mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
cc43f991ab
This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b' (cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09) Update config/build info for OpenSSL 3.0.15 This is a companion commit to the OpenSSL 3.0.15 update. `opensslv.h` was regenerated via the following process: ``` cd crypto/openssl ./config git reset --hard gmake include/openssl/opensslv.h ``` `Makefile.inc` has been updated to match. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 Differential Revision: https://reviews.freebsd.org/D46603 (cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187) sys/crypto/openssl: update powerpc* ASM This change updates the crypto powerpc* ASM via the prescribed process documented in `crypto/openssl/FREEBSD-upgrade`. This change syncs the ASM with 3.0.15's generated ASM. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 MFC with: cc717b574d7faa2e0b2de1a985076286cef74187 Differential Revision: https://reviews.freebsd.org/D46604 (cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
63 lines
1.5 KiB
C
63 lines
1.5 KiB
C
/*
|
|
* Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <stddef.h>
|
|
#include <openssl/provider.h>
|
|
#include <openssl/evp.h>
|
|
#include "testutil.h"
|
|
|
|
static int test_provider(OSSL_LIB_CTX *ctx)
|
|
{
|
|
EVP_KEYMGMT *rsameth = NULL;
|
|
const OSSL_PROVIDER *prov = NULL;
|
|
int ok;
|
|
|
|
ok = TEST_true(OSSL_PROVIDER_available(ctx, "default"))
|
|
&& TEST_ptr(rsameth = EVP_KEYMGMT_fetch(ctx, "RSA", NULL))
|
|
&& TEST_ptr(prov = EVP_KEYMGMT_get0_provider(rsameth))
|
|
&& TEST_str_eq(OSSL_PROVIDER_get0_name(prov), "default");
|
|
|
|
EVP_KEYMGMT_free(rsameth);
|
|
return ok;
|
|
}
|
|
|
|
static int test_fallback_provider(void)
|
|
{
|
|
return test_provider(NULL);
|
|
}
|
|
|
|
static int test_explicit_provider(void)
|
|
{
|
|
OSSL_LIB_CTX *ctx = NULL;
|
|
OSSL_PROVIDER *prov = NULL;
|
|
int ok;
|
|
|
|
ok = TEST_ptr(ctx = OSSL_LIB_CTX_new())
|
|
&& TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default"));
|
|
|
|
if (ok) {
|
|
ok = test_provider(ctx);
|
|
if (ok)
|
|
ok = TEST_true(OSSL_PROVIDER_unload(prov));
|
|
else
|
|
OSSL_PROVIDER_unload(prov);
|
|
}
|
|
|
|
OSSL_LIB_CTX_free(ctx);
|
|
return ok;
|
|
}
|
|
|
|
|
|
int setup_tests(void)
|
|
{
|
|
ADD_TEST(test_fallback_provider);
|
|
ADD_TEST(test_explicit_provider);
|
|
return 1;
|
|
}
|
|
|