freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security/openssl31-quictls: Remove port

Browse Source 
Unmaintained upstream version
This commit is contained in:
Bastard Operator from Hell 2025-04-28 14:50:22 +02:00
parent ee5b925b4b
commit c83cd7943d
No known key found for this signature in database
GPG Key ID: BDB9B5A617C0BC91
12 changed files with 3 additions and 721 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.portsignore
View File

@ -5536,6 +5536,7 @@ security/nitrokey-app
security/openconnect-gui security/openconnect-gui
security/opencryptoki security/opencryptoki
security/openssl111 security/openssl111
security/openssl31-quictls
security/openvpn-admin security/openvpn-admin
security/p5-Authen-Simple-SMB security/p5-Authen-Simple-SMB
security/p5-Authen-Smb security/p5-Authen-Smb

1
security/Makefile
View File

@ -389,7 +389,6 @@
SUBDIR += openssl-quictls SUBDIR += openssl-quictls
SUBDIR += openssl-unsafe SUBDIR += openssl-unsafe
SUBDIR += openssl31 SUBDIR += openssl31
SUBDIR += openssl31-quictls
SUBDIR += openssl32 SUBDIR += openssl32
SUBDIR += openssl33 SUBDIR += openssl33
SUBDIR += openssl34 SUBDIR += openssl34

2
security/boringssl/Makefile
View File

@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE
USES= cmake:insource cpe go:no_targets,1.24 localbase perl5 USES= cmake:insource cpe go:no_targets,1.24 localbase perl5
CONFLICTS_INSTALL= libressl libressl-devel openssl \ CONFLICTS_INSTALL= libressl libressl-devel openssl \
openssl3[12345] openssl-quictls openssl31-quictls openssl3[12345] openssl-quictls
CPE_VENDOR= google CPE_VENDOR= google

2
security/openssl-quictls/Makefile
View File

@ -13,7 +13,7 @@ WWW= https://www.github.com/quictls/openssl
LICENSE= APACHE20 LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE.txt LICENSE_FILE= ${WRKSRC}/LICENSE.txt
CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl3* openssl31-quictls CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl3*
BROKEN_i386= ld: error: undefined symbol: __atomic_is_lock_free BROKEN_i386= ld: error: undefined symbol: __atomic_is_lock_free

