summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-062-17/+21
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* Remove now bogus comment that got missed in the GOST commit.jsing2014-12-062-10/+4
|
* Fix some horrible style(9) violations...jsing2014-12-062-126/+126
|
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-068-198/+52
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-066-222/+248
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-062-4/+6
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-062-6/+30
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
* add missing .Fn macros in the SYNOPSIS; found with mandoc.db(5)schwarze2014-12-042-10/+10
|
* Move Windows OS-specific functions to make porting easier.bcook2014-12-032-24/+89
| | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
* We're not supporting 16-bit Windows, remove cast.bcook2014-12-031-3/+2
| | | | ok jsing@ deraadt@
* handle the (impossible) situation of a size_t - 1 buffer fromderaadt2014-12-031-2/+2
| | | | | EC_POINT_point2oct so that later allocation does not overflow with miod
* Spotted another opportunity to use reallocarray().deraadt2014-12-031-2/+2
| | | | ok miod
* Add brainpool curves to eccurves_default[], accidentally missing from 1.32;miod2014-12-022-4/+10
| | | | from OpenSSL HEAD via Thomas Jakobi.
* add some openbsd tags, and a first pass at cleanup;jmc2014-12-02166-210/+708
|
* Remove non-portable use of .Pf that doesn't work with groff;schwarze2014-11-302-16/+8
| | | | found because the groff_mdoc(7) macros warn about it.
* Ensure that sess_cert is not NULL at the start ofjsing2014-11-272-50/+18
| | | | | | | ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
* Avoid a double-free in an error path.jsing2014-11-272-4/+2
| | | | | | Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
* Avoid a NULL dereference in the DTLS client that can be triggered by ajsing2014-11-272-2/+18
| | | | | | | | | | | | crafted server response used in conjunction with an anonymous DH or anonymous ECDH ciphersuite. Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in copied code. Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
* remove superflous gettimeofday wrapper.bcook2014-11-261-9/+2
| | | | ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
* memset like a normal human.bcook2014-11-261-10/+10
| | | | ok beck@ tedu@ miod@
* normalize set/getsockopt usage.bcook2014-11-263-45/+27
| | | | | | | | | | Remove the remaining random casts on optval. Fixups for this can be handled by the portability layer all in once place. Remove remaining fake socklen_t unions, though beck@ points out that this also removes support for socklen_t changing its length at runtime. RIP. ok tedu@ beck@ miod@ deraadt@
* Linux has had IP_MTU since 2005, don't force it.bcook2014-11-261-8/+4
| | | | ok beck@ miod@ tedu@ deraadt@
* Fix incorrect escape.bentley2014-11-222-4/+4
|
* MPE support, begone. ok teduderaadt2014-11-211-2/+2
|
* Nuke yet more obvious #include duplications.krw2014-11-191-3/+1
| | | | ok deraadt@
* include camellia.h using the public include pathbcook2014-11-191-2/+2
|
* Fix a memory leak with pkey in client key exchangedoug2014-11-192-2/+4
| | | | | | Based on boringssl commit: 1df112448b41c3568477f3fcd3b8fc820ce80066 ok miod@ jsing@
* Argh, another bug introduced in r1.3; Dmitry Eremin-Solenikovmiod2014-11-181-2/+2
|
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-1826-146/+594
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Enable the build of GOST routines in libcrypto. Riding upon the Cammeliamiod2014-11-181-1/+0
| | | | libcrypto minor bump.
* More missing error checks I forgot to commit last week, part of the largemiod2014-11-181-12/+23
| | | | cleanup diff.
* Return success in param_copy_gost01() if there is no private key to copy;miod2014-11-181-2/+2
| | | | | broken in r1.3. Spotted by Dmitry Eremin-Solenikov
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-183-6/+6
| | | | the function argument not being NULL
* Add the Cammelia cipher to libcrypto.miod2014-11-172-4/+3
| | | | | | | | | | | | | | | | | | There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
* Make the ECDSA_SIG bowels public. This matches RSA_SIG and DSA_SIG, and wemiod2014-11-172-30/+30
| | | | | | expect a good use for this knowledge in the tree in the near future. Contributed by Vincent Gross, thanks!
* Sort and group includes.jsing2014-11-1671-183/+317
|
* Add many missing error checks (probably not exhaustive, but a good start):miod2014-11-136-287/+488
| | | | | | | | | | | | - make VKO_compute_key() no longer void so that it can return failure. - fix unchecked allocations in too many routines to mention /-: - fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(), VKO_compute_key(). - fix the gost2001_do_sign() interface violation by having its sole caller free the BIGNUM it passes to that function by itself, instead of having the callee do this. Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
* Sacrifice this code to the KNF deities.miod2014-11-139-402/+401
|
* Fix GOST TC26-B curve description.miod2014-11-121-2/+2
|
* f{read,write} take a number of items and an item size as arguments, andmiod2014-11-112-14/+7
| | | | | | | | | | | | | | | | | | | | | return the number of items read of written. When you intend to return the number of bytes actually processed, it is wise to pass 1 as the item size and the size as the number of items. But in *some* places, the OpenSSL does the opposite, and has extra logic to change a successful return of 1 (item processed) into the real size. And, guess why it does that? Because of old VMS, for they (used to) have a substandard stdio implementation. Note that this change causes the return values of BIO_dump_fp() and BIO_dump_indent_fp() to no longer be useless (actual number of callback calls), but actual bytes output. Given the irrelevance of the return value before, it is unlikely that anything depends upon it (and if something does, it probably has other problems in need for a fix...) ok tedu@ beck@ jsing@
* Don't free garbage in ec_wNAF_mul() if wNAF could be allocated butguenther2014-11-111-5/+11
| | | | | | | other allocations in the same block couldn't. problem pointed out by David Ramos on the openssl-dev list ok miod@ doug@
* KNF (when not conflicting with other cleanup changes in progress)miod2014-11-0914-373/+507
|
* Remove DEBUG_SIGN code. Make sure gost_key_unwrap_crypto_pro() returns failuremiod2014-11-092-19/+4
| | | | instead of a printf and a success return, when the operation fails.
* Rename internal yet public key_{un,}wrap_crypto_pro symbols by prepending amiod2014-11-093-30/+32
| | | | | `gost_' prefix to them, so that we do not pollute the global namespace too much.
* Replace RAND_bytes() usage with arc4random_buf().miod2014-11-093-10/+3
|
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-0937-15/+6550
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Introduce EVP_MD_CTX_ctrl(), to allow for fine control of a given digest.miod2014-11-091-1/+25
| | | | | | | | | This functionality was already available (and optional), and used in the bowels of the ASN.1 code. This exposes it as a public interface, which will be used by the upcoming GOST code. Crank libcrypto minor version. From Dmitry Eremin-Solenikov.
* Allow digest routines to provide their own HASH_FINAL routine; will bemiod2014-11-091-3/+5
| | | | | | necessary for upcoming GOST code. From Dmitry Eremin-Solenikov
* Clean up more SSLv2 remnants.jsing2014-11-086-58/+30
|
* only call SRTP (whatever that is) functions when the connection type istedu2014-11-032-10/+10
| | | | DTLS (whatever that is) instead of for TLS too. ok jsing.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-21 11:50:18 +0000