summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* add a -R option to set/unset resolver flags.libressl-v2.9.0eric2018-12-159-20/+101
| | | | use strcasecmp for reading args.
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* Improve speed for the multi-threaded case by reducing lock contention.otto2018-12-101-30/+21
| | | | tested by many; ok florian@
* Keep usage in sync with logic if OPENSSL_NO_DES is set.tobias2018-12-091-1/+3
| | | | ok jmc@, jsing@
* style; OK ottoflorian2018-12-091-3/+3
|
* Remove an ugly hack in the client certificate verification code that workstb2018-12-071-48/+44
| | | | | | | | | | around broken GOST implementations. It looks like client certificates with GOST have been completely broken since reimport of the GOST code, so no-one is using LibreSSL this way. The client side was fixed only last week for TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed simplifcation and cleanup, so it is time for it to go. suggested by and ok jsing
* remove a stray line accidentally left behind in rev. 1.120;schwarze2018-12-051-3/+2
| | | | patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
* Send SSL_AD_DECODE alerts in the case of a bad hello request or antb2018-12-031-7/+7
| | | | | | | invalid change cipher spec. Found due to dead assignment warnings by the Clang static analyzer. ok inoguchi (previous version), jsing
* Restore function prototype for ASN1_dup, fixing usage on I32LP64 platforms.jeremy2018-11-301-1/+7
| | | | | | This prototype was removed inadvertantly in r1.50. OK jsing@
* This test does not terminate if malloc conf is preconfigured withbluhm2018-11-291-2/+6
| | | | | J. Clear that option to allow running full regress with paranoid malloc flags. This is the same fix as for malloc_ulimit1.
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* update for libtls default cert changes.tedu2018-11-292-7/+8
| | | | bonus: this exposed a few missing const qualifiers.
* expose the default cert file as a function, not a define. it's reallytedu2018-11-295-10/+24
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* Refactor a tangle in ssl3_send_client_verify() into one function for eachtb2018-11-291-118/+213
| | | | | | | | | | type, sigalgs/rsa/ec/gost. Move a few special dances for GOST where they belong now. This prompted a fix for a long-standing bug with GOST client certificate authentication where tls1_transcript_data() fails since the transcript was already freed before. Add a bit of missing error checking and leave some further cleanup for later. idea, guidance & ok jsing
* We're manipulating malloc flags ourselves, start with restting them all.otto2018-11-291-1/+5
| | | | ok bluhm@
* Correct lock initialisation for libcrypto.jsing2018-11-282-16/+55
| | | | | | | | | | | | The current crypto_lock_init() function is not called early enough, meaning that locks are already in use before it gets called. Worse, locks could be in use when they are then initialised. Furthermore, since functions like CRYPTO_lock() are public API, these could be called directly bypassing initialisation. Avoid these issues by using static initialisers. ok bcook@
* This test does not terminate if malloc conf is preconfigured withbluhm2018-11-281-4/+8
| | | | | | J. Clear that option to allow running full regress with paranoid malloc flags. Also fix whitespace. OK otto@
* Refactor "find the right pool" code into a function. ok djm@ tb@otto2018-11-271-65/+34
|
* spelling; from miodjmc2018-11-251-2/+2
|
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Store and return the locking callbacks, restoring previous behaviour.jsing2018-11-241-6/+12
| | | | | | | | | | | The previous code meant that a caller could set the locking callback, after which CRYPTO_get_locking_callback() would return non-NULL. Some existing code depends on this behaviour, specifically to identify if lock handling has been configured. As such, always returning NULL from CRYPTO_get_locking_callback() can result in unexpected application behaviour. ok bcook@
* Fix DTLS transcript handling for HelloVerifyRequest.jsing2018-11-214-18/+26
| | | | | | | | | | | | | If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@
* fold the contents of malloc.conf.5 into malloc.3 and sysctl.2,jmc2018-11-211-6/+118
| | | | | | now that there is essentially no malloc.conf; text tweaked by deraadt; ok otto deraadt
* Introducing malloc_usable_size() was a mistake. While some otherotto2018-11-212-105/+5
| | | | | | | | | | | libs have it, it is a function that is considered harmful, so: Delete malloc_usable_size(). It is a function that blurs the line between malloc managed memory and application managed memory and exposes some of the internal workings of malloc. If an application relies on that, it is likely to break using another implementation of malloc. If you want usable size x, just allocate x bytes. ok deraadt@ and other devs
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* Fix compilation on alpha, where DEF_WEAK() really must be paired withguenther2018-11-191-2/+1
| | | | PROTO_NORMAL(). Problem noted by deraadt@
* Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.jsing2018-11-192-10/+4
| | | | Discussed with beck@
* Revert previous - the default sigalg for RSA key exchange is {sha1,rsa}.jsing2018-11-191-4/+4
| | | | | | | In TLSv1.2, if the client does not send a signature algorithms extension then for RSA key exchange a signature algorithm of {sha1,rsa} is implied. The MD5+SHA1 hash only applies to older versions of TLS, which do not support sigalgs.
