aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSL multiple vulnerabilities. [13:03]releng/9.0Xin LI2013-04-0225-349/+1398
| | | | | | | | | | | | | Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Approved by: so Notes: svn path=/releng/9.0/; revision=249029
* Update the previous openssl fix. [12:01]Bjoern A. Zeeb2012-05-301-8/+7
| | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Notes: svn path=/releng/9.0/; revision=236304
* Fix multiple OpenSSL vulnerabilities.Bjoern A. Zeeb2012-05-035-0/+28
| | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) Notes: svn path=/releng/9.0/; revision=234954
* Fix SSL memory handlig for (EC)DH cipher suites, in particular forXin LI2011-09-082-7/+21
| | | | | | | | | | | | multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib) Notes: svn path=/head/; revision=225446
* Fix Incorrectly formatted ClientHello SSL/TLS handshake messages couldSimon L. B. Nielsen2011-02-121-1/+7
| | | | | | | | | | | | | | | cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS Notes: svn path=/head/; revision=218625
* Merge OpenSSL 0.9.8q into head.Simon L. B. Nielsen2010-12-032-0/+8
|\ | | | | | | | | | | | | | | | | Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days Notes: svn path=/head/; revision=216166
* | Merge OpenSSL 0.9.8p into head.Simon L. B. Nielsen2010-11-2220-169/+327
|\| | | | | | | | | | | | | | | Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt Notes: svn path=/head/; revision=215697
* | Fix double-free in OpenSSL's SSL ECDH code.Simon L. B. Nielsen2010-11-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long... Notes: svn path=/head/; revision=215288
* | Merge OpenSSL 0.9.8n into head.Simon L. B. Nielsen2010-04-012-3/+6
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt Notes: svn path=/head/; revision=206046
* | Merge OpenSSL 0.9.8m into head.Simon L. B. Nielsen2010-03-1334-421/+1766
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks Notes: svn path=/head/; revision=205128
* | Disable SSL renegotiation in order to protect against a seriousColin Percival2009-12-033-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Notes: svn path=/head/; revision=200054
* | Merge DTLS fixes from vendor-crypto/openssl/dist:Simon L. B. Nielsen2009-08-232-17/+32
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message(). Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387 Notes: svn path=/head/; revision=196474
* | Merge OpenSSL 0.9.8k into head.Simon L. B. Nielsen2009-06-1435-361/+2705
|\| | | | | | | | | | | | | Approved by: re Notes: svn path=/head/; revision=194206
| * Flatten OpenSSL vendor tree.Simon L. B. Nielsen2008-08-2355-41722/+0
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=182044
* | Prevent cross-site forgery attacks on lukemftpd(8) due to splittingSimon L. B. Nielsen2009-01-075-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) Notes: svn path=/head/; revision=186872
* | This commit was generated by cvs2svn to compensate for changes in r172767,Simon L. B. Nielsen2007-10-184-615/+544
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=172768
| * Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.Simon L. B. Nielsen2007-10-184-615/+544
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the OpenSSL advisory: Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt Notes: svn path=/vendor-crypto/openssl/dist/; revision=172767
* | Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().Simon L. B. Nielsen2007-10-031-11/+11
| | | | | | | | | | | | | | | | Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket) Notes: svn path=/head/; revision=172429
* | Resolve conflicts after import of OpenSSL 0.9.8e.Simon L. B. Nielsen2007-03-154-6/+7
| | | | | | | | Notes: svn path=/head/; revision=167615
* | This commit was generated by cvs2svn to compensate for changes in r167612,Simon L. B. Nielsen2007-03-1515-78/+208
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=167613
| * Vendor import of OpenSSL 0.9.8e.Simon L. B. Nielsen2007-03-1519-84/+215
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=167612
* | Resolve conflicts after import of OpenSSL 0.9.8d.Simon L. B. Nielsen2006-10-012-2/+3
| | | | | | | | Notes: svn path=/head/; revision=162914
* | This commit was generated by cvs2svn to compensate for changes in r162911,Simon L. B. Nielsen2006-10-0111-54/+406
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=162912
| * Vendor import of OpenSSL 0.9.8d.Simon L. B. Nielsen2006-10-0113-56/+409
