| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Since this is a library, place issetugid() before every getenv() | deraadt | 2014-06-23 | 5 | -13/+24 | |
| | | | | | ok miod | |||||
| * | KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and | guenther | 2014-06-22 | 2 | -48/+88 | |
| | | | | | | | multiline comments ok jsing@ | |||||
| * | BIO_sock_init() no longer does anything, so stop calling it. | jsing | 2014-06-22 | 1 | -10/+1 | |
| | | ||||||
| * | Just use SOMAXCONN and IPPROTO_TCP, since we know we have them. | jsing | 2014-06-22 | 1 | -14/+4 | |
| | | ||||||
| * | In BIO_get_port(), use strol() with appropriate range checks rather than | jsing | 2014-06-22 | 3 | -34/+50 | |
| | | | | | | | | an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@ | |||||
| * | nuke unused test programs; ok jsing | deraadt | 2014-06-22 | 2 | -46/+2 | |
| | | ||||||
| * | More KNF. | jsing | 2014-06-22 | 1 | -5/+5 | |
| | | ||||||
| * | KNF. | jsing | 2014-06-22 | 3 | -208/+203 | |
| | | ||||||
| * | KNF. | jsing | 2014-06-22 | 6 | -961/+1081 | |
| | | ||||||
| * | More KNF. | jsing | 2014-06-22 | 3 | -9/+9 | |
| | | ||||||
| * | always compare memcmp against 0, for clarity. | tedu | 2014-06-21 | 6 | -14/+14 | |
| | | ||||||
| * | Pull the code that builds a DTLS sequence number out into its own function | jsing | 2014-06-21 | 6 | -46/+58 | |
| | | | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@ | |||||
| * | Specify the correct strength bits for 3DES cipher suites. | jsing | 2014-06-21 | 2 | -30/+26 | |
| | | | | | | | From OpenSSL. ok miod@ | |||||
| * | Switch to the ISC licensed versions of these files, which Google has made | jsing | 2014-06-21 | 2 | -101/+26 | |
| | | | | | | | available via boringssl. ok deraadt@ | |||||
| * | Pull out the sequence number selection and handle this up front. Also, the | jsing | 2014-06-21 | 2 | -18/+12 | |
| | | | | | correct record is already known, so avoid reassignment. | |||||
| * | More KNF and clean up. | jsing | 2014-06-21 | 2 | -26/+18 | |
| | | ||||||
| * | More KNF. | jsing | 2014-06-21 | 8 | -61/+56 | |
| | | ||||||
| * | KNF | miod | 2014-06-21 | 3 | -124/+137 | |
| | | ||||||
| * | KNF | miod | 2014-06-21 | 3 | -178/+186 | |
| | | ||||||
| * | Fix memory leak in error path. | logan | 2014-06-21 | 2 | -4/+4 | |
| | | | | | OK from miod@ | |||||
| * | Remove the OPENSSL_*cap getenv's. A program should not be able to | deraadt | 2014-06-20 | 3 | -25/+5 | |
| | | | | | | change the behaviour of the library in such a complicated fashion. ok miod | |||||
| * | wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protect | deraadt | 2014-06-20 | 1 | -2/+2 | |
| | | | | | | setuid applications from being fooled. ok miod | |||||
| * | Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both might | miod | 2014-06-20 | 1 | -70/+0 | |
| | | | | | have been used under DJGPP in the previous century (if at all). | |||||
| * | Fix incorrect bounds check in amd64 assembly version of bn_mul_mont(); | miod | 2014-06-20 | 2 | -4/+4 | |
| | | | | | | noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 ) | |||||
| * | convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring | tedu | 2014-06-19 | 18 | -44/+44 | |
| | | | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod | |||||
| * | check stack push return and make some effort to clean up. ok beck miod | tedu | 2014-06-19 | 1 | -2/+6 | |
| | | ||||||
| * | improve error checking. set error code on error, and check malloc return. | tedu | 2014-06-19 | 1 | -2/+13 | |
| | | | | | add missing unlock in one case. ok lteo miod | |||||
| * | In ssl3_send_newsession_ticket(), fix a memory leak in an error path. | miod | 2014-06-18 | 2 | -4/+8 | |