192
security/openssl31-quictls/Makefile
View File

@ -1,192 +0,0 @@
PORTNAME= openssl
DISTVERSIONPREFIX= ${PORTNAME}-
PORTVERSION= 3.1.7
PORTREVISION= 1
DISTVERSIONSUFFIX= -quic1
CATEGORIES= security devel
PKGNAMESUFFIX= 31-quictls
MAINTAINER= brnrd@FreeBSD.org
COMMENT= QUIC capable fork of OpenSSL
WWW= https://www.github.com/quictls/openssl
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE.txt
CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl3* openssl-quictls
BROKEN_i386= ld: error: undefined symbol: __atomic_is_lock_free
HAS_CONFIGURE= yes
CONFIGURE_SCRIPT= config
CONFIGURE_ENV= PERL="${PERL}"
CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \
--prefix=${PREFIX}
USES= cpe perl5
USE_PERL5= build
USE_GITHUB= yes
GH_ACCOUNT= ${PKGNAMESUFFIX:C/.*-//}
TEST_TARGET= test
LDFLAGS_i386= -Wl,-znotext
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
EXTRA_PATCHES+= ${.CURDIR}/../openssl/files/patch-crypto_async_arch_async__posix.h
OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS
OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3
OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS
OPTIONS_GROUP_MODULES= FIPS LEGACY
OPTIONS_DEFINE_i386= I386
OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
OPTIONS_DEFINE= ASYNC CT KTLS MAN3 RFC3779 SHARED ZLIB
OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \
RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
OPTIONS_EXCLUDE_i386= FIPS
OPTIONS_GROUP_OPTIMIZE_amd64= EC
.if ${MACHINE_ARCH} == "amd64"
OPTIONS_GROUP_OPTIMIZE+= EC
.elif ${MACHINE_ARCH} == "mips64el"
OPTIONS_GROUP_OPTIMIZE+= EC
.endif
OPTIONS_SUB= yes
ARIA_DESC= ARIA (South Korean standard)
ASM_DESC= Assembler code
ASYNC_DESC= Asynchronous mode
CIPHERS_DESC= Block Cipher Support
CT_DESC= Certificate Transparency Support
DES_DESC= (Triple) Data Encryption Standard
EC_DESC= Optimize NIST elliptic curves
FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated)
GOST_DESC= GOST (Russian standard)
HASHES_DESC= Hash Function Support
I386_DESC= i386 (instead of i486+)
IDEA_DESC= International Data Encryption Algorithm
KTLS_DESC= Use in-kernel TLS
LEGACY_DESC= Older algorithms
MAN3_DESC= Install API manpages (section 3, 7)
MD2_DESC= MD2 (obsolete) (requires LEGACY)
MD4_DESC= MD4 (unsafe)
MDC2_DESC= MDC-2 (patented, requires DES)
MODULES_DESC= Provider modules
NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY)
OPTIMIZE_DESC= Optimizations
PROTOCOLS_DESC= Protocol Support
RC2_DESC= RC2 (unsafe)
RC4_DESC= RC4 (unsafe)
RC5_DESC= RC5 (patented)
RMD160_DESC= RIPEMD-160
RFC3779_DESC= RFC3779 support (BGP)
SCTP_DESC= SCTP (Stream Control Transmission)
SHARED_DESC= Build shared libraries
SM2_DESC= SM2 Elliptic Curve DH (Chinese standard)
SM3_DESC= SM3 256bit (Chinese standard)
SM4_DESC= SM4 128bit (Chinese standard)
SSE2_DESC= Runtime SSE2 detection
SSL3_DESC= SSLv3 (unsafe)
TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2)
TLS1_1_DESC= TLSv1.1 (requires TLS1_2)
TLS1_2_DESC= TLSv1.2
WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe)
# Upstream default disabled options
.for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib
${_option:tu}_CONFIGURE_ON= enable-${_option}
.endfor
# Upstream default enabled options
.for _option in aria asm async ct des gost idea md4 mdc2 legacy \
nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \
threads tls1 tls1_1 tls1_2
${_option:tu}_CONFIGURE_OFF= no-${_option}
.endfor
MD2_IMPLIES= LEGACY
MDC2_IMPLIES= DES
TLS1_IMPLIES= TLS1_1
TLS1_1_IMPLIES= TLS1_2
EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128
FIPS_VARS= shlibs+=lib/ossl-modules/fips.so
I386_CONFIGURE_ON= 386
LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so
MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits
SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_USE= ldconfig=yes
SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \
lib/libssl.so.${OPENSSL_SHLIBVER} \
lib/engines-${OPENSSL_SHLIBVER}/capi.so \
lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \
lib/engines-${OPENSSL_SHLIBVER}/padlock.so"
SSL3_CONFIGURE_ON+= enable-ssl3-method
ZLIB_CONFIGURE_ON= zlib-dynamic
SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so
PORTSCOUT= limit:^${DISTVERSION:R:S/./\./g}\.
.include <bsd.port.options.mk>
.if ${ARCH} == powerpc64
CONFIGURE_ARGS+= BSD-ppc64
.elif ${ARCH} == powerpc64le
CONFIGURE_ARGS+= BSD-ppc64le
.elif ${ARCH} == riscv64
CONFIGURE_ARGS+= BSD-riscv64
.endif
.include <bsd.port.pre.mk>
.if ${PREFIX} == /usr
IGNORE= the OpenSSL port can not be installed over the base version
.endif
OPENSSLDIR?= ${PREFIX}/openssl
PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==}
.include "version.mk"
post-patch:
${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/share/man|' \
-e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \
${WRKSRC}/Configurations/unix-Makefile.tmpl
${REINPLACE_CMD} 's|SHLIB_VERSION=81.3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \
${WRKSRC}/VERSION.dat
post-configure:
( cd ${WRKSRC} ; ${PERL} configdata.pm --dump )
post-configure-MAN3-off:
${REINPLACE_CMD} \
-e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \
-e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \
${WRKSRC}/Makefile
post-install-SHARED-on:
.for i in ${SHLIBS}
-@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i
.endfor
post-install-SHARED-off:
${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-${OPENSSL_SHLIBVER}
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
post-install-MAN3-on:
( cd ${STAGEDIR}/${PREFIX} ; find share/man/man3 -not -type d ; \
find share/man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST}
.include <bsd.port.post.mk>

