Commit Graph

74 Commits

Author SHA1 Message Date
Jung-uk Kim c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim 15533bcc35 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
Jung-uk Kim a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Jung-uk Kim 3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim 8f5086671f Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
Jung-uk Kim 973cfcbfe1 Fix build failure on Windows due to undefined cflags identifier.
https://github.com/openssl/openssl/commit/5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb
2015-01-09 00:12:20 +00:00
Jung-uk Kim c6485458b3 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
Jung-uk Kim 58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Jung-uk Kim cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim 2e22f5e2e0 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
Jung-uk Kim 06369e3974 Import OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 20:15:18 +00:00
Jung-uk Kim 2dc7f78169 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
Xin LI cbbee3a581 Import vendor fixes:
197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).
2014-01-07 19:02:08 +00:00
Xin LI ed4c5254dd Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253:
Author: David Woodhouse <dwmw2@infradead.org>
Date:   Tue Feb 12 14:55:32 2013 +0000

    Check DTLS_BAD_VER for version number.

    The version check for DTLS1_VERSION was redundant as
    DTLS1_VERSION > TLS1_1_VERSION, however we do need to
    check for DTLS1_BAD_VER for compatibility.

    PR:2984
    (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)

Approved by:	benl
2013-08-08 22:26:03 +00:00
Jung-uk Kim f3b8b34a88 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00
Xin LI 451758c611 Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
2013-01-02 20:56:53 +00:00
Jung-uk Kim 0758ab5ea7 Import OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-11 23:31:36 +00:00
Jung-uk Kim 2b8b545582 Import OpenSSL 0.9.8x. 2012-06-27 16:44:58 +00:00
Simon L. B. Nielsen fd3744ddb0 Import OpenSSL 0.9.8q. 2010-12-02 22:36:51 +00:00
Simon L. B. Nielsen f2c43d19b9 Import OpenSSL 0.9.8p. 2010-11-21 22:45:18 +00:00
Simon L. B. Nielsen 0cedaa6c89 Import OpenSSL 0.9.8n. 2010-04-01 12:25:40 +00:00
Simon L. B. Nielsen f7a1b4761c Import OpenSSL 0.9.8m. 2010-02-28 18:49:43 +00:00
Simon L. B. Nielsen f0c2a617df Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1387
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=17958
2009-08-23 14:39:15 +00:00
Simon L. B. Nielsen 58c74b7534 Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Do not access freed data structure.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1379
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18156
2009-08-23 14:15:28 +00:00
Simon L. B. Nielsen f8f8fb827d Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix fragment handling memory leak.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1378
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
2009-08-23 14:12:01 +00:00
Simon L. B. Nielsen b7421a6928 Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix memory consumption bug with "future epoch" DTLS records.

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

Security:	CVE-2009-1377
Obtained from:	OpenSSL CVS
		http://cvs.openssl.org/chngview?cn=18187
2009-08-23 13:58:25 +00:00
Simon L. B. Nielsen 27de41c0e2 Re-enable keyword expansion, at least for now. Having keyword
expension disabled on the vendor tree means merges to head
removes the attributes there which clutters the merge.
2009-06-08 21:52:20 +00:00
Simon L. B. Nielsen 47fcc9ccd8 Remove empty directory which has been removed upstream. 2009-06-08 21:34:12 +00:00
Simon L. B. Nielsen a26036664d Add current WIP version of OpenSSL import documentation. 2009-06-07 20:02:32 +00:00
Simon L. B. Nielsen 518099af59 Import OpenSSL 0.9.8k. 2009-06-07 19:56:18 +00:00
Simon L. B. Nielsen c285625302 - Do not exclude FIPS as it might be useful. I have not tested if
FIPS works but at least now we have the support source in case it
  does.
- Do not exclude rsaref - it's not part of the OpenSSL distribution
  archive anymore.
2009-06-06 15:44:07 +00:00
Simon L. B. Nielsen bb1499d2aa Vendor import of OpenSSL 0.9.8i. 2008-09-21 14:56:30 +00:00
Simon L. B. Nielsen ee266f1253 - Remove files which aren't in the vendor distribution anymore.
- Remove all of include as there is only the openssl subdir with
  symlinks (which were always removed).
2008-09-21 14:30:38 +00:00
Simon L. B. Nielsen ecd6bb9f2e - Change FREEBSD-Xlist so it can be used as input to tar(1). 2008-09-21 14:15:02 +00:00
Simon L. B. Nielsen 11bac091f5 Remove files from vendor tree which were not part of OpenSSL 0.9.8e
(last vendor import).

The file were removed in different earlier releases, but were not
removed from the CVS vendor branch at the time.
2008-09-21 14:12:30 +00:00
Simon L. B. Nielsen 9d8854235b The vendor area is the proper home for these files now. 2008-09-21 13:18:25 +00:00
Simon L. B. Nielsen 3933877864 Disable keyword expansion on vendor tree. 2008-09-21 11:02:23 +00:00
Simon L. B. Nielsen c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
Simon L. B. Nielsen a0ddfe4e72 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen c30e4c6174 Import fix from upstream OpenSSL_0_9_8-stable branch:
EVP_CIPHER_CTX_key_length() should return the set key length
	in the EVP_CIPHER_CTX structure which may not be the same as
	the underlying cipher key length for variable length ciphers.

This fixes problems in OpenSSH using some ciphers, and possibly other
applications.

See also:	http://bugzilla.mindrot.org/show_bug.cgi?id=1291
2007-03-15 20:26:26 +00:00
Simon L. B. Nielsen 5471f83ea7 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen 4d227dd736 Import from upstream OpenSSL 0.9.8 branch:
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.

This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
2006-10-01 08:09:46 +00:00
Simon L. B. Nielsen ed5d4f9a94 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen 3b4e3dcb9f Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
Jacques Vidrine a37fa6607a Remove files that are no longer part of OpenSSL from the vendor
branch.  This time, these are mostly the `Makefile.ssl' files.
2005-02-25 06:14:53 +00:00
Jacques Vidrine 6be8ae0724 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
Jacques Vidrine 01c0bb1d8a Clean up the OpenSSL vendor branch by removing files that are not
part of recent releases.
2005-02-25 05:25:37 +00:00
Mark Murray eaeb68fe23 Bring in support for VIA C3 Nehemiah Padlock crypto support (AES).
This is from the upcoming OpenSSL 0.9.8 release.
2004-08-13 19:37:23 +00:00
Jacques Vidrine fe2b6e6689 Repair a regression in OpenSSL 0.9.7d: processing an unsigned PKCS#7
object could cause a null pointer dereference.

Obtained from:	OpenSSL CVS (change number 12080)
MFC After:	1 day
Reported by:	Daniel Lang <dl@leo.org>
2004-04-05 19:01:57 +00:00
Jacques Vidrine ced566fd0b Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00