summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add Brainpool elliptic curves. From OpenSSL RT#2239 via ${DAYJOB}.miod2014-05-014-2/+922
| | | | | Be sure to rerun `make includes' after updating. ok tedu@ beck@ deraadt@
* Remove fips_md_init() macro indirection for digest algorithms, used by themiod2014-05-0118-34/+22
| | | | | | | OpenSSL FIPS module to prevent forbidden digests to be allowed. No functional change but readability. ok deraadt@
* nibbles aren't enough random, use bytes. does a better job of pickingtedu2014-05-011-14/+14
| | | | | a free chunk at random and may allow to increase delayed chunk array. ok otto
* first cut at documenting the change to malloc doing a partial 'junk' bysthen2014-04-301-2/+7
| | | | default and the new 'j' option to disable this; ok jmc@
* Avoid a potential null pointer dereference by checking that we actuallyjsing2014-04-302-0/+4
| | | | | | managed to allocate a fragment, before trying to memcpy data into it. ok miod@
* First pass at removing win64 support from the assembly generating Perljsing2014-04-3016-2132/+2
| | | | | | | scripts. We certainly do not need an identical copy of the win64 exception handler in each script (surely one copy would be sufficient). ok miod@
* i suck at math. b - 8 = 3, not 4. detected by Antoine Pitrou. thanks.tedu2014-04-302-2/+2
|
* Constrain bytes read/written to positive values.beck2014-04-292-0/+20
| | | | ok miod@ tedu@
* Implement AI_ADDRCONFIGsperreault2014-04-281-3/+14
| | | | | | | | | | | | | | | | | | | | This is a getaddrinfo() flag that is defined thusly in RFC 3493: If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be returned only if an IPv4 address is configured on the local system, and IPv6 addresses shall be returned only if an IPv6 address is configured on the local system. The loopback address is not considered for this case as valid as a configured address. For example, when using the DNS, a query for AAAA records should occur only if the node has at least one IPv6 address configured (other than IPv6 loopback) and a query for A records should occur only if the node has at least one IPv4 address configured (other than the IPv4 loopback). The flag is set by default when hints is NULL. ok Eric Faurot, Jason McIntyre
* Remove WIN32, WIN64 and MINGW32 tentacles.miod2014-04-2828-130/+14
| | | | | | | | Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms. Loosely based upon a diff from Martijn van Duren on tech@
* use the correct algorithm mask. reported by satish lvr viatedu2014-04-282-2/+2
| | | | | http://marc.info/?l=openssl-dev&m=139779977532459&w=2 ok miod
* SSL_OP_ALL is supposed to be all options and workarounds that are safe,tedu2014-04-282-8/+12
| | | | | | | | but disabling attack mitigations is not safe. 0.9.6d contained a workaround for an attack against CBC modes. 0.9.6e disabled it by default because "some" implementations couldn't handle empty fragments. 12 years have passed. Does anybody still care? Let's find out. ok miod
* Remove ending cplusplus guard followed by starting cplusplus guard; frommiod2014-04-282-14/+0
| | | | Gebruiker Schoot.
* Leftover includes and local declarations; from Gebruiker Schootmiod2014-04-282-10/+0
|
* typo in commentmiod2014-04-276-6/+6
|
* Remove orphaned l2n6 and n2l6 macros.miod2014-04-272-28/+0
|
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-27114-2246/+1672
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
* static const char * = "" -> static const char[] = "", to produce shorter code.miod2014-04-276-6/+6
| | | | No functional change.
* Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is tomiod2014-04-2712-70/+2
| | | | redefine OPENSSL_EXTERN from `extern' to `extern'.
