summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Memory leak upon error in set_dist_point_name().miod2014-10-052-2/+4
| | | | ok guenther@
* Be sure to check object allocation for success before using them.miod2014-10-052-10/+20
| | | | Tweaks and ok guenther@
* Missing deallocation upon error.miod2014-10-052-4/+6
| | | | ok deraadt@ guenther@
* Fix memory leak in the error path of v2i_AUTHORITY_KEYID().miod2014-10-052-6/+12
| | | | ok deraadt@ guenther@
* compile with c89 (code / decl ordering); from Joakim.Tjernlund@transmode.sederaadt2014-10-052-4/+6
| | | | ok miod
* Use more specific curves/formats naming for local variables injsing2014-10-052-60/+56
| | | | | | | ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), rather than the current generic naming. ok miod@
* Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather thanjsing2014-10-052-22/+4
| | | | | | hand rolling the same code. ok miod@
* Make tls1_get_formatlist() behave the same as tls1_get_curvelist() andjsing2014-10-052-42/+58
| | | | | | | | return the client format list if the client_formats flag is specified. Use tls1_get_formatlist()/tls1_get_curvelist() in tls1_check_ec_key(), simplifying the code. ok miod@
* verify changes are major changetedu2014-10-031-2/+2
|
* Bump minor for ECHD auto and other recent changes.jsing2014-10-031-1/+1
|
* Bump minor version for ECDH auto.jsing2014-10-032-2/+2
| | | | | While there are no additional symbols, there is an additional command that clients will potentially depend on.
* allow disabling hostname and cert verification separately.tedu2014-10-034-11/+22
| | | | | | if you're careful, cert only verification can be useful. always enable both though, to avoid accidentally leaving one off. ok jsing
* Allow "auto" to be specified as an ECDH curve name and make this thejsing2014-10-032-7/+13
| | | | | | default. This enables automatic handling of ephemeral EC keys. Discussed with reyk@ and tedu@
* Add support for automatic ephemeral EC keys.jsing2014-10-0314-26/+152
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-038-40/+38
| | | | ok tedu@, miod@
* openssl.cnf tweaks following recent changes to usr.bin/openssl:sthen2014-10-011-44/+3
| | | | | | | | | | | | | | - don't define default_bits, allowing the compiled-in default (now 2048 bits) to take priority. - add commented-out default_md line in case somebody needs an easy way to change this. - remove some sample sections which aren't really useful in the default file (/etc/examples is the place for a more descriptive config, this file should be barebones). Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
* Switch "openssl req" to using SHA256 for hashes and AES256 to encrypt on-disksthen2014-10-012-12/+12
| | | | | | | | | | keys by default (instead of SHA1/3DES) and update documentation to match. Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c ("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method above that only affects "openssl req" for now. Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
* Clean up EC cipher handling in ssl3_choose_cipher().jsing2014-09-306-290/+304
| | | | | | | | | | | The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
* Previous fix (1.12) would cause a NULL pointer dereference in the error pathmiod2014-09-292-8/+6
| | | | | if a NULL stack was passed as argument. Fix this by returning NULL early in that case.
* Move cipher configuration handling to the shared SSL configuration functionjsing2014-09-292-10/+13
| | | | so that applies to both the ressl client and server.
* Add an option that allows the enabled SSL protocols to be explicitlyjsing2014-09-296-9/+51
| | | | | | | | configured. Discussed with several. ok bcook@
* When freeing the config, explicitly call ressl_config_clear_keys() ratherjsing2014-09-291-5/+6
| | | | | | than rerolling our own key clearing code. ok tedu@
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-292-20/+10
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size tomiod2014-09-292-6/+10
| | | | | memcpy(). ok bcook@
* X509_VERIFY_PARAM_set1_name(): if invoked with NULL as the secondmiod2014-09-292-2/+4
| | | | | parameter, correctly set param->name to NULL after having freed it. ok bcook@
* Wrap long lines and add missing argument name.jsing2014-09-281-4/+6
|
* Bump minor after adding SSL_CTX_use_certificate_chain().reyk2014-09-282-2/+2
| | | | ok jsing@ miod@
* Provide a ressl config function that explicitly clears keys.jsing2014-09-282-2/+10
| | | | | | | | | Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you. ok tedu@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-286-54/+111
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* X509v3_add_ext(): do not free stuff we did not allocate in the error path.miod2014-09-282-4/+4
| | | | ok bcook@
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-282-30/+46
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-282-10/+8
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* revamp the config interface to own memory. easier to use correctly withouttedu2014-09-283-49/+99
| | | | | | caller worrying about leaks or lifetimes. after feedback from jsing
* Revert r1.5 and reenable assembler version of ghash now that it has beenmiod2014-09-272-6/+6
| | | | fixed.
* Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, wheremiod2014-09-272-0/+4
| | | | the 64-bit code has to be disabled under OpenBSD/hppa.
* Disable assembler code for ghash on hppa, causes wrong computations in somemiod2014-09-274-8/+8
| | | | | cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
* There is not much point checking ecdhp is not NULL... twice.jsing2014-09-274-28/+10
| | | | ok miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-2710-16/+140
| | | | | | Based on OpenSSL. ok miod@
* Fix mmap() calls that check for a result other than MAP_FAILED.doug2014-09-271-1/+1
| | | | ok tedu@
* X509_STORE_new(): do not leak memory upon error.miod2014-09-262-28/+34
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-262-2/+6
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-262-6/+6
| | | | ok tedu@
* Now that we have a static version of the default EC formats, also use itjsing2014-09-262-94/+88
| | | | | | | | for the server hello. From OpenSSL. ok miod@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-232-12/+12
| | | | | | strdup() to allocated directory list components. ok jsing@
* Refactor and simplify the ECC extension handling. The existing codejsing2014-09-224-244/+196
| | | | | | | | | effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
* Also check the result from final_finish_mac() against finish_mac_length injsing2014-09-222-38/+34
| | | | | | ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-222-26/+22
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Document SSL_OP_TLSEXT_PADDING.jsing2014-09-211-0/+6
| | | | From OpenSSL.
* Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing2014-09-214-20/+36
| | | | | | | | | | | | | | | is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-212-8/+18
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 13:58:41 +0000