summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Be sure to check the stack push operation for success in v2i_POLICY_MAPPINGS();miod2014-10-052-34/+38
| | | | | | if it fails, free the object we were about to push. Factor error handling to avoid having four copies of about the same code. ok guenther@
* In v2i_AUTHORITY_INFO_ACCESS(), separate object allocation from object pushmiod2014-10-052-6/+16
| | | | | | on a stack; if the latter fails, we need to free the object before returning failure. ok guenther@
* Memory leak upon error in set_dist_point_name().miod2014-10-052-2/+4
| | | | ok guenther@
* Be sure to check object allocation for success before using them.miod2014-10-052-10/+20
| | | | Tweaks and ok guenther@
* Missing deallocation upon error.miod2014-10-052-4/+6
| | | | ok deraadt@ guenther@
* Fix memory leak in the error path of v2i_AUTHORITY_KEYID().miod2014-10-052-6/+12
| | | | ok deraadt@ guenther@
* compile with c89 (code / decl ordering); from Joakim.Tjernlund@transmode.sederaadt2014-10-052-4/+6
| | | | ok miod
* Use more specific curves/formats naming for local variables injsing2014-10-052-60/+56
| | | | | | | ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), rather than the current generic naming. ok miod@
* Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather thanjsing2014-10-052-22/+4
| | | | | | hand rolling the same code. ok miod@
* Make tls1_get_formatlist() behave the same as tls1_get_curvelist() andjsing2014-10-052-42/+58
| | | | | | | | return the client format list if the client_formats flag is specified. Use tls1_get_formatlist()/tls1_get_curvelist() in tls1_check_ec_key(), simplifying the code. ok miod@
* verify changes are major changetedu2014-10-031-2/+2
|
* Bump minor for ECHD auto and other recent changes.jsing2014-10-031-1/+1
|
* Bump minor version for ECDH auto.jsing2014-10-032-2/+2
| | | | | While there are no additional symbols, there is an additional command that clients will potentially depend on.
* allow disabling hostname and cert verification separately.tedu2014-10-034-11/+22
| | | | | | if you're careful, cert only verification can be useful. always enable both though, to avoid accidentally leaving one off. ok jsing
* Allow "auto" to be specified as an ECDH curve name and make this thejsing2014-10-032-7/+13
| | | | | | default. This enables automatic handling of ephemeral EC keys. Discussed with reyk@ and tedu@
* Add support for automatic ephemeral EC keys.jsing2014-10-0314-26/+152
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-038-40/+38
| | | | ok tedu@, miod@
* openssl.cnf tweaks following recent changes to usr.bin/openssl:sthen2014-10-011-44/+3
| | | | | | | | | | | | | | - don't define default_bits, allowing the compiled-in default (now 2048 bits) to take priority. - add commented-out default_md line in case somebody needs an easy way to change this. - remove some sample sections which aren't really useful in the default file (/etc/examples is the place for a more descriptive config, this file should be barebones). Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
* Switch "openssl req" to using SHA256 for hashes and AES256 to encrypt on-disksthen2014-10-012-12/+12
| | | | | | | | | | keys by default (instead of SHA1/3DES) and update documentation to match. Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c ("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method above that only affects "openssl req" for now. Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
* Clean up EC cipher handling in ssl3_choose_cipher().jsing2014-09-306-290/+304
| | | | | | | | | | | The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
* Previous fix (1.12) would cause a NULL pointer dereference in the error pathmiod2014-09-292-8/+6
| | | | | if a NULL stack was passed as argument. Fix this by returning NULL early in that case.
* Move cipher configuration handling to the shared SSL configuration functionjsing2014-09-292-10/+13
| | | | so that applies to both the ressl client and server.
* Add an option that allows the enabled SSL protocols to be explicitlyjsing2014-09-296-9/+51
| | | | | | | | configured. Discussed with several. ok bcook@
* When freeing the config, explicitly call ressl_config_clear_keys() ratherjsing2014-09-291-5/+6
| | | | | | than rerolling our own key clearing code. ok tedu@
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-292-20/+10
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size tomiod2014-09-292-6/+10
| | | | | memcpy(). ok bcook@
* X509_VERIFY_PARAM_set1_name(): if invoked with NULL as the secondmiod2014-09-292-2/+4
| | | | | parameter, correctly set param->name to NULL after having freed it. ok bcook@
* Wrap long lines and add missing argument name.jsing2014-09-281-4/+6
|
* Bump minor after adding SSL_CTX_use_certificate_chain().reyk2014-09-282-2/+2
| | | | ok jsing@ miod@
* Provide a ressl config function that explicitly clears keys.jsing2014-09-282-2/+10
| | | | | | | | | Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you. ok tedu@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-286-54/+111
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* X509v3_add_ext(): do not free stuff we did not allocate in the error path.miod2014-09-282-4/+4
| | | | ok bcook@
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-282-30/+46
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-282-10/+8
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* revamp the config interface to own memory. easier to use correctly withouttedu2014-09-283-49/+99
| | | | | | caller worrying about leaks or lifetimes. after feedback from jsing
* Revert r1.5 and reenable assembler version of ghash now that it has beenmiod2014-09-272-6/+6
| | | | fixed.
* Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, wheremiod2014-09-272-0/+4
| | | | the 64-bit code has to be disabled under OpenBSD/hppa.
* Disable assembler code for ghash on hppa, causes wrong computations in somemiod2014-09-274-8/+8
| | | | | cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
* There is not much point checking ecdhp is not NULL... twice.jsing2014-09-274-28/+10
| | | | ok miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-2710-16/+140
| | | | | | Based on OpenSSL. ok miod@
* Fix mmap() calls that check for a result other than MAP_FAILED.doug2014-09-271-1/+1
| | | | ok tedu@
* X509_STORE_new(): do not leak memory upon error.miod2014-09-262-28/+34
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-262-2/+6
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-262-6/+6
| | | | ok tedu@
* Now that we have a static version of the default EC formats, also use itjsing2014-09-262-94/+88
| | | | | | | | for the server hello. From OpenSSL. ok miod@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-232-12/+12
| | | | | | strdup() to allocated directory list components. ok jsing@
* Refactor and simplify the ECC extension handling. The existing codejsing2014-09-224-244/+196
| | | | | | | | | effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
* Also check the result from final_finish_mac() against finish_mac_length injsing2014-09-222-38/+34
| | | | | | ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-222-26/+22
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Document SSL_OP_TLSEXT_PADDING.jsing2014-09-211-0/+6
| | | | From OpenSSL.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 20:44:02 +0000