summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-02-07Provide a SSL_CIPHER_get_by_value() function that allows a cipher to beJoel Sing
retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
2015-02-07Stop defining TERMIOS, ANSI_SOURCE and OPENSSL_NO_RC5 for libssl builds.Joel Sing
The first two are unused in libssl/libcrypto and OPENSSL_NO_RC5 is already defined via openssl/opensslfeatures.h. ok beck@ doug@ miod@
2015-02-07Combine c_allc.c and c_alld.c into c_all.c - there is not much point havingJoel Sing
this split across files, especially when two of them have less code than license text. ok bcook@ beck@ doug@ miod@
2015-02-07Fix typo and ASN.1 tag number range comment in bytestring.h.Doug Hogan
CBS_get_asn1() and CBS_get_any_asn1_element() only support the single byte ASN.1 identifier octets (aka short form tags). Tag number 31 is the start of the multi-byte long form per X.690 section 8.1.2.4. From BoringSSL commit 2683af70e73f116e14db2bca6290fa4a010a2ee4 ok miod@
2015-02-06SIZE_MAX is standard, we should be using it in preference to theTodd C. Miller
obsolete SIZE_T_MAX. OK miod@ beck@
2015-02-06KNF bytestring files.Doug Hogan
I checked that this doesn't change anything. Compiled with clang using -Wno-pointer-sign -g0 to reduce the differences. Only difference in the asm is due to assert(0) line number changes in bs_cbs.c and bs_cbb.c. miod is ok with the general process.
2015-02-06Remove accidental, commented out code.Doug Hogan
This was to test a patch for upstream.
2015-02-06Unifdef NETSCAPE_HANG_BUG.Joel Sing
If you're still using a buggy version of Netscape from 2000, for HTTPS with client certificates, it is probably a good time to find a new browser. "kill it softly... with napalm and kisses" miod@
2015-02-06Add additional checks to ssl3_send_client_key_exchange() that ensuresJoel Sing
ephemeral keys exist for SSL_kDHE and SSL_kECDHE. This would have prevented CVE-2014-3572. ok doug@
2015-02-06Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.Doug Hogan
This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
2015-02-06Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.Joel Sing
This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
2015-02-06Add support for stravis() to vis.3 and Makefile.inc.Doug Hogan
stravis(3) is an OpenBSD extension that was added recently. input + ok schwarze@, jmc@, deraadt@
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
As discussed with beck@ jsing@ and others OK beck@
2015-02-05Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@Todd C. Miller
2015-02-05macro fixes from Kaspars at Bankovskis dot net;Ingo Schwarze
also fixing one typo in fts(3) while here
2015-02-05Declare the x509_(mem|file|dir)_lookup symbols as static because theyReyk Floeter
shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@
2015-02-04Replace realloc() with reallocarray() in libkeynote. Do not freeAlexander Bluhm
keynote_lex_list after it has been reallocated. Found by Benjamin Baier with llvm/scan-build; OK florian@
2015-02-04Return the correct report ID when hitting a "collection" item.Martin Pieuchot
Collection are reported before their corresponding report ID, so bring back the trick from old parser and do not return them until we find a report ID or another start or end of collection. Fix a regression introduced by last parser backport from FreeBSD reported by Benjamin Baier, thanks!
2015-01-31fix macro usage; from Kaspars at Bankovskis dot netIngo Schwarze
2015-01-30fix a possible NULL-deref when trying to deref ifa->ifa_addrGilles Chehade
ok eric@
2015-01-30Make the TLS connect and accept error messages consistent.Alexander Bluhm
OK jsing@
2015-01-30Rework vis.3 so it has standard sections.Doug Hogan
Moved the return values from the description to a proper return values section. Broke up the description into function description followed by a subsection for the range and encoding. Replaced srclen with strlen(src) when srclen isn't an argument. Moved the common flag argument to its own paragraph. input schwarze@, input + ok jmc@
2015-01-29Use .Rv where appropriate, and move it to RETURN VALUES;Ingo Schwarze
remove .Tn, and a few minor macro adjustments. Patch from Kaspars at Bankovskis dot net.
2015-01-28dial the time back to about 0.1s, closer to the original targets andTed Unangst
friendlier for users. requested by deraadt
2015-01-28Fix a number of issues relating to algorithms in signatures, MostlyBob Beck
from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
2015-01-26Place the remainder of e_os2.h under #ifndef LIBRESSL_INTERNAL until we canJoel Sing
hopefully remove it completely - nothing in LibreSSL should be making use of any of these defines.
