HomeFreeBSD
Diffusion FreeBSD src repository 13a031f0d73d

Update to OpenSSL 3.0.14
13a031f0d73d
Actions

Description

Update to OpenSSL 3.0.14

This release resolves 3 upstream found CVEs:

  • Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)
  • Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)
  • Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)

MFC after: 3 days
Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'

(cherry picked from commit 44096ebd22ddd0081a357011714eff8963614b65)

Details

Provenance
ngieAuthored on Wed, Jun 26, 11:50 PM
Parents
rGbb7b7b0eb7cf: MFC zfs/jail: Document the zfs.mount_snapshot parameter in jail(8).
Branches
Unknown
Tags
Unknown

Changes (130)
Show All Changes

Very Large Commit

This commit is very large. Load each file individually.
PathSize
crypto/
openssl/
Configurations/
apps/
lib/
crypto/
aes/
bio/
bn/
dsa/
ec/
curve448/
arch_64/
encode_decode/
engine/
err/
ess/
evp/
property/
sha/
sm2/
x509/
demos/
digest/
doc/
internal/
man3/
man7/
man1/
man3/
man7/
engines/
fuzz/
include/
crypto/
internal/
openssl/
os-dep/
Apple/
providers/
fips/
implementations/
exchange/
include/
prov/
kdfs/
rands/
ssl/
record/
statem/
test/
helpers/
recipes/
15-test_dsaparam_data/
invalid/
ssl-tests/

