summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* add missing .In linesschwarze2019-06-032-4/+6
|
* add missing .In lineschwarze2019-06-031-2/+3
|
* Complete the ld.so boot cleanup: move most libc initialization fromguenther2019-06-022-8/+5
| | | | | | | | | | | | | | | | | _csu_finish() to _libc_preinit(), which is an .init_array function in shared libc (and mark it INITFIRST) or a .preinit_array function in static libc, grabbing the _dl_cb callback there from ld.so. Then in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's startup bits before main() gets control. Other cleanups this permits: - move various startup structures into .data.rel.ro - the dl* stubs in libc can be strong and call the callbacks provided via _dl_cb - no longer need to conditionalize dlctl() calls on presence of _DYNAMIC original concept and full diff ok kettenis@ ok deraadt@
* __realpath(2) appears to have improved, so re-enable the code thatderaadt2019-05-301-3/+136
| | | | | checks userland-parsing vs kernel parsing, we are hoping to spot another bug..
* Relax parsing of TLS key share extensions on the server.jsing2019-05-291-5/+2
| | | | | | | | | | | The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
* Do not send an SNI extension when resuming a session that contains a serverjsing2019-05-291-1/+4
| | | | | | | | name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
* There are some bugs in __realpath(2) -- it isn't quite ready so disablederaadt2019-05-291-136/+3
| | | | calling it until those are fixed.
* Fix typo and label indent.jsing2019-05-281-3/+3
|
* Tidy up some names/structures following the renaming of TLS extensionjsing2019-05-281-35/+35
| | | | | | | | | functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
* Enable the use of the kernel __realpath() system call in the libc wrapper.beck2019-05-281-3/+136
| | | | | | | | For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
* Only override size of chunk if we're not given the actual length.otto2019-05-231-2/+3
| | | | Fixes malloc_conceal...freezero with malloc options C and/or G.
* bump to LibreSSL 3.0.0bcook2019-05-231-3/+3
| | | | ok tb@
* add stdlib.h for reallocarraybcook2019-05-231-1/+2
|
* *an* RSA;jmc2019-05-203-9/+9
|
* clarify that later flags modify earlier flags;schwarze2019-05-191-2/+4
| | | | | triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@
* More consistently put remarks about the less useful LC_* categoties,schwarze2019-05-162-14/+26
| | | | | | i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@
* delete two stray blank linesschwarze2019-05-151-4/+2
|
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Correct missing test to determine if length is in bytes or in bits.beck2019-05-141-1/+3
| | | | | Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* Acquire mutex before incrementing the refcount. Fixes COV-186144bcook2019-05-131-1/+3
| | | | ok tb@
* Move 'how this works' details from namespace.h to DETAILSguenther2019-05-132-112/+136
|
* explicitly mention that RES_NOALIASES has no effect;schwarze2019-05-131-3/+4
| | | | | jmc@ noticed that the text wasn't completely clear; OK jmc@
* Mention introduction of *_conceal.otto2019-05-131-2/+8
|
* Fix signed overflow in X509_CRL_print().tb2019-05-121-1/+4
| | | | | | fixes oss-fuzz #14558 ok beck jsing
* Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key istb2019-05-121-1/+11
| | | | | | | | | assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
* Stop the eyebleed in here and just use callocbeck2019-05-121-31/+8
|
* $OpenBSD$tb2019-05-114-0/+4
|
* Remove commented out rc5 bitstb2019-05-117-20/+6
|
* Initialize EC_KEY_METHOD before use.bcook2019-05-101-2/+2
| | | | | | Fixes COV-186146 ok tb, beck
* Revert part of r1.36: in the case of GCM, gcm.key is assigned fromtb2019-05-101-1/+7
| | | | | | | | | aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
* Inroduce malloc_conceal() and calloc_conceal(). Similar to theirotto2019-05-102-199/+219
| | | | | counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
* Fix incorrect carry operation in 512 bit addition: in the casetb2019-05-091-6/+8
| | | | | | | | | that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* initialize safestack pointersbcook2019-05-083-6/+6
| | | | ok beck@, tb@
* Make sure that the tag buffer size is equal to the tag sizetb2019-05-081-2/+2
| | | | | | | | | in CRYPTO_ccm128_tag(). Otherwise the caller might end up using the part of the tag buffer that was left uninitialized. Issue found by Guido Vranken. ok inoguchi
* Avoid an undefined shift in ASN1_ENUMERATED_get().tb2019-04-281-4/+9
| | | | | | | | (same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
* Avoid an undefined shift in ASN1_INTEGER_get().tb2019-04-281-4/+8
| | | | | | Fixes oss-fuzz issue #13804 ok beck, jsing
* Use calloc/freezero when allocating and freeing the session ticket data.jsing2019-04-251-4/+6
| | | | | | The decrypted session ticket contains key material. ok tb@
* Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofjsing2019-04-251-24/+29
| | | | | | | | | allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
* Rename some variables in tls_decrypt_ticket().jsing2019-04-251-18/+18
| | | | | | | | | Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
* Convert tls_decrypt_ticket() to CBS.jsing2019-04-231-44/+72
| | | | | | This removes various pointer arithmetic and manual length checks. ok tb@
* Add error checking to i2v_POLICY_MAPPINGS().tb2019-04-221-9/+26
| | | | ok jsing
* Add error checking to i2v_POLICY_CONSTRAINTS().tb2019-04-221-5/+19
| | | | ok jsing
* Add error checking to i2v_EXTENDED_KEY_USAGE().tb2019-04-221-8/+23
| | | | ok jsing
* Add error checking to i2v_ASN1_BIT_STRING().tb2019-04-221-4/+18
| | | | ok jsing
* Add error checking to i2v_BASIC_CONSTRAINTS().tb2019-04-221-3/+18
| | | | ok jsing
* Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replacetb2019-04-221-19/+27
| | | | | | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
* Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-222-6/+22
| | | | | | | | | | | | | | and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
* Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().jsing2019-04-221-41/+29
| | | | | | This handles the ret = 2 case and makes the code more readable. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 11:15:27 +0000