3
security/openssl31-quictls/distinfo
View File

@ -1,3 +0,0 @@
TIMESTAMP = 1725707938
SHA256 (quictls-openssl-openssl-3.1.7-quic1_GH0.tar.gz) = e7e514ea033c290f09c7250dd43a845bc1e08066b793274f3ad3fe04c76a5206
SIZE (quictls-openssl-openssl-3.1.7-quic1_GH0.tar.gz) = 15852595

20
security/openssl31-quictls/files/extra-patch-util_find-doc-nits
View File

@ -1,20 +0,0 @@
--- util/find-doc-nits.orig 2023-08-03 13:45:48 UTC
+++ util/find-doc-nits
@@ -80,7 +80,7 @@ my $temp = '/tmp/docnits.txt';
my $OUT;
my $status = 0;
-$opt_m = "man1,man3,man5,man7" unless $opt_m;
+$opt_m = "man1,man5" unless $opt_m;
die "Argument of -m option may contain only man1, man3, man5, and/or man7"
unless $opt_m =~ /^(man[1357][, ]?)*$/;
my @sections = ( split /[, ]/, $opt_m );
@@ -725,7 +725,7 @@ sub check {
next if $target eq ''; # Skip if links within page, or
next if $target =~ /::/; # links to a Perl module, or
next if $target =~ /^https?:/; # is a URL link, or
- next if $target =~ /\([1357]\)$/; # it has a section
+ next if $target =~ /\([15]\)$/; # it has a section
err($id, "Missing man section number (likely, $mansect) in L<$target>")
}
# Check for proper links to commands.

