Checkout Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
update config for ssh builds

  1. … 2 more files in changeset.
add more man pages

    • -0
    • +177
    ./libssl/man/SSL_CONF_CTX_set1_prefix.3
    • -0
    • +188
    ./libssl/man/SSL_CONF_CTX_set_flags.3
    • -0
    • +184
    ./libssl/man/SSL_CTX_get0_param.3
    • -0
    • +245
    ./libssl/man/SSL_CTX_set_alpn_select_cb.3
    • -0
    • +214
    ./libssl/man/SSL_check_chain.3
    • -0
    • +233
    ./libssl/man/SSL_CTX_set1_curves.3
    • -0
    • +534
    ./libssl/man/SSL_CONF_cmd.3
    • -0
    • +190
    ./libssl/man/SSL_CTX_set_tlsext_servername_callback.3
    • -0
    • +171
    ./libssl/man/SSL_CONF_cmd_argv.3
    • -0
    • +169
    ./libssl/man/SSL_CONF_CTX_new.3
    • -0
    • +219
    ./libssl/man/SSL_CTX_set1_verify_cert_store.3
    • -0
    • +175
    ./libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
    • -0
    • +198
    ./libssl/man/SSL_CTX_set_cert_cb.3
    • -0
    • +191
    ./libssl/man/SSL_export_keying_material.3
    • -0
    • +261
    ./libssl/man/SSL_CTX_set_custom_cli_ext.3
    • -0
    • +184
    ./libssl/man/SSL_CTX_use_serverinfo.3
    • -0
    • +277
    ./libssl/man/SSL_CTX_add1_chain_cert.3
add missing files

    • too large
    ./libcrypto/amd64/sha1-mb-x86_64.S
    • -0
    • +20
    ./libcrypto/engines/libcapi/Makefile.depend
    • -0
    • +227
    ./libcrypto/man/EC_GROUP_new.3
    • -0
    • +1700
    ./libcrypto/amd64/rsaz-avx2.S
    • -0
    • +20
    ./libcrypto/engines/libgost/Makefile.depend
    • -0
    • +261
    ./libcrypto/man/ASN1_TIME_set.3
    • too large
    ./libcrypto/amd64/sha256-mb-x86_64.S
    • -0
    • +4358
    ./libcrypto/amd64/aesni-sha256-x86_64.S
    • -0
    • +0
    ./libcrypto/engines/libcapi/Makefile
    • -0
    • +305
    ./libcrypto/man/EC_GROUP_copy.3
    • -0
    • +20
    ./libcrypto/engines/libchil/Makefile.depend
    • -0
    • +257
    ./libcrypto/man/EC_POINT_new.3
    • -0
    • +190
    ./libcrypto/man/EC_GFp_simple_method.3
    • -0
    • +3520
    ./libcrypto/amd64/ecp_nistz256-x86_64.S
    • -0
    • +20
    ./libcrypto/engines/lib4758cca/Makefile.depend
  1. … 19 more files in changeset.
update build

    • -2
    • +20
    ./libcrypto/opensslconf-powerpc.h.in
    • -1
    • +2
    ./libcrypto/engines/libsureware/Makefile
    • -1
    • +2
    ./libcrypto/engines/libatalla/Makefile
    • -1
    • +2
    ./libcrypto/engines/libcswift/Makefile
    • -1
    • +2
    ./libcrypto/engines/lib4758cca/Makefile
  1. … 5 more files in changeset.
update

    • -232
    • +224
    ./libcrypto/i386/ghash-x86.S
    • too large
    ./libcrypto/i386/sha1-586.S
    • too large
    ./libcrypto/i386/aes-586.S
    • -104
    • +153
    ./libcrypto/i386/x86cpuid.S
    • -124
    • +141
    ./libcrypto/i386/x86-mont.S
  1. … 7 more files in changeset.
update

