Diffusion FreeBSD src repository 1070e7dca822

Import OpenSSL 3.0.14
1070e7dca822
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Import OpenSSL 3.0.14

This release resolves 3 upstream found CVEs:

Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)
Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)
Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)

Details

Provenance

ngie	Authored on Thu, Jun 20, 11:24 PM

Parents

rG9dd13e84fa8e: OpenSSL: Vendor import of OpenSSL 3.0.13

Branches

Unknown

Tags

Unknown

References

tag: vendor/openssl/3.0.14, vendor/openssl-3.0

Event Timeline

ngie committed rG1070e7dca822: Import OpenSSL 3.0.14 (authored by ngie).Thu, Jun 20, 11:24 PM

ngie mentioned this in rG44096ebd22dd: Update to OpenSSL 3.0.14.Wed, Jun 26, 11:51 PM

ngie mentioned this in rG13a031f0d73d: Update to OpenSSL 3.0.14.Sat, Jun 29, 8:29 PM

Changes (130)
Show All Changes

Very Large Commit

This commit is very large. Load each file individually.

Path

Size

CONTRIBUTING.md

Configurations/

unix-Makefile.tmpl

NOTES-NONSTOP.md

apps/

lib/

crypto/

aes/

bio/

bn/

dsa/

ec/

curve448/

arch_64/

encode_decode/

engine/

err/

ess/

evp/

property/

property_parse.c

provider_core.c

sha/

sm2/

x509/

demos/

digest/

doc/

fingerprints.txt

internal/

man3/

ossl_method_construct.pod

ossl_provider_new.pod

ossl_random_add_conf_module.pod

man7/

man1/

openssl-crl.pod.in

openssl-mac.pod.in

openssl-req.pod.in

openssl-smime.pod.in

openssl-storeutl.pod.in

openssl-ts.pod.in

man3/

DEFINE_STACK_OF.pod

EVP_DigestInit.pod

EVP_PKEY_CTX_set_params.pod

EVP_PKEY_check.pod

SSL_CIPHER_get_name.pod

SSL_CTX_set_cert_store.pod

SSL_CTX_set_verify.pod

SSL_CTX_use_certificate.pod

SSL_load_client_CA_file.pod

man7/

EVP_PKEY-SM2.pod

migration_guide.pod

engines/

fuzz/

include/

crypto/

internal/

constant_time.h

openssl/

os-dep/

Apple/

PrivacyInfo.xcprivacy

providers/

fips-sources.checksums

fips/

implementations/

exchange/

include/

prov/

kdfs/

rands/

ssl/

record/

statem/

test/

bad_dtls_test.c

evp_extra_test.c

evp_pkey_provided_test.c

helpers/

keymgmt_internal_test.c

pkey_meth_kdf_test.c

prov_config_test.c

recipes/

15-test_dsaparam_data/

invalid/

p10240_q256_too_big.pem

30-test_prov_config.t

80-test_pkcs12.t

90-test_shlibload.t

sm2_internal_test.c

ssl-tests/

14-curves.cnf.in

20-cert-select.cnf

20-cert-select.cnf.in

28-seclevel.cnf.in

sslbuffertest.c

rG1070e7dca822

CHANGES.md

CONTRIBUTING.md

Configurations/10-main.conf

Configurations/15-ios.conf

Configurations/unix-Makefile.tmpl

Configure

INSTALL.md

NEWS.md

NOTES-NONSTOP.md

VERSION.dat

apps/lib/s_cb.c

apps/list.c

apps/ocsp.c

apps/pkcs12.c

apps/req.c

apps/speed.c

apps/ts.c

crypto/aes/build.info

crypto/bio/bio_lib.c

crypto/bio/bio_sock.c

crypto/bn/bn_lib.c

crypto/bn/bn_rand.c

crypto/bn/bn_shift.c

crypto/dsa/dsa_check.c

crypto/dsa/dsa_ossl.c

