summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.doug2015-06-154-52/+10
| | | | | This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
* Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.doug2015-06-154-22/+16
| | | | This is a hack for an old version of SSLeay which predates OpenSSL.
* Update SSL_OP_* to remove ancient hacks that are no longer enabled.doug2015-06-152-26/+22
|
* Split up the logic in CBB_flush to separately handle the lengths.doug2015-06-132-42/+64
| | | | | | Also, add comments about assuming short-form. ok miod@, tweak + ok jsing@
* Explain the ASN.1 restriction that requires extra logic for encoding.doug2015-06-132-4/+36
| | | | ok miod@ jsing@
* When initial capacity is 0, always use NULL buffer.doug2015-06-132-14/+16
| | | | | | | malloc(0) is implementation defined and there's no reason to introduce that ambiguity here. Added a few cosmetic changes in sizeof and free. ok miod@ jsing@
* Add comments about how the CBS constants are constructed.doug2015-06-132-24/+86
| | | | | | Also, introduce a few more #defines to make it obvious. ok miod@ jsing@
* Reject long-form tags in CBS_peek_asn1_tag.doug2015-06-132-2/+16
| | | | | | Currently, CBS only handles short-form tags. ok miod@ jsing@
* Fix bad indenting in LibreSSL.doug2015-06-138-18/+18
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Avoid an infinite loop that can occur when verifying a message with anlibressl-v2.2.0jsing2015-06-111-2/+2
| | | | | | | | | | unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@
* Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2015-06-111-4/+27
| | | | | | | | | | length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
* Avoid an infinite loop that can be triggered by parsing an ASN.1jsing2015-06-111-3/+8
| | | | | | | | | | | ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@
* Fix library search path so we link against the freshly built libcrypto.sotobiasu2015-06-051-2/+2
| | | | | | instead of a stale one. ok miod@ mpi@
* Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod2015-05-261-2/+2
| | | | work again.
* Add OPENSSL_NO_EGD to opensslfeatures.h.bcook2015-05-261-0/+1
| | | | | | | Since RAND_egd has been removed from LibreSSL, simplify porting software that relies on it. See https://github.com/libressl-portable/openbsd/pull/34 from Bernard Spil, ok deraadt@
* Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as usingguenther2015-05-252-8/+8
| | | | | | | 256bit keys problem noted by Tim Kuijsten (info (at) netsend.nl) ok deraadt@ miod@ bcook@
* Maximilian dot Fillinger at uni-duesseldorf dot deschwarze2015-05-241-72/+0
| | | | | | starts helping with the pod2mdoc(1)-based conversion of LibreSSL crypto manuals from perlpod(1) to mdoc(7). Here comes the first file, slightly tweaked by me.
* bump to version 2.2bcook2015-05-231-2/+2
| | | | ok deraadt@
* No need to check the return value of memcpy() if you actually checked thismiod2015-05-201-3/+2
| | | | pointer for NULL the line above; ok doug@
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-173-1/+5
|
* Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg2015-05-157-17/+20
| | | | ok doug@
* use strdup() to init stringderaadt2015-04-301-3/+2
| | | | ok doug millert
* Add whitespace and replace OPENSSL_free with free in documentation.doug2015-04-296-22/+22
| | | | ok jsing@
* Call CBB_add_space() rather than reimplementing it.doug2015-04-292-4/+4
| | | | ok jsing@
* Rename cbb_buffer_add_u to cbb_add_u and remove redundant code.doug2015-04-292-30/+12
| | | | | | | All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base. cbb_add_u() now has that common code in one place. ok jsing@
* Added len_len error checking for internal cbb_buffer_add_u().doug2015-04-292-2/+8
| | | | ok jsing@
* Call CBS_mem_equal() rather than reimplementing it.doug2015-04-292-6/+4
| | | | ok jsing@
* Avoid NULL deref in CBS_get_any_asn1_element().doug2015-04-292-4/+6
| | | | | | This function is documented as allowing NULL for out_header_len. ok jsing@
* Added error checking for len argument in cbs_get_u().doug2015-04-292-2/+8
| | | | tweak + ok jsing@
* free() can handle NULL.doug2015-04-292-16/+8
| | | | ok jsing@
* Add missing BN_CTX_end() calls.doug2015-04-294-18/+18
| | | | | | | | After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@
