3/ASN1_OCTET_STRING_set.3 libressl/man/man3/ASN1_PRINTABLESTRING_free.3 libressl/man/man3/ASN1_PRINTABLESTRING_new.3 libressl/man/man3/ASN1_PRINTABLE_free.3 libressl/man/man3/ASN1_PRINTABLE_new.3 +libressl/man/man3/ASN1_PRINTABLE_type.3 libressl/man/man3/ASN1_STRING_TABLE_add.3 libressl/man/man3/ASN1_STRING_TABLE_cleanup.3 libressl/man/man3/ASN1_STRING_TABLE_get.3 libressl/man/man3/ASN1_STRING_cmp.3 +libressl/man/man3/ASN1_STRING_copy.3 libressl/man/man3/ASN1_STRING_data.3 libressl/man/man3/ASN1_STRING_dup.3 libressl/man/man3/ASN1_STRING_free.3 libressl/man/man3/ASN1_STRING_get0_data.3 +libressl/man/man3/ASN1_STRING_get_default_mask.3 libressl/man/man3/ASN1_STRING_length.3 libressl/man/man3/ASN1_STRING_length_set.3 libressl/man/man3/ASN1_STRING_new.3 @@ -124,6 +164,10 @@ libressl/man/man3/ASN1_STRING_print.3 libressl/man/man3/ASN1_STRING_print_ex.3 libressl/man/man3/ASN1_STRING_print_ex_fp.3 libressl/man/man3/ASN1_STRING_set.3 +libressl/man/man3/ASN1_STRING_set0.3 +libressl/man/man3/ASN1_STRING_set_by_NID.3 +libressl/man/man3/ASN1_STRING_set_default_mask.3 +libressl/man/man3/ASN1_STRING_set_default_mask_asc.3 libressl/man/man3/ASN1_STRING_to_UTF8.3 libressl/man/man3/ASN1_STRING_type.3 libressl/man/man3/ASN1_STRING_type_new.3 @@ -131,6 +175,7 @@ libressl/man/man3/ASN1_T61STRING_free.3 libressl/man/man3/ASN1_T61STRING_new.3 libressl/man/man3/ASN1_TIME_adj.3 libressl/man/man3/ASN1_TIME_check.3 +libressl/man/man3/ASN1_TIME_diff.3 libressl/man/man3/ASN1_TIME_free.3 libressl/man/man3/ASN1_TIME_new.3 libressl/man/man3/ASN1_TIME_print.3 @@ -141,11 +186,16 @@ libressl/man/man3/ASN1_TIME_to_generaliz libressl/man/man3/ASN1_TYPE_cmp.3 libressl/man/man3/ASN1_TYPE_free.3 libressl/man/man3/ASN1_TYPE_get.3 +libressl/man/man3/ASN1_TYPE_get_int_octetstring.3 +libressl/man/man3/ASN1_TYPE_get_octetstring.3 libressl/man/man3/ASN1_TYPE_new.3 libressl/man/man3/ASN1_TYPE_set.3 libressl/man/man3/ASN1_TYPE_set1.3 +libressl/man/man3/ASN1_TYPE_set_int_octetstring.3 +libressl/man/man3/ASN1_TYPE_set_octetstring.3 libressl/man/man3/ASN1_UNIVERSALSTRING_free.3 libressl/man/man3/ASN1_UNIVERSALSTRING_new.3 +libressl/man/man3/ASN1_UNIVERSALSTRING_to_string.3 libressl/man/man3/ASN1_UTCTIME_adj.3 libressl/man/man3/ASN1_UTCTIME_check.3 libressl/man/man3/ASN1_UTCTIME_cmp_time_t.3 @@ -159,18 +209,35 @@ libressl/man/man3/ASN1_UTF8STRING_new.3 libressl/man/man3/ASN1_VISIBLESTRING_free.3 libressl/man/man3/ASN1_VISIBLESTRING_new.3 libressl/man/man3/ASN1_add_oid_module.3 +libressl/man/man3/ASN1_bn_print.3 libressl/man/man3/ASN1_generate_nconf.3 libressl/man/man3/ASN1_generate_v3.3 +libressl/man/man3/ASN1_get_object.3 libressl/man/man3/ASN1_item_d2i.3 libressl/man/man3/ASN1_item_d2i_bio.3 libressl/man/man3/ASN1_item_d2i_fp.3 +libressl/man/man3/ASN1_item_digest.3 libressl/man/man3/ASN1_item_dup.3 libressl/man/man3/ASN1_item_free.3 libressl/man/man3/ASN1_item_i2d.3 libressl/man/man3/ASN1_item_i2d_bio.3 libressl/man/man3/ASN1_item_i2d_fp.3 +libressl/man/man3/ASN1_item_ndef_i2d.3 libressl/man/man3/ASN1_item_new.3 +libressl/man/man3/ASN1_item_pack.3 libressl/man/man3/ASN1_item_print.3 +libressl/man/man3/ASN1_item_sign.3 +libressl/man/man3/ASN1_item_sign_ctx.3 +libressl/man/man3/ASN1_item_unpack.3 +libressl/man/man3/ASN1_item_verify.3 +libressl/man/man3/ASN1_mbstring_copy.3 +libressl/man/man3/ASN1_mbstring_ncopy.3 +libressl/man/man3/ASN1_object_size.3 +libressl/man/man3/ASN1_parse.3 +libressl/man/man3/ASN1_parse_dump.3 +libressl/man/man3/ASN1_put_eoc.3 +libressl/man/man3/ASN1_put_object.3 +libressl/man/man3/ASN1_tag2bit.3 libressl/man/man3/ASN1_tag2str.3 libressl/man/man3/ASN1_time_parse.3 libressl/man/man3/ASN1_time_tm_cmp.3 @@ -189,6 +256,10 @@ libressl/man/man3/BF_ofb64_encrypt.3 libressl/man/man3/BF_options.3 libressl/man/man3/BF_set_key.3 libressl/man/man3/BIO_append_filename.3 +libressl/man/man3/BIO_asn1_get_prefix.3 +libressl/man/man3/BIO_asn1_get_suffix.3 +libressl/man/man3/BIO_asn1_set_prefix.3 +libressl/man/man3/BIO_asn1_set_suffix.3 libressl/man/man3/BIO_callback_ctrl.3 libressl/man/man3/BIO_callback_fn.3 libressl/man/man3/BIO_ctrl.3 @@ -202,7 +273,12 @@ libressl/man/man3/BIO_destroy_bio_pair.3 libressl/man/man3/BIO_do_accept.3 libressl/man/man3/BIO_do_connect.3 libressl/man/man3/BIO_do_handshake.3 +libressl/man/man3/BIO_dump.3 +libressl/man/man3/BIO_dump_fp.3 +libressl/man/man3/BIO_dump_indent.3 +libressl/man/man3/BIO_dump_indent_fp.3 libressl/man/man3/BIO_eof.3 +libressl/man/man3/BIO_f_asn1.3 libressl/man/man3/BIO_f_base64.3 libressl/man/man3/BIO_f_buffer.3 libressl/man/man3/BIO_f_cipher.3 @@ -245,6 +321,8 @@ libressl/man/man3/BIO_get_ssl.3 libressl/man/man3/BIO_get_write_buf_size.3 libressl/man/man3/BIO_get_write_guarantee.3 libressl/man/man3/BIO_gets.3 +libressl/man/man3/BIO_indent.3 +libressl/man/man3/BIO_info_cb.3 libressl/man/man3/BIO_int_ctrl.3 libressl/man/man3/BIO_make_bio_pair.3 libressl/man/man3/BIO_meth_free.3 @@ -265,8 +343,11 @@ libressl/man/man3/BIO_meth_set_gets.3 libressl/man/man3/BIO_meth_set_puts.3 libressl/man/man3/BIO_meth_set_read.3 libressl/man/man3/BIO_meth_set_write.3 +libressl/man/man3/BIO_method_name.3 libressl/man/man3/BIO_method_type.3 libressl/man/man3/BIO_new.3 +libressl/man/man3/BIO_new_CMS.3 +libressl/man/man3/BIO_new_NDEF.3 libressl/man/man3/BIO_new_accept.3 libressl/man/man3/BIO_new_bio_pair.3 libressl/man/man3/BIO_new_buffer_ssl_connect.3 @@ -378,22 +459,27 @@ libressl/man/man3/BN_MONT_CTX_free.3 libressl/man/man3/BN_MONT_CTX_init.3 libressl/man/man3/BN_MONT_CTX_new.3 libressl/man/man3/BN_MONT_CTX_set.3 +libressl/man/man3/BN_MONT_CTX_set_locked.3 libressl/man/man3/BN_RECP_CTX_free.3 libressl/man/man3/BN_RECP_CTX_init.3 libressl/man/man3/BN_RECP_CTX_new.3 libressl/man/man3/BN_RECP_CTX_set.3 +libressl/man/man3/BN_abs_is_word.3 libressl/man/man3/BN_add.3 libressl/man/man3/BN_add_word.3 libressl/man/man3/BN_asc2bn.3 libressl/man/man3/BN_bin2bn.3 libressl/man/man3/BN_bn2bin.3 +libressl/man/man3/BN_bn2binpad.3 libressl/man/man3/BN_bn2dec.3 libressl/man/man3/BN_bn2hex.3 +libressl/man/man3/BN_bn2lebinpad.3 libressl/man/man3/BN_bn2mpi.3 libressl/man/man3/BN_clear.3 libressl/man/man3/BN_clear_bit.3 libressl/man/man3/BN_clear_free.3 libressl/man/man3/BN_cmp.3 +libressl/man/man3/BN_consttime_swap.3 libressl/man/man3/BN_copy.3 libressl/man/man3/BN_dec2bn.3 libressl/man/man3/BN_div.3 @@ -433,18 +519,25 @@ libressl/man/man3/BN_is_prime_fasttest.3 libressl/man/man3/BN_is_prime_fasttest_ex.3 libressl/man/man3/BN_is_word.3 libressl/man/man3/BN_is_zero.3 +libressl/man/man3/BN_lebin2bn.3 libressl/man/man3/BN_lshift.3 libressl/man/man3/BN_lshift1.3 libressl/man/man3/BN_mask_bits.3 libressl/man/man3/BN_mod.3 libressl/man/man3/BN_mod_add.3 +libressl/man/man3/BN_mod_add_quick.3 libressl/man/man3/BN_mod_exp.3 libressl/man/man3/BN_mod_inverse.3 +libressl/man/man3/BN_mod_lshift.3 +libressl/man/man3/BN_mod_lshift1.3 +libressl/man/man3/BN_mod_lshift1_quick.3 +libressl/man/man3/BN_mod_lshift_quick.3 libressl/man/man3/BN_mod_mul.3 libressl/man/man3/BN_mod_mul_montgomery.3 libressl/man/man3/BN_mod_mul_reciprocal.3 libressl/man/man3/BN_mod_sqr.3 libressl/man/man3/BN_mod_sub.3 +libressl/man/man3/BN_mod_sub_quick.3 libressl/man/man3/BN_mod_word.3 libressl/man/man3/BN_mpi2bn.3 libressl/man/man3/BN_mul.3 @@ -463,6 +556,7 @@ libressl/man/man3/BN_rand.3 libressl/man/man3/BN_rand_range.3 libressl/man/man3/BN_rshift.3 libressl/man/man3/BN_rshift1.3 +libressl/man/man3/BN_security_bits.3 libressl/man/man3/BN_set_bit.3 libressl/man/man3/BN_set_flags.3 libressl/man/man3/BN_set_negative.3 @@ -471,11 +565,16 @@ libressl/man/man3/BN_sqr.3 libressl/man/man3/BN_sub.3 libressl/man/man3/BN_sub_word.3 libressl/man/man3/BN_swap.3 +libressl/man/man3/BN_to_ASN1_ENUMERATED.3 +libressl/man/man3/BN_to_ASN1_INTEGER.3 libressl/man/man3/BN_to_montgomery.3 +libressl/man/man3/BN_uadd.3 libressl/man/man3/BN_ucmp.3 +libressl/man/man3/BN_usub.3 libressl/man/man3/BN_value_one.3 libressl/man/man3/BN_with_flags.3 libressl/man/man3/BN_zero.3 +libressl/man/man3/BN_zero_ex.3 libressl/man/man3/BUF_MEM_free.3 libressl/man/man3/BUF_MEM_grow.3 libressl/man/man3/BUF_MEM_grow_clean.3 @@ -484,6 +583,65 @@ libressl/man/man3/BUF_reverse.3 libressl/man/man3/BUF_strdup.3 libressl/man/man3/CERTIFICATEPOLICIES_free.3 libressl/man/man3/CERTIFICATEPOLICIES_new.3 +libressl/man/man3/CMAC_CTX_cleanup.3 +libressl/man/man3/CMAC_CTX_copy.3 +libressl/man/man3/CMAC_CTX_free.3 +libressl/man/man3/CMAC_CTX_get0_cipher_ctx.3 +libressl/man/man3/CMAC_CTX_new.3 +libressl/man/man3/CMAC_Final.3 +libressl/man/man3/CMAC_Init.3 +libressl/man/man3/CMAC_Update.3 +libressl/man/man3/CMAC_resume.3 +libressl/man/man3/CMS_ContentInfo_free.3 +libressl/man/man3/CMS_ContentInfo_new.3 +libressl/man/man3/CMS_ContentInfo_print_ctx.3 +libressl/man/man3/CMS_ReceiptRequest_create0.3 +libressl/man/man3/CMS_ReceiptRequest_free.3 +libressl/man/man3/CMS_ReceiptRequest_get0_values.3 +libressl/man/man3/CMS_ReceiptRequest_new.3 +libressl/man/man3/CMS_RecipientInfo_decrypt.3 +libressl/man/man3/CMS_RecipientInfo_encrypt.3 +libressl/man/man3/CMS_RecipientInfo_kekri_get0_id.3 +libressl/man/man3/CMS_RecipientInfo_kekri_id_cmp.3 +libressl/man/man3/CMS_RecipientInfo_ktri_cert_cmp.3 +libressl/man/man3/CMS_RecipientInfo_ktri_get0_signer_id.3 +libressl/man/man3/CMS_RecipientInfo_set0_key.3 +libressl/man/man3/CMS_RecipientInfo_set0_pkey.3 +libressl/man/man3/CMS_RecipientInfo_type.3 +libressl/man/man3/CMS_SignerInfo_cert_cmp.3 +libressl/man/man3/CMS_SignerInfo_get0_signature.3 +libressl/man/man3/CMS_SignerInfo_get0_signer_id.3 +libressl/man/man3/CMS_SignerInfo_set1_signer_cert.3 +libressl/man/man3/CMS_SignerInfo_sign.3 +libressl/man/man3/CMS_add0_cert.3 +libressl/man/man3/CMS_add0_crl.3 +libressl/man/man3/CMS_add0_recipient_key.3 +libressl/man/man3/CMS_add1_ReceiptRequest.3 +libressl/man/man3/CMS_add1_cert.3 +libressl/man/man3/CMS_add1_crl.3 +libressl/man/man3/CMS_add1_recipient_cert.3 +libressl/man/man3/CMS_add1_signer.3 +libressl/man/man3/CMS_compress.3 +libressl/man/man3/CMS_decrypt.3 +libressl/man/man3/CMS_decrypt_set1_key.3 +libressl/man/man3/CMS_decrypt_set1_pkey.3 +libressl/man/man3/CMS_encrypt.3 +libressl/man/man3/CMS_final.3 +libressl/man/man3/CMS_get0_RecipientInfos.3 +libressl/man/man3/CMS_get0_SignerInfos.3 +libressl/man/man3/CMS_get0_content.3 +libressl/man/man3/CMS_get0_eContentType.3 +libressl/man/man3/CMS_get0_signers.3 +libressl/man/man3/CMS_get0_type.3 +libressl/man/man3/CMS_get1_ReceiptRequest.3 +libressl/man/man3/CMS_get1_certs.3 +libressl/man/man3/CMS_get1_crls.3 +libressl/man/man3/CMS_set1_eContentType.3 +libressl/man/man3/CMS_sign.3 +libressl/man/man3/CMS_sign_receipt.3 +libressl/man/man3/CMS_uncompress.3 +libressl/man/man3/CMS_verify.3 +libressl/man/man3/CMS_verify_receipt.3 libressl/man/man3/CONF_modules_finish.3 libressl/man/man3/CONF_modules_free.3 libressl/man/man3/CONF_modules_load.3 @@ -498,39 +656,35 @@ libressl/man/man3/CRYPTO_MEM_LEAK_CB.3 libressl/man/man3/CRYPTO_THREADID_cmp.3 libressl/man/man3/CRYPTO_THREADID_cpy.3 libressl/man/man3/CRYPTO_THREADID_current.3 -libressl/man/man3/CRYPTO_THREADID_get_callback.3 