summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* improve warnings from rand_r(), rand(), and random()libressl-v2.1.2deraadt2014-12-092-3/+8
| | | | | It may take a few iterations to get the tone right. previously discussed with millert
* In ingo's new world order, we do not want multiple manual pages describingderaadt2014-12-093-247/+3
| | | | | | | the same thingies. Therefore these "lists of functions" man pages can go away. Hurray! I've wanted these pages to die for around 10 years! ok ingo (and i think jmc)
* t_exhaust is too exhaustingderaadt2014-12-091-3/+3
|
* more standardsier: cast to int to make sure we keep the negative numbers.tedu2014-12-091-2/+2
| | | | observed by jonas termansen
* Oops, got the sense of the test backwards. Hilarious that we didn't spot it.deraadt2014-12-081-1/+1
|
* Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48()deraadt2014-12-0813-159/+267
| | | | | | | | | | | | | | | | | to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are unaffected by this change and remain in deterministic mode (for now). Verified as a good roadmap forward by auditing 8800 pieces of software. Roughly 60 pieces of software will need adaptation to request the deterministic mode. Violates POSIX and C89, which violate best practice in this century. ok guenther tedu millert
* delete documentation for deleted DES interfacestedu2014-12-082-87/+3
|
* remove cfree from documentationtedu2014-12-081-19/+3
|
* delete obsolete sunos cfree function. ok deraadt millert naddytedu2014-12-082-42/+3
|
* remove setkey and encrypt interfaces. they are useless and dangerous.tedu2014-12-083-116/+9
| | | | ok deraadt naddy
* Use platform-defined method of printing a pointer.bcook2014-12-082-4/+4
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
* avoid left shift overflow in reallocarray.bcook2014-12-081-2/+2
| | | | | | | | Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
* remove duplicate initialization of .sid_ctx in testbcook2014-12-071-3/+1
|
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-24/+34
| | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@
* Make GOST compile with a strict C compiler - in this case incrementing ajsing2014-12-076-20/+24
| | | | | | | void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
* Correctly output the result in STREEBOG512_Final() when running on a big-endianmiod2014-12-072-10/+56
| | | | system. *blush*
* Fix a memory leak in tls_check_subject_altname() by callingjsing2014-12-071-2/+2
| | | | | | | sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter only frees the stack itself and does not free the items. From Basskrapfen on github.
* Make sure to load absolute symbol address with `dla' instead of `la' whenmiod2014-12-074-10/+34
| | | | generating code for 64-bit mips userland.
* revert previous change for now, adjusting based on comments from jsing@bcook2014-12-074-36/+27
|
* Revert to the use of C code for the basic BN routines (bn_add_words,miod2014-12-072-4/+14
| | | | | bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
* Remove OPENSSL_FIPSCANISTER mentions.miod2014-12-078-34/+2
|
* Remove unused variable.jsing2014-12-071-5/+1
| | | | From Benjamin Baier <programmer at netzbasis.de>
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-27/+36
| | | | | | | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@
* Handle GF(2^m) EC curves for C code generation.jsing2014-12-071-5/+7
| | | | From Minux Ma.
* Remove get_optional_pkey_id() - it is a hack that existed due to GOSTjsing2014-12-072-92/+16
| | | | | | | | | | only sometimes being available... and when it was available it was via the crypto engine. GOST is now part of libcrypto proper. Instead of trying to do EVP PKEY lookups via string literals and the ASN1 interfaces, lookup the methods directly using the appropriate NID. ok bcook@
* fix manual names that clash with other manualsschwarze2014-12-064-4/+4
|
* delete four MLINKS that are both duplicate and wrongschwarze2014-12-061-5/+1
|
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-064-34/+42
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* malloc(3) is in the "comp" install set, malloc.conf(5) in "man",schwarze2014-12-062-128/+10
| | | | | | breaking the hardlink between file system entries, confusing apropos(1). Split malloc.conf(5) out of malloc(3) as suggested by deraadt@. Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
* Remove now bogus comment that got missed in the GOST commit.jsing2014-12-062-10/+4
|
* Fix some horrible style(9) violations...jsing2014-12-062-126/+126
|
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-068-198/+52
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-066-222/+248
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-062-4/+6
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-062-6/+30
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
* The -ssl2 flag does nothing - remove the flag and any tests that werejsing2014-12-062-34/+4
| | | | using it.
* add missing .Fn macros in the SYNOPSIS; found with mandoc.db(5)schwarze2014-12-042-10/+10
|
* Allow overriding the path to the testssl and openssl binaries.bcook2014-12-031-9/+9
| | | | | | | This is needed by the portable tree to point directly to the newly-built binaries when running unit tests. discussed with jsing@ and others
* Move Windows OS-specific functions to make porting easier.bcook2014-12-034-31/+165
| | | | | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on Windows. Sorry, these are no-op on other platforms. ok jsing@ deraadt@
* Move Windows OS-specific functions to make porting easier.bcook2014-12-035-53/+183
| | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
* We're not supporting 16-bit Windows, remove cast.bcook2014-12-032-6/+4
| | | | ok jsing@ deraadt@
* handle the (impossible) situation of a size_t - 1 buffer fromderaadt2014-12-032-4/+4
| | | | | EC_POINT_point2oct so that later allocation does not overflow with miod
* Spotted another opportunity to use reallocarray().deraadt2014-12-032-4/+4
| | | | ok miod
* Fill the buffer with 'z' instead of 'a' since 'a' is part of themillert2014-12-032-38/+150
| | | | | | | string we are testing. Add tests to verify that we get SIGSEGV when passed a NULL src or dst. It is better to crash than for an implementation to check for NULL and try to recover.
* Add brainpool curves to eccurves_default[], accidentally missing from 1.32;miod2014-12-022-4/+10
| | | | from OpenSSL HEAD via Thomas Jakobi.
* Add simple strlcpy regressmillert2014-12-023-3/+123
|
* convert select() to poll(). This is one of the most complicatedderaadt2014-12-022-40/+63
| | | | | | conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.
* Conversion of braindead select() path to braindead poll() path.deraadt2014-12-021-17/+17
| | | | Also looked at by bcook
* Add simple strlcat regressmillert2014-12-023-2/+124
|
* Add strnlen to SUBDIRS so we actually run its tests.millert2014-12-021-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 02:13:16 +0000