mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-18 02:19:39 +00:00
Code Issues Releases Activity
116 Commits 335 Branches 3,535 Tags 1.9 GiB
1070e7dca8
Commit Graph

41 Commits

Author SHA1 Message Date
Cy Schubert
9dd13e84fa OpenSSL: Vendor import of OpenSSL 3.0.13 
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
  ([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
  PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
  parameter value ([CVE-2023-5678])

Release notes can be found at
	https://www.openssl.org/news/openssl-3.0-notes.html.
 2024-02-02 01:48:38 -08:00
Ed Maste
825caf7e12 OpenSSL: Vendor import of OpenSSL 3.0.12 
* Fix incorrect key and IV resizing issues when calling
   EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
   with OSSL_PARAM parameters that alter the key or IV length
   ([CVE-2023-5363]).

Sponsored by:	The FreeBSD Foundation
 2023-10-24 13:48:36 -04:00
Pierre Pronchery
315108b816 openssl: Vendor import of OpenSSL 3.0.11 
Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11:

* Fix POLY1305 MAC implementation corrupting XMM registers on Windows
  ([CVE-2023-4807])

Release notes can otherwise be found at
https://www.openssl.org/news/openssl-3.0-notes.html.

Obtained from:	https://www.openssl.org/source/openssl-3.0.11.tar.gz
Sponsored by:	The FreeBSD Foundation

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ OSSLVER=3.0.11
$ XLIST=FREEBSD-Xlist
$ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.11.tar.gz                                   14 MB   17 MBps    01s
openssl-3.0.11.tar.gz.asc                              833  B 8301 kBps    00s
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2011-03-01 [SCA]
  DC34EE5DB2417BCC151E5100E5F8F8212F77A498
uid           [ unknown] Willem Toorop <willem@nlnetlabs.nl>
sub   rsa4096 2011-03-01 [E]

pub   rsa4096 2014-10-04 [SC] [expires: 2024-01-30]
  EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
uid           [ unknown] OpenSSL security team <openssl-security@openssl.org>
uid           [ unknown] OpenSSL OMC <openssl-omc@openssl.org>
uid           [ unknown] OpenSSL Security <openssl-security@openssl.org>
sub   rsa4096 2014-10-04 [E] [expires: 2024-01-30]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Sep 19 15:02:51 2023 CEST
gpg:                using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown]
gpg:                 aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown]
gpg:                 aka "OpenSSL Security <openssl-security@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EFC0 A467 D613 CB83 C7ED  6D30 D894 E2CE 8B3D 79F5
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -av ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
Only in .: appveyor.yml
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
```
 2023-09-22 11:55:26 -04:00
Pierre Pronchery
cf2fc1b0f5 openssl: Vendor import of OpenSSL-3.0.9 
Summary:
Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.10.tar.gz

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.10.tar.gz                                   14 MB   15 MBps    01s
openssl-3.0.10.tar.gz.asc                              833  B   11 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.10
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2011-03-01 [SCA]
      DC34EE5DB2417BCC151E5100E5F8F8212F77A498
uid           [ unknown] Willem Toorop <willem@nlnetlabs.nl>
sub   rsa4096 2011-03-01 [E]

pub   rsa4096 2014-10-04 [SC] [expires: 2024-01-30]
      EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
uid           [ unknown] OpenSSL security team <openssl-security@openssl.org>
uid           [ unknown] OpenSSL OMC <openssl-omc@openssl.org>
uid           [ unknown] OpenSSL Security <openssl-security@openssl.org>
sub   rsa4096 2014-10-04 [E] [expires: 2024-01-30]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Aug  1 15:47:28 2023 CEST
gpg:                using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown]
gpg:                 aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown]
gpg:                 aka "OpenSSL Security <openssl-security@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EFC0 A467 D613 CB83 C7ED  6D30 D894 E2CE 8B3D 79F5
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
```

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D41293
 2023-08-02 21:09:39 -04:00
Pierre Pronchery
b84c4564ef openssl: Vendor import of OpenSSL-3.0.9 
Summary:

Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.9.tar.gz

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.9.tar.gz                                    14 MB   74 MBps    01s
openssl-3.0.9.tar.gz.asc                               833  B   10 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.9
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2021-07-16 [SC] [expires: 2031-07-14]
      A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
uid           [ unknown] Tomáš Mráz <tm@t8m.info>
uid           [ unknown] Tomáš Mráz <tomas@arleto.cz>
uid           [ unknown] Tomáš Mráz <tomas@openssl.org>
sub   rsa4096 2021-07-16 [S] [expires: 2027-07-15]
sub   rsa4096 2021-07-16 [E] [expires: 2031-07-14]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue May 30 14:32:24 2023 CEST
gpg:                using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D
gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown]
gpg:                 aka "Tomáš Mráz <tomas@arleto.cz>" [unknown]
gpg:                 aka "Tomáš Mráz <tomas@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A21F AB74 B008 8AA3 6115  2586 B8EF 1A6B A9DA 2D5C
     Subkey fingerprint: DC70 3266 2AF8 85E2 F47F  243F 5274 66A2 1CA7 9E6D

