summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* fix leaking of bn, coverity issue 105351beck2015-02-131-1/+2
| | | | ok doug@
* prevent a crash with openssl asn1parse -genstr FORMATjsg2015-02-121-1/+5
| | | | | | aka ASN1_generate_nconf("FORMAT", NULL) ok krw@ beck@ jsing@
* If you do not support POSIX I/O then you're not tall enough to ride...jsing2015-02-124-23/+4
| | | | ok tedu@
* unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN,jsing2015-02-128-48/+8
| | | | | | however it is not likely to be removed any time soon. ok beck@ miod@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-119-12/+123
|
* Remove initialisers with default values from the ASN1 data structures.jsing2015-02-1117-188/+23
| | | | | Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-119-123/+12
| | | | ok miod@
* get rid of OPENSSL_NO_COMP code we don't use.beck2015-02-112-11/+2
| | | | jajaja miod@
* Expand most of the ASN1_SEQUENCE* and associated macros, making the datajsing2015-02-1117-146/+950
| | | | | | | | | | structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-1131-31/+72
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* More unifdef OPENSSL_NO_RFC3779 that got missed last time around.jsing2015-02-112-16/+2
| | | | Spotted by beck@
* unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely tojsing2015-02-106-2704/+4
| | | | | | be enabled, mostly since people use SANs instead. ok beck@ guenther@
* Remove old interesting but not useful content.jsing2015-02-101-278/+0
| | | | ok miod@
* unifdef OPENSSL_NO_RC5jsing2015-02-103-29/+3
|
* Remove RC5 code - this is not currently enabled and is not likely to everjsing2015-02-108-1079/+0
| | | | | | | | be enabled. Removes one symbol from libcrypto, however there is no ABI change. ok beck@ miod@ tedu@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-1013-39/+14
| | | | 15 years.
* Remove crypto/store - part of which is "currently highly experimental".jsing2015-02-107-3505/+0
| | | | | | | This code is not compiled in and OPENSSL_NO_STORE is already defined in opensslfeatures.h. No symbol removal for libcrypto. ok beck@
* EVP_BytesToKey(): return through the error path (which cleans things up)miod2015-02-101-3/+3
| | | | if EVP_DigestInit_ex() fails.
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-1013-51/+141
| | | | Careful review, feedback & ok doug@ jsing@
* Remove default value initialisers for ASN1_ITEM. Minor changes to generatedjsing2015-02-101-93/+11
| | | | assembly due to switches between .quad and .zero for structs.
* Remove unnecessary include of assert.hmiod2015-02-105-10/+5
|
* Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policymiod2015-02-1016-85/+17
| | | | | for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
* Expand IMPLEMENT_ASN1_TYPE macros - no change to generated assembly.jsing2015-02-101-23/+221
|
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-1010-47/+10
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Place the IMPLEMENT_ASN1_.*FUNCTION.* macros under an #ifndefjsing2015-02-101-1/+4
| | | | LIBRESSL_INTERNAL - we do not need them any more.
* Expand IMPLEMENT_ASN1_NDEF_FUNCTION and IMPLEMENT_ASN1_PRINT_FUNCTIONjsing2015-02-101-3/+14
| | | | | | | | macros so that the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname macros that got missed.jsing2015-02-102-4/+28
|
* Expand the IMPLEMENT_ASN1_ALLOC_FUNCTIONS macro so that the code is visiblejsing2015-02-104-11/+88
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-1010-29/+29
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-104-13/+121
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-1010-29/+124
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that thejsing2015-02-105-23/+455
| | | | | | | | | code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-096-51/+1155
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0912-43/+787
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-0928-273/+358
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0919-60/+1044
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Jettison SCTP support in BIO dgram.jsing2015-02-092-1052/+2
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Jettison DTLS over SCTP.jsing2015-02-0914-818/+14
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Return NULL when there are no shared ciphers.doug2015-02-092-8/+12
| | | | | | | | | | | | | | | | | OpenSSL added this change to avoid an out-of-bounds write since they're accessing p[-1]. We initialize buf and use strrchr() so we aren't subject to the same OOB write. However, we should return NULL rather than an empty string when there are no shared ciphers. Also, KNF a particularly bad section above here that miod noticed. Based on OpenSSL commits: 4ee356686f72ff849f6f3d58562224ace732b1a6 308505b838e4e3ce8485bb30f5b26e2766dc7f8b ok miod@
* This is neither code not proper documentation.miod2015-02-097-157/+0
|
* Remove unused GOST test that prevents clang from building libcrypto.doug2015-02-091-55/+1
| | | | | | | | | | clang warns that it is unused and we have -Werror enabled. This test isn't hooked up to anything yet. We can add it back with a future GOST update. clang 3.5 can now build libssl and libcrypto as long as you use CFLAGS=-Wno-pointer-sign. "seems reasonable" bcook@, miod@
* Use `> 0' instead of `!= 0' as a successful condition formiod2015-02-0810-44/+44
| | | | | | EC_POINT_is_at_infinity() and EC_POINT_is_on_curve(), for they may return -1 should an error arise. ok doug@ jsing@
* Move a few typedef up in this file in order to be able to use them in env_md_stmiod2015-02-081-14/+10
| | | | | and get rid of a silly FIXME comment. ok doug@ jsing@
* Check memory allocation results in EVP_PBE_alg_add_type().miod2015-02-081-3/+10
| | | | ok doug@ jsing@
* Check memory allocation results, as well as stack pushes.miod2015-02-081-9/+34
| | | | | | Also fix a memory leak in one of the error paths of SMIME_read_ASN1(), spotted by doug@ tweaks&ok doug@ jsing@
* Rely upon enc_flags rather than the tls version, to upgrade SHA1+MD5 tomiod2015-02-082-8/+8
| | | | | SHA256 in ssl_get_algorithm2(). From OpenSSL HEAD; ok jsing@
* Lob a KNF grenade into the ecdsa code.jsing2015-02-088-312/+288
|
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Remove useless variables and use the values directly.doug2015-02-072-10/+6
| | | | | | From OpenSSL commit 3d47c1d331fdc7574d2275cda1a630ccdb624b08. ok miod@, jsing@
* Don't support very old versions of Netscape (is there any other kind?).doug2015-02-071-6/+5
| | | | | | | | | | | | | | Apparently "very old" Netscape versions illegally included empty content and a detached signature. OpenSSL removed the #if 0 that protected these users and added a new button OPENSSL_DONT_SUPPORT_OLD_NETSCAPE. It appears to be off by default to keep the hopes and dreams of very old Netscape users alive. We decided to be rebels and disable support. If you installed your browser from floppy disks, it's time to upgrade! Based on OpenSSL commit: 02a938c953b3e1ced71d9a832de1618f907eb96d ok tedu@, miod@, jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-23 21:10:59 +0000