198
security/openssl31-quictls/files/patch-CVE-2024-9143
View File

@ -1,198 +0,0 @@
From fdf6723362ca51bd883295efe206cb5b1cfa5154 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <viktor@openssl.org>
Date: Thu, 19 Sep 2024 01:02:40 +1000
Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse.
The BN_GF2m_poly2arr() function converts characteristic-2 field
(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
to a compact array with just the exponents of the non-zero terms.
These polynomials are then used in BN_GF2m_mod_arr() to perform modular
reduction. A precondition of calling BN_GF2m_mod_arr() is that the
polynomial must have a non-zero constant term (i.e. the array has `0` as
its final element).
Internally, callers of BN_GF2m_poly2arr() did not verify that
precondition, and binary EC curve parameters with an invalid polynomial
could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
The precondition is always true for polynomials that arise from the
standard form of EC parameters for characteristic-two fields (X9.62).
See the "Finite Field Identification" section of:
https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
basis X9.62 forms.
This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
Additionally, the return value is made unambiguous when there is not
enough space to also pad the array with a final `-1` sentinel value.
The return value is now always the number of elements (including the
final `-1`) that would be filled when the output array is sufficiently
large. Previously the same count was returned both when the array has
just enough room for the final `-1` and when it had only enough space
for non-sentinel values.
Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
CPU exhausition attacks via excessively large inputs.
The above issues do not arise in processing X.509 certificates. These
generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
disallows explicit EC parameters. The TLS code in OpenSSL enforces this
constraint only after the certificate is decoded, but, even if explicit
parameters are specified, they are in X9.62 form, which cannot represent
problem values as noted above.
Initially reported as oss-fuzz issue 71623.
A closely related issue was earlier reported in
<https://github.com/openssl/openssl/issues/19826>.
Severity: Low, CVE-2024-9143
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25639)
(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2)
---
crypto/bn/bn_gf2m.c | 28 +++++++++++++++-------
test/ec_internal_test.c | 51 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index c811ae82d6b15..bcc66613cc14d 100644
--- crypto/bn/bn_gf2m.c.orig
+++ crypto/bn/bn_gf2m.c
@@ -15,6 +15,7 @@
#include "bn_local.h"
#ifndef OPENSSL_NO_EC2M
+# include <openssl/ec.h>
/*
* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/*
* Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
* x^i) into an array of integers corresponding to the bits with non-zero
- * coefficient. Array is terminated with -1. Up to max elements of the array
- * will be filled. Return value is total number of array elements that would
- * be filled if array was large enough.
+ * coefficient. The array is intended to be suitable for use with
+ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
+ * zero. This translates to a requirement that the input BIGNUM `a` is odd.
+ *
+ * Given sufficient room, the array is terminated with -1. Up to max elements
+ * of the array will be filled.
+ *
+ * The return value is total number of array elements that would be filled if
+ * array was large enough, including the terminating `-1`. It is `0` when `a`
+ * is not odd or the constant term is zero contrary to requirement.
+ *
+ * The return value is also `0` when the leading exponent exceeds
+ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
*/
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{
int i, j, k = 0;
BN_ULONG mask;
- if (BN_is_zero(a))
+ if (!BN_is_odd(a))
return 0;
for (i = a->top - 1; i >= 0; i--) {
@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
}
}
- if (k < max) {
+ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
+ return 0;
+
+ if (k < max)
p[k] = -1;
- k++;
- }
- return k;
+ return k + 1;
}
/*
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index 8c2cd05631696..02cfd4e9d8858 100644
--- test/ec_internal_test.c.orig
+++ test/ec_internal_test.c
@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
}
#ifndef OPENSSL_NO_EC2M
+/* Test that decoding of invalid GF2m field parameters fails. */
+static int ec2m_field_sanity(void)
+{
+ int ret = 0;
+ BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
+
+ TEST_info("Testing GF2m hardening\n");
+
+ BN_CTX_start(ctx);
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ if (!TEST_ptr(b = BN_CTX_get(ctx))
+ || !TEST_true(BN_one(a))
+ || !TEST_true(BN_one(b)))
+ goto out;
+
+ /* Even pentanomial value should be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf2)))
+ goto out;
+ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Zero constant term accepted in GF2m polynomial");
+
+ /* Odd hexanomial should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf3)))
+ goto out;
+ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Hexanomial accepted as GF2m polynomial");
+
+ /* Excessive polynomial degree should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0x71))
+ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
+ goto out;
+ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("GF2m polynomial degree > %d accepted",
+ OPENSSL_ECC_MAX_FIELD_BITS);
+
+ ret = group1 == NULL && group2 == NULL && group3 == NULL;
+
+ out:
+ EC_GROUP_free(group1);
+ EC_GROUP_free(group2);
+ EC_GROUP_free(group3);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
+ return ret;
+}
+
/* test EC_GF2m_simple_method directly */
static int field_tests_ec2_simple(void)
{
@@ -443,6 +493,7 @@ int setup_tests(void)
ADD_TEST(field_tests_ecp_simple);
ADD_TEST(field_tests_ecp_mont);
#ifndef OPENSSL_NO_EC2M
+ ADD_TEST(ec2m_field_sanity);
ADD_TEST(field_tests_ec2_simple);
#endif
ADD_ALL_TESTS(field_tests_default, crv_len);

8
security/openssl31-quictls/pkg-descr
View File

@ -1,8 +0,0 @@
This is a fork of OpenSSL to enable QUIC. This fork adds API that can be
used by QUIC implementations for connection handshakes.
There is a community need for a QUIC capable TLS library. This fork is
intended as stopgap solution to enable higher level frameworks and runtimes
to use QUIC with the proven and reliable TLS functionality from OpenSSL.
This fork will be maintained until OpenSSL officially provides reasonable
support for QUIC implementations.