* Implement malloc_usable_size(); ok millert@ deraadt@ and jmc@ for the man pageotto2018-11-182-6/+108
|
* Fix DTLS, because DTLS still remains a special flower, allows regress to passbeck2018-11-172-4/+10
|
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* revert previousbeck2018-11-161-5/+3
|
* Fix DTLS. Because the DTLS code is strange. I am really coming around tobeck2018-11-161-3/+5
| | | | joel's line of thinking about it
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-164-10/+22
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigationtb2018-11-151-4/+4
| | | | | | | | | | for a timing vullnerability in ECDSA signature generation (CVE-2018-0735). Note that the blinding that we introduced back in June for ECDSA and DSA should mitigate this and related issues. This simply adds an additional layer of protection. discussed with jsing
* Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,mestre2018-11-141-2/+2
| | | | | | | | | | instead of 'uint16_t' Found with llvm's static analyzer, noticed that it was also already reported in Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's equivalent code. OK tb@ and jsing@
* didn't found -> didn't find.tb2018-11-141-2/+2
| | | | From Edgar Pettijohn III
* In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1beck2018-11-141-2/+2
| | | | Makes connections to outlook.office365.com work
* Temporary workaround for breakage seen in www.videolan.org with curve mismatchbeck2018-11-131-3/+4
|
* Just err if we can't create secretsbeck2018-11-131-2/+2
|
* NULL out mdctx to prevent possible double free introduced in version 1.4beck2018-11-131-1/+2
| | | | Spotted by maestre@, ok tb@
* Fix pkey_ok to be less strange, and add cuve checks required for the EC onesbeck2018-11-131-9/+26
| | | | ok tb@
* Missing initialization for pub_key. CID 184303.tb2018-11-121-2/+2
| | | | ok bcook
* Rework the sm3 regress based on a suggestion by jsing. Zap the weirdtb2018-11-121-30/+36
| | | | | | hex_encode() function and use byte arrays instead of strings to store the expected values. Snatch and tweak hexdump() from beck's key_schedule test to pretty-print data in case of failure.
* Add check function to verify that pkey is usable with a sigalg.beck2018-11-114-7/+24
| | | | | Include check for appropriate RSA key size when used with PSS. ok tb@
* Add back a few missing compatibility stubsbcook2018-11-112-4/+37
| | | | ok beck@
* quiet warning on other compilersbcook2018-11-111-3/+3
| | | | ok beck@
* Fix a race in libssl interop regress. The success messages frombluhm2018-11-113-6/+9
| | | | | the server child could be delayed. In this case wait a second and check again.
* Hook up sm3 regress tests.tb2018-11-111-1/+2
|
* Add sm3 regress tests.tb2018-11-112-0/+101
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 02:13:18 +0000