summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove the libssl/src directorybeck2016-09-031190-386114/+0
|
* Be more strict when parsing TLS extensions.jsing2016-08-271-17/+37
| | | | | | Based on a diff from Kinichiro Inoguchi. ok beck@
* Do not *printf %s NULLderaadt2016-08-051-2/+3
| | | | ok bcook
* bump for LibreSSL 2.5.xbcook2016-07-311-3/+3
|
* don't mix code and decls, ok tedu@bcook2016-07-181-2/+3
|
* use memset to initialize the unionbcook2016-07-171-2/+4
|
* remove unused OPENSSL_NO_OBJECT casebcook2016-07-171-14/+1
| | | | ok tedu@
* Initialize buffers before use, noted by Kinichiro Inoguchi.bcook2016-07-171-7/+7
| | | | ok beck@
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* Limit the support of the "backward compatible" ssl2 handshake to only bebeck2016-07-161-1/+9
| | | | | used if TLS 1.0 is enabled. Sugessted/discussed with jsing@ and bcook@. ok guenther@ sthen@
* zero the read buffer after copying data to user so it doesn't linger.tedu2016-07-101-1/+2
| | | | ok beck
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-073-3/+14
| | | | ok beck@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook2016-07-053-10/+42
| | | | | | | | | | | | | | BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* bump to 2.4.2bcook2016-06-301-3/+3
|
* Remove flags for disabling constant-time operations.bcook2016-06-308-177/+87
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesbeck2016-06-251-2/+2
| | | | Generalized Time on requests as per RFC6960
* Fix the ocsp code to actually check for errors when comparing time valuesbeck2016-06-251-7/+31
| | | | | | | | | which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960. Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
* Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.bcook2016-06-213-88/+46
| | | | | | | Improved patch from Cesar Pereida. See https://github.com/libressl-portable/openbsd/pull/61 for more details. ok beck@
* Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.tedu2016-06-061-2/+2
| | | | Mistake noted by Billy Brumley. Many thanks.
* Correct a problem that prevents the DSA signing algorithm from runningbeck2016-06-061-4/+6
| | | | | | | in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida.
* LibreSSL 2.4.1bcook2016-06-061-3/+3
|
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-304-12/+20
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* Fix a short-read bug in the previous version of asn1_d2i_read_biobcook2016-05-201-26/+28
| | | | The outer while() loop is missing, so we only read up to chunk_max bytes.
* fix for integer overflow in encode and encrypt update functions.tedu2016-05-042-6/+11
| | | | | | additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
* fix a padding oracle in aesni cbc mac check. there must be enough datatedu2016-05-041-1/+4
| | | | | for both the mac and padding bytes. CVE-2016-2107 from openssl
* internal only negative types should not be handled here.tedu2016-05-043-9/+3
| | | | CVE-2016-2108 from openssl.
* be careful about consuming excessive memory by reading in chunks.tedu2016-05-041-14/+37
| | | | CVE-2016-2109 from openssl.
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-047-55/+30
|
* prefer limits.h over sys/limits.hbcook2016-05-031-2/+2
|
* patch from openssl for multiple issues:tedu2016-05-038-30/+265
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* don't go into an unbreakable infinite loop during operations suchtedu2016-04-281-1/+2
| | | | | as reading passwords. allow ^C to break. the pain was mine, the fix is miod's.
* Implement the IETF ChaCha20-Poly1305 cipher suites.jsing2016-04-285-46/+168
| | | | | | | | | Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-283-15/+15
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-131-4/+4
| | | | EVP_aead_chacha20_poly1305_ietf().
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-271-1/+3
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-212-4/+4
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-206-8/+8
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* explicit_bzero for asn1 objects on free. Too often these contain sensitive informationbeck2016-03-171-24/+27
| | | | | and they should not be a performance bottleneck ok miod@ krw@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-155-9/+9
| | | | Started by diff from Mical Mazurek.
* Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook2016-03-132-2/+2
| | | | | | | | Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
* Add error handling to the remaining calls to bn_wexpand().bcook2016-03-122-16/+23
| | | | | | | Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
* Remove sentences in RETURN VALUES sections saying that functions withmmcc2016-03-1211-23/+2
| | | | | | | | | | | | | void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
* Bump for LibreSSL 2.4.0bcook2016-03-121-3/+3
|
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-1115-74/+46
| | | | ok doug@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-103-7/+7
|
* http -> https for IETF/IANA URLs in commentsmmcc2016-03-071-4/+4
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-062-3/+9
|
* Make sure stdio functions don't end up in the library, from miod@beck2016-03-063-7/+17
| | | | ok doug@ bcook@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.