-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update OpenSSL to version 3.0.9 in the base system #760
Commits on Mar 1, 2023
-
Configuration menu - View commit details
-
Copy full SHA for aba33b3 - Browse repository at this point
Copy the full SHA aba33b3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3c320f4 - Browse repository at this point
Copy the full SHA 3c320f4View commit details
Commits on Mar 6, 2023
-
openssl: Vendor import of OpenSSL-3.0.8
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835
Configuration menu - View commit details
-
Copy full SHA for e4520c8 - Browse repository at this point
Copy the full SHA e4520c8View commit details
Commits on May 31, 2023
-
openssl: Vendor import of OpenSSL-3.0.9
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.9.tar.gz Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.9.tar.gz 14 MB 74 MBps 01s openssl-3.0.9.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.9 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14] A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C uid [ unknown] Tomáš Mráz <tm@t8m.info> uid [ unknown] Tomáš Mráz <tomas@arleto.cz> uid [ unknown] Tomáš Mráz <tomas@openssl.org> sub rsa4096 2021-07-16 [S] [expires: 2027-07-15] sub rsa4096 2021-07-16 [E] [expires: 2031-07-14] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue May 30 14:32:24 2023 CEST gpg: using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown] gpg: aka "Tomáš Mráz <tomas@arleto.cz>" [unknown] gpg: aka "Tomáš Mráz <tomas@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C Subkey fingerprint: DC70 3266 2AF8 85E2 F47F 243F 5274 66A2 1CA7 9E6D $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ```
Configuration menu - View commit details
-
Copy full SHA for 68967d6 - Browse repository at this point
Copy the full SHA 68967d6View commit details
Commits on Jun 1, 2023
-
Configuration menu - View commit details
-
Copy full SHA for ed6f360 - Browse repository at this point
Copy the full SHA ed6f360View commit details
Commits on Jun 14, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 34f8c8d - Browse repository at this point
Copy the full SHA 34f8c8dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 28a2874 - Browse repository at this point
Copy the full SHA 28a2874View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4391b1b - Browse repository at this point
Copy the full SHA 4391b1bView commit details -
Configuration menu - View commit details
-
Copy full SHA for f521dea - Browse repository at this point
Copy the full SHA f521deaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 73172b6 - Browse repository at this point
Copy the full SHA 73172b6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ba29f0 - Browse repository at this point
Copy the full SHA 4ba29f0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0f4f0b2 - Browse repository at this point
Copy the full SHA 0f4f0b2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 18dddc0 - Browse repository at this point
Copy the full SHA 18dddc0View commit details -
Configuration menu - View commit details
-
Copy full SHA for d57caf4 - Browse repository at this point
Copy the full SHA d57caf4View commit details -
Configuration menu - View commit details
-
Copy full SHA for f55705e - Browse repository at this point
Copy the full SHA f55705eView commit details -
Configuration menu - View commit details
-
Copy full SHA for a80e27e - Browse repository at this point
Copy the full SHA a80e27eView commit details -
dumpon: Request the OpenSSL 1.1 API
OPENSSL_API_COMPAT can be used to specify the OpenSSL API version in use for the purpose of hiding deprecated interfaces and enabling the appropriate deprecation notices. This change is a NFC while we're still using OpenSSL 1.1.1 but will avoid deprecation warnings upon the switch to OpenSSL 3.0. A future update may migrate to use the OpenSSL 3.0 APIs. PR: 271615 Pull request: freebsd#757 Sponsored by: The FreeBSD Foundation
Configuration menu - View commit details
-
Copy full SHA for 2be3913 - Browse repository at this point
Copy the full SHA 2be3913View commit details -
decryptcore: Request the OpenSSL 1.1 API
OPENSSL_API_COMPAT can be used to specify the OpenSSL API version in use for the purpose of hiding deprecated interfaces and enabling the appropriate deprecation notices. This change is a NFC while we're still using OpenSSL 1.1.1 but will avoid deprecation warnings upon the switch to OpenSSL 3.0. A future update may migrate to use the OpenSSL 3.0 APIs. PR: 271615 Sponsored by: The FreeBSD Foundation
Configuration menu - View commit details
-
Copy full SHA for 9a28b18 - Browse repository at this point
Copy the full SHA 9a28b18View commit details -
openssl: Automatically disable EC_NISTP_64_GCC_128
This API is not supported on 32-bit platforms, or on big endian platforms.
Configuration menu - View commit details
-
Copy full SHA for b582bcf - Browse repository at this point
Copy the full SHA b582bcfView commit details -
openssl: Keep OPENSSL_SHLIB_VERSION at 3
Even though the .so file is at 30 in FreeBSD base (and perhaps wrongly at 12 in security/openssl30), calculations for API compatibility should match upstream here at 3.
Configuration menu - View commit details
-
Copy full SHA for bdf80e9 - Browse repository at this point
Copy the full SHA bdf80e9View commit details -
Configuration menu - View commit details
-
Copy full SHA for e134bb3 - Browse repository at this point
Copy the full SHA e134bb3View commit details -
Configuration menu - View commit details
-
Copy full SHA for a19b8bd - Browse repository at this point
Copy the full SHA a19b8bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 934331f - Browse repository at this point
Copy the full SHA 934331fView commit details -
Configuration menu - View commit details
-
Copy full SHA for d32019d - Browse repository at this point
Copy the full SHA d32019dView commit details -
openssl: Enable support for RFC3779
Reported by @otis@bsd.network from Mastodon; thanks!
Configuration menu - View commit details
-
Copy full SHA for ef1c068 - Browse repository at this point
Copy the full SHA ef1c068View commit details -
Ensure BN_ULONG is correctly defined for 32-bit architectures
Use __SIZEOF_LONG__ to define either SIXTY_FOUR_BIT_LONG or THIRTY_TWO_BIT consistenly in crypto's bn_conf.h and openssl's configuration.h. Otherwise, for example on i386, the openssl bignum routines will attempt to use 32-bit shifts on 32-bit unsigned longs, which is undefined behavior.
Configuration menu - View commit details
-
Copy full SHA for 6c18ba4 - Browse repository at this point
Copy the full SHA 6c18ba4View commit details
Commits on Jun 15, 2023
-
openssl: also build ec_deprecated.c in libcrypto
Reported by: Vsevolod Stakhov (@vstakhov on GitHub)
Configuration menu - View commit details
-
Copy full SHA for 1335516 - Browse repository at this point
Copy the full SHA 1335516View commit details