| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
If len == 0, it already set try_session_cache so there's no need to
check len again. Fixes Coverity issue 21687.
ok bcook@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
| |
|
|
|
|
|
|
|
| |
effectively built two "static" data structures - instead of doing this,
just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
| |
|
|
|
|
|
|
| |
up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
| |
|
|
|
|
|
|
|
|
| |
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
| |
|
|
|
|
| |
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
|
| | |
|
| |
|
|
|
| |
baggage.
ok miod@ jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
|
| | |
|
| |
|
|
| |
where it is feasible to do so. better safe than sorry.
|
| |
|
|
|
|
| |
OPENSSL_NO_EC.
ok tedu@
|
| |
|
|
|
|
| |
OPENSSL_NO_TLSEXT.
ok tedu@
|
| |
|
|
|
|
|
|
| |
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
| |
|
|
|
| |
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
|
| | |
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.
ok tedu@ beck@
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]
|
| | |
|
| |
|
|
|
| |
new minor for libcrypto (_X509_REQ_print_ex)
tested by miod@, pb@
|
| |
|
|
| |
http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
