| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Relnotes: yes
|
| |
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1p.
Approved by: re (gjb)
Relnotes: yes
|
|
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1o.
Note it is instantly merged because it restores ABI compatibility broken by
the previous OpenSSL 1.0.1n.
Relnotes: yes
|
|
|
|
| |
Merge OpenSSL 1.0.1n.
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
|
|
|
|
|
|
|
|
| |
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Pointy hat to: delphij
|
|
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1l.
Relnotes: yes
|
|
|
|
| |
Merge OpenSSL 1.0.1k.
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1j.
Relnotes: yes
|
|
|
|
| |
Merge OpenSSL 1.0.1i.
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
|
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
|
|
|
|
| |
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
|
|\
| |
| |
| | |
Approved by: secteam (simon), benl (silence)
|
| |
| |
| |
| |
| | |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| |
| |
| |
| | |
X-MFC after: with r244974
|
| |
| |
| |
| |
| |
| |
| |
| | |
Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
some time ago to use sysctl instead of /dev/random to get random data,
so is now much better choice, especially for sandboxed processes that have
no direct access to /dev/random.
Approved by: benl
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| | |
Note: I timed out waiting for an exp-run for this change but I survived
having it locally for quite a long time.
MFC after: 1 month
X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
|
|\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
| |
| |
| |
| |
| |
| |
| | |
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)
|
|\ \
| |/
| |
| |
| |
| | |
Security: CVE-2010-4180
Security: http://www.openssl.org/news/secadv_20101202.txt
MFC after: 3 days
|
| |
| |
| |
| |
| | |
Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make inline assembler clang-friendly [from HEAD].
openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2
openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1
Approved by: simon
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
MFC after: 1 week
Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
|
|\ \
| |/
| |
| | |
Approved by: re
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sanity-check string lengths in order to stop OpenSSL crashing
when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc
Security: FreeBSD-SA-09:08.openssl
Security: CVE-2009-0590
Approved by: re (kensmith)
Approved by: so (cperciva)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
with OpenSSL 0.9.8 import.
Note that this does not enable cryptodev by default, as it was the
case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it
possible to enable cryptodev at all.
This has been submitted upstream as:
http://rt.openssl.org/Ticket/Display.html?id=1624
Submitted by: nork
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
casts a bit less evil.
This was e.g. seen when using portsnap as:
Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction
Note the patch is slightly different from kan's original patch to
match style in the OpenSSL source files a bit better.
Submitted by: kan
Tested by: many
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
EVP_CIPHER_CTX_key_length() should return the set key length
in the EVP_CIPHER_CTX structure which may not be the same as
the underlying cipher key length for variable length ciphers.
This fixes problems in OpenSSH using some ciphers, and possibly other
applications.
See also: http://bugzilla.mindrot.org/show_bug.cgi?id=1291
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| |
| | |
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.
This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| | |
Obtained from: OpenSSL project
Security: FreeBSD-SA-06:19.openssl
|
| |
| |
| |
| |
| |
| |
| |
| | |
This was missed the first time around since eng_padlock.c was not part
of OpenSSL 0.9.7e and therefor did not have the v0_9_7e CVS tag used
during original resolve of conflicts.
Noticed by: Antoine Brodin <antoine.brodin@laposte.net>
|
| | |
|