summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Sort/group includes.jsing2014-10-182-50/+52
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-1834-130/+76
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Typical malloc() with size multiplication to reallocarray().doug2014-10-183-12/+12
| | | | ok deraadt@
* use .fn here too. from Jean-Philippe Ouellettedu2014-10-161-3/+3
|
* Repair BUF_strdup() breakage.jsing2014-10-162-4/+6
|
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-168-16/+24
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* Fuck it. No SSLv3; not now, not ever. The API of the future will onlytedu2014-10-153-8/+4
| | | | | | | support the protocols of the future. (Perhaps a bit late in burning this bridge entirely, but there's no time like the present, esp. with other players now leaning against back compat.)
* basic formatting fixes;jmc2014-10-151-4/+3
|
* Disable SSLv3 by default.jsing2014-10-152-2/+8
| | | | | | | | | | | | | | SSLv3 has been long known to have weaknesses and the POODLE attack has once again shown that it is effectively broken/insecure. As such, it is time to stop enabling a protocol was deprecated almost 15 years ago. If an application really wants to provide backwards compatibility, at the cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be used to re-enable it on a per-application basis. General agreement from many. ok miod@
* Clear protocol options before optionally setting them.jsing2014-10-151-1/+6
|
* Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - thisjsing2014-10-151-2/+2
| | | | avoids generating an EC key pair that will never be used.
* Only require an EC public key in tls1_set_ec_id(), if we need to providejsing2014-10-152-8/+8
| | | | | | | a compression identifier. In the case of a server using ephemeral EC keys, the supplied key is unlikely to have a public key where SSL_CTX_set_tmp_ecdh() is called after SSL_OP_SINGLE_ECDH_USE has been set. This makes ECDHE ciphers work again for this use case.
* Add cipher aliases for DHE (the correct name for EDH) and ECDHE (thejsing2014-10-154-8/+32
| | | | | correct name for EECDH). The EDH and EECDH aliases remain for backwards compatibility.
* seems like a good time to make the ressl default TLSv1 only.tedu2014-10-142-6/+5
| | | | ok guenther
* Bump libressl version string to 2.1.bcook2014-10-142-4/+4
| | | | | | | | | | | This makes 'openssl version' print a string that matches the -portable release number. Thanks to @blakkeim for pointing it out. The version integer is left alone, with the idea of discouraging software from relying on magic numbers for detecting features. Software configuration should do explicit feature tests instead. ok beck@, deraadt@
* remove unused variablechl2014-10-131-3/+1
| | | | ok tedu@
* Remove _XOPEN_SOURCE_EXTENDED since we're not too concerned aboutjsing2014-10-131-9/+2
| | | | gethostname being declared properly on Compaq platforms that use DEC C...
* BIO_free() and SSL_CTX_free() have explicit NULL checks, so there is nojsing2014-10-131-29/+16
| | | | need to have additional checks here.
* Add NPN regress tests from OpenSSL. However, unlike OpenSSL, actually exitjsing2014-10-132-3/+146
| | | | with a failure if the NPN verification fails.
* The return value on success of fcntl(F_SETFL) is not actually specified,bcook2014-10-132-6/+6
| | | | | | only that it returns -1 on failure. pointed out by guenther@
* prefer C99 array initialization syntax.bcook2014-10-135-10/+10
| | | | | | | | use C99 array initialization syntax for strict C compilers. from kinichiro, found building with HP/UX compiler ok deraadt@, guenther@
* Use O_NONBLOCK over FIONBIO.bcook2014-10-134-15/+23
| | | | | | | | | Prefer this because it is the POSIX standard and has consistent behavior across platforms. Use BIO_socket_nbio consistently across the tree. from Jonas 'Sortie' Termansen, ok deraadt@
* Remove useless comments in DES_is_weak_key(). Do we really care that thismiod2014-10-122-28/+20
| | | | function was found broken in 1993, and later on in 1997?
* Paranoia: in ASN1_mbstring_ncopy(), check for len < 0 instead of len == -1,miod2014-10-122-4/+4
| | | | in order to catch all negative sizes.
