OpenSSL: update vendor sources to match 3.5.5 contentMFC with: f25b8c9fb4f58cf61adb47d7570abe7caa6d385dMFC after: 1 week
openssl: import 3.5.5This change adds OpenSSL 3.5.5 from upstream [1].The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].This is a security release, but also contai
openssl: import 3.5.5This change adds OpenSSL 3.5.5 from upstream [1].The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].This is a security release, but also contains several bugfixes. All ofthe CVE-worthy issues have already been addressed on the targetbranch(es), so the net-result is that this is a bugfix release.More information about the release (from a high level) can be found inthe release notes [4].MFC after: 1 week1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha2564. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.mdMerge commit '808413da28df9fb93e1f304e6016b15e660f54c8'
show more ...
crypto/openssl: make vendor imports easier/less error proneThis change adds a custom BSD makefile containing multiple high-level PHONYtargets, similar to targets provided by the ports framework.
crypto/openssl: make vendor imports easier/less error proneThis change adds a custom BSD makefile containing multiple high-level PHONYtargets, similar to targets provided by the ports framework.The Makefile does the following:- Reruns Configure with a deterministic set of arguments to ensure that all appropriate features have been enabled/disabled in OpenSSL.- Preens the pkgconfig files to remove duplicate paths in their `CFLAGS` and `includedir` variables.- Rebuilds all ASM files to ensure that the content contained is fresh.- Rebuilds all manpages to ensure that the content contained in the manpages is fresh.Some additional work needs to be done to make the manpage regeneration"operation" reproducible (the date the manpages were generated isembedded in the files).All dynamic configuration previously captured in`include/openssl/configuration.h` and `include/crypto/bn_conf.h` has beenmoved to `freebsd/include/dynamic_freebsd_configuration.h` and`freebsd/include/crypto/bn_conf.h`, respectively. This helpsensure that future updates don't wipe out FreeBSD customizations tothese files, which tune behavior on a per-target architecture basis, e.g.,ARM vs x86, 32-bit vs 64-bit, etc.MFC after: 1 monthDifferential Revision: https://reviews.freebsd.org/D51663
openssl: Import version 3.5.1Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will beEOL after 2026-09-07.Approved by: philip (mentor)Sponsored by: Alpha-Omega Beach Cleaning Proj
openssl: Import version 3.5.1Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will beEOL after 2026-09-07.Approved by: philip (mentor)Sponsored by: Alpha-Omega Beach Cleaning ProjectSponsored by: The FreeBSD FoundationDifferential revision: https://reviews.freebsd.org/D51613
Merge commit '1095efe41feed8ea5a6fe5ca123c347ae0914801'Approved by: philip (mentor)Sponsored by: Alpha-Omega Beach Cleaning ProjectSponsored by: The FreeBSD Foundation
OpenSSL: Vendor import of OpenSSL 3.0.13 * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC
OpenSSL: Vendor import of OpenSSL 3.0.13 * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) * Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678])Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html.Approved by: emasteMFC after: 3 daysMerge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'