308204 |
02-Nov-2016 |
delphij |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:35.openssl Approved by: so |
306336 |
26-Sep-2016 |
delphij |
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim PR: 212921 Approved by: so |
306230 |
23-Sep-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites.
Approved by: so Security: FreeBSD-SA-16:26.openssl |
299068 |
04-May-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so |
296341 |
03-Mar-2016 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl Approved by: so |
295061 |
30-Jan-2016 |
delphij |
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197 Security: FreeBSD-SA-16:11.openssl Approved by: so |
291854 |
05-Dec-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl Approved by: so |
284295 |
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so |
280275 |
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so |
280268 |
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so |
279264 |
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so |
277195 |
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so |
273399 |
21-Oct-2014 |
delphij |
MFS r273149 (jkim): MFC: r273144, r273146
Merge OpenSSL 1.0.1j.
This is part of an upcoming FreeBSD security advisory.
Approved by: re (so@ blanket) |
272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
269686 |
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
267258 |
09-Jun-2014 |
jkim |
MFC: r267256
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
267103 |
05-Jun-2014 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl
|
265986 |
13-May-2014 |
delphij |
Fix OpenSSL NULL pointer deference vulnerability.
Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
|
265122 |
30-Apr-2014 |
delphij |
Fix devfs rules not applied by default for jails.
Fix OpenSSL use-after-free vulnerability.
Fix TCP reassembly vulnerability.
Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
|
264331 |
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
264266 |
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
|
260404 |
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
|
259073 |
07-Dec-2013 |
peter |
Hoist all the mergeinfo up to the root in preparation for enforcing merges to the root only. All MFC's were rerecorded to the root.
Going forward, if an MFC includes mergeinfo, it will need to be made to the root and committed from the root. Merges with --ignore-ancestry or diff | patch can go anywhere.
The mergeinfo in HEAD is in a bad state from years of neglect and manual tampering and this was branched into 10.x. This confuses the coalescing code and prevents it from doing its job.
Approved by: re (gjb, implicit)
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
254107 |
08-Aug-2013 |
delphij |
MFV r254106 (OpenSSL bugfix for RT #2984):
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility.
Requested by: zi Approved by: benl
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
246771 |
13-Feb-2013 |
jkim |
Change "the the" to "the". It is a continuation of r226436 and missed in r237658.
Approved by: benl (maintainer, implicit)
|
245952 |
26-Jan-2013 |
pfg |
Clean some 'svn:executable' properties in the tree.
Submitted by: Christoph Mallon MFC after: 3 days
|
244975 |
02-Jan-2013 |
delphij |
Indicate that we are using OpenSSL with some local modifications.
X-MFC after: with r244974
|
244974 |
02-Jan-2013 |
delphij |
MFV r244973:
Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
MFC after: 2 weeks
|
243933 |
06-Dec-2012 |
eadler |
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
|
243715 |
30-Nov-2012 |
pjd |
Allow OpenSSL to use arc4random(3) on FreeBSD. arc4random(3) was modified some time ago to use sysctl instead of /dev/random to get random data, so is now much better choice, especially for sandboxed processes that have no direct access to /dev/random.
Approved by: benl MFC after: 2 weeks
|
240339 |
11-Sep-2012 |
avg |
openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Note: I timed out waiting for an exp-run for this change but I survived having it locally for quite a long time.
MFC after: 1 month X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237658 |
27-Jun-2012 |
jkim |
Partially redo r226436, i. e., change "the the" to "the". ca(1), dgst(1), and engine(3) are generated from these pod files during merge process and we do not want to re-apply these changes over and over again.
Approved by: benl (maintainer, implicit)
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
236304 |
30-May-2012 |
bz |
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
|
234954 |
03-May-2012 |
bz |
Fix multiple OpenSSL vulnerabilities.
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
|
225446 |
08-Sep-2011 |
delphij |
Fix SSL memory handlig for (EC)DH cipher suites, in particular for multi-threaded use of ECDH.
Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
|
223758 |
04-Jul-2011 |
attilio |
With retirement of cpumask_t and usage of cpuset_t for representing a mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as, atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members removal and dependency by cpumask_t retirement.