* Convert libssl manpages from pod to mdoc(7).bentley2014-10-12249-7737/+19938
| | | | | | libcrypto has not been started yet. ok schwarze@ miod@
* include header needed by older linux kernelsbcook2014-10-112-2/+4
| | | | not all versions of <linux/random.h> include <linux/types.h> by default
* Since deraadt@ remembers seeing strdup() on one particular 4.2BSD machine,schwarze2014-10-111-4/+11
| | | | | | | | | | | i looked a bit closer and found instances before Reno, so correct HISTORY. References: http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.1cBSD/usr/src/ucb/dbx/defs.h http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD/usr/src/etc/inetd.c http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD-Reno/src/lib/libc/string/strdup.c ok deraadt@
* Userland reallocarray() audit.doug2014-10-111-3/+3
| | | | | | | Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@
* Userland reallocarray() audit.doug2014-10-111-3/+3
| | | | | | | Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@
* replace select with equiv poll usage.dlg2014-10-101-17/+12
| | | | | looks good deraadt@ tweaks and ok millert@
* add an API version number. ok jsingtedu2014-10-091-1/+3
|
* historytedu2014-10-081-4/+10
|
* use preferred license form. can't trust that doug guy with anything...tedu2014-10-081-20/+11
|
* mlinks, and prune some functions from man page i'm not ready for yet.tedu2014-10-082-14/+33
|
* more bettertedu2014-10-081-3/+6
|
* reluctantly rename man page after a functiontedu2014-10-081-1/+1
|
* whack a few stray .Pp macrosschwarze2014-10-081-4/+1
|
* add a few more functions.tedu2014-10-081-5/+17
| | | | | (I also forgot to credit doug for much of the initial markup in the previous commit.)
* rough sketch of ressl documentationtedu2014-10-081-0/+318
|
* using reallocarray() gives us multiplicative integer overflow checkingderaadt2014-10-081-3/+3
| | | | | | | | | | in case something wants to create massive amounts of environment, like a bit more than 1/4 of a 32-bit address space. unrealistic -- but why audit one code path, and not treat others the same? then you have to re-engage everytime you see the code. read the news, that isn't what developers do. At least if the code paths look the same, there is hope, because they are easier to verify for correctness. developers need to give other developers a chance to want to care.
* obvious malloc -> reallocarray, for mult int oflowderaadt2014-10-081-2/+2
|
* fix an indentation that makes me upsetderaadt2014-10-081-2/+2
|
* Use strdup() instead of malloc() + memcpy().miod2014-10-072-16/+6
| | | | ok doug@ jsing@
* EC_KEY_set_group() does an EC_GROUP_dup() of its argument, so we don'tmiod2014-10-072-16/+4
| | | | | need to do it in ec_copy_parameters() prior to invoking EC_KEY_set_group(). ok doug@ jsing@
* When verifying whether an IP address is in the commonName of ajca2014-10-061-1/+15
| | | | | | certificate, do not perform wildcard matching. Suggested by Richard Moore (rich@kde) ok tedu@
* If we have to match against a wildcard in a cert, verify that it containsjca2014-10-061-3/+23
| | | | | | at least a domain label before the tld, as in *.example.org. Suggested by Richard Moore (rich@kde) ok tedu@
* The fixes to X509_PURPOSE_add() in r1.18 actually could cause a globalmiod2014-10-052-54/+58
| | | | | | | | | | | | | X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being allocated in the function) to be freed if modifying that object would fail due to a low memory condition, while this object would still be referenced elsewhere. Fix this by only cleaning the object if we did not allocate it here. While there, fail early if either `name' or `sname' are NULL, rather than allocating an object and realizing we have nothing to strdup() into it. ok guenther@
* Be sure to check the stack push operation for success in v2i_POLICY_MAPPINGS();miod2014-10-052-34/+38
| | | | | | if it fails, free the object we were about to push. Factor error handling to avoid having four copies of about the same code. ok guenther@
* In v2i_AUTHORITY_INFO_ACCESS(), separate object allocation from object pushmiod2014-10-052-6/+16
| | | | | | on a stack; if the latter fails, we need to free the object before returning failure. ok guenther@
* Memory leak upon error in set_dist_point_name().miod2014-10-052-2/+4
| | | | ok guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 21:26:19 +0000