* Don't ignore the reference count in X509_STORE_free.doug2015-04-251-1/+5
| | | | | | | | | Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
* Check for invalid leading zeros in CBS_get_asn1_uint64.doug2015-04-252-6/+16
| | | | | | | | | | ASN.1 integers cannot have all zeros or all ones for the first 9 bits. This rule ensures the numbers are encoded with the smallest number of content octets (see ITU-T Rec X.690 section 8.3.2). Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16 ok deraadt@ jsing@
* Do not need to buf[0] = 0 before strlcpy(buf, ...deraadt2015-04-231-2/+1
|
* Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing2015-04-156-42/+30
| | | | | | | | | | ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-122-44/+2
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Send OPENSSL_issetugid() straight to hell, no final cigarette.deraadt2015-04-112-15/+1
| | | | | | | | | | | | | | | | | | | The issetugid() API is supposed to make a strong promise where "0 means it is safe to look at the environment". Way back in the past someone on the OpenSSL team responded to the environment access danger by creating a wrapper called OPENSSL_issetugid, and went to use it a number of places. However, by default on systems lacking true issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False safety. Which means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite. Can you believe the OpenSSL team? This nastiness was noticed over the years, however noone could gain traction and get it fixed in OpenSSL. Also see a paragraph about this in http://www.tedunangst.com/flak/post/worst-common-denominator-programming ok jsing
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-117-60/+16
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* readdir() is thread-safe when DIR handles aren't shared, so delete the lock.guenther2015-04-062-6/+2
| | | | | | | (POSIX is fixing its description: readdir_r() was a botch) Patch from Carlos Mart�n Nieto (cmn (at) dwim.me) no -portable concerns bcook@
* Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled atjsing2015-03-314-44/+4
| | | | | | | compile time, which we do not do and are unlikely to ever do. Additionally, there are two runtime configurable alternatives that exist. ok bcook@ doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-2716-206/+112
| | | | | | in four different places. ok doug@ guenther@
* BUF_MEM_free() has its own explicit NULL check.jsing2015-03-272-18/+12
|
* Fix indentation that incorrectly implies a different control flow.doug2015-03-213-8/+11
| | | | | | | | | | | | | The actual control flow is intentional while the indenting is incorrect. This is intended to be a cosmetic change. Verified that each of these was part of a KNF commit that wasn't intending to change behavior. Also, double checked against the history of changes in OpenSSL and BoringSSL. Addresses Coverity CIDs: 78842, 78859, 78863. ok tedu@
* Fix a memory leak in an error path.doug2015-03-201-1/+3
| | | | | | From OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f. ok guenther@, logan@
* Fix several crash causing defects from OpenSSL.tedu2015-03-1913-64/+166
| | | | | | | | | | | | | These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
* Avoid a NULL pointer deref when X509_get_pubkey() returns NULL.doug2015-03-151-2/+4
| | | | | | | | | | | | | | A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public details yet to confirm. Either way, we should fix this. Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9 and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728. "looks sane" beck@ ok miod@, bcook@
* delay EVP_MD_CTX_init so we don't forget to clean it up.tedu2015-03-112-6/+8
| | | | spotted by miod. ok miod.
* Reject DH keys sent by a server if they are considered too small; inspiredmiod2015-03-082-2/+24
| | | | | by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
* Fix a minor information leak that was introduced in t1_lib.c r1.71, wherebyjsing2015-03-022-4/+4
| | | | | | | | | an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
* Fix CVE-2014-3570: properly calculate the square of a BIGNUM value.bcook2015-02-253-654/+303
| | | | | | | | | | | See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-24 11:19:40 +0000