summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace 48 lines of code with a single inet_pton() call. The previousjsing2014-06-241-48/+3
| | | | | | | | | | | | | handrolled version could not even make use of sscanf(), since that would not work with a certain antiquated compiler. It is worth noting that there is a tiny change in behaviour - previously calling BIO_get_host_ip() with something that looked like it might be a valid IP address (for example, "1." or even ".") would result in it returning failure rather than trying a BIO_gethostbyname() - now we'll always try a BIO_gethostbyname() if it was not a valid IPv4 address. ok beck@ miod@ deraadt@
* Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magicallyjsing2014-06-241-16/+3
| | | | | | appear by itself. ok beck@ miod@
* Fix memory leak.logan2014-06-241-2/+4
| | | | | | Thanks to Brenk Cook. OK from miod@
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-235-13/+24
| | | | ok miod
* KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() andguenther2014-06-222-48/+88
| | | | | | multiline comments ok jsing@
* BIO_sock_init() no longer does anything, so stop calling it.jsing2014-06-221-10/+1
|
* Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.jsing2014-06-221-14/+4
|
* In BIO_get_port(), use strol() with appropriate range checks rather thanjsing2014-06-223-34/+50
| | | | | | | an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@
* nuke unused test programs; ok jsingderaadt2014-06-222-46/+2
|
* More KNF.jsing2014-06-221-5/+5
|
* KNF.jsing2014-06-223-208/+203
|
* KNF.jsing2014-06-226-961/+1081
|
* More KNF.jsing2014-06-223-9/+9
|
* always compare memcmp against 0, for clarity.tedu2014-06-216-14/+14
|
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-216-46/+58
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Specify the correct strength bits for 3DES cipher suites.jsing2014-06-212-30/+26
| | | | | | From OpenSSL. ok miod@
* Switch to the ISC licensed versions of these files, which Google has madejsing2014-06-212-101/+26
| | | | | | available via boringssl. ok deraadt@
* Pull out the sequence number selection and handle this up front. Also, thejsing2014-06-212-18/+12
| | | | correct record is already known, so avoid reassignment.
* More KNF and clean up.jsing2014-06-212-26/+18
|
* More KNF.jsing2014-06-218-61/+56
|
* KNFmiod2014-06-213-124/+137
|
* KNFmiod2014-06-213-178/+186
|
* Fix memory leak in error path.logan2014-06-212-4/+4
| | | | OK from miod@
* Remove the OPENSSL_*cap getenv's. A program should not be able toderaadt2014-06-203-25/+5
| | | | | change the behaviour of the library in such a complicated fashion. ok miod
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both mightmiod2014-06-201-70/+0
| | | | have been used under DJGPP in the previous century (if at all).
* Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();miod2014-06-202-4/+4
| | | | | noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 )
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-1918-44/+44
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* In ssl3_send_newsession_ticket(), fix a memory leak in an error path.miod2014-06-182-4/+8
|
* Missinc calloc() return value check; ok deraadt@miod2014-06-181-1/+5
|
* Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in themiod2014-06-182-8/+20
| | | | | | error paths from tls_decrypt_ticket(). ok tedu@
* Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()miod2014-06-182-22/+22
| | | | | | when no storage buffer is passed. ok deraadt@ tedu@
* In SSL_COMP_add_compression_method(), make sure error cases actually returnmiod2014-06-182-4/+4
| | | | | | `error' rather than `success'. ok deraadt@
* ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.tedu2014-06-172-4/+8
|
* free iv, then cleanse. from Cyril Jouvetedu2014-06-151-2/+2
|
* Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 ratherjsing2014-06-151-9/+4
| | | | | | than '\0' for several memset(). ok beck@ miod@
* Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()jsing2014-06-151-6/+2
| | | | | | does something special... just use calloc() instead. ok beck@ miod@
* Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().jsing2014-06-151-1/+2
| | | | ok beck@ miod@
* The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of thejsing2014-06-151-2/+2
| | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
* Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),jsing2014-06-157-55/+28
| | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
* Add more bounded attributes to the buffer and md5/sha headers in libsslavsm2014-06-143-19/+35
| | | | ok miod@
* typomiod2014-06-131-2/+2
|
* Correctly calculate the key block length when using export ciphers.jsing2014-06-132-2/+10
|
* Overhaul the keyblock handling in ssl3_change_cipher_state(). Usejsing2014-06-131-32/+45
| | | | | meaningful variable names with use with pointer arithmitic rather than complex array indexing.
* Correctly calculate the key block length when used with export ciphers.jsing2014-06-131-17/+24
| | | | While here, use meaningful variable names and simplify the calculation.
* Use meaningful variable names, rather than i, j, k and cl.jsing2014-06-131-23/+27
|
* Do not bother trying to work out of we can reuse a cipher context - justjsing2014-06-131-22/+12
| | | | | throw it away and create a new one. This simplifies the code and also allows ASR to do its thing.
* Separate the comression handling from the cipher/message digest handling injsing2014-06-131-43/+47
| | | | ssl3_change_cipher_state().
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 07:00:16 +0000