Commit Graph

72 Commits

Author SHA1 Message Date
Jung-uk Kim
a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Jung-uk Kim
3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim
8f5086671f Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
Jung-uk Kim
973cfcbfe1 Fix build failure on Windows due to undefined cflags identifier.
5c5e7e1a7e
2015-01-09 00:12:20 +00:00
Jung-uk Kim
c6485458b3 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
Jung-uk Kim
58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Jung-uk Kim
cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim
2e22f5e2e0 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
Jung-uk Kim
06369e3974 Import OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 20:15:18 +00:00
Jung-uk Kim
2dc7f78169 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
Xin LI
cbbee3a581 Import vendor fixes:
197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).
2014-01-07 19:02:08 +00:00
Xin LI
ed4c5254dd Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253:
Author: David Woodhouse <dwmw2@infradead.org>
Date:   Tue Feb 12 14:55:32 2013 +0000

    Check DTLS_BAD_VER for version number.

    The version check for DTLS1_VERSION was redundant as
    DTLS1_VERSION > TLS1_1_VERSION, however we do need to
    check for DTLS1_BAD_VER for compatibility.

    PR:2984
    (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)

Approved by:	benl
2013-08-08 22:26:03 +00:00
Jung-uk Kim
f3b8b34a88 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00
Xin LI
451758c611 Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
2013-01-02 20:56:53 +00:00
Jung-uk Kim
0758ab5ea7 Import OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-11 23:31:36 +00:00
Jung-uk Kim
2b8b545582 Import OpenSSL 0.9.8x. 2012-06-27 16:44:58 +00:00
Simon L. B. Nielsen
fd3744ddb0 Import OpenSSL 0.9.8q. 2010-12-02 22:36:51 +00:00
Simon L. B. Nielsen
f2c43d19b9 Import OpenSSL 0.9.8p. 2010-11-21 22:45:18 +00:00
Simon L. B. Nielsen
0cedaa6c89 Import OpenSSL 0.9.8n. 2010-04-01 12:25:40 +00:00
Simon L. B. Nielsen
f7a1b4761c Import OpenSSL 0.9.8m. 2010-02-28 18:49:43 +00:00
Simon L. B. Nielsen
f0c2a617df Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1387
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=17958
2009-08-23 14:39:15 +00:00
Simon L. B. Nielsen
58c74b7534 Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Do not access freed data structure.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1379
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18156
2009-08-23 14:15:28 +00:00
Simon L. B. Nielsen
f8f8fb827d Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix fragment handling memory leak.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1378
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
2009-08-23 14:12:01 +00:00
Simon L. B. Nielsen
b7421a6928 Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix memory consumption bug with "future epoch" DTLS records.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1377
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18187
2009-08-23 13:58:25 +00:00
Simon L. B. Nielsen
27de41c0e2 Re-enable keyword expansion, at least for now. Having keyword
expension disabled on the vendor tree means merges to head
removes the attributes there which clutters the merge.
2009-06-08 21:52:20 +00:00
Simon L. B. Nielsen
47fcc9ccd8 Remove empty directory which has been removed upstream. 2009-06-08 21:34:12 +00:00
Simon L. B. Nielsen
a26036664d Add current WIP version of OpenSSL import documentation. 2009-06-07 20:02:32 +00:00
Simon L. B. Nielsen
518099af59 Import OpenSSL 0.9.8k. 2009-06-07 19:56:18 +00:00
Simon L. B. Nielsen
c285625302 - Do not exclude FIPS as it might be useful. I have not tested if
FIPS works but at least now we have the support source in case it
  does.
- Do not exclude rsaref - it's not part of the OpenSSL distribution
  archive anymore.
2009-06-06 15:44:07 +00:00
Simon L. B. Nielsen
bb1499d2aa Vendor import of OpenSSL 0.9.8i. 2008-09-21 14:56:30 +00:00
Simon L. B. Nielsen
ee266f1253 - Remove files which aren't in the vendor distribution anymore.
- Remove all of include as there is only the openssl subdir with
  symlinks (which were always removed).
2008-09-21 14:30:38 +00:00
Simon L. B. Nielsen
ecd6bb9f2e - Change FREEBSD-Xlist so it can be used as input to tar(1). 2008-09-21 14:15:02 +00:00
Simon L. B. Nielsen
11bac091f5 Remove files from vendor tree which were not part of OpenSSL 0.9.8e
(last vendor import).

The file were removed in different earlier releases, but were not
removed from the CVS vendor branch at the time.
2008-09-21 14:12:30 +00:00
Simon L. B. Nielsen
9d8854235b The vendor area is the proper home for these files now. 2008-09-21 13:18:25 +00:00
Simon L. B. Nielsen
3933877864 Disable keyword expansion on vendor tree. 2008-09-21 11:02:23 +00:00
Simon L. B. Nielsen
c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
Simon L. B. Nielsen
a0ddfe4e72 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
c30e4c6174 Import fix from upstream OpenSSL_0_9_8-stable branch:
EVP_CIPHER_CTX_key_length() should return the set key length
	in the EVP_CIPHER_CTX structure which may not be the same as
	the underlying cipher key length for variable length ciphers.

This fixes problems in OpenSSH using some ciphers, and possibly other
applications.

See also:	http://bugzilla.mindrot.org/show_bug.cgi?id=1291
2007-03-15 20:26:26 +00:00
Simon L. B. Nielsen
5471f83ea7 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
4d227dd736 Import from upstream OpenSSL 0.9.8 branch:
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.

This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
2006-10-01 08:09:46 +00:00
Simon L. B. Nielsen
ed5d4f9a94 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
3b4e3dcb9f Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
Jacques Vidrine
a37fa6607a Remove files that are no longer part of OpenSSL from the vendor
branch.  This time, these are mostly the `Makefile.ssl' files.
2005-02-25 06:14:53 +00:00
Jacques Vidrine
6be8ae0724 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
Jacques Vidrine
01c0bb1d8a Clean up the OpenSSL vendor branch by removing files that are not
part of recent releases.
2005-02-25 05:25:37 +00:00
Mark Murray
eaeb68fe23 Bring in support for VIA C3 Nehemiah Padlock crypto support (AES).
This is from the upcoming OpenSSL 0.9.8 release.
2004-08-13 19:37:23 +00:00
Jacques Vidrine
fe2b6e6689 Repair a regression in OpenSSL 0.9.7d: processing an unsigned PKCS#7
object could cause a null pointer dereference.

Obtained from:	OpenSSL CVS (change number 12080)
MFC After:	1 day
Reported by:	Daniel Lang <dl@leo.org>
2004-04-05 19:01:57 +00:00
Jacques Vidrine
ced566fd0b Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00
Jacques Vidrine
81ac585294 Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Obtained from:	OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
2004-03-17 12:11:08 +00:00
Jacques Vidrine
50ef009353 Vendor import of OpenSSL 0.9.7c 2003-10-01 12:32:41 +00:00