summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Bump libtls major due to symbol removal.jsing2015-02-221-3/+2
|
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-224-21/+20
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* Check return values when setting dheparams and ecdhecurve for the defaultjsing2015-02-221-11/+14
| | | | configuration.
* In the interests of being secure by default, make the default TLS ciphersjsing2015-02-222-2/+17
| | | | | | | be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that allows the previous default ciphers to be selected. Discussed with tedu@ during s2k15.
* explain how tls_accept_socket works.tedu2015-02-211-2/+9
|
* tls_config_set_protocols is really void. Greg Martin.tedu2015-02-211-3/+3
|
* fill out docs a bit more, notably the read/write again behaviors.tedu2015-02-211-3/+27
| | | | ok jsing
* If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,jsing2015-02-192-6/+16
| | | | | | | | | BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
* BN_free() has its own NULL check.jsing2015-02-191-14/+7
|
* KNF.jsing2015-02-191-766/+834
|
* fix coverity 105350 and 10345beck2015-02-181-1/+2
| | | | ok miod@, doug@
* Memory leak in error path. Coverity CID 78822.miod2015-02-172-16/+18
| | | | ok doug@
* Amend documentation for AI_ADDRCONFIGjca2015-02-161-2/+4
| | | | ok jmc@
* third batch of perlpod(1) to mdoc(7) conversionschwarze2015-02-1625-1367/+2121
|
* Add more error checking and free resources in bytestringtest.doug2015-02-161-26/+47
|
* Avoid calling BN_CTX_end() on a context that wasn't started.doug2015-02-152-8/+8
| | | | | | | | | | | In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@
* Use "In" to mark up include files, instead of wrongly wrapping with Aq.bentley2015-02-151-3/+3
| | | | | | | Aq is not the same as <> in non-ASCII situations, so this caused incorrect output in some places. And it provided no semantics besides. ok schwarze@
* Regenmiod2015-02-156-528/+564
|
* s/tls_load_keys/tls_load_file/jsing2015-02-151-2/+2
|
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-152-5/+27
| | | | tls_config_set_protocols().
* Fix various memory leaks by not exiting so abruptly from failed tests.miod2015-02-151-579/+507
|
* Remove ancient gcc workaround on mips.miod2015-02-151-3/+2
|
* Memory leak. Coverity CID 78865miod2015-02-151-2/+3
|
* Wrong logic; Coverity CID 78894miod2015-02-151-1/+1
|
* If we decide to discard the provided seed buffer because its size is notmiod2015-02-152-16/+12
| | | | | | | | large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
* Check ASN1_OCTET_STRING_new() for failure. Coverity CID 78904miod2015-02-152-12/+16
| | | | ok doug@
* In ec_wNAF_mul(), move the declaration of tmp_wNAF higher in scope, so thatmiod2015-02-152-12/+10
| | | | | all the function's exit paths can make sure it gets freed. Coverity CID 78861 tweaks & ok doug@ jsing@
* lsearch and lfind return void *tedu2015-02-151-4/+4
|
* Support for nc -T on IPv6 addresses.jca2015-02-141-7/+16
| | | | ok sthen@
* Remove asn1_ex_i2c() prototype, now that this function has been made static;miod2015-02-142-4/+2
| | | | reminded by bcook@
* Words read better when they are separated by spaces.miod2015-02-142-2/+2
|
* 1.18 would introduce a possible out-of-bounds access in the error path;miod2015-02-142-14/+10
| | | | | Coverity CID 105346 ok doug@
* Remove DEBUG_PKCS5V2 code.miod2015-02-142-50/+2
|
* Unchecked allocations in x509_name_canon().miod2015-02-142-2/+10
| | | | ok doug@ jsing@
* Memory leak upon error in X509_add1_{trust,reject}_object.miod2015-02-142-14/+46
| | | | ok doug@
* Manually expand IMPLEMENT_EXTERN_ASN1 macro (the only occurence in crypto).jsing2015-02-142-6/+20
| | | | Only change to generated assembly is due to line numbers.
* Remove IMPLEMENT_COMPAT_ASN1() and related support code. Nothing uses it inmiod2015-02-1410-282/+14
| | | | | | libcrypto/libssl, and nothing seems to use it in the wild, apart from embedded copies of OpenSSL. ok jsing@
* Make asn1_ex_i2c() static. ok jsing@miod2015-02-142-4/+8
|
* Memory leak in `should not happen' condition; Coverity CID 78889.miod2015-02-142-8/+8
| | | | ok doug@ jsing@
* Memory leak upon error; Coverity CID 78857miod2015-02-142-2/+8
| | | | | ok doug@ jsing@ CVy: Committing in .
* Check i2d_name_canon() for failure (negative return). Coverity CID 78888.miod2015-02-142-12/+16
| | | | ok doug@ jsing@
* Possible NULL pointer dereferences. Coverity CID 21719, 21732.miod2015-02-144-6/+14
| | | | ok doug@ jsing@
* Potential NULL dereference in the error path; Coverity CID 21720miod2015-02-142-4/+4
| | | | ok doug@ jsing@
* Coverity CID 21733 (unchecked allocation), 78823 (leak on error).miod2015-02-142-2/+12
| | | | ok doug@ jsing@
* Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.miod2015-02-144-4/+14
| | | | ok jsing@
* Memory leaks upon error. Coverity CID 78874.miod2015-02-142-20/+20
| | | | ok jsing@
* Fix tests that got incorrectly inverted with the BN_CTX_get() return checkjsing2015-02-142-10/+10
| | | | | | diff. Spotted by miod@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-146-120/+832
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-142-18/+106
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Attempt to correctly free temporary storage upon error. With help frommiod2015-02-142-30/+36
| | | | | doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime at commiting bugfixes)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 19:43:50 +0000