summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* kssl is dead.tedu2014-05-291-68/+0
|
* no space before labeltedu2014-05-294-54/+54
|
* line up else bettertedu2014-05-292-10/+4
|
* define -DLIBRESSL_INTERNAL in here so we don't use nastiesbeck2014-05-291-2/+2
| | | | ok deraadt@
* consistent bracestedu2014-05-292-26/+26
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-2926-434/+0
| | | | ok deraadt jsing
* repair KNF indentderaadt2014-05-292-2/+2
|
* use calloc, from Benjamin Baiertedu2014-05-292-10/+2
|
* Make it substantially easier to identify protocol version requirementsjsing2014-05-2916-18/+164
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* When you have functions that perform specific functions, use them.jsing2014-05-292-36/+18
| | | | | | | | EVP_CIPHER_CTX_free() does a NULL check, then calls EVP_CIPHER_CTX_cleanup() and frees the memory. COMP_CTX_free() also had its own NULL check, so there is no point in duplicating that here. ok beck@
* Fix another two cases where the return value of ssl_replace_hash() isjsing2014-05-292-16/+36
| | | | | | | | | | | | | | | unchecked. In the case of tls1_change_cipher_state(), it is fairly pointless to use ssl_replace_hash(), since it does not initialise the hash and there is special handling required in the DTLS write case. Instead, just inline the part of ssl_replace_hash() that is needed and only ssl_clear_hash_ctx() the write hash in the non-DTLS case. Also add a detailed comment explaining why there needs to be specialised handling for DTLS write context and where the contexts are actually freed. ok miod@
* Add missing NULL checks for calls to ssl_replace_hash(). This functionjsing2014-05-291-2/+6
| | | | | | | calls EVP_MD_CTX_create(), which will return NULL if it fails to allocate memory. ok miod@
* More KNF.jsing2014-05-282-22/+24
|
* Refactor tls1_change_cipher_state() and split the compression handling outjsing2014-05-282-64/+88
| | | | | | | | from the cipher and message digest handling, allowing for upcoming changes. Based on Adam Langley's chromium diffs. ok miod@
* EVP_MD_CTX_create() calls malloc and can return NULL. However, only one ofjsing2014-05-285-2/+16
| | | | | | | the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-2826-320/+168
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* More KNF.jsing2014-05-282-6/+4
|
* Fix a Y2038 problem, by conversion of long to time_t.deraadt2014-05-274-36/+16
| | | | | | | | | The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible. ok miod guenther
* Remove unused defines.miod2014-05-272-18/+0
|
* Remove redundant test introduced in s3_pkt.c on 20001225, which got cargo-cultedmiod2014-05-274-10/+8
| | | | (with an XXX comment, though) in d1_pkt.c in 2005.
* Wrap some long lines.jsing2014-05-272-8/+16
|
* Remove MemCheck_{on,off} that escaped last time around.jsing2014-05-272-8/+0
|
* More KNF.jsing2014-05-273-5/+6
|
* Fix ia64 cross-gcc target.tobiasu2014-05-272-0/+6
| | | | | | opensslconf.h is just a dummy, we're lightyears away from working userspace. ok deraadt@
* Replace the following logic:miod2014-05-264-68/+98
| | | | | | | | | | | | | | | | | | | | | if (nothing to allocate) ptr = malloc(1) else { if ((ptr = malloc(size to allocate)) memcpy(ptr, data to copy, size to allocate) } if (ptr == NULL) OMG ERROR with a saner logic where the NULL pointer check if moved to the actual malloc branch, so that we do not need to malloc a single byte, just to avoid having a NULL pointer. Whoever thought allocating a single byte was a smart idea was obviously not taking his meds. ok beck@ guenther@
* Unchecked malloc() return value in SSL_COMP_add_compression_method(), in themiod2014-05-262-0/+8
| | | | | !OPENSSL_NO_COMP case. Does not affect OpenBSD as we compile the opposite code path.
* We don't really to keep history in constructs such as:miod2014-05-264-24/+2
| | | | | | | | #if 1 /* new with openssl 0.9.4 */ current code; #else obsolete code; #endif
* tls_decrypt_ticket(): memory leak and uncleaned EVP_CIPHER_CTX upon error.miod2014-05-262-2/+8
|
* Make sure all error paths in dtls1_buffer_record() invoke SSLErr bymiod2014-05-262-40/+24
| | | | | | factoring error handling. ok jsing@
* There is no need to include <openssl/e_os2.h> here, except for the factjsing2014-05-265-5/+2
| | | | | that it brings in <openssl/opensslconf.h>, so just do that instead (currently via apps.h).
* Update the aead regress to work with the improved EVP AEAD API.jsing2014-05-261-22/+14
|
* Implement an improved version of the EVP AEAD API. Thejsing2014-05-2610-212/+218
| | | | | | | | | | | | | | | | EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was overloaded to indicate success/failure, along with the number of bytes written as output. This change adds an explicit *out_len argument which is used to return the number of output bytes and the return value is now an int that is purely used to identify success or failure. This change effectively rides the last libcrypto crank (although I do not expect there to be many users of the EVP AEAD API currently). Thanks to Adam Langley for providing the improved code that this diff is based on. ok miod@
* Use C99 initialisers for BIO_METHOD.jsing2014-05-262-18/+18
|
* KNF.jsing2014-05-266-720/+958
|
* repair some KNF missed by the script; ok jsingderaadt2014-05-262-12/+20
|
* KNF.jsing2014-05-2614-1076/+1312
|
* KNF.jsing2014-05-2612-2886/+3110
|
* move all stats collecting under MALLOC_STATS; ok krw@otto2014-05-261-28/+33
|
* Fix resource descriptor leaks.logan2014-05-251-0/+4
| | | | | | CID: 966576 & 966577 OK from guenther@ and "Yup. looks good." from tedu@
* -noout mentions a CRL, which is incorrect. Use "no output of encoded sessionlogan2014-05-251-1/+1
| | | | | | | | info." instead. From Martin Kaiser. OK from tedu@
* heartbearts->heartbeats fixlogan2014-05-252-2/+2
| | | | | | From Marcos Marado: OK from tedu@
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-2526-80/+42
|
* "for every change..."tedu2014-05-252-2/+2
|
* remove OPENSSL_memcmp before somebody tries to use it. ok beck miodtedu2014-05-252-12/+0
|
* remove OPENSSL_isservice. not used internally, no sane posix software willtedu2014-05-252-12/+0
| | | | | call it, and windows service software can figure this out on its own. ok beck miod
* remove unused shit. from Alexander Schrijvertedu2014-05-258-42/+4
|
* define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselvestedu2014-05-254-4/+8
| | | | ok beck
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-2518-296/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* There is little interest in supporting Watt-32 TCP/IP debugging. Forderaadt2014-05-251-7/+0
| | | | | reference, check out http://www.watt-32.net/ ok jsing
* Turn off MemCheck_on and MemCheck_off. These calls are pointless since thejsing2014-05-254-30/+6
| | | | | | crypto memory debugging code has been castrated. ok miod@ "kill it" beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 01:55:16 +0000