summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-1010-29/+29
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-104-13/+121
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-1010-29/+124
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that thejsing2015-02-105-23/+455
| | | | | | | | | code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-096-51/+1155
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0912-43/+787
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-0928-273/+358
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0919-60/+1044
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Jettison SCTP support in BIO dgram.jsing2015-02-092-1052/+2
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Jettison DTLS over SCTP.jsing2015-02-097-409/+7
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Return NULL when there are no shared ciphers.doug2015-02-091-4/+6
| | | | | | | | | | | | | | | | | OpenSSL added this change to avoid an out-of-bounds write since they're accessing p[-1]. We initialize buf and use strrchr() so we aren't subject to the same OOB write. However, we should return NULL rather than an empty string when there are no shared ciphers. Also, KNF a particularly bad section above here that miod noticed. Based on OpenSSL commits: 4ee356686f72ff849f6f3d58562224ace732b1a6 308505b838e4e3ce8485bb30f5b26e2766dc7f8b ok miod@
* This is neither code not proper documentation.miod2015-02-097-157/+0
|
* Remove unused GOST test that prevents clang from building libcrypto.doug2015-02-091-55/+1
| | | | | | | | | | clang warns that it is unused and we have -Werror enabled. This test isn't hooked up to anything yet. We can add it back with a future GOST update. clang 3.5 can now build libssl and libcrypto as long as you use CFLAGS=-Wno-pointer-sign. "seems reasonable" bcook@, miod@
* Use `> 0' instead of `!= 0' as a successful condition formiod2015-02-0810-44/+44
| | | | | | EC_POINT_is_at_infinity() and EC_POINT_is_on_curve(), for they may return -1 should an error arise. ok doug@ jsing@
* Move a few typedef up in this file in order to be able to use them in env_md_stmiod2015-02-081-14/+10
| | | | | and get rid of a silly FIXME comment. ok doug@ jsing@
* Check memory allocation results in EVP_PBE_alg_add_type().miod2015-02-081-3/+10
| | | | ok doug@ jsing@
* Check memory allocation results, as well as stack pushes.miod2015-02-081-9/+34
| | | | | | Also fix a memory leak in one of the error paths of SMIME_read_ASN1(), spotted by doug@ tweaks&ok doug@ jsing@
* Rely upon enc_flags rather than the tls version, to upgrade SHA1+MD5 tomiod2015-02-081-4/+4
| | | | | SHA256 in ssl_get_algorithm2(). From OpenSSL HEAD; ok jsing@
* Lob a KNF grenade into the ecdsa code.jsing2015-02-088-312/+288
|
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Remove useless variables and use the values directly.doug2015-02-071-5/+3
| | | | | | From OpenSSL commit 3d47c1d331fdc7574d2275cda1a630ccdb624b08. ok miod@, jsing@
* Don't support very old versions of Netscape (is there any other kind?).doug2015-02-071-6/+5
| | | | | | | | | | | | | | Apparently "very old" Netscape versions illegally included empty content and a detached signature. OpenSSL removed the #if 0 that protected these users and added a new button OPENSSL_DONT_SUPPORT_OLD_NETSCAPE. It appears to be off by default to keep the hopes and dreams of very old Netscape users alive. We decided to be rebels and disable support. If you installed your browser from floppy disks, it's time to upgrade! Based on OpenSSL commit: 02a938c953b3e1ced71d9a832de1618f907eb96d ok tedu@, miod@, jsing@
* Delete a lot of #if 0 code in libressl.doug2015-02-0745-673/+55
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Convert several of the server side handshake functions to the new handshakejsing2015-02-072-119/+54
| | | | | | message handling routines. ok miod@
* Don't allow tag number 31 in CBB_add_asn1().doug2015-02-072-12/+27
| | | | | | | | | Tag 31 is invalid for a short form identifier octet (single byte). KNF a little more. Based on BoringSSL commit 5ba305643f55d37a3e45e8388a36d50c1b2d4ff5 ok miod@
* Clean up the {get,put}_cipher_by_char() implementations. Also usejsing2015-02-073-30/+14
| | | | | | | ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@
* Only call free in CBB_init().doug2015-02-071-3/+6
| | | | | | | | | | | CBB_init_fixed() should not call free because it can lead to use after free or double free bugs. The caller should be responsible for creating and destroying the buffer. From BoringSSL commit a84f06fc1eee6ea25ce040675fbad72c532afece miod agrees with the reasoning ok jsing@, beck@
* Provide a SSL_CIPHER_get_by_value() function that allows a cipher to bejsing2015-02-074-4/+33
| | | | | | | | | | | | | | retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
* Combine c_allc.c and c_alld.c into c_all.c - there is not much point havingjsing2015-02-073-361/+230
| | | | | | | this split across files, especially when two of them have less code than license text. ok bcook@ beck@ doug@ miod@
* Fix typo and ASN.1 tag number range comment in bytestring.h.doug2015-02-071-4/+4
| | | | | | | | | | CBS_get_asn1() and CBS_get_any_asn1_element() only support the single byte ASN.1 identifier octets (aka short form tags). Tag number 31 is the start of the multi-byte long form per X.690 section 8.1.2.4. From BoringSSL commit 2683af70e73f116e14db2bca6290fa4a010a2ee4 ok miod@
* KNF bytestring files.doug2015-02-064-908/+1096
| | | | | | | | I checked that this doesn't change anything. Compiled with clang using -Wno-pointer-sign -g0 to reduce the differences. Only difference in the asm is due to assert(0) line number changes in bs_cbs.c and bs_cbb.c. miod is ok with the general process.
