summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove remnants from RC2 and SEED - there are no longer any cipher suitesjsing2014-11-024-106/+46
| | | | | | | that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
* Initial regress for libtls hostname verification.jsing2014-11-013-2/+247
|
* Remove ephemeral RSA key handling.jsing2014-10-311-43/+4
|
* Use automatic DH ephemeral parameters instead of fixed 512 bit.jsing2014-10-311-38/+23
| | | | Based on OpenSSL.
* Remove an outdated comment re EDH vs DHE - DHE is now used consistently andjsing2014-10-312-16/+2
| | | | there are backwards compatible names/aliases for EDH.
* Update comments for TLS ExtensionType values - many of the referencedjsing2014-10-312-76/+92
| | | | | drafts are now RFCs. Also add the TLS extension type for ALPN and be consistent with RFC reference formatting.
* Crank libssl major due to recent additions, removals and changes.jsing2014-10-312-4/+4
|
* Remove now unused remnants from public structs.jsing2014-10-314-14/+4
|
* Add support for automatic DH ephemeral keys.jsing2014-10-3112-44/+194
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-3114-474/+88
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* Update regress for the libressl to libtls rename.jsing2014-10-314-0/+288
|
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-3113-451/+422
| | | | | | distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
* clean up verbiage around the calculations; ok ingo jmc ottoderaadt2014-10-301-5/+5
|
* Don't mention old systems where realloc(NULL, n) didn't work as wemillert2014-10-301-11/+7
| | | | | don't want to give people the idea that this is non-portable (it has been present since C89). OK deraadt@ schwarze@
* my mistake. we already did increase buffers to 16k; increasing to 64ktedu2014-10-301-2/+2
| | | | would be the next stage of embiggening. restore 16k.
* rework the poll loop to poll in both directions so it doesn't get stucktedu2014-10-301-47/+211
| | | | | if one pipe stalls out. from a diff by Arne Becker. (buffer size left alone for now)
* deregister; no binary changejsg2014-10-28100-460/+460
| | | | ok jsing@ miod@
* Check the result of sk_*_push() operations for failure.miod2014-10-2818-88/+170
| | | | ok doug@ jsing@
* POLLIN is not guaranteed to be set in revents for EOF so check formillert2014-10-261-3/+3
| | | | POLLHUP too. OK deraadt@
* Remove unnecessary include: netinet/in_systm.h is not needed by theselteo2014-10-241-2/+1
| | | | | | programs. ok deraadt@ millert@
* Save space in man page: err() -> errc() and combine vars.doug2014-10-231-18/+11
| | | | | | Suggested by millert@ and schwarze@. OK schwarze@, millert@
* In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocationmiod2014-10-222-16/+18
| | | | | of p12->mac->salt->data has actually succeeded. In one of my trees for a long time already...
* Avoid a NULL pointer dereference that can be triggered byjsing2014-10-222-4/+4
| | | | | | | | SSL3_RT_HANDSHAKE replays. Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks! ok deraadt@
* #undef LIBRESSL_INTERNAL for the RAND_pseudo_bytes() test.jsing2014-10-221-0/+2
|
* Place most of the RAND_* functions under #ifndef LIBRESSL_INTERNAL (somejsing2014-10-222-2/+8
| | | | are still needed for the engine). Our code should use arc4random instead.
* Use arc4random_buf() instead of RAND(_pseudo)?_bytes().jsing2014-10-228-36/+19
| | | | ok bcook@
* None of these need <openssl/rand.h>jsing2014-10-223-6/+3
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes() (mostjsing2014-10-224-21/+15
| | | | with unchecked return values).
