openssl: update to 1.1.1m.

 Changes between 1.1.1l and 1.1.1m [14 Dec 2021]

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

5 files changed, 11 insertions, 61 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index a8dc91838f5..c49249fc762 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.277 2022/01/11 11:10:39 schmonz Exp $
+# $NetBSD: Makefile,v 1.278 2022/02/28 12:25:09 wiz Exp $
 
 # Remember to upload-distfiles when updating OpenSSL -- otherwise it
 # is not possible for users who have bootstrapped without OpenSSL
 # to install it and enable HTTPS fetching.
-DISTNAME=	openssl-1.1.1l
+DISTNAME=	openssl-1.1.1m
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/
 
diff --git a/security/openssl/PLIST b/security/openssl/PLIST
index 6f397f27551..68eeedb99f1 100644
--- a/security/openssl/PLIST
+++ b/security/openssl/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2021/08/25 11:25:25 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.10 2022/02/28 12:25:09 wiz Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -3780,6 +3780,8 @@ man/man3/d2i_X509_REQ_fp.3
 man/man3/d2i_X509_REVOKED.3
 man/man3/d2i_X509_SIG.3
 man/man3/d2i_X509_VAL.3
+man/man3/d2i_X509_bio.3
+man/man3/d2i_X509_fp.3
 man/man3/i2d_ACCESS_DESCRIPTION.3
 man/man3/i2d_ADMISSIONS.3
 man/man3/i2d_ADMISSION_SYNTAX.3
@@ -3974,6 +3976,8 @@ man/man3/i2d_X509_REQ_fp.3
 man/man3/i2d_X509_REVOKED.3
 man/man3/i2d_X509_SIG.3
 man/man3/i2d_X509_VAL.3
+man/man3/i2d_X509_bio.3
+man/man3/i2d_X509_fp.3
 man/man3/i2d_re_X509_CRL_tbs.3
 man/man3/i2d_re_X509_REQ_tbs.3
 man/man3/i2d_re_X509_tbs.3
@@ -4045,5 +4049,3 @@ share/examples/openssl/misc/tsget
 share/examples/openssl/misc/tsget.pl
 share/examples/openssl/openssl.cnf
 share/examples/openssl/openssl.cnf.dist
-@pkgdir share/examples/openssl/private
-@pkgdir share/examples/openssl/certs
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index ac616e55d39..a14ef5adf60 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,10 +1,8 @@
-$NetBSD: distinfo,v 1.156 2022/01/11 13:54:01 schmonz Exp $
+$NetBSD: distinfo,v 1.157 2022/02/28 12:25:09 wiz Exp $
 
-BLAKE2s (openssl-1.1.1l.tar.gz) = a011562eff4d77dab8d1e80753fa06cb87945783b4dd9ca111e37a59209f1df6
-SHA512 (openssl-1.1.1l.tar.gz) = d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
-Size (openssl-1.1.1l.tar.gz) = 9834044 bytes
+BLAKE2s (openssl-1.1.1m.tar.gz) = 4fbc0401eb9e3b8100c82b736e86cade3bf0ff9f0ed7c3fc96c99fb3b9f32485
+SHA512 (openssl-1.1.1m.tar.gz) = ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
+Size (openssl-1.1.1m.tar.gz) = 9847315 bytes
 SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = 3f47dd453381485aeb6c37dc53f932428fdcef50
 SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2
-SHA1 (patch-crypto_rand_rand__unix.c) = 41b7cce4f31021080d5dfdd2b7d4ddc0f4c7175a
-SHA1 (patch-include_crypto_rand.h) = c7c6556a483b56ba2ac23c6b44193ce3dc0b2119
diff --git a/security/openssl/patches/patch-crypto_rand_rand__unix.c b/security/openssl/patches/patch-crypto_rand_rand__unix.c
deleted file mode 100644
index 3562be03849..00000000000
--- a/security/openssl/patches/patch-crypto_rand_rand__unix.c
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-crypto_rand_rand__unix.c,v 1.4 2022/01/11 13:54:01 schmonz Exp $
-
-Apply upstream c023d98dcf2ba1cc30f545ae54d0e037e80a8794:
-Darwin platform allows to build on releases before Yosemite/ios 8.
-
---- crypto/rand/rand_unix.c.orig	2021-08-24 13:38:47.000000000 +0000
-+++ crypto/rand/rand_unix.c
-@@ -34,9 +34,6 @@
- #if defined(__OpenBSD__)
- # include <sys/param.h>
- #endif
--#if defined(__APPLE__)
--# include <CommonCrypto/CommonRandom.h>
--#endif
- 
- #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
- # include <sys/types.h>
-@@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf,
-         if (errno != ENOSYS)
-             return -1;
-     }
--#  elif defined(__APPLE__)
-+#  elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
-     if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
- 	    return (ssize_t)buflen;
- 
diff --git a/security/openssl/patches/patch-include_crypto_rand.h b/security/openssl/patches/patch-include_crypto_rand.h
deleted file mode 100644
index 1a7a04ae92e..00000000000
--- a/security/openssl/patches/patch-include_crypto_rand.h
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-include_crypto_rand.h,v 1.1 2022/01/11 13:54:01 schmonz Exp $
-
-Apply upstream c023d98dcf2ba1cc30f545ae54d0e037e80a8794:
-Darwin platform allows to build on releases before Yosemite/ios 8.
-
---- include/crypto/rand.h.orig	2021-08-24 13:38:47.000000000 +0000
-+++ include/crypto/rand.h
-@@ -20,6 +20,16 @@
- 
- # include <openssl/rand.h>
- 
-+# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
-+#  include <Availability.h>
-+#  if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \
-+     (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
-+#   define OPENSSL_APPLE_CRYPTO_RANDOM 1
-+#   include <CommonCrypto/CommonCryptoError.h>
-+#   include <CommonCrypto/CommonRandom.h>
-+#  endif
-+# endif
-+
- /* forward declaration */
- typedef struct rand_pool_st RAND_POOL;
-