summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-286-18/+42
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* Add missing year to copyright.jsing2014-07-252-4/+4
|
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-2519-71/+45
| | | | | | Remove unnecessary NULL check. ok miod@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-231-4/+7
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-231-10/+17
| | | | | | | within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-231-6/+11
| | | | | | value is happily dereferenced without checking it for being non-NULL). ok beck@
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-222-12/+10
| | | | | | | EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-221-8/+8
| | | | | | | | | | | it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
* Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memoryguenther2014-07-221-6/+10
| | | | | | when BIO_new_{file,fp}() fails. inspired by a diff from logan@ ok miod@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-226-15/+20
| | | | | NULL before an intrinsic strdup. ok miod@
* Mark the format string argument to BIO_*printf as not being allowed to be NULLguenther2014-07-201-5/+7
| | | | ok bcook@
* Fix strtonum range to unbreak -pass fd:0lteo2014-07-191-2/+2
| | | | ok deraadt@
* missing newlinederaadt2014-07-181-2/+2
|
* avoid errx(); Jonas Termansenderaadt2014-07-171-3/+5
|
* avoid sys/param.h; Jonas Termansenderaadt2014-07-173-7/+8
|
* Missing bounds check in ssl3_get_certificate_request(), was not spotted inmiod2014-07-172-2/+12
| | | | 1.78; reported by Ilja Van Sprundel.
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* do not need a variable to track locking, since all code paths have itderaadt2014-07-161-5/+2
| | | | locked throughout.
* not needed anymorederaadt2014-07-142-1173/+0
|
* Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().miod2014-07-142-12/+12
| | | | From BoringSSL.
* whitespacederaadt2014-07-1445-172/+172
|
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-141-27/+19
| | | | ok tedu
* Stop leaking internal library pointers in error messages.jsing2014-07-132-4/+4
| | | | Requested by miod@
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-132-2/+4
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-132-118/+108
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-132-52/+594
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-132-54/+2
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-132-4/+2
|
* Expand the tlsext_sigalg macros. The end result is about the same numberjsing2014-07-132-32/+38
| | | | | | of lines and much more readable. ok miod@
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-132-150/+196
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1325-85/+92
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-131-1/+2
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-1311-15/+15
|
* Warn about the use of BUF_strdup.miod2014-07-131-2/+4
|
* unbreak build this needed to be an and..beck2014-07-134-8/+8
| | | | ok jsing@
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* Possible PBEPARAM leak in the error path.miod2014-07-131-6/+8
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without havingmiod2014-07-131-3/+9
| | | | | | | | | | | | | to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* Take out __bounded__ in the include files we use it in when not on OpenBSD.beck2014-07-134-5/+16
| | | | | | | while we can take it out in portable at compile time, it is still a problem when we install this header file on a system that doesn't support __bounded__ if this is unguarded. ok miod@ bcook@
* No need to include evp_locl.h in there.miod2014-07-136-18/+6
|
* KNF and some code cleaning.jsing2014-07-132-72/+92
|
* remove silly castderaadt2014-07-131-2/+2
|
* Another large dose of KNF.jsing2014-07-132-472/+814
|
* Apply a large dose of KNF.jsing2014-07-122-252/+404
|
* duplicate function names in head1miod2014-07-122-2/+2
|
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-1218-236/+236
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* No need to include asn1_mac.h here.miod2014-07-122-4/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 13:57:49 +0000