MD review by: marcel, marius, alc Tested by: pluknet MD testing by: marcel, marius, gonzo, andreast
|
222813 |
07-Jun-2011 |
attilio |
etire the cpumask_t type and replace it with cpuset_t usage.
This is intended to fix the bug where cpu mask objects are capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever value. Anyway, as long as several structures in the kernel are statically allocated and sized as MAXCPU, it is suggested to keep it as low as possible for the time being.
Technical notes on this commit itself: - More functions to handle with cpuset_t objects are introduced. The most notable are cpusetobj_ffs() (which calculates a ffs(3) for a cpuset_t object), cpusetobj_strprint() (which prepares a string representing a cpuset_t object) and cpusetobj_strscan() (which creates a valid cpuset_t starting from a string representation). - pc_cpumask and pc_other_cpus are target to be removed soon. With the moving from cpumask_t to cpuset_t they are now inefficient and not really useful. Anyway, for the time being, please note that access to pcpu datas is protected by sched_pin() in order to avoid migrating the CPU while reading more than one (possible) word - Please note that size of cpuset_t objects may differ between kernel and userland. While this is not directly related to the patch itself, it is good to understand that concept and possibly use the patch as a reference on how to deal with cpuset_t objects in userland, when accessing kernland members. - KTR_CPUMASK is changed and now is represented through a string, to be set as the example reported in NOTES.
Please additively note that no MAXCPU is bumped in this patch, but private testing has been done until to MAXCPU=128 on a real 8x8x2(htt) machine (amd64).
Please note that the FreeBSD version is not yet bumped because of the upcoming pcpu changes. However, note that this patch is not targeted for MFC.
People to thank for the time spent on this patch: - sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested several revision of the patches and really helped in improving stability of this work. - marius fixed several bugs in the sparc64 implementation and reviewed patches related to ktr. - jeff and jhb discussed the basic approach followed. - kib and marcel made targeted review on some specific part of the patch. - marius, art, nwhitehorn and andreast reviewed MD specific part of the patch. - marius, andreast, gonzo, nwhitehorn and jceel tested MD specific implementations of the patch. - Other people have made contributions on other patches that have been already committed and have been listed separately.
Companies that should be mentioned for having participated at several degrees: - Yahoo! for having offered the machines used for testing on big count of CPUs. - The FreeBSD Foundation for having sponsored my devsummit attendance, which has been instrumental. - Sandvine for having offered offices and infrastructure during development.
(I really hope I didn't forget anyone, if it happened I apologize in advance).
|
218625 |
12-Feb-2011 |
simon |
Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS
|
216166 |
03-Dec-2010 |
simon |
Merge OpenSSL 0.9.8q into head.
Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
|
215697 |
22-Nov-2010 |
simon |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
|
215288 |
14-Nov-2010 |
simon |
Fix double-free in OpenSSL's SSL ECDH code.
It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches.
Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long...
|
212961 |
21-Sep-2010 |
rpaulo |
Bring in OpenSSL checkin 19821:
Make inline assembler clang-friendly [from HEAD].
openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2 openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1
Approved by: simon
|
207736 |
07-May-2010 |
mckusick |
Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the FFS quota system to support both traditional 32-bit and new 64-bit quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they should continue to work just as they have in the past. If you wish to convert to using 64-bit quotas, use `quotacheck -c 64'; if you wish to revert from 64-bit quotas back to 32-bit quotas, use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the quota system, do `man quotafile' for details. If your application is currently using the quotactl(2), it is highly recommended that you convert your application to use the quotafile interface. Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me interested in pursuing 64-bit quota support and for funding part of my development time on this project.
|
206046 |
01-Apr-2010 |
simon |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
|
205601 |
24-Mar-2010 |
ed |
Prune empty directories.
|
205137 |
13-Mar-2010 |
simon |
Readd $FreeBSD$ to the OpenSSL config file as that's useful for mergemaster.
Suggested by: dougb
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
200054 |
03-Dec-2009 |
cperciva |
Disable SSL renegotiation in order to protect against a serious protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17]
Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
|
196474 |
23-Aug-2009 |
simon |
Merge DTLS fixes from vendor-crypto/openssl/dist:
- Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL.
MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
|
196133 |
12-Aug-2009 |
simon |
Remove symlinks in OpenSSL's testing framework. These are not required for normal build, and doesn't export well to CVS.
