Diffusion FreeBSD src repository 44096ebd22dd

Update to OpenSSL 3.0.14
44096ebd22dd
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Update to OpenSSL 3.0.14

This release resolves 3 upstream found CVEs:

Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)
Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)
Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)

MFC after: 3 days
Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'

Details

Provenance

ngie	Authored on Wed, Jun 26, 11:50 PM

Parents

rG8c5c57212566: LinuxKPI: Add DEFINE_DEBUGFS_ATTRIBUTE_SIGNED to linux/debugfs.h
rG1070e7dca822: Import OpenSSL 3.0.14

Branches

Unknown

Tags

Unknown

Event Timeline

ngie committed rG44096ebd22dd: Update to OpenSSL 3.0.14 (authored by ngie).Wed, Jun 26, 11:50 PM

ngie mentioned this in rG303596eac3f5: Update config/build info for OpenSSL.

ngie mentioned this in rG13a031f0d73d: Update to OpenSSL 3.0.14.Sat, Jun 29, 8:29 PM

ngie mentioned this in rGdd43e907c7c0: Update config/build info for OpenSSL.

Merged Changes

1070e7dca822 Import OpenSSL 3.0.14
Author
ngie
Browse Repository
No Builds
No Audits

Changes (130)
Show All Changes

Very Large Commit

This commit is very large. Load each file individually.

