[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:24.libcrypto

FreeBSD Errata Notices errata-notices at freebsd.org
Tue Aug 24 20:51:59 UTC 2021

Hash: SHA512

FreeBSD-EN-21:24.libcrypto                                      Errata Notice
                                                          The FreeBSD Project

Topic:          OpenSSL 1.1.1e API functions not exported

Category:       core
Module:         libcrypto
Announced:      2021-08-24
Affects:        FreeBSD 12.2 and later.
Corrected:      2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
                2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
                2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
                2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit

I.   Background

libcrypto is part of the OpenSSL distribution and provides APIs to
various low-level cryptographic services.

II.  Problem Description

New API functions added in OpenSSL 1.1.1e and later were not publicly
exported to applications.

III. Impact

Applications trying to use new API functions added in OpenSSL 1.1.1e
or later would fail to build with a link error.

IV.  Workaround

No workaround is available.  However, the APIs added in OpenSSL 1.1.1e
and later are obscure and not used by many applications.  In particular,
none of the affected APIs are used by applications using libssl from
OpenSSL for Transport Layer Security (TLS).

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc
# gpg --verify libcrypto.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              f8edb3f9c725    stable/13-n245963
releng/13.0/                            3ef67fed446a  releng/13.0-n244754
stable/12/                                                        r369974
releng/12.2/                                                      r370391
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:


To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References

The latest revision of this advisory is available at


More information about the freebsd-announce mailing list