If they are needed later a script will be added to recreate the symlinks when needed at build time.
Approved by: re (rwatson)
|
194206 |
14-Jun-2009 |
simon |
Merge OpenSSL 0.9.8k into head.
Approved by: re
|
191517 |
26-Apr-2009 |
ed |
Remove empty directories from the HEAD.
Discussed with: developers, imp
|
191381 |
22-Apr-2009 |
cperciva |
Don't leak information via uninitialized space in db(3) records. [09:07]
Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva)
|
186872 |
07-Jan-2009 |
simon |
Prevent cross-site forgery attacks on lukemftpd(8) due to splitting long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
|
183229 |
21-Sep-2008 |
simon |
The vendor area is the proper home for these files now.
|
183227 |
21-Sep-2008 |
simon |
Bootstrapping merge history from vendor-crypto/openssl/dist/@182044.
|
179526 |
03-Jun-2008 |
peter |
cvs2svn did not delete this, even though it is empty.
|
175292 |
13-Jan-2008 |
simon |
Unbreak detection of cryptodev support for FreeBSD which was broken with OpenSSL 0.9.8 import.
Note that this does not enable cryptodev by default, as it was the case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it possible to enable cryptodev at all.
This has been submitted upstream as: http://rt.openssl.org/Ticket/Display.html?id=1624
Submitted by: nork
|
172768 |
18-Oct-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r172767, which included commits to RCS files with non-trunk default branches.
|
172429 |
03-Oct-2007 |
simon |
Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket)
|
169883 |
22-May-2007 |
simon |
Fix runtime crash in OpenSSL with "Illegal instruction" by making some casts a bit less evil.
This was e.g. seen when using portsnap as:
Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction
Note the patch is slightly different from kan's original patch to match style in the OpenSSL source files a bit better.
Submitted by: kan Tested by: many
|
167620 |
15-Mar-2007 |
simon |
- Bring upgrade produce up-to-date for OpenSSL 0.9.8e. - Add reminder to bump version numer in Makefile.inc.
|
167618 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167617, which included commits to RCS files with non-trunk default branches.
|
167615 |
15-Mar-2007 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8e.
|
167613 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167612, which included commits to RCS files with non-trunk default branches.
|
162917 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162916, which included commits to RCS files with non-trunk default branches.
|
162914 |
01-Oct-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8d.
|
162912 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162911, which included commits to RCS files with non-trunk default branches.
|
162207 |
10-Sep-2006 |
simon |
Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).
Obtained from: OpenSSL project Security: FreeBSD-SA-06:19.openssl
|
160837 |
30-Jul-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8b.
This was missed the first time around since eng_padlock.c was not part of OpenSSL 0.9.7e and therefor did not have the v0_9_7e CVS tag used during original resolve of conflicts.
Noticed by: Antoine Brodin <antoine.brodin@laposte.net>
|
160827 |
29-Jul-2006 |
simon |
Sync FREEBSD-Xlist with what was actually excluded from OpenSSL 0.9.8b import.
|
160826 |
29-Jul-2006 |
simon |
Add some rough notes on how to import a new OpenSSL version into the FreeBSD base system. Parts are inspired by the OpenSSH upgrade notes.
|
160817 |
29-Jul-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8b.
|
160815 |
29-Jul-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r160814, which included commits to RCS files with non-trunk default branches.
|
151233 |
11-Oct-2005 |
cperciva |
Correct a man-in-the-middle SSL version rollback vulnerability.
Security: FreeBSD-SA-05:21.openssl
|
142432 |
25-Feb-2005 |
nectar |
File removed in update from OpenSSL 0.9.7d -> 0.9.7e.
|
142431 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142430, which included commits to RCS files with non-trunk default branches.
|
142428 |
25-Feb-2005 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7e.
|
142426 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142425, which included commits to RCS files with non-trunk default branches.
|
142423 |
25-Feb-2005 |
nectar |
Update list of files to remove prior to import of OpenSSL 0.9.7e.
|
142422 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142421, which included commits to RCS files with non-trunk default branches.
|
133718 |
14-Aug-2004 |
markm |
Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
|
133666 |
13-Aug-2004 |
markm |
This commit was generated by cvs2svn to compensate for changes in r133665, which included commits to RCS files with non-trunk default branches.
|
127905 |
05-Apr-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127904, which included commits to RCS files with non-trunk default branches.
|
127134 |
17-Mar-2004 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7d.
|
127129 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127128, which included commits to RCS files with non-trunk default branches.
|
127115 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127114, which included commits to RCS files with non-trunk default branches.
|
124292 |
09-Jan-2004 |
nectar |
Re-add the FreeBSD RCS keyword for the benefit of mergemaster.
