summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4Renato Botelho2017-12-111-1/+1
|\
| * Fix multiple OpenSSL vulnerabilities.gordon2017-12-091-1/+1
| | | | | | | | | | | | | | Approved by: so Security: CVE-2017-3737 Security: CVE-2017-3738 Security: FreeBSD-SA-17:12.openssl
* | MFC: r325328jkim2017-11-138-24/+133
| | | | | | | | | | | | Merge OpenSSL 1.0.2m. (cherry picked from commit a88f0513c4cf81f98bab740e4f112f1a6d7f4d42)
* | MFC: r318899jkim2017-11-1320-97/+346
|/ | | | | | Merge OpenSSL 1.0.2l. (cherry picked from commit ffd1bb8c599181e0733f8e00d8d8198b4ea6a73b)
* MFC: r312825jkim2017-01-2613-141/+299
| | | | Merge OpenSSL 1.0.2k.
* MFC: r306342jkim2016-09-261-0/+2
| | | | Merge OpenSSL 1.0.2j.
* MFC: r306193jkim2016-09-2229-232/+1522
| | | | Merge OpenSSL 1.0.2u.
* Merge OpenSSL 1.0.2h.jkim2016-05-0313-117/+363
|\ | | | | | | Relnotes: yes
* \ Merge OpenSSL 1.0.2g.jkim2016-03-018-54/+347
|\ \ | |/ | | | | Relnotes: yes
* | Merge OpenSSL 1.0.2f.jkim2016-01-2814-106/+152
|\ \ | |/ | | | | Relnotes: yes
* | Merge OpenSSL 1.0.2e.jkim2015-12-0328-265/+696
|\ \ | |/
* | Merge OpenSSL 1.0.2d.jkim2015-10-3044-3642/+8606
|\ \ | |/
* | Merge OpenSSL 1.0.1p.jkim2015-07-092-15/+4
|\ \ | |/
* | Merge OpenSSL 1.0.1o.jkim2015-06-121-6/+6
| |
* | Merge OpenSSL 1.0.1n.jkim2015-06-1123-343/+813
| |
* | Merge OpenSSL 1.0.1m.jkim2015-03-2061-46881/+47199
|\ \ | |/
* | Merge OpenSSL 1.0.1k.jkim2015-01-0830-446/+646
|\ \ | |/
* | Merge OpenSSL 1.0.1j.jkim2014-10-1522-312/+534
|\ \ | |/
* | Merge OpenSSL 1.0.1i.jkim2014-08-0723-142/+430
|\ \ | |/
* | Merge OpenSSL 1.0.1h.jkim2014-06-0915-69/+559
|\ \ | |/ | | | | Approved by: so (delphij)
* | Fix OpenSSL multiple vulnerabilities.delphij2014-06-055-3/+36
| | | | | | | | | | | | | | Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so
* | Fix OpenSSL NULL pointer deference vulnerability.delphij2014-05-131-0/+4
| | | | | | | | | | | | Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
* | Fix OpenSSL use-after-free vulnerability.delphij2014-04-301-1/+1
| | | | | | | | | | | | Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
* | Merge OpenSSL 1.0.1g.jkim2014-04-087-6/+52
| | | | | | | | Approved by: benl (maintainer)
* | Fix NFS deadlock vulnerability. [SA-14:05]delphij2014-04-082-13/+27
| | | | | | | | | | Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
* | Merge OpenSSL 1.0.1f.jkim2014-01-2218-78/+236
| | | | | | | | Approved by: so (delphij), benl (silence)
* | MFV r260399:delphij2014-01-075-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply vendor commits: 197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449). Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
* | MFV r254106 (OpenSSL bugfix for RT #2984):delphij2013-08-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. Requested by: zi Approved by: benl
* | Merge OpenSSL 1.0.1e.jkim2013-02-1328-355/+1338
|\ \ | |/ | | | | Approved by: secteam (simon), benl (silence)
* | Merge OpenSSL 1.0.1c.jkim2012-07-1253-3599/+14321
|\ \ | |/ | | | | Approved by: benl (maintainer)
* | Merge OpenSSL 0.9.8x.jkim2012-06-2717-103/+224
| | | | | | | | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* | Update the previous openssl fix. [12:01]bz2012-05-301-8/+7
| | | | | | | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* | Fix multiple OpenSSL vulnerabilities.bz2012-05-035-0/+28
| | | | | | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
* | Fix SSL memory handlig for (EC)DH cipher suites, in particular fordelphij2011-09-082-7/+21
| | | | | | | | | | | | | | | | | | multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
* | Fix Incorrectly formatted ClientHello SSL/TLS handshake messages couldsimon2011-02-121-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS
* | Merge OpenSSL 0.9.8q into head.simon2010-12-032-0/+8
|\ \ | |/ | | | | | | | | Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
* | Merge OpenSSL 0.9.8p into head.simon2010-11-2220-169/+327
| | | | | | | | | | Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
* | Fix double-free in OpenSSL's SSL ECDH code.simon2010-11-141-0/+1
| | | | | | | | | | | | | | | | | | It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long...
* | Merge OpenSSL 0.9.8n into head.simon2010-04-012-3/+6
| | | | | | | | | | | | | | | | | | | | | | This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
* | Merge OpenSSL 0.9.8m into head.simon2010-03-1334-421/+1766
|\ \ | |/ | | | | | | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks
* | Disable SSL renegotiation in order to protect against a seriouscperciva2009-12-033-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
* | Merge DTLS fixes from vendor-crypto/openssl/dist:simon2009-08-232-17/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message(). Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
* | Merge OpenSSL 0.9.8k into head.simon2009-06-1435-361/+2705
|\ \ | |/ | | | | Approved by: re
| * Flatten OpenSSL vendor tree.simon2008-08-2355-41722/+0
| |
* | Prevent cross-site forgery attacks on lukemftpd(8) due to splittingsimon2009-01-075-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
* | This commit was generated by cvs2svn to compensate for changes in r172767,simon2007-10-184-615/+544
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.simon2007-10-184-615/+544
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the OpenSSL advisory: Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt
* | Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().simon2007-10-031-11/+11
| | | | | | | | | | Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket)
* | Resolve conflicts after import of OpenSSL 0.9.8e.simon2007-03-154-6/+7
| |
* | This commit was generated by cvs2svn to compensate for changes in r167612,simon2007-03-1515-78/+208
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
OpenPOWER on IntegriCloud