    • -1894
    • +3648
    ./libcrypto/amd64/sha1-x86_64.S
    • -148
    • +911
    ./libcrypto/amd64/ghash-x86_64.S
    • -122
    • +122
    ./libcrypto/amd64/bsaes-x86_64.S
    • -776
    • +4356
    ./libcrypto/amd64/sha256-x86_64.S
    • -320
    • +2778
    ./libcrypto/amd64/x86_64-mont5.S
    • -162
    • +165
    ./libcrypto/amd64/wp-x86_64.S
    • -771
    • +528
    ./libcrypto/amd64/x86_64-mont.S
    • -64
    • +63
    ./libcrypto/amd64/vpaes-x86_64.S
    • -818
    • +1834
    ./libcrypto/amd64/aesni-x86_64.S
    • -1573
    • +1820
    ./libcrypto/amd64/aesni-sha1-x86_64.S
  1. … 3 more files in changeset.
update man pages

    • -14
    • +10
    ./libcrypto/man/i2d_CMS_bio_stream.3
    • -15
    • +11
    ./libcrypto/man/d2i_ECPrivateKey.3
    • -18
    • +14
    ./libcrypto/man/X509_STORE_CTX_get_error.3
    • -18
    • +17
    ./libcrypto/man/EVP_DigestSignInit.3
    • -14
    • +10
    ./libcrypto/man/d2i_PrivateKey.3
    • -14
    • +10
    ./libcrypto/man/X509_NAME_ENTRY_get_object.3
  1. … 194 more files in changeset.
add y flag

update build

    • -14
    • +10
    ./libssl/man/SSL_CTX_get_verify_mode.3
    • -15
    • +11
    ./libssl/man/SSL_CTX_set_tmp_rsa_callback.3
    • -14
    • +10
    ./libssl/man/SSL_session_reused.3
    • -14
    • +10
    ./libssl/man/SSL_CTX_set_default_passwd_cb.3
    • -16
    • +12
    ./libssl/man/SSL_CTX_set_ssl_version.3
    • -14
    • +10
    ./libssl/man/SSL_CTX_set_max_cert_list.3
    • -14
    • +10
    ./libssl/man/SSL_get_peer_certificate.3
    • -19
    • +15
    ./libssl/man/SSL_CTX_use_psk_identity_hint.3
    • -14
    • +10
    ./libssl/man/SSL_CTX_set_generate_session_id.3
    • -14
    • +10
    ./libssl/man/SSL_CTX_set_verify.3
  1. … 72 more files in changeset.
use ldns

tag

fixup

    • -0
    • +2514
    ./libcrypto/i386/co-586.S
    • -0
    • +696
    ./libcrypto/i386/x86-gf2m.S
    • -0
    • +3680
    ./libcrypto/i386/des-586.S
    • -0
    • +2216
    ./libcrypto/i386/wp-mmx.S
    • -0
    • +1328
    ./libcrypto/i386/vpaes-x86.S
    • -0
    • +4292
    ./libcrypto/i386/aesni-x86.S
    • -0
    • +1734
    ./libcrypto/i386/bf-686.S
  1. … 31 more files in changeset.
update to openssl 1.0.1u

    • -237
    • +0
    ./libcrypto/opensslconf-sparc64.h
    • -2
    • +3
    ./libcrypto/man/CMS_get0_RecipientInfos.3
    • -1
    • +1159
    ./libcrypto/amd64/sha1-x86_64.S
    • -0
    • +192
    ./libcrypto/man/d2i_PrivateKey.3
  1. … 233 more files in changeset.
update man pages

    • -2
    • +3
    ./libssl/man/SSL_CTX_set_max_cert_list.3
    • -2
    • +3
    ./libssl/man/SSL_get_peer_certificate.3
    • -2
    • +3
    ./libssl/man/SSL_CTX_set_ssl_version.3
    • -2
    • +3
    ./libssl/man/SSL_get_peer_cert_chain.3
    • -2
    • +3
    ./libssl/man/SSL_CTX_set_cipher_list.3
    • -2
    • +3
    ./libssl/man/SSL_CTX_set_session_id_context.3
  1. … 71 more files in changeset.
turn on idea header

remove idea

add tests

add tests

fix makefile

update list of src files for openssh 7.3p1

update build

  1. … 1 more file in changeset.
Security patch OpenSSL for DROWN

A cross-protocol attack was discovered that could lead to decryption of TLS

sessions by using a server supporting SSLv2 and EXPORT cipher suites as a

Bleichenbacher RSA padding oracle. Note that traffic between clients and

non-vulnerable servers can be decrypted provided another server supporting

SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP

or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability

is known as DROWN. [CVE-2016-0800]

