summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Merge OpenSSL 1.0.1e.jkim2013-02-1328-355/+1338
|\ | | | | | | Approved by: secteam (simon), benl (silence)
* \ Merge OpenSSL 1.0.1c.jkim2012-07-1253-3599/+14321
|\ \ | |/ | | | | Approved by: benl (maintainer)
* | Merge OpenSSL 0.9.8x.jkim2012-06-2717-103/+224
| | | | | | | | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* | Update the previous openssl fix. [12:01]bz2012-05-301-8/+7
| | | | | | | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* | Fix multiple OpenSSL vulnerabilities.bz2012-05-035-0/+28
| | | | | | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
* | Fix SSL memory handlig for (EC)DH cipher suites, in particular fordelphij2011-09-082-7/+21
| | | | | | | | | | | | | | | | | | multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
* | Fix Incorrectly formatted ClientHello SSL/TLS handshake messages couldsimon2011-02-121-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS
* | Merge OpenSSL 0.9.8q into head.simon2010-12-032-0/+8
|\ \ | |/ | | | | | | | | Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
* | Merge OpenSSL 0.9.8p into head.simon2010-11-2220-169/+327
| | | | | | | | | | Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
* | Fix double-free in OpenSSL's SSL ECDH code.simon2010-11-141-0/+1
| | | | | | | | | | | | | | | | | | It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long...
* | Merge OpenSSL 0.9.8n into head.simon2010-04-012-3/+6
| | | | | | | | | | | | | | | | | | | | | | This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
* | Merge OpenSSL 0.9.8m into head.simon2010-03-1334-421/+1766
|\ \ | |/ | | | | | | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks
* | Disable SSL renegotiation in order to protect against a seriouscperciva2009-12-033-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
* | Merge DTLS fixes from vendor-crypto/openssl/dist:simon2009-08-232-17/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message(). Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
* | Merge OpenSSL 0.9.8k into head.simon2009-06-1435-361/+2705
|\ \ | |/ | | | | Approved by: re
| * Flatten OpenSSL vendor tree.simon2008-08-2355-41722/+0
| |
* | Prevent cross-site forgery attacks on lukemftpd(8) due to splittingsimon2009-01-075-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
* | This commit was generated by cvs2svn to compensate for changes in r172767,simon2007-10-184-615/+544
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.simon2007-10-184-615/+544
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the OpenSSL advisory: Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt
* | Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().simon2007-10-031-11/+11
| | | | | | | | | | Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket)
* | Resolve conflicts after import of OpenSSL 0.9.8e.simon2007-03-154-6/+7
| |
* | This commit was generated by cvs2svn to compensate for changes in r167612,simon2007-03-1515-78/+208
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.8e.simon2007-03-1519-84/+215
| |
* | Resolve conflicts after import of OpenSSL 0.9.8d.simon2006-10-012-2/+3
| |
* | This commit was generated by cvs2svn to compensate for changes in r162911,simon2006-10-0111-54/+406
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.8d.simon2006-10-0113-56/+409
| |
* | Resolve conflicts after import of OpenSSL 0.9.8b.simon2006-07-298-327/+259
| |
* | This commit was generated by cvs2svn to compensate for changes in r160814,simon2006-07-2939-2655/+11423
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.8bsimon2006-07-2947-2988/+11683
| |
| * Remove files that are no longer part of OpenSSL from the vendornectar2005-02-251-1019/+0
| | | | | | | | branch. This time, these are mostly the `Makefile.ssl' files.
* | Correct a man-in-the-middle SSL version rollback vulnerability.cperciva2005-10-111-6/+1
| | | | | | | | Security: FreeBSD-SA-05:21.openssl
* | This commit was generated by cvs2svn to compensate for changes in r142430,nectar2005-02-251-1019/+0
| | | | | | | | which included commits to RCS files with non-trunk default branches.
* | Resolve conflicts after import of OpenSSL 0.9.7e.nectar2005-02-253-7/+16
| |
* | This commit was generated by cvs2svn to compensate for changes in r142425,nectar2005-02-2513-84/+1238
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.7e.nectar2005-02-2516-91/+1254
| |
| * Clean up the OpenSSL vendor branch by removing files that are notnectar2005-02-251-884/+0
| | | | | | | | part of recent releases.
* | Resolve conflicts after import of OpenSSL 0.9.7d.nectar2004-03-175-5/+2
| |
* | This commit was generated by cvs2svn to compensate for changes in r127128,nectar2004-03-1713-311/+335
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.7d.nectar2004-03-1718-316/+337
| |
* | This commit was generated by cvs2svn to compensate for changes in r127114,nectar2004-03-171-0/+8
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).nectar2004-03-171-0/+8
| | | | | | | | Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
* | This commit was generated by cvs2svn to compensate for changes in r120631,nectar2003-10-019-23/+54
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.7cnectar2003-10-019-23/+54
| |
* | This commit was generated by cvs2svn to compensate for changes in r112439,jedgar2003-03-201-13/+12
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import of PKCS #1 security fix.jedgar2003-03-201-13/+12
| | | | | | | | http://www.openssl.org/news/secadv_20030319.txt
* | Resolve conflicts after import of OpenSSL 0.9.7a.nectar2003-02-191-1/+1
| |
* | This commit was generated by cvs2svn to compensate for changes in r111147,nectar2003-02-198-37/+82
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSL 0.9.7a.nectar2003-02-199-38/+83
| |
* | Merge conflicts.markm2003-01-289-218/+287
| | | | | | | | This is cunning doublespeak for "use vendor code".
* | This commit was generated by cvs2svn to compensate for changes in r109998,markm2003-01-2836-1440/+5962
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
OpenPOWER on IntegriCloud