MFC: r337791

Merge OpenSSL 1.0.2p.

MFC: r318899

Merge OpenSSL 1.0.2l.

MFC: r306193

Merge OpenSSL 1.0.2u.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Merge OpenSSL 1.0.2h.

Relnotes: yes

Merge OpenSSL 1.0.2f.

Relnotes: yes

Merge OpenSSL 1.0.2e.

Merge OpenSSL 1.0.2d.

Merge OpenSSL 1.0.1n.

Merge OpenSSL 1.0.1m.

Merge OpenSSL 1.0.1k.

Merge OpenSSL 1.0.1j.

Merge OpenSSL 1.0.1i.

Merge OpenSSL 1.0.1h.

Approved by: so (delphij)

Fix OpenSSL multiple vulnerabilities.

Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
CVE-2014-3470
Security: SA-14:14.openssl
Approved by: so

Fix NFS deadlock vulnerability. [SA-14:05]

Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]

Merge OpenSSL 1.0.1f.

Approved by: so (delphij), benl (silence)

MFV r260399:

Apply vendor commits:

197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).

Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450

Merge OpenSSL 1.0.1c.

Approved by: benl (maintainer)

Merge OpenSSL 0.9.8x.

Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days

Merge OpenSSL 0.9.8p into head.

Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt

Merge OpenSSL 0.9.8m into head.

This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after: 3 weeks

Merge DTLS fixes from vendor-crypto/openssl/dist:

- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

MFC after: 1 week
Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387

Merge OpenSSL 0.9.8k into head.

Approved by: re

This commit was generated by cvs2svn to compensate for changes in r172767,
which included commits to RCS files with non-trunk default branches.

Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.

From the OpenSSL advisory:

Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.

DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.

We believe this flaw will permit remote code execution.

Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt

Vendor import of OpenSSL 0.9.8b