summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-01-07Bump for LibreSSL 2.4.5libressl-v2.4.5bcook1-3/+3
2017-01-05MFC: Avoid a side-channel cache-timing attack that can leak the ECDSAjsing1-1/+3
private keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. This issue was reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia.
2016-11-03MFC: In ssl3_read_bytes(), do not process more than three consecutive TLSlibressl-v2.4.4jsing1-4/+24
records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
2016-10-03Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()bcook1-5/+11
based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@ original patch by guenther@
2016-10-03Detect zero-length encrypted session data early, instead of when malloc(0)bcook1-2/+2
fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@ original patch by guenther@
2016-10-03Check for packet with truncated DTLS cookie.bcook1-12/+17
Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@ original commit by @guenther
2016-10-03Improve ticket validity checking when tlsext_ticket_key_cb() callbackbcook1-4/+25
chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@ original commit by guenther@
2016-10-03In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingbcook1-2/+3
parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
2016-10-02bump to 2.4.4bcook1-3/+3
2016-09-22MFC: Avoid falling back to a weak digest for (EC)DH when using SNI withlibressl-v2.4.3jsing1-3/+10
libssl.
2016-09-22MFC: Avoid unbounded memory growth in libssl, which can be triggered by ajsing1-9/+20
TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
2016-09-22bump version for 2.4.3bcook1-3/+3
2016-09-22back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinalbcook1-3/+1
Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31. ok jsing@
2016-07-23This commit was manufactured by cvs2git to create branch 'OPENBSD_6_0'.libressl-v2.4.2cvs2svn1187-380610/+0
2016-07-23rework crl2pkcs7; with help from jsingjmc1-57/+18
2016-07-21rework DESCRIPTION a little: no-command seems clearer than no-XXX;jmc1-17/+12
2016-07-21rename NOTES to COMMON SYNTAX (explains itself better); rework thejmc1-43/+44
passphrase section a little; move the DER|PEM stuff in there to help avoid text repetition, and prefer the lowercase (less keys to press); adjust ENVIRONMENT to format a little more nicely;
2016-07-21strip back openssl crl somewhat: remove the examplesjmc1-41/+21
and move any relevant text into the main body;
2016-07-20strip back openssl ciphers:jmc1-106/+60
- rearrange the descriptions of -V and -v to read more logically - move the cipherlist text into the cipherlist description - zap examples
2016-07-19strip back openssl ca: in particular remove some excessively wordy sections,jmc1-337/+120
move some other sections into more relevant places, and remove the example ca file;
2016-07-18don't mix code and decls, ok tedu@bcook2-4/+6
2016-07-17use memset to initialize the unionbcook2-4/+8
2016-07-17remove unused OPENSSL_NO_OBJECT casebcook2-28/+2
ok tedu@
2016-07-17Initialize buffers before use, noted by Kinichiro Inoguchi.bcook2-14/+14
ok beck@
2016-07-17strip back asn1parse; ok beck jsingjmc1-108/+27
description of -out altered on jsing's advice
2016-07-16Clean up OCSP_check_validity() a bit more.beck2-22/+20
- Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
2016-07-16since we no longer pull source directly from openssl, the time isjmc1-427/+57
right to try and trim some of the excess from this page. begin now by cutting some of the fluff from the start. the section on pass phrase arguments goes to the end of the page: it;s in the way for now.
2016-07-16Limit the support of the "backward compatible" ssl2 handshake to only bebeck2-2/+18
used if TLS 1.0 is enabled. Sugessted/discussed with jsing@ and bcook@. ok guenther@ sthen@
2016-07-13Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing1-2/+2
changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
2016-07-13Split the existing TLS cipher suite groups into four:jsing3-11/+22
"secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). ok beck@ tedu@
2016-07-13Fix usage() output and getopt sortingguenther1-6/+6
2016-07-10zero the read buffer after copying data to user so it doesn't linger.tedu2-2/+4
ok beck
2016-07-07Revert previous since the libtls change has been reverted.jsing1-16/+24
2016-07-07Revert previous - it introduces problems with a common privsep use case.jsing3-72/+35
2016-07-07add ca cert error check and make the path configurablebcook1-1/+9
from Kinichiro Inoguchi
2016-07-07call BN_init on temporaries to avoid use-before-set warningsbcook6-6/+28
ok beck@
2016-07-06J/j is a three valued option, document and fix code to actuall support thatotto1-3/+5
with a little help from jmc@ for the man page bits ok jca@ and a reluctant tedu@
2016-07-06Check that the given ciphers string is syntactically valid and results injsing1-1/+17
at least one matching cipher suite. ok doug@
2016-07-06Remove manual file loading (now that libtls does this for us) and adjustjsing1-24/+16
pledge to match. Also use tls_config_error() to provide friendlier error messages.
2016-07-06Always load CA, key and certificate files at the time the configurationjsing3-35/+72
function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. Errors that occur when accessing the specified file are now detected and propagated immediately. Since the file access now occurs when the configuration function is called, we now play nicely with privsep/pledge. ok beck@ bluhm@ doug@
2016-07-06Correctly handle an EOF that occurs prior to the TLS handshake completing.jsing1-3/+6
Reported by Vasily Kolobkov, based on a diff from Marko Kreen. ok beck@
2016-07-05remove extra assignment of s from 1.11, fix regression testbcook1-2/+1
2016-07-05remove unneeded duplicate call - spotted by jsing@beck2-6/+2
2016-07-05On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook8-26/+111
BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
2016-07-05Add several fixes from OpenSSL to make OCSP work with intermediatebeck2-20/+48
certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
2016-07-05make less awful.. test against cloudflare toobeck2-9/+19
2016-07-04Add a nasty little ocsp regress test in the hope pedants will make it better.beck3-1/+140
2016-07-02do not uppercase "hop limit";jmc1-4/+4
2016-07-01Simplify IP proto-specific sockopt error handling.bcook1-34/+26
This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@
2016-06-30Tighten behavior of _rs_allocate failure for portable arc4random ↵bcook14-14/+28
implementations. In the event of a failure in _rs_allocate for rsx, we still have a reference to freed memory for rs on return. Not a huge deal since we subsequently abort in _rs_init, but it looks strange on its own. ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 18:45:34 +0000