summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* pull up fixes for leak and overrunlibressl-v2.0.6OPENBSD_5_6tedu2015-10-151-6/+4
|
* MFC: Fix several defects from OpenSSL.jsing2015-06-113-9/+37
| | | | | | | | These include: CVE-2015-1788 - Malformed ECParameters causes infinite loop CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1792 - CMS verify infinite loop with unknown hash function
* Fix several crash causing defects from OpenSSL.tedu2015-03-1913-65/+166
| | | | | | | | | | | | | | These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
* backport fixes to prevent connections from being downgraded to weak keys.tedu2015-03-114-102/+56
| | | | ok bluhm miod
* disable SSLv3 by default. all agreed.tedu2014-10-201-1/+4
|
* This commit was manufactured by cvs2git to create branch 'OPENBSD_5_6'.cvs2svn2014-08-081067-355203/+0
|
* Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragmentguenther2014-08-082-4/+14
| | | | | | | | | structure when a zero-length fragment is received. Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74 diff by miod@, ok guenther@ bcook@ deraadt@
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-084-24/+56
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* Correct test reversed during merge of fix for CVE-2014-3509guenther2014-08-072-4/+4
| | | | | pointed out by Watson Ladd (watson (at) matasano.com) ok deraadt@
* Fix CVE-2014-3506, DTLS handshake message size checks. Fromguenther2014-08-072-32/+44
| | | | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636 with comment/whitespace style tweaks ok bcook@ miod@
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-0713-53/+59
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-0715-71/+59
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* Fix CVE-2014-3511; TLS downgrade, verbatim diffderaadt2014-08-072-10/+54
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b ok guenther miod
* merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of servicederaadt2014-08-072-2/+18
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049 ok bcook
* merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guentherderaadt2014-08-062-18/+26
|
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-062-8/+2
| | | | | | | Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@
* Allow B64_EOF to follow a base64 padding character. This restores previousjsing2014-08-062-4/+6
| | | | | | | | behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@
* Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()guenther2014-08-062-6/+6
| | | | | | | | and UI_add_verify_string() return -1 (and maybe -2?) on failure and >=0 on success, instead of always zero on success problem reported by Mark Patruck (mark (at) wrapped.cx) ok miod@
* Add support for loading the public/private key from memory, rather thanjsing2014-08-064-13/+97
| | | | directly from file.
* Add $OpenBSD$ tags.jsing2014-08-058-0/+8
|
* Implement ressl_accept_socket, which allocates a new server connectionjsing2014-08-042-4/+45
| | | | | context (if necessary) and handles the TLS/SSL handshake over the given socket.
* Return -1 on error (not 1).jsing2014-08-041-3/+3
|
* A ressl server needs different configuration from a ressl client - providejsing2014-08-043-0/+41
| | | | | a specific server configuration function and call this from ressl_configure.
* Provide a function that returns a server connection context.jsing2014-08-042-0/+15
|
* Provide a utility function for loading a private/public keypair.jsing2014-08-042-0/+21
|
* Improve ressl_{read,write} handling of non-blocking reads/writes.jsing2014-08-042-16/+31
|
* Free the SSL context first and let the reference counting do its thing.jsing2014-08-041-5/+2
|
* In chacha_init(), allow for a NULL iv. Reported by znz on github.miod2014-08-042-4/+6
| | | | ok guenther@ jsing@
* X509_NAME_get_text_by_NID() returns -1 on error so the typejsg2014-08-031-1/+1
| | | | | | the return value is stored in must be signed. Fixes a test for error. ok jsing@ guenther@
* Fix a usage string; the proper spelling of 'alot' is 'a lot'.blambert2014-07-291-2/+2
| | | | ok bcook@
* Remove SRP code. It contains a bug (this should not surprise anyone), buttedu2014-07-2812-3635/+2
| | | | | | | | | | | the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-286-18/+42
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* remove non-portable __progname extern from arc4random unit test.bcook2014-07-281-2/+1
| | | | ok @deraadt
* Link dependencies on libssl and libcrypto were missing.guenther2014-07-271-2/+3
| | | | | | OPENSSL_NO_RC5 is #defined in the #includes, so it's not needed here. ok deraadt@
* Add missing year to copyright.jsing2014-07-254-8/+8
|
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-2526-96/+61
| | | | | | Remove unnecessary NULL check. ok miod@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-232-8/+14
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-232-20/+34
| | | | | | | within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-232-12/+22
| | | | | | value is happily dereferenced without checking it for being non-NULL). ok beck@
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-224-24/+20
| | | | | | | EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-222-16/+16
| | | | | | | | | | | it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
* Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memoryguenther2014-07-221-6/+10
| | | | | | when BIO_new_{file,fp}() fails. inspired by a diff from logan@ ok miod@
* Use Cm instead of Li for 'MASK:'guenther2014-07-221-2/+2
| | | | (Overlooked among jmc@'s other suggestions)
* Rewrite the description of the string_mask config file option to matchguenther2014-07-221-34/+30
| | | | | | reality, and reformatting to be readable. formatting and wording suggestions miod@ jmc@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-2212-30/+40
| | | | | NULL before an intrinsic strdup. ok miod@
* better match proposed syscall apibcook2014-07-222-16/+4
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-212-12/+12
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-216-12/+18
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-212-4/+4
|
* missing newlinederaadt2014-07-211-1/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:33:24 +0000