| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
by adding an enc_flags field to the ssl3_enc_method, specifying four flags
that are used with this field and providing macros for evaluating these
conditions. Currently the version requirements are identified by
continually checking the version number and other criteria.
This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2,
since they have different enc_flags from TLS v1.
Based on changes in OpenSSL head.
No objection from miod@
|
|
EVP_CIPHER_CTX_free() does a NULL check, then calls EVP_CIPHER_CTX_cleanup()
and frees the memory. COMP_CTX_free() also had its own NULL check, so there
is no point in duplicating that here.
ok beck@
|
|
unchecked.
In the case of tls1_change_cipher_state(), it is fairly pointless to use
ssl_replace_hash(), since it does not initialise the hash and there is
special handling required in the DTLS write case. Instead, just inline
the part of ssl_replace_hash() that is needed and only
ssl_clear_hash_ctx() the write hash in the non-DTLS case.
Also add a detailed comment explaining why there needs to be specialised
handling for DTLS write context and where the contexts are actually freed.
ok miod@
|
|
|
|
from the cipher and message digest handling, allowing for upcoming changes.
Based on Adam Langley's chromium diffs.
ok miod@
|
|
the calls in libssl actually checks the return value before using it. Add
NULL checks for the remaining three calls.
ok miod@
|
|
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
|
|
|
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.
ok miod guenther
|
|
|
|
(with an XXX comment, though) in d1_pkt.c in 2005.
|
|
|
|
|
|
|
|
opensslconf.h is just a dummy, we're lightyears away from working userspace.
ok deraadt@
|
|
if (nothing to allocate)
ptr = malloc(1)
else {
if ((ptr = malloc(size to allocate))
memcpy(ptr, data to copy, size to allocate)
}
if (ptr == NULL)
OMG ERROR
with a saner logic where the NULL pointer check if moved to the actual
malloc branch, so that we do not need to malloc a single byte, just to avoid
having a NULL pointer.
Whoever thought allocating a single byte was a smart idea was obviously
not taking his meds.
ok beck@ guenther@
|
|
!OPENSSL_NO_COMP case. Does not affect OpenBSD as we compile the opposite code
path.
|
|
#if 1 /* new with openssl 0.9.4 */
current code;
#else
obsolete code;
#endif
|
|
|
|
factoring error handling.
ok jsing@
|
|
EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was
overloaded to indicate success/failure, along with the number of bytes
written as output. This change adds an explicit *out_len argument which
is used to return the number of output bytes and the return value is now
an int that is purely used to identify success or failure.
This change effectively rides the last libcrypto crank (although I do not
expect there to be many users of the EVP AEAD API currently).
Thanks to Adam Langley for providing the improved code that this diff is
based on.
ok miod@
|
|
|
|
|
|
|
|
|
|
|
|
From Marcos Marado:
OK from tedu@
|
|
|
|
|
|
|
|
call it, and windows service software can figure this out on its own.
ok beck miod
|
|
|
|
ok beck
|
|
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
|
crypto memory debugging code has been castrated.
ok miod@ "kill it" beck@
|
|
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.
Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.
ok miod@
|
|
|
|
arrays.
"kind of scary" deraadt@, ok guenther@
|
|
code. Remove workaround.
|
|
ok miod@
|
|
OPENSSL_EXPORT_VAR_AS_FUNCTION.
ok miod@
|
|
|
|
|
|
|
|
from OpenSSL HEAD.
ok beck@ deraadt@ jsing@
|
|
it's time to remove the test for a possible need to free().
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
