summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* back in september I did the large abstraction refactoring to allow thesederaadt2015-01-1514-14/+28
| | | | other systems to fit into the same mold, so add copyright
* Make strlcpy/strlcat slightly easier to read.millert2015-01-154-86/+82
|
* For non-blocking sockets tls_connect_fds() could fail with EAGAIN.bluhm2015-01-132-7/+22
| | | | | | | | Use the same logic from the read, write, accept functions to inform the caller wether a readable or writable socket is needed. After that event, the connect function must be called again. All the checks before connecting are done only once. OK tedu@
* Document the openssl s_client -proxy feature.bluhm2015-01-131-2/+14
| | | | OK jmc@
* Add the possibility to use the openssl s_client tool with an httpbluhm2015-01-131-4/+24
| | | | | | proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@
* Implement more thorough error checks:lteo2015-01-131-12/+38
| | | | | | | | | | | | - Check the return value of every relevant function call. - If BIO_new() returns NULL instead of a valid BIO, do not attempt to blindly use the NULL value as a BIO throughout the rest of the code. - Ensure that bio_out is freed by BIO_free_all() at the end of all error paths. ok doug@
* rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,tedu2015-01-121-9/+9
| | | | nor are they the same size.
* Fix a memory leak in bss_dgram.doug2015-01-122-6/+26
| | | | | | | | Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
* Convert spkac.c to the new option handling code.doug2015-01-081-100/+137
| | | | input + ok jsing@
* Convert pkcs8.c to the new option handling code.doug2015-01-081-157/+220
| | | | | Minor KNF in a few places too. input + ok jsing@
* Convert asn1pars.c to the new option handling.doug2015-01-081-137/+206
| | | | | | | Also, removed a few useless if null checks. input from bcook@ input + ok jsing@
* missing , found by Dongsheng Songderaadt2015-01-081-3/+3
|
* Avoid a double-free in an error path.doug2015-01-082-2/+4
| | | | ok jsing@ beck@
* stupid me. need errno.htedu2015-01-071-1/+2
|
* set errno = EINVAL for invalid salts and hashes in most functions.tedu2015-01-071-12/+20
| | | | | | | remember to set EACCES in bcrypt_checkpass for hash differences. the higher level crypt_checkpass function will reset errno to EACCES in all cases, which is probably the right behavior, but this change gives code working with the lower level functions the correct errno if they care.
* mix in more virtual memory and process informationbcook2015-01-072-4/+8
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-064-0/+992
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* rename kern enter/exit macros to malloc enter/leave to better reflecttedu2015-01-051-7/+7
| | | | what's going on.
* Convert openssl(1) passwd to new option handling.jsing2015-01-051-119/+151
| | | | ok doug@
* convert clock() to clock_gettime() for improved precision (and accuracy?)tedu2015-01-051-7/+9
| | | | | guenther suggested using thread time, which actually may improve accuracy if somebody puts this in a threaded program.
* Zap a reference to .rnd, which is likely the last RANDFILE remnant onlteo2015-01-051-3/+2
| | | | | | this man page. ok jsing@
* Fix incorrect OPENSSL_assert() usage.doug2015-01-032-48/+106
| | | | | | | | Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
* Check the return values of several reallocarray() calls. While here,lteo2015-01-033-3/+17
| | | | | | also check the return value of an adjacent malloc() call. ok jsing@
* Rename the tls_connect_socket() parameter 'socket' to 's' to avoidbluhm2015-01-021-4/+4
| | | | | a compiler warning about shadowing a global declaration. OK jsing@
* Remove ifdef statements for TIMES and USE_TOD; they don't do anything,lteo2015-01-021-5/+1
| | | | | | | apart from introducing a bug where the -elapsed option is not listed in the usage output when it should be. feedback/ok bcook@ jsing@
* Provide option types for binary AND, binary OR and silently discarding anjsing2015-01-012-2/+13
| | | | option.
* Convert the openssl(1) enc command to the new option parsing and usage.jsing2015-01-011-250/+382
| | | | With input from doug@
* Revert previous; tls_accept_socket() was intentionally undocumentedschwarze2015-01-011-7/+1
| | | | | because the API design isn't fully settled. Requested by jsing@ and tedu@.
* minimally document tls_accept_socket();schwarze2015-01-011-2/+8
| | | | patch from Sunil at Nimmagadda dot net
* copy bcrypt autotune from encrypt(1) and expose via crypt_newhashtedu2014-12-302-5/+43
| | | | ok deraadt miod
* don't leak timing info about padding errors by generating a fake keytedu2014-12-292-10/+20
| | | | | | | afterwards. openssl has a more complicated fix, but it's less intrusive for now to simply hoist the expensive part (fake key generation) up without sweating a branch or two. ok bcook jsing
* Fix subtle typo.jsing2014-12-281-2/+2
|
* Add regress tests for default option handling.jsing2014-12-281-1/+48
|
* Allow a default option to be specified by having a NULL name, but a validjsing2014-12-281-4/+4
| | | | option type. In this case process the option as per normal.
* Add regress tests for multiple argument callback functions.jsing2014-12-281-1/+38
|
* Provide an option type that allows for a callback function to consume anjsing2014-12-282-3/+12
| | | | | arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
* Add option parsing regress tests with end of options handling.jsing2014-12-281-17/+50
|
* Teach option parsing that a single hyphen denotes the end of named optionsjsing2014-12-281-2/+14
| | | | (as currently only implemented by some of the openssl(1) applications).
* Add regress tests for option parsing with multiple unnamed arguments.jsing2014-12-281-3/+45
|
* Provide a mechanism for option parsing to return the number of argumentsjsing2014-12-287-14/+22
| | | | | that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
* Update regress to match change in unnamed argument handling.jsing2014-12-281-6/+5
|
* Only accept a single unnamed argument - the existing behaviour is tojsing2014-12-281-1/+12
| | | | | | | silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
* Slightly simplify options parsing logic.jsing2014-12-281-65/+58
|
* Update options regress to match option function pointer change.jsing2014-12-281-4/+4
|
* Provide two different function pointers for option function callbacks. Thisjsing2014-12-284-13/+14
| | | | | allows for simpler code in the common cases and will allow for further extension to support the complex cases.
* Provide initial regress tests for the complex option parsing that is neededjsing2014-12-283-1/+239
| | | | | for openssl(1), which is also variable in behaviour between applications (and currently inconsistent).
* include netinet/in.h to define struct in6_addr.bcook2014-12-271-1/+2
| | | | Noticed while testing libtls on FreeBSD.
* simplify crypt_checkpass. The API promise is that this function doesn'ttedu2014-12-241-11/+5
| | | | | | | | | use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
* Clean up CIPHERS and related sections:lteo2014-12-241-154/+10
| | | | | | | | | | | | | | - Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
* CA.sh and CA.pl are gonelteo2014-12-191-6/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 11:48:34 +0000