2015-01-26Add AEAD as a "MAC alias" so that it is possible to identify/select ciphersJoel Sing
that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers (effectively the only ciphers that are still considered to be secure) to be selected using TLSv1.2+AEAD as a cipher string. ok bcook@ doug@ miod@
2015-01-25mention that the kern.global_ptrace sysctl also affects PT_ATTACHTed Unangst
2015-01-24Add back <sys/param.h>; it's needed for MACHINE_STACK_GROWS_UP.Mark Kettenis
ok millert@, tobiasu@
2015-01-23More missing $OpenBSD$.Kenneth R Westerback
ok nicm@
2015-01-23Ensure that a ServerKeyExchange message is received if the selected cipherJoel Sing
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@
2015-01-22Fix logic botch causing warnings with Clang. Reported by dhill, matchesMiod Vallat
similar changes in FreeBSD a few years ago.
2015-01-22Possibly uninitialized variable. From Clang via dhill.Miod Vallat
2015-01-22Document that changes made to the directory hierarchy of the chrootTodd C. Miller
jail may inadvertanly allow a process to escape. Also mention the problem of directory fd passing. Based on a diff from deraadt@
2015-01-22Use field names in struct initialisers.Joel Sing
No change to generated assembly.
2015-01-22last entry in NAME should not have a trailing comma;Jason McIntyre
2015-01-22Add MLINK for tls_config_set_ca_mem()Reyk Floeter
2015-01-22Allow to to load the CA chain directly from memory instead ofReyk Floeter
specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
2015-01-22Support CA verification in chroot'ed processes without direct fileReyk Floeter
access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
2015-01-22Add X509_STORE_load_mem() to load certificates from a memory bufferReyk Floeter
instead of disk. OpenSSL didn't provide a built-in API from loading certificates in a chroot'ed process that doesn't have direct access to the files. X509_STORE_load_mem() provides a new backend that will be used by libssl and libtls to implement such privsep-friendly functionality. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
2015-01-22Assume that the size of a pointer will not change at runtime.Brent Cook
Change the runtime check for whether a long is smaller than a pointer to a compile-time check. Replace the silly hash for LLP64 platforms. ok tedu@
2015-01-22Do not need to include <sys/cdefs.h> when headers included above end upTheo de Raadt
doing so.
2015-01-21Truncate progname to NAME_MAX in the syslog message, to ensure otherTheo de Raadt
information also makes it through. This is a compromise to cope with the absolutely ridiculous setprogname() API. ok various discussions
2015-01-21Fix DTLS memory leak (CVE-2015-0206).Doug Hogan
There were four bugs fixed by this patch: * dtls1_buffer_record() now frees rdata->rbuf.buf on error. Since s->s3->rbuf was memset, rdata->rbuf is the only pointer left which points to the old rbuf. On error, rdata is freed so there will not be any way of freeing this memory unless we do it here. * Changed the return code of dtls1_buffer_record() to differentiate between queue full (0) and error (-1). See below as this differs from upstream. * Handle errors if calls to dtls1_buffer_record() fail with -1. Previously, it did not check the return value. * Changed the way receipts are recorded. Previously, it was recorded when processed successfully (whether buffered or not) in dtls1_process_record(). Now, it records when it is handled in dtls1_get_record(): either when it is entered into the queue to buffer for the next epoch or when it is processed directly. Processing buffered records does not add a receipt because it needed one in order to get into the queue. The above bugs combined contributed to an eventual DoS through memory exhaustion. The memory leak came from dtls1_buffer_record()'s error handling. The error handling can be triggered by a duplicate record or malloc failure. It was possible to add duplicate records because they were not being dropped. The faulty receipts logic did not detect replays when dealing with records for the next epoch. Additionally, dtls1_buffer_record()'s return value was not checked so an attacker could send repeated replay records for the next epoch. Reported to OpenSSL by Chris Mueller. Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300. Our patch matches BoringSSL's commit. OpenSSL returns 0 when the queue is full or when malloc() or pitem_new() fails. They return -1 on error including !ssl3_setup_buffers() which is another failure to allocate memory. BoringSSL and LibreSSL changed the return code for dtls1_buffer_record() to be 1 on success, 0 when the queue is full and -1 on error. input + ok bcook@, jsing@
2015-01-20Adjust <sys/param.h> comments regarding use of use of MAXFRAG, orTheo de Raadt
delete <sys/param.h> if now possible ok guenther
2015-01-20Revert some $OpenBSD$ additions about which there are doubts.Kenneth R Westerback
Suggested by deraadt@
2015-01-20We do not support AIO, so comment it out in the kqueue(2) manpage for now.Reyk Floeter
OK jmc@ guenther@
2015-01-20Missing $OpenBSD$'s.Kenneth R Westerback
ok deraadt@
2015-01-19Explicitly mention that PATH_MAX includes the NUL in the ENAMETOOLONGTodd C. Miller
description.
2015-01-19Talk about thread-local errno and do not mention "extern int errno".Todd C. Miller
Also correct the string version of error 0. OK guenther@