summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_err.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-09-28X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2-30/+46
for it may be NULL. Do not leak memory upon error. ok bcook@
2014-09-28Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2-10/+8
manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
2014-09-28revamp the config interface to own memory. easier to use correctly withouttedu3-49/+99
caller worrying about leaks or lifetimes. after feedback from jsing
2014-09-27Revert r1.5 and reenable assembler version of ghash now that it has beenmiod2-6/+6
fixed.
2014-09-27Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, wheremiod2-0/+4
the 64-bit code has to be disabled under OpenBSD/hppa.
2014-09-27Disable assembler code for ghash on hppa, causes wrong computations in somemiod4-8/+8
cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
2014-09-27There is not much point checking ecdhp is not NULL... twice.jsing4-28/+10
ok miod@
2014-09-27Check that the specified curve is one of the client preferences.jsing10-16/+140
Based on OpenSSL. ok miod@
2014-09-27Fix mmap() calls that check for a result other than MAP_FAILED.doug1-1/+1
ok tedu@
2014-09-26X509_STORE_new(): do not leak memory upon error.miod2-28/+34
X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
2014-09-26X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2-2/+6
the first EVP block. ok tedu@
2014-09-26X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2-6/+6
ok tedu@
2014-09-26Now that we have a static version of the default EC formats, also use itjsing2-94/+88
for the server hello. From OpenSSL. ok miod@
2014-09-23Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2-12/+12
strdup() to allocated directory list components. ok jsing@
2014-09-22Refactor and simplify the ECC extension handling. The existing codejsing4-244/+196
effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
2014-09-22Also check the result from final_finish_mac() against finish_mac_length injsing2-38/+34
ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
2014-09-22It is possible (although unlikely in practice) for peer_finish_md_len tojsing2-26/+22
end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
2014-09-21Document SSL_OP_TLSEXT_PADDING.jsing1-0/+6
From OpenSSL.
2014-09-21Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing4-20/+36
is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
2014-09-21a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2-8/+18
some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
2014-09-21Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2-38/+58
Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
2014-09-21Add support for word anchors \< and \> to regex regression tests.doug1-1/+13
These are copied from the existing [[:<:]] and [[:>:]] tests.
2014-09-19Add CHACHA20 as a cipher symmetric encryption alias.jsing2-2/+10
From Ming <gzchenym at 126.com>
2014-09-19remove obfuscating parens. man operator is your friend.tedu4-30/+30
2014-09-19Fix on 32bit platforms where 0xdeadbeef > LONG_MAX.schwarze1-4/+6
To avoid making tests machine dependent, only test values inside 32bit LONG_{MIN,MAX} and outside 64bit LONG_{MIN,MAX}, but none in between. While here, cover 32bit edge cases, negative values, and overflows. ok jsing@
2014-09-17Remove unused #define.lteo1-3/+1
ok jsing@
2014-09-16A few more MLINKs.miod1-1/+7
2014-09-16a little less sendmail specific;jmc1-4/+3
2014-09-15When fopen()ing internal to libc (the API doesn't support the useguenther5-14/+14
of the resulting FILE *), then pass fopen() the 'e' mode letter to mark it close-on-exec. ok miod@
2014-09-14Do not claim that empty numbers set EINVAL, our implementation doesn't.schwarze2-37/+61
Mention that invalid bases do set EINVAL (as required by POSIX); this part of the change uses part of an earlier patch by millert@. Minor mdoc(7) cleanup and sync between the two pages while here. Feedback and ok jmc@ and millert@.
2014-09-13Make sure that the following functions return 0 and EINVAL asschwarze6-20/+60
required by the C standard when called with an invalid base: strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax(). Same behaviour for strtoq() and strtouq() even though not standardized. No functional change in strtol(), it was the only one already correct. While here, simplify the conditional expression for checking the base and sync whitespace and comments among the six files. ok millert@
2014-09-10Disable -Wshadow again, since it breaks builds on vax with gcc3.jsing1-2/+2
2014-09-08obvious cases of missing .An;schwarze1-3/+3
found with the new mandoc(1) MANDOCERR_AN_MISSING warning; no text changes
2014-09-07Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing16-182/+54
nor do we plan on supporting them. ok guenther@
2014-09-04POSIX specifies arpa/inet.h as the include file for these.millert1-3/+3
OK aja@ mikeb@
2014-09-01Enable -Wshadow in openssl(1) and fix a few shadow warnings.doug5-25/+21
ok jsing@
2014-09-01Convert ecparam to new option/usage handling.jsing1-197/+215
2014-09-01Improve option usage output.jsing1-7/+20
If the option/argument string exceeds the given width, add a hanging indent prior to displaying the description. Also, if the description includes newlines, wrap and indent for each newline so that the indentation is correctly maintained.
2014-08-31Make the in6addr constant declarations and definitions consistentbluhm1-3/+3
in kernel and user land. OK florian@ mpi@
2014-08-31Add sockatmark()guenther3-5/+170
ok millert@ manpage feedback jmc@
2014-08-30Convert openssl(1) version to new option/usage handling.jsing1-34/+90
2014-08-30Move the callback function pointer outside the opt union so that the optionjsing2-4/+10
values are useable by the function. Also provide an option type that calls a function without consuming/passing an argument.
2014-08-28OpenSSL_add_all_algorithms() is called from openssl_startup() - it does notjsing6-13/+6
need to also be called from some of the applications.
2014-08-28openssl_setup() calls SSL_load_error_strings(), which happens to calljsing27-60/+30
ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
2014-08-28Add option handling with a callback function for argument processing.jsing2-2/+10
2014-08-28Convert openssl(1) crl to new option/usage handling.jsing1-186/+246
2014-08-28Given the usage option name/argument name width a few more characters.jsing1-2/+2
2014-08-28Ensure that a format option argument is a known specifier.jsing1-2/+10
2014-08-28Add option handling for ordered flags.jsing2-2/+8
2014-08-28Add option handling for input/output formats.jsing2-2/+8