summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().miod2014-07-142-12/+12
| | | | From BoringSSL.
* whitespacederaadt2014-07-1445-172/+172
|
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-141-27/+19
| | | | ok tedu
* Stop leaking internal library pointers in error messages.jsing2014-07-132-4/+4
| | | | Requested by miod@
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-132-2/+4
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-132-118/+108
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-132-52/+594
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-132-54/+2
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-132-4/+2
|
* Expand the tlsext_sigalg macros. The end result is about the same numberjsing2014-07-132-32/+38
| | | | | | of lines and much more readable. ok miod@
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-132-150/+196
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1325-85/+92
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-131-1/+2
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-1311-15/+15
|
* Warn about the use of BUF_strdup.miod2014-07-131-2/+4
|
* unbreak build this needed to be an and..beck2014-07-134-8/+8
| | | | ok jsing@
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* Possible PBEPARAM leak in the error path.miod2014-07-131-6/+8
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without havingmiod2014-07-131-3/+9
| | | | | | | | | | | | | to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* Take out __bounded__ in the include files we use it in when not on OpenBSD.beck2014-07-134-5/+16
| | | | | | | while we can take it out in portable at compile time, it is still a problem when we install this header file on a system that doesn't support __bounded__ if this is unguarded. ok miod@ bcook@
* No need to include evp_locl.h in there.miod2014-07-136-18/+6
|
* KNF and some code cleaning.jsing2014-07-132-72/+92
|
* remove silly castderaadt2014-07-131-2/+2
|
* Another large dose of KNF.jsing2014-07-132-472/+814
|
* Apply a large dose of KNF.jsing2014-07-122-252/+404
|
* duplicate function names in head1miod2014-07-122-2/+2
|
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-1218-236/+236
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* No need to include asn1_mac.h here.miod2014-07-122-4/+2
|
* remove double brackets. fixes build with clang.jsg2014-07-122-4/+4
| | | | ok jsing@
* Remove this sentence:miod2014-07-121-3/+2
| | | | | | | ``The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them.'' This kind of naively optimistic attitude is not compatible with security.
* We have EVP_CIPH_FLAG_DEFAULT_ASN1 in evp.h; no need to keep constructs tomiod2014-07-121-34/+28
| | | | | | build on pre-EVP_CIPH_FLAG_DEFAULT_ASN1 codebases. ok jsing@
* Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenmiod2014-07-129-155/+36
| | | | done for other symmetric algorithms recently.
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-128-56/+62
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* In openssl_startup(), call SSL_library_init() and SSL_load_error_strings().jsing2014-07-128-28/+10
| | | | | | | | This allows us to remove the ERR_load_crypto_strings() call, along with the various SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() calls scattered around the place. ok beck@
* Make the BLOCK_CIPHER_{generic,custom} macros expand to more readable structmiod2014-07-121-67/+102
| | | | definitions using C99 field initializers. No functional change.
* Remove extra parenthesis.jsing2014-07-122-4/+4
|
* need_cert is now always true, so remove the variable and associatedjsing2014-07-122-66/+42
| | | | | | conditionals. ok miod@
* openssl(1) is only built as a single monolithic binary, so just calljsing2014-07-1239-154/+47
| | | | | | load_config() once when we start. ok miod@
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* A few fixes/improvements:miod2014-07-121-20/+19
| | | | | | | | | | | | | | | | - first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
* Make sure the return value of X509_NAME_oneline(, NULL,) is checked againstmiod2014-07-122-5/+13
| | | | | NULL. ok deraadt@ guenther@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-1266-563/+327
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-123-3/+12
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-1216-318/+86
| | | | ok beck@ miod@
* typosmiod2014-07-123-5/+5
|
* Place comments in a block above the if statement, rather than attemptingjsing2014-07-124-94/+126
| | | | | to interleave them within the conditions. Also fix wrapping and indentation.
* Make disabling last cipher work.guenther2014-07-122-18/+18
| | | | | From Thijs Alkemade via OpenSSL trunk ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 12:34:36 +0000