summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove case that can never happen.doug2015-07-192-10/+2
| | | | | | | It's a little convoluted due to gotos, but at that point, pci is always NULL. Spotted by Coverity 21702. ok miod@ beck@ bcook@
* Fix Coverity 72742 - ret is overwritten immediately after this.beck2015-07-192-4/+2
| | | | ok doug@
* Remove effectively unused variable.doug2015-07-191-4/+1
| | | | | | Fixes Coverity issue 21693. ok beck@ bcook@
* Assign p to CBS_data since it is used later.doug2015-07-192-4/+6
| | | | | | The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
* abort when ENGINE_remove fails, fix Coverity 21656bcook2015-07-192-10/+4
| | | | ok doug@, beck@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-186-32/+74
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
* rand_err doesn't exist anymore, coverity 78808beck2015-07-182-6/+6
| | | | ok doug@
* Coverity 21651beck2015-07-182-6/+14
| | | | ok doug@
* Convert dtls1_get_record to CBS.doug2015-07-182-42/+56
| | | | ok miod@, input + ok jsing@
* Remove repeated code in dtls1_get_record.doug2015-07-182-80/+32
| | | | | | | | The "if" is a bit ugly, but this does remove a lot of repetitive code. This will be converted to CBS later as well. ok miod@ jsing@ roughly ok with it after seeing the CBS version
* Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFERbluhm2015-07-181-1/+4
| | | | | | | in libtls. This gives tls_write() a similar short write semantics as write(2). So implementing daemons with libevent buffers will be easier and workarounds in syslogd and httpd can be removed. OK tedu@ beck@ reyk@
* Dead code, Coverity 78798beck2015-07-182-6/+2
| | | | ok bcook@ doug@
* simplify length checking in do_indefinite_convertbcook2015-07-181-11/+17
| | | | | Fixes Coverity 117506, 117507, 117508 ok doug@
* Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2015-07-182-12/+16
| | | | | | | | | | lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
* Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug2015-07-1810-58/+26
| | | | | | This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
* remove mysterious, decorative comment blockletsbcook2015-07-181-21/+21
|
* Explicitly mark ignored BN_* return vals in tests.bcook2015-07-181-6/+6
| | | | | The tests will fail all the same. Fixes Coverity 78811 21659 21658 21657. Discussed with beck@
* check sscanf conversion, fixes Coverity 21666bcook2015-07-181-2/+6
| | | | ok doug@, miod@, guenther@
* Check the return value of ASN1_STRING_set(), for it may fail to allocatemiod2015-07-184-12/+28
| | | | | memory. Coverity CID 24810, 24846. ok bcook@ doug@
* Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.doug2015-07-186-28/+22
| | | | | | | | This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
* Unbreak, add errno headerjeremy2015-07-181-1/+2
| | | | OK tedu@
* set errno in null cases, just in case.tedu2015-07-181-2/+3
|
* standards compliant error return (null). will make ruby happier, at least.tedu2015-07-181-5/+2
| | | | ok deraadt jeremy
* Fix leak found by coverity, issue 78897 - which also brough tobeck2015-07-186-50/+66
| | | | | | light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
* delete doubled words;schwarze2015-07-178-8/+8
| | | | patch from Theo Buehler <theo at math dot ethz dot ch>
* extenstion -> extensionmiod2015-07-172-2/+2
|
* fix leak, found by coverity, ID 78877beck2015-07-171-3/+3
| | | | ok miod@ jsing@
* Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug2015-07-174-24/+34
| | | | ok miod@ jsing@
* Remove SSLv3 support from openssl(1) s_time.doug2015-07-171-13/+3
| | | | ok miod@ bcook@ beck@
* Remove SSLv3 support from openssl(1) s_server.doug2015-07-171-7/+2
| | | | ok miod@ bcook@ beck@
* Remove SSLv3 support from openssl(1) s_client.doug2015-07-171-4/+1
| | | | ok miod@ bcook@ beck@
* Remove support for SSLv3 from openssl(1) ciphers.doug2015-07-171-27/+5
| | | | ok miod@ bcook@
* Remove compat hack that disabled ECDHE-ECDSA on OS X.doug2015-07-1710-208/+26
| | | | | | | | | For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
* Remove workaround for TLS padding bug from SSLeay days.doug2015-07-1713-79/+25
| | | | | | | | | OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
* Bump LIBRESSL_VERSION defines.bcook2015-07-162-6/+14
| | | | | | | Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
* Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;miod2015-07-162-4/+8
| | | | | from OpenSSL (RT #3683) ok doug@ jsing@
* fix coverity leak - ID 78921beck2015-07-161-3/+11
| | | | ok miod@, bcook@
* kill leak, found by coverity, ID 105348beck2015-07-161-2/+5
| | | | ok miod@
* After reading a password with terminal echo off, restore the terminal toguenther2015-07-162-12/+10
| | | | | | | its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
* Explicitely cast a char into unsigned long before shifting it left by 24, formiod2015-07-162-4/+4
| | | | | | | | | | | this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-162-10/+18
| | | | Coverity CID 78796; ok beck@
* Make sure the `reject negative sizes' logic introduced in 1.34 is actuallymiod2015-07-162-6/+8
| | | | | applied to all code paths. ok beck@ bcook@ doug@ guenther@
* check n before cbs_init, coverity - ID 125063beck2015-07-152-6/+18
| | | | ok bcook@ miod@
* test for n<0 before use in CBS_init - mostly to shut up coverity.beck2015-07-156-22/+66
| | | | reluctant ok miod@
* Flense out dead code, we don't do ecdhe_clnt_cert.beck2015-07-154-374/+150
| | | | | coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
* Fix inverted test in previous. Commit message told what we intended, butmiod2015-07-152-4/+4
| | | | we did not notice my fingers slipping. Noticed by bcook@
* Remove dead code. Coverity CID 21688miod2015-07-152-8/+2
| | | | ok beck@
* Fix two theoretical NULL pointer dereferences which can only happen if youmiod2015-07-152-8/+18
| | | | | | | | have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
* Fix possible 32 byte buffer overrun, found by coverity, CID 78869beck2015-07-152-4/+4
| | | | ok miod@
* Memory leak; Coverity CID 78836miod2015-07-152-12/+16
| | | | ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 03:05:59 +0000