| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Wrong logic; Coverity CID 78894 | miod | 2015-02-15 | 1 | -1/+1 | |
| | | ||||||
| * | If we decide to discard the provided seed buffer because its size is not | miod | 2015-02-15 | 2 | -16/+12 | |
| | | | | | | | | | large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@ | |||||
| * | Check ASN1_OCTET_STRING_new() for failure. Coverity CID 78904 | miod | 2015-02-15 | 2 | -12/+16 | |
| | | | | | ok doug@ | |||||
| * | In ec_wNAF_mul(), move the declaration of tmp_wNAF higher in scope, so that | miod | 2015-02-15 | 2 | -12/+10 | |
| | | | | | | all the function's exit paths can make sure it gets freed. Coverity CID 78861 tweaks & ok doug@ jsing@ | |||||
| * | lsearch and lfind return void * | tedu | 2015-02-15 | 1 | -4/+4 | |
| | | ||||||
| * | Support for nc -T on IPv6 addresses. | jca | 2015-02-14 | 1 | -7/+16 | |
| | | | | | ok sthen@ | |||||
| * | Remove asn1_ex_i2c() prototype, now that this function has been made static; | miod | 2015-02-14 | 2 | -4/+2 | |
| | | | | | reminded by bcook@ | |||||
| * | Words read better when they are separated by spaces. | miod | 2015-02-14 | 2 | -2/+2 | |
| | | ||||||
| * | 1.18 would introduce a possible out-of-bounds access in the error path; | miod | 2015-02-14 | 2 | -14/+10 | |
| | | | | | | Coverity CID 105346 ok doug@ | |||||
| * | Remove DEBUG_PKCS5V2 code. | miod | 2015-02-14 | 2 | -50/+2 | |
| | | ||||||
| * | Unchecked allocations in x509_name_canon(). | miod | 2015-02-14 | 2 | -2/+10 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Memory leak upon error in X509_add1_{trust,reject}_object. | miod | 2015-02-14 | 2 | -14/+46 | |
| | | | | | ok doug@ | |||||
| * | Manually expand IMPLEMENT_EXTERN_ASN1 macro (the only occurence in crypto). | jsing | 2015-02-14 | 2 | -6/+20 | |
| | | | | | Only change to generated assembly is due to line numbers. | |||||
| * | Remove IMPLEMENT_COMPAT_ASN1() and related support code. Nothing uses it in | miod | 2015-02-14 | 10 | -282/+14 | |
| | | | | | | | libcrypto/libssl, and nothing seems to use it in the wild, apart from embedded copies of OpenSSL. ok jsing@ | |||||
| * | Make asn1_ex_i2c() static. ok jsing@ | miod | 2015-02-14 | 2 | -4/+8 | |
| | | ||||||
| * | Memory leak in `should not happen' condition; Coverity CID 78889. | miod | 2015-02-14 | 2 | -8/+8 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Memory leak upon error; Coverity CID 78857 | miod | 2015-02-14 | 2 | -2/+8 | |
| | | | | | | ok doug@ jsing@ CVy: Committing in . | |||||
| * | Check i2d_name_canon() for failure (negative return). Coverity CID 78888. | miod | 2015-02-14 | 2 | -12/+16 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Possible NULL pointer dereferences. Coverity CID 21719, 21732. | miod | 2015-02-14 | 4 | -6/+14 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Potential NULL dereference in the error path; Coverity CID 21720 | miod | 2015-02-14 | 2 | -4/+4 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Coverity CID 21733 (unchecked allocation), 78823 (leak on error). | miod | 2015-02-14 | 2 | -2/+12 | |
| | | | | | ok doug@ jsing@ | |||||
| * | Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217. | miod | 2015-02-14 | 4 | -4/+14 | |
| | | | | | ok jsing@ | |||||
| * | Memory leaks upon error. Coverity CID 78874. | miod | 2015-02-14 | 2 | -20/+20 | |
| | | | | | ok jsing@ | |||||
| * | Fix tests that got incorrectly inverted with the BN_CTX_get() return check | jsing | 2015-02-14 | 2 | -10/+10 | |
| | | | | | | | diff. Spotted by miod@ | |||||
| * | Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making the | jsing | 2015-02-14 | 6 | -120/+832 | |
| | | | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ | |||||
| * | Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making the | jsing | 2015-02-14 | 2 | -18/+106 | |
| | | | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ | |||||
| * | Attempt to correctly free temporary storage upon error. With help from | miod | 2015-02-14 | 2 | -30/+36 | |
| | | | | | | doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime at commiting bugfixes) | |||||
| * | second batch of perlpod(1) to mdoc(7) conversion | schwarze | 2015-02-14 | 23 | -924/+1381 | |
| | | ||||||
| * | While doing development work on pod2mdoc(1), | schwarze | 2015-02-14 | 11 | -534/+773 | |
| | | | | | | | profit of the occasion to start the conversion of LibreSSL libcrypto manuals from perlpod(1) to mdoc(7). miod@ jmc@ bentley@ agreed to the process when shown this patch. | |||||
| * | Spell NULL correctly, be explicit with NULL checks and it is also easier to | jsing | 2015-02-14 | 4 | -20/+12 | |
| | | | | | | | initialise during declaration and drop the else statement. ok doug@ miod@ | |||||
| * | Fix pod markup error. | miod | 2015-02-14 | 1 | -1/+1 | |
| | | ||||||
| * | Try and fix a bunch of memory leaks upon error; | miod | 2015-02-14 | 6 | -24/+66 | |
| | | | | | ok tedu@ about 7 months ago and I was sitting upon this diff for no reason | |||||
| * | Consistently check the return value from BN_CTX_get() on assignment. | jsing | 2015-02-14 | 8 | -84/+88 | |
| | | | | | | | | This is the same as the previous larger commit, however it would seem the GOST part got missed. ok beck@ doug@ | |||||
| * | End sentences with dots. | miod | 2015-02-13 | 1 | -3/+3 | |
| | | ||||||
| * | Don't leak memory on errors - fixes coverity issues 105353 105253 | beck | 2015-02-13 | 2 | -8/+18 | |
| | | | | | ok guenther@ jsg@ | |||||
| * | fix leaking of bn, coverity issue 105351 | beck | 2015-02-13 | 2 | -2/+4 | |
| | | | | | ok doug@ | |||||
| * | prevent a crash with openssl asn1parse -genstr FORMAT | jsg | 2015-02-12 | 2 | -2/+10 | |
| | | | | | | | aka ASN1_generate_nconf("FORMAT", NULL) ok krw@ beck@ jsing@ | |||||
| * | bump minor for TLS_PROTOCOLS_ALL. OK jsing@ | reyk | 2015-02-12 | 1 | -1/+1 | |
| | | ||||||
| * | Add a tls_config_parse_protocols() function that allows a protocols string | jsing | 2015-02-12 | 2 | -2/+63 | |
| | | | | | | | | | | to be converted into a libtls protocols value. This allows for things like: "tlsv1.0,tlsv1.1" (TLSv1.0 and TLSv1.1) "all,!tlsv1.0" (all protocols except TLSv1.0) Discussed with tedu@ and reyk@ | |||||
| * | Fix handling of "legacy" mode for tls_config_set_dheparams(). | jsing | 2015-02-12 | 1 | -2/+2 | |
| | | | | | Found by reyk@ | |||||
| * | qsort() compare functions MUST use memcmp() instead of bcmp() to have | guenther | 2015-02-12 | 1 | -2/+4 | |
| | | | | | | | the correct return value. Prefer memcmp() anyway for portability. ok jsing@ tedu@ | |||||
| * | Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALL | jsing | 2015-02-12 | 1 | -2/+4 | |
| | | | | | | | | | that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@. | |||||
| * | If you do not support POSIX I/O then you're not tall enough to ride... | jsing | 2015-02-12 | 8 | -46/+8 | |
| | | | | | ok tedu@ | |||||
| * | unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN, | jsing | 2015-02-12 | 8 | -48/+8 | |
| | | | | | | | however it is not likely to be removed any time soon. ok beck@ miod@ | |||||
| * | swap limits.h for sys/limits.h | bcook | 2015-02-12 | 1 | -1/+1 | |
| | | | | | ok jsing@ | |||||
| * | use a width specifier for lists, and Sq rather than Dq for single letters | jmc | 2015-02-11 | 1 | -3/+3 | |
| | | | | | to avoid swamping it; | |||||
| * | Provide a tls_connect_servername() function that has the same behaviour | jsing | 2015-02-11 | 4 | -6/+27 | |
| | | | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@ | |||||
| * | Be consistent with naming - only use "host" and "hostname" when referring | jsing | 2015-02-11 | 6 | -60/+61 | |
| | | | | | | | | | | | to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@ | |||||
| * | Do not rely upon malloc(0) not returning NULL. Not all malloc implementations | miod | 2015-02-11 | 1 | -6/+10 | |
| | | | | | | | have this property. Instead, skip the malloc and memcmp if their size is zero. Per bcook@ request in order to run on AIX | |||||
| * | Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment. | beck | 2015-02-11 | 18 | -24/+246 | |
| | | ||||||
