summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Clean up alert codes and add references.jsing2015-06-172-42/+58
|
* Keep alerts sorted by alert code.jsing2015-06-175-14/+15
|
* Remove pointless comments.jsing2015-06-172-14/+6
|
* Convert ssl_next_proto_validate to CBS.doug2015-06-172-22/+24
| | | | ok miod@, tweak + ok jsing@
* Convert tls1_check_curve to CBS.doug2015-06-172-8/+20
| | | | ok miod@ jsing@
* KNF whitespace.doug2015-06-174-34/+38
| | | | ok miod@ jsing@
* Use explicit int in bs_cbs.c.doug2015-06-174-44/+48
| | | | ok miod@ jsing@
* Use explicit int in bs_ber.c.doug2015-06-172-16/+16
| | | | ok miod@ jsing@
* Add tests for CBS_offset() and CBS_write_bytes().doug2015-06-171-2/+70
| | | | "no problem" miod@, tweak + ok jsing@
* Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.doug2015-06-174-4/+48
| | | | | | This is a common operation when dealing with CBS. ok miod@ jsing@
* Add a new function CBS_offset() to report the current offset in the data.doug2015-06-174-4/+30
| | | | "why not" miod@, sure jsing@
* Cleanup SSL_OP_* compat flags in ssl.h.doug2015-06-172-62/+48
| | | | | | | | | | | | | | | | | | | | | These were recently removed and are now set to 0: SSL_OP_NETSCAPE_CA_DN_BUG SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG SSL_OP_SSLEAY_080_CLIENT_DH_BUG The code associated with these was deleted in the past at some point and these are also now 0: SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_EPHEMERAL_RSA SSL_OP_MICROSOFT_SESS_ID_BUG SSL_OP_NETSCAPE_CHALLENGE_BUG SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG The SSL_OP_ALL macro has been updated to reflect the removals. ok miod@ jsing@
* Be more strict about BER and DER terminology.doug2015-06-165-71/+84
| | | | | | | | bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like encoding with one violation (indefinite form) to strict DER. Rename the functions to reflect this. ok miod@ jsing@
* Simplify cbs_get_any_asn1_element_internal based on comments from jsing@doug2015-06-164-34/+26
|
* Add support for OPTION_DISCARD.doug2015-06-161-1/+4
| | | | ok jsing@
* Make CBS_get_any_asn1_element() more compliant with DER encoding.doug2015-06-156-56/+172
| | | | | | | | | | | | | | | | | CBS_get_any_asn1_element violates DER encoding by allowing indefinite form. All callers except bs_ber.c expect DER encoding. The callers must check to see if it was indefinite or not. Rather than exposing all callers to this behavior, cbs_get_any_asn1_element_internal() allows specifying whether you want to allow the normally forbidden indefinite form. This is used by CBS_get_any_asn1_element() for strict DER encoding and by a new static function in bs_ber.c for the relaxed version. While I was here, I added comments to differentiate between ASN.1 restrictions and CBS limitations. ok miod@
* Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug2015-06-158-106/+40
| | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
* Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.doug2015-06-155-81/+11
| | | | | This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
* Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.doug2015-06-154-22/+16
| | | | This is a hack for an old version of SSLeay which predates OpenSSL.
* Update SSL_OP_* to remove ancient hacks that are no longer enabled.doug2015-06-152-26/+22
|
* Split up the logic in CBB_flush to separately handle the lengths.doug2015-06-132-42/+64
| | | | | | Also, add comments about assuming short-form. ok miod@, tweak + ok jsing@
* Explain the ASN.1 restriction that requires extra logic for encoding.doug2015-06-132-4/+36
| | | | ok miod@ jsing@
* When initial capacity is 0, always use NULL buffer.doug2015-06-132-14/+16
| | | | | | | malloc(0) is implementation defined and there's no reason to introduce that ambiguity here. Added a few cosmetic changes in sizeof and free. ok miod@ jsing@
* Add comments about how the CBS constants are constructed.doug2015-06-132-24/+86
| | | | | | Also, introduce a few more #defines to make it obvious. ok miod@ jsing@
* Reject long-form tags in CBS_peek_asn1_tag.doug2015-06-132-2/+16
| | | | | | Currently, CBS only handles short-form tags. ok miod@ jsing@
* Fix bad indenting in LibreSSL.doug2015-06-1310-24/+24
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Remove unneeded sys/sysctl.h on linux.bcook2015-06-132-4/+2
| | | | This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
* Avoid an infinite loop that can occur when verifying a message with anlibressl-v2.2.0jsing2015-06-112-4/+4
| | | | | | | | | | unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@
* Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2015-06-112-8/+54
| | | | | | | | | | length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
* Avoid an infinite loop that can be triggered by parsing an ASN.1jsing2015-06-112-6/+16
| | | | | | | | | | | ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@
* Link ssl and crypto via BSDOBJDIR, works with native and cross buildstobiasu2015-06-051-3/+3
| | | | ok mpi@
* Fix library search path so we link against the freshly built libcrypto.sotobiasu2015-06-051-2/+2
| | | | | | instead of a stale one. ok miod@ mpi@
* force reseeding if pid has changed.eric2015-06-041-2/+7
| | | | ok deraadt@
* Need to operate of CXXFLAGS now.miod2015-05-291-3/+3
|
* Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod2015-05-261-2/+2
| | | | work again.
* Add OPENSSL_NO_EGD to opensslfeatures.h.bcook2015-05-262-0/+2
| | | | | | | Since RAND_egd has been removed from LibreSSL, simplify porting software that relies on it. See https://github.com/libressl-portable/openbsd/pull/34 from Bernard Spil, ok deraadt@
* Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as usingguenther2015-05-252-8/+8
| | | | | | | 256bit keys problem noted by Tim Kuijsten (info (at) netsend.nl) ok deraadt@ miod@ bcook@
* Maximilian dot Fillinger at uni-duesseldorf dot deschwarze2015-05-243-74/+109
| | | | | | starts helping with the pod2mdoc(1)-based conversion of LibreSSL crypto manuals from perlpod(1) to mdoc(7). Here comes the first file, slightly tweaked by me.
* bump to version 2.2bcook2015-05-232-4/+4
| | | | ok deraadt@
* No need to check the return value of memcpy() if you actually checked thismiod2015-05-202-6/+4
| | | | pointer for NULL the line above; ok doug@
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-176-2/+11
|
* Make index/rindex weak aliases of strchr/strrchr since they are notmillert2015-05-154-90/+6
| | | | | part of the ISO C standard and have also been dropped from POSIX. OK guenther@ kettenis@
* Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg2015-05-1510-30/+32
| | | | ok doug@
* rev 1.3 introduced a check to an if statement without adding braces.jsg2015-05-141-3/+1
| | | | | | | Claudio points out the size is checked by an earlier test so just remove it to restore the original handling of the partial octet case. Discussed with claudio and gilles.
* If crypt(3) is called with an unknown setting, return NULL insteadbluhm2015-05-131-1/+3
| | | | | of some undefined value. OK tedu@
* Add dlclose(3) to SEE ALSOguenther2015-05-121-2/+3
| | | | ok millert@ jmc@ schwarze@
* When checking flags that will be passed to open(), test the O_ACCMODE portionguenther2015-05-111-2/+3
| | | | | | separately to avoid false negatives. ok miod@ millert@
* Make this run on strict alignment architectures.miod2015-05-081-6/+9
|
* Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@sthen2015-05-041-0/+381
|
* use strdup() to init stringderaadt2015-04-302-6/+4
| | | | ok doug millert
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 12:17:35 +0000