src-test2/crypto/openssl, branch release/8.4.0

src-test2/crypto/openssl, branch release/8.4.0 FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F8.4.0 2013-03-28T06:51:29Z MFS r248816: 2013-03-28T06:51:29Z Xin LI delphij@FreeBSD.org 2013-03-28T06:51:29Z urn:sha1:f787c80d66876b52ed1d7b53c573decd73031690 MFV r248595: - Integrate OpenSSL revisions fb092ef4fca897344daf7189526f5f26be6487ce, a93cc7c57333f4538cbcdedd2e961a5a38caa52d, and 76c61a5d1adb92388f39e585e4af860a20feb9bb. This removes the newly added orig_len field of SSL3_RECORD and restored ABI. Approved by: re (kib) Merge OpenSSL 0.9.8y. This is a direct commit to stable/8 as HEAD is on a 2013-03-08T17:28:40Z Xin LI delphij@FreeBSD.org 2013-03-08T17:28:40Z urn:sha1:cb3cabcbdf20e35bf2f88fbfebbd672a48ecd0e9 different release now. MFC r244975: 2013-01-16T00:54:51Z Xin LI delphij@FreeBSD.org 2013-01-16T00:54:51Z urn:sha1:e491af347eb227584e0833d41b8157f5db885b6f Indicate that we are using OpenSSL with some local modifications. MFC r244974: 2013-01-16T00:52:36Z Xin LI delphij@FreeBSD.org 2013-01-16T00:52:36Z urn:sha1:3cc7419bc9556680ea362629a72a54551bc5fd57 MFV r244973: Integrate OpenSSL changeset 22950 (appro): bn_word.c: fix overflow bug in BN_add_word. MFC r240339: openssl: change SHLIB_VERSION_NUMBER to reflect the reality 2012-10-14T07:28:42Z Andriy Gapon avg@FreeBSD.org 2012-10-14T07:28:42Z urn:sha1:6a624562397a58e4770b28ba4fd2b762d078328a MFC: r237657, r237658, r237666 2012-07-02T16:14:35Z Jung-uk Kim jkim@FreeBSD.org 2012-07-02T16:14:35Z urn:sha1:833689a92bd0dfdd74c7f6da043bdf1e64ae9757 Merge OpenSSL 0.9.8x and regen manual pages. Update the previous openssl fix. [12:01] 2012-05-30T12:01:28Z Bjoern A. Zeeb bz@FreeBSD.org 2012-05-30T12:01:28Z urn:sha1:447e2b9b61562760b7348af4a2e047426b4624b7 Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Fix multiple OpenSSL vulnerabilities. 2012-05-03T15:25:11Z Bjoern A. Zeeb bz@FreeBSD.org 2012-05-03T15:25:11Z urn:sha1:b5b482d053f2c57cc46d2074651af23de06c6bb0 Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) MFC r225446: 2011-09-08T16:22:58Z Xin LI delphij@FreeBSD.org 2011-09-08T16:22:58Z urn:sha1:2f6ad55a9845712ffb4d573da02c239d1e83c230 Fix SSL memory handlig for (EC)DH cipher suites, in particular for multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS MFC 218625: 2011-02-13T10:22:43Z Simon L. B. Nielsen simon@FreeBSD.org 2011-02-13T10:22:43Z urn:sha1:31ff3f195e5c8273d662ed2331992d88015bd977 Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". The very quick MFC is done to get this fix into 7.4 / 8.2. Discussed with: re Approved by: so (simon, for "instant" MFC) Obtained from: OpenSSL CVS Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014