summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/llabs.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-04-05Don't leak param->name in x509_verify_param_zero()tb1-1/+2
For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
2021-04-04Add missing error check for AES_unwrap_key().tb1-1/+3
2021-04-04Fix two copy paste errors in error messagestb1-3/+3
2021-04-04Add tests for DTLSv1_2{,_client,_server}_method()tb1-1/+20
2021-04-04Use correct type for tmp in test_write_bytes()tb1-2/+2
2021-04-04Explicitly NULL pointers to avoid a double free.tb1-1/+3
2021-04-04Don't leak key and dh in the error path.tb1-4/+7
2021-04-04Clean up client and server tls{,_config} contexts in tls_test().tb1-2/+11
Leaks reported by Ilya Shipitsin.
2021-04-03Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb1-10/+22
2021-04-02Two cases of BRE involving counts and backrefs that go wrong andotto1-1/+16
similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
2021-04-02Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi1-2/+6
ok jsing@ tb@
2021-04-01Compare the pointer variable explicitly with NULL in if conditioninoguchi1-18/+17
2021-03-31one of the examples needs an -N (and explanation);jmc1-4/+7
diff from robert scheck discussed with and tweaked by sthen
2021-03-31Update for DTLSv1.2 support.tb1-2/+4
2021-03-31Remove workarounds for SSL_is_dtls()tb2-11/+2
Reminded by inoguchi jsing
2021-03-31Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb1-5/+1
2021-03-31Bump minors after symbol additiontb3-3/+3
2021-03-31Expose various DTLSv1.2 specific functions and definestb5-27/+8
ok bcook inoguchi jsing
2021-03-31Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb1-18/+4
ok bcook inoguchi jsing
2021-03-31Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2-3/+3
ok bcook inoguchi jsing
2021-03-31Document SSL_use_certificate_chain_file(3)tb1-11/+3
ok bcook inoguchi jsing
2021-03-31Expose SSL_use_certificate_chain_file(3)tb2-3/+2
ok bcook inoguchi jsing
2021-03-31Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb1-1/+2
ok bcook inoguchi jsing
2021-03-31Document EVP_PKEY_new_CMAC_key(3)tb1-16/+4
ok bcook inoguchi jsing
2021-03-31Provide EVP_PKEY_new_CMAC_key(3)tb2-5/+2
ok bcook inoguchi jsing
2021-03-29whitespace nitstb1-4/+4
2021-03-29Prepare documenting EVP_PKEY_new_CMAC_key(3)tb1-2/+54
Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
2021-03-29Remove pointless assignment in SSL_get0_alpn_selected().jsing1-4/+1
ok tb@
2021-03-29Avoid transcript initialisation when sending a TLS HelloRequest.jsing1-4/+6
When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
2021-03-29Move finished and peer finished to the handshake struct.jsing7-44/+44
This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
2021-03-29Add regress coverage for TLSv1.2 record number increment.jsing1-8/+151
2021-03-29Move the TLSv1.2 record number increment into the new record layer.jsing3-19/+44
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
2021-03-29Prepare to provide EVP_PKEY_new_CMAC_key()tb4-20/+84
sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
2021-03-28The failure mode of test-tls13-version-negotiation.py has changed.tb1-4/+2
Update comment.
2021-03-28Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi1-1/+3
Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
2021-03-27Enable test-sig-algs-renegotiation-resumption.py.tb1-5/+6
This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
2021-03-27Garbage collect s->internal->typetb6-18/+9
This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
2021-03-27Handle dynamic definition of SIGSTKSZ as of glibc 2.34 on Linux.bcook1-7/+24
ok bluhm@, inoguchi@, tb@, deraadt@
2021-03-26Add test-sig-algs-renegotiation-resumption.pytb1-1/+5
This test currently fails but may soon be fixed.
2021-03-26Sort header files and wrap long lines in x509.cinoguchi1-67/+110
2021-03-25Avoid mangled output in BIO_debug_callbacktb1-4/+12
Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
2021-03-24The server only sends a cookie during a HRR, not a SHtb1-4/+4
2021-03-24Update regress for new_cipher rename.jsing2-6/+6
2021-03-24Rename new_cipher to cipher.jsing11-64/+64
This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
2021-03-24Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.jsing5-40/+48
Move TLSv1.2 specific components over from SSL_HANDSHAKE. ok inoguchi@ tb@
2021-03-24Convert openssl(1) x509 option handlinginoguchi1-414/+747
Apply new option handling to openssl(1) x509. To handle incremental order value, using newly added OPTION_ORDER. I left the descriptions for -CAform, -inform, and -outform as it was, for now. These description would be fixed. And digest option handler could be consolidated to one between some subcommands in the future. ok and comments from tb@, and "I'd move forward with your current plan." from jsing@
2021-03-24Add option type OPTION_ORDERinoguchi2-2/+9
To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@
2021-03-23OCSP_basic_verify() doesn't set errno, so use tls_set_errorx()tb1-2/+2
ok inoguchi
2021-03-22Don't leak ca in test_cms_sign_verify().tb1-1/+2
Reported by Ilya Shipitsin
2021-03-22Plug a few memory leaks reported by Ilya Shipitsintb1-9/+7
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-22 20:34:58 +0000