Path

Size

crypto/

openssl/

CONTRIBUTING.md

Configurations/

unix-Makefile.tmpl

NOTES-NONSTOP.md

apps/

lib/

crypto/

aes/

bio/

bn/

dsa/

ec/

curve448/

arch_64/

encode_decode/

engine/

err/

ess/

evp/

property/

property_parse.c

provider_core.c

sha/

sm2/

x509/

demos/

digest/

doc/

fingerprints.txt

internal/

man3/

ossl_method_construct.pod

ossl_provider_new.pod

ossl_random_add_conf_module.pod

man7/

man1/

openssl-crl.pod.in

openssl-mac.pod.in

openssl-req.pod.in

openssl-smime.pod.in

openssl-storeutl.pod.in

openssl-ts.pod.in

man3/

DEFINE_STACK_OF.pod

EVP_DigestInit.pod

EVP_PKEY_CTX_set_params.pod

EVP_PKEY_check.pod

SSL_CIPHER_get_name.pod

SSL_CTX_set_cert_store.pod

SSL_CTX_set_verify.pod

SSL_CTX_use_certificate.pod

SSL_load_client_CA_file.pod

man7/

EVP_PKEY-SM2.pod

migration_guide.pod

engines/

fuzz/

include/

crypto/

internal/

constant_time.h

openssl/

os-dep/

Apple/

PrivacyInfo.xcprivacy

providers/

fips-sources.checksums

fips/

implementations/

exchange/

include/

prov/

kdfs/

rands/

ssl/

record/

statem/

test/

bad_dtls_test.c

evp_extra_test.c

evp_pkey_provided_test.c

helpers/

keymgmt_internal_test.c

pkey_meth_kdf_test.c

prov_config_test.c

recipes/

15-test_dsaparam_data/

invalid/

p10240_q256_too_big.pem

30-test_prov_config.t

80-test_pkcs12.t

90-test_shlibload.t

sm2_internal_test.c

ssl-tests/

14-curves.cnf.in

20-cert-select.cnf

20-cert-select.cnf.in

28-seclevel.cnf.in

sslbuffertest.c

rG44096ebd22dd

crypto/openssl/CHANGES.md

crypto/openssl/CONTRIBUTING.md

crypto/openssl/Configurations/10-main.conf

crypto/openssl/Configurations/15-ios.conf

crypto/openssl/Configurations/unix-Makefile.tmpl

crypto/openssl/Configure

crypto/openssl/INSTALL.md

crypto/openssl/NEWS.md

crypto/openssl/NOTES-NONSTOP.md

crypto/openssl/VERSION.dat

crypto/openssl/apps/lib/s_cb.c

crypto/openssl/apps/list.c

crypto/openssl/apps/ocsp.c

crypto/openssl/apps/pkcs12.c

crypto/openssl/apps/req.c

crypto/openssl/apps/speed.c

crypto/openssl/apps/ts.c

crypto/openssl/crypto/aes/build.info

crypto/openssl/crypto/bio/bio_lib.c

crypto/openssl/crypto/bio/bio_sock.c

crypto/openssl/crypto/bn/bn_lib.c

crypto/openssl/crypto/bn/bn_rand.c

crypto/openssl/crypto/bn/bn_shift.c

crypto/openssl/crypto/dsa/dsa_check.c

crypto/openssl/crypto/dsa/dsa_ossl.c

crypto/openssl/crypto/dsa/dsa_sign.c

crypto/openssl/crypto/ec/build.info

crypto/openssl/crypto/ec/curve448/arch_64/f_impl64.c

crypto/openssl/crypto/ec/ecdsa_ossl.c

crypto/openssl/crypto/encode_decode/encoder_lib.c

crypto/openssl/crypto/engine/eng_pkey.c

crypto/openssl/crypto/err/openssl.ec

crypto/openssl/crypto/ess/ess_lib.c

crypto/openssl/crypto/evp/keymgmt_lib.c

crypto/openssl/crypto/evp/p_lib.c

crypto/openssl/crypto/evp/pmeth_lib.c

crypto/openssl/crypto/evp/signature.c

crypto/openssl/crypto/init.c

crypto/openssl/crypto/o_str.c

crypto/openssl/crypto/property/property_parse.c

crypto/openssl/crypto/provider_core.c

crypto/openssl/crypto/sha/build.info

crypto/openssl/crypto/sm2/sm2_crypt.c

crypto/openssl/crypto/sm2/sm2_sign.c

crypto/openssl/crypto/x509/v3_addr.c

crypto/openssl/demos/digest/EVP_MD_demo.c

crypto/openssl/demos/digest/EVP_MD_stdin.c

crypto/openssl/doc/fingerprints.txt

crypto/openssl/doc/internal/man3/OPTIONS.pod

crypto/openssl/doc/internal/man3/ossl_method_construct.pod

crypto/openssl/doc/internal/man3/ossl_provider_new.pod

crypto/openssl/doc/internal/man3/ossl_random_add_conf_module.pod

crypto/openssl/doc/internal/man7/EVP_PKEY.pod

crypto/openssl/doc/man1/openssl-crl.pod.in

crypto/openssl/doc/man1/openssl-mac.pod.in

crypto/openssl/doc/man1/openssl-req.pod.in

crypto/openssl/doc/man1/openssl-smime.pod.in

crypto/openssl/doc/man1/openssl-storeutl.pod.in

crypto/openssl/doc/man1/openssl-ts.pod.in

crypto/openssl/doc/man3/DEFINE_STACK_OF.pod

crypto/openssl/doc/man3/EVP_DigestInit.pod

crypto/openssl/doc/man3/EVP_KDF.pod

crypto/openssl/doc/man3/EVP_PKEY_CTX_set_params.pod

crypto/openssl/doc/man3/EVP_PKEY_check.pod

crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod

crypto/openssl/doc/man3/SSL_CTX_set_cert_store.pod

crypto/openssl/doc/man3/SSL_CTX_set_verify.pod

crypto/openssl/doc/man3/SSL_CTX_use_certificate.pod

crypto/openssl/doc/man3/SSL_load_client_CA_file.pod

crypto/openssl/doc/man7/EVP_PKEY-SM2.pod

crypto/openssl/doc/man7/migration_guide.pod

crypto/openssl/e_os.h

crypto/openssl/engines/e_afalg.c

crypto/openssl/engines/e_dasync.c

crypto/openssl/fuzz/asn1.c

crypto/openssl/include/crypto/bn.h

crypto/openssl/include/internal/constant_time.h

crypto/openssl/include/openssl/sslerr.h

crypto/openssl/os-dep/Apple/PrivacyInfo.xcprivacy

crypto/openssl/providers/fips-sources.checksums

crypto/openssl/providers/fips.checksum

crypto/openssl/providers/fips/fipsprov.c

crypto/openssl/providers/implementations/exchange/kdf_exch.c

crypto/openssl/providers/implementations/include/prov/ciphercommon.h

crypto/openssl/providers/implementations/kdfs/hkdf.c

crypto/openssl/providers/implementations/rands/drbg.c

crypto/openssl/providers/implementations/rands/drbg_ctr.c

crypto/openssl/providers/implementations/rands/drbg_hash.c

crypto/openssl/providers/implementations/rands/drbg_hmac.c

crypto/openssl/providers/implementations/rands/drbg_local.h

crypto/openssl/ssl/record/rec_layer_s3.c

crypto/openssl/ssl/record/record.h

crypto/openssl/ssl/record/ssl3_buffer.c

crypto/openssl/ssl/ssl_err.c

crypto/openssl/ssl/ssl_lib.c

crypto/openssl/ssl/ssl_sess.c

crypto/openssl/ssl/statem/statem_srvr.c

crypto/openssl/ssl/t1_lib.c

crypto/openssl/test/bad_dtls_test.c

crypto/openssl/test/build.info

crypto/openssl/test/cmp_hdr_test.c

crypto/openssl/test/ct_test.c

crypto/openssl/test/dsatest.c

crypto/openssl/test/ecdsatest.c

crypto/openssl/test/ecstresstest.c

crypto/openssl/test/evp_extra_test.c

crypto/openssl/test/evp_pkey_provided_test.c

crypto/openssl/test/evp_test.c

crypto/openssl/test/helpers/ssltestlib.c

crypto/openssl/test/helpers/ssltestlib.h

crypto/openssl/test/keymgmt_internal_test.c

crypto/openssl/test/pathed.cnf

crypto/openssl/test/pkey_meth_kdf_test.c

crypto/openssl/test/prov_config_test.c

crypto/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem

crypto/openssl/test/recipes/25-test_req.t

crypto/openssl/test/recipes/30-test_prov_config.t

crypto/openssl/test/recipes/80-test_pkcs12.t

crypto/openssl/test/recipes/90-test_shlibload.t

crypto/openssl/test/sm2_internal_test.c

crypto/openssl/test/ssl-tests/14-curves.cnf.in

crypto/openssl/test/ssl-tests/20-cert-select.cnf

crypto/openssl/test/ssl-tests/20-cert-select.cnf.in

crypto/openssl/test/ssl-tests/28-seclevel.cnf.in

crypto/openssl/test/sslapitest.c

crypto/openssl/test/sslbuffertest.c

crypto/openssl/test/test.cnf

crypto/openssl/test/tls-provider.c

crypto/openssl/test/v3ext.c