20
security/openssl31-quictls/pkg-message
View File

@ -1,20 +0,0 @@
[
{ type: install
message: <<EOM
This QUIC capable OpenSSL fork is in an ALPHA stage
Do NOT use for production!
EOM
}
{ type: upgrade
message: <<EOM
This QUIC capable OpenSSL fork is in an ALPHA stage
Do NOT use for production!
EOM
}
]

276
security/openssl31-quictls/pkg-plist
View File

@ -1,276 +0,0 @@
bin/c_rehash
bin/openssl
include/openssl/aes.h
include/openssl/asn1.h
include/openssl/asn1_mac.h
include/openssl/asn1err.h
include/openssl/asn1t.h
include/openssl/async.h
include/openssl/asyncerr.h
include/openssl/bio.h
include/openssl/bioerr.h
include/openssl/blowfish.h
include/openssl/bn.h
include/openssl/bnerr.h
include/openssl/buffer.h
include/openssl/buffererr.h
include/openssl/camellia.h
include/openssl/cast.h
include/openssl/cmac.h
include/openssl/cmp.h
include/openssl/cmp_util.h
include/openssl/cmperr.h
include/openssl/cms.h
include/openssl/cmserr.h
include/openssl/comp.h
include/openssl/comperr.h
include/openssl/conf.h
include/openssl/conf_api.h
include/openssl/conferr.h
include/openssl/configuration.h
include/openssl/conftypes.h
include/openssl/core.h
include/openssl/core_dispatch.h
include/openssl/core_names.h
include/openssl/core_object.h
include/openssl/crmf.h
include/openssl/crmferr.h
include/openssl/crypto.h
include/openssl/cryptoerr.h
include/openssl/cryptoerr_legacy.h
include/openssl/ct.h
include/openssl/cterr.h
include/openssl/decoder.h
include/openssl/decodererr.h
include/openssl/des.h
include/openssl/dh.h
include/openssl/dherr.h
include/openssl/dsa.h
include/openssl/dsaerr.h
include/openssl/dtls1.h
include/openssl/e_os2.h
include/openssl/ebcdic.h
include/openssl/ec.h
include/openssl/ecdh.h
include/openssl/ecdsa.h
include/openssl/ecerr.h
include/openssl/encoder.h
include/openssl/encodererr.h
include/openssl/engine.h
include/openssl/engineerr.h
include/openssl/err.h
include/openssl/ess.h
include/openssl/esserr.h
include/openssl/evp.h
include/openssl/evperr.h
include/openssl/fips_names.h
include/openssl/fipskey.h
include/openssl/hmac.h
include/openssl/http.h
include/openssl/httperr.h
include/openssl/idea.h
include/openssl/kdf.h
include/openssl/kdferr.h
include/openssl/lhash.h
include/openssl/macros.h
include/openssl/md2.h
include/openssl/md4.h
include/openssl/md5.h
include/openssl/mdc2.h
include/openssl/modes.h
include/openssl/obj_mac.h
include/openssl/objects.h
include/openssl/objectserr.h
include/openssl/ocsp.h
include/openssl/ocsperr.h
include/openssl/opensslconf.h
include/openssl/opensslv.h
include/openssl/ossl_typ.h
include/openssl/param_build.h
include/openssl/params.h
include/openssl/pem.h
include/openssl/pem2.h
include/openssl/pemerr.h
include/openssl/pkcs12.h
include/openssl/pkcs12err.h
include/openssl/pkcs7.h
include/openssl/pkcs7err.h
include/openssl/prov_ssl.h
include/openssl/proverr.h
include/openssl/provider.h
include/openssl/quic.h
