summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update comment to match code; Caspar Schutijserlibressl-v2.1.4millert2015-03-021-2/+2
|
* Fix a minor information leak that was introduced in t1_lib.c r1.71, wherebyjsing2015-03-022-4/+4
| | | | | | | | | an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
* use correct formatter (int, because of type promotion after operations)bcook2015-03-021-2/+2
| | | | ok jsing@
* Reduce usage of predefined strings in manpages.bentley2015-02-281-7/+7
| | | | | | | | | | | Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
* Prefix function parameter names with underscores in tls.h, since this makesjsing2015-02-261-42/+44
| | | | | | them guaranteed to not conflict per POSIX. ok espie@ guenther@
* No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice.millert2015-02-251-1/+1
| | | | OK guenther@
* Fix CVE-2014-3570: properly calculate the square of a BIGNUM value.bcook2015-02-257-1331/+672
| | | | | | | | | | | See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@
* Trivial fix for test progress output.bcook2015-02-251-4/+7
| | | | Remove unneeded dangling else, compound statements on a single line.
* Avoid NULL pointer deref in hashinfo_free() when calling from error paths.doug2015-02-251-2/+3
| | | | | | Also, nuke debugging printfs per jsing and bcook. ok bcook@, jsing@
* Fix CVE-2015-0205: Do not accept client authentication with Diffie-Hellmanbcook2015-02-252-4/+4
| | | | | | | | | | certificates without requiring a CertificateVerify message. From OpenSSL commit: https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3 Thanks to Karthikeyan Bhargavan for reporting this. ok miod@
* we don't let strtonum errors bleed through now.tedu2015-02-241-4/+2
|
* Set errno to EINVAL, instead of letting ERANGE escape out.tedu2015-02-241-2/+4
| | | | | | Printing strerror() in that case will say result too large, even if rounds is actually too small. invalid is less specific, but less incorrect. ok millert
* fourth batch of perlpod(1) to mdoc(7) conversionschwarze2015-02-2337-1276/+2521
|
* While slick, this isn't accessing multiple directories concurrently, soguenther2015-02-221-29/+35
| | | | | | | | using *at functions is equivalent to chdir()ing, which eases portability. Tested with mixes of absolute and relative paths. Eliminate a FILE leak too. prodded by jsing@
* Bump libcrypto and libssl majors, due to various recent churn.jsing2015-02-224-4/+4
| | | | Discussed with/requested by deraadt@ at the conclusion of s2k15.
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-2215-25/+159
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* There is not much point constructing an SSL_CIPHER, then callingjsing2015-02-222-14/+6
| | | | | ssl3_cipher_get_value() to get the cipher suite value that we just put in the struct - use the cipher suite value directly.
* Remove IMPLEMENT_STACK_OF noops.jsing2015-02-224-8/+4
|
* Update for recent verify related naming changes.jsing2015-02-222-28/+28
|
* Bump libtls major due to symbol removal.jsing2015-02-221-3/+2
|
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-224-21/+20
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* Check return values when setting dheparams and ecdhecurve for the defaultjsing2015-02-221-11/+14
| | | | configuration.
* In the interests of being secure by default, make the default TLS ciphersjsing2015-02-222-2/+17
| | | | | | | be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that allows the previous default ciphers to be selected. Discussed with tedu@ during s2k15.
* explain how tls_accept_socket works.tedu2015-02-211-2/+9
|
* tls_config_set_protocols is really void. Greg Martin.tedu2015-02-211-3/+3
|
* fill out docs a bit more, notably the read/write again behaviors.tedu2015-02-211-3/+27
| | | | ok jsing
* If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,jsing2015-02-192-6/+16
| | | | | | | | | BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
* BN_free() has its own NULL check.jsing2015-02-191-14/+7
|
* KNF.jsing2015-02-191-766/+834
|
* fix coverity 105350 and 10345beck2015-02-181-1/+2
| | | | ok miod@, doug@
* Memory leak in error path. Coverity CID 78822.miod2015-02-172-16/+18
| | | | ok doug@
* Amend documentation for AI_ADDRCONFIGjca2015-02-161-2/+4
| | | | ok jmc@
* third batch of perlpod(1) to mdoc(7) conversionschwarze2015-02-1625-1367/+2121
|
* Add more error checking and free resources in bytestringtest.doug2015-02-161-26/+47
|
* Avoid calling BN_CTX_end() on a context that wasn't started.doug2015-02-152-8/+8
| | | | | | | | | | | In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@
* Use "In" to mark up include files, instead of wrongly wrapping with Aq.bentley2015-02-151-3/+3
| | | | | | | Aq is not the same as <> in non-ASCII situations, so this caused incorrect output in some places. And it provided no semantics besides. ok schwarze@
* Regenmiod2015-02-156-528/+564
|
* s/tls_load_keys/tls_load_file/jsing2015-02-151-2/+2
|
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-152-5/+27
| | | | tls_config_set_protocols().
* Fix various memory leaks by not exiting so abruptly from failed tests.miod2015-02-151-579/+507
|
* Remove ancient gcc workaround on mips.miod2015-02-151-3/+2
|
* Memory leak. Coverity CID 78865miod2015-02-151-2/+3
|
* Wrong logic; Coverity CID 78894miod2015-02-151-1/+1
|
* If we decide to discard the provided seed buffer because its size is notmiod2015-02-152-16/+12
| | | | | | | | large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
* Check ASN1_OCTET_STRING_new() for failure. Coverity CID 78904miod2015-02-152-12/+16
| | | | ok doug@
* In ec_wNAF_mul(), move the declaration of tmp_wNAF higher in scope, so thatmiod2015-02-152-12/+10
| | | | | all the function's exit paths can make sure it gets freed. Coverity CID 78861 tweaks & ok doug@ jsing@
* lsearch and lfind return void *tedu2015-02-151-4/+4
|
* Support for nc -T on IPv6 addresses.jca2015-02-141-7/+16
| | | | ok sthen@
* Remove asn1_ex_i2c() prototype, now that this function has been made static;miod2015-02-142-4/+2
| | | | reminded by bcook@
* Words read better when they are separated by spaces.miod2015-02-142-2/+2
|