A double free bug was discovered when OpenSSL parses malformed DSA private

keys and could lead to a DoS attack or memory corruption for applications that

receive DSA private keys from untrusted sources. This scenario is considered

rare. [CVE-2016-0705]

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory

management semantics; the returned pointer was sometimes newly allocated, and

sometimes owned by the callee. The calling code has no way of distinguishing

these two cases. [CVE-2016-0798]

In the BN_hex2bn function, the number of hex digits is calculated using an int

value |i|. Later |bn_expand| is called with a value of |i * 4|. For large

values of |i| this can result in |bn_expand| not allocating any memory because

|i * 4| is negative. This can leave the internal BIGNUM data field as NULL

leading to a subsequent NULL pointer dereference. For very large values of

|i|, the calculation |i * 4| could be a positive value smaller than |i|. In

this case memory is allocated to the internal BIGNUM data field, but it is

insufficiently sized leading to heap corruption. A similar issue exists in

BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is

ever called by user applications with very large untrusted hex/dec data. This

is anticipated to be a rare occurrence. [CVE-2016-0797]

The internal |fmtstr| function used in processing a "%s" formatted string in

the BIO_*printf functions could overflow while calculating the length of

a string and cause an out-of-bounds read when printing very long strings.

[CVE-2016-0799]

A side-channel attack was found which makes use of cache-bank conflicts on the

Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA

keys. [CVE-2016-0702]

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.

If clear-key bytes are present for these ciphers, they displace encrypted-key

bytes. [CVE-2016-0703]

s2_srvr.c overwrites the wrong bytes in the master key when applying

Bleichenbacher protection for export cipher suites. [CVE-2016-0704]

Obtained from: OpenSSL & FreeBSD

    • -144
    • +533
    ./libcrypto/amd64/x86_64-mont5.S
  1. … 14 more files in changeset.
update for newer kerberos code

add man pages

    • -0
    • +201
    ./libssl/man/SSL_CTX_use_psk_identity_hint.3
    • -0
    • +183
    ./libssl/man/SSL_CTX_set_read_ahead.3
    • -0
    • +184
    ./libssl/man/SSL_CTX_set_psk_client_callback.3
    • -0
    • +165
    ./libssl/man/SSL_get_psk_identity.3
Update OpenSSL to 1.0.1o. Use basic build setup from FreeBSD 10-stable.

    • -0
    • +178
    ./libcrypto/man/CMS_sign_receipt.3
    • -2
    • +2
    ./libssl/man/SSL_CTX_set_session_id_context.3
    • -830
    • +819
    ./libcrypto/i386/crypt586.s
    • -2
    • +2
    ./libssl/man/SSL_CTX_set_cert_verify_callback.3
    • -2
    • +2
    ./libssl/man/SSL_CTX_get_verify_mode.3
    • -0
    • +204
    ./libcrypto/man/SMIME_read_CMS.3
  1. … 390 more files in changeset.
remove example.c

update version

tag

we dont do sparc anymore

    • -217
    • +0
    ./libcrypto/opensslconf-sparc64.h
regen man pages for openssl

    • -10
    • +19
    ./libcrypto/man/BN_mod_mul_reciprocal.3
    • -10
    • +19
    ./libssl/man/SSL_set_verify_result.3
    • -10
    • +19
    ./libcrypto/man/ERR_error_string.3
    • -10
    • +19
    ./libcrypto/man/BN_generate_prime.3
    • -11
    • +20
    ./libssl/man/SSL_CTX_set_cert_verify_callback.3
    • -10
    • +19
    ./libssl/man/SSL_get_default_timeout.3
    • -11
    • +20
    ./libcrypto/man/d2i_ASN1_OBJECT.3
  1. … 267 more files in changeset.