summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Bump minor after adding SSL_CTX_use_certificate_chain().reyk2014-09-282-2/+2
| | | | ok jsing@ miod@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-285-38/+106
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* X509v3_add_ext(): do not free stuff we did not allocate in the error path.miod2014-09-281-2/+2
| | | | ok bcook@
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-281-15/+23
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-281-5/+4
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, wheremiod2014-09-271-0/+2
| | | | the 64-bit code has to be disabled under OpenBSD/hppa.
* There is not much point checking ecdhp is not NULL... twice.jsing2014-09-274-28/+10
| | | | ok miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-2710-16/+140
| | | | | | Based on OpenSSL. ok miod@
* X509_STORE_new(): do not leak memory upon error.miod2014-09-261-14/+17
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-261-1/+3
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-261-3/+3
| | | | ok tedu@
* Now that we have a static version of the default EC formats, also use itjsing2014-09-262-94/+88
| | | | | | | | for the server hello. From OpenSSL. ok miod@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-231-6/+6
| | | | | | strdup() to allocated directory list components. ok jsing@
* Refactor and simplify the ECC extension handling. The existing codejsing2014-09-224-244/+196
| | | | | | | | | effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
* Also check the result from final_finish_mac() against finish_mac_length injsing2014-09-222-38/+34
| | | | | | ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-222-26/+22
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Document SSL_OP_TLSEXT_PADDING.jsing2014-09-211-0/+6
| | | | From OpenSSL.
* Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing2014-09-214-20/+36
| | | | | | | | | | | | | | | is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-211-4/+9
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
* Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2014-09-211-19/+29
| | | | | | | Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
* Add CHACHA20 as a cipher symmetric encryption alias.jsing2014-09-192-2/+10
| | | | From Ming <gzchenym at 126.com>
* remove obfuscating parens. man operator is your friend.tedu2014-09-194-30/+30
|
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-0716-182/+54
| | | | | | nor do we plan on supporting them. ok guenther@
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-2655-33619/+0
| | | | | | | | a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
* constify strerror return valuebcook2014-08-241-2/+2
| | | | | | | | | There is no intention to modify the string returned by strerror and doing so is forbidden by the standard. from Jonas 'Sortie' Termansen ok tedu@ deraadt@
* Include <sys/time.h> to get struct timevalbcook2014-08-241-1/+2
| | | | | | | | | The crypto/bio/bss_dgram.c file assumes that another file indirectly includes <stdlib.h> that includes <sys/time.h>. from Jonas 'Sortie' Termansen ok deraadt@ tedu@
* Include <sys/select.h> to get selectbcook2014-08-244-4/+9
| | | | | | | | | These files currently depends on the wrapper <stdlib.h> file indirectly including a header that provides select(). from Jonas 'Sortie' Termansen ok deraadt@ tedu@
* Let SSL_CIPHER_description() allocate the buffer for the description,jsing2014-08-241-4/+6
| | | | | | | | | | | | | | | | rather than passing in a fixed size buffer. This is yet another example of a horribly designed API - if the given buffer is NULL then SSL_CIPHER_description() allocates one for us (great!), which we then need to free (no problem). However, if this allocation fails it returns a pointer to a static string "OPENSSL_malloc Error" - obviously bad things happen if we call free() with this pointer. Unfortunately, there is no way of knowing that the function failed, other than comparing the returned string against the string literal - so do that before calling free()... Joint work with beck@ during g2k14.
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-2410-58/+38
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Remove non-standard GOST cipher suites (which are not compiled injsing2014-08-232-136/+2
| | | | | | currently). From Dmitry Eremin-Solenikov.
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-238-80/+60
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Three independent typos for `independent' or `independently'.miod2014-08-191-1/+1
|
* replace more ROTATE macros with plain-old C code.bcook2014-08-182-40/+19
| | | | | | | Let the compiler optimize these. Even older versions of gcc generate equal or better quality code than the inline asm. ok miod@
* remove return value from HOST_c2l/l2c macrosbcook2014-08-188-106/+106
| | | | | | | | | | | These macros and asm inlines simulate a function returning a value, but nothing ever uses this return value. Remove the pseudo-returns and (void) casts discarding the unused values. This, maybe unsurprisingly, speeds things up a bit. It also removes the GCC 4.9 warnings about unused values. ok miod@ deraadt@
* fixed overrid(d)en typotobias2014-08-141-2/+2
| | | | millert@ and jmc@ agree that "overriden" is wrong
* Merge a patch that i successfully pushed to OpenSSL,schwarze2014-08-122-2/+2
| | | | | | | | | | | | | | | | | | | | | original OpenSSL commit message follows: Fixed as shown; to be released post-1.0.2 commit bebbb11d132cc149f7713d6693703f8bfae10072 Author: Ingo Schwarze <schwarze@usta.de> Date: Sat Jan 18 11:46:25 2014 +0100 RT3239: Extra comma in NAME lines of two manpages In two OpenSSL manual pages, in the NAME section, the last word of the name list is followed by a stray trailing comma. While this may seem minor, it is worth fixing because it may confuse some makewhatis(8) implementations. While here, also add the missing word "size" to the one line description in SSL_CTX_set_max_cert_list(3). Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
* Replace intrinsic ROTATE macros with an inline.bcook2014-08-121-41/+10
| | | | | Without the cast/mask, the compiler is allowed to optimize this directly to the correct CPU intrinsic for rotate.
* Guard RSA / RC4-5 ASM when NO_ASM is not definedbcook2014-08-112-5/+6
| | | | | | | | | Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD.
* Check the return value of sk_SSL_CIPHER_new_null(), since it allocatesjsing2014-08-112-10/+14
| | | | | | memory and can return NULL. ok miod@
* Unchecked memory allocation and potential leak upon error inmiod2014-08-112-10/+24
| | | | | ssl3_get_cert_verify(). ok guenther@ jsing@
* Remove now-unused SSL2_STATE as well as ssl2-specific state machine values.miod2014-08-112-234/+2
| | | | ok guenther@ jsing@
* Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed wayjsing2014-08-116-26/+24
| | | | | | | | of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-116-30/+36
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Tweak cipher list comments and add missing cipher value comments.jsing2014-08-102-10/+52
|
* Remove disabled (weakened export and non-ephemeral DH) cipher suites fromjsing2014-08-102-940/+10
| | | | | | | | the cipher list. This reduces code size, saves data segment space and prevents them from being turned back on at runtime by flipping a bit in memory. ok guenther@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-1032-182/+68
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragmentguenther2014-08-082-4/+14
| | | | | | | | | structure when a zero-length fragment is received. Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74 diff by miod@, ok guenther@ bcook@ deraadt@
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-082-12/+28
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* Correct test reversed during merge of fix for CVE-2014-3509guenther2014-08-072-4/+4
| | | | | pointed out by Watson Ladd (watson (at) matasano.com) ok deraadt@
* Fix CVE-2014-3506, DTLS handshake message size checks. Fromguenther2014-08-072-32/+44
| | | | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636 with comment/whitespace style tweaks ok bcook@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 19:30:14 +0000