summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix typo in comment; ok becktj2016-04-192-4/+4
|
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-132-8/+8
| | | | EVP_aead_chacha20_poly1305_ietf().
* After opening an AEAD, ensure that the decrypted output matches thejsing2016-04-131-0/+5
| | | | plaintext for the regress test case.
* two times a define to an inline function, from Michael McConville; ok djm@otto2016-04-121-10/+19
|
* tweak MALLOC_STATS printing (switched off by default), prodded byotto2016-04-091-14/+14
| | | | Michael McConville
* redundant memset(3), from Michael McConville, ok armani@otto2016-04-091-2/+1
|
* hexidecimal->hexadecimal; from mmccjmc2016-04-071-4/+4
| | | | ok beck
* Prefer _MUTEX_*LOCK over _THREAD_PRIVATE_MUTEX_*LOCK() when thread-specificguenther2016-04-052-8/+8
| | | | | | data isn't necessary. ok mpi@, ok&tweak natano@
* Update example in comment: setlogin doesn't use {PROTO,DEF}_WRAP() nowguenther2016-04-051-8/+8
|
* Document ``use after free'' error messageotto2016-04-031-2/+4
|
* for some time now mandoc has not required MLINKS to functionjmc2016-03-307-1233/+7
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-272-2/+6
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* fix the last bunch of NAME sections that were overlooked earlierschwarze2016-03-261-2/+9
| | | | | such that the MLINKS removal can be committed after this; OK jmc@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-214-8/+8
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-209-13/+13
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* properly guard to macrosmmcc2016-03-171-5/+5
| | | | ok otto@
* explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2016-03-172-48/+54
| | | | | | | information and they should not be a performance bottleneck ok miod@ krw@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-1510-18/+18
| | | | Started by diff from Mical Mazurek.
* small step towards multiple pools: move two globls into the struct dir_infootto2016-03-141-112/+126
| | | | ok @stefan armani@
* environ and __progname are not declared in a public header; declare themguenther2016-03-134-10/+4
| | | | | | in libc's hidden/stdlib.h instead of in each .c file that needs one ok deraadt@ gsoares@ mpi@
* check return value for BN_hex2bn in regression testsbcook2016-03-131-4/+10
|
* Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook2016-03-134-4/+4
| | | | | | | | Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
* Add error handling to the remaining calls to bn_wexpand().bcook2016-03-124-32/+46
| | | | | | | Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
* Remove sentences in RETURN VALUES sections saying that functions withmmcc2016-03-1228-79/+14
| | | | | | | | | | | | | void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
* Bump for LibreSSL 2.4.0bcook2016-03-122-6/+6
|
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-1130-148/+92
| | | | ok doug@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-106-14/+14
|
* un-vax;jmc2016-03-101-3/+3
|
* http -> https for IETF/IANA URLs in commentsmmcc2016-03-072-8/+8
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-064-6/+18
|
* Make sure stdio functions don't end up in the library, from miod@beck2016-03-067-15/+39
| | | | ok doug@ bcook@
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-044-8/+32
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Revert bn_expand until there's consensus on a fix.doug2016-03-042-28/+6
|
* fix the rest of the read_ledword() calls used as lengths to be bounded.beck2016-03-022-2/+10
| | | | | inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
* Add bounds checking for BN_hex2bn/BN_dec2bn.doug2016-03-024-20/+52
| | | | | | | | | Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
* bound lengths coming out of a pem file to something like realitybeck2016-03-022-6/+14
| | | | ok deraadt@
* Remove support for ancient, broken DSA implementations.doug2016-03-012-120/+40
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* remove NULL checks for pqueue_free()mmcc2016-02-292-22/+12
| | | | ok doug@
* Add a test for negated POSIX characer classes.millert2016-02-261-0/+1
|
* refactor option letter parsing into a subfunction, to increase clarityderaadt2016-02-251-93/+102
| | | | | about which options are turned on/off by 's' and 'S' ok tedu
* Sync some root certificates with Mozilla's cert store. ok bcook@sthen2016-02-171-84/+1016
| | | | | | | | | | | | | | | | | | | - Add new root certificates present in Mozilla cert store from CA organizations who are already in cert.pem (AddTrust, Comodo, DigiCert, Entrust, GeoTrust, USERTrust). - Replace Startcom's root with their updated sha256 version present in Mozilla cert store. (They maintained serial# etc so this is still valid for existing signed certificates). - Add two root certificates from CA not previously present: "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority" "C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru) We are still listing some certificates that have been removed from Mozilla's store (1024-bit etc) however these cannot be removed until cert validation is improved (we don't currently accept a certificate as valid unless the CA is at the end of a chain).
* word fix from previous; ok sthenjmc2016-02-121-3/+3
|
* sslv3 has been removed;jmc2016-02-081-16/+21
| | | | | prompted by a mail from jiri navratil help/ok sthen
* compare pointer to NULL in example codemmcc2016-02-071-3/+3
|
* be more forceful about not using these.espie2016-02-051-2/+9
| | | | improvements sthen@, jmc@. okay millert@, jca@ jmc@
* Fix err(3) calls after allocation failures in examples.schwarze2016-02-051-8/+8
| | | | | | There is long-standing consensus that err(1, NULL) is the best idiom after failure of malloc(3) and friends. Quirk in the manual noticed by tb@.
* Sort cert.pem alphabetically, first by organisation, then by CA namesthen2016-02-011-1604/+1584
| | | | | | | | | | | (CN if available, otherwise OU). Add a comment identifying the org. Now to get an easy-to-read list of certificates in the file you can use "grep ^[#=] cert.pem". Prepared with https://spacehopper.org/format-pem.20160201. If you would like to verify this commit to ensure that I didn't sneak in any other changes, it will be easier to use the script rather than do it by hand.
* Revamp cert.pem certificate information formatting. Skip headers whichsthen2016-01-311-2459/+184
| | | | | | | | | aren't really useful (the information can be obtained by feeding the cert into "openssl x509 -in filename -text") and add a separator between certs showing the CA's CN or OU (similar to the display format in web browsers). Include both SHA1 and SHA256 fingerprints for all certificates. ok beck@ zhuk@ jung@
* Therefor -> Therefore (where appropriate)tb2016-01-292-2/+2
| | | | from ray@, ok jmc@
* deprecate SSL_OP_SINGLE_DH_USElibressl-v2.3.2beck2016-01-274-74/+12
| | | | ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 02:45:43 +0000