OpenSSL Valhalla Rampage

Provide a ressl config function that explicitly clears keys. Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you.

Add a new API function SSL_CTX_use_certificate_chain() that allows to read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library.

X509v3_add_ext(): do not free stuff we did not allocate in the error path.

X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it, for it may be NULL. Do not leak memory upon error.

Someone (TM) thought it was smart to save memory by using malloc(1) and manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding.

Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments.

revamp the config interface to own memory. easier to use correctly without caller worrying about leaks or lifetimes.

Revert r1.5 and reenable assembler version of ghash now that it has been fixed.

Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, where the 64-bit code has to be disabled under OpenBSD/hppa.

Disable assembler code for ghash on hppa, causes wrong computations in some cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.

There is not much point checking ecdhp is not NULL... twice.

Check that the specified curve is one of the client preferences. Based on OpenSSL.

Fix mmap() calls that check for a result other than MAP_FAILED.

X509_issuer_and_serial_hash(): do not leak memory if an error occurs during the first EVP block.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.