libressl/man/man3/CRYPTO_THREADID_hash.3 -libressl/man/man3/CRYPTO_THREADID_set_callback.3 -libressl/man/man3/CRYPTO_THREADID_set_numeric.3 -libressl/man/man3/CRYPTO_THREADID_set_pointer.3 libressl/man/man3/CRYPTO_add.3 -libressl/man/man3/CRYPTO_destroy_dynlockid.3 +libressl/man/man3/CRYPTO_chacha_20.3 libressl/man/man3/CRYPTO_free.3 libressl/man/man3/CRYPTO_free_ex_data.3 libressl/man/man3/CRYPTO_get_ex_data.3 libressl/man/man3/CRYPTO_get_ex_new_index.3 libressl/man/man3/CRYPTO_get_mem_functions.3 -libressl/man/man3/CRYPTO_get_new_dynlockid.3 +libressl/man/man3/CRYPTO_hchacha_20.3 libressl/man/man3/CRYPTO_lock.3 libressl/man/man3/CRYPTO_malloc.3 libressl/man/man3/CRYPTO_mem_ctrl.3 libressl/man/man3/CRYPTO_mem_leaks.3 libressl/man/man3/CRYPTO_mem_leaks_cb.3 libressl/man/man3/CRYPTO_mem_leaks_fp.3 +libressl/man/man3/CRYPTO_memcmp.3 libressl/man/man3/CRYPTO_new_ex_data.3 -libressl/man/man3/CRYPTO_num_locks.3 libressl/man/man3/CRYPTO_r_lock.3 libressl/man/man3/CRYPTO_r_unlock.3 libressl/man/man3/CRYPTO_realloc.3 -libressl/man/man3/CRYPTO_set_dynlock_create_callback.3 -libressl/man/man3/CRYPTO_set_dynlock_destroy_callback.3 -libressl/man/man3/CRYPTO_set_dynlock_lock_callback.3 libressl/man/man3/CRYPTO_set_ex_data.3 -libressl/man/man3/CRYPTO_set_locking_callback.3 libressl/man/man3/CRYPTO_set_mem_functions.3 libressl/man/man3/CRYPTO_strdup.3 libressl/man/man3/CRYPTO_w_lock.3 libressl/man/man3/CRYPTO_w_unlock.3 +libressl/man/man3/CRYPTO_xchacha_20.3 +libressl/man/man3/ChaCha.3 +libressl/man/man3/ChaCha_set_iv.3 +libressl/man/man3/ChaCha_set_key.3 libressl/man/man3/DECLARE_LHASH_OF.3 libressl/man/man3/DES_cbc_cksum.3 libressl/man/man3/DES_cfb64_encrypt.3 @@ -567,6 +721,7 @@ libressl/man/man3/DES_xcbc_encrypt.3 libressl/man/man3/DH_OpenSSL.3 libressl/man/man3/DH_bits.3 libressl/man/man3/DH_check.3 +libressl/man/man3/DH_check_pub_key.3 libressl/man/man3/DH_clear_flags.3 libressl/man/man3/DH_compute_key.3 libressl/man/man3/DH_free.3 @@ -581,6 +736,7 @@ libressl/man/man3/DH_get_ex_data.3 libressl/man/man3/DH_get_ex_new_index.3 libressl/man/man3/DH_new.3 libressl/man/man3/DH_new_method.3 +libressl/man/man3/DH_security_bits.3 libressl/man/man3/DH_set0_key.3 libressl/man/man3/DH_set0_pqg.3 libressl/man/man3/DH_set_default_method.3 @@ -590,6 +746,7 @@ libressl/man/man3/DH_set_length.3 libressl/man/man3/DH_set_method.3 libressl/man/man3/DH_size.3 libressl/man/man3/DH_test_flags.3 +libressl/man/man3/DH_up_ref.3 libressl/man/man3/DHparams_print.3 libressl/man/man3/DHparams_print_fp.3 libressl/man/man3/DIRECTORYSTRING_free.3 @@ -605,6 +762,7 @@ libressl/man/man3/DSA_SIG_free.3 libressl/man/man3/DSA_SIG_get0.3 libressl/man/man3/DSA_SIG_new.3 libressl/man/man3/DSA_SIG_set0.3 +libressl/man/man3/DSA_bits.3 libressl/man/man3/DSA_clear_flags.3 libressl/man/man3/DSA_do_sign.3 libressl/man/man3/DSA_do_verify.3 @@ -621,13 +779,16 @@ libressl/man/man3/DSA_get_ex_data.3 libressl/man/man3/DSA_get_ex_new_index.3 libressl/man/man3/DSA_meth_dup.3 libressl/man/man3/DSA_meth_free.3 +libressl/man/man3/DSA_meth_get0_name.3 libressl/man/man3/DSA_meth_new.3 +libressl/man/man3/DSA_meth_set1_name.3 libressl/man/man3/DSA_meth_set_finish.3 libressl/man/man3/DSA_meth_set_sign.3 libressl/man/man3/DSA_new.3 libressl/man/man3/DSA_new_method.3 libressl/man/man3/DSA_print.3 libressl/man/man3/DSA_print_fp.3 +libressl/man/man3/DSA_security_bits.3 libressl/man/man3/DSA_set0_key.3 libressl/man/man3/DSA_set0_pqg.3 libressl/man/man3/DSA_set_default_method.3 @@ -638,17 +799,26 @@ libressl/man/man3/DSA_sign.3 libressl/man/man3/DSA_sign_setup.3 libressl/man/man3/DSA_size.3 libressl/man/man3/DSA_test_flags.3 +libressl/man/man3/DSA_up_ref.3 libressl/man/man3/DSA_verify.3 libressl/man/man3/DSAparams_dup.3 libressl/man/man3/DSAparams_print.3 libressl/man/man3/DSAparams_print_fp.3 +libressl/man/man3/DTLS_client_method.3 +libressl/man/man3/DTLS_method.3 +libressl/man/man3/DTLS_server_method.3 +libressl/man/man3/DTLSv1_2_client_method.3 +libressl/man/man3/DTLSv1_2_method.3 +libressl/man/man3/DTLSv1_2_server_method.3 libressl/man/man3/DTLSv1_client_method.3 libressl/man/man3/DTLSv1_listen.3 libressl/man/man3/DTLSv1_method.3 libressl/man/man3/DTLSv1_server_method.3 +libressl/man/man3/ECDH_compute_key.3 libressl/man/man3/ECDH_get_ex_data.3 libressl/man/man3/ECDH_get_ex_new_index.3 libressl/man/man3/ECDH_set_ex_data.3 +libressl/man/man3/ECDH_size.3 libressl/man/man3/ECDSA_OpenSSL.3 libressl/man/man3/ECDSA_SIG_free.3 libressl/man/man3/ECDSA_SIG_get0.3 @@ -692,6 +862,7 @@ libressl/man/man3/EC_GROUP_get0_seed.3 libressl/man/man3/EC_GROUP_get_asn1_flag.3 libressl/man/man3/EC_GROUP_get_basis_type.3 libressl/man/man3/EC_GROUP_get_cofactor.3 +libressl/man/man3/EC_GROUP_get_curve.3 libressl/man/man3/EC_GROUP_get_curve_GF2m.3 libressl/man/man3/EC_GROUP_get_curve_GFp.3 libressl/man/man3/EC_GROUP_get_curve_name.3 @@ -707,14 +878,29 @@ libressl/man/man3/EC_GROUP_new.3 libressl/man/man3/EC_GROUP_new_by_curve_name.3 libressl/man/man3/EC_GROUP_new_curve_GF2m.3 libressl/man/man3/EC_GROUP_new_curve_GFp.3 +libressl/man/man3/EC_GROUP_order_bits.3 libressl/man/man3/EC_GROUP_precompute_mult.3 libressl/man/man3/EC_GROUP_set_asn1_flag.3 +libressl/man/man3/EC_GROUP_set_curve.3 libressl/man/man3/EC_GROUP_set_curve_GF2m.3 libressl/man/man3/EC_GROUP_set_curve_GFp.3 libressl/man/man3/EC_GROUP_set_curve_name.3 libressl/man/man3/EC_GROUP_set_generator.3 libressl/man/man3/EC_GROUP_set_point_conversion_form.3 libressl/man/man3/EC_GROUP_set_seed.3 +libressl/man/man3/EC_KEY_METHOD_free.3 +libressl/man/man3/EC_KEY_METHOD_get_compute_key.3 +libressl/man/man3/EC_KEY_METHOD_get_init.3 +libressl/man/man3/EC_KEY_METHOD_get_keygen.3 +libressl/man/man3/EC_KEY_METHOD_get_sign.3 +libressl/man/man3/EC_KEY_METHOD_get_verify.3 +libressl/man/man3/EC_KEY_METHOD_new.3 +libressl/man/man3/EC_KEY_METHOD_set_compute_key.3 +libressl/man/man3/EC_KEY_METHOD_set_init.3 +libressl/man/man3/EC_KEY_METHOD_set_keygen.3 +libressl/man/man3/EC_KEY_METHOD_set_sign.3 +libressl/man/man3/EC_KEY_METHOD_set_verify.3 +libressl/man/man3/EC_KEY_OpenSSL.3 libressl/man/man3/EC_KEY_check_key.3 libressl/man/man3/EC_KEY_clear_flags.3 libressl/man/man3/EC_KEY_copy.3 @@ -725,20 +911,28 @@ libressl/man/man3/EC_KEY_get0_group.3 libressl/man/man3/EC_KEY_get0_private_key.3 libressl/man/man3/EC_KEY_get0_public_key.3 libressl/man/man3/EC_KEY_get_conv_form.3 +libressl/man/man3/EC_KEY_get_default_method.3 libressl/man/man3/EC_KEY_get_enc_flags.3 +libressl/man/man3/EC_KEY_get_ex_data.3 +libressl/man/man3/EC_KEY_get_ex_new_index.3 libressl/man/man3/EC_KEY_get_flags.3 libressl/man/man3/EC_KEY_get_key_method_data.3 +libressl/man/man3/EC_KEY_get_method.3 libressl/man/man3/EC_KEY_insert_key_method_data.3 libressl/man/man3/EC_KEY_new.3 libressl/man/man3/EC_KEY_new_by_curve_name.3 +libressl/man/man3/EC_KEY_new_method.3 libressl/man/man3/EC_KEY_precompute_mult.3 libressl/man/man3/EC_KEY_print.3 libressl/man/man3/EC_KEY_print_fp.3 libressl/man/man3/EC_KEY_set_asn1_flag.3 libressl/man/man3/EC_KEY_set_conv_form.3 +libressl/man/man3/EC_KEY_set_default_method.3 libressl/man/man3/EC_KEY_set_enc_flags.3 +libressl/man/man3/EC_KEY_set_ex_data.3 libressl/man/man3/EC_KEY_set_flags.3 libressl/man/man3/EC_KEY_set_group.3 +libressl/man/man3/EC_KEY_set_method.3 libressl/man/man3/EC_KEY_set_private_key.3 libressl/man/man3/EC_KEY_set_public_key.3 libressl/man/man3/EC_KEY_set_public_key_affine_coordinates.3 @@ -753,6 +947,7 @@ libressl/man/man3/EC_POINT_dbl.3 libressl/man/man3/EC_POINT_dup.3 libressl/man/man3/EC_POINT_free.3 libressl/man/man3/EC_POINT_get_Jprojective_coordinates_GFp.3 +libressl/man/man3/EC_POINT_get_affine_coordinates.3 libressl/man/man3/EC_POINT_get_affine_coordinates_GF2m.3 libressl/man/man3/EC_POINT_get_affine_coordinates_GFp.3 libressl/man/man3/EC_POINT_hex2point.3 @@ -768,8 +963,10 @@ libressl/man/man3/EC_POINT_point2bn.3 libressl/man/man3/EC_POINT_point2hex.3 libressl/man/man3/EC_POINT_point2oct.3 libressl/man/man3/EC_POINT_set_Jprojective_coordinates_GFp.3 +libressl/man/man3/EC_POINT_set_affine_coordinates.3 libressl/man/man3/EC_POINT_set_affine_coordinates_GF2m.3 libressl/man/man3/EC_POINT_set_affine_coordinates_GFp.3 +libressl/man/man3/EC_POINT_set_compressed_coordinates.3 libressl/man/man3/EC_POINT_set_compressed_coordinates_GF2m.3 libressl/man/man3/EC_POINT_set_compressed_coordinates_GFp.3 libressl/man/man3/EC_POINT_set_to_infinity.3 @@ -778,6 +975,10 @@ libressl/man/man3/EC_POINTs_mul.3 libressl/man/man3/EC_get_builtin_curves.3 libressl/man/man3/EDIPARTYNAME_free.3 libressl/man/man3/EDIPARTYNAME_new.3 +libressl/man/man3/ENGINE_CIPHERS_PTR.3 +libressl/man/man3/ENGINE_CTRL_FUNC_PTR.3 +libressl/man/man3/ENGINE_DIGESTS_PTR.3 +libressl/man/man3/ENGINE_GEN_INT_FUNC_PTR.3 libressl/man/man3/ENGINE_add.3 libressl/man/man3/ENGINE_add_conf_module.3 libressl/man/man3/ENGINE_by_id.3 @@ -818,19 +1019,13 @@ libressl/man/man3/ENGINE_get_flags.3 libressl/man/man3/ENGINE_get_id.3 libressl/man/man3/ENGINE_get_init_function.3 libressl/man/man3/ENGINE_get_last.3 -libressl/man/man3/ENGINE_get_load_privkey_function.3 -libressl/man/man3/ENGINE_get_load_pubkey_function.3 libressl/man/man3/ENGINE_get_name.3 libressl/man/man3/ENGINE_get_next.3 libressl/man/man3/ENGINE_get_prev.3 libressl/man/man3/ENGINE_get_table_flags.3 libressl/man/man3/ENGINE_init.3 libressl/man/man3/ENGINE_load_builtin_engines.3 -libressl/man/man3/ENGINE_load_cryptodev.3 libressl/man/man3/ENGINE_load_dynamic.3 -libressl/man/man3/ENGINE_load_openssl.3 -libressl/man/man3/ENGINE_load_private_key.3 -libressl/man/man3/ENGINE_load_public_key.3 libressl/man/man3/ENGINE_new.3 libressl/man/man3/ENGINE_register_DH.3 libressl/man/man3/ENGINE_register_DSA.3 @@ -880,8 +1075,6 @@ libressl/man/man3/ENGINE_set_finish_func libressl/man/man3/ENGINE_set_flags.3 libressl/man/man3/ENGINE_set_id.3 libressl/man/man3/ENGINE_set_init_function.3 -libressl/man/man3/ENGINE_set_load_privkey_function.3 -libressl/man/man3/ENGINE_set_load_pubkey_function.3 libressl/man/man3/ENGINE_set_name.3 libressl/man/man3/ENGINE_set_table_flags.3 libressl/man/man3/ENGINE_unregister_DH.3 @@ -913,7 +1106,6 @@ libressl/man/man3/ERR_get_error_line.3 libressl/man/man3/ERR_get_error_line_data.3 libressl/man/man3/ERR_get_next_error_library.3 libressl/man/man3/ERR_lib_error_string.3 -libressl/man/man3/ERR_load_BN_strings.3 libressl/man/man3/ERR_load_crypto_strings.3 libressl/man/man3/ERR_load_strings.3 libressl/man/man3/ERR_peek_error.3 @@ -938,7 +1130,9 @@ libressl/man/man3/ESS_ISSUER_SERIAL_new. libressl/man/man3/ESS_SIGNING_CERT_free.3 libressl/man/man3/ESS_SIGNING_CERT_new.3 libressl/man/man3/EVP_AEAD_CTX_cleanup.3 +libressl/man/man3/EVP_AEAD_CTX_free.3 libressl/man/man3/EVP_AEAD_CTX_init.3 +libressl/man/man3/EVP_AEAD_CTX_new.3 libressl/man/man3/EVP_AEAD_CTX_open.3 libressl/man/man3/EVP_AEAD_CTX_seal.3 libressl/man/man3/EVP_AEAD_key_length.3 @@ -949,10 +1143,12 @@ libressl/man/man3/EVP_BytesToKey.3 libressl/man/man3/EVP_CIPHER_CTX_block_size.3 libressl/man/man3/EVP_CIPHER_CTX_cipher.3 libressl/man/man3/EVP_CIPHER_CTX_cleanup.3 +libressl/man/man3/EVP_CIPHER_CTX_clear_flags.3 libressl/man/man3/EVP_CIPHER_CTX_ctrl.3 libressl/man/man3/EVP_CIPHER_CTX_flags.3 libressl/man/man3/EVP_CIPHER_CTX_free.3 libressl/man/man3/EVP_CIPHER_CTX_get_app_data.3 +libressl/man/man3/EVP_CIPHER_CTX_get_iv.3 libressl/man/man3/EVP_CIPHER_CTX_init.3 libressl/man/man3/EVP_CIPHER_CTX_iv_length.3 libressl/man/man3/EVP_CIPHER_CTX_key_length.3 @@ -962,8 +1158,11 @@ libressl/man/man3/EVP_CIPHER_CTX_nid.3 libressl/man/man3/EVP_CIPHER_CTX_rand_key.3 libressl/man/man3/EVP_CIPHER_CTX_reset.3 libressl/man/man3/EVP_CIPHER_CTX_set_app_data.3 +libressl/man/man3/EVP_CIPHER_CTX_set_flags.3 +libressl/man/man3/EVP_CIPHER_CTX_set_iv.3 libressl/man/man3/EVP_CIPHER_CTX_set_key_length.3 libressl/man/man3/EVP_CIPHER_CTX_set_padding.3 +libressl/man/man3/EVP_CIPHER_CTX_test_flags.3 libressl/man/man3/EVP_CIPHER_CTX_type.3 libressl/man/man3/EVP_CIPHER_asn1_to_param.3 libressl/man/man3/EVP_CIPHER_block_size.3 @@ -974,6 +1173,7 @@ libressl/man/man3/EVP_CIPHER_mode.3 libressl/man/man3/EVP_CIPHER_nid.3 libressl/man/man3/EVP_CIPHER_param_to_asn1.3 libressl/man/man3/EVP_CIPHER_type.3 +libressl/man/man3/EVP_Cipher.3 libressl/man/man3/EVP_CipherFinal.3 libressl/man/man3/EVP_CipherFinal_ex.3 libressl/man/man3/EVP_CipherInit.3 @@ -988,17 +1188,22 @@ libressl/man/man3/EVP_DecryptFinal_ex.3 libressl/man/man3/EVP_DecryptInit.3 libressl/man/man3/EVP_DecryptInit_ex.3 libressl/man/man3/EVP_DecryptUpdate.3 +libressl/man/man3/EVP_Digest.3 libressl/man/man3/EVP_DigestFinal.3 libressl/man/man3/EVP_DigestFinal_ex.3 libressl/man/man3/EVP_DigestInit.3 libressl/man/man3/EVP_DigestInit_ex.3 +libressl/man/man3/EVP_DigestSign.3 libressl/man/man3/EVP_DigestSignFinal.3 libressl/man/man3/EVP_DigestSignInit.3 libressl/man/man3/EVP_DigestSignUpdate.3 libressl/man/man3/EVP_DigestUpdate.3 +libressl/man/man3/EVP_DigestVerify.3 libressl/man/man3/EVP_DigestVerifyFinal.3 libressl/man/man3/EVP_DigestVerifyInit.3 libressl/man/man3/EVP_DigestVerifyUpdate.3 +libressl/man/man3/EVP_ENCODE_CTX_free.3 +libressl/man/man3/EVP_ENCODE_CTX_new.3 libressl/man/man3/EVP_EncodeBlock.3 libressl/man/man3/EVP_EncodeFinal.3 libressl/man/man3/EVP_EncodeInit.3 @@ -1030,26 +1235,63 @@ libressl/man/man3/EVP_MD_type.3 libressl/man/man3/EVP_OpenFinal.3 libressl/man/man3/EVP_OpenInit.3 libressl/man/man3/EVP_OpenUpdate.3 +libressl/man/man3/EVP_PKCS82PKEY.3 +libressl/man/man3/EVP_PKEY2PKCS8.3 +libressl/man/man3/EVP_PKEY_CTX_add1_hkdf_info.3 libressl/man/man3/EVP_PKEY_CTX_ctrl.3 libressl/man/man3/EVP_PKEY_CTX_ctrl_str.3 libressl/man/man3/EVP_PKEY_CTX_dup.3 libressl/man/man3/EVP_PKEY_CTX_free.3 +libressl/man/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3 +libressl/man/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3 +libressl/man/man3/EVP_PKEY_CTX_get1_id.3 +libressl/man/man3/EVP_PKEY_CTX_get1_id_len.3 libressl/man/man3/EVP_PKEY_CTX_get_app_data.3 libressl/man/man3/EVP_PKEY_CTX_get_cb.3 +libressl/man/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3 +libressl/man/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3 +libressl/man/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3 +libressl/man/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3 libressl/man/man3/EVP_PKEY_CTX_get_keygen_info.3 +libressl/man/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3 +libressl/man/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3 +libressl/man/man3/EVP_PKEY_CTX_get_rsa_padding.3 +libressl/man/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3 +libressl/man/man3/EVP_PKEY_CTX_get_signature_md.3 +libressl/man/man3/EVP_PKEY_CTX_hkdf_mode.3 libressl/man/man3/EVP_PKEY_CTX_new.3 libressl/man/man3/EVP_PKEY_CTX_new_id.3 +libressl/man/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3 +libressl/man/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3 +libressl/man/man3/EVP_PKEY_CTX_set1_hkdf_key.3 +libressl/man/man3/EVP_PKEY_CTX_set1_hkdf_salt.3 +libressl/man/man3/EVP_PKEY_CTX_set1_id.3 libressl/man/man3/EVP_PKEY_CTX_set_app_data.3 libressl/man/man3/EVP_PKEY_CTX_set_cb.3 libressl/man/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3 libressl/man/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3 libressl/man/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3 +libressl/man/man3/EVP_PKEY_CTX_set_ec_param_enc.3 libressl/man/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3 +libressl/man/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3 +libressl/man/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3 +libressl/man/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3 +libressl/man/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3 +libressl/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 libressl/man/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3 libressl/man/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3 +libressl/man/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3 +libressl/man/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3 libressl/man/man3/EVP_PKEY_CTX_set_rsa_padding.3 +libressl/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +libressl/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3 +libressl/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3 libressl/man/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3 libressl/man/man3/EVP_PKEY_CTX_set_signature_md.3 +libressl/man/man3/EVP_PKEY_add1_attr.3 +libressl/man/man3/EVP_PKEY_add1_attr_by_NID.3 +libressl/man/man3/EVP_PKEY_add1_attr_by_OBJ.3 +libressl/man/man3/EVP_PKEY_add1_attr_by_txt.3 libressl/man/man3/EVP_PKEY_asn1_add0.3 libressl/man/man3/EVP_PKEY_asn1_add_alias.3 libressl/man/man3/EVP_PKEY_asn1_copy.3 @@ -1060,21 +1302,30 @@ libressl/man/man3/EVP_PKEY_asn1_get0.3 libressl/man/man3/EVP_PKEY_asn1_get0_info.3 libressl/man/man3/EVP_PKEY_asn1_get_count.3 libressl/man/man3/EVP_PKEY_asn1_new.3 +libressl/man/man3/EVP_PKEY_asn1_set_check.3 libressl/man/man3/EVP_PKEY_asn1_set_ctrl.3 libressl/man/man3/EVP_PKEY_asn1_set_free.3 libressl/man/man3/EVP_PKEY_asn1_set_param.3 +libressl/man/man3/EVP_PKEY_asn1_set_param_check.3 libressl/man/man3/EVP_PKEY_asn1_set_private.3 libressl/man/man3/EVP_PKEY_asn1_set_public.3 +libressl/man/man3/EVP_PKEY_asn1_set_public_check.3 +libressl/man/man3/EVP_PKEY_asn1_set_security_bits.3 +libressl/man/man3/EVP_PKEY_assign.3 libressl/man/man3/EVP_PKEY_assign_DH.3 libressl/man/man3/EVP_PKEY_assign_DSA.3 libressl/man/man3/EVP_PKEY_assign_EC_KEY.3 +libressl/man/man3/EVP_PKEY_assign_GOST.3 libressl/man/man3/EVP_PKEY_assign_RSA.3 libressl/man/man3/EVP_PKEY_base_id.3 +libressl/man/man3/EVP_PKEY_bits.3 +libressl/man/man3/EVP_PKEY_check.3 libressl/man/man3/EVP_PKEY_cmp.3 libressl/man/man3/EVP_PKEY_cmp_parameters.3 libressl/man/man3/EVP_PKEY_copy_parameters.3 libressl/man/man3/EVP_PKEY_decrypt.3 libressl/man/man3/EVP_PKEY_decrypt_init.3 +libressl/man/man3/EVP_PKEY_delete_attr.3 libressl/man/man3/EVP_PKEY_derive.3 libressl/man/man3/EVP_PKEY_derive_init.3 libressl/man/man3/EVP_PKEY_derive_set_peer.3 @@ -1082,14 +1333,21 @@ libressl/man/man3/EVP_PKEY_encrypt.3 libressl/man/man3/EVP_PKEY_encrypt_init.3 libressl/man/man3/EVP_PKEY_free.3 libressl/man/man3/EVP_PKEY_gen_cb.3 +libressl/man/man3/EVP_PKEY_get0.3 libressl/man/man3/EVP_PKEY_get0_DH.3 libressl/man/man3/EVP_PKEY_get0_DSA.3 libressl/man/man3/EVP_PKEY_get0_EC_KEY.3 libressl/man/man3/EVP_PKEY_get0_RSA.3 +libressl/man/man3/EVP_PKEY_get0_asn1.3 +libressl/man/man3/EVP_PKEY_get0_hmac.3 libressl/man/man3/EVP_PKEY_get1_DH.3 libressl/man/man3/EVP_PKEY_get1_DSA.3 libressl/man/man3/EVP_PKEY_get1_EC_KEY.3 libressl/man/man3/EVP_PKEY_get1_RSA.3 +libressl/man/man3/EVP_PKEY_get_attr.3 +libressl/man/man3/EVP_PKEY_get_attr_by_NID.3 +libressl/man/man3/EVP_PKEY_get_attr_by_OBJ.3 +libressl/man/man3/EVP_PKEY_get_attr_count.3 libressl/man/man3/EVP_PKEY_get_default_digest_nid.3 libressl/man/man3/EVP_PKEY_id.3 libressl/man/man3/EVP_PKEY_keygen.3 @@ -1100,6 +1358,7 @@ libressl/man/man3/EVP_PKEY_meth_find.3 libressl/man/man3/EVP_PKEY_meth_free.3 libressl/man/man3/EVP_PKEY_meth_get0_info.3 libressl/man/man3/EVP_PKEY_meth_new.3 +libressl/man/man3/EVP_PKEY_meth_set_check.3 libressl/man/man3/EVP_PKEY_meth_set_cleanup.3 libressl/man/man3/EVP_PKEY_meth_set_copy.3 libressl/man/man3/EVP_PKEY_meth_set_ctrl.3 @@ -1108,7 +1367,9 @@ libressl/man/man3/EVP_PKEY_meth_set_deri libressl/man/man3/EVP_PKEY_meth_set_encrypt.3 libressl/man/man3/EVP_PKEY_meth_set_init.3 libressl/man/man3/EVP_PKEY_meth_set_keygen.3 +libressl/man/man3/EVP_PKEY_meth_set_param_check.3 libressl/man/man3/EVP_PKEY_meth_set_paramgen.3 +libressl/man/man3/EVP_PKEY_meth_set_public_check.3 libressl/man/man3/EVP_PKEY_meth_set_sign.3 libressl/man/man3/EVP_PKEY_meth_set_signctx.3 libressl/man/man3/EVP_PKEY_meth_set_verify.3 @@ -1116,15 +1377,21 @@ libressl/man/man3/EVP_PKEY_meth_set_veri libressl/man/man3/EVP_PKEY_meth_set_verifyctx.3 libressl/man/man3/EVP_PKEY_missing_parameters.3 libressl/man/man3/EVP_PKEY_new.3 +libressl/man/man3/EVP_PKEY_new_CMAC_key.3 +libressl/man/man3/EVP_PKEY_new_mac_key.3 +libressl/man/man3/EVP_PKEY_param_check.3 libressl/man/man3/EVP_PKEY_paramgen.3 libressl/man/man3/EVP_PKEY_paramgen_init.3 libressl/man/man3/EVP_PKEY_print_params.3 libressl/man/man3/EVP_PKEY_print_private.3 libressl/man/man3/EVP_PKEY_print_public.3 +libressl/man/man3/EVP_PKEY_public_check.3 +libressl/man/man3/EVP_PKEY_security_bits.3 libressl/man/man3/EVP_PKEY_set1_DH.3 libressl/man/man3/EVP_PKEY_set1_DSA.3 libressl/man/man3/EVP_PKEY_set1_EC_KEY.3 libressl/man/man3/EVP_PKEY_set1_RSA.3 +libressl/man/man3/EVP_PKEY_set_type.3 libressl/man/man3/EVP_PKEY_sign.3 libressl/man/man3/EVP_PKEY_sign_init.3 libressl/man/man3/EVP_PKEY_size.3 @@ -1148,51 +1415,99 @@ libressl/man/man3/EVP_VerifyUpdate.3 libressl/man/man3/EVP_aead_aes_128_gcm.3 libressl/man/man3/EVP_aead_aes_256_gcm.3 libressl/man/man3/EVP_aead_chacha20_poly1305.3 +libressl/man/man3/EVP_aead_xchacha20_poly1305.3 libressl/man/man3/EVP_aes_128_cbc.3 libressl/man/man3/EVP_aes_128_cbc_hmac_sha1.3 libressl/man/man3/EVP_aes_128_ccm.3 libressl/man/man3/EVP_aes_128_cfb.3 +libressl/man/man3/EVP_aes_128_cfb1.3 +libressl/man/man3/EVP_aes_128_cfb128.3 +libressl/man/man3/EVP_aes_128_cfb8.3 +libressl/man/man3/EVP_aes_128_ctr.3 libressl/man/man3/EVP_aes_128_ecb.3 libressl/man/man3/EVP_aes_128_gcm.3 libressl/man/man3/EVP_aes_128_ofb.3 +libressl/man/man3/EVP_aes_128_wrap.3 +libressl/man/man3/EVP_aes_128_xts.3 libressl/man/man3/EVP_aes_192_cbc.3 libressl/man/man3/EVP_aes_192_ccm.3 libressl/man/man3/EVP_aes_192_cfb.3 +libressl/man/man3/EVP_aes_192_cfb1.3 +libressl/man/man3/EVP_aes_192_cfb128.3 +libressl/man/man3/EVP_aes_192_cfb8.3 +libressl/man/man3/EVP_aes_192_ctr.3 libressl/man/man3/EVP_aes_192_ecb.3 libressl/man/man3/EVP_aes_192_gcm.3 libressl/man/man3/EVP_aes_192_ofb.3 +libressl/man/man3/EVP_aes_192_wrap.3 libressl/man/man3/EVP_aes_256_cbc.3 libressl/man/man3/EVP_aes_256_cbc_hmac_sha1.3 libressl/man/man3/EVP_aes_256_ccm.3 libressl/man/man3/EVP_aes_256_cfb.3 +libressl/man/man3/EVP_aes_256_cfb1.3 +libressl/man/man3/EVP_aes_256_cfb128.3 +libressl/man/man3/EVP_aes_256_cfb8.3 +libressl/man/man3/EVP_aes_256_ctr.3 libressl/man/man3/EVP_aes_256_ecb.3 libressl/man/man3/EVP_aes_256_gcm.3 libressl/man/man3/EVP_aes_256_ofb.3 +libressl/man/man3/EVP_aes_256_wrap.3 +libressl/man/man3/EVP_aes_256_xts.3 libressl/man/man3/EVP_bf_cbc.3 libressl/man/man3/EVP_bf_cfb.3 +libressl/man/man3/EVP_bf_cfb64.3 libressl/man/man3/EVP_bf_ecb.3 libressl/man/man3/EVP_bf_ofb.3 +libressl/man/man3/EVP_camellia_128_cbc.3 +libressl/man/man3/EVP_camellia_128_cfb.3 +libressl/man/man3/EVP_camellia_128_cfb1.3 +libressl/man/man3/EVP_camellia_128_cfb128.3 +libressl/man/man3/EVP_camellia_128_cfb8.3 +libressl/man/man3/EVP_camellia_128_ecb.3 +libressl/man/man3/EVP_camellia_128_ofb.3 +libressl/man/man3/EVP_camellia_192_cbc.3 +libressl/man/man3/EVP_camellia_192_cfb.3 +libressl/man/man3/EVP_camellia_192_cfb1.3 +libressl/man/man3/EVP_camellia_192_cfb128.3 +libressl/man/man3/EVP_camellia_192_cfb8.3 +libressl/man/man3/EVP_camellia_192_ecb.3 +libressl/man/man3/EVP_camellia_192_ofb.3 +libressl/man/man3/EVP_camellia_256_cbc.3 +libressl/man/man3/EVP_camellia_256_cfb.3 +libressl/man/man3/EVP_camellia_256_cfb1.3 +libressl/man/man3/EVP_camellia_256_cfb128.3 +libressl/man/man3/EVP_camellia_256_cfb8.3 +libressl/man/man3/EVP_camellia_256_ecb.3 +libressl/man/man3/EVP_camellia_256_ofb.3 libressl/man/man3/EVP_cast5_cbc.3 libressl/man/man3/EVP_cast5_cfb.3 +libressl/man/man3/EVP_cast5_cfb64.3 libressl/man/man3/EVP_cast5_ecb.3 libressl/man/man3/EVP_cast5_ofb.3 libressl/man/man3/EVP_chacha20.3 libressl/man/man3/EVP_cleanup.3 libressl/man/man3/EVP_des_cbc.3 libressl/man/man3/EVP_des_cfb.3 +libressl/man/man3/EVP_des_cfb1.3 +libressl/man/man3/EVP_des_cfb64.3 +libressl/man/man3/EVP_des_cfb8.3 libressl/man/man3/EVP_des_ecb.3 libressl/man/man3/EVP_des_ede.3 libressl/man/man3/EVP_des_ede3.3 libressl/man/man3/EVP_des_ede3_cbc.3 libressl/man/man3/EVP_des_ede3_cfb.3 +libressl/man/man3/EVP_des_ede3_cfb1.3 +libressl/man/man3/EVP_des_ede3_cfb64.3 +libressl/man/man3/EVP_des_ede3_cfb8.3 +libressl/man/man3/EVP_des_ede3_ecb.3 libressl/man/man3/EVP_des_ede3_ofb.3 libressl/man/man3/EVP_des_ede_cbc.3 libressl/man/man3/EVP_des_ede_cfb.3 +libressl/man/man3/EVP_des_ede_cfb64.3 +libressl/man/man3/EVP_des_ede_ecb.3 libressl/man/man3/EVP_des_ede_ofb.3 libressl/man/man3/EVP_des_ofb.3 libressl/man/man3/EVP_desx_cbc.3 -libressl/man/man3/EVP_dss.3 -libressl/man/man3/EVP_dss1.3 libressl/man/man3/EVP_enc_null.3 libressl/man/man3/EVP_get_cipherbyname.3 libressl/man/man3/EVP_get_cipherbynid.3 @@ -1202,6 +1517,7 @@ libressl/man/man3/EVP_get_digestbynid.3 libressl/man/man3/EVP_get_digestbyobj.3 libressl/man/man3/EVP_idea_cbc.3 libressl/man/man3/EVP_idea_cfb.3 +libressl/man/man3/EVP_idea_cfb64.3 libressl/man/man3/EVP_idea_ecb.3 libressl/man/man3/EVP_idea_ofb.3 libressl/man/man3/EVP_md5.3 @@ -1211,18 +1527,28 @@ libressl/man/man3/EVP_rc2_40_cbc.3 libressl/man/man3/EVP_rc2_64_cbc.3 libressl/man/man3/EVP_rc2_cbc.3 libressl/man/man3/EVP_rc2_cfb.3 +libressl/man/man3/EVP_rc2_cfb64.3 libressl/man/man3/EVP_rc2_ecb.3 libressl/man/man3/EVP_rc2_ofb.3 libressl/man/man3/EVP_rc4.3 libressl/man/man3/EVP_rc4_40.3 libressl/man/man3/EVP_rc4_hmac_md5.3 libressl/man/man3/EVP_read_pw_string.3 +libressl/man/man3/EVP_read_pw_string_min.3 libressl/man/man3/EVP_ripemd160.3 libressl/man/man3/EVP_sha1.3 libressl/man/man3/EVP_sha224.3 libressl/man/man3/EVP_sha256.3 libressl/man/man3/EVP_sha384.3 libressl/man/man3/EVP_sha512.3 +libressl/man/man3/EVP_sm3.3 +libressl/man/man3/EVP_sm4_cbc.3 +libressl/man/man3/EVP_sm4_cfb.3 +libressl/man/man3/EVP_sm4_cfb128.3 +libressl/man/man3/EVP_sm4_ctr.3 +libressl/man/man3/EVP_sm4_ecb.3 +libressl/man/man3/EVP_sm4_ofb.3 +libressl/man/man3/EVP_whirlpool.3 libressl/man/man3/EXTENDED_KEY_USAGE_free.3 libressl/man/man3/EXTENDED_KEY_USAGE_new.3 libressl/man/man3/GENERAL_NAMES_free.3 @@ -1233,11 +1559,9 @@ libressl/man/man3/GENERAL_SUBTREE_free.3 libressl/man/man3/GENERAL_SUBTREE_new.3 libressl/man/man3/GEN_SESSION_CB.3 libressl/man/man3/HMAC.3 -libressl/man/man3/HMAC_CTX_cleanup.3 libressl/man/man3/HMAC_CTX_copy.3 libressl/man/man3/HMAC_CTX_free.3 libressl/man/man3/HMAC_CTX_get_md.3 -libressl/man/man3/HMAC_CTX_init.3 libressl/man/man3/HMAC_CTX_new.3 libressl/man/man3/HMAC_CTX_reset.3 libressl/man/man3/HMAC_CTX_set_flags.3 @@ -1245,7 +1569,6 @@ libressl/man/man3/HMAC_Final.3 libressl/man/man3/HMAC_Init.3 libressl/man/man3/HMAC_Init_ex.3 libressl/man/man3/HMAC_Update.3 -libressl/man/man3/HMAC_cleanup.3 libressl/man/man3/HMAC_size.3 libressl/man/man3/ISSUING_DIST_POINT_free.3 libressl/man/man3/ISSUING_DIST_POINT_new.3 @@ -1267,16 +1590,31 @@ libressl/man/man3/NAME_CONSTRAINTS_free. libressl/man/man3/NAME_CONSTRAINTS_new.3 libressl/man/man3/NOTICEREF_free.3 libressl/man/man3/NOTICEREF_new.3 +libressl/man/man3/OBJ_NAME_add.3 +libressl/man/man3/OBJ_NAME_cleanup.3 +libressl/man/man3/OBJ_NAME_do_all.3 +libressl/man/man3/OBJ_NAME_do_all_sorted.3 +libressl/man/man3/OBJ_NAME_get.3 +libressl/man/man3/OBJ_NAME_init.3 +libressl/man/man3/OBJ_NAME_new_index.3 +libressl/man/man3/OBJ_NAME_remove.3 +libressl/man/man3/OBJ_add_object.3 +libressl/man/man3/OBJ_add_sigid.3 libressl/man/man3/OBJ_cleanup.3 libressl/man/man3/OBJ_cmp.3 libressl/man/man3/OBJ_create.3 +libressl/man/man3/OBJ_create_objects.3 libressl/man/man3/OBJ_dup.3 +libressl/man/man3/OBJ_find_sigid_algs.3 +libressl/man/man3/OBJ_find_sigid_by_algs.3 libressl/man/man3/OBJ_ln2nid.3 +libressl/man/man3/OBJ_new_nid.3 libressl/man/man3/OBJ_nid2ln.3 libressl/man/man3/OBJ_nid2obj.3 libressl/man/man3/OBJ_nid2sn.3 libressl/man/man3/OBJ_obj2nid.3 libressl/man/man3/OBJ_obj2txt.3 +libressl/man/man3/OBJ_sigid_free.3 libressl/man/man3/OBJ_sn2nid.3 libressl/man/man3/OBJ_txt2nid.3 libressl/man/man3/OBJ_txt2obj.3 @@ -1316,15 +1654,17 @@ libressl/man/man3/OCSP_SINGLERESP_get0_i libressl/man/man3/OCSP_SINGLERESP_new.3 libressl/man/man3/OCSP_basic_add1_nonce.3 libressl/man/man3/OCSP_basic_sign.3 +libressl/man/man3/OCSP_basic_verify.3 libressl/man/man3/OCSP_cert_id_new.3 +libressl/man/man3/OCSP_cert_status_str.3 libressl/man/man3/OCSP_cert_to_id.3 libressl/man/man3/OCSP_check_nonce.3 libressl/man/man3/OCSP_check_validity.3 libressl/man/man3/OCSP_copy_nonce.3 -libressl/man/man3/OCSP_crlID_new.3 libressl/man/man3/OCSP_id_cmp.3 libressl/man/man3/OCSP_id_get0_info.3 libressl/man/man3/OCSP_id_issuer_cmp.3 +libressl/man/man3/OCSP_parse_url.3 libressl/man/man3/OCSP_request_add0_id.3 libressl/man/man3/OCSP_request_add1_cert.3 libressl/man/man3/OCSP_request_add1_nonce.3 @@ -1338,15 +1678,18 @@ libressl/man/man3/OCSP_resp_get0.3 libressl/man/man3/OCSP_response_create.3 libressl/man/man3/OCSP_response_get1_basic.3 libressl/man/man3/OCSP_response_status.3 +libressl/man/man3/OCSP_response_status_str.3 libressl/man/man3/OCSP_sendreq_bio.3 libressl/man/man3/OCSP_sendreq_nbio.3 libressl/man/man3/OCSP_sendreq_new.3 libressl/man/man3/OCSP_single_get0_status.3 libressl/man/man3/OCSP_url_svcloc_new.3 libressl/man/man3/OPENSSL_VERSION_NUMBER.3 +libressl/man/man3/OPENSSL_VERSION_TEXT.3 libressl/man/man3/OPENSSL_cleanse.3 libressl/man/man3/OPENSSL_config.3 libressl/man/man3/OPENSSL_free.3 +libressl/man/man3/OPENSSL_init.3 libressl/man/man3/OPENSSL_init_crypto.3 libressl/man/man3/OPENSSL_init_ssl.3 libressl/man/man3/OPENSSL_load_builtin_modules.3 @@ -1363,10 +1706,16 @@ libressl/man/man3/OpenSSL_add_all_digest libressl/man/man3/OpenSSL_add_ssl_algorithms.3 libressl/man/man3/OpenSSL_version.3 libressl/man/man3/OpenSSL_version_num.3 +libressl/man/man3/PEM_ASN1_read.3 +libressl/man/man3/PEM_ASN1_read_bio.3 +libressl/man/man3/PEM_X509_INFO_read.3 +libressl/man/man3/PEM_X509_INFO_read_bio.3 libressl/man/man3/PEM_bytes_read_bio.3 +libressl/man/man3/PEM_def_callback.3 libressl/man/man3/PEM_do_header.3 libressl/man/man3/PEM_get_EVP_CIPHER_INFO.3 libressl/man/man3/PEM_read.3 +libressl/man/man3/PEM_read_CMS.3 libressl/man/man3/PEM_read_DHparams.3 libressl/man/man3/PEM_read_DSAPrivateKey.3 libressl/man/man3/PEM_read_DSA_PUBKEY.3 @@ -1389,6 +1738,7 @@ libressl/man/man3/PEM_read_X509_AUX.3 libressl/man/man3/PEM_read_X509_CRL.3 libressl/man/man3/PEM_read_X509_REQ.3 libressl/man/man3/PEM_read_bio.3 +libressl/man/man3/PEM_read_bio_CMS.3 libressl/man/man3/PEM_read_bio_DHparams.3 libressl/man/man3/PEM_read_bio_DSAPrivateKey.3 libressl/man/man3/PEM_read_bio_DSA_PUBKEY.3 @@ -1411,6 +1761,7 @@ libressl/man/man3/PEM_read_bio_X509_AUX. libressl/man/man3/PEM_read_bio_X509_CRL.3 libressl/man/man3/PEM_read_bio_X509_REQ.3 libressl/man/man3/PEM_write.3 +libressl/man/man3/PEM_write_CMS.3 libressl/man/man3/PEM_write_DHparams.3 libressl/man/man3/PEM_write_DSAPrivateKey.3 libressl/man/man3/PEM_write_DSA_PUBKEY.3 @@ -1436,6 +1787,9 @@ libressl/man/man3/PEM_write_X509_CRL.3 libressl/man/man3/PEM_write_X509_REQ.3 libressl/man/man3/PEM_write_X509_REQ_NEW.3 libressl/man/man3/PEM_write_bio.3 +libressl/man/man3/PEM_write_bio_ASN1_stream.3 +libressl/man/man3/PEM_write_bio_CMS.3 +libressl/man/man3/PEM_write_bio_CMS_stream.3 libressl/man/man3/PEM_write_bio_DHparams.3 libressl/man/man3/PEM_write_bio_DSAPrivateKey.3 libressl/man/man3/PEM_write_bio_DSA_PUBKEY.3 @@ -1493,16 +1847,38 @@ libressl/man/man3/PKCS7_SIGNER_INFO_free libressl/man/man3/PKCS7_SIGNER_INFO_new.3 libressl/man/man3/PKCS7_SIGN_ENVELOPE_free.3 libressl/man/man3/PKCS7_SIGN_ENVELOPE_new.3 +libressl/man/man3/PKCS7_add0_attrib_signing_time.3 +libressl/man/man3/PKCS7_add1_attrib_digest.3 +libressl/man/man3/PKCS7_add_attrib_content_type.3 +libressl/man/man3/PKCS7_add_attrib_smimecap.3 +libressl/man/man3/PKCS7_add_attribute.3 +libressl/man/man3/PKCS7_add_signed_attribute.3 +libressl/man/man3/PKCS7_content_new.3 +libressl/man/man3/PKCS7_dataFinal.3 +libressl/man/man3/PKCS7_dataInit.3 libressl/man/man3/PKCS7_decrypt.3 libressl/man/man3/PKCS7_encrypt.3 +libressl/man/man3/PKCS7_final.3 libressl/man/man3/PKCS7_free.3 libressl/man/man3/PKCS7_get0_signers.3 +libressl/man/man3/PKCS7_get_attribute.3 +libressl/man/man3/PKCS7_get_signed_attribute.3 +libressl/man/man3/PKCS7_get_signer_info.3 libressl/man/man3/PKCS7_new.3 +libressl/man/man3/PKCS7_set0_type_other.3 +libressl/man/man3/PKCS7_set_attributes.3 +libressl/man/man3/PKCS7_set_content.3 +libressl/man/man3/PKCS7_set_signed_attributes.3 +libressl/man/man3/PKCS7_set_type.3 libressl/man/man3/PKCS7_sign.3 libressl/man/man3/PKCS7_sign_add_signer.3 libressl/man/man3/PKCS7_verify.3 libressl/man/man3/PKCS8_PRIV_KEY_INFO_free.3 libressl/man/man3/PKCS8_PRIV_KEY_INFO_new.3 +libressl/man/man3/PKCS8_pkey_add1_attr_by_NID.3 +libressl/man/man3/PKCS8_pkey_get0.3 +libressl/man/man3/PKCS8_pkey_get0_attrs.3 +libressl/man/man3/PKCS8_pkey_set0.3 libressl/man/man3/PKEY_USAGE_PERIOD_free.3 libressl/man/man3/PKEY_USAGE_PERIOD_new.3 libressl/man/man3/POLICYINFO_free.3 @@ -1536,6 +1912,8 @@ libressl/man/man3/RIPEMD160.3 libressl/man/man3/RIPEMD160_Final.3 libressl/man/man3/RIPEMD160_Init.3 libressl/man/man3/RIPEMD160_Update.3 +libressl/man/man3/RSAPrivateKey_dup.3 +libressl/man/man3/RSAPublicKey_dup.3 libressl/man/man3/RSA_PKCS1_SSLeay.3 libressl/man/man3/RSA_PSS_PARAMS_free.3 libressl/man/man3/RSA_PSS_PARAMS_new.3 @@ -1552,19 +1930,42 @@ libressl/man/man3/RSA_get0_crt_params.3 libressl/man/man3/RSA_get0_factors.3 libressl/man/man3/RSA_get0_key.3 libressl/man/man3/RSA_get_default_method.3 -libressl/man/man3/RSA_get_default_openssl_method.3 libressl/man/man3/RSA_get_ex_data.3 libressl/man/man3/RSA_get_ex_new_index.3 libressl/man/man3/RSA_get_method.3 libressl/man/man3/RSA_meth_dup.3 libressl/man/man3/RSA_meth_free.3 +libressl/man/man3/RSA_meth_get0_app_data.3 +libressl/man/man3/RSA_meth_get0_name.3 +libressl/man/man3/RSA_meth_get_bn_mod_exp.3 +libressl/man/man3/RSA_meth_get_finish.3 +libressl/man/man3/RSA_meth_get_flags.3 +libressl/man/man3/RSA_meth_get_init.3 +libressl/man/man3/RSA_meth_get_keygen.3 +libressl/man/man3/RSA_meth_get_mod_exp.3 +libressl/man/man3/RSA_meth_get_priv_dec.3 +libressl/man/man3/RSA_meth_get_priv_enc.3 +libressl/man/man3/RSA_meth_get_pub_dec.3 +libressl/man/man3/RSA_meth_get_pub_enc.3 +libressl/man/man3/RSA_meth_get_sign.3 +libressl/man/man3/RSA_meth_get_verify.3 libressl/man/man3/RSA_meth_new.3 +libressl/man/man3/RSA_meth_set0_app_data.3 +libressl/man/man3/RSA_meth_set1_name.3 +libressl/man/man3/RSA_meth_set_bn_mod_exp.3 libressl/man/man3/RSA_meth_set_finish.3 +libressl/man/man3/RSA_meth_set_flags.3 +libressl/man/man3/RSA_meth_set_init.3 +libressl/man/man3/RSA_meth_set_keygen.3 +libressl/man/man3/RSA_meth_set_mod_exp.3 libressl/man/man3/RSA_meth_set_priv_dec.3 libressl/man/man3/RSA_meth_set_priv_enc.3 +libressl/man/man3/RSA_meth_set_pub_dec.3 +libressl/man/man3/RSA_meth_set_pub_enc.3 +libressl/man/man3/RSA_meth_set_sign.3 +libressl/man/man3/RSA_meth_set_verify.3 libressl/man/man3/RSA_new.3 libressl/man/man3/RSA_new_method.3 -libressl/man/man3/RSA_null_method.3 libressl/man/man3/RSA_padding_add_PKCS1_OAEP.3 libressl/man/man3/RSA_padding_add_PKCS1_type_1.3 libressl/man/man3/RSA_padding_add_PKCS1_type_2.3 @@ -1573,17 +1974,18 @@ libressl/man/man3/RSA_padding_check_PKCS libressl/man/man3/RSA_padding_check_PKCS1_type_1.3 libressl/man/man3/RSA_padding_check_PKCS1_type_2.3 libressl/man/man3/RSA_padding_check_none.3 +libressl/man/man3/RSA_pkey_ctx_ctrl.3 libressl/man/man3/RSA_print.3 libressl/man/man3/RSA_print_fp.3 libressl/man/man3/RSA_private_decrypt.3 libressl/man/man3/RSA_private_encrypt.3 libressl/man/man3/RSA_public_decrypt.3 libressl/man/man3/RSA_public_encrypt.3 +libressl/man/man3/RSA_security_bits.3 libressl/man/man3/RSA_set0_crt_params.3 libressl/man/man3/RSA_set0_factors.3 libressl/man/man3/RSA_set0_key.3 libressl/man/man3/RSA_set_default_method.3 -libressl/man/man3/RSA_set_default_openssl_method.3 libressl/man/man3/RSA_set_ex_data.3 libressl/man/man3/RSA_set_flags.3 libressl/man/man3/RSA_set_method.3 @@ -1591,6 +1993,7 @@ libressl/man/man3/RSA_sign.3 libressl/man/man3/RSA_sign_ASN1_OCTET_STRING.3 libressl/man/man3/RSA_size.3 libressl/man/man3/RSA_test_flags.3 +libressl/man/man3/RSA_up_ref.3 libressl/man/man3/RSA_verify.3 libressl/man/man3/RSA_verify_ASN1_OCTET_STRING.3 libressl/man/man3/SHA1.3 @@ -1613,9 +2016,16 @@ libressl/man/man3/SHA512.3 libressl/man/man3/SHA512_Final.3 libressl/man/man3/SHA512_Init.3 libressl/man/man3/SHA512_Update.3 +libressl/man/man3/SMIME_crlf_copy.3 +libressl/man/man3/SMIME_read_ASN1.3 +libressl/man/man3/SMIME_read_CMS.3 libressl/man/man3/SMIME_read_PKCS7.3 +libressl/man/man3/SMIME_text.3 +libressl/man/man3/SMIME_write_ASN1.3 +libressl/man/man3/SMIME_write_CMS.3 libressl/man/man3/SMIME_write_PKCS7.3 libressl/man/man3/SSL_CIPHER_description.3 +libressl/man/man3/SSL_CIPHER_find.3 libressl/man/man3/SSL_CIPHER_get_auth_nid.3 libressl/man/man3/SSL_CIPHER_get_bits.3 libressl/man/man3/SSL_CIPHER_get_cipher_nid.3 @@ -1627,40 +2037,55 @@ libressl/man/man3/SSL_CIPHER_get_version libressl/man/man3/SSL_CIPHER_is_aead.3 libressl/man/man3/SSL_COMP_add_compression_method.3 libressl/man/man3/SSL_COMP_get_compression_methods.3 +libressl/man/man3/SSL_CTX_add0_chain_cert.3 +libressl/man/man3/SSL_CTX_add1_chain_cert.3 libressl/man/man3/SSL_CTX_add_client_CA.3 libressl/man/man3/SSL_CTX_add_extra_chain_cert.3 libressl/man/man3/SSL_CTX_add_session.3 libressl/man/man3/SSL_CTX_callback_ctrl.3 libressl/man/man3/SSL_CTX_check_private_key.3 +libressl/man/man3/SSL_CTX_clear_chain_certs.3 libressl/man/man3/SSL_CTX_clear_extra_chain_certs.3 +libressl/man/man3/SSL_CTX_clear_mode.3 libressl/man/man3/SSL_CTX_clear_options.3 libressl/man/man3/SSL_CTX_ctrl.3 libressl/man/man3/SSL_CTX_flush_sessions.3 libressl/man/man3/SSL_CTX_free.3 libressl/man/man3/SSL_CTX_get0_certificate.3 +libressl/man/man3/SSL_CTX_get0_chain_certs.3 libressl/man/man3/SSL_CTX_get0_param.3 libressl/man/man3/SSL_CTX_get_cert_store.3 libressl/man/man3/SSL_CTX_get_ciphers.3 libressl/man/man3/SSL_CTX_get_client_CA_list.3 libressl/man/man3/SSL_CTX_get_client_cert_cb.3 +libressl/man/man3/SSL_CTX_get_default_passwd_cb.3 +libressl/man/man3/SSL_CTX_get_default_passwd_cb_userdata.3 libressl/man/man3/SSL_CTX_get_default_read_ahead.3 libressl/man/man3/SSL_CTX_get_ex_data.3 libressl/man/man3/SSL_CTX_get_ex_new_index.3 +libressl/man/man3/SSL_CTX_get_extra_chain_certs.3 +libressl/man/man3/SSL_CTX_get_extra_chain_certs_only.3 libressl/man/man3/SSL_CTX_get_info_callback.3 +libressl/man/man3/SSL_CTX_get_keylog_callback.3 libressl/man/man3/SSL_CTX_get_max_cert_list.3 +libressl/man/man3/SSL_CTX_get_max_early_data.3 libressl/man/man3/SSL_CTX_get_max_proto_version.3 libressl/man/man3/SSL_CTX_get_min_proto_version.3 libressl/man/man3/SSL_CTX_get_mode.3 +libressl/man/man3/SSL_CTX_get_num_tickets.3 libressl/man/man3/SSL_CTX_get_options.3 libressl/man/man3/SSL_CTX_get_quiet_shutdown.3 libressl/man/man3/SSL_CTX_get_read_ahead.3 +libressl/man/man3/SSL_CTX_get_security_level.3 libressl/man/man3/SSL_CTX_get_session_cache_mode.3 +libressl/man/man3/SSL_CTX_get_ssl_method.3 libressl/man/man3/SSL_CTX_get_timeout.3 libressl/man/man3/SSL_CTX_get_tlsext_status_arg.3 libressl/man/man3/SSL_CTX_get_tlsext_status_cb.3 libressl/man/man3/SSL_CTX_get_verify_callback.3 libressl/man/man3/SSL_CTX_get_verify_depth.3 libressl/man/man3/SSL_CTX_get_verify_mode.3 +libressl/man/man3/SSL_CTX_keylog_cb_func.3 libressl/man/man3/SSL_CTX_load_verify_locations.3 libressl/man/man3/SSL_CTX_need_tmp_RSA.3 libressl/man/man3/SSL_CTX_new.3 @@ -1686,6 +2111,8 @@ libressl/man/man3/SSL_CTX_sess_set_new_c libressl/man/man3/SSL_CTX_sess_set_remove_cb.3 libressl/man/man3/SSL_CTX_sess_timeouts.3 libressl/man/man3/SSL_CTX_sessions.3 +libressl/man/man3/SSL_CTX_set0_chain.3 +libressl/man/man3/SSL_CTX_set1_chain.3 libressl/man/man3/SSL_CTX_set1_curves.3 libressl/man/man3/SSL_CTX_set1_curves_list.3 libressl/man/man3/SSL_CTX_set1_groups.3 @@ -1705,16 +2132,20 @@ libressl/man/man3/SSL_CTX_set_ecdh_auto. libressl/man/man3/SSL_CTX_set_ex_data.3 libressl/man/man3/SSL_CTX_set_generate_session_id.3 libressl/man/man3/SSL_CTX_set_info_callback.3 +libressl/man/man3/SSL_CTX_set_keylog_callback.3 libressl/man/man3/SSL_CTX_set_max_cert_list.3 +libressl/man/man3/SSL_CTX_set_max_early_data.3 libressl/man/man3/SSL_CTX_set_max_proto_version.3 libressl/man/man3/SSL_CTX_set_max_send_fragment.3 libressl/man/man3/SSL_CTX_set_min_proto_version.3 libressl/man/man3/SSL_CTX_set_mode.3 libressl/man/man3/SSL_CTX_set_msg_callback.3 libressl/man/man3/SSL_CTX_set_msg_callback_arg.3 +libressl/man/man3/SSL_CTX_set_num_tickets.3 libressl/man/man3/SSL_CTX_set_options.3 libressl/man/man3/SSL_CTX_set_quiet_shutdown.3 libressl/man/man3/SSL_CTX_set_read_ahead.3 +libressl/man/man3/SSL_CTX_set_security_level.3 libressl/man/man3/SSL_CTX_set_session_cache_mode.3 libressl/man/man3/SSL_CTX_set_session_id_context.3 libressl/man/man3/SSL_CTX_set_ssl_version.3 @@ -1746,6 +2177,7 @@ libressl/man/man3/SSL_CTX_use_certificat libressl/man/man3/SSL_CTX_use_certificate_chain_mem.3 libressl/man/man3/SSL_CTX_use_certificate_file.3 libressl/man/man3/SSL_SESSION_free.3 +libressl/man/man3/SSL_SESSION_get0_cipher.3 libressl/man/man3/SSL_SESSION_get0_id_context.3 libressl/man/man3/SSL_SESSION_get0_peer.3 libressl/man/man3/SSL_SESSION_get_compress_id.3 @@ -1753,21 +2185,26 @@ libressl/man/man3/SSL_SESSION_get_ex_dat libressl/man/man3/SSL_SESSION_get_ex_new_index.3 libressl/man/man3/SSL_SESSION_get_id.3 libressl/man/man3/SSL_SESSION_get_master_key.3 +libressl/man/man3/SSL_SESSION_get_max_early_data.3 libressl/man/man3/SSL_SESSION_get_protocol_version.3 libressl/man/man3/SSL_SESSION_get_ticket_lifetime_hint.3 libressl/man/man3/SSL_SESSION_get_time.3 libressl/man/man3/SSL_SESSION_get_timeout.3 libressl/man/man3/SSL_SESSION_has_ticket.3 +libressl/man/man3/SSL_SESSION_is_resumable.3 libressl/man/man3/SSL_SESSION_new.3 libressl/man/man3/SSL_SESSION_print.3 libressl/man/man3/SSL_SESSION_print_fp.3 libressl/man/man3/SSL_SESSION_set1_id.3 libressl/man/man3/SSL_SESSION_set1_id_context.3 libressl/man/man3/SSL_SESSION_set_ex_data.3 +libressl/man/man3/SSL_SESSION_set_max_early_data.3 libressl/man/man3/SSL_SESSION_set_time.3 libressl/man/man3/SSL_SESSION_set_timeout.3 libressl/man/man3/SSL_SESSION_up_ref.3 libressl/man/man3/SSL_accept.3 +libressl/man/man3/SSL_add0_chain_cert.3 +libressl/man/man3/SSL_add1_chain_cert.3 libressl/man/man3/SSL_add_client_CA.3 libressl/man/man3/SSL_add_dir_cert_subjects_to_stack.3 libressl/man/man3/SSL_add_file_cert_subjects_to_stack.3 @@ -1778,6 +2215,8 @@ libressl/man/man3/SSL_alert_type_string_ libressl/man/man3/SSL_callback_ctrl.3 libressl/man/man3/SSL_check_private_key.3 libressl/man/man3/SSL_clear.3 +libressl/man/man3/SSL_clear_chain_certs.3 +libressl/man/man3/SSL_clear_mode.3 libressl/man/man3/SSL_clear_num_renegotiations.3 libressl/man/man3/SSL_clear_options.3 libressl/man/man3/SSL_connect.3 @@ -1789,9 +2228,12 @@ libressl/man/man3/SSL_dup_CA_list.3 libressl/man/man3/SSL_export_keying_material.3 libressl/man/man3/SSL_free.3 libressl/man/man3/SSL_get0_alpn_selected.3 +libressl/man/man3/SSL_get0_chain_certs.3 libressl/man/man3/SSL_get0_param.3 +libressl/man/man3/SSL_get0_peername.3 libressl/man/man3/SSL_get0_session.3 libressl/man/man3/SSL_get1_session.3 +libressl/man/man3/SSL_get1_supported_ciphers.3 libressl/man/man3/SSL_get_SSL_CTX.3 libressl/man/man3/SSL_get_certificate.3 libressl/man/man3/SSL_get_cipher.3 @@ -1801,28 +2243,35 @@ libressl/man/man3/SSL_get_cipher_name.3 libressl/man/man3/SSL_get_cipher_version.3 libressl/man/man3/SSL_get_ciphers.3 libressl/man/man3/SSL_get_client_CA_list.3 +libressl/man/man3/SSL_get_client_ciphers.3 libressl/man/man3/SSL_get_client_random.3 libressl/man/man3/SSL_get_current_cipher.3 libressl/man/man3/SSL_get_default_timeout.3 +libressl/man/man3/SSL_get_early_data_status.3 libressl/man/man3/SSL_get_error.3 libressl/man/man3/SSL_get_ex_data.3 libressl/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3 libressl/man/man3/SSL_get_ex_new_index.3 libressl/man/man3/SSL_get_fd.3 +libressl/man/man3/SSL_get_finished.3 libressl/man/man3/SSL_get_info_callback.3 libressl/man/man3/SSL_get_max_cert_list.3 +libressl/man/man3/SSL_get_max_early_data.3 libressl/man/man3/SSL_get_max_proto_version.3 libressl/man/man3/SSL_get_min_proto_version.3 libressl/man/man3/SSL_get_mode.3 +libressl/man/man3/SSL_get_num_tickets.3 libressl/man/man3/SSL_get_options.3 libressl/man/man3/SSL_get_peer_cert_chain.3 libressl/man/man3/SSL_get_peer_certificate.3 +libressl/man/man3/SSL_get_peer_finished.3 libressl/man/man3/SSL_get_privatekey.3 libressl/man/man3/SSL_get_quiet_shutdown.3 libressl/man/man3/SSL_get_rbio.3 libressl/man/man3/SSL_get_read_ahead.3 libressl/man/man3/SSL_get_rfd.3 libressl/man/man3/SSL_get_secure_renegotiation_support.3 +libressl/man/man3/SSL_get_security_level.3 libressl/man/man3/SSL_get_selected_srtp_profile.3 libressl/man/man3/SSL_get_server_random.3 libressl/man/man3/SSL_get_server_tmp_key.3 @@ -1837,6 +2286,7 @@ libressl/man/man3/SSL_get_state.3 libressl/man/man3/SSL_get_time.3 libressl/man/man3/SSL_get_timeout.3 libressl/man/man3/SSL_get_tlsext_status_ocsp_resp.3 +libressl/man/man3/SSL_get_tlsext_status_type.3 libressl/man/man3/SSL_get_verify_callback.3 libressl/man/man3/SSL_get_verify_depth.3 libressl/man/man3/SSL_get_verify_mode.3 @@ -1849,17 +2299,22 @@ libressl/man/man3/SSL_in_accept_init.3 libressl/man/man3/SSL_in_before.3 libressl/man/man3/SSL_in_connect_init.3 libressl/man/man3/SSL_in_init.3 +libressl/man/man3/SSL_is_dtls.3 libressl/man/man3/SSL_is_init_finished.3 libressl/man/man3/SSL_is_server.3 libressl/man/man3/SSL_library_init.3 libressl/man/man3/SSL_load_client_CA_file.3 libressl/man/man3/SSL_load_error_strings.3 -libressl/man/man3/SSL_need_tmp_rsa.3 +libressl/man/man3/SSL_need_tmp_RSA.3 libressl/man/man3/SSL_new.3 libressl/man/man3/SSL_num_renegotiations.3 libressl/man/man3/SSL_peek.3 +libressl/man/man3/SSL_peek_ex.3 libressl/man/man3/SSL_pending.3 +libressl/man/man3/SSL_psk_use_session_cb_func.3 libressl/man/man3/SSL_read.3 +libressl/man/man3/SSL_read_early_data.3 +libressl/man/man3/SSL_read_ex.3 libressl/man/man3/SSL_renegotiate.3 libressl/man/man3/SSL_renegotiate_abbreviated.3 libressl/man/man3/SSL_renegotiate_pending.3 @@ -1867,11 +2322,15 @@ libressl/man/man3/SSL_rstate_string.3 libressl/man/man3/SSL_rstate_string_long.3 libressl/man/man3/SSL_select_next_proto.3 libressl/man/man3/SSL_session_reused.3 +libressl/man/man3/SSL_set0_chain.3 +libressl/man/man3/SSL_set1_chain.3 libressl/man/man3/SSL_set1_curves.3 libressl/man/man3/SSL_set1_curves_list.3 libressl/man/man3/SSL_set1_groups.3 libressl/man/man3/SSL_set1_groups_list.3 +libressl/man/man3/SSL_set1_host.3 libressl/man/man3/SSL_set1_param.3 +libressl/man/man3/SSL_set_SSL_CTX.3 libressl/man/man3/SSL_set_accept_state.3 libressl/man/man3/SSL_set_alpn_protos.3 libressl/man/man3/SSL_set_bio.3 @@ -1882,18 +2341,23 @@ libressl/man/man3/SSL_set_ecdh_auto.3 libressl/man/man3/SSL_set_ex_data.3 libressl/man/man3/SSL_set_fd.3 libressl/man/man3/SSL_set_generate_session_id.3 +libressl/man/man3/SSL_set_hostflags.3 libressl/man/man3/SSL_set_info_callback.3 libressl/man/man3/SSL_set_max_cert_list.3 +libressl/man/man3/SSL_set_max_early_data.3 libressl/man/man3/SSL_set_max_proto_version.3 libressl/man/man3/SSL_set_max_send_fragment.3 libressl/man/man3/SSL_set_min_proto_version.3 libressl/man/man3/SSL_set_mode.3 libressl/man/man3/SSL_set_msg_callback.3 libressl/man/man3/SSL_set_msg_callback_arg.3 +libressl/man/man3/SSL_set_num_tickets.3 libressl/man/man3/SSL_set_options.3 +libressl/man/man3/SSL_set_psk_use_session_callback.3 libressl/man/man3/SSL_set_quiet_shutdown.3 libressl/man/man3/SSL_set_read_ahead.3 libressl/man/man3/SSL_set_rfd.3 +libressl/man/man3/SSL_set_security_level.3 libressl/man/man3/SSL_set_session.3 libressl/man/man3/SSL_set_session_id_context.3 libressl/man/man3/SSL_set_shutdown.3 @@ -1928,6 +2392,7 @@ libressl/man/man3/SSL_use_RSAPrivateKey_ libressl/man/man3/SSL_use_RSAPrivateKey_file.3 libressl/man/man3/SSL_use_certificate.3 libressl/man/man3/SSL_use_certificate_ASN1.3 +libressl/man/man3/SSL_use_certificate_chain_file.3 libressl/man/man3/SSL_use_certificate_file.3 libressl/man/man3/SSL_version.3 libressl/man/man3/SSL_want.3 @@ -1936,6 +2401,8 @@ libressl/man/man3/SSL_want_read.3 libressl/man/man3/SSL_want_write.3 libressl/man/man3/SSL_want_x509_lookup.3 libressl/man/man3/SSL_write.3 +libressl/man/man3/SSL_write_early_data.3 +libressl/man/man3/SSL_write_ex.3 libressl/man/man3/SSLeay.3 libressl/man/man3/SSLeay_add_ssl_algorithms.3 libressl/man/man3/SSLeay_version.3 @@ -2029,9 +2496,12 @@ libressl/man/man3/UI_set_result.3 libressl/man/man3/USERNOTICE_free.3 libressl/man/man3/USERNOTICE_new.3 libressl/man/man3/X25519.3 +libressl/man/man3/X25519_keypair.3 libressl/man/man3/X509V3_EXT_d2i.3 libressl/man/man3/X509V3_EXT_i2d.3 +libressl/man/man3/X509V3_EXT_print.3 libressl/man/man3/X509V3_add1_i2d.3 +libressl/man/man3/X509V3_extensions_print.3 libressl/man/man3/X509V3_get_d2i.3 libressl/man/man3/X509_ALGOR_cmp.3 libressl/man/man3/X509_ALGOR_dup.3 @@ -2040,17 +2510,32 @@ libressl/man/man3/X509_ALGOR_get0.3 libressl/man/man3/X509_ALGOR_new.3 libressl/man/man3/X509_ALGOR_set0.3 libressl/man/man3/X509_ALGOR_set_md.3 +libressl/man/man3/X509_ATTRIBUTE_count.3 +libressl/man/man3/X509_ATTRIBUTE_create.3 +libressl/man/man3/X509_ATTRIBUTE_create_by_NID.3 +libressl/man/man3/X509_ATTRIBUTE_create_by_OBJ.3 +libressl/man/man3/X509_ATTRIBUTE_create_by_txt.3 +libressl/man/man3/X509_ATTRIBUTE_dup.3 libressl/man/man3/X509_ATTRIBUTE_free.3 +libressl/man/man3/X509_ATTRIBUTE_get0_data.3 +libressl/man/man3/X509_ATTRIBUTE_get0_object.3 +libressl/man/man3/X509_ATTRIBUTE_get0_type.3 libressl/man/man3/X509_ATTRIBUTE_new.3 +libressl/man/man3/X509_ATTRIBUTE_set1_data.3 +libressl/man/man3/X509_ATTRIBUTE_set1_object.3 libressl/man/man3/X509_CERT_AUX_free.3 libressl/man/man3/X509_CERT_AUX_new.3 +libressl/man/man3/X509_CERT_AUX_print.3 libressl/man/man3/X509_CINF_free.3 libressl/man/man3/X509_CINF_new.3 libressl/man/man3/X509_CRL_INFO_free.3 libressl/man/man3/X509_CRL_INFO_new.3 +libressl/man/man3/X509_CRL_METHOD_free.3 +libressl/man/man3/X509_CRL_METHOD_new.3 libressl/man/man3/X509_CRL_add0_revoked.3 libressl/man/man3/X509_CRL_add1_ext_i2d.3 libressl/man/man3/X509_CRL_add_ext.3 +libressl/man/man3/X509_CRL_cmp.3 libressl/man/man3/X509_CRL_delete_ext.3 libressl/man/man3/X509_CRL_digest.3 libressl/man/man3/X509_CRL_dup.3 @@ -2069,12 +2554,22 @@ libressl/man/man3/X509_CRL_get_ext_by_cr libressl/man/man3/X509_CRL_get_ext_count.3 libressl/man/man3/X509_CRL_get_ext_d2i.3 libressl/man/man3/X509_CRL_get_issuer.3 +libressl/man/man3/X509_CRL_get_lastUpdate.3 +libressl/man/man3/X509_CRL_get_meth_data.3 +libressl/man/man3/X509_CRL_get_nextUpdate.3 libressl/man/man3/X509_CRL_get_signature_nid.3 libressl/man/man3/X509_CRL_get_version.3 +libressl/man/man3/X509_CRL_match.3 libressl/man/man3/X509_CRL_new.3 +libressl/man/man3/X509_CRL_print.3 +libressl/man/man3/X509_CRL_print_fp.3 libressl/man/man3/X509_CRL_set1_lastUpdate.3 libressl/man/man3/X509_CRL_set1_nextUpdate.3 +libressl/man/man3/X509_CRL_set_default_method.3 libressl/man/man3/X509_CRL_set_issuer_name.3 +libressl/man/man3/X509_CRL_set_lastUpdate.3 +libressl/man/man3/X509_CRL_set_meth_data.3 +libressl/man/man3/X509_CRL_set_nextUpdate.3 libressl/man/man3/X509_CRL_set_version.3 libressl/man/man3/X509_CRL_sign.3 libressl/man/man3/X509_CRL_sign_ctx.3 @@ -2083,6 +2578,7 @@ libressl/man/man3/X509_CRL_up_ref.3 libressl/man/man3/X509_CRL_verify.3 libressl/man/man3/X509_EXTENSION_create_by_NID.3 libressl/man/man3/X509_EXTENSION_create_by_OBJ.3 +libressl/man/man3/X509_EXTENSION_dup.3 libressl/man/man3/X509_EXTENSION_free.3 libressl/man/man3/X509_EXTENSION_get_critical.3 libressl/man/man3/X509_EXTENSION_get_data.3 @@ -2091,8 +2587,23 @@ libressl/man/man3/X509_EXTENSION_new.3 libressl/man/man3/X509_EXTENSION_set_critical.3 libressl/man/man3/X509_EXTENSION_set_data.3 libressl/man/man3/X509_EXTENSION_set_object.3 +libressl/man/man3/X509_INFO_free.3 +libressl/man/man3/X509_INFO_new.3 +libressl/man/man3/X509_LOOKUP_add_dir.3 +libressl/man/man3/X509_LOOKUP_add_mem.3 +libressl/man/man3/X509_LOOKUP_by_alias.3 +libressl/man/man3/X509_LOOKUP_by_fingerprint.3 +libressl/man/man3/X509_LOOKUP_by_issuer_serial.3 +libressl/man/man3/X509_LOOKUP_by_subject.3 +libressl/man/man3/X509_LOOKUP_ctrl.3 libressl/man/man3/X509_LOOKUP_file.3 +libressl/man/man3/X509_LOOKUP_free.3 libressl/man/man3/X509_LOOKUP_hash_dir.3 +libressl/man/man3/X509_LOOKUP_init.3 +libressl/man/man3/X509_LOOKUP_load_file.3 +libressl/man/man3/X509_LOOKUP_mem.3 +libressl/man/man3/X509_LOOKUP_new.3 +libressl/man/man3/X509_LOOKUP_shutdown.3 libressl/man/man3/X509_NAME_ENTRY_create_by_NID.3 libressl/man/man3/X509_NAME_ENTRY_create_by_OBJ.3 libressl/man/man3/X509_NAME_ENTRY_create_by_txt.3 @@ -2101,12 +2612,14 @@ libressl/man/man3/X509_NAME_ENTRY_free.3 libressl/man/man3/X509_NAME_ENTRY_get_data.3 libressl/man/man3/X509_NAME_ENTRY_get_object.3 libressl/man/man3/X509_NAME_ENTRY_new.3 +libressl/man/man3/X509_NAME_ENTRY_set.3 libressl/man/man3/X509_NAME_ENTRY_set_data.3 libressl/man/man3/X509_NAME_ENTRY_set_object.3 libressl/man/man3/X509_NAME_add_entry.3 libressl/man/man3/X509_NAME_add_entry_by_NID.3 libressl/man/man3/X509_NAME_add_entry_by_OBJ.3 libressl/man/man3/X509_NAME_add_entry_by_txt.3 +libressl/man/man3/X509_NAME_cmp.3 libressl/man/man3/X509_NAME_delete_entry.3 libressl/man/man3/X509_NAME_digest.3 libressl/man/man3/X509_NAME_dup.3 @@ -2119,18 +2632,25 @@ libressl/man/man3/X509_NAME_get_index_by libressl/man/man3/X509_NAME_get_text_by_NID.3 libressl/man/man3/X509_NAME_get_text_by_OBJ.3 libressl/man/man3/X509_NAME_hash.3 +libressl/man/man3/X509_NAME_hash_old.3 libressl/man/man3/X509_NAME_new.3 libressl/man/man3/X509_NAME_oneline.3 libressl/man/man3/X509_NAME_print.3 libressl/man/man3/X509_NAME_print_ex.3 libressl/man/man3/X509_NAME_print_ex_fp.3 +libressl/man/man3/X509_NAME_set.3 +libressl/man/man3/X509_OBJECT_free.3 libressl/man/man3/X509_OBJECT_free_contents.3 libressl/man/man3/X509_OBJECT_get0_X509.3 libressl/man/man3/X509_OBJECT_get0_X509_CRL.3 +libressl/man/man3/X509_OBJECT_get_type.3 libressl/man/man3/X509_OBJECT_idx_by_subject.3 +libressl/man/man3/X509_OBJECT_new.3 libressl/man/man3/X509_OBJECT_retrieve_by_subject.3 libressl/man/man3/X509_OBJECT_retrieve_match.3 libressl/man/man3/X509_OBJECT_up_ref_count.3 +libressl/man/man3/X509_PKEY_free.3 +libressl/man/man3/X509_PKEY_new.3 libressl/man/man3/X509_PUBKEY_free.3 libressl/man/man3/X509_PUBKEY_get.3 libressl/man/man3/X509_PUBKEY_get0.3 @@ -2138,22 +2658,55 @@ libressl/man/man3/X509_PUBKEY_get0_param libressl/man/man3/X509_PUBKEY_new.3 libressl/man/man3/X509_PUBKEY_set.3 libressl/man/man3/X509_PUBKEY_set0_param.3 +libressl/man/man3/X509_PURPOSE_add.3 +libressl/man/man3/X509_PURPOSE_cleanup.3 +libressl/man/man3/X509_PURPOSE_get0.3 +libressl/man/man3/X509_PURPOSE_get0_name.3 +libressl/man/man3/X509_PURPOSE_get0_sname.3 +libressl/man/man3/X509_PURPOSE_get_by_id.3 +libressl/man/man3/X509_PURPOSE_get_by_sname.3 +libressl/man/man3/X509_PURPOSE_get_count.3 +libressl/man/man3/X509_PURPOSE_get_id.3 +libressl/man/man3/X509_PURPOSE_get_trust.3 +libressl/man/man3/X509_PURPOSE_set.3 libressl/man/man3/X509_REQ_INFO_free.3 libressl/man/man3/X509_REQ_INFO_new.3 +libressl/man/man3/X509_REQ_add1_attr.3 +libressl/man/man3/X509_REQ_add1_attr_by_NID.3 +libressl/man/man3/X509_REQ_add1_attr_by_OBJ.3 +libressl/man/man3/X509_REQ_add1_attr_by_txt.3 +libressl/man/man3/X509_REQ_add_extensions.3 +libressl/man/man3/X509_REQ_add_extensions_nid.3 libressl/man/man3/X509_REQ_check_private_key.3 +libressl/man/man3/X509_REQ_delete_attr.3 libressl/man/man3/X509_REQ_digest.3 +libressl/man/man3/X509_REQ_dup.3 +libressl/man/man3/X509_REQ_extension_nid.3 +libressl/man/man3/X509_REQ_extract_key.3 libressl/man/man3/X509_REQ_free.3 +libressl/man/man3/X509_REQ_get0_pubkey.3 libressl/man/man3/X509_REQ_get0_signature.3 +libressl/man/man3/X509_REQ_get_attr.3 +libressl/man/man3/X509_REQ_get_attr_by_NID.3 +libressl/man/man3/X509_REQ_get_attr_by_OBJ.3 +libressl/man/man3/X509_REQ_get_attr_count.3 +libressl/man/man3/X509_REQ_get_extension_nids.3 +libressl/man/man3/X509_REQ_get_extensions.3 libressl/man/man3/X509_REQ_get_pubkey.3 libressl/man/man3/X509_REQ_get_signature_nid.3 libressl/man/man3/X509_REQ_get_subject_name.3 libressl/man/man3/X509_REQ_get_version.3 libressl/man/man3/X509_REQ_new.3 +libressl/man/man3/X509_REQ_print.3 +libressl/man/man3/X509_REQ_print_ex.3 +libressl/man/man3/X509_REQ_print_fp.3 +libressl/man/man3/X509_REQ_set_extension_nids.3 libressl/man/man3/X509_REQ_set_pubkey.3 libressl/man/man3/X509_REQ_set_subject_name.3 libressl/man/man3/X509_REQ_set_version.3 libressl/man/man3/X509_REQ_sign.3 libressl/man/man3/X509_REQ_sign_ctx.3 +libressl/man/man3/X509_REQ_to_X509.3 libressl/man/man3/X509_REQ_verify.3 libressl/man/man3/X509_REVOKED_add1_ext_i2d.3 libressl/man/man3/X509_REVOKED_add_ext.3 @@ -2173,40 +2726,72 @@ libressl/man/man3/X509_REVOKED_new.3 libressl/man/man3/X509_REVOKED_set_revocationDate.3 libressl/man/man3/X509_REVOKED_set_serialNumber.3 libressl/man/man3/X509_SIG_free.3 +libressl/man/man3/X509_SIG_get0.3 +libressl/man/man3/X509_SIG_getm.3 libressl/man/man3/X509_SIG_new.3 libressl/man/man3/X509_STORE_CTX_cleanup.3 libressl/man/man3/X509_STORE_CTX_free.3 libressl/man/man3/X509_STORE_CTX_get0_cert.3 libressl/man/man3/X509_STORE_CTX_get0_chain.3 +libressl/man/man3/X509_STORE_CTX_get0_current_crl.3 +libressl/man/man3/X509_STORE_CTX_get0_current_issuer.3 libressl/man/man3/X509_STORE_CTX_get0_param.3 +libressl/man/man3/X509_STORE_CTX_get0_parent_ctx.3 +libressl/man/man3/X509_STORE_CTX_get0_policy_tree.3 libressl/man/man3/X509_STORE_CTX_get0_store.3 libressl/man/man3/X509_STORE_CTX_get0_untrusted.3 libressl/man/man3/X509_STORE_CTX_get1_chain.3 +libressl/man/man3/X509_STORE_CTX_get1_issuer.3 +libressl/man/man3/X509_STORE_CTX_get_app_data.3 +libressl/man/man3/X509_STORE_CTX_get_by_subject.3 +libressl/man/man3/X509_STORE_CTX_get_chain.3 libressl/man/man3/X509_STORE_CTX_get_current_cert.3 libressl/man/man3/X509_STORE_CTX_get_error.3 libressl/man/man3/X509_STORE_CTX_get_error_depth.3 libressl/man/man3/X509_STORE_CTX_get_ex_data.3 libressl/man/man3/X509_STORE_CTX_get_ex_new_index.3 +libressl/man/man3/X509_STORE_CTX_get_explicit_policy.3 +libressl/man/man3/X509_STORE_CTX_get_num_untrusted.3 +libressl/man/man3/X509_STORE_CTX_get_obj_by_subject.3 +libressl/man/man3/X509_STORE_CTX_get_verify.3 +libressl/man/man3/X509_STORE_CTX_get_verify_cb.3 libressl/man/man3/X509_STORE_CTX_init.3 libressl/man/man3/X509_STORE_CTX_new.3 +libressl/man/man3/X509_STORE_CTX_purpose_inherit.3 libressl/man/man3/X509_STORE_CTX_set0_crls.3 libressl/man/man3/X509_STORE_CTX_set0_param.3 libressl/man/man3/X509_STORE_CTX_set0_trusted_stack.3 libressl/man/man3/X509_STORE_CTX_set0_untrusted.3 +libressl/man/man3/X509_STORE_CTX_set0_verified_chain.3 +libressl/man/man3/X509_STORE_CTX_set_app_data.3 libressl/man/man3/X509_STORE_CTX_set_cert.3 libressl/man/man3/X509_STORE_CTX_set_chain.3 +libressl/man/man3/X509_STORE_CTX_set_current_cert.3 libressl/man/man3/X509_STORE_CTX_set_default.3 +libressl/man/man3/X509_STORE_CTX_set_depth.3 libressl/man/man3/X509_STORE_CTX_set_error.3 +libressl/man/man3/X509_STORE_CTX_set_error_depth.3 libressl/man/man3/X509_STORE_CTX_set_ex_data.3 +libressl/man/man3/X509_STORE_CTX_set_flags.3 +libressl/man/man3/X509_STORE_CTX_set_purpose.3 +libressl/man/man3/X509_STORE_CTX_set_time.3 +libressl/man/man3/X509_STORE_CTX_set_trust.3 +libressl/man/man3/X509_STORE_CTX_set_verify.3 libressl/man/man3/X509_STORE_CTX_set_verify_cb.3 libressl/man/man3/X509_STORE_CTX_trusted_stack.3 libressl/man/man3/X509_STORE_add_cert.3 libressl/man/man3/X509_STORE_add_crl.3 +libressl/man/man3/X509_STORE_add_lookup.3 libressl/man/man3/X509_STORE_free.3 libressl/man/man3/X509_STORE_get0_objects.3 +libressl/man/man3/X509_STORE_get0_param.3 +libressl/man/man3/X509_STORE_get1_certs.3 +libressl/man/man3/X509_STORE_get1_crls.3 +libressl/man/man3/X509_STORE_get_by_subject.3 libressl/man/man3/X509_STORE_get_ex_data.3 libressl/man/man3/X509_STORE_get_ex_new_index.3 libressl/man/man3/X509_STORE_load_locations.3 +libressl/man/man3/X509_STORE_load_mem.3 libressl/man/man3/X509_STORE_new.3 libressl/man/man3/X509_STORE_set1_param.3 libressl/man/man3/X509_STORE_set_default_paths.3 @@ -2218,6 +2803,16 @@ libressl/man/man3/X509_STORE_set_trust.3 libressl/man/man3/X509_STORE_set_verify_cb.3 libressl/man/man3/X509_STORE_set_verify_cb_func.3 libressl/man/man3/X509_STORE_up_ref.3 +libressl/man/man3/X509_TRUST_add.3 +libressl/man/man3/X509_TRUST_cleanup.3 +libressl/man/man3/X509_TRUST_get0.3 +libressl/man/man3/X509_TRUST_get0_name.3 +libressl/man/man3/X509_TRUST_get_by_id.3 +libressl/man/man3/X509_TRUST_get_count.3 +libressl/man/man3/X509_TRUST_get_flags.3 +libressl/man/man3/X509_TRUST_get_trust.3 +libressl/man/man3/X509_TRUST_set.3 +libressl/man/man3/X509_TRUST_set_default.3 libressl/man/man3/X509_VAL_free.3 libressl/man/man3/X509_VAL_new.3 libressl/man/man3/X509_VERIFY_PARAM_add0_policy.3 @@ -2231,14 +2826,18 @@ libressl/man/man3/X509_VERIFY_PARAM_get0 libressl/man/man3/X509_VERIFY_PARAM_get_count.3 libressl/man/man3/X509_VERIFY_PARAM_get_depth.3 libressl/man/man3/X509_VERIFY_PARAM_get_flags.3 +libressl/man/man3/X509_VERIFY_PARAM_get_time.3 +libressl/man/man3/X509_VERIFY_PARAM_inherit.3 libressl/man/man3/X509_VERIFY_PARAM_lookup.3 libressl/man/man3/X509_VERIFY_PARAM_new.3 +libressl/man/man3/X509_VERIFY_PARAM_set1.3 libressl/man/man3/X509_VERIFY_PARAM_set1_email.3 libressl/man/man3/X509_VERIFY_PARAM_set1_host.3 libressl/man/man3/X509_VERIFY_PARAM_set1_ip.3 libressl/man/man3/X509_VERIFY_PARAM_set1_ip_asc.3 libressl/man/man3/X509_VERIFY_PARAM_set1_name.3 libressl/man/man3/X509_VERIFY_PARAM_set1_policies.3 +libressl/man/man3/X509_VERIFY_PARAM_set_auth_level.3 libressl/man/man3/X509_VERIFY_PARAM_set_depth.3 libressl/man/man3/X509_VERIFY_PARAM_set_flags.3 libressl/man/man3/X509_VERIFY_PARAM_set_hostflags.3 @@ -2247,7 +2846,11 @@ libressl/man/man3/X509_VERIFY_PARAM_set_ libressl/man/man3/X509_VERIFY_PARAM_set_trust.3 libressl/man/man3/X509_VERIFY_PARAM_table_cleanup.3 libressl/man/man3/X509_add1_ext_i2d.3 +libressl/man/man3/X509_add1_reject_object.3 +libressl/man/man3/X509_add1_trust_object.3 libressl/man/man3/X509_add_ext.3 +libressl/man/man3/X509_alias_get0.3 +libressl/man/man3/X509_alias_set1.3 libressl/man/man3/X509_chain_up_ref.3 libressl/man/man3/X509_check_ca.3 libressl/man/man3/X509_check_email.3 @@ -2256,18 +2859,35 @@ libressl/man/man3/X509_check_ip.3 libressl/man/man3/X509_check_ip_asc.3 libressl/man/man3/X509_check_issued.3 libressl/man/man3/X509_check_private_key.3 +libressl/man/man3/X509_check_purpose.3 +libressl/man/man3/X509_check_trust.3 +libressl/man/man3/X509_cmp.3 libressl/man/man3/X509_cmp_current_time.3 libressl/man/man3/X509_cmp_time.3 libressl/man/man3/X509_delete_ext.3 libressl/man/man3/X509_digest.3 +libressl/man/man3/X509_dup.3 +libressl/man/man3/X509_email_free.3 +libressl/man/man3/X509_extract_key.3 +libressl/man/man3/X509_find_by_issuer_and_serial.3 +libressl/man/man3/X509_find_by_subject.3 libressl/man/man3/X509_free.3 libressl/man/man3/X509_get0_extensions.3 libressl/man/man3/X509_get0_notAfter.3 libressl/man/man3/X509_get0_notBefore.3 libressl/man/man3/X509_get0_pubkey.3 +libressl/man/man3/X509_get0_pubkey_bitstr.3 +libressl/man/man3/X509_get0_serialNumber.3 libressl/man/man3/X509_get0_signature.3 libressl/man/man3/X509_get0_tbs_sigalg.3 +libressl/man/man3/X509_get1_email.3 +libressl/man/man3/X509_get1_ocsp.3 libressl/man/man3/X509_get_X509_PUBKEY.3 +libressl/man/man3/X509_get_default_cert_area.3 +libressl/man/man3/X509_get_default_cert_dir.3 +libressl/man/man3/X509_get_default_cert_dir_env.3 +libressl/man/man3/X509_get_default_cert_file.3 +libressl/man/man3/X509_get_default_cert_file_env.3 libressl/man/man3/X509_get_ex_data.3 libressl/man/man3/X509_get_ex_new_index.3 libressl/man/man3/X509_get_ext.3 @@ -2276,35 +2896,85 @@ libressl/man/man3/X509_get_ext_by_OBJ.3 libressl/man/man3/X509_get_ext_by_critical.3 libressl/man/man3/X509_get_ext_count.3 libressl/man/man3/X509_get_ext_d2i.3 +libressl/man/man3/X509_get_extended_key_usage.3 +libressl/man/man3/X509_get_extension_flags.3 libressl/man/man3/X509_get_issuer_name.3 +libressl/man/man3/X509_get_key_usage.3 +libressl/man/man3/X509_get_notAfter.3 +libressl/man/man3/X509_get_notBefore.3 libressl/man/man3/X509_get_pubkey.3 +libressl/man/man3/X509_get_pubkey_parameters.3 libressl/man/man3/X509_get_serialNumber.3 libressl/man/man3/X509_get_signature_nid.3 +libressl/man/man3/X509_get_signature_type.3 libressl/man/man3/X509_get_subject_name.3 libressl/man/man3/X509_get_version.3 libressl/man/man3/X509_getm_notAfter.3 libressl/man/man3/X509_getm_notBefore.3 +libressl/man/man3/X509_gmtime_adj.3 +libressl/man/man3/X509_issuer_and_serial_cmp.3 +libressl/man/man3/X509_issuer_name_cmp.3 +libressl/man/man3/X509_issuer_name_hash.3 +libressl/man/man3/X509_issuer_name_hash_old.3 +libressl/man/man3/X509_keyid_get0.3 +libressl/man/man3/X509_keyid_set1.3 libressl/man/man3/X509_load_cert_crl_file.3 libressl/man/man3/X509_load_cert_file.3 libressl/man/man3/X509_load_crl_file.3 libressl/man/man3/X509_new.3 +libressl/man/man3/X509_ocspid_print.3 +libressl/man/man3/X509_policy_check.3 +libressl/man/man3/X509_policy_level_get0_node.3 +libressl/man/man3/X509_policy_level_node_count.3 +libressl/man/man3/X509_policy_node_get0_parent.3 +libressl/man/man3/X509_policy_node_get0_policy.3 +libressl/man/man3/X509_policy_node_get0_qualifiers.3 +libressl/man/man3/X509_policy_tree_free.3 +libressl/man/man3/X509_policy_tree_get0_level.3 +libressl/man/man3/X509_policy_tree_get0_policies.3 +libressl/man/man3/X509_policy_tree_get0_user_policies.3 +libressl/man/man3/X509_policy_tree_level_count.3 +libressl/man/man3/X509_print.3 +libressl/man/man3/X509_print_ex.3 +libressl/man/man3/X509_print_ex_fp.3 +libressl/man/man3/X509_print_fp.3 libressl/man/man3/X509_pubkey_digest.3 +libressl/man/man3/X509_reject_clear.3 libressl/man/man3/X509_set1_notAfter.3 libressl/man/man3/X509_set1_notBefore.3 libressl/man/man3/X509_set_ex_data.3 libressl/man/man3/X509_set_issuer_name.3 +libressl/man/man3/X509_set_notAfter.3 +libressl/man/man3/X509_set_notBefore.3 libressl/man/man3/X509_set_pubkey.3 libressl/man/man3/X509_set_serialNumber.3 libressl/man/man3/X509_set_subject_name.3 libressl/man/man3/X509_set_version.3 libressl/man/man3/X509_sign.3 libressl/man/man3/X509_sign_ctx.3 +libressl/man/man3/X509_signature_dump.3 +libressl/man/man3/X509_signature_print.3 +libressl/man/man3/X509_subject_name_cmp.3 +libressl/man/man3/X509_subject_name_hash.3 +libressl/man/man3/X509_subject_name_hash_old.3 libressl/man/man3/X509_time_adj.3 libressl/man/man3/X509_time_adj_ex.3 +libressl/man/man3/X509_to_X509_REQ.3 +libressl/man/man3/X509_trust_clear.3 libressl/man/man3/X509_up_ref.3 libressl/man/man3/X509_verify.3 libressl/man/man3/X509_verify_cert.3 libressl/man/man3/X509_verify_cert_error_string.3 +libressl/man/man3/X509at_add1_attr.3 +libressl/man/man3/X509at_add1_attr_by_NID.3 +libressl/man/man3/X509at_add1_attr_by_OBJ.3 +libressl/man/man3/X509at_add1_attr_by_txt.3 +libressl/man/man3/X509at_delete_attr.3 +libressl/man/man3/X509at_get0_data_by_OBJ.3 +libressl/man/man3/X509at_get_attr.3 +libressl/man/man3/X509at_get_attr_by_NID.3 +libressl/man/man3/X509at_get_attr_by_OBJ.3 +libressl/man/man3/X509at_get_attr_count.3 libressl/man/man3/X509v3_add_ext.3 libressl/man/man3/X509v3_delete_ext.3 libressl/man/man3/X509v3_get_ext.3 @@ -2312,7 +2982,11 @@ libressl/man/man3/X509v3_get_ext_by_NID. libressl/man/man3/X509v3_get_ext_by_OBJ.3 libressl/man/man3/X509v3_get_ext_by_critical.3 libressl/man/man3/X509v3_get_ext_count.3 -libressl/man/man3/bio_info_cb.3 +libressl/man/man3/a2d_ASN1_OBJECT.3 +libressl/man/man3/a2i_ASN1_ENUMERATED.3 +libressl/man/man3/a2i_ASN1_INTEGER.3 +libressl/man/man3/a2i_ASN1_STRING.3 +libressl/man/man3/asn1_ps_func.3 libressl/man/man3/bn_add_words.3 libressl/man/man3/bn_check_top.3 libressl/man/man3/bn_cmp_words.3 @@ -2331,7 +3005,6 @@ libressl/man/man3/bn_mul_normal.3 libressl/man/man3/bn_mul_part_recursive.3 libressl/man/man3/bn_mul_recursive.3 libressl/man/man3/bn_mul_words.3 -${PLIST.man}libressl/man/man3/bn_print.3 libressl/man/man3/bn_set_high.3 libressl/man/man3/bn_set_low.3 libressl/man/man3/bn_set_max.3 @@ -2342,6 +3015,7 @@ libressl/man/man3/bn_sqr_recursive.3 libressl/man/man3/bn_sqr_words.3 libressl/man/man3/bn_sub_words.3 libressl/man/man3/bn_wexpand.3 +libressl/man/man3/check_defer.3 libressl/man/man3/client_cert_cb.3 libressl/man/man3/crypto.3 libressl/man/man3/d2i_ACCESS_DESCRIPTION.3 @@ -2372,6 +3046,9 @@ libressl/man/man3/d2i_AUTHORITY_KEYID.3 libressl/man/man3/d2i_AutoPrivateKey.3 libressl/man/man3/d2i_BASIC_CONSTRAINTS.3 libressl/man/man3/d2i_CERTIFICATEPOLICIES.3 +libressl/man/man3/d2i_CMS_ContentInfo.3 +libressl/man/man3/d2i_CMS_ReceiptRequest.3 +libressl/man/man3/d2i_CMS_bio.3 libressl/man/man3/d2i_CRL_DIST_POINTS.3 libressl/man/man3/d2i_DHparams.3 libressl/man/man3/d2i_DIRECTORYSTRING.3 @@ -2387,6 +3064,8 @@ libressl/man/man3/d2i_DSA_PUBKEY_bio.3 libressl/man/man3/d2i_DSA_PUBKEY_fp.3 libressl/man/man3/d2i_DSA_SIG.3 libressl/man/man3/d2i_DSAparams.3 +libressl/man/man3/d2i_DSAparams_bio.3 +libressl/man/man3/d2i_DSAparams_fp.3 libressl/man/man3/d2i_ECDSA_SIG.3 libressl/man/man3/d2i_ECPKParameters.3 libressl/man/man3/d2i_ECPKParameters_bio.3 @@ -2491,6 +3170,7 @@ libressl/man/man3/d2i_TS_TST_INFO_fp.3 libressl/man/man3/d2i_USERNOTICE.3 libressl/man/man3/d2i_X509.3 libressl/man/man3/d2i_X509_ALGOR.3 +libressl/man/man3/d2i_X509_ALGORS.3 libressl/man/man3/d2i_X509_ATTRIBUTE.3 libressl/man/man3/d2i_X509_AUX.3 libressl/man/man3/d2i_X509_CERT_AUX.3 @@ -2503,6 +3183,7 @@ libressl/man/man3/d2i_X509_EXTENSION.3 libressl/man/man3/d2i_X509_EXTENSIONS.3 libressl/man/man3/d2i_X509_NAME.3 libressl/man/man3/d2i_X509_NAME_ENTRY.3 +libressl/man/man3/d2i_X509_PUBKEY.3 libressl/man/man3/d2i_X509_REQ.3 libressl/man/man3/d2i_X509_REQ_INFO.3 libressl/man/man3/d2i_X509_REQ_bio.3 @@ -2512,9 +3193,9 @@ libressl/man/man3/d2i_X509_SIG.3 libressl/man/man3/d2i_X509_VAL.3 libressl/man/man3/d2i_X509_bio.3 libressl/man/man3/d2i_X509_fp.3 +libressl/man/man3/d2i_of_void.3 libressl/man/man3/des_read_pw.3 libressl/man/man3/des_read_pw_string.3 -libressl/man/man3/engine.3 libressl/man/man3/evp.3 libressl/man/man3/get_rfc2409_prime_1024.3 libressl/man/man3/get_rfc2409_prime_768.3 @@ -2525,6 +3206,10 @@ libressl/man/man3/get_rfc3526_prime_4096 libressl/man/man3/get_rfc3526_prime_6144.3 libressl/man/man3/get_rfc3526_prime_8192.3 libressl/man/man3/get_session_cb.3 +libressl/man/man3/i2a_ASN1_ENUMERATED.3 +libressl/man/man3/i2a_ASN1_INTEGER.3 +libressl/man/man3/i2a_ASN1_OBJECT.3 +libressl/man/man3/i2a_ASN1_STRING.3 libressl/man/man3/i2d_ACCESS_DESCRIPTION.3 libressl/man/man3/i2d_ASN1_BIT_STRING.3 libressl/man/man3/i2d_ASN1_BMPSTRING.3 @@ -2547,10 +3232,15 @@ libressl/man/man3/i2d_ASN1_UNIVERSALSTRI libressl/man/man3/i2d_ASN1_UTCTIME.3 libressl/man/man3/i2d_ASN1_UTF8STRING.3 libressl/man/man3/i2d_ASN1_VISIBLESTRING.3 +libressl/man/man3/i2d_ASN1_bio_stream.3 libressl/man/man3/i2d_AUTHORITY_INFO_ACCESS.3 libressl/man/man3/i2d_AUTHORITY_KEYID.3 libressl/man/man3/i2d_BASIC_CONSTRAINTS.3 libressl/man/man3/i2d_CERTIFICATEPOLICIES.3 +libressl/man/man3/i2d_CMS_ContentInfo.3 +libressl/man/man3/i2d_CMS_ReceiptRequest.3 +libressl/man/man3/i2d_CMS_bio.3 +libressl/man/man3/i2d_CMS_bio_stream.3 libressl/man/man3/i2d_CRL_DIST_POINTS.3 libressl/man/man3/i2d_DHparams.3 libressl/man/man3/i2d_DIRECTORYSTRING.3 @@ -2566,6 +3256,8 @@ libressl/man/man3/i2d_DSA_PUBKEY_bio.3 libressl/man/man3/i2d_DSA_PUBKEY_fp.3 libressl/man/man3/i2d_DSA_SIG.3 libressl/man/man3/i2d_DSAparams.3 +libressl/man/man3/i2d_DSAparams_bio.3 +libressl/man/man3/i2d_DSAparams_fp.3 libressl/man/man3/i2d_ECDSA_SIG.3 libressl/man/man3/i2d_ECPKParameters.3 libressl/man/man3/i2d_ECPKParameters_bio.3 @@ -2643,6 +3335,8 @@ libressl/man/man3/i2d_PUBKEY.3 libressl/man/man3/i2d_PUBKEY_bio.3 libressl/man/man3/i2d_PUBKEY_fp.3 libressl/man/man3/i2d_PrivateKey.3 +libressl/man/man3/i2d_PrivateKey_bio.3 +libressl/man/man3/i2d_PrivateKey_fp.3 libressl/man/man3/i2d_PublicKey.3 libressl/man/man3/i2d_RSAPrivateKey.3 libressl/man/man3/i2d_RSAPrivateKey_bio.3 @@ -2674,6 +3368,7 @@ libressl/man/man3/i2d_TS_TST_INFO_fp.3 libressl/man/man3/i2d_USERNOTICE.3 libressl/man/man3/i2d_X509.3 libressl/man/man3/i2d_X509_ALGOR.3 +libressl/man/man3/i2d_X509_ALGORS.3 libressl/man/man3/i2d_X509_ATTRIBUTE.3 libressl/man/man3/i2d_X509_AUX.3 libressl/man/man3/i2d_X509_CERT_AUX.3 @@ -2686,6 +3381,7 @@ libressl/man/man3/i2d_X509_EXTENSION.3 libressl/man/man3/i2d_X509_EXTENSIONS.3 libressl/man/man3/i2d_X509_NAME.3 libressl/man/man3/i2d_X509_NAME_ENTRY.3 +libressl/man/man3/i2d_X509_PUBKEY.3 libressl/man/man3/i2d_X509_REQ.3 libressl/man/man3/i2d_X509_REQ_INFO.3 libressl/man/man3/i2d_X509_REQ_bio.3 @@ -2695,6 +3391,9 @@ libressl/man/man3/i2d_X509_SIG.3 libressl/man/man3/i2d_X509_VAL.3 libressl/man/man3/i2d_X509_bio.3 libressl/man/man3/i2d_X509_fp.3 +libressl/man/man3/i2d_re_X509_CRL_tbs.3 +libressl/man/man3/i2d_re_X509_REQ_tbs.3 +libressl/man/man3/i2d_re_X509_tbs.3 libressl/man/man3/i2o_ECPublicKey.3 libressl/man/man3/i2t_ASN1_OBJECT.3 libressl/man/man3/lh__delete.3 @@ -2719,10 +3418,12 @@ libressl/man/man3/lh_node_usage_stats_bi libressl/man/man3/lh_retrieve.3 libressl/man/man3/lh_stats.3 libressl/man/man3/lh_stats_bio.3 +libressl/man/man3/lh_strhash.3 libressl/man/man3/mul.3 libressl/man/man3/mul_add.3 libressl/man/man3/new_session_cb.3 libressl/man/man3/o2i_ECPublicKey.3 +libressl/man/man3/obj_cleanup_defer.3 libressl/man/man3/pem_password_cb.3 libressl/man/man3/remove_session_cb.3 libressl/man/man3/sk_delete.3 @@ -2799,6 +3500,7 @@ libressl/man/man3/tls_config_verify_clie libressl/man/man3/tls_configure.3 libressl/man/man3/tls_conn_alpn_selected.3 libressl/man/man3/tls_conn_cipher.3 +libressl/man/man3/tls_conn_cipher_strength.3 libressl/man/man3/tls_conn_servername.3 libressl/man/man3/tls_conn_session_resumed.3 libressl/man/man3/tls_conn_version.3 @@ -2807,6 +3509,7 @@ libressl/man/man3/tls_connect_cbs.3 libressl/man/man3/tls_connect_fds.3 libressl/man/man3/tls_connect_servername.3 libressl/man/man3/tls_connect_socket.3 +libressl/man/man3/tls_default_ca_cert_file.3 libressl/man/man3/tls_error.3 libressl/man/man3/tls_free.3 libressl/man/man3/tls_handshake.3 @@ -2825,7 +3528,7 @@ libressl/man/man3/tls_peer_ocsp_cert_sta libressl/man/man3/tls_peer_ocsp_crl_reason.3 libressl/man/man3/tls_peer_ocsp_next_update.3 libressl/man/man3/tls_peer_ocsp_response_status.3 -libressl/man/man3/tls_peer_ocsp_result_msg.3 +libressl/man/man3/tls_peer_ocsp_result.3 libressl/man/man3/tls_peer_ocsp_revocation_time.3 libressl/man/man3/tls_peer_ocsp_this_update.3 libressl/man/man3/tls_peer_ocsp_url.3 @@ -2835,8 +3538,22 @@ libressl/man/man3/tls_server.3 libressl/man/man3/tls_unload_file.3 libressl/man/man3/tls_write.3 libressl/man/man3/verify_callback.3 +libressl/man/man3/x509_verify.3 +libressl/man/man3/x509_verify_ctx_chain.3 +libressl/man/man3/x509_verify_ctx_error_depth.3 +libressl/man/man3/x509_verify_ctx_error_string.3 +libressl/man/man3/x509_verify_ctx_free.3 +libressl/man/man3/x509_verify_ctx_new.3 +libressl/man/man3/x509_verify_ctx_set_intermediates.3 +libressl/man/man3/x509_verify_ctx_set_max_chains.3 +libressl/man/man3/x509_verify_ctx_set_max_depth.3 +libressl/man/man3/x509_verify_ctx_set_max_signatures.3 +libressl/man/man3/x509_verify_ctx_set_purpose.3 libressl/man/man5/openssl.cnf.5 libressl/man/man5/x509v3.cnf.5 +libressl/man/man8/ocspcheck.8 libressl/share/examples/libressl/cert.pem libressl/share/examples/libressl/openssl.cnf libressl/share/examples/libressl/x509v3.cnf +@pkgdir lib +@pkgdir etc Index: pkgsrc/security/libressl/buildlink3.mk diff -u pkgsrc/security/libressl/buildlink3.mk:1.4 pkgsrc/security/libressl/buildlink3.mk:1.5 --- pkgsrc/security/libressl/buildlink3.mk:1.4 Thu Nov 26 15:49:58 2020 +++ pkgsrc/security/libressl/buildlink3.mk Wed Apr 5 10:58:40 2023 @@ -1,11 +1,11 @@ -# $NetBSD: buildlink3.mk,v 1.4 2020/11/26 15:49:58 schmonz Exp $ +# $NetBSD: buildlink3.mk,v 1.5 2023/04/05 10:58:40 nikita Exp $ BUILDLINK_TREE+= libressl .if !defined(LIBRESSL_BUILDLINK3_MK) LIBRESSL_BUILDLINK3_MK:= -BUILDLINK_API_DEPENDS.libressl+= libressl>=2.7.4nb1 +BUILDLINK_API_DEPENDS.libressl+= libressl>=3.6.2 BUILDLINK_PKGSRCDIR.libressl?= ../../security/libressl BUILDLINK_INCDIRS.libressl+= libressl/include Index: pkgsrc/security/libressl/distinfo diff -u pkgsrc/security/libressl/distinfo:1.12 pkgsrc/security/libressl/distinfo:1.13 --- pkgsrc/security/libressl/distinfo:1.12 Tue Oct 26 11:17:15 2021 +++ pkgsrc/security/libressl/distinfo Wed Apr 5 10:58:40 2023 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.12 2021/10/26 11:17:15 nia Exp $ +$NetBSD: distinfo,v 1.13 2023/04/05 10:58:40 nikita Exp $ -BLAKE2s (libressl-2.7.4.tar.gz) = 450fe9a320778c0ca8ab911c5cb0ad46ee43745148d89a107754b9dc42ecce0c -SHA512 (libressl-2.7.4.tar.gz) = 1cd82a1bff4f655251b5feb0c850f4164e0fd548e4b404407370f74dcc75c205f42efc7787a157eecac84cbbe46af48cb63f46b3fef75f4a0a9ea19a5863a691 -Size (libressl-2.7.4.tar.gz) = 3359012 bytes +BLAKE2s (libressl-3.6.2.tar.gz) = b6ca4495a01b4460c6391bfe64744fc12663cd87dcdc9df9d1646b62cc74442d +SHA512 (libressl-3.6.2.tar.gz) = 8fc81e05d1c9f9259d06508ca97d5a1ba5d46b857088c273c20e6b242921f7eac58a1136564ad9831c923758ee63f7b0897c8c6c7b1e53ab8132a995cc559aeb +Size (libressl-3.6.2.tar.gz) = 4239482 bytes SHA1 (patch-configure) = ea5d34736afbb126254e7cbb4b44915b1484b4c9 --_----------=_168069232087460--