Commit Graph

72 Commits

Author SHA1 Message Date
jkim
e35879fa69 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
jkim
038f65e5fb Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
jkim
63414ee1a3 Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
jkim
6c57594b36 Fix build failure on Windows due to undefined cflags identifier.
5c5e7e1a7e
2015-01-09 00:12:20 +00:00
jkim
a350427e88 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
jkim
9a02b27a6e Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
jkim
8bd1d6691f Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
jkim
d4a5f67323 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
jkim
c16e01227f Import OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 20:15:18 +00:00
jkim
a268cbece5 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
delphij
b9c1fb3406 Import vendor fixes:
197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).
2014-01-07 19:02:08 +00:00
delphij
31e26e9020 Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253:
Author: David Woodhouse <dwmw2@infradead.org>
Date:   Tue Feb 12 14:55:32 2013 +0000

    Check DTLS_BAD_VER for version number.

    The version check for DTLS1_VERSION was redundant as
    DTLS1_VERSION > TLS1_1_VERSION, however we do need to
    check for DTLS1_BAD_VER for compatibility.

    PR:2984
    (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)

Approved by:	benl
2013-08-08 22:26:03 +00:00
jkim
9069337c83 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00
delphij
90d033541a Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
2013-01-02 20:56:53 +00:00
jkim
532b4084cb Import OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-11 23:31:36 +00:00
jkim
1554498e64 Import OpenSSL 0.9.8x. 2012-06-27 16:44:58 +00:00
simon
ae03beb758 Import OpenSSL 0.9.8q. 2010-12-02 22:36:51 +00:00
simon
94e5505da6 Import OpenSSL 0.9.8p. 2010-11-21 22:45:18 +00:00
simon
d92ad4708f Import OpenSSL 0.9.8n. 2010-04-01 12:25:40 +00:00
simon
cdb6eef1f0 Import OpenSSL 0.9.8m. 2010-02-28 18:49:43 +00:00
simon
3bc8c7595d Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1387
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=17958
2009-08-23 14:39:15 +00:00
simon
ea4cec2e15 Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Do not access freed data structure.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1379
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18156
2009-08-23 14:15:28 +00:00
simon
c087dc184a Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix fragment handling memory leak.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1378
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
2009-08-23 14:12:01 +00:00
simon
649055c02f Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix memory consumption bug with "future epoch" DTLS records.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1377
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18187
2009-08-23 13:58:25 +00:00
simon
d5528ae65f Re-enable keyword expansion, at least for now. Having keyword
expension disabled on the vendor tree means merges to head
removes the attributes there which clutters the merge.
2009-06-08 21:52:20 +00:00
simon
8e0ff55359 Remove empty directory which has been removed upstream. 2009-06-08 21:34:12 +00:00
simon
8b021d0b93 Add current WIP version of OpenSSL import documentation. 2009-06-07 20:02:32 +00:00
simon
fc5b6d55de Import OpenSSL 0.9.8k. 2009-06-07 19:56:18 +00:00
simon
212fba63d3 - Do not exclude FIPS as it might be useful. I have not tested if
FIPS works but at least now we have the support source in case it
  does.
- Do not exclude rsaref - it's not part of the OpenSSL distribution
  archive anymore.
2009-06-06 15:44:07 +00:00
simon
859b6dcfcc Vendor import of OpenSSL 0.9.8i. 2008-09-21 14:56:30 +00:00
simon
fe745806aa - Remove files which aren't in the vendor distribution anymore.
- Remove all of include as there is only the openssl subdir with
  symlinks (which were always removed).
2008-09-21 14:30:38 +00:00
simon
1b0b51cd8b - Change FREEBSD-Xlist so it can be used as input to tar(1). 2008-09-21 14:15:02 +00:00
simon
798997ea06 Remove files from vendor tree which were not part of OpenSSL 0.9.8e
(last vendor import).

The file were removed in different earlier releases, but were not
removed from the CVS vendor branch at the time.
2008-09-21 14:12:30 +00:00
simon
0e57f448e5 The vendor area is the proper home for these files now. 2008-09-21 13:18:25 +00:00
simon
5c7ad33bcd Disable keyword expansion on vendor tree. 2008-09-21 11:02:23 +00:00
simon
64fcbc70db Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
simon
8f21bfc175 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
simon
8e9898839e Import fix from upstream OpenSSL_0_9_8-stable branch:
EVP_CIPHER_CTX_key_length() should return the set key length
	in the EVP_CIPHER_CTX structure which may not be the same as
	the underlying cipher key length for variable length ciphers.

This fixes problems in OpenSSH using some ciphers, and possibly other
applications.

See also:	http://bugzilla.mindrot.org/show_bug.cgi?id=1291
2007-03-15 20:26:26 +00:00
simon
ee48ceb6a8 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
simon
25dab5b4c1 Import from upstream OpenSSL 0.9.8 branch:
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.

This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
2006-10-01 08:09:46 +00:00
simon
387e65d767 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
simon
fb3c70eda8 Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
nectar
3c8d7d9993 Remove files that are no longer part of OpenSSL from the vendor
branch.  This time, these are mostly the `Makefile.ssl' files.
2005-02-25 06:14:53 +00:00
nectar
78a59572b3 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
nectar
a55ec1447a Clean up the OpenSSL vendor branch by removing files that are not
part of recent releases.
2005-02-25 05:25:37 +00:00
markm
402a1009de Bring in support for VIA C3 Nehemiah Padlock crypto support (AES).
This is from the upcoming OpenSSL 0.9.8 release.
2004-08-13 19:37:23 +00:00
nectar
4f072b64b0 Repair a regression in OpenSSL 0.9.7d: processing an unsigned PKCS#7
object could cause a null pointer dereference.

Obtained from:	OpenSSL CVS (change number 12080)
MFC After:	1 day
Reported by:	Daniel Lang <dl@leo.org>
2004-04-05 19:01:57 +00:00
nectar
0f095e8a2a Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00
nectar
e8232d78ab Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Obtained from:	OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
2004-03-17 12:11:08 +00:00
nectar
ee25ce74b3 Vendor import of OpenSSL 0.9.7c 2003-10-01 12:32:41 +00:00