#
d376e57d |
| 12-May-2015 |
Dr. Stephen Henson |
Move signing digest out of CERT. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
76106e60 |
| 12-May-2015 |
Dr. Stephen Henson |
CERT tidy Move per-connection state out of the CERT structure: which should just be for shared configuration data (e.g. certificates to use). In particular move temporary premas
CERT tidy Move per-connection state out of the CERT structure: which should just be for shared configuration data (e.g. certificates to use). In particular move temporary premaster secret, raw ciphers, peer signature algorithms and shared signature algorithms. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
68570797 |
| 14-May-2015 |
Richard Levitte |
Identify and move OpenSSL internal header files There are header files in crypto/ that are used by the rest of OpenSSL. Move those to include/internal and adapt the affected source
Identify and move OpenSSL internal header files There are header files in crypto/ that are used by the rest of OpenSSL. Move those to include/internal and adapt the affected source code, Makefiles and scripts. The header files that got moved are: crypto/constant_time_locl.h crypto/o_dir.h crypto/o_str.h Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_10 |
|
#
16f8d4eb |
| 04-May-2015 |
Rich Salz |
memset, memcpy, sizeof consistency fixes Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For m
memset, memcpy, sizeof consistency fixes Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
b4faea50 |
| 02-May-2015 |
Rich Salz |
Use safer sizeof variant in malloc For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p change
Use safer sizeof variant in malloc For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
25aaa98a |
| 01-May-2015 |
Rich Salz |
free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" che
free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
66696478 |
| 01-May-2015 |
Rich Salz |
Remove goto inside an if(0) block There were a dozen-plus instances of this construct: if (0) { label: ..... } Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
4b45c6e5 |
| 30-Apr-2015 |
Rich Salz |
free cleanup almost the finale Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed
free cleanup almost the finale Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
222561fe |
| 30-Apr-2015 |
Rich Salz |
free NULL cleanup 5a Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_fre
free NULL cleanup 5a Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
b196e7d9 |
| 28-Apr-2015 |
Rich Salz |
remove malloc casts Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
c5ba2d99 |
| 28-Mar-2015 |
Rich Salz |
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EV
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
#
8fdc3734 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup. This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free, EC_POINT_clear_free, EC_POINT_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
ca3a82c3 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
d6407083 |
| 24-Mar-2015 |
Rich Salz |
free NULL cleanup Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt
free NULL cleanup Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
2c382349 |
| 14-Mar-2015 |
Kurt Roeckx |
Remove ssl_cert_inst() It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: Dr. Stephen Henson <
Remove ssl_cert_inst() It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
#
10bf4fc2 |
| 10-Mar-2015 |
Rich Salz |
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
9e9858d1 |
| 06-Feb-2015 |
Rich Salz |
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal docum
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
#
8dd94afb |
| 05-Feb-2015 |
Rich Salz |
Live code cleanup; #if 1 removal A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
c660ec63 |
| 23-Jan-2015 |
Dr. Stephen Henson |
Rewrite ssl3_send_client_key_exchange to support extms. Rewrite ssl3_send_client_key_exchange to retain the premaster secret instead of using it immediately. This is needed beca
Rewrite ssl3_send_client_key_exchange to support extms. Rewrite ssl3_send_client_key_exchange to retain the premaster secret instead of using it immediately. This is needed because the premaster secret is used after the client key exchange message has been sent to compute the extended master secret. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
a00ae6c4 |
| 27-Jan-2015 |
Rich Salz |
OPENSSL_NO_xxx cleanup: many removals The following compile options (#ifdef's) are removed: OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO
OPENSSL_NO_xxx cleanup: many removals The following compile options (#ifdef's) are removed: OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY This diff is big because of updating the indents on preprocessor lines. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8, OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7, OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4 |
|
#
b3b966fb |
| 02-Dec-2013 |
Jonas Maebe |
ssl_cert_dup: Fix memory leak Always use goto err on failure and call ssl_cert_free() on the error path so all fields and "ret" itself are freed Signed-off-by: Kurt Roeckx <kurt
ssl_cert_dup: Fix memory leak Always use goto err on failure and call ssl_cert_free() on the error path so all fields and "ret" itself are freed Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
45f55f6a |
| 30-Nov-2014 |
Kurt Roeckx |
Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
fc3968a2 |
| 27-Nov-2014 |
Matt Caswell |
Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST PR#3613 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
ecf4d660 |
| 10-Aug-2014 |
Dr. Stephen Henson |
Custom extension revision. Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom
Custom extension revision. Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|