summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Clean up and improve openssl(1) errstr:jsing2015-04-141-21/+28
| | | | | | | | | - Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL return value in a more appropriate manner. - Use stroul() instead of sscanf() with appropriate error checking. ok doug@
* Convert openssl(1) errstr to new option handling.jsing2015-04-131-6/+34
| | | | ok bcook@ doug@
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-124-88/+4
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Send OPENSSL_issetugid() straight to hell, no final cigarette.deraadt2015-04-117-34/+6
| | | | | | | | | | | | | | | | | | | The issetugid() API is supposed to make a strong promise where "0 means it is safe to look at the environment". Way back in the past someone on the OpenSSL team responded to the environment access danger by creating a wrapper called OPENSSL_issetugid, and went to use it a number of places. However, by default on systems lacking true issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False safety. Which means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite. Can you believe the OpenSSL team? This nastiness was noticed over the years, however noone could gain traction and get it fixed in OpenSSL. Also see a paragraph about this in http://www.tedunangst.com/flak/post/worst-common-denominator-programming ok jsing
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-1113-115/+30
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* Put back a goto end that was unintentionally removed.jsing2015-04-111-1/+2
| | | | Spotted by doug@
* Convert openssl(1) pkeyparam to new option handling.jsing2015-04-111-61/+74
|
* Make pthread_atfork() track the DSO that called it like atexit() does,guenther2015-04-073-2/+81
| | | | | | | | | | unregistering callbacks if the DSO is unloaded. Move the callback handling from libpthread to libc, though libpthread still overrides the inner call to handle locking and thread-library reinitialization. Major version bump for both libc and libpthread. verification that this fixes various ports ajacoutot@ asm assistance miod@; ok millert@ deraadt@
* bludgeon DES support out of crypt. long live the bcrypt.tedu2015-04-062-761/+9
|
* improve realloc. when expanding a region, actually use the free page cachetedu2015-04-061-7/+16
| | | | | instead of simply zapping it. this can save many syscalls in a program that repeatedly grows and shrinks a buffer, as observed in the wild.
* readdir() is thread-safe when DIR handles aren't shared, so delete the lock.guenther2015-04-062-6/+2
| | | | | | | (POSIX is fixing its description: readdir_r() was a botch) Patch from Carlos Mart�n Nieto (cmn (at) dwim.me) no -portable concerns bcook@
* comma fix;jmc2015-04-031-3/+3
|
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-022-8/+14
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Correct man page title.jsing2015-04-021-2/+2
| | | | | | Diff from Tim van der Molen. ok jmc@
* Document the fact that the tls_accept_*() functions can returnjsing2015-04-021-7/+11
| | | | | | TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
* Bump libtls minor due to API addition.jsing2015-03-311-1/+1
|
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-314-9/+39
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled atjsing2015-03-314-44/+4
| | | | | | | compile time, which we do not do and are unlikely to ever do. Additionally, there are two runtime configurable alternatives that exist. ok bcook@ doug@
* Store errors that occur during a tls_accept_socket() call on the contextjsing2015-03-314-11/+12
| | | | | | | for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen.
* add initial AIX getentropy/arc4random files. Thanks to Michael Felt.bcook2015-03-304-0/+1002
|
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-2716-206/+112
| | | | | | in four different places. ok doug@ guenther@
* BUF_MEM_free() has its own explicit NULL check.jsing2015-03-272-18/+12
|
* The code in socks.c writes multiple times in a row to a socket. If thetobias2015-03-261-3/+6
| | | | | | | | | socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :) with input by and ok djm
* Fix error message in case of write failure.tobias2015-03-261-3/+3
| | | | ok djm
* Check for short writes in fdpass(). Clean up while at it.tobias2015-03-261-4/+3
| | | | ok djm
* Sync camel case of "ProxyUseFdpass" with ssh_config(5).tobias2015-03-261-3/+3
| | | | ok djm
* Make rcmdsh(3) not fail if it is passed a non resolvable hostname.halex2015-03-233-20/+16
| | | | | | | Instead, silently ignore the fact and instead let the underlying ssh (or $RSH) command handle it. ok millert@
* differentiate between a failed read, returning -1, and encounteringhalex2015-03-221-2/+4
| | | | | | | end-of-file, returning 0, in order not to print an unrelated strerror(errno) in the latter case ok millert@
* sys/sysctl.h includes linux/sysctl.h, remove the extra unchecked includebcook2015-03-222-4/+2
|
* Since Windows needs BIO_sock_init() before you can call any networkingbcook2015-03-222-12/+7
| | | | | | | | | functions, and ocsp and s_time need networking enabled too, this just moves BIO_sock_init() up into main() as a catch-all for all of the commands. Of course, it is a no-op on any other platform. ok @guenther
* unmute rcmd hostname lookup failurehalex2015-03-221-3/+2
| | | | ok millert@ jung@
* free the server certificate in tls_connect_fds(); fixes a memory leak withsthen2015-03-211-1/+2
| | | | repeated use of tls_connect. ok jsing
* Fix indentation that incorrectly implies a different control flow.doug2015-03-216-16/+22
| | | | | | | | | | | | | The actual control flow is intentional while the indenting is incorrect. This is intended to be a cosmetic change. Verified that each of these was part of a KNF commit that wasn't intending to change behavior. Also, double checked against the history of changes in OpenSSL and BoringSSL. Addresses Coverity CIDs: 78842, 78859, 78863. ok tedu@
* Fix a memory leak in an error path.doug2015-03-202-2/+6
| | | | | | From OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f. ok guenther@, logan@
* zap #if 0'd code that's been dead since '96halex2015-03-191-7/+0
| | | | ok todd@
* Fix several crash causing defects from OpenSSL.tedu2015-03-1924-126/+324
| | | | | | | | | | | | | These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
* In the neverending saga of enabling and disabling assembler code for shamiod2015-03-182-10/+2
| | | | | | | | | | | routines on hppa, the cause for sha512-parisc subtly misbehaving has been found: despite having fallback pa1.1 code when running on a 32-bit cpu, the shift constants used in the sigma computations in sha512 are >= 32 and are silently truncated to 5 bits by the assembler, so there is no chance of getting this code to work on a non-pa2.0 processor. However, the pa1.1 fallback code for sha256 is safe, as it never attempts to shift by more than 31, so reenable it again.
* Avoid a NULL pointer deref when X509_get_pubkey() returns NULL.doug2015-03-152-4/+8
| | | | | | | | | | | | | | A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public details yet to confirm. Either way, we should fix this. Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9 and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728. "looks sane" beck@ ok miod@, bcook@
* fix for regression test for strtol(). it failed (the wrong kind ofphessler2015-03-151-2/+2
| | | | | | | | fail), on 64-bit systems. tested on 64-bit (amd64) and 32-bit (sparc). OK claudio@ deraadt@
* remove incorrect statement. the standard *does* require calloc to checktedu2015-03-141-7/+2
| | | | | for overflow. stop talking about old broken systems, there's little use for such info.
* delay EVP_MD_CTX_init so we don't forget to clean it up.tedu2015-03-112-6/+8
| | | | spotted by miod. ok miod.
* Reject DH keys sent by a server if they are considered too small; inspiredmiod2015-03-083-40/+28
| | | | | by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
* Do not use sha512-parisc for now, as it is subtly bugged - passes the shamiod2015-03-052-2/+6
| | | | | | | | | | | regress tests but causes tls ciphersuite using sha386 to fail; found the hard way by henning@. I can't see anything wrong in the generated assembly code yet, but building a libcrypto with no assembler code but sha512_block_data_order() is enough to trigger Henning's issue, so the bug lies there. No ABI change; ok deraadt@
* subtraction is not comparison. the difference of two longs is not goodtedu2015-03-051-1/+1
| | | | | to place in an int. from Christian Neukirchen ok deraadt
* Update comment to match code; Caspar Schutijserlibressl-v2.1.4millert2015-03-021-2/+2
|
* Fix a minor information leak that was introduced in t1_lib.c r1.71, wherebyjsing2015-03-022-4/+4
| | | | | | | | | an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
* use correct formatter (int, because of type promotion after operations)bcook2015-03-021-2/+2
| | | | ok jsing@
* Reduce usage of predefined strings in manpages.bentley2015-02-281-7/+7
| | | | | | | | | | | Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
* Prefix function parameter names with underscores in tls.h, since this makesjsing2015-02-261-42/+44
| | | | | | them guaranteed to not conflict per POSIX. ok espie@ guenther@
* No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice.millert2015-02-251-1/+1
| | | | OK guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 16:13:51 +0000