| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
"why not" miod@, sure jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were recently removed and are now set to 0:
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
The code associated with these was deleted in the past at some point
and these are also now 0:
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_EPHEMERAL_RSA
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
The SSL_OP_ALL macro has been updated to reflect the removals.
ok miod@ jsing@
|
| |
|
|
|
|
|
|
| |
bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functions to reflect this.
ok miod@ jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CBS_get_any_asn1_element violates DER encoding by allowing indefinite
form. All callers except bs_ber.c expect DER encoding. The callers
must check to see if it was indefinite or not.
Rather than exposing all callers to this behavior,
cbs_get_any_asn1_element_internal() allows specifying whether you want to
allow the normally forbidden indefinite form. This is used by
CBS_get_any_asn1_element() for strict DER encoding and by a new static
function in bs_ber.c for the relaxed version.
While I was here, I added comments to differentiate between ASN.1
restrictions and CBS limitations.
ok miod@
|
| |
|
|
|
|
|
| |
This commit matches the OpenSSL removal in commit
3c33c6f6b10864355553961e638514a6d1bb00f6.
ok deraadt@
|
| |
|
|
|
| |
This was imported into OpenSSL from SSLeay. It was recently deleted
in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
|
| |
|
|
| |
This is a hack for an old version of SSLeay which predates OpenSSL.
|
| | |
|
| |
|
|
|
|
| |
Also, add comments about assuming short-form.
ok miod@, tweak + ok jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
|
|
|
| |
malloc(0) is implementation defined and there's no reason to introduce
that ambiguity here. Added a few cosmetic changes in sizeof and free.
ok miod@ jsing@
|
| |
|
|
|
|
| |
Also, introduce a few more #defines to make it obvious.
ok miod@ jsing@
|
| |
|
|
|
|
| |
Currently, CBS only handles short-form tags.
ok miod@ jsing@
|
| |
|
|
|
|
|
|
|
| |
jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.
ok miod@ jsing@
|
| |
|
|
| |
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
|
| |
|
|
|
|
|
|
|
|
| |
unknown hash function OID.
Diff based on OpenSSL.
Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).
ok doug@ miod@
|
| |
|
|
|
|
|
|
|
|
| |
length checks.
Diff based on changes in OpenSSL.
Fixes CVE-2015-1789.
ok doug@
|
| |
|
|
|
|
|
|
|
|
|
| |
ECParameters structure that has a specially malformed binary polynomial
field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
| |
instead of a stale one.
ok miod@ mpi@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
| |
work again.
|
| |
|
|
|
|
|
| |
Since RAND_egd has been removed from LibreSSL, simplify porting software that
relies on it. See https://github.com/libressl-portable/openbsd/pull/34
from Bernard Spil, ok deraadt@
|
| |
|
|
|
|
|
| |
256bit keys
problem noted by Tim Kuijsten (info (at) netsend.nl)
ok deraadt@ miod@ bcook@
|
| |
|
|
|
|
| |
starts helping with the pod2mdoc(1)-based conversion
of LibreSSL crypto manuals from perlpod(1) to mdoc(7).
Here comes the first file, slightly tweaked by me.
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
| |
pointer for NULL the line above; ok doug@
|
| | |
|
| |
|
|
|
| |
part of the ISO C standard and have also been dropped from POSIX.
OK guenther@ kettenis@
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
|
| |
Claudio points out the size is checked by an earlier test so just
remove it to restore the original handling of the partial octet case.
Discussed with claudio and gilles.
|
| |
|
|
|
| |
of some undefined value.
OK tedu@
|
| |
|
|
| |
ok millert@ jmc@ schwarze@
|
| |
|
|
|
|
| |
separately to avoid false negatives.
ok miod@ millert@
|
| | |
|
| |
|
|
| |
ok doug millert
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base.
cbb_add_u() now has that common code in one place.
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
This function is documented as allowing NULL for out_header_len.
ok jsing@
|
| |
|
|
| |
tweak + ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
RFC 5280 says " " must not be used as a dNSName.
ok jsing@ jca@
|
| |
|
|
|
|
|
|
| |
After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning. There were missing BN_CTX_end() calls in error paths. One diff
chunk was simply removing redundant code related to this.
ok deraadt@
|
| |
|
|
| |
Include it if we have the sysctl syscall.
|
| |
|
|
| |
From Michael Felt.
|
| |
|
|
|
|
|
|
|
| |
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.
Thanks to william at 25thandclement dot com for reporting this!
ok deraadt@ jsing@ beck@
|