include/openssl/rand.h
include/openssl/randerr.h
include/openssl/rc2.h
include/openssl/rc4.h
include/openssl/rc5.h
include/openssl/ripemd.h
include/openssl/rsa.h
include/openssl/rsaerr.h
include/openssl/safestack.h
include/openssl/seed.h
include/openssl/self_test.h
include/openssl/sha.h
include/openssl/srp.h
include/openssl/srtp.h
include/openssl/ssl.h
include/openssl/ssl2.h
include/openssl/ssl3.h
include/openssl/sslerr.h
include/openssl/sslerr_legacy.h
include/openssl/stack.h
include/openssl/store.h
include/openssl/storeerr.h
include/openssl/symhacks.h
include/openssl/tls1.h
include/openssl/trace.h
include/openssl/ts.h
include/openssl/tserr.h
include/openssl/txt_db.h
include/openssl/types.h
include/openssl/ui.h
include/openssl/uierr.h
include/openssl/whrlpool.h
include/openssl/x509.h
include/openssl/x509_vfy.h
include/openssl/x509err.h
include/openssl/x509v3.h
include/openssl/x509v3err.h
%%SHARED%%lib/engines-%%SHLIBVER%%/capi.so
%%SHARED%%lib/engines-%%SHLIBVER%%/devcrypto.so
%%SHARED%%lib/engines-%%SHLIBVER%%/loader_attic.so
%%SHARED%%lib/engines-%%SHLIBVER%%/padlock.so
lib/libcrypto.a
%%SHARED%%lib/libcrypto.so
%%SHARED%%lib/libcrypto.so.%%SHLIBVER%%
lib/libssl.a
%%SHARED%%lib/libssl.so
%%SHARED%%lib/libssl.so.%%SHLIBVER%%
%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so
libdata/pkgconfig/libcrypto.pc
libdata/pkgconfig/libssl.pc
libdata/pkgconfig/openssl.pc
share/man/man1/CA.pl.1ossl.gz
share/man/man1/asn1parse.1ossl.gz
share/man/man1/c_rehash.1ossl.gz
share/man/man1/ca.1ossl.gz
share/man/man1/ciphers.1ossl.gz
share/man/man1/cms.1ossl.gz
share/man/man1/cmp.1ossl.gz
share/man/man1/crl.1ossl.gz
share/man/man1/crl2pkcs7.1ossl.gz
share/man/man1/dgst.1ossl.gz
share/man/man1/dhparam.1ossl.gz
share/man/man1/dsa.1ossl.gz
share/man/man1/dsaparam.1ossl.gz
share/man/man1/ec.1ossl.gz
share/man/man1/ecparam.1ossl.gz
share/man/man1/enc.1ossl.gz
share/man/man1/engine.1ossl.gz
share/man/man1/errstr.1ossl.gz
share/man/man1/gendsa.1ossl.gz
share/man/man1/genpkey.1ossl.gz
share/man/man1/genrsa.1ossl.gz
share/man/man1/info.1ossl.gz
share/man/man1/kdf.1ossl.gz
share/man/man1/mac.1ossl.gz
share/man/man1/nseq.1ossl.gz
share/man/man1/ocsp.1ossl.gz
share/man/man1/openssl-asn1parse.1ossl.gz
share/man/man1/openssl-ca.1ossl.gz
share/man/man1/openssl-ciphers.1ossl.gz
share/man/man1/openssl-cmds.1ossl.gz
share/man/man1/openssl-cmp.1ossl.gz
share/man/man1/openssl-cms.1ossl.gz
share/man/man1/openssl-crl.1ossl.gz
share/man/man1/openssl-crl2pkcs7.1ossl.gz
share/man/man1/openssl-dgst.1ossl.gz
share/man/man1/openssl-dhparam.1ossl.gz
share/man/man1/openssl-dsa.1ossl.gz
share/man/man1/openssl-dsaparam.1ossl.gz
share/man/man1/openssl-ec.1ossl.gz
share/man/man1/openssl-ecparam.1ossl.gz
share/man/man1/openssl-enc.1ossl.gz
share/man/man1/openssl-engine.1ossl.gz
share/man/man1/openssl-errstr.1ossl.gz
share/man/man1/openssl-fipsinstall.1ossl.gz
