| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
that includes retguard code.
ok mortimer@
|
|
checking the curve.
ok jsing@ tb@
|
|
- Be consistent with _len naming.
- Use size_t where possible/appropriate.
- Group the CBB code.
- Use EVP_MAX_MD_SIZE consistently, instead of "magic" values.
- Switch GOST to EVP_DigestSign*, making it similar to sigalgs.
ok tb@ a while back.
|
|
|
|
|
|
gadgets from libc.
ok deraadt@, kettenis@
|
|
|
|
While POSIX appears to allow the old behaviour of ignoring "oldloc",
Ted and Karl convinced me that is a bug in the spec and the Austin
group almost certainly intended to require the new behaviour.
Anyway, compatibility strongly suggests the new behaviour because
most (or maybe even all?) other systems do not ignore "oldloc",
and some software appears to depend on the copying from "oldloc"
to the new locale.
Issue analyzed and reported by Karl Williamson <public at
khwilliamson dot com> with support from the Perl 5 community.
This final diff is similar to two earlier diffs from Ted,
but handles invalid input in a mode robust way.
OK tedu@.
|
|
last bytes sent may be lost by the server.
|
|
Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@
|
|
ok jsing
|
|
|
|
No other (known) BSD-derived adjtime(2) implementation checks for overflow
when converting delta into its final denomination of fractional seconds.
This is peculiar, as the call originates in 4.3BSD.
However, glibc, uclibc, and (to an extent) musl /do/ check the input and set
EINVAL if it exceeds a certain bound, so we'll just use the errno that they
use to be consistent with extant practice.
Prompted by the comment kettenis@ left when we switched to storing the
adjustment in an int64_t like ~5 years ago (kern_time.c,v 1.87).
Positive feedback from deraadt@, manpage bits ok jmc@,
no code complaints from otto@ or tedu@.
|
|
From phrocker via github.
|
|
|
|
These are no longer used now that we defer signature algorithm selection.
ok beck@
|
|
ok beck@
|
|
Previously the signature algorithm was selected when the TLS extension was
parsed (or the client received a certificate request), however the actual
certificate to be used is not known at this stage. This leads to various
problems, including the selection of a signature algorithm that cannot be
used with the certificate key size (as found by jeremy@ via ruby regress).
Instead, store the signature algorithms list and only select a signature
algorithm when we're ready to do signature generation.
Joint work with beck@.
|
|
This means that any additional CA certificates end up on the per
certificate chain, rather than the single/shared extra_certs.
Also simplify this code and in particular, avoid setting the return value
to indicate success until we've actually succeeded.
ok beck@ tb@
|
|
ok beck@ tb@
|
|
We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.
This also simplifies the code significantly.
ok beck@ tb@
|
|
Note that this is not the full chain, as the leaf certificate currently
remains in the x509 member of CERT_PKEY. Unfortunately we've got to
contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
certificate while others include it...
ok beck@ tb@
|
|
|
|
by realpath(3). This will go away post 6.5.
ok deraadt@
|
|
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
|
|
Otherwise matching a specific cipher is performed by matching against
its characteristics, which can result in multiple rather than a single
match.
Found by bluhm@'s regress tests.
ok bluhm@ tb@
|
|
depth of 128 - For oss-fuzz issue 13802
ok jsing@
|
|
Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@
|
|
corefiles. Instead call OPENSSL_assert(), which has recently been trained
to do this in a safer (if more awkward to debug) way.
discussed with jsing and beck a while back
|
|
sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@
|
|
There is no point in checking permissions of files in root-owned
directories. If it even was a problem, secure_path(3) suffers from
unsolvable TOCTOU issues. OK deraadt@
|
|
to make clang happier.
No binary change with gas.
|
|
In OpenBSD's case, we know it has optimal entropy properties,
so just say so.
okay mikeb@, "why not" deraadt@
|
|
|
|
ok jmc@
|
|
still under a free license, tweaked by me
|
|
|
|
The algorithm is insecure and yet its description would spread over
three paragraphs in the cipher list, including remarkable advice
like using a 40 bit key length.
|
|
this moves a large number of functions out of the way that are no
longer the latest and greatest. Also mention a few that were missing.
|
|
that are also documented in OpenSSL 1.1.1 (still under a free license)
|
|
in r1.28 when the AES ciphers were split into their own manual.
|
|
okay tb@
|
|
patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
|
|
AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@.
|
|
Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@
|
|
|
|
check for overflow correctly after computing a file offset
|
|
includes changes to address problems sunil@ found with fuzzing
original diff from and ok sunil@
|
