summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* In X509_PKEY_new(), make sure all allocation failures push an error to themiod2015-07-201-7/+15
| | | | | error stack, not only the first one. ok guenther@ doug@
* add NetLock Kft. CA root certificate, already present in web browsers andsteven2015-07-201-0/+80
| | | | | needed for fetching ports distfiles. ok sthen@
* Remove OpenSSL engine RSAX.doug2015-07-197-705/+6
| | | | | | | | | OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-199-24/+24
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* unifdef -UCBC_HANDLES_TRUNCATED_IOmiod2015-07-191-19/+1
| | | | ok bcook@ doug@
* Verify ASN1 objects types before attempting to access them as a particularmiod2015-07-192-2/+6
| | | | | type. ok guenther@ doug@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-192-8/+16
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Put explicit braces around assignment used in a conditional.miod2015-07-191-2/+2
| | | | ok bcook@ doug@
* Remove the logic responsible for outputting most AES-NI instructions asmiod2015-07-193-107/+0
| | | | | | | | | raw byte sequences. The toolchains have had some time to update and assemble the instructions correctly (except for p{ins,ext}rd which are not supported yet by as(1) under OpenBSD, but will be fixed shortly). Inspired by a discussion between tedu@ and John-Mark Gurney. Verified to still work on Mac OS X and average Linux distros by bcook@
* Replace `.byte 0x48,0x83,0xEC,0x08' with `sub \$8,%rsp' which is exactly themiod2015-07-191-2/+2
| | | | same four bytes, unobfuscated.
* Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2015-07-191-58/+55
| | | | | | | The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
* Remove case that can never happen.doug2015-07-191-5/+1
| | | | | | | It's a little convoluted due to gotos, but at that point, pci is always NULL. Spotted by Coverity 21702. ok miod@ beck@ bcook@
* Fix Coverity 72742 - ret is overwritten immediately after this.beck2015-07-191-2/+1
| | | | ok doug@
* abort when ENGINE_remove fails, fix Coverity 21656bcook2015-07-191-5/+2
| | | | ok doug@, beck@
* rand_err doesn't exist anymore, coverity 78808beck2015-07-181-3/+3
| | | | ok doug@
* Coverity 21651beck2015-07-181-3/+7
| | | | ok doug@
* Dead code, Coverity 78798beck2015-07-181-3/+1
| | | | ok bcook@ doug@
* Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2015-07-181-6/+8
| | | | | | | | | | lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
* Check the return value of ASN1_STRING_set(), for it may fail to allocatemiod2015-07-182-6/+14
| | | | | memory. Coverity CID 24810, 24846. ok bcook@ doug@
* Fix leak found by coverity, issue 78897 - which also brough tobeck2015-07-183-25/+33
| | | | | | light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
* delete doubled words;schwarze2015-07-174-4/+4
| | | | patch from Theo Buehler <theo at math dot ethz dot ch>
* extenstion -> extensionmiod2015-07-171-1/+1
|
* Bump LIBRESSL_VERSION defines.bcook2015-07-161-3/+7
| | | | | | | Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
* Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;miod2015-07-161-2/+4
| | | | | from OpenSSL (RT #3683) ok doug@ jsing@
* After reading a password with terminal echo off, restore the terminal toguenther2015-07-161-6/+5
| | | | | | | its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
* Explicitely cast a char into unsigned long before shifting it left by 24, formiod2015-07-161-2/+2
| | | | | | | | | | | this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Make sure the `reject negative sizes' logic introduced in 1.34 is actuallymiod2015-07-161-3/+4
| | | | | applied to all code paths. ok beck@ bcook@ doug@ guenther@
* Fix inverted test in previous. Commit message told what we intended, butmiod2015-07-151-2/+2
| | | | we did not notice my fingers slipping. Noticed by bcook@
* Remove dead code. Coverity CID 21688miod2015-07-151-4/+1
| | | | ok beck@
* Fix two theoretical NULL pointer dereferences which can only happen if youmiod2015-07-151-4/+9
| | | | | | | | have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
* Fix possible 32 byte buffer overrun, found by coverity, CID 78869beck2015-07-151-2/+2
| | | | ok miod@
* Memory leak; Coverity CID 78836miod2015-07-151-6/+8
| | | | ok beck@
* Unchecked allocations, and make sure we do not leak upon error. Fixesmiod2015-07-151-21/+36
| | | | | Coverity CID 21739 and more. ok bcook@
* Avoid leaking objects upon error; tweaks & ok doug@miod2015-07-151-18/+18
|
* Do not allow TS_check_signer_name() with signer == NULL frommiod2015-07-151-1/+4
| | | | | | | | | | | | | | | | | int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
* Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0,miod2015-07-151-1/+3
| | | | | | seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
* fix the build on arm after the recent addition of -Wundefjsg2015-06-291-2/+2
| | | | ok doug@ deraadt@
* Fix pointer to unsigned long conversion.doug2015-06-272-5/+7
| | | | | | | bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
* Put BUF_memdup() and BUF_reverse() under #ifndef LIBRESSL_INTERNAL.jsing2015-06-241-3/+2
|
* Handle NIST curve names.jsing2015-06-201-2/+4
| | | | | | From OpenSSL. ok miod@ (a while ago)
* Have ECPKParameters_print() include the NIST curve name, if known.jsing2015-06-201-1/+10
| | | | | | From OpenSSL. ok miod@ (a while ago).
* Provide EC_curve_nid2nist() and EC_curve_nist2nid().jsing2015-06-202-2/+57
| | | | | | | | From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
* Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.jsing2015-06-201-1/+3
| | | | ok doug@ deraadt@
* Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().jsing2015-06-203-6/+6
| | | | ok doug@ deraadt@
* Fix warning on vax due to old gcc.doug2015-06-201-4/+4
| | | | | | | Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@
* Crank major for libcrypto, ssl and tls due to MDC-2DES removal.doug2015-06-202-2/+2
| | | | ok miod@ jsing@
* Remove obsolete MDC-2DES from libcrypto.doug2015-06-2016-528/+19
| | | | ok deraadt@ jsing@ miod@
* Return the failing engine ID in the error stack.bcook2015-06-191-2/+4
| | | | | Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
* Disable ENGINE_load_dynamic (dynamic engine support).bcook2015-06-1930-543/+11
| | | | | | | We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 23:54:18 +0000