Files
src/crypto
Gordon Tetlow e508c3431d openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
  Reject oversized inputs in ASN1_mbstring_ncopy()
  cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
  cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
  Avoid length truncation in ASN1_STRING_set
  pkcs12: verify that the pbmac1 key length is safe
  Reject potentially forged encrypted CMS AuthEnvelopedData messages
  QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
  Fix NULL dereference in QUIC address validation
  Fix potential NULL dereference processing CMS PasswordRecipientInfo
  Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
  Enforce implicit rejection for CMS/PKCS#7 decryption
  Use the correct issuer when validating rootCAKeyUpdate
  Match the local q DHX parameter against the peer's q
  Apply the buffered IV on the AES-OCB EVP_Cipher() path
  Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
  Fix possible use-after-free in OpenSSL PKCS7_verify()

Approved by:	so
Obtained from:	OpenSSL
Security:	FreeBSD-SA-26:35.openssl
Security:	CVE-2026-7383
Security:	CVE-2026-9076
Security:	CVE-2026-34180
Security:	CVE-2026-34181
Security:	CVE-2026-34182
Security:	CVE-2026-34183
Security:	CVE-2026-42764
Security:	CVE-2026-42766
Security:	CVE-2026-42767
Security:	CVE-2026-42768
Security:	CVE-2026-42769
Security:	CVE-2026-42770
Security:	CVE-2026-45445
Security:	CVE-2026-45446
Security:	CVE-2026-45447
2026-06-09 19:13:21 +00:00
..
2023-08-25 15:14:19 -06:00

This directory is for the EXACT same use as src/contrib, except it
holds crypto sources.  In other words, this holds raw sources obtained
from various third party vendors, with FreeBSD patches applied.  No
compilation is done from this directory, it is all done from the
src/secure directory.  The separation between src/contrib and src/crypto
is the result of an old USA law, which made these sources export
controlled, so they had to be kept separate.