summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* pk7_doit.c r1.20 introduced a NULL check that ensures that the signaturejsing2014-07-021-2/+2
| | | | | | | | | | contents are not NULL, however this breaks detached signature processing. Fix this by allowing the signature contents to be NULL when operating with a detached signature. Found the hard way by sthen@. ok sthen@
* Remove more unused cruft.jsing2014-07-0229-1633/+0
| | | | No objection from the usual suspects.
* KNF.jsing2014-07-021-61/+51
|
* Avoid a NULL deref in i2d_ECPrivateKey() when an EC_KEY lacks the public keymiod2014-07-011-2/+2
| | | | | | member (which is perfectly acceptable). From BoringSSL (Adam Langley), commit f71a27920a903c9c36bcb31e68781b17674d3fd2
* simplify and unobfuscate a variable to fix a mem leak.tedu2014-06-301-6/+9
| | | | original diff by logan
* fix the identical leak in three different files.tedu2014-06-306-12/+18
| | | | reported by Brent Cook, original diff by logan
* Free "data" when it's no longer in use.logan2014-06-291-1/+2
| | | | | | (Thanks to Brent Cook) OK from jsing@
* Fix file descriptor leaklogan2014-06-291-1/+2
| | | | | | (Thanks to Brent Cook) OK from jsing@
* Remove yet another unused file... a backup copy (minus copyright andjsing2014-06-291-66/+0
| | | | includes) follows this commit message:
* KNF.jsing2014-06-2911-1606/+1563
| | | | | | | | I just spent too long chasing a bug in here and really should have done this first. Gem of the day... is it an if test or a for loop? No, it is a super ifloop! if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
* Remove another unused source file - I got suspicious when I found ajsing2014-06-291-460/+0
| | | | | | | | function that ended with: if (ret & 0x01) if (ret & V_ASN1_CONSTRUCTED) }
* More KNF.jsing2014-06-292-64/+98
|
* correct issetugid sense as spotted by Stijn van Drongelen.deraadt2014-06-291-3/+7
| | | | Substantially expand the conditional to reduce potential for error.
* Add a missing word.jca2014-06-281-1/+1
|
* Fix a memory leak and another one that occurs in the error paths.logan2014-06-281-2/+6
| | | | | | | (Thanks to Brent Cook) OK from tedu@
* Fix 9 memory leaks.logan2014-06-281-1/+10
| | | | | | | | (Thanks to Brent Cook) With help from tedu@ OK from tedu@
* Fix 2 memory leaks.logan2014-06-282-2/+6
| | | | | | (Thanks to Brent Cook) OK from tedu@
* Use strtonum() instead of atoi(), and then impose what are we thinkderaadt2014-06-2813-102/+211
| | | | | | are the current range checks. Help from millert and lteo. Please test now that it is deployed and let us know if any numbers are off.. ok lteo
* When building a BN on the stack in BN_div(), make sure to initialize all itsmiod2014-06-271-1/+2
| | | | | | fields (i.e. the flags field) before using it. This is currently harmless, but might not be if we end up invoking other BN functions checking for constant-time processing requirement in the future.
* save_errno botch; spotted by miodderaadt2014-06-271-2/+2
|
* hand-KNF macro the do { } while loopsderaadt2014-06-274-40/+49
|
* hand-KNF the remaining bitsderaadt2014-06-271-98/+106
|
* Remove M_ASN1_New* macros which are only used in X509_PKEY_new() are obfuscatemiod2014-06-272-22/+16
| | | | | | it to hide memory leaks in the error paths, and fix aforementioned memory leaks. ok jsing@ logan@ deraadt@
* save errno in ERR_put_error(), so that SYSerr doesn't have any accidentalderaadt2014-06-261-1/+3
| | | | | cases where errno can be trashed. ok jsing
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-245-20/+9
|
* Remove previously commented out wrong code, as well as the comment saying thismiod2014-06-241-3/+1
| | | | is incorrect code.
* Remove ancient workaround for previous century's compilers in the declarationmiod2014-06-241-2/+1
| | | | of CRYPTO_EX_DATA; riding upon the libcrypto major bump.
* Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals itmiod2014-06-242-627/+1
| | | | | should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
* If a chacha operation does not consume all of the generated key stream,jsing2014-06-243-7/+46
| | | | | | | | | | | | | | | | ensure that we save it and consume it on subsequent writes. Otherwise we end up discarding part of the key stream and instead generate a new block at the start of the next write. This was only an issue for callers that did multiple writes that are not multiples of 64 bytes - in particular, the ChaCha20Poly1305 usage does not hit this problem since it performs encryption in a single-shot. For the same reason, this is also a non-issue when openssl(1) is used to encrypt with ChaCha. Issue identified by insane coder; reported to bugs@ by Joseph M. Schwartz. ok beck@
* Some KNF.jsing2014-06-241-6/+12
|
* Replace 48 lines of code with a single inet_pton() call. The previousjsing2014-06-241-48/+3
| | | | | | | | | | | | | handrolled version could not even make use of sscanf(), since that would not work with a certain antiquated compiler. It is worth noting that there is a tiny change in behaviour - previously calling BIO_get_host_ip() with something that looked like it might be a valid IP address (for example, "1." or even ".") would result in it returning failure rather than trying a BIO_gethostbyname() - now we'll always try a BIO_gethostbyname() if it was not a valid IPv4 address. ok beck@ miod@ deraadt@
* Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magicallyjsing2014-06-241-16/+3
| | | | | | appear by itself. ok beck@ miod@
* Fix memory leak.logan2014-06-241-2/+4
| | | | | | Thanks to Brenk Cook. OK from miod@
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-235-13/+24
| | | | ok miod
* KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() andguenther2014-06-222-48/+88
| | | | | | multiline comments ok jsing@
* BIO_sock_init() no longer does anything, so stop calling it.jsing2014-06-221-10/+1
|
* Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.jsing2014-06-221-14/+4
|
* In BIO_get_port(), use strol() with appropriate range checks rather thanjsing2014-06-223-34/+50
| | | | | | | an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@
* nuke unused test programs; ok jsingderaadt2014-06-222-46/+2
|
* More KNF.jsing2014-06-221-5/+5
|
* KNF.jsing2014-06-223-208/+203
|
* KNF.jsing2014-06-226-961/+1081
|
* More KNF.jsing2014-06-223-9/+9
|
* always compare memcmp against 0, for clarity.tedu2014-06-216-14/+14
|
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-216-46/+58
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Specify the correct strength bits for 3DES cipher suites.jsing2014-06-212-30/+26
| | | | | | From OpenSSL. ok miod@
* Switch to the ISC licensed versions of these files, which Google has madejsing2014-06-212-101/+26
| | | | | | available via boringssl. ok deraadt@
* Pull out the sequence number selection and handle this up front. Also, thejsing2014-06-212-18/+12
| | | | correct record is already known, so avoid reassignment.
* More KNF and clean up.jsing2014-06-212-26/+18
|
* More KNF.jsing2014-06-218-61/+56
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 07:33:07 +0000