summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Now that we have Camellia support in libcrypto, bring in the SHA256 flavour ofmiod2014-12-164-4/+328
| | | | the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
* Add error handling for EVP_DigestInit_ex().doug2014-12-1515-56/+98
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* unconditionally align SSL payloadsbcook2014-12-146-78/+36
| | | | | | | | Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-146-212/+134
| | | | | | the new handshake functions. ok miod@
* Provide functions for starting, finishing and writing SSL handshakejsing2014-12-146-8/+120
| | | | | | | | | | | | | | | messages. This will allow for removal of repeated/duplicated code. Additionally, DTLS was written by wholesale copying of the SSL/TLS code, with some DTLS specifics being added to the duplicated code. Since these SSL handshake message functions know how to handle both SSL/TLS and DTLS, upon conversion the duplicate versions will become identical (or close to), at which point the DTLS versions can be removed and the SSL/TLS versions used for both protocols. Partially based on similar changes in OpenSSL. ok miod@
* Remove trailing whitespace.jsing2014-12-1459-559/+559
|
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-1412-130/+12
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currentlyjsing2014-12-142-46/+2
| | | | | | | enabled and I would hope that no one is using client certificates with DTLS and Netscape, assuming it even supported it... ok bcook@ miod@
* catch up with swab.c rev. 1.9:schwarze2014-12-121-5/+23
| | | | update SYNOPSIS and DESCRIPTION and add STANDARDS
* update swab() to match the current posix definition. "rationale: none."tedu2014-12-111-50/+24
| | | | | | rewrite the function to be simpler as well. the compiler can unroll the loop for us if necessary. ok schwarze
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-1017-42/+115
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-1018-154/+30
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* libssl major++jsing2014-12-102-2/+2
|
* Add support for ALPN.jsing2014-12-1010-16/+594
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* add stdint.h to ssl.h.bcook2014-12-102-2/+6
| | | | ok jsing@
* Xr and Ox fixes;jmc2014-12-093-12/+18
|
* random seed buffer must be unsignedderaadt2014-12-091-2/+2
|
* no more string(3);jmc2014-12-091-3/+2
|
* fix NAME;jmc2014-12-091-3/+3
|
* improve warnings from rand_r(), rand(), and random()libressl-v2.1.2deraadt2014-12-092-3/+8
| | | | | It may take a few iterations to get the tone right. previously discussed with millert
* In ingo's new world order, we do not want multiple manual pages describingderaadt2014-12-093-247/+3
| | | | | | | the same thingies. Therefore these "lists of functions" man pages can go away. Hurray! I've wanted these pages to die for around 10 years! ok ingo (and i think jmc)
* more standardsier: cast to int to make sure we keep the negative numbers.tedu2014-12-091-2/+2
| | | | observed by jonas termansen
* Oops, got the sense of the test backwards. Hilarious that we didn't spot it.deraadt2014-12-081-1/+1
|
* Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48()deraadt2014-12-0813-159/+267
| | | | | | | | | | | | | | | | | to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are unaffected by this change and remain in deterministic mode (for now). Verified as a good roadmap forward by auditing 8800 pieces of software. Roughly 60 pieces of software will need adaptation to request the deterministic mode. Violates POSIX and C89, which violate best practice in this century. ok guenther tedu millert
* delete documentation for deleted DES interfacestedu2014-12-082-87/+3
|
* remove cfree from documentationtedu2014-12-081-19/+3
|
* delete obsolete sunos cfree function. ok deraadt millert naddytedu2014-12-082-42/+3
|
* remove setkey and encrypt interfaces. they are useless and dangerous.tedu2014-12-083-116/+9
| | | | ok deraadt naddy
* Use platform-defined method of printing a pointer.bcook2014-12-082-4/+4
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
* avoid left shift overflow in reallocarray.bcook2014-12-081-2/+2
| | | | | | | | Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-073-21/+27
| | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@
* Make GOST compile with a strict C compiler - in this case incrementing ajsing2014-12-076-20/+24
| | | | | | | void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
* Correctly output the result in STREEBOG512_Final() when running on a big-endianmiod2014-12-072-10/+56
| | | | system. *blush*
* Fix a memory leak in tls_check_subject_altname() by callingjsing2014-12-071-2/+2
| | | | | | | sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter only frees the stack itself and does not free the items. From Basskrapfen on github.
* Make sure to load absolute symbol address with `dla' instead of `la' whenmiod2014-12-074-10/+34
| | | | generating code for 64-bit mips userland.
* revert previous change for now, adjusting based on comments from jsing@bcook2014-12-074-36/+27
|
* Revert to the use of C code for the basic BN routines (bn_add_words,miod2014-12-072-4/+14
| | | | | bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
* Remove OPENSSL_FIPSCANISTER mentions.miod2014-12-078-34/+2
|
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-27/+36
| | | | | | | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@
* Remove get_optional_pkey_id() - it is a hack that existed due to GOSTjsing2014-12-072-92/+16
| | | | | | | | | | only sometimes being available... and when it was available it was via the crypto engine. GOST is now part of libcrypto proper. Instead of trying to do EVP PKEY lookups via string literals and the ASN1 interfaces, lookup the methods directly using the appropriate NID. ok bcook@
* fix manual names that clash with other manualsschwarze2014-12-064-4/+4
|
* delete four MLINKS that are both duplicate and wrongschwarze2014-12-061-5/+1
|
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-064-34/+42
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* malloc(3) is in the "comp" install set, malloc.conf(5) in "man",schwarze2014-12-062-128/+10
| | | | | | breaking the hardlink between file system entries, confusing apropos(1). Split malloc.conf(5) out of malloc(3) as suggested by deraadt@. Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
* Remove now bogus comment that got missed in the GOST commit.jsing2014-12-062-10/+4
|
* Fix some horrible style(9) violations...jsing2014-12-062-126/+126
|
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-068-198/+52
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-066-222/+248
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-062-4/+6
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-062-6/+30
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-21 13:53:09 +0000