* The feature that stopped alpine from saving passwords in the password

     file prevented users from actually saving their passwords in Windows
     and MAC OS. Fix the code so that passwords will be saved. Also,
     update the documentation of this feature.

   * Fix a buffer overflow bug in the XOAUTH2 code (off by one error).

   * Update PC-Alpine to work with Libressl version 3.0.2 instead of
     version 2.5.5 (update build.bat and lib files from the LibreSSL
     build).

   * Erase SSLXXXXXX file.

   * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c.
     The file ssl_libressl.c is the file ssl_unix.c from the unix osdep
     directory. The file ssl_win.c is the native SSL windows code. The
     Unix side provides S/MIME support for Alpine and the latest
     encryption protocols support for Alpine when connecting to a secure
     server, while the windows side provide TLSv1_3 support for Alpine,
     but not S/MIME support.

     In order to provide unix code for TLSv1_3 (once LibreSSL supports it)
     edit the file os_nt.c and remove the comments on the #ifdef section.
     This would provide both TLSv1_3 and S/MIME support with unix code. On
     the other hand, when we provide TLSv1_3 with the Windows code we need
     to undefine DF_ENCRYPTION_RANGE, and this is done in the file
     include/config.wnt.h. The way this is done as of this moment is by
     commenting an #else directive that preceedes this #undefine.

   * Update makefile.nt and friends in the windows side to account for the
     addition of XOAUTH2, and the use of only ssl_nt.c when dealing with
     Alpine.

   * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these
     certificates be considered while checking a digital S/MIME signature.

   * Improvements to the SMARTTIME24 token to account for changes in year.

1 files changed, 72 insertions, 7 deletions

diff --git a/libressl/include/openssl/rsa.h b/libressl/include/openssl/rsa.h
index febeb297..2aa472f5 100644
--- a/libressl/include/openssl/rsa.h
+++ b/libressl/include/openssl/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.29 2016/09/04 17:25:27 jsing Exp $ */
+/* $OpenBSD: rsa.h,v 1.40 2019/06/05 15:41:33 gilles Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -256,6 +256,7 @@ struct rsa_st {
 
 RSA *RSA_new(void);
 RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
 int RSA_size(const RSA *rsa);
 
 /* Deprecated version */
@@ -367,10 +368,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
     const unsigned char *f, int fl, int rsa_len,
     const unsigned char *p, int pl);
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
 int RSA_padding_add_none(unsigned char *to, int tlen,
     const unsigned char *f, int fl);
 int RSA_padding_check_none(unsigned char *to, int tlen,
@@ -399,6 +396,18 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 int RSA_set_ex_data(RSA *r, int idx, void *arg);
 void *RSA_get_ex_data(const RSA *r, int idx);
 
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
+    const BIGNUM **d);
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+    const BIGNUM **iqmp);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 
@@ -421,6 +430,64 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
  */
 #define RSA_FLAG_CHECKED			0x0800
 
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
+int RSA_meth_set_pub_enc(RSA_METHOD *meth, int (*pub_enc)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_pub_dec(RSA_METHOD *meth, int (*pub_dec)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_mod_exp(RSA_METHOD *meth, int (*mod_exp)(BIGNUM *r0,
+    const BIGNUM *i, RSA *rsa, BN_CTX *ctx));
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)(BIGNUM *r,
+    const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx));
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa));
+int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)(RSA *rsa, int bits,
+    BIGNUM *e, BN_GENCB *cb));
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+const char *RSA_meth_get0_name(const RSA_METHOD *);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+    RSA *rsa, BN_CTX *ctx);
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r,
+    const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa);
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+    BN_GENCB *cb);
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type,
+    const unsigned char *m, unsigned int m_length,
+    unsigned char *sigret, unsigned int *siglen,
+    const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign)(int type,
+    const unsigned char *m, unsigned int m_length, unsigned char *sigret,
+    unsigned int *siglen, const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype,
+    const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
+    unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype,
+    const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
+    unsigned int siglen, const RSA *rsa));
+
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -464,13 +531,11 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 148
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
 #define RSA_F_RSA_PADDING_ADD_X931			 127
 #define RSA_F_RSA_PADDING_CHECK_NONE			 111
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
 #define RSA_F_RSA_PADDING_CHECK_X931			 128
 #define RSA_F_RSA_PRINT					 115
 #define RSA_F_RSA_PRINT_FP				 116