summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* clang doesn't propagate attributes like "asm labels" and "visibility(hidden)"guenther2017-11-294-11/+23
| | | | | | | | | to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when building with clang, instead mark those as protected visibility to get rid of the PLT relocations. We can't take the address of them then, but that's ok: it's a build-time error not a run-time error. ok kettenis@
* Add the missing STANDARDS section (kettenis@ noticed that these areschwarze2017-11-281-6/+14
| | | | | POSIX functions) and turn the weird DIAGNOSTICS section into a normal RETURN VALUES section while here.
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.jsing2017-11-281-81/+78
| | | | | | | This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
* Correct TLS extensions handling when no extensions are present.jsing2017-11-281-1/+13
| | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
* Add CBB_discard_child(), which allows for a child CBB to be discarded.jsing2017-11-282-2/+22
| | | | Based on BoringSSL.
* GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionstb2017-11-288-19/+19
| | | | | | | | with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
* Revert recent changes to unbreak ports/net/sambajca2017-11-041-2/+8
| | | | | | | | While it is not clear (to me) why that ports ends up with corrupted shared libs, reverting those changes fixes the issue and should allow us to close p2k17 more smoothly. Discussed with a bunch, ok ajacoutot@ guenther@
* 's' should include 'f'; from Jacqueline Jolicoeurotto2017-11-021-2/+2
|
* Change pthread_cleanup_{push,pop} to macros that store the cleanup infoguenther2017-10-281-8/+2
| | | | | | | | | | | | | | on the stack instead of mallocing the list and move the APIs from libpthread to libc so that they can be used inside libc. Note: the standard was explicitly written to permit/support this "macro with unmatched brace" style and it's what basically everyone else already does. We xor the info with random cookies with a random magic to detect/trip-up overwrites. Major bump to both libc and libpthread due to the API move. ok mpi@
* Restore a return that was inadvertently removed from freezero() in r1.234,jsing2017-10-191-1/+2
| | | | | | | which results in an internal double free when internal functions are not in use. ok otto@
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-122-5/+5
|
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-124-556/+143
| | | | With review/feedback from inoguchi@
* Drop prototypes for ssl23_*() functions, which no longer exist.jsing2017-10-121-11/+1
|
* Add STANDARDS: denis@ spotted that it was missing.schwarze2017-10-121-2/+19
| | | | OK deraadt@ jca@ jmc@
* Convert ssl3_client_hello() to CBB.jsing2017-10-114-93/+64
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-113-53/+19
| | | | Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-103-29/+19
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* ((remove) (some) (unnecessary) (parentheses))jsing2017-10-101-4/+4
| | | | Part of a diff from doug@
* Merge dtls1_connect() into ssl3_connect(), removing a large amount ofjsing2017-10-104-459/+117
| | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
* Reduce non-functional differences between dtls1_accept() andjsing2017-10-081-34/+42
| | | | ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
* Reduce non-functional differences between dtls1_connect() andjsing2017-10-081-32/+38
| | | | ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
* Fix some style/whitespace/indentation issues in ssl3_accept().jsing2017-10-081-25/+14
|
* Fix some style/whitespace/indentation issues in ssl3_connect().jsing2017-10-081-10/+9
|
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-086-57/+52
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* hyphenate DER/PEM-encoded, for consistency;jmc2017-10-082-9/+9
|
* Document tls_peer_cert_chain_pem().jsing2017-10-071-2/+13
| | | | ok beck@
* do not return f() where f is a void function; loop var type fixotto2017-10-051-4/+5
|
* Use dprintf instead of snprintf/writeotto2017-10-051-82/+36
|
* bump version in advance of final releasebcook2017-09-261-3/+3
|
* bump wo 2.6.2libressl-v2.6.2bcook2017-09-261-3/+3
|
* If tls_config_parse_protocols() is called with a NULL pointer, return thejsing2017-09-251-1/+4
| | | | | default protocols instead of crashing - this makes the behaviour more useful and mirrors what we already do in tls_config_set_ciphers() et al.
* Annotate some API-side memory leaks for future resolution.jsing2017-09-251-1/+3
|
* Fix various issues in the OCSP extension parsing code:jsing2017-09-251-20/+14
| | | | | | | | | | | | | | | | | | - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@
* When building the OCSP extension, only add the length prefixed extensionsjsing2017-09-251-6/+6
| | | | | | | after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
* Make delayed free non-optional and make F do an extensive double free check.otto2017-09-231-21/+26
| | | | ok tb@ tedu@
* Keep track of which keypair is in use by a TLS context.jsing2017-09-204-14/+25
| | | | | | | | | | This fixes a bug where by a TLS server with SNI would always only return the OCSP staple for the default keypair, rather than returning the OCSP staple associated with the keypair that was selected via SNI. Issue reported by William Graeber and confirmed by Andreas Bartelt. Fix tested by William Graeber and Andreas Bartelt - thanks!
* Slightly restructure tls_ocsp_verify_cb() to make it more like libtls code.jsing2017-09-201-6/+7
|
* Provide a useful error if there are no OCSP URLs in the peer certificate.jsing2017-09-201-1/+4
|
* Fix indentation.jsing2017-09-201-1/+1
|
* mapalign returns MAP_FAILED for failuer; from George Koehlerotto2017-09-121-2/+2
|
* check double free before canary for chunks; ok millert@otto2017-09-111-5/+5
|
* New POSIX xlocale implementation written from scratch.libressl-v2.6.1schwarze2017-09-0511-96/+396
| | | | | | | | | | | | Complete in the sense that all POSIX *locale(3) and *_l(3) functions are included, but in OpenBSD, we of course only really care about LC_CTYPE and we only support ASCII and UTF-8. With important help from kettenis@, guenther@, and jca@. Repeated testing in ports bulk builds by naddy@. Additional testing by jca@, sebastia@, dcoppa@, and others. OK kettenis@ dcoppa@, and guenther@ on an earlier version. Riding guenther@'s libc/librthread major bump.
* Move mutex, condvar, and thread-specific data routes, pthread_once, andguenther2017-09-052-11/+182
| | | | | | | | pthread_exit from libpthread to libc, along with low-level bits to support them. Major bump to both libc and libpthread. Requested by libressl team. Ports testing by naddy@ ok kettenis@
* Checking sizeof size_t by SIZE_MAX instead of _LP64inoguchi2017-09-031-7/+7
| | | | ok bcook@
* delete pointless .Tn ASCII found by jca@ with mandoc -Tlintschwarze2017-09-021-5/+4
|
* Remove OPENSSL_NO_NEXTPROTONEG - some software creates conflictingjsing2017-08-311-1/+0
| | | | | prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes defined.
* Mention strtok_r in STANDARDSjca2017-08-311-2/+6
| | | | POSIX 2001 instead of POSIX.1c suggested by millert@ and jmc@, ok jmc@
* Move the full extension building into tlsext_{client,server}hello_build(),jsing2017-08-302-47/+26
| | | | | | leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers. ok doug@
* Bump libssl/libtls minors due to symbol (re)addition.jsing2017-08-302-2/+2
|
* Bring back the NPN related symbols.jsing2017-08-303-3/+36
| | | | | | | | | | | Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 22:42:59 +0000