From de269f48f99bac2f2ff4cbf0922c3f2c2d1ac93a Mon Sep 17 00:00:00 2001
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Tue, 14 Aug 2018 14:12:53 +0000
Subject: security/openssl: Update to 1.0.2p

 - Includes vulnerability fixes that were already
   added to the port as patches
---
 security/openssl/Makefile                  |  3 +--
 security/openssl/distinfo                  | 14 +++--------
 security/openssl/files/patch-CVE-2018-0732 | 39 ------------------------------
 security/openssl/files/patch-CVE-2018-0737 | 28 ---------------------
 security/openssl/pkg-plist                 |  1 +
 5 files changed, 5 insertions(+), 80 deletions(-)
 delete mode 100644 security/openssl/files/patch-CVE-2018-0732
 delete mode 100644 security/openssl/files/patch-CVE-2018-0737

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 1933119818d0..63523927e149 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	openssl
-PORTVERSION=	1.0.2o
-PORTREVISION=	4
+PORTVERSION=	1.0.2p
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index cb262ea415c9..f4bdf7b748be 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,11 +1,3 @@
-TIMESTAMP = 1522160096
-SHA256 (openssl-1.0.2/openssl-1.0.2o.tar.gz) = ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
-SIZE (openssl-1.0.2/openssl-1.0.2o.tar.gz) = 5329472
-SHA256 (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
-SIZE (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
-SHA256 (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
-SIZE (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
-SHA256 (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
-SIZE (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
-SHA256 (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
-SIZE (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
+TIMESTAMP = 1534253606
+SHA256 (openssl-1.0.2/openssl-1.0.2p.tar.gz) = 50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00
+SIZE (openssl-1.0.2/openssl-1.0.2p.tar.gz) = 5338192
diff --git a/security/openssl/files/patch-CVE-2018-0732 b/security/openssl/files/patch-CVE-2018-0732
deleted file mode 100644
index f6ef0008152a..000000000000
--- a/security/openssl/files/patch-CVE-2018-0732
+++ /dev/null
@@ -1,39 +0,0 @@
-From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 387558f1467..f235e0d682b 100644
---- crypto/dh/dh_key.c.orig
-+++ crypto/dh/dh_key.c
-@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
-     int ok = 0;
-     int generate_new_key = 0;
-     unsigned l;
--    BN_CTX *ctx;
-+    BN_CTX *ctx = NULL;
-     BN_MONT_CTX *mont = NULL;
-     BIGNUM *pub_key = NULL, *priv_key = NULL;
- 
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;
diff --git a/security/openssl/files/patch-CVE-2018-0737 b/security/openssl/files/patch-CVE-2018-0737
deleted file mode 100644
index bd976c8c9fe2..000000000000
--- a/security/openssl/files/patch-CVE-2018-0737
+++ /dev/null
@@ -1,28 +0,0 @@
-From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley@gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 9ca5dfefb70..42b89a8dfaa 100644
---- crypto/rsa/rsa_gen.c.orig
-+++ crypto/rsa/rsa_gen.c
-@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-     if (BN_copy(rsa->e, e_value) == NULL)
-         goto err;
- 
-+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-     BN_set_flags(r2, BN_FLG_CONSTTIME);
-     /* generate p and q */
-     for (;;) {
diff --git a/security/openssl/pkg-plist b/security/openssl/pkg-plist
index 3d12bdf193da..fe5afe80ed3b 100644
--- a/security/openssl/pkg-plist
+++ b/security/openssl/pkg-plist
@@ -1432,6 +1432,7 @@ man/man1/x509.1.gz
 %%MAN3%%man/man3/SSL_get_servername.3.gz
 %%MAN3%%man/man3/SSL_get_servername_type.3.gz
 %%MAN3%%man/man3/SSL_get_session.3.gz
+%%MAN3%%man/man3/SSL_get_shared_ciphers.3.gz
 %%MAN3%%man/man3/SSL_get_shared_curve.3.gz
 %%MAN3%%man/man3/SSL_get_shutdown.3.gz
 %%MAN3%%man/man3/SSL_get_ssl_method.3.gz
-- 
cgit v1.2.3