crypto/dsa/dsa_sign.c

crypto/ec/build.info

crypto/ec/curve448/arch_64/f_impl64.c

crypto/ec/ecdsa_ossl.c

crypto/encode_decode/encoder_lib.c

crypto/engine/eng_pkey.c

crypto/err/openssl.ec

crypto/ess/ess_lib.c

crypto/evp/keymgmt_lib.c

crypto/evp/p_lib.c

crypto/evp/pmeth_lib.c

crypto/evp/signature.c

crypto/init.c

crypto/o_str.c

crypto/property/property_parse.c

crypto/provider_core.c

crypto/sha/build.info

crypto/sm2/sm2_crypt.c

crypto/sm2/sm2_sign.c

crypto/x509/v3_addr.c

demos/digest/EVP_MD_demo.c

demos/digest/EVP_MD_stdin.c

doc/fingerprints.txt

doc/internal/man3/OPTIONS.pod

doc/internal/man3/ossl_method_construct.pod

doc/internal/man3/ossl_provider_new.pod

doc/internal/man3/ossl_random_add_conf_module.pod

doc/internal/man7/EVP_PKEY.pod

doc/man1/openssl-crl.pod.in

doc/man1/openssl-mac.pod.in

doc/man1/openssl-req.pod.in

doc/man1/openssl-smime.pod.in

doc/man1/openssl-storeutl.pod.in

doc/man1/openssl-ts.pod.in

doc/man3/DEFINE_STACK_OF.pod

doc/man3/EVP_DigestInit.pod

doc/man3/EVP_KDF.pod

doc/man3/EVP_PKEY_CTX_set_params.pod

doc/man3/EVP_PKEY_check.pod

doc/man3/SSL_CIPHER_get_name.pod

doc/man3/SSL_CTX_set_cert_store.pod

doc/man3/SSL_CTX_set_verify.pod

doc/man3/SSL_CTX_use_certificate.pod

doc/man3/SSL_load_client_CA_file.pod

doc/man7/EVP_PKEY-SM2.pod

doc/man7/migration_guide.pod

e_os.h

engines/e_afalg.c

engines/e_dasync.c

fuzz/asn1.c

include/crypto/bn.h

include/internal/constant_time.h

include/openssl/sslerr.h

os-dep/Apple/PrivacyInfo.xcprivacy

providers/fips-sources.checksums

providers/fips.checksum

providers/fips/fipsprov.c

providers/implementations/exchange/kdf_exch.c

providers/implementations/include/prov/ciphercommon.h

providers/implementations/kdfs/hkdf.c

providers/implementations/rands/drbg.c

providers/implementations/rands/drbg_ctr.c

providers/implementations/rands/drbg_hash.c

providers/implementations/rands/drbg_hmac.c

providers/implementations/rands/drbg_local.h

ssl/record/rec_layer_s3.c

ssl/record/record.h

ssl/record/ssl3_buffer.c

ssl/ssl_err.c

ssl/ssl_lib.c

ssl/ssl_sess.c

ssl/statem/statem_srvr.c

ssl/t1_lib.c

test/bad_dtls_test.c

test/build.info

test/cmp_hdr_test.c

test/ct_test.c

test/dsatest.c

test/ecdsatest.c

test/ecstresstest.c

test/evp_extra_test.c

test/evp_pkey_provided_test.c

test/evp_test.c

test/helpers/ssltestlib.c

test/helpers/ssltestlib.h

test/keymgmt_internal_test.c

test/pathed.cnf

test/pkey_meth_kdf_test.c

test/prov_config_test.c

test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem

test/recipes/25-test_req.t

test/recipes/30-test_prov_config.t

test/recipes/80-test_pkcs12.t

test/recipes/90-test_shlibload.t

test/sm2_internal_test.c

test/ssl-tests/14-curves.cnf.in

test/ssl-tests/20-cert-select.cnf

test/ssl-tests/20-cert-select.cnf.in

test/ssl-tests/28-seclevel.cnf.in

test/sslapitest.c

test/sslbuffertest.c

test/test.cnf

test/tls-provider.c

test/v3ext.c