summaryrefslogtreecommitdiffstats
path: root/crypto/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of OpenSSL. [SA-17:02]delphij2017-02-23100-634/+836
| | | | | | | | | | | | | | Fix system hang when booting when PCI-express HotPlug is enabled. [EN-17:01] Fix NIS master updates are not pushed to NIS slave. [EN-17:02] Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574. [EN-17:03] Make makewhatis output reproducible. [EN-17:04] Approved by: so
* Merge r306343 by jkim:glebius2016-09-268-8/+26
| | | | | | | Merge OpenSSL 1.0.2j. Approved by: so Approved by: re (implicit)
* MFS: r306195jkim2016-09-22222-1347/+3936
| | | | | | Merge OpenSSL 1.0.2i. Approved by: re (gjb, implicit), so (delphij)
* openssl: change SHLIB_VERSION_NUMBER to reflect the realityavg2016-06-031-1/+1
| | | | | | | | Some consumers actually use this definition. We probably need some procedure to ensure that SHLIB_VERSION_NUMBER is updated whenever we change the library version in secure/lib/libssl/Makefile.
* Merge OpenSSL 1.0.2h.jkim2016-05-0367-263/+1117
|\ | | | | | | Relnotes: yes
* \ Merge OpenSSL 1.0.2g.jkim2016-03-0183-1318/+2668
|\ \ | |/ | | | | Relnotes: yes
* | Merge OpenSSL 1.0.2f.jkim2016-01-28136-443/+844
|\ \ | |/ | | | | Relnotes: yes
* | Merge OpenSSL 1.0.2e.jkim2015-12-03204-2375/+2568
|\ \ | |/
* | Remove duplicate manual pages.jkim2015-11-162-5/+3
| | | | | | | | Reported by: brd
* | Merge OpenSSL 1.0.2d.jkim2015-10-30488-13176/+94364
|\ \ | |/
* | Merge OpenSSL 1.0.1p.jkim2015-07-0921-233/+475
|\ \ | |/
* | Merge OpenSSL 1.0.1o.jkim2015-06-129-25/+34
| |
* | Merge OpenSSL 1.0.1n.jkim2015-06-11204-903/+2348
| |
* | Merge OpenSSL 1.0.1m.jkim2015-03-201009-268251/+272049
|\ \ | |/
* | Merge OpenSSL 1.0.1l.jkim2015-01-1611-17/+27
| | | | | | | | | | MFC after: 1 week Relnotes: yes
* | MFV: r276862jkim2015-01-092-2/+2
| | | | | | | | Fix build.
* | Merge OpenSSL 1.0.1k.jkim2015-01-08108-3630/+1760
|\ \ | |/
* | Merge OpenSSL 1.0.1j.jkim2014-10-1579-613/+1824
|\ \ | |/
* | Merge OpenSSL 1.0.1i.jkim2014-08-07158-4989/+3288
|\ \ | |/
* | Merge OpenSSL 1.0.1h.jkim2014-06-0966-141/+824
|\ \ | |/ | | | | Approved by: so (delphij)
* | Fix OpenSSL multiple vulnerabilities.delphij2014-06-055-3/+36
| | | | | | | | | | | | | | Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so
* | Fix OpenSSL NULL pointer deference vulnerability.delphij2014-05-131-0/+4
| | | | | | | | | | | | Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
* | Fix OpenSSL use-after-free vulnerability.delphij2014-04-301-1/+1
| | | | | | | | | | | | Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
* | Merge OpenSSL 1.0.1g.jkim2014-04-0854-81/+311
| | | | | | | | Approved by: benl (maintainer)
* | Fix NFS deadlock vulnerability. [SA-14:05]delphij2014-04-085-24/+106
| | | | | | | | | | Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
* | Merge OpenSSL 1.0.1f.jkim2014-01-22109-849/+1485
| | | | | | | | Approved by: so (delphij), benl (silence)
* | MFV r260399:delphij2014-01-075-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply vendor commits: 197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449). Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
* | MFV r254106 (OpenSSL bugfix for RT #2984):delphij2013-08-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. Requested by: zi Approved by: benl
* | Merge OpenSSL 1.0.1e.jkim2013-02-13174-871/+2669
|\ \ | |/ | | | | Approved by: secteam (simon), benl (silence)
* | Change "the the" to "the". It is a continuation of r226436 and missed injkim2013-02-131-1/+1
| | | | | | | | | | | | r237658. Approved by: benl (maintainer, implicit)
* | Clean some 'svn:executable' properties in the tree.pfg2013-01-2610-0/+0
| | | | | | | | | | Submitted by: Christoph Mallon MFC after: 3 days
* | Indicate that we are using OpenSSL with some local modifications.delphij2013-01-021-1/+1
| | | | | | | | X-MFC after: with r244974
* | MFV r244973:delphij2013-01-021-17/+8
| | | | | | | | | | | | | | | | Integrate OpenSSL changeset 22950 (appro): bn_word.c: fix overflow bug in BN_add_word. MFC after: 2 weeks
* | Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS ineadler2012-12-062-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | share/mk/sys.mk instead. This is part of a medium term project to permit deterministic builds of FreeBSD. Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
* | Allow OpenSSL to use arc4random(3) on FreeBSD. arc4random(3) was modifiedpjd2012-11-301-3/+3
| | | | | | | | | | | | | | | | | | some time ago to use sysctl instead of /dev/random to get random data, so is now much better choice, especially for sandboxed processes that have no direct access to /dev/random. Approved by: benl MFC after: 2 weeks
* | openssl: change SHLIB_VERSION_NUMBER to reflect the realityavg2012-09-111-1/+1
| | | | | | | | | | | | | | | | Note: I timed out waiting for an exp-run for this change but I survived having it locally for quite a long time. MFC after: 1 month X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
* | Merge OpenSSL 1.0.1c.jkim2012-07-121335-79732/+167672
|\ \ | |/ | | | | Approved by: benl (maintainer)
* | Partially redo r226436, i. e., change "the the" to "the". ca(1), dgst(1),jkim2012-06-273-3/+3
| | | | | | | | | | | | | | and engine(3) are generated from these pod files during merge process and we do not want to re-apply these changes over and over again. Approved by: benl (maintainer, implicit)
* | Merge OpenSSL 0.9.8x.jkim2012-06-2782-964/+1642
| | | | | | | | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* | Update the previous openssl fix. [12:01]bz2012-05-302-9/+8
| | | | | | | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* | Fix multiple OpenSSL vulnerabilities.bz2012-05-0311-39/+162
| | | | | | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
* | Fix SSL memory handlig for (EC)DH cipher suites, in particular fordelphij2011-09-082-7/+21
| | | | | | | | | | | | | | | | | | multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
* | Fix Incorrectly formatted ClientHello SSL/TLS handshake messages couldsimon2011-02-121-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS
* | Merge OpenSSL 0.9.8q into head.simon2010-12-0317-30/+146
|\ \ | |/ | | | | | | | | Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
* | Merge OpenSSL 0.9.8p into head.simon2010-11-22127-535/+876
| | | | | | | | | | Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
* | Fix double-free in OpenSSL's SSL ECDH code.simon2010-11-141-0/+1
| | | | | | | | | | | | | | | | | | It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long...
* | Bring in OpenSSL checkin 19821:rpaulo2010-09-212-6/+13
| | | | | | | | | | | | | | | | | | Make inline assembler clang-friendly [from HEAD]. openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2 openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1 Approved by: simon
* | Merge OpenSSL 0.9.8n into head.simon2010-04-0128-37/+115
| | | | | | | | | | | | | | | | | | | | | | This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
* | Readd $FreeBSD$ to the OpenSSL config file as that's useful forsimon2010-03-131-0/+1
| | | | | | | | | | | | mergemaster. Suggested by: dougb
* | Merge OpenSSL 0.9.8m into head.simon2010-03-13238-19819/+4290
|\ \ | |/ | | | | | | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks
OpenPOWER on IntegriCloud