summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-25Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.Doug Hogan
For backward compatibility, the flags are redefined as 0. ok jsing@
2015-10-25Remove last vestige of SSL_OP_NO_SSLv3 support.Doug Hogan
No part of LibreSSL checks for this flag any longer. ok jsing@
2015-10-25Simplify ssl23_get_client_hello error handling.Doug Hogan
ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
2015-10-22Another change that is needed to restore the previous behaviour ofJoel Sing
ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
2015-10-22Restore previous behaviour and allowJoel Sing
ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
2015-10-21Reject too small bits value in BN_generate_prime_ex(), so that it does not riskMiod Vallat
becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@
2015-10-21In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 codeJoel Sing
will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@
2015-10-20Lob a style(9) grenade in here.Joel Sing
2015-10-19free rbio before wbioBob Beck
ok jsing@
2015-10-19Stop supporing "legcay" time formats that OpenSSL supports. Rewrite theBob Beck
utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
2015-10-16Remove pointless externs - the structs are declared in the same files aJoel Sing
few lines above.
2015-10-16Expand DECLARE_ASN1_ALLOC_FUNCTIONS and DECLARE_ASN1_FUNCTIONS_constJoel Sing
macros. The only change in the generated assembly is due to line numbering.
2015-10-16Remove pointless uses of DECLARE_ASN1_ENCODE_FUNCTIONS_const.Joel Sing
DECLARE_ASN1_FUNCTIONS_const already includes this macro so using both means we end up with duplicate function prototypes and externs.
2015-10-16Fix use of pointer value after BIO_free, and remove senseless NULL checks.Bob Beck
ok bcook@
2015-10-16actually include the prerequisite dependency for BIO instead of doing nastynessBob Beck
2015-10-14better fix for overrun reported by Qualys Security.Ted Unangst
buf is at all times kept nul terminated, so there is no need to enforce this again upon exit. (no need to move buf around after we exahust space.) ok beck miod
2015-10-14Bail out early if we have no buf_lenBob Beck
ok miod@
2015-10-14fix a memory leak reported by Qualys Security.Ted Unangst
move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod
2015-10-14Ensure we don't write a 0 byte past end of the buffer in the error case.Bob Beck
ok bcook@ deraadt@
2015-10-14Add EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API.Reyk Floeter
The "authenticated encryption with additional data" API is used for ciphers like AES-GCM or ChaCha20-Poly1305. The manpage is a beginning and certainly needs more work, especially improvements in the EXAMPLES section. Based on agl's source code comments. Converted from pod to mandoc by schwarze@ OK schwarze@ jsing@
2015-10-13Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL.Joel Sing
2015-10-13Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into anJoel Sing
actual function. This removes the last ASN1_dup_of usage from the tree. Feedback from doug@ and miod@
2015-10-13Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros toJoel Sing
ASN1_item_{d2i,i2d}_{bio,fp}() function calls. ok beck@ doug@
2015-10-13Group d2i/i2d function prototypes by type and add missing externs for theJoel Sing
DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs.
2015-10-12unifdef EVP_CHECK_DES_KEY: Ben Kaduk noticed it has a syntax error; thatPhilip Guenther
error was present in the original 2004 commit, so it hasn't been used in over 11 years, thus exceeding our deprecation requirements by over a decade. OpenSSL has chosen to *fix it*; we'll gladly watch it burn ok jsing@
2015-10-08Rip the guts out of another gibbering horror of a time comparison function, andBob Beck
mark it as #ifndef LIBRESSL_INTERNAL at least we don't use this. ok jsing@
2015-10-08revert previous accidental commitBob Beck
2015-10-08Spelling in commentBob Beck
2015-10-07include <sys/time.h> for gettimeofday(2)Brent Cook
2015-10-06prefer limits.h over sys/limits.hBrent Cook
ok deraadt@
2015-10-05Make sure dot is not set after tz - fixes incorrect handling, which allowsJoel Sing
20151005171301+1.09Z to be treated as a valid time. ok beck@
2015-10-04Apply some style(9), tweak a few things for readability and add someJoel Sing
additional bounds checks. ok beck@
2015-10-03SSL_new(): fix ref counting and memory leak in error path.Doug Hogan
Rather than a half-hearted attempt to free up resources and fix ref counting at the SSL_CTX level, let SSL_free() do its job. This diff got lost in the shuffle somewhere. It's from last year. Ref counting error reported by Parakleta in github ticket #51. Thanks! ok jsing@, beck@
2015-10-02Flense the greasy black guts of unreadble string parsing code out of three areasBob Beck
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
2015-10-02s/ssl3_client_kex/ssl3_send_client_kex/ for consistency with the caller.Joel Sing
2015-09-30Place all of the ASN1 M_ macros under #ifndef LIBRESSL_INTERNAL.Joel Sing
2015-09-30Expand M_i2d_ASN1_OCTET_STRING macros - no change in generated assembly,Joel Sing
aside from line numbers.
2015-09-30s/M_ASN1_ENUMERATED_free/ASN1_ENUMERATED_free/Joel Sing
2015-09-30Replace M_ASN1_ENUMERATED_(free|new) with ASN1_ENUMERATED_(free|new).Joel Sing
2015-09-30Replace M_ASN1_OCTET_STRING_(free|new) with ASN1_OCTET_STRING_(free|new).Joel Sing
2015-09-30Replace M_ASN1_UTCTIME_(new|free) with ASN1_UTCTIME_(new|free).Joel Sing
2015-09-30Replace M_ASN1_IA5STRING_(new|free) with ASN1_IA5STRING_(new|free). SameJoel Sing
with one s/M_ASN1_VISIBLESTRING_new/ASN1_VISIBLESTRING_new/.
2015-09-30Replace M_ASN1_GENERALIZEDTIME_(new|free) withJoel Sing
ASN1_GENERALIZEDTIME_(new|free).
2015-09-30s/M_ASN1_TIME_free/ASN1_TIME_free/Joel Sing
2015-09-30Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isJoel Sing
different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
2015-09-30Remove unnecessary type assignments - M_ASN1_INTEGER_new() already setsJoel Sing
the type to V_ASN1_INTEGER. ok doug@
2015-09-30Remove support for NO_ASN1_TYPEDEFS.Doug Hogan
This ifdef was introduced 15 years ago and was known to cause problems with STACK_OF() back then. ok jsing@, beck@, jca@
2015-09-29convert "last_time" to a time_t, to handle beyond Y2038Theo de Raadt
ok guenther miod
2015-09-29Replace remaining M_ASN1_BIT_STRING_(new|free) macros with calls toJoel Sing
ASN1_BIT_STRING_(new|free). ok beck@ doug@
2015-09-28remove excessive brackets on pointer mathTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-25 22:25:53 +0000