| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Approved by: so
Security: CVE-2017-3737
Security: CVE-2017-3738
Security: FreeBSD-SA-17:12.openssl
|
| | |
| |
| |
| |
| | |
Security: FreeBSD-SA-17:11
Approved by: so
|
| | |
| |
| |
| |
| |
| | |
Merge OpenSSL 1.0.2m.
(cherry picked from commit a88f0513c4cf81f98bab740e4f112f1a6d7f4d42)
|
| |/
|
|
|
|
| |
Merge OpenSSL 1.0.2l.
(cherry picked from commit ffd1bb8c599181e0733f8e00d8d8198b4ea6a73b)
|
| |
|
|
| |
Merge OpenSSL 1.0.2k.
|
| |
|
|
| |
Merge OpenSSL 1.0.2j.
|
| |
|
|
| |
Merge OpenSSL 1.0.2u.
|
| |
|
|
| |
Build OpenSSL assembly sources for arm.
|
| |
|
|
|
|
|
|
| |
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
|
| |\
| |
| |
| | |
Relnotes: yes
|
| |\ \
| |/
| |
| | |
Relnotes: yes
|
| |\ \
| |/
| |
| | |
Relnotes: yes
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Reported by: brd
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| | | |
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| | |
MFC after: 1 week
Relnotes: yes
|
| | |
| |
| |
| | |
Fix build.
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| |\ \
| |/
| |
| | |
Approved by: so (delphij)
|
| | |
| |
| |
| |
| |
| |
| | |
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
CVE-2014-3470
Security: SA-14:14.openssl
Approved by: so
|
| | |
| |
| |
| |
| |
| | |
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
|
| | |
| |
| |
| |
| |
| | |
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2010-5298
|
| | |
| |
| |
| | |
Approved by: benl (maintainer)
|
| | |
| |
| |
| |
| | |
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
|
| | |
| |
| |
| | |
Approved by: so (delphij), benl (silence)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
Requested by: zi
Approved by: benl
|
| |\ \
| |/
| |
| | |
Approved by: secteam (simon), benl (silence)
|
| | |
| |
| |
| |
| |
| | |
r237658.
Approved by: benl (maintainer, implicit)
|
| | |
| |
| |
| |
| | |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| | |
| |
| |
| | |
X-MFC after: with r244974
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
MFC after: 2 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
some time ago to use sysctl instead of /dev/random to get random data,
so is now much better choice, especially for sandboxed processes that have
no direct access to /dev/random.
Approved by: benl
MFC after: 2 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Note: I timed out waiting for an exp-run for this change but I survived
having it locally for quite a long time.
MFC after: 1 month
X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
|
| |\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| | |
| |
| |
| |
| |
| |
| | |
and engine(3) are generated from these pod files during merge process and
we do not want to re-apply these changes over and over again.
Approved by: benl (maintainer, implicit)
|
| | |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
| | |
| |
| |
| |
| |
| |
| | |
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
multi-threaded use of ECDH.
Security: CVE-2011-3210
Reviewed by: stas
Obtained from: OpenSSL CVS
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Obtained from: OpenSSL CVS
|
| |\ \
| |/
| |
| |
| |
| | |
Security: CVE-2010-4180
Security: http://www.openssl.org/news/secadv_20101202.txt
MFC after: 3 days
|