| | | ||||||
| * | Missinc calloc() return value check; ok deraadt@ | miod | 2014-06-18 | 1 | -1/+5 | |
| | | ||||||
| * | Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in the | miod | 2014-06-18 | 2 | -8/+20 | |
| | | | | | | | error paths from tls_decrypt_ticket(). ok tedu@ | |||||
| * | Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description() | miod | 2014-06-18 | 2 | -22/+22 | |
| | | | | | | | when no storage buffer is passed. ok deraadt@ tedu@ | |||||
| * | In SSL_COMP_add_compression_method(), make sure error cases actually return | miod | 2014-06-18 | 2 | -4/+4 | |
| | | | | | | | `error' rather than `success'. ok deraadt@ | |||||
| * | ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too. | tedu | 2014-06-17 | 2 | -4/+8 | |
| | | ||||||
| * | free iv, then cleanse. from Cyril Jouve | tedu | 2014-06-15 | 1 | -2/+2 | |
| | | ||||||
| * | Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 rather | jsing | 2014-06-15 | 1 | -9/+4 | |
| | | | | | | | than '\0' for several memset(). ok beck@ miod@ | |||||
| * | Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init() | jsing | 2014-06-15 | 1 | -6/+2 | |
| | | | | | | | does something special... just use calloc() instead. ok beck@ miod@ | |||||
| * | Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup(). | jsing | 2014-06-15 | 1 | -1/+2 | |
| | | | | | ok beck@ miod@ | |||||
| * | The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of the | jsing | 2014-06-15 | 1 | -2/+2 | |
| | | | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@ | |||||
| * | Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(), | jsing | 2014-06-15 | 7 | -55/+28 | |
| | | | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@ | |||||
| * | Add more bounded attributes to the buffer and md5/sha headers in libssl | avsm | 2014-06-14 | 3 | -19/+35 | |
| | | | | | ok miod@ | |||||
| * | typo | miod | 2014-06-13 | 1 | -2/+2 | |
| | | ||||||
| * | Correctly calculate the key block length when using export ciphers. | jsing | 2014-06-13 | 2 | -2/+10 | |
| | | ||||||
| * | Overhaul the keyblock handling in ssl3_change_cipher_state(). Use | jsing | 2014-06-13 | 1 | -32/+45 | |
| | | | | | | meaningful variable names with use with pointer arithmitic rather than complex array indexing. | |||||
| * | Correctly calculate the key block length when used with export ciphers. | jsing | 2014-06-13 | 1 | -17/+24 | |
| | | | | | While here, use meaningful variable names and simplify the calculation. | |||||
| * | Use meaningful variable names, rather than i, j, k and cl. | jsing | 2014-06-13 | 1 | -23/+27 | |
| | | ||||||
| * | Do not bother trying to work out of we can reuse a cipher context - just | jsing | 2014-06-13 | 1 | -22/+12 | |
| | | | | | | throw it away and create a new one. This simplifies the code and also allows ASR to do its thing. | |||||
| * | Separate the comression handling from the cipher/message digest handling in | jsing | 2014-06-13 | 1 | -43/+47 | |
| | | | | | ssl3_change_cipher_state(). | |||||
| * | Swap compress/expand around so they are in the correct order - these ended | jsing | 2014-06-13 | 2 | -28/+28 | |
| | | | | | up in the wrong order when the code was refactored. | |||||
| * | The export_key/export_iv variables are only used in the is_export case. | jsing | 2014-06-13 | 1 | -7/+10 | |
| | | | | | Also use c rather than &c[0]. | |||||
| * | Rename a bunch of variables in ssl3_change_cipher_state() for readability. | jsing | 2014-06-13 | 1 | -38/+40 | |
| | | | | | This also brings it inline with tls1_change_cipher_state_cipher(). | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |