diff options
Diffstat (limited to 'security/openssl31-quictls')
| -rw-r--r-- | security/openssl31-quictls/Makefile | 195 | ||||
| -rw-r--r-- | security/openssl31-quictls/distinfo | 3 | ||||
| -rw-r--r-- | security/openssl31-quictls/files/extra-patch-util_find-doc-nits | 20 | ||||
| -rw-r--r-- | security/openssl31-quictls/files/patch-CVE-2024-9143 | 198 | ||||
| -rw-r--r-- | security/openssl31-quictls/pkg-descr | 8 | ||||
| -rw-r--r-- | security/openssl31-quictls/pkg-message | 20 | ||||
| -rw-r--r-- | security/openssl31-quictls/pkg-plist | 276 | ||||
| -rw-r--r-- | security/openssl31-quictls/version.mk | 1 |
8 files changed, 0 insertions, 721 deletions
diff --git a/security/openssl31-quictls/Makefile b/security/openssl31-quictls/Makefile deleted file mode 100644 index f6b137be1d18..000000000000 --- a/security/openssl31-quictls/Makefile +++ /dev/null @@ -1,195 +0,0 @@ -PORTNAME= openssl -DISTVERSIONPREFIX= ${PORTNAME}- -PORTVERSION= 3.1.7 -PORTREVISION= 1 -DISTVERSIONSUFFIX= -quic1 -CATEGORIES= security devel -PKGNAMESUFFIX= 31-quictls - -MAINTAINER= brnrd@FreeBSD.org -COMMENT= QUIC capable fork of OpenSSL -WWW= https://www.github.com/quictls/openssl - -DEPRECATED= End-of-Life, please switch to security/quictls or OpenSSL 3.5 -EXPIRATION_DATE= 2025-03-14 - -LICENSE= APACHE20 -LICENSE_FILE= ${WRKSRC}/LICENSE.txt - -CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3* openssl-quictls openssl33-quictls - -BROKEN_i386= ld: error: undefined symbol: __atomic_is_lock_free - -HAS_CONFIGURE= yes -CONFIGURE_SCRIPT= config -CONFIGURE_ENV= PERL="${PERL}" -CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ - --prefix=${PREFIX} - -USES= cpe perl5 -USE_PERL5= build -USE_GITHUB= yes -GH_ACCOUNT= ${PKGNAMESUFFIX:C/.*-//} - -TEST_TARGET= test - -LDFLAGS_i386= -Wl,-znotext - -MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" -MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= - -EXTRA_PATCHES+= ${.CURDIR}/../openssl/files/patch-crypto_async_arch_async__posix.h - -OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS -OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS -OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 -OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS -OPTIONS_GROUP_MODULES= FIPS LEGACY -OPTIONS_DEFINE_i386= I386 -OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 - -OPTIONS_DEFINE= ASYNC CT KTLS MAN3 RFC3779 SHARED ZLIB - -OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \ - RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 - -OPTIONS_EXCLUDE_i386= FIPS - -OPTIONS_GROUP_OPTIMIZE_amd64= EC - -.if ${MACHINE_ARCH} == "amd64" -OPTIONS_GROUP_OPTIMIZE+= EC -.elif ${MACHINE_ARCH} == "mips64el" -OPTIONS_GROUP_OPTIMIZE+= EC -.endif - -OPTIONS_SUB= yes - -ARIA_DESC= ARIA (South Korean standard) -ASM_DESC= Assembler code -ASYNC_DESC= Asynchronous mode -CIPHERS_DESC= Block Cipher Support -CT_DESC= Certificate Transparency Support -DES_DESC= (Triple) Data Encryption Standard -EC_DESC= Optimize NIST elliptic curves -FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) -GOST_DESC= GOST (Russian standard) -HASHES_DESC= Hash Function Support -I386_DESC= i386 (instead of i486+) -IDEA_DESC= International Data Encryption Algorithm -KTLS_DESC= Use in-kernel TLS -LEGACY_DESC= Older algorithms -MAN3_DESC= Install API manpages (section 3, 7) -MD2_DESC= MD2 (obsolete) (requires LEGACY) -MD4_DESC= MD4 (unsafe) -MDC2_DESC= MDC-2 (patented, requires DES) -MODULES_DESC= Provider modules -NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) -OPTIMIZE_DESC= Optimizations -PROTOCOLS_DESC= Protocol Support -RC2_DESC= RC2 (unsafe) -RC4_DESC= RC4 (unsafe) -RC5_DESC= RC5 (patented) -RMD160_DESC= RIPEMD-160 -RFC3779_DESC= RFC3779 support (BGP) -SCTP_DESC= SCTP (Stream Control Transmission) -SHARED_DESC= Build shared libraries -SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) -SM3_DESC= SM3 256bit (Chinese standard) -SM4_DESC= SM4 128bit (Chinese standard) -SSE2_DESC= Runtime SSE2 detection -SSL3_DESC= SSLv3 (unsafe) -TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) -TLS1_1_DESC= TLSv1.1 (requires TLS1_2) -TLS1_2_DESC= TLSv1.2 -WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) - -# Upstream default disabled options -.for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib -${_option:tu}_CONFIGURE_ON= enable-${_option} -.endfor - -# Upstream default enabled options -.for _option in aria asm async ct des gost idea md4 mdc2 legacy \ - nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \ - threads tls1 tls1_1 tls1_2 -${_option:tu}_CONFIGURE_OFF= no-${_option} -.endfor - -MD2_IMPLIES= LEGACY -MDC2_IMPLIES= DES -TLS1_IMPLIES= TLS1_1 -TLS1_1_IMPLIES= TLS1_2 - -EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 -FIPS_VARS= shlibs+=lib/ossl-modules/fips.so -I386_CONFIGURE_ON= 386 -LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so -MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits -SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_USE= ldconfig=yes -SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ - lib/libssl.so.${OPENSSL_SHLIBVER} \ - lib/engines-${OPENSSL_SHLIBVER}/capi.so \ - lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ - lib/engines-${OPENSSL_SHLIBVER}/padlock.so" -SSL3_CONFIGURE_ON+= enable-ssl3-method -ZLIB_CONFIGURE_ON= zlib-dynamic - -SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so - -PORTSCOUT= limit:^${DISTVERSION:R:S/./\./g}\. - -.include <bsd.port.options.mk> - -.if ${ARCH} == powerpc64 -CONFIGURE_ARGS+= BSD-ppc64 -.elif ${ARCH} == powerpc64le -CONFIGURE_ARGS+= BSD-ppc64le -.elif ${ARCH} == riscv64 -CONFIGURE_ARGS+= BSD-riscv64 -.endif - -.include <bsd.port.pre.mk> -.if ${PREFIX} == /usr -IGNORE= the OpenSSL port can not be installed over the base version -.endif - -OPENSSLDIR?= ${PREFIX}/openssl -PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} - -.include "version.mk" - -post-patch: - ${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/share/man|' \ - -e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ - ${WRKSRC}/Configurations/unix-Makefile.tmpl - ${REINPLACE_CMD} 's|SHLIB_VERSION=81.3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ - ${WRKSRC}/VERSION.dat - -post-configure: - ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) - -post-configure-MAN3-off: - ${REINPLACE_CMD} \ - -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ - -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ - ${WRKSRC}/Makefile - -post-install-SHARED-on: -.for i in ${SHLIBS} - -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i -.endfor - -post-install-SHARED-off: - ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-${OPENSSL_SHLIBVER} - -post-install: - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl - -post-install-MAN3-on: - ( cd ${STAGEDIR}/${PREFIX} ; find share/man/man3 -not -type d ; \ - find share/man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} - -.include <bsd.port.post.mk> diff --git a/security/openssl31-quictls/distinfo b/security/openssl31-quictls/distinfo deleted file mode 100644 index 8d0bb64bf68f..000000000000 --- a/security/openssl31-quictls/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1725707938 -SHA256 (quictls-openssl-openssl-3.1.7-quic1_GH0.tar.gz) = e7e514ea033c290f09c7250dd43a845bc1e08066b793274f3ad3fe04c76a5206 -SIZE (quictls-openssl-openssl-3.1.7-quic1_GH0.tar.gz) = 15852595 diff --git a/security/openssl31-quictls/files/extra-patch-util_find-doc-nits b/security/openssl31-quictls/files/extra-patch-util_find-doc-nits deleted file mode 100644 index 947f7447a445..000000000000 --- a/security/openssl31-quictls/files/extra-patch-util_find-doc-nits +++ /dev/null @@ -1,20 +0,0 @@ ---- util/find-doc-nits.orig 2023-08-03 13:45:48 UTC -+++ util/find-doc-nits -@@ -80,7 +80,7 @@ my $temp = '/tmp/docnits.txt'; - my $OUT; - my $status = 0; - --$opt_m = "man1,man3,man5,man7" unless $opt_m; -+$opt_m = "man1,man5" unless $opt_m; - die "Argument of -m option may contain only man1, man3, man5, and/or man7" - unless $opt_m =~ /^(man[1357][, ]?)*$/; - my @sections = ( split /[, ]/, $opt_m ); -@@ -725,7 +725,7 @@ sub check { - next if $target eq ''; # Skip if links within page, or - next if $target =~ /::/; # links to a Perl module, or - next if $target =~ /^https?:/; # is a URL link, or -- next if $target =~ /\([1357]\)$/; # it has a section -+ next if $target =~ /\([15]\)$/; # it has a section - err($id, "Missing man section number (likely, $mansect) in L<$target>") - } - # Check for proper links to commands. diff --git a/security/openssl31-quictls/files/patch-CVE-2024-9143 b/security/openssl31-quictls/files/patch-CVE-2024-9143 deleted file mode 100644 index f36b97f194f7..000000000000 --- a/security/openssl31-quictls/files/patch-CVE-2024-9143 +++ /dev/null @@ -1,198 +0,0 @@ -From fdf6723362ca51bd883295efe206cb5b1cfa5154 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <viktor@openssl.org> -Date: Thu, 19 Sep 2024 01:02:40 +1000 -Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse. - -The BN_GF2m_poly2arr() function converts characteristic-2 field -(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask, -to a compact array with just the exponents of the non-zero terms. - -These polynomials are then used in BN_GF2m_mod_arr() to perform modular -reduction. A precondition of calling BN_GF2m_mod_arr() is that the -polynomial must have a non-zero constant term (i.e. the array has `0` as -its final element). - -Internally, callers of BN_GF2m_poly2arr() did not verify that -precondition, and binary EC curve parameters with an invalid polynomial -could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr(). - -The precondition is always true for polynomials that arise from the -standard form of EC parameters for characteristic-two fields (X9.62). -See the "Finite Field Identification" section of: - - https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html - -The OpenSSL GF(2^m) code supports only the trinomial and pentanomial -basis X9.62 forms. - -This commit updates BN_GF2m_poly2arr() to return `0` (failure) when -the constant term is zero (i.e. the input bitmask BIGNUM is not odd). - -Additionally, the return value is made unambiguous when there is not -enough space to also pad the array with a final `-1` sentinel value. -The return value is now always the number of elements (including the -final `-1`) that would be filled when the output array is sufficiently -large. Previously the same count was returned both when the array has -just enough room for the final `-1` and when it had only enough space -for non-sentinel values. - -Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose -degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against -CPU exhausition attacks via excessively large inputs. - -The above issues do not arise in processing X.509 certificates. These -generally have EC keys from "named curves", and RFC5840 (Section 2.1.1) -disallows explicit EC parameters. The TLS code in OpenSSL enforces this -constraint only after the certificate is decoded, but, even if explicit -parameters are specified, they are in X9.62 form, which cannot represent -problem values as noted above. - -Initially reported as oss-fuzz issue 71623. - -A closely related issue was earlier reported in -<https://github.com/openssl/openssl/issues/19826>. - -Severity: Low, CVE-2024-9143 - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Reviewed-by: Paul Dale <ppzgs1@gmail.com> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/25639) - -(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2) ---- - crypto/bn/bn_gf2m.c | 28 +++++++++++++++------- - test/ec_internal_test.c | 51 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 71 insertions(+), 8 deletions(-) - -diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c -index c811ae82d6b15..bcc66613cc14d 100644 ---- crypto/bn/bn_gf2m.c.orig -+++ crypto/bn/bn_gf2m.c -@@ -15,6 +15,7 @@ - #include "bn_local.h" - - #ifndef OPENSSL_NO_EC2M -+# include <openssl/ec.h> - - /* - * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should -@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - /* - * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * - * x^i) into an array of integers corresponding to the bits with non-zero -- * coefficient. Array is terminated with -1. Up to max elements of the array -- * will be filled. Return value is total number of array elements that would -- * be filled if array was large enough. -+ * coefficient. The array is intended to be suitable for use with -+ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be -+ * zero. This translates to a requirement that the input BIGNUM `a` is odd. -+ * -+ * Given sufficient room, the array is terminated with -1. Up to max elements -+ * of the array will be filled. -+ * -+ * The return value is total number of array elements that would be filled if -+ * array was large enough, including the terminating `-1`. It is `0` when `a` -+ * is not odd or the constant term is zero contrary to requirement. -+ * -+ * The return value is also `0` when the leading exponent exceeds -+ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks, - */ - int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) - { - int i, j, k = 0; - BN_ULONG mask; - -- if (BN_is_zero(a)) -+ if (!BN_is_odd(a)) - return 0; - - for (i = a->top - 1; i >= 0; i--) { -@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) - } - } - -- if (k < max) { -+ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS) -+ return 0; -+ -+ if (k < max) - p[k] = -1; -- k++; -- } - -- return k; -+ return k + 1; - } - - /* -diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c -index 8c2cd05631696..02cfd4e9d8858 100644 ---- test/ec_internal_test.c.orig -+++ test/ec_internal_test.c -@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void) - } - - #ifndef OPENSSL_NO_EC2M -+/* Test that decoding of invalid GF2m field parameters fails. */ -+static int ec2m_field_sanity(void) -+{ -+ int ret = 0; -+ BN_CTX *ctx = BN_CTX_new(); -+ BIGNUM *p, *a, *b; -+ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL; -+ -+ TEST_info("Testing GF2m hardening\n"); -+ -+ BN_CTX_start(ctx); -+ p = BN_CTX_get(ctx); -+ a = BN_CTX_get(ctx); -+ if (!TEST_ptr(b = BN_CTX_get(ctx)) -+ || !TEST_true(BN_one(a)) -+ || !TEST_true(BN_one(b))) -+ goto out; -+ -+ /* Even pentanomial value should be rejected */ -+ if (!TEST_true(BN_set_word(p, 0xf2))) -+ goto out; -+ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) -+ TEST_error("Zero constant term accepted in GF2m polynomial"); -+ -+ /* Odd hexanomial should also be rejected */ -+ if (!TEST_true(BN_set_word(p, 0xf3))) -+ goto out; -+ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) -+ TEST_error("Hexanomial accepted as GF2m polynomial"); -+ -+ /* Excessive polynomial degree should also be rejected */ -+ if (!TEST_true(BN_set_word(p, 0x71)) -+ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1))) -+ goto out; -+ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) -+ TEST_error("GF2m polynomial degree > %d accepted", -+ OPENSSL_ECC_MAX_FIELD_BITS); -+ -+ ret = group1 == NULL && group2 == NULL && group3 == NULL; -+ -+ out: -+ EC_GROUP_free(group1); -+ EC_GROUP_free(group2); -+ EC_GROUP_free(group3); -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ -+ return ret; -+} -+ - /* test EC_GF2m_simple_method directly */ - static int field_tests_ec2_simple(void) - { -@@ -443,6 +493,7 @@ int setup_tests(void) - ADD_TEST(field_tests_ecp_simple); - ADD_TEST(field_tests_ecp_mont); - #ifndef OPENSSL_NO_EC2M -+ ADD_TEST(ec2m_field_sanity); - ADD_TEST(field_tests_ec2_simple); - #endif - ADD_ALL_TESTS(field_tests_default, crv_len); diff --git a/security/openssl31-quictls/pkg-descr b/security/openssl31-quictls/pkg-descr deleted file mode 100644 index 0373df3f0b26..000000000000 --- a/security/openssl31-quictls/pkg-descr +++ /dev/null @@ -1,8 +0,0 @@ -This is a fork of OpenSSL to enable QUIC. This fork adds API that can be -used by QUIC implementations for connection handshakes. - -There is a community need for a QUIC capable TLS library. This fork is -intended as stopgap solution to enable higher level frameworks and runtimes -to use QUIC with the proven and reliable TLS functionality from OpenSSL. -This fork will be maintained until OpenSSL officially provides reasonable -support for QUIC implementations. diff --git a/security/openssl31-quictls/pkg-message b/security/openssl31-quictls/pkg-message deleted file mode 100644 index 7cd49c285a43..000000000000 --- a/security/openssl31-quictls/pkg-message +++ /dev/null @@ -1,20 +0,0 @@ -[ -{ type: install - message: <<EOM - -This QUIC capable OpenSSL fork is in an ALPHA stage - -Do NOT use for production! - -EOM -} -{ type: upgrade - message: <<EOM - -This QUIC capable OpenSSL fork is in an ALPHA stage - -Do NOT use for production! - -EOM -} -] diff --git a/security/openssl31-quictls/pkg-plist b/security/openssl31-quictls/pkg-plist deleted file mode 100644 index 8258642b4355..000000000000 --- a/security/openssl31-quictls/pkg-plist +++ /dev/null @@ -1,276 +0,0 @@ -bin/c_rehash -bin/openssl -include/openssl/aes.h -include/openssl/asn1.h -include/openssl/asn1_mac.h -include/openssl/asn1err.h -include/openssl/asn1t.h -include/openssl/async.h -include/openssl/asyncerr.h -include/openssl/bio.h -include/openssl/bioerr.h -include/openssl/blowfish.h -include/openssl/bn.h -include/openssl/bnerr.h -include/openssl/buffer.h -include/openssl/buffererr.h -include/openssl/camellia.h -include/openssl/cast.h -include/openssl/cmac.h -include/openssl/cmp.h -include/openssl/cmp_util.h -include/openssl/cmperr.h -include/openssl/cms.h -include/openssl/cmserr.h -include/openssl/comp.h -include/openssl/comperr.h -include/openssl/conf.h -include/openssl/conf_api.h -include/openssl/conferr.h -include/openssl/configuration.h -include/openssl/conftypes.h -include/openssl/core.h -include/openssl/core_dispatch.h -include/openssl/core_names.h -include/openssl/core_object.h -include/openssl/crmf.h -include/openssl/crmferr.h -include/openssl/crypto.h -include/openssl/cryptoerr.h -include/openssl/cryptoerr_legacy.h -include/openssl/ct.h -include/openssl/cterr.h -include/openssl/decoder.h -include/openssl/decodererr.h -include/openssl/des.h -include/openssl/dh.h -include/openssl/dherr.h -include/openssl/dsa.h -include/openssl/dsaerr.h -include/openssl/dtls1.h -include/openssl/e_os2.h -include/openssl/ebcdic.h -include/openssl/ec.h -include/openssl/ecdh.h -include/openssl/ecdsa.h -include/openssl/ecerr.h -include/openssl/encoder.h -include/openssl/encodererr.h -include/openssl/engine.h -include/openssl/engineerr.h -include/openssl/err.h -include/openssl/ess.h -include/openssl/esserr.h -include/openssl/evp.h -include/openssl/evperr.h -include/openssl/fips_names.h -include/openssl/fipskey.h -include/openssl/hmac.h -include/openssl/http.h -include/openssl/httperr.h -include/openssl/idea.h -include/openssl/kdf.h -include/openssl/kdferr.h -include/openssl/lhash.h -include/openssl/macros.h -include/openssl/md2.h -include/openssl/md4.h -include/openssl/md5.h -include/openssl/mdc2.h -include/openssl/modes.h -include/openssl/obj_mac.h -include/openssl/objects.h -include/openssl/objectserr.h -include/openssl/ocsp.h -include/openssl/ocsperr.h -include/openssl/opensslconf.h -include/openssl/opensslv.h -include/openssl/ossl_typ.h -include/openssl/param_build.h -include/openssl/params.h -include/openssl/pem.h -include/openssl/pem2.h -include/openssl/pemerr.h -include/openssl/pkcs12.h -include/openssl/pkcs12err.h -include/openssl/pkcs7.h -include/openssl/pkcs7err.h -include/openssl/prov_ssl.h -include/openssl/proverr.h -include/openssl/provider.h -include/openssl/quic.h -include/openssl/rand.h -include/openssl/randerr.h -include/openssl/rc2.h -include/openssl/rc4.h -include/openssl/rc5.h -include/openssl/ripemd.h -include/openssl/rsa.h -include/openssl/rsaerr.h -include/openssl/safestack.h -include/openssl/seed.h -include/openssl/self_test.h -include/openssl/sha.h -include/openssl/srp.h -include/openssl/srtp.h -include/openssl/ssl.h -include/openssl/ssl2.h -include/openssl/ssl3.h -include/openssl/sslerr.h -include/openssl/sslerr_legacy.h -include/openssl/stack.h -include/openssl/store.h -include/openssl/storeerr.h -include/openssl/symhacks.h -include/openssl/tls1.h -include/openssl/trace.h -include/openssl/ts.h -include/openssl/tserr.h -include/openssl/txt_db.h -include/openssl/types.h -include/openssl/ui.h -include/openssl/uierr.h -include/openssl/whrlpool.h -include/openssl/x509.h -include/openssl/x509_vfy.h -include/openssl/x509err.h -include/openssl/x509v3.h -include/openssl/x509v3err.h -%%SHARED%%lib/engines-%%SHLIBVER%%/capi.so -%%SHARED%%lib/engines-%%SHLIBVER%%/devcrypto.so -%%SHARED%%lib/engines-%%SHLIBVER%%/loader_attic.so -%%SHARED%%lib/engines-%%SHLIBVER%%/padlock.so -lib/libcrypto.a -%%SHARED%%lib/libcrypto.so -%%SHARED%%lib/libcrypto.so.%%SHLIBVER%% -lib/libssl.a -%%SHARED%%lib/libssl.so -%%SHARED%%lib/libssl.so.%%SHLIBVER%% -%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so -%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so -libdata/pkgconfig/libcrypto.pc -libdata/pkgconfig/libssl.pc -libdata/pkgconfig/openssl.pc -share/man/man1/CA.pl.1ossl.gz -share/man/man1/asn1parse.1ossl.gz -share/man/man1/c_rehash.1ossl.gz -share/man/man1/ca.1ossl.gz -share/man/man1/ciphers.1ossl.gz -share/man/man1/cms.1ossl.gz -share/man/man1/cmp.1ossl.gz -share/man/man1/crl.1ossl.gz -share/man/man1/crl2pkcs7.1ossl.gz -share/man/man1/dgst.1ossl.gz -share/man/man1/dhparam.1ossl.gz -share/man/man1/dsa.1ossl.gz -share/man/man1/dsaparam.1ossl.gz -share/man/man1/ec.1ossl.gz -share/man/man1/ecparam.1ossl.gz -share/man/man1/enc.1ossl.gz -share/man/man1/engine.1ossl.gz -share/man/man1/errstr.1ossl.gz -share/man/man1/gendsa.1ossl.gz -share/man/man1/genpkey.1ossl.gz -share/man/man1/genrsa.1ossl.gz -share/man/man1/info.1ossl.gz -share/man/man1/kdf.1ossl.gz -share/man/man1/mac.1ossl.gz -share/man/man1/nseq.1ossl.gz -share/man/man1/ocsp.1ossl.gz -share/man/man1/openssl-asn1parse.1ossl.gz -share/man/man1/openssl-ca.1ossl.gz -share/man/man1/openssl-ciphers.1ossl.gz -share/man/man1/openssl-cmds.1ossl.gz -share/man/man1/openssl-cmp.1ossl.gz -share/man/man1/openssl-cms.1ossl.gz -share/man/man1/openssl-crl.1ossl.gz -share/man/man1/openssl-crl2pkcs7.1ossl.gz -share/man/man1/openssl-dgst.1ossl.gz -share/man/man1/openssl-dhparam.1ossl.gz -share/man/man1/openssl-dsa.1ossl.gz -share/man/man1/openssl-dsaparam.1ossl.gz -share/man/man1/openssl-ec.1ossl.gz -share/man/man1/openssl-ecparam.1ossl.gz -share/man/man1/openssl-enc.1ossl.gz -share/man/man1/openssl-engine.1ossl.gz -share/man/man1/openssl-errstr.1ossl.gz -share/man/man1/openssl-fipsinstall.1ossl.gz -share/man/man1/openssl-format-options.1ossl.gz -share/man/man1/openssl-gendsa.1ossl.gz -share/man/man1/openssl-genpkey.1ossl.gz -share/man/man1/openssl-genrsa.1ossl.gz -share/man/man1/openssl-info.1ossl.gz -share/man/man1/openssl-kdf.1ossl.gz -share/man/man1/openssl-list.1ossl.gz -share/man/man1/openssl-mac.1ossl.gz -share/man/man1/openssl-namedisplay-options.1ossl.gz -share/man/man1/openssl-nseq.1ossl.gz -share/man/man1/openssl-ocsp.1ossl.gz -share/man/man1/openssl-passphrase-options.1ossl.gz -share/man/man1/openssl-passwd.1ossl.gz -share/man/man1/openssl-pkcs12.1ossl.gz -share/man/man1/openssl-pkcs7.1ossl.gz -share/man/man1/openssl-pkcs8.1ossl.gz -share/man/man1/openssl-pkey.1ossl.gz -share/man/man1/openssl-pkeyparam.1ossl.gz -share/man/man1/openssl-pkeyutl.1ossl.gz -share/man/man1/openssl-prime.1ossl.gz -share/man/man1/openssl-rand.1ossl.gz -share/man/man1/openssl-rehash.1ossl.gz -share/man/man1/openssl-req.1ossl.gz -share/man/man1/openssl-rsa.1ossl.gz -share/man/man1/openssl-rsautl.1ossl.gz -share/man/man1/openssl-s_client.1ossl.gz -share/man/man1/openssl-s_server.1ossl.gz -share/man/man1/openssl-s_time.1ossl.gz -share/man/man1/openssl-sess_id.1ossl.gz -share/man/man1/openssl-smime.1ossl.gz -share/man/man1/openssl-speed.1ossl.gz -share/man/man1/openssl-spkac.1ossl.gz -share/man/man1/openssl-srp.1ossl.gz -share/man/man1/openssl-storeutl.1ossl.gz -share/man/man1/openssl-ts.1ossl.gz -share/man/man1/openssl-verification-options.1ossl.gz -share/man/man1/openssl-verify.1ossl.gz -share/man/man1/openssl-version.1ossl.gz -share/man/man1/openssl-x509.1ossl.gz -share/man/man1/openssl.1ossl.gz -share/man/man1/passwd.1ossl.gz -share/man/man1/pkcs12.1ossl.gz -share/man/man1/pkcs7.1ossl.gz -share/man/man1/pkcs8.1ossl.gz -share/man/man1/pkey.1ossl.gz -share/man/man1/pkeyparam.1ossl.gz -share/man/man1/pkeyutl.1ossl.gz -share/man/man1/prime.1ossl.gz -share/man/man1/rand.1ossl.gz -share/man/man1/rehash.1ossl.gz -share/man/man1/req.1ossl.gz -share/man/man1/rsa.1ossl.gz -share/man/man1/rsautl.1ossl.gz -share/man/man1/s_client.1ossl.gz -share/man/man1/s_server.1ossl.gz -share/man/man1/s_time.1ossl.gz -share/man/man1/sess_id.1ossl.gz -share/man/man1/smime.1ossl.gz -share/man/man1/speed.1ossl.gz -share/man/man1/spkac.1ossl.gz -share/man/man1/srp.1ossl.gz -share/man/man1/storeutl.1ossl.gz -share/man/man1/ts.1ossl.gz -share/man/man1/tsget.1ossl.gz -share/man/man1/verify.1ossl.gz -share/man/man1/version.1ossl.gz -share/man/man1/x509.1ossl.gz -share/man/man5/config.5ossl.gz -share/man/man5/fips_config.5ossl.gz -share/man/man5/x509v3_config.5ossl.gz -%%OPENSSLDIR%%/misc/CA.pl -@comment %%OPENSSLDIR%%/misc/tsget.pl -%%OPENSSLDIR%%/misc/tsget -@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf -%%FIPS%%%%OPENSSLDIR%%/fipsmodule.cnf -@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf -@dir lib/ossl-modules -@dir %%OPENSSLDIR%%/private -@dir %%OPENSSLDIR%%/certs diff --git a/security/openssl31-quictls/version.mk b/security/openssl31-quictls/version.mk deleted file mode 100644 index 54915616c6b6..000000000000 --- a/security/openssl31-quictls/version.mk +++ /dev/null @@ -1 +0,0 @@ -OPENSSL_SHLIBVER?= 13 |