Commit Graph

226 Commits

Author SHA1 Message Date
Jung-uk Kim
b6c1fdcdf5 OpenSSL: Merge OpenSSL 1.1.1k
Merge commit '94fa08a4bcdfbb3434b025d67d014af3b18e5380'
2021-03-25 11:45:19 -04:00
Oleksandr Tymoshenko
9b2f020c14 Handle partial data re-sending on ktls/sendfile on FreeBSD
Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.

PR:		251969
Reviewed by:	jkim
Obtained from:	OpenSSL (dfcfd17f2818cf520ce6381aed9ec3d2fc12170d)
MFC after:	1 week
Sponsored by:	Netflix (merging to FreeBSD)
Differential Revision:	https://reviews.freebsd.org/D28714
2021-02-17 14:51:55 -08:00
Jung-uk Kim
b840816061 OpenSSL: Remove obsolete include directory
This directory was deprecated since OpenSSL 1.1.1e.

https://github.com/openssl/openssl/pull/9681
2021-02-16 22:53:37 -05:00
Jung-uk Kim
88e852c0b5 OpenSSL: Merge OpenSSL 1.1.1j
Merge commit '4f55bd5321b72491d4eff396e4928e9ab0706735'
2021-02-16 17:00:27 -05:00
John Baldwin
aa906e2a49 OpenSSL: Support for kernel TLS offload (KTLS)
This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.

Note that TLS 1.3 only supports TX offload.

A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support.  It defaults to enabled on amd64 and disabled on all
other architectures.

Reviewed by:	jkim (earlier version)
Approved by:	secteam
Obtained from:	OpenSSL (patches from master)
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D28273
2021-01-28 10:24:13 -08:00
Jung-uk Kim
c3c73b4f0a Merge OpenSSL 1.1.1i. 2020-12-09 02:05:14 +00:00
Ed Maste
2c9ac5855b OpenSSL: address CVE-2020-1971
OpenSSL commit 3db2c9f3:
Complain if we are attempting to encode with an invalid ASN.1 template

OpenSSL commit 43a7033:
Check that multi-strings/CHOICE types don't use implicit tagging

OpenSSL commit f960d812:
Correctly compare EdiPartyName in GENERAL_NAME_cmp()

Obtained from:	OpenSSL 3db2c9f3, 43a7033, f960d812
Security:	CVE-2020-1971
2020-12-08 16:43:35 +00:00
Jung-uk Kim
58f351825a Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
Jung-uk Kim
63c1bb5162 Fix Clang version detection.
We prepend "FreeBSD" to Clang version string.  This broke compiler test for
AVX instruction support.

Reported by:	jhb
2020-08-26 16:55:28 +00:00
Jung-uk Kim
cfac584b60 Merge OpenSSL 1.1.1g. 2020-04-21 19:38:32 +00:00
Gordon Tetlow
c79d631acd Fix OpenSSL remote denial of service.
See https://www.openssl.org/news/secadv/20200421.txt for details.

Approved by:	so
Security:	CVE-2020-1967
2020-04-21 15:44:20 +00:00
Jung-uk Kim
11c7efe3a4 Merge OpenSSL 1.1.1f. 2020-03-31 15:47:55 +00:00
Jung-uk Kim
17f01e9963 Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
Jung-uk Kim
da327cd22e Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
Jung-uk Kim
610a21fd82 Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
Jung-uk Kim
6935a639f0 Merge OpenSSL 1.1.1b. 2019-02-26 19:31:33 +00:00
Jung-uk Kim
49ea0a812a Do not complain when /dev/crypto does not exist.
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory".  Disable
the annoying error message as it is not very useful anyway.

Note the patch was submitted upstream.

https://github.com/openssl/openssl/pull/7896
2018-12-14 01:06:34 +00:00
Jung-uk Kim
c9cf7b5cb1 Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
Glen Barber
f07f1918ad Update SHLIB_VERSION_NUMBER following the OpenSSL shared library
number bump.

Reported by:	jkim
Discussed with:	kib
MFC after:	immediate
Sponsored by:	The FreeBSD Foundation
2018-10-25 18:46:45 +00:00
Jung-uk Kim
9887b02239 Add a hack to build on ARMv4 and ARMv5. 2018-09-23 02:51:54 +00:00
Jung-uk Kim
548ad621b5 Add generated header file for openssl(1). 2018-09-19 00:32:48 +00:00
Jung-uk Kim
e78c4f2d77 Add generated header files for FreeBSD. 2018-09-19 00:08:27 +00:00
Jung-uk Kim
eabbf3ff4b Update SHLIB_VERSION_NUMBER to 9.
Prodded by:	avg
2018-09-14 14:40:09 +00:00
Jung-uk Kim
e71b70530d Update OpenSSL to 1.1.1.
Note it does not update build infrastructure.
2018-09-13 20:40:51 +00:00
Jung-uk Kim
dea77ea6fc Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
Jung-uk Kim
dee36b4f92 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
Jung-uk Kim
0c731de94c Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c.  Later, upstream fixed it in
1.0.2d but they removed the first one.  Therefore, both were removed in our
version unfortunately.  Now we revert to the vendor one to re-add it.

MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D10525
2018-01-25 23:38:05 +00:00
Jung-uk Kim
c4ad4dffb3 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
Jung-uk Kim
47902a71f3 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
Jung-uk Kim
ed7112f094 Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
Andrew Turner
e7fca4bb42 Fix linking with lld by marking OPENSSL_armcap_P as hidden.
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.

Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.

Approved by:	jkim
Sponsored by:	DARPA, AFRL
2017-04-07 12:41:57 +00:00
Jung-uk Kim
6cf8931a2f Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
Jung-uk Kim
7518a9bd2b Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
Jung-uk Kim
f1fe58d376 Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
Jung-uk Kim
aeb5019c48 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
Jung-uk Kim
43e4bca77d Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
Andriy Gapon
056f620e09 openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Some consumers actually use this definition.

We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
2016-06-03 14:09:38 +00:00
Jung-uk Kim
b8721c1643 Merge OpenSSL 1.0.2h.
Relnotes:	yes
2016-05-03 18:50:10 +00:00
Jung-uk Kim
4c6a0400b9 Merge OpenSSL 1.0.2g.
Relnotes:	yes
2016-03-01 22:08:28 +00:00
Jung-uk Kim
8180e704ac Merge OpenSSL 1.0.2f.
Relnotes:	yes
2016-01-28 20:15:22 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
de496999fe MFV: r276862
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00