summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* More memory leaks and unchecked allocations; OpenSSL PR #3403 via OpenSSLmiod2014-07-114-7/+19
| | | | trunk. (note we had already fixed some of the issues in that PR independently)
* Make sure BN_sqr never returns negative numbers.miod2014-07-111-1/+2
| | | | OpenSSL PR #3400 via OpenSSL trunk.
* Accept CCS again after `finished' has been sent by the client; at this pointmiod2014-07-112-10/+12
| | | | | | | keys have been correctly set up so it is ok to accept CCS from the server. Without renegotiation can sometimes fail. OpenSSL PR #3400 via OpenSSL trunk.
* In dtls1_clear_queues(), free buffered_add_data.q correctly, it's made ofmiod2014-07-112-8/+8
| | | | | | DTLS1_RECORD_DATA, not hm_fragment. OpenSSL PR #3286 via OpenSSL trunk.
* Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 viamiod2014-07-111-3/+3
| | | | OpenSSL trunk.
* Remove duplicate 0x for salt len in output; Martin Kaiser via OpenSSL trunk.miod2014-07-111-2/+2
|
* When looking for the issuer of a certificate, if the current candidate ismiod2014-07-113-13/+97
| | | | | | | expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
* In ssl3_get_client_key_exchange() parsing a GOST session key, invoke themiod2014-07-112-26/+16
| | | | | regular ASN.1 parser rather than trying to handroll one and potentially misbehave; OpenSSL PR #3335 via OpenSSL trunk.
* Missing calloc() return value check in dgram_sctp_ctrl(); from Kurt Roeckx viamiod2014-07-111-11/+21
| | | | OpenSSL trunk
* Make CMS_decrypt_set1_pkey() return an error if no recipient type matches,miod2014-07-111-3/+4
| | | | instead of returning a random key; OpenSSL PR #3348 via OpenSSL trunk
* Missing initialization for error line in error paths; from Coverity viamiod2014-07-112-2/+8
| | | | OpenSSL trunk.
* Missing initialization; OpenSSL PR#3289 and #3345 via OpenSSL trunk.miod2014-07-111-2/+3
|
* Provide correct version details for LibreSSL.jsing2014-07-111-77/+3
| | | | ok beck@ deraadt@ miod@
* Clean up versioning and remove #ifdefs that we do not define.jsing2014-07-111-34/+9
| | | | ok beck@
* Suspicions confirmed by sthen's searching that nothing uses ossl_ssize_tderaadt2014-07-111-3/+1
| | | | except embedded openssl's in other trees.
* pour some water on an ass emberderaadt2014-07-111-1/+1
| | | | spotted by doctor jsing, always keeping an eye out for these
* Fetch the specific license which will be used fromderaadt2014-07-111-0/+24
| | | | | | https://www.openssl.org/~appro/camellia/dist/BSD_license.txt It isn't our concern to supply the other licences mentioned in source files; that is realy not our problem.
* Remove the commentary about the majority of this code being underderaadt2014-07-112-6/+4
| | | | | | | 'BSD-style Open Source licenses'. It is a bit improper of OpenSSL to classify themselves into the BSD community without a clear justification for the extra clauses / terms...
* More e_os2.h clean up. Also move the includes inside the guard.jsing2014-07-111-20/+12
| | | | ok deraadt@ who also has a similar diff.
* Revert change that snuck into previous commit.jsing2014-07-111-3/+1
|
* Remove the PSK code. We don't need to drag around thisbeck2014-07-1125-1507/+27
| | | | | baggage. ok miod@ jsing@
* The only thing openssl is consistant about is inconsistancy, so therederaadt2014-07-112-2/+2
| | | | | | | are many variations of their license and we need to say: licenses which follow: rather than license which follows:
* say hi to the bitbucketderaadt2014-07-115-12388/+0
|
* replace u_int8_t with uint8_tbcook2014-07-111-3/+5
| | | | ok beck@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-11345-1097/+1145
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Add a small note about LibReSSL at the start of this.beck2014-07-112-0/+14
| | | | ok jsing@
* No need to keep ssl23_foo() flavours mapping to ssl3_foo().miod2014-07-119-86/+24
| | | | ok tedu@
* Remove JPAKE remnants - there is no jpake.h, so if OPENSSL_NO_JPAKE wasjsing2014-07-112-8/+1
| | | | removed from opensslconf.h, this would no longer compile.
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-10197-275/+731
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* OPENSSL_stderr() is unused so nuke it. OPENSSL_showfatal() is only used byjsing2014-07-102-12/+3
| | | | | | OpenSSLDie(), which is in the same file, so just make it static. ok miod@
* Use size_t as realloc() size argument whenever possible. ok tedu@miod2014-07-102-6/+8
|
* Simplify realloc() usage; ok tedu@miod2014-07-101-15/+6
|
* Upon realloc() failure, free() the original pointer and remove the stupidmiod2014-07-101-3/+3
| | | | | comments implying you don't have to. ok tedu@
* KNFmiod2014-07-101-26/+34
|
* Fix a double free in a can't-fail error path in PKCS7_decrypt(), by removingmiod2014-07-101-10/+6
| | | | | the error path altogether and simplifying the local variables as a result. joint work with jsing@; ok jsing@ tedu@
* remove unused variable from ssl3_get_client_hellobcook2014-07-102-6/+4
| | | | ok tedu@ miod@
* Inline the only use of the HEX_SIZE macro and nuke both DECIMAL_SIZE andjsing2014-07-102-7/+3
| | | | | | HEX_SIZE. ok beck@ miod@
* Make sure srp_Calc_k() digest operations are checked for error; frommiod2014-07-101-9/+17
| | | | Florian Zumbiehl (florz , florz . de) on tech@
* Make sure SRP_Calc_client_key() returns NULL instead of a pristine BN_new()miod2014-07-101-4/+9
| | | | upon error; from Florian Zumbiehl (florz , florz . de) on tech@
* Nuke OPENSSL_NONPIC_relocated since nothing uses it.jsing2014-07-102-4/+2
| | | | ok miod@
* Kill a blatantly outdated (and now wrong) commentmiod2014-07-101-4/+1
|
* Fix examples description, and use less ambiguous wording.miod2014-07-101-4/+4
|
* Try and fix the horrible coding style of the example code snippets.miod2014-07-1012-220/+244
|
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-10134-210/+453
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* Remove empty sections and references to des_modes(7) which we don't have.miod2014-07-1045-145/+28
|
* Fewer lies, also do not document DES_3cbc_encrypt anymore.miod2014-07-101-22/+6
|
* Features introduce in OpenSSL 0.9.8 do not deserve their own section.miod2014-07-101-21/+19
| | | | | Instead, fold their description in the main documentation, and update the history section to mention them as well.
* Attempt to (incompletely) document EVP_aes_*().miod2014-07-104-13/+15
| | | | | | | | | When EVP_des_cbc() was suggested, suggest EVP_aes_256_cbc() instead. Remove mention of EVP_des_ede3_cbc() being the algorithm of choice for S/MIME. Don't mention US-export limited RC2 algorithms, you'd better not know about them.
* RSA_setup_blinding() gets a BN with BN_CTX_get(), returns `out of memory'miod2014-07-101-6/+1
| | | | | | | | if it fails, then never uses it anymore, and may invoke a function which needs more than one BN from the BN_CTX anyway, so this is pointless - remove the BN_CTX_get() call and the test. ok jsing
* make asn1 free safe to call with null pointers of any type.tedu2014-07-101-4/+3
| | | | ok jsing miod
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 21:39:31 +0000