PR: conf/50040 Requested by: Dimitry Andric <dim@xs4all.nl>
|
120636 |
01-Oct-2003 |
nectar |
Remove files no longer included with OpenSSL as of version 0.9.7c.
|
120635 |
01-Oct-2003 |
nectar |
Merge conflicts after import of OpenSSL 0.9.7c.
|
120632 |
01-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120631, which included commits to RCS files with non-trunk default branches.
|
120630 |
01-Oct-2003 |
nectar |
Update list of files to remove prior to import of OpenSSL 0.9.7c.
|
112446 |
20-Mar-2003 |
jedgar |
Merge conflicts
|
112440 |
20-Mar-2003 |
jedgar |
This commit was generated by cvs2svn to compensate for changes in r112439, which included commits to RCS files with non-trunk default branches.
|
111150 |
19-Feb-2003 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7a.
|
111148 |
19-Feb-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r111147, which included commits to RCS files with non-trunk default branches.
|
110049 |
29-Jan-2003 |
nectar |
Background: When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
|
110019 |
29-Jan-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r110018, which included commits to RCS files with non-trunk default branches.
|
110007 |
28-Jan-2003 |
markm |
Merge conflicts. This is cunning doublespeak for "use vendor code".
|
110006 |
28-Jan-2003 |
markm |
Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c is retained as it is still used.
|
109999 |
28-Jan-2003 |
markm |
This commit was generated by cvs2svn to compensate for changes in r109998, which included commits to RCS files with non-trunk default branches.
|
101621 |
10-Aug-2002 |
nectar |
Resolve conflicts.
|
101619 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101618, which included commits to RCS files with non-trunk default branches.
|
101616 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101615, which included commits to RCS files with non-trunk default branches.
|
101614 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101613, which included commits to RCS files with non-trunk default branches.
|
101387 |
05-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101386, which included commits to RCS files with non-trunk default branches.
|
100943 |
30-Jul-2002 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.6e.
|
100937 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100936, which included commits to RCS files with non-trunk default branches.
|
100934 |
30-Jul-2002 |
nectar |
This man page has not been referenced by anything for a while, and is not part of the OpenSSL distribution. Remove it.
|
100932 |
30-Jul-2002 |
nectar |
Remove many obsolete files. The majority of these are simply no longer included as part of the OpenSSL distribution. However, a few we just don't need and are explicitly excluded in FREEBSD-Xlist.
|
100931 |
30-Jul-2002 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.6d.
|
100929 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100928, which included commits to RCS files with non-trunk default branches.
|
100927 |
30-Jul-2002 |
nectar |
Update list of files to remove prior to import of OpenSSL 0.9.6d
|
89840 |
27-Jan-2002 |
kris |
Resolve conflicts.
|
89838 |
27-Jan-2002 |
kris |
This commit was generated by cvs2svn to compensate for changes in r89837, which included commits to RCS files with non-trunk default branches.
|
87174 |
01-Dec-2001 |
markm |
Protect names that are used elsewhere. This fixes WARNS=2 breakage in crypto telnet.
|
80001 |
19-Jul-2001 |
kris |
Resolve conflicts
|
79999 |
19-Jul-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r79998, which included commits to RCS files with non-trunk default branches.
|
76870 |
20-May-2001 |
kris |
Resolve conflicts
|
76867 |
20-May-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r76866, which included commits to RCS files with non-trunk default branches.
|
72616 |
18-Feb-2001 |
kris |
Resolve conflicts
|
72614 |
18-Feb-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r72613, which included commits to RCS files with non-trunk default branches.
|
68666 |
13-Nov-2000 |
kris |
Update list of files to remove prior to import
|
68654 |
13-Nov-2000 |
kris |
Resolve conflicts, and garbage collect some local changes that are no longer required
|
68652 |
13-Nov-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r68651, which included commits to RCS files with non-trunk default branches.
|
67865 |
29-Oct-2000 |
dougb |
Add a CVS Id tag
|
65653 |
10-Sep-2000 |
kris |
Nuke RSAREF support from orbit.
