| Age | Commit message (Collapse) | Author |
|---|
|
ok tedu@
|
|
other ports do.
|
|
CBB_init_fixed() should not call free because it can lead to use after
free or double free bugs. The caller should be responsible for
creating and destroying the buffer.
From BoringSSL commit a84f06fc1eee6ea25ce040675fbad72c532afece
miod agrees with the reasoning
ok jsing@, beck@
|
|
failures return something that is actually useful to the caller.
ok reyk@
|
|
retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value()
function returns the cipher suite value for a given SSL_CIPHER. These
functions should mean that software does not need to resort to
put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher.
Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a
cipher via the internal cipher identifier. Unfortunately these have already
been leaked outside the library via SSL_CIPHER_by_id() and the various
SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers.
ok beck@ miod@
|
|
The first two are unused in libssl/libcrypto and OPENSSL_NO_RC5 is already
defined via openssl/opensslfeatures.h.
ok beck@ doug@ miod@
|
|
this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@
|
|
CBS_get_asn1() and CBS_get_any_asn1_element() only support the single
byte ASN.1 identifier octets (aka short form tags). Tag number 31 is
the start of the multi-byte long form per X.690 section 8.1.2.4.
From BoringSSL commit 2683af70e73f116e14db2bca6290fa4a010a2ee4
ok miod@
|
|
obsolete SIZE_T_MAX. OK miod@ beck@
|
|
I checked that this doesn't change anything. Compiled with clang using
-Wno-pointer-sign -g0 to reduce the differences. Only difference in the
asm is due to assert(0) line number changes in bs_cbs.c and bs_cbb.c.
miod is ok with the general process.
|
|
This was to test a patch for upstream.
|
|
If you're still using a buggy version of Netscape from 2000, for HTTPS with
client certificates, it is probably a good time to find a new browser.
"kill it softly... with napalm and kisses" miod@
|
|
ephemeral keys exist for SSL_kDHE and SSL_kECDHE.
This would have prevented CVE-2014-3572.
ok doug@
|
|
This is imported with as few changes as possible for the initial commit.
I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc()
and changed a few header includes.
BoringSSL has this as part of their public API. We're leaving it internal
to libssl for now.
Based on BoringSSL's CBB/CBS API as of commit
c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54.
input + ok jsing@, miod@
|
|
This API was intended to be an internal only, however like many things in
OpenSSL, it is exposed externally and parts of the software ecosystem are
now using it since there is no real alternative within the public API.
ok doug@, tedu@ and reluctantly miod@
|
|
stravis(3) is an OpenBSD extension that was added recently.
input + ok schwarze@, jmc@, deraadt@
|
|
As discussed with beck@ jsing@ and others
OK beck@
|
|
|
|
also fixing one typo in fts(3) while here
|
|
shouldn't be used directly. They aren't part of the API; each module
(file, dir, mem) provides an actual function to export the now-static
object.
OK miod@
|
|
keynote_lex_list after it has been reallocated.
Found by Benjamin Baier with llvm/scan-build; OK florian@
|
|
Collection are reported before their corresponding report ID, so bring
back the trick from old parser and do not return them until we find a
report ID or another start or end of collection.
Fix a regression introduced by last parser backport from FreeBSD
reported by Benjamin Baier, thanks!
|
|
|
|
ok eric@
|
|
OK jsing@
|
|
Moved the return values from the description to a proper return values
section. Broke up the description into function description followed
by a subsection for the range and encoding. Replaced srclen with
strlen(src) when srclen isn't an argument. Moved the common flag argument
to its own paragraph.
input schwarze@, input + ok jmc@
|
|
remove .Tn, and a few minor macro adjustments.
Patch from Kaspars at Bankovskis dot net.
|
|
friendlier for users. requested by deraadt
|
|
from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@
|
|
hopefully remove it completely - nothing in LibreSSL should be making use
of any of these defines.
|
|
that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.
ok bcook@ doug@ miod@
|
|
|
|
ok millert@, tobiasu@
|
|
ok nicm@
|
|
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.
Issue reported to OpenSSL by Karthikeyan Bhargavan.
Based on OpenSSL.
Fixes CVE-2014-3572.
ok beck@
|
|
similar changes in FreeBSD a few years ago.
|
|
|
|
jail may inadvertanly allow a process to escape. Also mention the
problem of directory fd passing. Based on a diff from deraadt@
|
|
No change to generated assembly.
|
|
|
|
|
|
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.
With feedback, tests, and OK from bluhm@
|
|
access to the certificates. SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
instead of disk. OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files. X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
Change the runtime check for whether a long is smaller than a pointer to a
compile-time check. Replace the silly hash for LLP64 platforms.
ok tedu@
|
|
doing so.
|
|
information also makes it through. This is a compromise to cope with
the absolutely ridiculous setprogname() API.
ok various discussions
|
|
There were four bugs fixed by this patch:
* dtls1_buffer_record() now frees rdata->rbuf.buf on error. Since
s->s3->rbuf was memset, rdata->rbuf is the only pointer left which
points to the old rbuf. On error, rdata is freed so there will not
be any way of freeing this memory unless we do it here.
* Changed the return code of dtls1_buffer_record() to differentiate
between queue full (0) and error (-1). See below as this differs
from upstream.
* Handle errors if calls to dtls1_buffer_record() fail with -1.
Previously, it did not check the return value.
* Changed the way receipts are recorded. Previously, it was recorded
when processed successfully (whether buffered or not) in
dtls1_process_record(). Now, it records when it is handled in
dtls1_get_record(): either when it is entered into the queue to buffer
for the next epoch or when it is processed directly. Processing
buffered records does not add a receipt because it needed one in
order to get into the queue.
The above bugs combined contributed to an eventual DoS through memory
exhaustion. The memory leak came from dtls1_buffer_record()'s error
handling. The error handling can be triggered by a duplicate record
or malloc failure. It was possible to add duplicate records because
they were not being dropped. The faulty receipts logic did not detect
replays when dealing with records for the next epoch. Additionally,
dtls1_buffer_record()'s return value was not checked so an attacker
could send repeated replay records for the next epoch.
Reported to OpenSSL by Chris Mueller.
Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f
and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300.
Our patch matches BoringSSL's commit. OpenSSL returns 0 when the queue
is full or when malloc() or pitem_new() fails. They return -1 on error
including !ssl3_setup_buffers() which is another failure to allocate
memory.
BoringSSL and LibreSSL changed the return code for dtls1_buffer_record()
to be 1 on success, 0 when the queue is full and -1 on error.
input + ok bcook@, jsing@
|
|
delete <sys/param.h> if now possible
ok guenther
|
|
Suggested by deraadt@
|
