summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_lib.c
AgeCommit message (Collapse)Author
2014-06-12tags as requested by miod and teduTheo de Raadt
2014-06-07Remove another NULL check before a BIO_free().Joel Sing
2014-06-07ssl3_free_digest_list() has its own NULL check.Joel Sing
2014-06-07BIO_free has an implicit NULL check, so do not bother checking for NULLJoel Sing
before calling it.
2014-06-07ssl3_release_{read,write}_buffer() handle being called with NULL buffers,Joel Sing
so do not bother checking before calling.
2014-06-07The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all haveJoel Sing
implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
2014-05-31More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.Joel Sing
2014-05-31ECDH and ECDSA will not work overly well if there is no EC, so unifdefJoel Sing
OPENSSL_NO_EC. ok tedu@
2014-05-31TLS would not be entirely functional without extensions, so unifdefJoel Sing
OPENSSL_NO_TLSEXT. ok tedu@
2014-05-30remove some #if 0 code. we don't need any more reminders that we're usingTed Unangst
a not quite appropriate data structure. ok jsing
2014-05-30Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andJoel Sing
SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
2014-05-29unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.Ted Unangst
ok deraadt jsing
2014-05-29Make it substantially easier to identify protocol version requirementsJoel Sing
by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
2014-05-28There is no point in checking if a pointer is non-NULL before calling free,Joel Sing
since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
2014-05-26Replace the following logic:Miod Vallat
if (nothing to allocate) ptr = malloc(1) else { if ((ptr = malloc(size to allocate)) memcpy(ptr, data to copy, size to allocate) } if (ptr == NULL) OMG ERROR with a saner logic where the NULL pointer check if moved to the actual malloc branch, so that we do not need to malloc a single byte, just to avoid having a NULL pointer. Whoever thought allocating a single byte was a smart idea was obviously not taking his meds. ok beck@ guenther@
2014-05-25Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofJoel Sing
this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
2014-05-24Use C99 initialisers for SSL3_ENC_METHOD structs.Joel Sing
ok miod@
2014-05-23Clean up the SSL cipher initialisation and use C99 initialisers forJoel Sing
clarity, grepability and to protect from future field reordering/removal. ok miod@
2014-05-22There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anJoel Sing
empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
2014-05-22Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.Joel Sing
ok beck@ miod@
2014-05-20KSSL is dead... nuke KSSL_DEBUG from orbit.Joel Sing
ok beck@ miod@
2014-05-17deleted seed some time agoTed Unangst
2014-05-05Remove SRP and Kerberos support from libssl. These are complex protocolsTed Unangst
all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
2014-04-24More KNF, things that couldn't be verified with md5(1), and some whitespaceRyan Thomas McBride
I missed on the first go around.
2014-04-24KNFRyan Thomas McBride
2014-04-21more malloc/realloc/calloc cleanups; ok beck kettenisTheo de Raadt
2014-04-19More KNF and style consistency tweaksPhilip Guenther
2014-04-18spacingTed Unangst
2014-04-17whack a bunch of disabled code. ok beck lteoTed Unangst
2014-04-17always build in RSA and DSA. ok deraadt miodTed Unangst
2014-04-17Change library to use intrinsic memory allocation functions instead ofBob Beck
OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
2014-04-16add back SRP. i was being too greedy.Ted Unangst
2014-04-16disentangle SRP code from TLSTed Unangst
2014-04-14make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodTed Unangst
2014-04-14First pass at applying KNF to the OpenSSL code, which almost makes itJoel Sing
readable. This pass is whitespace only and can readily be verified using tr and md5.
2014-04-13Do not include "e_os.h" anymore. Simply pull in the necessary headers.Martin Pieuchot
ok miod@, deraadt@
2014-04-13remove more cases of MS_STATIC, MS_CALLBACK, and MS_FAR. Did youTheo de Raadt
know that MS_STATIC doesn't mean it is static? How far can lies and half-truths be layered? I wonder if anyone got fooled, and actually returned a pointer.. ok beck
2014-04-13Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.Miod Vallat
2014-02-27SECURITY fixes backported from openssl-1.0.1f. ok mikeb@Jeremie Courreges-Anglas
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
2012-10-13resolve conflictsDamien Miller
2012-01-05OpenSSL 1.0.0f: mergeDamien Miller
2011-11-03openssl-1.0.0e: resolve conflictsDamien Miller
2010-10-01resolve conflicts, fix local changesDamien Miller
2009-11-10pull Ben Lauries blind prefix injection fix for CVE-2009-3555 fromMarkus Friedl
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
2009-01-05update to openssl-0.9.8i; tested by several, especially krw@Damien Miller
2008-09-06resolve conflictsDamien Miller
2006-06-27resolve conflictsDamien Miller
2005-04-29resolve conflictsDamien Miller
2003-05-12merge 0.9.7b with local changes; crank majors for libssl/libcryptoMarkus Friedl
2002-09-10merge openssl-0.9.7-beta3, tested on vax by miod@Markus Friedl