Ed Maste
2c9ac5855b
OpenSSL: address CVE-2020-1971
...
OpenSSL commit 3db2c9f3:
Complain if we are attempting to encode with an invalid ASN.1 template
OpenSSL commit 43a7033:
Check that multi-strings/CHOICE types don't use implicit tagging
OpenSSL commit f960d812:
Correctly compare EdiPartyName in GENERAL_NAME_cmp()
Obtained from: OpenSSL 3db2c9f3, 43a7033, f960d812
Security: CVE-2020-1971
2020-12-08 16:43:35 +00:00
Jung-uk Kim
58f351825a
Merge OpenSSL 1.1.1h.
2020-09-22 16:18:31 +00:00
Jung-uk Kim
63c1bb5162
Fix Clang version detection.
...
We prepend "FreeBSD" to Clang version string. This broke compiler test for
AVX instruction support.
Reported by: jhb
2020-08-26 16:55:28 +00:00
Jung-uk Kim
cfac584b60
Merge OpenSSL 1.1.1g.
2020-04-21 19:38:32 +00:00
Gordon Tetlow
c79d631acd
Fix OpenSSL remote denial of service.
...
See https://www.openssl.org/news/secadv/20200421.txt for details.
Approved by: so
Security: CVE-2020-1967
2020-04-21 15:44:20 +00:00
Jung-uk Kim
11c7efe3a4
Merge OpenSSL 1.1.1f.
2020-03-31 15:47:55 +00:00
Jung-uk Kim
17f01e9963
Merge OpenSSL 1.1.1e.
2020-03-18 02:13:12 +00:00
Jung-uk Kim
da327cd22e
Merge OpenSSL 1.1.1d.
2019-09-10 21:08:17 +00:00
Jung-uk Kim
610a21fd82
Merge OpenSSL 1.1.1c.
2019-05-28 21:54:12 +00:00
Jung-uk Kim
6935a639f0
Merge OpenSSL 1.1.1b.
2019-02-26 19:31:33 +00:00
Jung-uk Kim
49ea0a812a
Do not complain when /dev/crypto does not exist.
...
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory". Disable
the annoying error message as it is not very useful anyway.
Note the patch was submitted upstream.
https://github.com/openssl/openssl/pull/7896
2018-12-14 01:06:34 +00:00
Jung-uk Kim
c9cf7b5cb1
Merge OpenSSL 1.1.1a.
2018-11-20 21:10:04 +00:00
Glen Barber
f07f1918ad
Update SHLIB_VERSION_NUMBER following the OpenSSL shared library
...
number bump.
Reported by: jkim
Discussed with: kib
MFC after: immediate
Sponsored by: The FreeBSD Foundation
2018-10-25 18:46:45 +00:00
Jung-uk Kim
9887b02239
Add a hack to build on ARMv4 and ARMv5.
2018-09-23 02:51:54 +00:00
Jung-uk Kim
548ad621b5
Add generated header file for openssl(1).
2018-09-19 00:32:48 +00:00
Jung-uk Kim
e78c4f2d77
Add generated header files for FreeBSD.
2018-09-19 00:08:27 +00:00
Jung-uk Kim
eabbf3ff4b
Update SHLIB_VERSION_NUMBER to 9.
...
Prodded by: avg
2018-09-14 14:40:09 +00:00
Jung-uk Kim
e71b70530d
Update OpenSSL to 1.1.1.
...
Note it does not update build infrastructure.
2018-09-13 20:40:51 +00:00
Jung-uk Kim
dea77ea6fc
Merge OpenSSL 1.0.2p.
2018-08-14 17:48:02 +00:00
Jung-uk Kim
dee36b4f92
Merge OpenSSL 1.0.2o.
2018-03-27 17:17:58 +00:00
Jung-uk Kim
0c731de94c
Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
...
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c. Later, upstream fixed it in
1.0.2d but they removed the first one. Therefore, both were removed in our
version unfortunately. Now we revert to the vendor one to re-add it.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D10525
2018-01-25 23:38:05 +00:00
Jung-uk Kim
c4ad4dffb3
Merge OpenSSL 1.0.2n.
