summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Expand another wall of ASN.1 template macros - no change to generatedjsing2015-07-251-224/+1357
| | | | assembly.
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-252-136/+847
|
* Expand ASN.1 template macros - the generated assembly only differs byjsing2015-07-251-55/+351
| | | | changes to line numbers.
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-242-27/+171
|
* Expand ASN.1 template macros - the generated assembly only differs byjsing2015-07-241-51/+341
| | | | changes to line numbers.
* an TLS -> a TLS; from thanos tsouanasjmc2015-07-241-2/+2
|
* Expand ASN1_ITEM_TEMPLATE/ASN1_EX_TEMPLATE_TYPE/ASN1_ITEM_TEMPLATE_ENDjsing2015-07-244-22/+106
| | | | macros - the generated assembly only differs by changes to line numbers.
* Expand IMPLEMENT_ASN1_MSTRING macros - the generated assembly only differsjsing2015-07-242-6/+42
| | | | by changes to line numbers.
* Correct #if/else logic in BIO's dgram_ctrl.doug2015-07-201-3/+3
| | | | | | | | | Coverity issue 72741 noticed that ret is being overwritten before use. The actual issue is that the #if/else logic is guarding the wrong lines. Besides impacting ret, this also made the case's break logic wrong because it was in the wrong location. ok bcook@ beck@
* prefer string.h to strings.h ok guenther@ doug@bcook2015-07-201-2/+2
|
* Various memory leaks upon error or unchecked allocations.miod2015-07-201-4/+13
| | | | ok doug@
* Use V_ASN1_UNDEF instead of -1.miod2015-07-201-7/+7
| | | | | | | Make sure ASN1_primitive_new() will return NULL in *pval in all error situations. ok bcook@ doug@
* Check the return value of asn1_enc_save(). ok bcook@ doug@miod2015-07-201-2/+4
|
* When freeing an X509_CRL, if freeing the user-maintained meth_data fails,miod2015-07-201-3/+4
| | | | | do not forgot to nevertheless keep freeing the other fields. ok doug@ guenther@
* In X509_PKEY_new(), make sure all allocation failures push an error to themiod2015-07-201-7/+15
| | | | | error stack, not only the first one. ok guenther@ doug@
* add NetLock Kft. CA root certificate, already present in web browsers andsteven2015-07-201-0/+80
| | | | | needed for fetching ports distfiles. ok sthen@
* Remove OpenSSL engine RSAX.doug2015-07-197-705/+6
| | | | | | | | | OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-199-24/+24
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* unifdef -UCBC_HANDLES_TRUNCATED_IOmiod2015-07-191-19/+1
| | | | ok bcook@ doug@
* Verify ASN1 objects types before attempting to access them as a particularmiod2015-07-192-2/+6
| | | | | type. ok guenther@ doug@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-192-8/+16
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Put explicit braces around assignment used in a conditional.miod2015-07-191-2/+2
| | | | ok bcook@ doug@
* Remove the logic responsible for outputting most AES-NI instructions asmiod2015-07-193-107/+0
| | | | | | | | | raw byte sequences. The toolchains have had some time to update and assemble the instructions correctly (except for p{ins,ext}rd which are not supported yet by as(1) under OpenBSD, but will be fixed shortly). Inspired by a discussion between tedu@ and John-Mark Gurney. Verified to still work on Mac OS X and average Linux distros by bcook@
* Replace `.byte 0x48,0x83,0xEC,0x08' with `sub \$8,%rsp' which is exactly themiod2015-07-191-2/+2
| | | | same four bytes, unobfuscated.
* Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2015-07-191-58/+55
| | | | | | | The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
* Remove case that can never happen.doug2015-07-191-5/+1
| | | | | | | It's a little convoluted due to gotos, but at that point, pci is always NULL. Spotted by Coverity 21702. ok miod@ beck@ bcook@
* Fix Coverity 72742 - ret is overwritten immediately after this.beck2015-07-191-2/+1
| | | | ok doug@
* abort when ENGINE_remove fails, fix Coverity 21656bcook2015-07-191-5/+2
| | | | ok doug@, beck@
* rand_err doesn't exist anymore, coverity 78808beck2015-07-181-3/+3
| | | | ok doug@
* Coverity 21651beck2015-07-181-3/+7
| | | | ok doug@
* Dead code, Coverity 78798beck2015-07-181-3/+1
| | | | ok bcook@ doug@
* Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2015-07-181-6/+8
| | | | | | | | | | lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
* Check the return value of ASN1_STRING_set(), for it may fail to allocatemiod2015-07-182-6/+14
| | | | | memory. Coverity CID 24810, 24846. ok bcook@ doug@
* Fix leak found by coverity, issue 78897 - which also brough tobeck2015-07-183-25/+33
| | | | | | light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
* delete doubled words;schwarze2015-07-174-4/+4
| | | | patch from Theo Buehler <theo at math dot ethz dot ch>
* extenstion -> extensionmiod2015-07-171-1/+1
|
* Bump LIBRESSL_VERSION defines.bcook2015-07-161-3/+7
| | | | | | | Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
* Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;miod2015-07-161-2/+4
| | | | | from OpenSSL (RT #3683) ok doug@ jsing@
* After reading a password with terminal echo off, restore the terminal toguenther2015-07-161-6/+5
| | | | | | | its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
* Explicitely cast a char into unsigned long before shifting it left by 24, formiod2015-07-161-2/+2
| | | | | | | | | | | this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Make sure the `reject negative sizes' logic introduced in 1.34 is actuallymiod2015-07-161-3/+4
| | | | | applied to all code paths. ok beck@ bcook@ doug@ guenther@
* Fix inverted test in previous. Commit message told what we intended, butmiod2015-07-151-2/+2
| | | | we did not notice my fingers slipping. Noticed by bcook@
* Remove dead code. Coverity CID 21688miod2015-07-151-4/+1
| | | | ok beck@
* Fix two theoretical NULL pointer dereferences which can only happen if youmiod2015-07-151-4/+9
| | | | | | | | have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
* Fix possible 32 byte buffer overrun, found by coverity, CID 78869beck2015-07-151-2/+2
| | | | ok miod@
* Memory leak; Coverity CID 78836miod2015-07-151-6/+8
| | | | ok beck@
* Unchecked allocations, and make sure we do not leak upon error. Fixesmiod2015-07-151-21/+36
| | | | | Coverity CID 21739 and more. ok bcook@
* Avoid leaking objects upon error; tweaks & ok doug@miod2015-07-151-18/+18
|
* Do not allow TS_check_signer_name() with signer == NULL frommiod2015-07-151-1/+4
| | | | | | | | | | | | | | | | | int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-30 05:43:12 +0000