share/man/man1/openssl-format-options.1ossl.gz
share/man/man1/openssl-gendsa.1ossl.gz
share/man/man1/openssl-genpkey.1ossl.gz
share/man/man1/openssl-genrsa.1ossl.gz
share/man/man1/openssl-info.1ossl.gz
share/man/man1/openssl-kdf.1ossl.gz
share/man/man1/openssl-list.1ossl.gz
share/man/man1/openssl-mac.1ossl.gz
share/man/man1/openssl-namedisplay-options.1ossl.gz
share/man/man1/openssl-nseq.1ossl.gz
share/man/man1/openssl-ocsp.1ossl.gz
share/man/man1/openssl-passphrase-options.1ossl.gz
share/man/man1/openssl-passwd.1ossl.gz
share/man/man1/openssl-pkcs12.1ossl.gz
share/man/man1/openssl-pkcs7.1ossl.gz
share/man/man1/openssl-pkcs8.1ossl.gz
share/man/man1/openssl-pkey.1ossl.gz
share/man/man1/openssl-pkeyparam.1ossl.gz
share/man/man1/openssl-pkeyutl.1ossl.gz
share/man/man1/openssl-prime.1ossl.gz
share/man/man1/openssl-rand.1ossl.gz
share/man/man1/openssl-rehash.1ossl.gz
share/man/man1/openssl-req.1ossl.gz
share/man/man1/openssl-rsa.1ossl.gz
share/man/man1/openssl-rsautl.1ossl.gz
share/man/man1/openssl-s_client.1ossl.gz
share/man/man1/openssl-s_server.1ossl.gz
share/man/man1/openssl-s_time.1ossl.gz
share/man/man1/openssl-sess_id.1ossl.gz
share/man/man1/openssl-smime.1ossl.gz
share/man/man1/openssl-speed.1ossl.gz
share/man/man1/openssl-spkac.1ossl.gz
share/man/man1/openssl-srp.1ossl.gz
share/man/man1/openssl-storeutl.1ossl.gz
share/man/man1/openssl-ts.1ossl.gz
share/man/man1/openssl-verification-options.1ossl.gz
share/man/man1/openssl-verify.1ossl.gz
share/man/man1/openssl-version.1ossl.gz
share/man/man1/openssl-x509.1ossl.gz
share/man/man1/openssl.1ossl.gz
share/man/man1/passwd.1ossl.gz
share/man/man1/pkcs12.1ossl.gz
share/man/man1/pkcs7.1ossl.gz
share/man/man1/pkcs8.1ossl.gz
share/man/man1/pkey.1ossl.gz
share/man/man1/pkeyparam.1ossl.gz
share/man/man1/pkeyutl.1ossl.gz
share/man/man1/prime.1ossl.gz
share/man/man1/rand.1ossl.gz
share/man/man1/rehash.1ossl.gz
share/man/man1/req.1ossl.gz
share/man/man1/rsa.1ossl.gz
share/man/man1/rsautl.1ossl.gz
share/man/man1/s_client.1ossl.gz
share/man/man1/s_server.1ossl.gz
share/man/man1/s_time.1ossl.gz
share/man/man1/sess_id.1ossl.gz
share/man/man1/smime.1ossl.gz
share/man/man1/speed.1ossl.gz
share/man/man1/spkac.1ossl.gz
share/man/man1/srp.1ossl.gz
share/man/man1/storeutl.1ossl.gz
share/man/man1/ts.1ossl.gz
share/man/man1/tsget.1ossl.gz
share/man/man1/verify.1ossl.gz
share/man/man1/version.1ossl.gz
share/man/man1/x509.1ossl.gz
share/man/man5/config.5ossl.gz
share/man/man5/fips_config.5ossl.gz
share/man/man5/x509v3_config.5ossl.gz
%%OPENSSLDIR%%/misc/CA.pl
@comment %%OPENSSLDIR%%/misc/tsget.pl
%%OPENSSLDIR%%/misc/tsget
@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf
%%FIPS%%%%OPENSSLDIR%%/fipsmodule.cnf
@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf
@dir lib/ossl-modules
@dir %%OPENSSLDIR%%/private
@dir %%OPENSSLDIR%%/certs

1
security/openssl31-quictls/version.mk
View File

@ -1 +0,0 @@
OPENSSL_SHLIBVER?= 13