2017-12-07 18:02:57 +00:00
Jung-uk Kim
47902a71f3
Merge OpenSSL 1.0.2m.
2017-11-02 18:04:29 +00:00
Jung-uk Kim
ed7112f094
Merge OpenSSL 1.0.2l.
2017-05-25 20:52:16 +00:00
Andrew Turner
e7fca4bb42
Fix linking with lld by marking OPENSSL_armcap_P as hidden.
...
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.
Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.
Approved by: jkim
Sponsored by: DARPA, AFRL
2017-04-07 12:41:57 +00:00
Jung-uk Kim
6cf8931a2f
Merge OpenSSL 1.0.2k.
2017-01-26 19:10:29 +00:00
Jung-uk Kim
7518a9bd2b
Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew.
2016-10-26 20:02:22 +00:00
Jung-uk Kim
f1fe58d376
Merge OpenSSL 1.0.2j.
2016-09-26 14:22:17 +00:00
Jung-uk Kim
aeb5019c48
Merge OpenSSL 1.0.2i.
2016-09-22 13:27:44 +00:00
Jung-uk Kim
43e4bca77d
Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
...
MFC after: 1 week
2016-08-22 20:59:34 +00:00
Andriy Gapon
056f620e09
openssl: change SHLIB_VERSION_NUMBER to reflect the reality
...
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
2016-06-03 14:09:38 +00:00
Jung-uk Kim
b8721c1643
Merge OpenSSL 1.0.2h.
...
Relnotes: yes
2016-05-03 18:50:10 +00:00
Jung-uk Kim
4c6a0400b9
Merge OpenSSL 1.0.2g.
...
Relnotes: yes
2016-03-01 22:08:28 +00:00
Jung-uk Kim
8180e704ac
Merge OpenSSL 1.0.2f.
...
Relnotes: yes
2016-01-28 20:15:22 +00:00
Jung-uk Kim
80815a778e
Merge OpenSSL 1.0.2e.
2015-12-03 21:13:35 +00:00
Jung-uk Kim
2409c5b0cc
Remove duplicate manual pages.
...
Reported by: brd
2015-11-16 21:36:15 +00:00
Jung-uk Kim
7bded2db17
Merge OpenSSL 1.0.2d.
2015-10-30 20:51:33 +00:00
Jung-uk Kim
45c1772ea0
Merge OpenSSL 1.0.1p.
2015-07-09 17:07:45 +00:00
Jung-uk Kim
d47910c6ed
Merge OpenSSL 1.0.1o.
2015-06-12 16:48:26 +00:00
Jung-uk Kim
ed6b93be54
Merge OpenSSL 1.0.1n.
2015-06-11 19:00:55 +00:00
Jung-uk Kim
6f9291cea8
Merge OpenSSL 1.0.1m.
2015-03-20 19:16:18 +00:00
Jung-uk Kim
dc2b908f54
Merge OpenSSL 1.0.1l.
...
MFC after: 1 week
Relnotes: yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
de496999fe
MFV: r276862
...
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
751d29910b
Merge OpenSSL 1.0.1k.
2015-01-08 23:42:41 +00:00
Jung-uk Kim
fa5fddf171
Merge OpenSSL 1.0.1j.
2014-10-15 19:12:05 +00:00
Jung-uk Kim
a93cbc2be8
Merge OpenSSL 1.0.1i.
2014-08-07 18:56:10 +00:00
Jung-uk Kim
94ad176c68
Merge OpenSSL 1.0.1h.
...
Approved by: so (delphij)
2014-06-09 05:50:57 +00:00
Xin LI
4a448cff07
Fix OpenSSL multiple vulnerabilities.
...
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
CVE-2014-3470
Security: SA-14:14.openssl
Approved by: so
2014-06-05 12:32:16 +00:00
Xin LI
f5da602e47
Fix OpenSSL NULL pointer deference vulnerability.
...
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3
Fix OpenSSL use-after-free vulnerability.
...
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2010-5298
2014-04-30 04:02:36 +00:00