It's the only way to be sure.
|
62030 |
24-Jun-2000 |
markm |
MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
|
61828 |
19-Jun-2000 |
markm |
Grrr. I hate CVS. These were supposed to be committed when I did the IDEA fix earlier today.
Bring back IDEA from the dead (but not compiled by default).
|
61821 |
19-Jun-2000 |
markm |
Re-add IDEA. This is not actually built unless asked for by the user. (To avoid patent hassles).
|
59402 |
19-Apr-2000 |
markm |
MFF: catch up with FreeFall
|
59354 |
18-Apr-2000 |
kris |
If stderr is closed, report the error message about missing libraries via syslog instead.
Reviewed by: jkh
|
59287 |
16-Apr-2000 |
markm |
Internat diff reducer.
|
59282 |
16-Apr-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r59281, which included commits to RCS files with non-trunk default branches.
|
59194 |
13-Apr-2000 |
kris |
Resolve conflicts.
|
59192 |
13-Apr-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.
|
59027 |
05-Apr-2000 |
kris |
Correct a typo and interchanged library names
Submitted by: Ben Rosengart <ben@narcissus.net> Matthew D. Fuller <fullermd@futuresouth.com>
|
58549 |
25-Mar-2000 |
kris |
Don't refer to the openssl handbook chapter by name - the doc guys keep jamming new chapters in front of it :)
|
57971 |
13-Mar-2000 |
kris |
Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.'
This is a 4.0-RELEASE candidate.
|
57683 |
02-Mar-2000 |
kris |
Update the wording on the error message when libcrypto.so can't find an RSA library.
Reviewed by: peter, jkh
|
57518 |
26-Feb-2000 |
peter |
Sync with internat.freebsd.org; weak symbols vs static libs == trouble
|
57514 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.
|
57513 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57511 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57510 |
26-Feb-2000 |
peter |
At great personal risk (to my already fragile sanity), reorganize the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to implement the backends for either the native or rsaref implemented RSA code. This involves: - unifying the libcrypto and openssl(1) source so there is no #ifdef RSAref variations. - using weak symbols and dlopen()/dlsym() routines to access the rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or no RSA code at install time. 'make world' will DTRT depending on whether you have the international or US source. For US users, you must either install rsaref (the port or package) or (if you don't fear RSA Inc) use the (superior) International rsa_eay.c code.
This has been discussed at great length by the affected folks and even we have a great deal of confusion. This is a checkpoint so we can tune the results. This works for me in all permutations I can think of and should result in a CD/ftp 'release' just about doing the right thing now.
|
57472 |
25-Feb-2000 |
peter |
Don't use the dlopen() stubs if comiling with PIC. This still needs some more thought for the static case. Should we provide weak error-generating stubs for static binaries if -lrsaref was forgotten?
|
57427 |
24-Feb-2000 |
markm |
Oops; forgot to add this.
|
57426 |
24-Feb-2000 |
markm |
Get this to the same level of functionality as old libdes.
|
57388 |
22-Feb-2000 |
jkh |
Add call stubs for dynamic rsaref loading. This isn't enabled for now but simply lets us sync up on the solution as it's evolved.
|
56084 |
16-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r56083, which included commits to RCS files with non-trunk default branches.
|
56082 |
16-Jan-2000 |
kris |
Fix for missing symbol in -DRSAref case.
|
55949 |
14-Jan-2000 |
kris |
Fix breakage when NO_RSA specified.
Reviewed by: Ben Laurie <ben@openssl.org>
|
55719 |
10-Jan-2000 |
kris |
Zap NO_IDEA
|
55717 |
10-Jan-2000 |
kris |
List of files to nuke prior to import.
|
55715 |
10-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55714, which included commits to RCS files with non-trunk default branches.
|
55709 |
10-Jan-2000 |
kris |
Zap the IDEA stuff - it's patented internationally (at least in some places), and we don't want people to get in trouble just for having it.
|
55100 |
25-Dec-1999 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55099, which included commits to RCS files with non-trunk default branches.
|