summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix CVE-2014-3511; TLS downgrade, verbatim diffderaadt2014-08-072-10/+54
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b ok guenther miod
* merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of servicederaadt2014-08-072-2/+18
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049 ok bcook
* merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guentherderaadt2014-08-062-18/+26
|
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-062-8/+2
| | | | | | | Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@
* Allow B64_EOF to follow a base64 padding character. This restores previousjsing2014-08-061-2/+3
| | | | | | | | behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@
* Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()guenther2014-08-061-3/+3
| | | | | | | | and UI_add_verify_string() return -1 (and maybe -2?) on failure and >=0 on success, instead of always zero on success problem reported by Mark Patruck (mark (at) wrapped.cx) ok miod@
* In chacha_init(), allow for a NULL iv. Reported by znz on github.miod2014-08-041-2/+3
| | | | ok guenther@ jsing@
* Fix a usage string; the proper spelling of 'alot' is 'a lot'.blambert2014-07-291-2/+2
| | | | ok bcook@
* Remove SRP code. It contains a bug (this should not surprise anyone), buttedu2014-07-286-1816/+1
| | | | | | | | | | | the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-286-18/+42
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* Add missing year to copyright.jsing2014-07-252-4/+4
|
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-2519-71/+45
| | | | | | Remove unnecessary NULL check. ok miod@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-231-4/+7
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-231-10/+17
| | | | | | | within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-231-6/+11
| | | | | | value is happily dereferenced without checking it for being non-NULL). ok beck@
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-222-12/+10
| | | | | | | EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-221-8/+8
| | | | | | | | | | | it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
* Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memoryguenther2014-07-221-6/+10
| | | | | | when BIO_new_{file,fp}() fails. inspired by a diff from logan@ ok miod@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-226-15/+20
| | | | | NULL before an intrinsic strdup. ok miod@
* Mark the format string argument to BIO_*printf as not being allowed to be NULLguenther2014-07-201-5/+7
| | | | ok bcook@
* Fix strtonum range to unbreak -pass fd:0lteo2014-07-191-2/+2
| | | | ok deraadt@
* missing newlinederaadt2014-07-181-2/+2
|
* avoid errx(); Jonas Termansenderaadt2014-07-171-3/+5
|
* avoid sys/param.h; Jonas Termansenderaadt2014-07-173-7/+8
|
* Missing bounds check in ssl3_get_certificate_request(), was not spotted inmiod2014-07-172-2/+12
| | | | 1.78; reported by Ilja Van Sprundel.
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* do not need a variable to track locking, since all code paths have itderaadt2014-07-161-5/+2
| | | | locked throughout.
* not needed anymorederaadt2014-07-142-1173/+0
|
* Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().miod2014-07-142-12/+12
| | | | From BoringSSL.
* whitespacederaadt2014-07-1445-172/+172
|
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-141-27/+19
| | | | ok tedu
* Stop leaking internal library pointers in error messages.jsing2014-07-132-4/+4
| | | | Requested by miod@
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-132-2/+4
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-132-118/+108
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-132-52/+594
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-132-54/+2
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-132-4/+2
|
* Expand the tlsext_sigalg macros. The end result is about the same numberjsing2014-07-132-32/+38
| | | | | | of lines and much more readable. ok miod@
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-132-150/+196
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1325-85/+92
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-131-1/+2
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-1311-15/+15
|
* Warn about the use of BUF_strdup.miod2014-07-131-2/+4
|
* unbreak build this needed to be an and..beck2014-07-134-8/+8
| | | | ok jsing@
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* Possible PBEPARAM leak in the error path.miod2014-07-131-6/+8
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without havingmiod2014-07-131-3/+9
| | | | | | | | | | | | | to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 21:35:37 +0000