* Remove accidental, commented out code.doug2015-02-061-11/+1
| | | | This was to test a patch for upstream.
* Unifdef NETSCAPE_HANG_BUG.jsing2015-02-061-22/+1
| | | | | | | If you're still using a buggy version of Netscape from 2000, for HTTPS with client certificates, it is probably a good time to find a new browser. "kill it softly... with napalm and kisses" miod@
* Add additional checks to ssl3_send_client_key_exchange() that ensuresjsing2015-02-061-18/+25
| | | | | | | | ephemeral keys exist for SSL_kDHE and SSL_kECDHE. This would have prevented CVE-2014-3572. ok doug@
* Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.doug2015-02-064-0/+1343
| | | | | | | | | | | | | | This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-0615-16/+91
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().reyk2015-02-063-9/+9
| | | | | As discussed with beck@ jsing@ and others OK beck@
* Declare the x509_(mem|file|dir)_lookup symbols as static because theyreyk2015-02-053-6/+6
| | | | | | | | shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-287-9/+58
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* Place the remainder of e_os2.h under #ifndef LIBRESSL_INTERNAL until we canjsing2015-01-261-1/+5
| | | | | hopefully remove it completely - nothing in LibreSSL should be making use of any of these defines.
* Add AEAD as a "MAC alias" so that it is possible to identify/select ciphersjsing2015-01-262-2/+7
| | | | | | | | that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers (effectively the only ciphers that are still considered to be secure) to be selected using TLSv1.2+AEAD as a cipher string. ok bcook@ doug@ miod@
* Ensure that a ServerKeyExchange message is received if the selected cipherjsing2015-01-231-5/+18
| | | | | | | | | | | | | | suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@
* Use field names in struct initialisers.jsing2015-01-223-33/+33
| | | | No change to generated assembly.
* Support CA verification in chroot'ed processes without direct filereyk2015-01-222-2/+9
| | | | | | | | | | access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Add X509_STORE_load_mem() to load certificates from a memory bufferreyk2015-01-223-2/+167
| | | | | | | | | | | instead of disk. OpenSSL didn't provide a built-in API from loading certificates in a chroot'ed process that doesn't have direct access to the files. X509_STORE_load_mem() provides a new backend that will be used by libssl and libtls to implement such privsep-friendly functionality. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Assume that the size of a pointer will not change at runtime.bcook2015-01-221-28/+15
| | | | | | | Change the runtime check for whether a long is smaller than a pointer to a compile-time check. Replace the silly hash for LLP64 platforms. ok tedu@
* Fix DTLS memory leak (CVE-2015-0206).doug2015-01-211-9/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were four bugs fixed by this patch: * dtls1_buffer_record() now frees rdata->rbuf.buf on error. Since s->s3->rbuf was memset, rdata->rbuf is the only pointer left which points to the old rbuf. On error, rdata is freed so there will not be any way of freeing this memory unless we do it here. * Changed the return code of dtls1_buffer_record() to differentiate between queue full (0) and error (-1). See below as this differs from upstream. * Handle errors if calls to dtls1_buffer_record() fail with -1. Previously, it did not check the return value. * Changed the way receipts are recorded. Previously, it was recorded when processed successfully (whether buffered or not) in dtls1_process_record(). Now, it records when it is handled in dtls1_get_record(): either when it is entered into the queue to buffer for the next epoch or when it is processed directly. Processing buffered records does not add a receipt because it needed one in order to get into the queue. The above bugs combined contributed to an eventual DoS through memory exhaustion. The memory leak came from dtls1_buffer_record()'s error handling. The error handling can be triggered by a duplicate record or malloc failure. It was possible to add duplicate records because they were not being dropped. The faulty receipts logic did not detect replays when dealing with records for the next epoch. Additionally, dtls1_buffer_record()'s return value was not checked so an attacker could send repeated replay records for the next epoch. Reported to OpenSSL by Chris Mueller. Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300. Our patch matches BoringSSL's commit. OpenSSL returns 0 when the queue is full or when malloc() or pitem_new() fails. They return -1 on error including !ssl3_setup_buffers() which is another failure to allocate memory. BoringSSL and LibreSSL changed the return code for dtls1_buffer_record() to be 1 on success, 0 when the queue is full and -1 on error. input + ok bcook@, jsing@
* Fix a memory leak in bss_dgram.doug2015-01-121-3/+13
| | | | | | | | Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
* Avoid a double-free in an error path.doug2015-01-081-1/+2
| | | | ok jsing@ beck@
* Fix incorrect OPENSSL_assert() usage.doug2015-01-031-24/+53
| | | | | | | | Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.