summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* More missing error checks I forgot to commit last week, part of the largemiod2014-11-181-12/+23
| | | | cleanup diff.
* Return success in param_copy_gost01() if there is no private key to copy;miod2014-11-181-2/+2
| | | | | broken in r1.3. Spotted by Dmitry Eremin-Solenikov
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-183-6/+6
| | | | the function argument not being NULL
* Add the Cammelia cipher to libcrypto.miod2014-11-172-4/+3
| | | | | | | | | | | | | | | | | | There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
* Make the ECDSA_SIG bowels public. This matches RSA_SIG and DSA_SIG, and wemiod2014-11-172-30/+30
| | | | | | expect a good use for this knowledge in the tree in the near future. Contributed by Vincent Gross, thanks!
* Sort and group includes.jsing2014-11-1637-93/+163
|
* Add many missing error checks (probably not exhaustive, but a good start):miod2014-11-136-287/+488
| | | | | | | | | | | | - make VKO_compute_key() no longer void so that it can return failure. - fix unchecked allocations in too many routines to mention /-: - fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(), VKO_compute_key(). - fix the gost2001_do_sign() interface violation by having its sole caller free the BIGNUM it passes to that function by itself, instead of having the callee do this. Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
* Sacrifice this code to the KNF deities.miod2014-11-139-402/+401
|
* Fix GOST TC26-B curve description.miod2014-11-121-2/+2
|
* f{read,write} take a number of items and an item size as arguments, andmiod2014-11-112-14/+7
| | | | | | | | | | | | | | | | | | | | | return the number of items read of written. When you intend to return the number of bytes actually processed, it is wise to pass 1 as the item size and the size as the number of items. But in *some* places, the OpenSSL does the opposite, and has extra logic to change a successful return of 1 (item processed) into the real size. And, guess why it does that? Because of old VMS, for they (used to) have a substandard stdio implementation. Note that this change causes the return values of BIO_dump_fp() and BIO_dump_indent_fp() to no longer be useless (actual number of callback calls), but actual bytes output. Given the irrelevance of the return value before, it is unlikely that anything depends upon it (and if something does, it probably has other problems in need for a fix...) ok tedu@ beck@ jsing@
* Don't free garbage in ec_wNAF_mul() if wNAF could be allocated butguenther2014-11-111-5/+11
| | | | | | | other allocations in the same block couldn't. problem pointed out by David Ramos on the openssl-dev list ok miod@ doug@
* KNF (when not conflicting with other cleanup changes in progress)miod2014-11-0914-373/+507
|
* Remove DEBUG_SIGN code. Make sure gost_key_unwrap_crypto_pro() returns failuremiod2014-11-092-19/+4
| | | | instead of a printf and a success return, when the operation fails.
* Rename internal yet public key_{un,}wrap_crypto_pro symbols by prepending amiod2014-11-093-30/+32
| | | | | `gost_' prefix to them, so that we do not pollute the global namespace too much.
* Replace RAND_bytes() usage with arc4random_buf().miod2014-11-093-10/+3
|
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-0937-15/+6550
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Introduce EVP_MD_CTX_ctrl(), to allow for fine control of a given digest.miod2014-11-091-1/+25
| | | | | | | | | This functionality was already available (and optional), and used in the bowels of the ASN.1 code. This exposes it as a public interface, which will be used by the upcoming GOST code. Crank libcrypto minor version. From Dmitry Eremin-Solenikov.
* Allow digest routines to provide their own HASH_FINAL routine; will bemiod2014-11-091-3/+5
| | | | | | necessary for upcoming GOST code. From Dmitry Eremin-Solenikov
* Clean up more SSLv2 remnants.jsing2014-11-083-29/+15
|
* only call SRTP (whatever that is) functions when the connection type istedu2014-11-031-5/+5
| | | | DTLS (whatever that is) instead of for TLS too. ok jsing.
* minor cleanup of zlib code. DSO is gone. ok jsing.tedu2014-11-035-217/+7
|
* Remove remnants from RC2 and SEED - there are no longer any cipher suitesjsing2014-11-022-53/+23
| | | | | | | that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
* Remove an outdated comment re EDH vs DHE - DHE is now used consistently andjsing2014-10-311-8/+1
| | | | there are backwards compatible names/aliases for EDH.
* Update comments for TLS ExtensionType values - many of the referencedjsing2014-10-311-38/+46
| | | | | drafts are now RFCs. Also add the TLS extension type for ALPN and be consistent with RFC reference formatting.
* Remove now unused remnants from public structs.jsing2014-10-312-7/+2
|
* Add support for automatic DH ephemeral keys.jsing2014-10-316-22/+97
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-317-237/+44
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* deregister; no binary changejsg2014-10-2850-230/+230
| | | | ok jsing@ miod@
* Check the result of sk_*_push() operations for failure.miod2014-10-289-44/+85
| | | | ok doug@ jsing@
* In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocationmiod2014-10-221-8/+9
| | | | | of p12->mac->salt->data has actually succeeded. In one of my trees for a long time already...
