Fix error state handling

Approved by: so
Security: CVE-2017-3737
Security: FreeBSD-SA-17:12.openssl

Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]

Fix OpenSSL remote DoS vulnerability. [SA-16:35]

Security: FreeBSD-SA-16:33.openssh
Security: FreeBSD-SA-16:35.openssl
Approved by: so

Fix multiple OpenSSL vulnerabilitites.

Approved by: so
Security: FreeBSD-SA-16:26.openssl

- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.

Approved by: re (implicit)

Merge OpenSSL 1.0.1s. This is a security update.

Relnotes: yes
Approved by: re (so@ implicit)

Merge OpenSSL 1.0.1r.

Relnotes: yes

Merge OpenSSL 1.0.1q.

MFC: r285329

Merge OpenSSL 1.0.1p.

Approved by: re (gjb)
Relnotes: yes

MFC: r284329

Merge OpenSSL 1.0.1o.

Note it is instantly merged because it restores ABI compatibility broken by
the previous OpenSSL 1.0.1n.

Relnotes: yes

MFC: r284283

Merge OpenSSL 1.0.1n.

MFC: r280297

Merge OpenSSL 1.0.1m.

Relnotes: yes

Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293

MFC: r276861, r276863

Merge OpenSSL 1.0.1k.

MFC: r273144, r273146

Merge OpenSSL 1.0.1j.

Relnotes: yes

MFC: r269682

Merge OpenSSL 1.0.1i.

MFC: r267256

Merge OpenSSL 1.0.1h.

Approved by: so (delphij)

Fix OpenSSL multiple vulnerabilities.

Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
CVE-2014-3470
Security: SA-14:14.openssl

Fix OpenSSL NULL pointer deference vulnerability.

Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198

Fix devfs rules not applied by default for jails.

Fix OpenSSL use-after-free vulnerability.

Fix TCP reassembly vulnerability.

Security: FreeBSD-SA-14:07.devfs
Security: CVE-2014-3001
Security: FreeBSD-SA-14:08.tcp
Security: CVE-2014-3000
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2010-5298

MFC: r261037, r264278

Merge OpenSSL 1.0.1f and 1.0.1g.

Fix NFS deadlock vulnerability. [SA-14:05]

Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]

MFC r260403 (MFV r260399):

Apply vendor commits:

197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).

Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFV r254106 (OpenSSL bugfix for RT #2984):

Check DTLS_BAD_VER for version number.

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

Requested by: zi
Approved by: benl

Merge OpenSSL 1.0.1e.

Approved by: secteam (simon), benl (silence)

Merge OpenSSL 1.0.1c.

Approved by: benl (maintainer)

Merge OpenSSL 0.9.8x.

Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days

Update the previous openssl fix. [12:01]

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)

Fix multiple OpenSSL vulnerabilities.

Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)

Fix SSL memory handlig for (EC)DH cipher suites, in particular for
multi-threaded use of ECDH.

Security: CVE-2011-3210
Reviewed by: stas
Obtained from: OpenSSL CVS
Approved by: re (kib)

Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could
cause OpenSSL to parse past the end of the message.

Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".

Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Obtained from: OpenSSL CVS

Merge OpenSSL 0.9.8q into head.

Security: CVE-2010-4180
Security: http://www.openssl.org/news/secadv_20101202.txt
MFC after: 3 days

Merge OpenSSL 0.9.8p into head.

Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt

Fix double-free in OpenSSL's SSL ECDH code.

It has yet to be determined if this warrants a FreeBSD Security
Advisory, but we might as well get it fixed in the normal branches.

Obtained from: OpenSSL CVS
Security: CVE-2010-2939
X-MFC after: Not long...

Merge OpenSSL 0.9.8n into head.

This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.

I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.

Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt

Merge OpenSSL 0.9.8m into head.

This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after: 3 weeks

Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate

Merge DTLS fixes from vendor-crypto/openssl/dist:

- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

MFC after: 1 week
Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387

Merge OpenSSL 0.9.8k into head.

Approved by: re

Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)

This commit was generated by cvs2svn to compensate for changes in r172767,
which included commits to RCS files with non-trunk default branches.

Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().

Security: FreeBSD-SA-07:08.openssl
Approved by: re (security blanket)

Resolve conflicts after import of OpenSSL 0.9.8e.

This commit was generated by cvs2svn to compensate for changes in r167612,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.8d.

This commit was generated by cvs2svn to compensate for changes in r162911,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.8b.

This commit was generated by cvs2svn to compensate for changes in r160814,
which included commits to RCS files with non-trunk default branches.

Correct a man-in-the-middle SSL version rollback vulnerability.

Security: FreeBSD-SA-05:21.openssl

This commit was generated by cvs2svn to compensate for changes in r142430,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.7e.

This commit was generated by cvs2svn to compensate for changes in r142425,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.7d.

This commit was generated by cvs2svn to compensate for changes in r127128,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r127114,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r120631,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r112439,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.7a.

This commit was generated by cvs2svn to compensate for changes in r111147,
which included commits to RCS files with non-trunk default branches.

Merge conflicts.
This is cunning doublespeak for "use vendor code".

This commit was generated by cvs2svn to compensate for changes in r109998,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r101615,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts after import of OpenSSL 0.9.6e.

This commit was generated by cvs2svn to compensate for changes in r100936,
which included commits to RCS files with non-trunk default branches.

Remove many obsolete files. The majority of these are simply no
longer included as part of the OpenSSL distribution. However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.

This commit was generated by cvs2svn to compensate for changes in r100928,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r89837,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r79998,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r76866,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r72613,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts, and garbage collect some local changes that are no
longer required

This commit was generated by cvs2svn to compensate for changes in r68651,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r59191,
which included commits to RCS files with non-trunk default branches.

Fix breakage when NO_RSA specified.

Reviewed by: Ben Laurie <ben@openssl.org>

This commit was generated by cvs2svn to compensate for changes in r55714,
which included commits to RCS files with non-trunk default branches.