* Put explicit (void) in function declarations and shuffle keywords in somemiod2014-04-2732-36/+36
| | | | | declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
* We do not need a separate file for two compatibility wrapper functions.jsing2014-04-275-140/+38
| | | | ok miod@
* Fix leak last commit introduced. Spotted by Sebastian Kapfer.beck2014-04-272-0/+2
|
* Appease gcc3 -Wuninitialized.miod2014-04-262-2/+2
|
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-2674-270/+222
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* More KNF.jsing2014-04-264-12/+20
|
* KNF.jsing2014-04-2610-848/+828
|
* This is not FreeBSD.jsing2014-04-262-36/+0
| | | | ok miod@
* Do you really want to build OpenSSL for 16-bit Windows? Well, we don't.jsing2014-04-262-12/+0
| | | | ok miod@
* KNF.jsing2014-04-254-510/+502
|
* Fold in the zlib_cleanup macro.jsing2014-04-252-7/+4
|
* do_pipe_sig is now only used in openssl.c - just call signal() directlyjsing2014-04-252-3/+1
| | | | from there instead and ditch the macro.
* NON_MAIN no longer means anything so remove it, along with APP_INIT.jsing2014-04-253-17/+0
| | | | ok miod@
* The apps_{startup,shutdown} macro mess is now only used in openssl.c -jsing2014-04-252-36/+42
| | | | | | reduce the macro to two functions and just call them instead. ok miod@
* Clean up the remaining TTY related remnants.jsing2014-04-252-82/+16
| | | | ok miod@
* Remove defined varibles that no longer do anything.jsing2014-04-251-3/+2
| | | | ok miod@
* Use const char *.jsing2014-04-252-2/+2
| | | | Suggested by miod@
* KNF fixeslteo2014-04-252-128/+138
|
* Try to clean the maze of <openssl/bn.h> defines regarding the BN internals.miod2014-04-2421-455/+51
| | | | | | | | | | | | | | | | | | | | | | | The intent of this change is to only keep support for two kind of architectures: - those with 32-bit int and long, and 64-bit long long, where ``long * long -> long long'' multiplication routines are available. - those with 64-bit int and long, and no 128-bit long long type. This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!), THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines. After this change, the types and defines are as follows: arch: 64bit 32bit rationale BN_LLONG undefined defined defined if l * l -> ll BN_ULLONG undefined u long long result of BN_LONG * BN_LONG BN_ULONG u long u int native register size BN_LONG long int the same, signed BN_BITS 128 64 size of 2*BN_ULONG in bits BN_BYTES 8 4 size of 2*BN_ULONG in bytes BN_BITS2 64 32 BN_BITS / 2 Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.
* Fix indentation.mcbride2014-04-242-422/+416
|
* Bring back the SSL_OP_PKCS1_CHECK_* defines (defined to zero, as they alreadymiod2014-04-242-0/+8
| | | | were), after stumbling upon code (mis)using them in the wild.
* rearrange a bit of code/commentstedu2014-04-242-134/+178
|
* uses ssh these days, not rsh; ok tedujmc2014-04-241-2/+2
|
* unifdef MSDOSgiovanni2014-04-242-24/+2
| | | | ok miod@
* obvious use after free was less obviously not a use after free.tedu2014-04-241-1/+1
| | | | | who uses '\0' as a null pointer constant? fix my mistake and restore original semantics.
* More KNF.jsing2014-04-242-184/+244
|
* Make it compile again.jsing2014-04-242-2/+2
|
* Remove some malloc/strlcpy/strlcat horror. Just use asprintf and avoid anjsing2014-04-242-50/+24
| | | | | | unchecked malloc at the same time. ok beck@
* add ERR_asprintf_error_data, A tool to be used to get rid of the far toobeck2014-04-244-50/+52
| | | | | | | | | frequent construct of 30 lines of pointer and strlcat insanity followed by an ERR_add_error_data. I will sweep through here like a chubby mongol horde in the next few days pillaging crappy ERR_add_error_data's. Oh and while we're at it fix the nasty vdata function to use something less hard on the eyes. ok jsing@
* You want signals?!? I'll give you signals!!! Oh, and we have termios asjsing2014-04-242-72/+0
| | | | | | well... ok beck@
* More KNF.jsing2014-04-244-74/+74
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 23:07:48 +0000