* Avoid a NULL pointer dereference that can be triggered byjsing2014-10-221-2/+2
| | | | | | | | SSL3_RT_HANDSHAKE replays. Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks! ok deraadt@
* Place most of the RAND_* functions under #ifndef LIBRESSL_INTERNAL (somejsing2014-10-221-1/+4
| | | | are still needed for the engine). Our code should use arc4random instead.
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-2227-130/+101
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* digests: *_LONG_LOG2 is not used, stop talking about it.bcook2014-10-207-28/+11
| | | | | | | | Modified patch from Dmitry Eremin-Solenikov leave the sole public define in ripemd.h ok deraadt@ miod@
* SSL: Fix memory leak in d2i_SSL_SESSION.bcook2014-10-201-1/+2
| | | | | | | | | | | | | | | | | | | | Modified version of patch from Dmitry Eremin-Solenikov. ==28360== 98 bytes in 2 blocks are definitely lost in loss record 7 of 7 ==28360== at 0x402AC54: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==28360== by 0x40E2D2C: ASN1_STRING_set (asn1_lib.c:393) ==28360== by 0x40EC22C: asn1_ex_c2i (tasn_dec.c:959) ==28360== by 0x40EC632: asn1_d2i_ex_primitive (tasn_dec.c:824) ==28360== by 0x40ED2E6: ASN1_item_ex_d2i (tasn_dec.c:230) ==28360== by 0x40ED421: ASN1_item_d2i (tasn_dec.c:133) ==28360== by 0x40F0335: d2i_ASN1_OCTET_STRING (tasn_typ.c:75) ==28360== by 0x405FD6D: d2i_SSL_SESSION (ssl_asn1.c:367) ==28360== by 0x405DD6E: ssl3_send_newsession_ticket (s3_srvr.c:2743) ==28360== by 0x405EA48: ssl3_accept (s3_srvr.c:665) ==28360== by 0x4067C34: SSL_accept (ssl_lib.c:922) ==28360== by 0x404E97B: ssl23_get_client_hello (s23_srvr.c:573) ok miod@ beck@
* None of these need to include <openssl/rand.h>jsing2014-10-1831-64/+31
|
* Sort/group includes.jsing2014-10-181-25/+26
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-1817-65/+38
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Typical malloc() with size multiplication to reallocarray().doug2014-10-182-8/+8
| | | | ok deraadt@
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-164-8/+12
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* Disable SSLv3 by default.jsing2014-10-151-1/+4
| | | | | | | | | | | | | | SSLv3 has been long known to have weaknesses and the POODLE attack has once again shown that it is effectively broken/insecure. As such, it is time to stop enabling a protocol was deprecated almost 15 years ago. If an application really wants to provide backwards compatibility, at the cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be used to re-enable it on a per-application basis. General agreement from many. ok miod@
* Only require an EC public key in tls1_set_ec_id(), if we need to providejsing2014-10-151-4/+4
| | | | | | | a compression identifier. In the case of a server using ephemeral EC keys, the supplied key is unlikely to have a public key where SSL_CTX_set_tmp_ecdh() is called after SSL_OP_SINGLE_ECDH_USE has been set. This makes ECDHE ciphers work again for this use case.
* Add cipher aliases for DHE (the correct name for EDH) and ECDHE (thejsing2014-10-152-4/+16
| | | | | correct name for EECDH). The EDH and EECDH aliases remain for backwards compatibility.
* Bump libressl version string to 2.1.bcook2014-10-141-2/+2
| | | | | | | | | | | This makes 'openssl version' print a string that matches the -portable release number. Thanks to @blakkeim for pointing it out. The version integer is left alone, with the idea of discouraging software from relying on magic numbers for detecting features. Software configuration should do explicit feature tests instead. ok beck@, deraadt@
* The return value on success of fcntl(F_SETFL) is not actually specified,bcook2014-10-131-3/+3
| | | | | | only that it returns -1 on failure. pointed out by guenther@
* Use O_NONBLOCK over FIONBIO.bcook2014-10-131-2/+8
| | | | | | | | | Prefer this because it is the POSIX standard and has consistent behavior across platforms. Use BIO_socket_nbio consistently across the tree. from Jonas 'Sortie' Termansen, ok deraadt@
* Remove useless comments in DES_is_weak_key(). Do we really care that thismiod2014-10-121-14/+10
| | | | function was found broken in 1993, and later on in 1997?
* Paranoia: in ASN1_mbstring_ncopy(), check for len < 0 instead of len == -1,miod2014-10-121-2/+2
| | | | in order to catch all negative sizes.
* Convert libssl manpages from pod to mdoc(7).bentley2014-10-12166-7737/+9969
| | | | | | libcrypto has not been started yet. ok schwarze@ miod@
* Use strdup() instead of malloc() + memcpy().miod2014-10-071-8/+3
| | | | ok doug@ jsing@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.