openssl.git - rhe's working repository

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add and use OPENSSL_zalloc	Rich Salz	2015-09-02	1	-12/+2
\| \| \| \| \| \| \| \| \|	There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Better handling of verify param id peername field	Viktor Dukhovni	2015-09-02	1	-1/+9
\| \| \| \| \| \| \| \| \| \| \| \| \|	Initialize pointers in param id by the book (explicit NULL assignment, rather than just memset 0). In x509_verify_param_zero() set peername to NULL after freeing it. In x509_vfy.c's internal check_hosts(), avoid potential leak of possibly already non-NULL peername. This is only set when a check succeeds, so don't need to do this repeatedly in the loop. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Identify and move common internal libcrypto header files	Richard Levitte	2015-05-14	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Use safer sizeof variant in malloc	Rich Salz	2015-05-04	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \|	For a local variable: TYPE p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Fix cut/paste error	Rich Salz	2015-05-04	1	-1/+1
\| \| \| \| \| \|	Was memset with wrong sizeof. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Add OSSL_NELEM macro.	Dr. Stephen Henson	2015-05-03	1	-5/+3
\| \| \| \| \| \| \|	Add OSSL_NELEM macro to e_os.h to determine the number of elements in an array. Reviewed-by: Tim Hudson <tjh@openssl.org>
*	RT3776: Wrong size for malloc	Rich Salz	2015-05-02	1	-4/+4
\| \| \| \| \| \|	Use sizeof *foo parameter, to avoid these errors. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	free NULL cleanup -- coda	Rich Salz	2015-05-01	1	-9/+5
\| \| \| \| \| \| \| \|	After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
*	free null cleanup finale	Rich Salz	2015-05-01	1	-17/+9
\| \| \| \| \| \|	Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
*	free NULL cleanup 5a	Rich Salz	2015-04-30	1	-3/+3
\| \| \| \| \| \| \| \| \|	Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte <levitte@openssl.org>
*	free NULL cleanup 8	Rich Salz	2015-04-30	1	-10/+6
\| \| \| \| \| \| \| \| \| \|	Do not check for NULL before calling a free routine. This addresses: ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free ASN1_UTCTIME_free M_ASN1_free_of Reviewed-by: Richard Levitte <levitte@openssl.org>
*	X509_VERIFY_PARAM_free: Check param for NULL	Kurt Roeckx	2015-04-11	1	-0/+2
\| \| \| \|	Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
*	Run util/openssl-format-source -v -c .	Matt Caswell	2015-01-22	1	-494/+466
\| \| \| \|	Reviewed-by: Tim Hudson <tjh@openssl.org>
*	mark all block comments that need format preserving so that	Tim Hudson	2014-12-30	1	-1/+2
\| \| \| \| \| \| \|	indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
*	Update API to use (char *) for email addresses and hostnames	Viktor Dukhovni	2014-07-07	1	-14/+16
\| \| \| \| \| \|	Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername().
*	New peername element in X509_VERIFY_PARAM_ID	Viktor Dukhovni	2014-07-06	1	-1/+8
\| \| \| \|	Declaration, memory management, accessor and documentation.
*	Multiple verifier reference identities.	Viktor Dukhovni	2014-06-22	1	-8/+83
\| \| \| \|	Implemented as STACK_OF(OPENSSL_STRING).
*	Drop hostlen from X509_VERIFY_PARAM_ID.	Viktor Dukhovni	2014-06-22	1	-5/+3
\| \| \| \| \|	Just store NUL-terminated strings. This works better when we add support for multiple hostnames.
*	Rename vpm_int.h to x509_lcl.h	Dr. Stephen Henson	2014-05-25	1	-1/+1
\|
*	Fixes to host checking.	Viktor Dukhovni	2014-05-21	1	-1/+8
\| \| \| \| \| \|	Fixes to host checking wild card support and add support for setting host checking flags when verifying a certificate chain.
*	Add opaque ID structure.	Dr. Stephen Henson	2013-12-13	1	-27/+61
\| \| \| \| \| \| \| \| \| \| \| \|	Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. (cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7) Conflicts: crypto/x509/x509_vpm.c
*	Integrate host, email and IP address checks into X509_verify.	Dr. Stephen Henson	2012-12-05	1	-0/+97
\| \| \| \| \| \|	Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
*	verify parameter enumeration functions	Dr. Stephen Henson	2010-02-25	1	-0/+21
\|
*	Update from 1.0.0-stable	Dr. Stephen Henson	2009-06-30	1	-1/+5
\|
*	Fix from stable branch.	Dr. Stephen Henson	2009-03-15	1	-2/+13
\|
*	PR: 1778	Dr. Stephen Henson	2009-02-16	1	-1/+1
\| \| \| \|	Increase default verify depth to 100.
*	Update obsolete email address...	Dr. Stephen Henson	2008-11-05	1	-1/+1
\|
*	Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros	Dr. Stephen Henson	2008-10-22	1	-6/+4
\| \| \| \| \| \| \| \|	with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()
*	Fix a shed load or warnings:	Dr. Stephen Henson	2008-10-20	1	-2/+2
\| \| \| \| \|	Duplicate const. Use of ; outside function.
*	Type-checked (and modern C compliant) OBJ_bsearch.	Ben Laurie	2008-10-12	1	-7/+12
\|
*	Change safestack reimplementation to match 0.9.8.	Dr. Stephen Henson	2007-09-07	1	-1/+1
\| \| \| \|	Fix additional gcc 4.2 value not used warnings.
*	Update from stable branch.	Dr. Stephen Henson	2006-05-03	1	-0/+9
\|
*	Two new verify flags functions.	Dr. Stephen Henson	2005-09-02	1	-0/+11
\|
*	New X509_VERIFY_PARAM structure and associated functionality.	Dr. Stephen Henson	2004-09-06	1	-0/+400
	This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.