summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/system.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-04-09Cache implementation has changed, we do not hold on to an exact numberotto1-3/+4
of pages anymore, but also cache larger regions; ok tb@
2021-04-08Enable test-cve-2016-6309.pytb1-3/+2
2021-04-07Avoid clobbering the error code when sending an alerttb1-2/+3
In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
2021-04-07Use ERR_print_error_fp() to avoid leaking a BIO in fatal()tb1-2/+2
2021-04-07Check function return value in openssl(1) x509.cinoguchi1-24/+71
input from bcook@, ok and comments from tb@
2021-04-07Avoid leak in error pathinoguchi1-3/+7
ok and input from tb@
2021-04-06use errx() instead of err()tb1-8/+8
2021-04-06spaces -> tabstb1-5/+5
2021-04-06minor style tweakstb1-5/+6
2021-04-05Don't leak param->name in x509_verify_param_zero()tb1-1/+2
For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
2021-04-04Add missing error check for AES_unwrap_key().tb1-1/+3
2021-04-04Fix two copy paste errors in error messagestb1-3/+3
2021-04-04Add tests for DTLSv1_2{,_client,_server}_method()tb1-1/+20
2021-04-04Use correct type for tmp in test_write_bytes()tb1-2/+2
2021-04-04Explicitly NULL pointers to avoid a double free.tb1-1/+3
2021-04-04Don't leak key and dh in the error path.tb1-4/+7
2021-04-04Clean up client and server tls{,_config} contexts in tls_test().tb1-2/+11
Leaks reported by Ilya Shipitsin.
2021-04-03Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb1-10/+22
2021-04-02Two cases of BRE involving counts and backrefs that go wrong andotto1-1/+16
similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
2021-04-02Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi1-2/+6
ok jsing@ tb@
2021-04-01Compare the pointer variable explicitly with NULL in if conditioninoguchi1-18/+17
2021-03-31one of the examples needs an -N (and explanation);jmc1-4/+7
diff from robert scheck discussed with and tweaked by sthen
2021-03-31Update for DTLSv1.2 support.tb1-2/+4
2021-03-31Remove workarounds for SSL_is_dtls()tb2-11/+2
Reminded by inoguchi jsing
2021-03-31Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb1-5/+1
2021-03-31Bump minors after symbol additiontb3-3/+3
2021-03-31Expose various DTLSv1.2 specific functions and definestb5-27/+8
ok bcook inoguchi jsing
2021-03-31Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb1-18/+4
ok bcook inoguchi jsing
2021-03-31Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2-3/+3
ok bcook inoguchi jsing
2021-03-31Document SSL_use_certificate_chain_file(3)tb1-11/+3
ok bcook inoguchi jsing
2021-03-31Expose SSL_use_certificate_chain_file(3)tb2-3/+2
ok bcook inoguchi jsing
2021-03-31Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb1-1/+2
ok bcook inoguchi jsing
2021-03-31Document EVP_PKEY_new_CMAC_key(3)tb1-16/+4
ok bcook inoguchi jsing
2021-03-31Provide EVP_PKEY_new_CMAC_key(3)tb2-5/+2
ok bcook inoguchi jsing
2021-03-29whitespace nitstb1-4/+4
2021-03-29Prepare documenting EVP_PKEY_new_CMAC_key(3)tb1-2/+54
Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
2021-03-29Remove pointless assignment in SSL_get0_alpn_selected().jsing1-4/+1
ok tb@
2021-03-29Avoid transcript initialisation when sending a TLS HelloRequest.jsing1-4/+6
When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
2021-03-29Move finished and peer finished to the handshake struct.jsing7-44/+44
This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
2021-03-29Add regress coverage for TLSv1.2 record number increment.jsing1-8/+151
2021-03-29Move the TLSv1.2 record number increment into the new record layer.jsing3-19/+44
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
2021-03-29Prepare to provide EVP_PKEY_new_CMAC_key()tb4-20/+84
sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
2021-03-28The failure mode of test-tls13-version-negotiation.py has changed.tb1-4/+2
Update comment.
2021-03-28Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi1-1/+3
Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
2021-03-27Enable test-sig-algs-renegotiation-resumption.py.tb1-5/+6
This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
2021-03-27Garbage collect s->internal->typetb6-18/+9
This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
2021-03-27Handle dynamic definition of SIGSTKSZ as of glibc 2.34 on Linux.bcook1-7/+24
ok bluhm@, inoguchi@, tb@, deraadt@
2021-03-26Add test-sig-algs-renegotiation-resumption.pytb1-1/+5
This test currently fails but may soon be fixed.
2021-03-26Sort header files and wrap long lines in x509.cinoguchi1-67/+110
2021-03-25Avoid mangled output in BIO_debug_callbacktb1-4/+12
Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-20 20:20:24 +0000