* None of these need <openssl/rand.h>jsing2014-10-225-5/+0
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-2254-260/+202
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* Avoid writing in second person in malloc.3doug2014-10-221-13/+12
| | | | ok deraadt@
* List extensions in the STANDARDS section, replacing some text below CAVEATS.schwarze2014-10-201-33/+30
| | | | | Remove excessive technicalities on zero-sized objects as suggested by deraadt@. contributions and ok deraadt@, ok jmc@ on an earlier version
* digests: *_LONG_LOG2 is not used, stop talking about it.bcook2014-10-2014-56/+22
| | | | | | | | Modified patch from Dmitry Eremin-Solenikov leave the sole public define in ripemd.h ok deraadt@ miod@
* SSL: Fix memory leak in d2i_SSL_SESSION.bcook2014-10-202-2/+4
| | | | | | | | | | | | | | | | | | | | Modified version of patch from Dmitry Eremin-Solenikov. ==28360== 98 bytes in 2 blocks are definitely lost in loss record 7 of 7 ==28360== at 0x402AC54: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==28360== by 0x40E2D2C: ASN1_STRING_set (asn1_lib.c:393) ==28360== by 0x40EC22C: asn1_ex_c2i (tasn_dec.c:959) ==28360== by 0x40EC632: asn1_d2i_ex_primitive (tasn_dec.c:824) ==28360== by 0x40ED2E6: ASN1_item_ex_d2i (tasn_dec.c:230) ==28360== by 0x40ED421: ASN1_item_d2i (tasn_dec.c:133) ==28360== by 0x40F0335: d2i_ASN1_OCTET_STRING (tasn_typ.c:75) ==28360== by 0x405FD6D: d2i_SSL_SESSION (ssl_asn1.c:367) ==28360== by 0x405DD6E: ssl3_send_newsession_ticket (s3_srvr.c:2743) ==28360== by 0x405EA48: ssl3_accept (s3_srvr.c:665) ==28360== by 0x4067C34: SSL_accept (ssl_lib.c:922) ==28360== by 0x404E97B: ssl23_get_client_hello (s23_srvr.c:573) ok miod@ beck@
* s_client: don't call shutdown on a non-existent socket descriptor.bcook2014-10-201-3/+1
| | | | | from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> ok beck@, deraadt@
* make RETURN VALUES more conciseschwarze2014-10-191-77/+28
| | | | | and fix two instances of "new sentence, new line" while here feedback and ok jmc@, ok doug@
* Revamp malloc.3 by reordering the sections and rewriting parts.doug2014-10-191-185/+417
| | | | | | | | | | | | | | | | | | | | | | | | | | | The old man page had a lot of useful information, but it was all mixed together which made it difficult to reference. The main theme in this commit is that the sections are more focused: * DESCRIPTION describes the overall behavior * RETURN VALUES describes what it may return (including implementation defined values) * EXAMPLES shows why we recently started an audit on malloc and realloc usage in the tree. * Added CAVEATS which describes what is implementation defined, gotchas and security implications of misusing these functions * Added IDIOMS which describes how these functions should or should not be used The MALLOC_OPTIONS section was left unchanged. Function names were added to DIAGNOSTICS and STANDARDS. The MALLOC_OPTIONS and DIAGNOSTICS sections were pushed down in the page so more pertinent information is higher up. This has gone through several revisions thanks to input from deraadt@ and schwarze@. Ingo also helped with some of the mandoc formatting. OK schwarze@ (as far as it is a good starting point and the code snippets look ok)
* Revert last commit due to changed semantics found by make release.doug2014-10-191-10/+10
|
* Better POSIX compliance in realpath(3).doug2014-10-181-10/+10
| | | | | | | millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
* None of these need to include <openssl/rand.h>jsing2014-10-1862-128/+62
|
* Sort/group includes.jsing2014-10-182-50/+52
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-1834-130/+76
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Typical malloc() with size multiplication to reallocarray().doug2014-10-183-12/+12
| | | | ok deraadt@
* use .fn here too. from Jean-Philippe Ouellettedu2014-10-161-3/+3
|
* Repair BUF_strdup() breakage.jsing2014-10-162-4/+6
|
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-168-16/+24
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* Fuck it. No SSLv3; not now, not ever. The API of the future will onlytedu2014-10-153-8/+4
| | | | | | | support the protocols of the future. (Perhaps a bit late in burning this bridge entirely, but there's no time like the present, esp. with other players now leaning against back compat.)
* basic formatting fixes;jmc2014-10-151-4/+3
|
* Disable SSLv3 by default.jsing2014-10-152-2/+8
| | | | | | | | | | | | | | SSLv3 has been long known to have weaknesses and the POODLE attack has once again shown that it is effectively broken/insecure. As such, it is time to stop enabling a protocol was deprecated almost 15 years ago. If an application really wants to provide backwards compatibility, at the cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be used to re-enable it on a per-application basis. General agreement from many. ok miod@
* Clear protocol options before optionally setting them.jsing2014-10-151-1/+6
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 21:28:46 +0000