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=162911
* | Resolve conflicts after import of OpenSSL 0.9.8b.Simon L. B. Nielsen2006-07-298-327/+259
| | | | | | | | Notes: svn path=/head/; revision=160817
* | This commit was generated by cvs2svn to compensate for changes in r160814,Simon L. B. Nielsen2006-07-2939-2655/+11423
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=160815
| * Vendor import of OpenSSL 0.9.8bSimon L. B. Nielsen2006-07-2947-2988/+11683
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=160814
| * Remove files that are no longer part of OpenSSL from the vendorJacques Vidrine2005-02-251-1019/+0
| | | | | | | | | | | | | | branch. This time, these are mostly the `Makefile.ssl' files. Notes: svn path=/vendor-crypto/openssl/dist/; revision=142430
* | Correct a man-in-the-middle SSL version rollback vulnerability.Colin Percival2005-10-111-6/+1
| | | | | | | | | | | | | | Security: FreeBSD-SA-05:21.openssl Notes: svn path=/head/; revision=151233
* | This commit was generated by cvs2svn to compensate for changes in r142430,Jacques Vidrine2005-02-251-1019/+0
| | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=142431
* | Resolve conflicts after import of OpenSSL 0.9.7e.Jacques Vidrine2005-02-253-7/+16
| | | | | | | | Notes: svn path=/head/; revision=142428
* | This commit was generated by cvs2svn to compensate for changes in r142425,Jacques Vidrine2005-02-2513-84/+1238
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=142426
| * Vendor import of OpenSSL 0.9.7e.Jacques Vidrine2005-02-2516-91/+1254
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=142425
| * Clean up the OpenSSL vendor branch by removing files that are notJacques Vidrine2005-02-251-884/+0
| | | | | | | | | | | | | | part of recent releases. Notes: svn path=/vendor-crypto/openssl/dist/; revision=142421
* | Resolve conflicts after import of OpenSSL 0.9.7d.Jacques Vidrine2004-03-175-5/+2
| | | | | | | | Notes: svn path=/head/; revision=127134
* | This commit was generated by cvs2svn to compensate for changes in r127128,Jacques Vidrine2004-03-1713-311/+335
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=127129
| * Vendor import of OpenSSL 0.9.7d.Jacques Vidrine2004-03-1718-316/+337
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=127128
* | This commit was generated by cvs2svn to compensate for changes in r127114,Jacques Vidrine2004-03-171-0/+8
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=127115
| * Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).Jacques Vidrine2004-03-171-0/+8
| | | | | | | | | | | | | | Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033) Notes: svn path=/vendor-crypto/openssl/dist/; revision=127114
* | This commit was generated by cvs2svn to compensate for changes in r120631,Jacques Vidrine2003-10-019-23/+54
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=120632
| * Vendor import of OpenSSL 0.9.7cJacques Vidrine2003-10-019-23/+54
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=120631
* | This commit was generated by cvs2svn to compensate for changes in r112439,Chris D. Faulhaber2003-03-201-13/+12
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=112440
| * Import of PKCS #1 security fix.Chris D. Faulhaber2003-03-201-13/+12
| | | | | | | | | | | | | | http://www.openssl.org/news/secadv_20030319.txt Notes: svn path=/vendor-crypto/openssl/dist/; revision=112439
* | Resolve conflicts after import of OpenSSL 0.9.7a.Jacques Vidrine2003-02-191-1/+1
| | | | | | | | Notes: svn path=/head/; revision=111150
* | This commit was generated by cvs2svn to compensate for changes in r111147,Jacques Vidrine2003-02-198-37/+82
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=111148
| * Vendor import of OpenSSL 0.9.7a.Jacques Vidrine2003-02-199-38/+83
| | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=111147
* | Merge conflicts.Mark Murray2003-01-289-218/+287
| | | | | | | | | | | | | | This is cunning doublespeak for "use vendor code". Notes: svn path=/head/; revision=110007
* | This commit was generated by cvs2svn to compensate for changes in r109998,Mark Murray2003-01-2836-1440/+5962
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=109999
| * Vendor import of OpenSSL release 0.9.7. This release includesMark Murray2003-01-2845-1643/+6249
| | | | | | | | | | | | | | support for AES and OpenBSD's hardware crypto. Notes: svn path=/vendor-crypto/openssl/dist/; revision=109998
* | Resolve conflicts.Jacques Vidrine2002-08-104-34/+100
| | | | | | | | Notes: svn path=/head/; revision=101621