$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
```
 2023-06-23 09:13:27 -04:00
Enji Cooper
e4520c8bd1 openssl: Vendor import of OpenSSL-3.0.8 
Summary:

Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.8.tar.gz
Differential Revision:	https://reviews.freebsd.org/D38835

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.8.tar.gz                                    14 MB 4507 kBps    04s
openssl-3.0.8.tar.gz.asc                               833  B   10 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.8
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/ngie/.gnupg/pubring.kbx
-----------------------------
pub   rsa4096 2014-10-04 [SC]
      7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
uid           [ unknown] Richard Levitte <richard@levitte.org>
uid           [ unknown] Richard Levitte <levitte@lp.se>
uid           [ unknown] Richard Levitte <levitte@openssl.org>
sub   rsa4096 2014-10-04 [E]

$ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Feb  7 05:43:55 2023 PST
gpg:                using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown]
gpg:                 aka "Richard Levitte <levitte@lp.se>" [unknown]
gpg:                 aka "Richard Levitte <levitte@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
$ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old)
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
$ cat .git
gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout
$ diff -arq ../openssl-3.0.8  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$
```

Reviewers: emaste, jkim

Subscribers: imp, andrew, dab

Differential Revision: https://reviews.freebsd.org/D38835
 2023-03-06 12:41:29 -08:00
Jung-uk Kim
3c320f4e5e Import OpenSSL 1.1.1t 2023-02-28 19:28:48 -08:00
Jung-uk Kim
c1d1798abd Import OpenSSL 1.1.1l 2021-08-31 22:23:22 -04:00
Jung-uk Kim
94fa08a4bc Import OpenSSL 1.1.1k. 2021-03-25 11:05:31 -04:00
Jung-uk Kim
4f55bd5321 Import OpenSSL 1.1.1j. 2021-02-16 14:54:02 -05:00
Jung-uk Kim
92f02b3b0f Import OpenSSL 1.1.1h. 2020-09-22 14:27:08 +00:00
Jung-uk Kim
aa144ced5d Import OpenSSL 1.1.1e. 2020-03-17 21:27:57 +00:00
Jung-uk Kim
fbc3ad1ae1 Import OpenSSL 1.1.1d. 2019-09-10 17:40:53 +00:00
Jung-uk Kim
375b8e6770 Import OpenSSL 1.1.1c. 2019-05-28 20:08:17 +00:00
Jung-uk Kim
851f7386fd Import OpenSSL 1.1.1b. 2019-02-26 18:06:51 +00:00
Jung-uk Kim
8c3f9abd70 Import OpenSSL 1.1.1a. 2018-11-20 18:59:41 +00:00
Jung-uk Kim
a43ce912fc Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00
Jung-uk Kim
02be298e50 Import OpenSSL 1.0.2o. 2018-03-27 17:03:01 +00:00
Jung-uk Kim
4f94f84d84 Import OpenSSL 1.0.2n. 2017-12-07 17:37:15 +00:00
Jung-uk Kim
b6a9311a3e Import OpenSSL 1.0.2m. 2017-11-02 17:35:19 +00:00
Jung-uk Kim
12df5ad9af Import OpenSSL 1.0.2l. 2017-05-25 19:38:38 +00:00
Jung-uk Kim
5315173646 Import OpenSSL 1.0.2k. 2017-01-26 18:32:12 +00:00
Jung-uk Kim
e1b483878d Import OpenSSL 1.0.2i. 2016-09-22 13:04:03 +00:00
Jung-uk Kim
9aeed18ad7 Import OpenSSL 1.0.2g. 2016-03-01 17:57:01 +00:00
Jung-uk Kim
c188d4cade Import OpenSSL 1.0.2f. 2016-01-28 18:41:59 +00:00
Jung-uk Kim
737d7e8d39 Import OpenSSL 1.0.2e. 2015-12-03 17:22:58 +00:00
Jung-uk Kim
e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Jung-uk Kim
a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Jung-uk Kim
3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim
58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Jung-uk Kim
cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim
2e22f5e2e0 Import OpenSSL 1.0.1h. 
Approved by:	so (delphij)
 2014-06-06 20:59:29 +00:00
Jung-uk Kim
2dc7f78169 Import OpenSSL 1.0.1f. 
Approved by:	so (delphij), benl (silence)
 2014-01-22 19:27:13 +00:00
Jung-uk Kim
f3b8b34a88 Import OpenSSL 1.0.1e. 
Approved by:	secteam (delphij, simon), benl (silence)
 2013-02-13 22:15:56 +00:00
Jung-uk Kim
0758ab5ea7 Import OpenSSL 1.0.1c. 
Approved by:	benl (maintainer)
 2012-07-11 23:31:36 +00:00
Jung-uk Kim
2b8b545582 Import OpenSSL 0.9.8x. 2012-06-27 16:44:58 +00:00
Simon L. B. Nielsen
f2c43d19b9 Import OpenSSL 0.9.8p. 2010-11-21 22:45:18 +00:00
Simon L. B. Nielsen
f7a1b4761c Import OpenSSL 0.9.8m. 2010-02-28 18:49:43 +00:00
Simon L. B. Nielsen
518099af59 Import OpenSSL 0.9.8k. 2009-06-07 19:56:18 +00:00
Simon L. B. Nielsen
bb1499d2aa Vendor import of OpenSSL 0.9.8i. 2008-09-21 14:56:30 +00:00
Simon L. B. Nielsen
c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00