rG13a031f0d73d

View Options

crypto/openssl/CHANGES.md

View Options

crypto/openssl/CONTRIBUTING.md

View Options

crypto/openssl/Configurations/10-main.conf

View Options

crypto/openssl/Configurations/15-ios.conf

View Options

crypto/openssl/Configurations/unix-Makefile.tmpl

View Options

crypto/openssl/Configure

View Options

crypto/openssl/INSTALL.md

View Options

crypto/openssl/NEWS.md

View Options

crypto/openssl/NOTES-NONSTOP.md

View Options

crypto/openssl/VERSION.dat

View Options

crypto/openssl/apps/lib/s_cb.c

View Options

crypto/openssl/apps/list.c

View Options

crypto/openssl/apps/ocsp.c

View Options

crypto/openssl/apps/pkcs12.c

View Options

crypto/openssl/apps/req.c

View Options

crypto/openssl/apps/speed.c

View Options

crypto/openssl/apps/ts.c

View Options

crypto/openssl/crypto/aes/build.info

View Options

crypto/openssl/crypto/bio/bio_lib.c

View Options

crypto/openssl/crypto/bio/bio_sock.c

View Options

crypto/openssl/crypto/bn/bn_lib.c

View Options

crypto/openssl/crypto/bn/bn_rand.c

View Options

crypto/openssl/crypto/bn/bn_shift.c

View Options

crypto/openssl/crypto/dsa/dsa_check.c

View Options

crypto/openssl/crypto/dsa/dsa_ossl.c

View Options

crypto/openssl/crypto/dsa/dsa_sign.c

View Options

crypto/openssl/crypto/ec/build.info

View Options

crypto/openssl/crypto/ec/curve448/arch_64/f_impl64.c

View Options

crypto/openssl/crypto/ec/ecdsa_ossl.c

View Options

crypto/openssl/crypto/encode_decode/encoder_lib.c

View Options

crypto/openssl/crypto/engine/eng_pkey.c

View Options

crypto/openssl/crypto/err/openssl.ec

View Options

crypto/openssl/crypto/ess/ess_lib.c

View Options

crypto/openssl/crypto/evp/keymgmt_lib.c

View Options

crypto/openssl/crypto/evp/p_lib.c

View Options

crypto/openssl/crypto/evp/pmeth_lib.c

View Options

crypto/openssl/crypto/evp/signature.c

View Options

crypto/openssl/crypto/init.c

View Options

crypto/openssl/crypto/o_str.c

View Options

crypto/openssl/crypto/property/property_parse.c

View Options

crypto/openssl/crypto/provider_core.c

View Options

crypto/openssl/crypto/sha/build.info

View Options

crypto/openssl/crypto/sm2/sm2_crypt.c

View Options

crypto/openssl/crypto/sm2/sm2_sign.c

View Options

crypto/openssl/crypto/x509/v3_addr.c

View Options

crypto/openssl/demos/digest/EVP_MD_demo.c

View Options

crypto/openssl/demos/digest/EVP_MD_stdin.c

View Options

crypto/openssl/doc/fingerprints.txt

View Options

crypto/openssl/doc/internal/man3/OPTIONS.pod

View Options

crypto/openssl/doc/internal/man3/ossl_method_construct.pod

View Options

crypto/openssl/doc/internal/man3/ossl_provider_new.pod

View Options

crypto/openssl/doc/internal/man3/ossl_random_add_conf_module.pod

View Options

crypto/openssl/doc/internal/man7/EVP_PKEY.pod

View Options

crypto/openssl/doc/man1/openssl-crl.pod.in

View Options

crypto/openssl/doc/man1/openssl-mac.pod.in

View Options

crypto/openssl/doc/man1/openssl-req.pod.in

View Options

crypto/openssl/doc/man1/openssl-smime.pod.in

View Options

crypto/openssl/doc/man1/openssl-storeutl.pod.in

View Options

crypto/openssl/doc/man1/openssl-ts.pod.in

View Options

crypto/openssl/doc/man3/DEFINE_STACK_OF.pod

View Options

crypto/openssl/doc/man3/EVP_DigestInit.pod

View Options

crypto/openssl/doc/man3/EVP_KDF.pod

View Options

crypto/openssl/doc/man3/EVP_PKEY_CTX_set_params.pod

View Options

crypto/openssl/doc/man3/EVP_PKEY_check.pod

View Options

crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod

View Options

crypto/openssl/doc/man3/SSL_CTX_set_cert_store.pod

View Options

crypto/openssl/doc/man3/SSL_CTX_set_verify.pod

View Options

crypto/openssl/doc/man3/SSL_CTX_use_certificate.pod

View Options

crypto/openssl/doc/man3/SSL_load_client_CA_file.pod

View Options

crypto/openssl/doc/man7/EVP_PKEY-SM2.pod

View Options

crypto/openssl/doc/man7/migration_guide.pod

View Options

crypto/openssl/e_os.h

View Options

crypto/openssl/engines/e_afalg.c

View Options

crypto/openssl/engines/e_dasync.c

View Options

crypto/openssl/fuzz/asn1.c

View Options

crypto/openssl/include/crypto/bn.h

View Options

crypto/openssl/include/internal/constant_time.h

View Options

crypto/openssl/include/openssl/sslerr.h

View Options

crypto/openssl/os-dep/Apple/PrivacyInfo.xcprivacy

View Options

crypto/openssl/providers/fips-sources.checksums

View Options

crypto/openssl/providers/fips.checksum

View Options

crypto/openssl/providers/fips/fipsprov.c

View Options

crypto/openssl/providers/implementations/exchange/kdf_exch.c

View Options

crypto/openssl/providers/implementations/include/prov/ciphercommon.h

View Options

crypto/openssl/providers/implementations/kdfs/hkdf.c

View Options

crypto/openssl/providers/implementations/rands/drbg.c

View Options

crypto/openssl/providers/implementations/rands/drbg_ctr.c

View Options

crypto/openssl/providers/implementations/rands/drbg_hash.c

View Options

crypto/openssl/providers/implementations/rands/drbg_hmac.c

View Options

crypto/openssl/providers/implementations/rands/drbg_local.h

View Options

crypto/openssl/ssl/record/rec_layer_s3.c

View Options

crypto/openssl/ssl/record/record.h

View Options

crypto/openssl/ssl/record/ssl3_buffer.c

View Options

crypto/openssl/ssl/ssl_err.c

View Options

crypto/openssl/ssl/ssl_lib.c

View Options

crypto/openssl/ssl/ssl_sess.c

View Options

crypto/openssl/ssl/statem/statem_srvr.c

View Options

crypto/openssl/ssl/t1_lib.c

View Options

crypto/openssl/test/bad_dtls_test.c

View Options

crypto/openssl/test/build.info

View Options

crypto/openssl/test/cmp_hdr_test.c

View Options

crypto/openssl/test/ct_test.c

View Options

crypto/openssl/test/dsatest.c

View Options

crypto/openssl/test/ecdsatest.c

View Options

crypto/openssl/test/ecstresstest.c

View Options

crypto/openssl/test/evp_extra_test.c

View Options

crypto/openssl/test/evp_pkey_provided_test.c

View Options

crypto/openssl/test/evp_test.c

View Options

crypto/openssl/test/helpers/ssltestlib.c

View Options

crypto/openssl/test/helpers/ssltestlib.h

View Options

crypto/openssl/test/keymgmt_internal_test.c

View Options

crypto/openssl/test/pathed.cnf

View Options

crypto/openssl/test/pkey_meth_kdf_test.c

View Options

crypto/openssl/test/prov_config_test.c

View Options

crypto/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem

View Options

crypto/openssl/test/recipes/25-test_req.t

View Options

crypto/openssl/test/recipes/30-test_prov_config.t

View Options

crypto/openssl/test/recipes/80-test_pkcs12.t

View Options

crypto/openssl/test/recipes/90-test_shlibload.t

View Options

crypto/openssl/test/sm2_internal_test.c

View Options

crypto/openssl/test/ssl-tests/14-curves.cnf.in

View Options

crypto/openssl/test/ssl-tests/20-cert-select.cnf

View Options

crypto/openssl/test/ssl-tests/20-cert-select.cnf.in

View Options

crypto/openssl/test/ssl-tests/28-seclevel.cnf.in

View Options

crypto/openssl/test/sslapitest.c

View Options

crypto/openssl/test/sslbuffertest.c

View Options

crypto/openssl/test/test.cnf

View Options

crypto/openssl/test/tls-provider.c

View Options

crypto/openssl/test/v3ext.c