Commit Graph

220 Commits

Author SHA1 Message Date
Ed Maste
2c9ac5855b OpenSSL: address CVE-2020-1971
OpenSSL commit 3db2c9f3:
Complain if we are attempting to encode with an invalid ASN.1 template

OpenSSL commit 43a7033:
Check that multi-strings/CHOICE types don't use implicit tagging

OpenSSL commit f960d812:
Correctly compare EdiPartyName in GENERAL_NAME_cmp()

Obtained from:	OpenSSL 3db2c9f3, 43a7033, f960d812
Security:	CVE-2020-1971
2020-12-08 16:43:35 +00:00
Jung-uk Kim
58f351825a Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
Jung-uk Kim
63c1bb5162 Fix Clang version detection.
We prepend "FreeBSD" to Clang version string.  This broke compiler test for
AVX instruction support.

Reported by:	jhb
2020-08-26 16:55:28 +00:00
Jung-uk Kim
cfac584b60 Merge OpenSSL 1.1.1g. 2020-04-21 19:38:32 +00:00
Gordon Tetlow
c79d631acd Fix OpenSSL remote denial of service.
See https://www.openssl.org/news/secadv/20200421.txt for details.

Approved by:	so
Security:	CVE-2020-1967
2020-04-21 15:44:20 +00:00
Jung-uk Kim
11c7efe3a4 Merge OpenSSL 1.1.1f. 2020-03-31 15:47:55 +00:00
Jung-uk Kim
17f01e9963 Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
Jung-uk Kim
da327cd22e Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
Jung-uk Kim
610a21fd82 Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
Jung-uk Kim
6935a639f0 Merge OpenSSL 1.1.1b. 2019-02-26 19:31:33 +00:00
Jung-uk Kim
49ea0a812a Do not complain when /dev/crypto does not exist.
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory".  Disable
the annoying error message as it is not very useful anyway.

Note the patch was submitted upstream.

https://github.com/openssl/openssl/pull/7896
2018-12-14 01:06:34 +00:00
Jung-uk Kim
c9cf7b5cb1 Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
Glen Barber
f07f1918ad Update SHLIB_VERSION_NUMBER following the OpenSSL shared library
number bump.

Reported by:	jkim
Discussed with:	kib
MFC after:	immediate
Sponsored by:	The FreeBSD Foundation
2018-10-25 18:46:45 +00:00
Jung-uk Kim
9887b02239 Add a hack to build on ARMv4 and ARMv5. 2018-09-23 02:51:54 +00:00
Jung-uk Kim
548ad621b5 Add generated header file for openssl(1). 2018-09-19 00:32:48 +00:00
Jung-uk Kim
e78c4f2d77 Add generated header files for FreeBSD. 2018-09-19 00:08:27 +00:00
Jung-uk Kim
eabbf3ff4b Update SHLIB_VERSION_NUMBER to 9.
Prodded by:	avg
2018-09-14 14:40:09 +00:00
Jung-uk Kim
e71b70530d Update OpenSSL to 1.1.1.
Note it does not update build infrastructure.
2018-09-13 20:40:51 +00:00
Jung-uk Kim
dea77ea6fc Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
Jung-uk Kim
dee36b4f92 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
Jung-uk Kim
0c731de94c Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c.  Later, upstream fixed it in
1.0.2d but they removed the first one.  Therefore, both were removed in our
version unfortunately.  Now we revert to the vendor one to re-add it.

MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D10525
2018-01-25 23:38:05 +00:00
Jung-uk Kim
c4ad4dffb3 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
Jung-uk Kim
47902a71f3 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
Jung-uk Kim
ed7112f094 Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
Andrew Turner
e7fca4bb42 Fix linking with lld by marking OPENSSL_armcap_P as hidden.
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.

Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.

Approved by:	jkim
Sponsored by:	DARPA, AFRL
2017-04-07 12:41:57 +00:00
Jung-uk Kim
6cf8931a2f Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
Jung-uk Kim
7518a9bd2b Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
Jung-uk Kim
f1fe58d376 Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
Jung-uk Kim
aeb5019c48 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
Jung-uk Kim
43e4bca77d Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
Andriy Gapon
056f620e09 openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Some consumers actually use this definition.

We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
2016-06-03 14:09:38 +00:00
Jung-uk Kim
b8721c1643 Merge OpenSSL 1.0.2h.
Relnotes:	yes
2016-05-03 18:50:10 +00:00
Jung-uk Kim
4c6a0400b9 Merge OpenSSL 1.0.2g.
Relnotes:	yes
2016-03-01 22:08:28 +00:00
Jung-uk Kim
8180e704ac Merge OpenSSL 1.0.2f.
Relnotes:	yes
2016-01-28 20:15:22 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
de496999fe MFV: r276862
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
Jung-uk Kim
fa5fddf171 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
Jung-uk Kim
a93cbc2be8 Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
Xin LI
4a448cff07 Fix OpenSSL multiple vulnerabilities.
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
2014-06-05 12:32:16 +00:00
Xin LI
f5da602e47 Fix OpenSSL NULL pointer deference vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3 Fix OpenSSL use-after-free vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
2014-04-30 04:02:36 +00:00