summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-222-26/+22
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Document SSL_OP_TLSEXT_PADDING.jsing2014-09-211-0/+6
| | | | From OpenSSL.
* Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing2014-09-214-20/+36
| | | | | | | | | | | | | | | is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-212-8/+18
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
* Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2014-09-212-38/+58
| | | | | | | Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
* Add support for word anchors \< and \> to regex regression tests.doug2014-09-211-1/+13
| | | | These are copied from the existing [[:<:]] and [[:>:]] tests.
* Add CHACHA20 as a cipher symmetric encryption alias.jsing2014-09-192-2/+10
| | | | From Ming <gzchenym at 126.com>
* remove obfuscating parens. man operator is your friend.tedu2014-09-194-30/+30
|
* Fix on 32bit platforms where 0xdeadbeef > LONG_MAX.schwarze2014-09-191-4/+6
| | | | | | | To avoid making tests machine dependent, only test values inside 32bit LONG_{MIN,MAX} and outside 64bit LONG_{MIN,MAX}, but none in between. While here, cover 32bit edge cases, negative values, and overflows. ok jsing@
* Remove unused #define.lteo2014-09-171-3/+1
| | | | ok jsing@
* A few more MLINKs.miod2014-09-161-1/+7
|
* a little less sendmail specific;jmc2014-09-161-4/+3
|
* When fopen()ing internal to libc (the API doesn't support the useguenther2014-09-155-14/+14
| | | | | | | of the resulting FILE *), then pass fopen() the 'e' mode letter to mark it close-on-exec. ok miod@
* Do not claim that empty numbers set EINVAL, our implementation doesn't.schwarze2014-09-142-37/+61
| | | | | | | Mention that invalid bases do set EINVAL (as required by POSIX); this part of the change uses part of an earlier patch by millert@. Minor mdoc(7) cleanup and sync between the two pages while here. Feedback and ok jmc@ and millert@.
* Make sure that the following functions return 0 and EINVAL asschwarze2014-09-136-20/+60
| | | | | | | | | | required by the C standard when called with an invalid base: strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax(). Same behaviour for strtoq() and strtouq() even though not standardized. No functional change in strtol(), it was the only one already correct. While here, simplify the conditional expression for checking the base and sync whitespace and comments among the six files. ok millert@
* Disable -Wshadow again, since it breaks builds on vax with gcc3.jsing2014-09-101-2/+2
|
* obvious cases of missing .An;schwarze2014-09-081-3/+3
| | | | | found with the new mandoc(1) MANDOCERR_AN_MISSING warning; no text changes
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-0716-182/+54
| | | | | | nor do we plan on supporting them. ok guenther@
* POSIX specifies arpa/inet.h as the include file for these.millert2014-09-041-3/+3
| | | | OK aja@ mikeb@
* Enable -Wshadow in openssl(1) and fix a few shadow warnings.doug2014-09-015-25/+21
| | | | ok jsing@
* Convert ecparam to new option/usage handling.jsing2014-09-011-197/+215
|
* Improve option usage output.jsing2014-09-011-7/+20
| | | | | | | If the option/argument string exceeds the given width, add a hanging indent prior to displaying the description. Also, if the description includes newlines, wrap and indent for each newline so that the indentation is correctly maintained.
* Make the in6addr constant declarations and definitions consistentbluhm2014-08-311-3/+3
| | | | | in kernel and user land. OK florian@ mpi@
* Add sockatmark()guenther2014-08-313-5/+170
| | | | ok millert@ manpage feedback jmc@
* Convert openssl(1) version to new option/usage handling.jsing2014-08-301-34/+90
|
* Move the callback function pointer outside the opt union so that the optionjsing2014-08-302-4/+10
| | | | | values are useable by the function. Also provide an option type that calls a function without consuming/passing an argument.
* OpenSSL_add_all_algorithms() is called from openssl_startup() - it does notjsing2014-08-286-13/+6
| | | | need to also be called from some of the applications.
* openssl_setup() calls SSL_load_error_strings(), which happens to calljsing2014-08-2827-60/+30
| | | | | ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
* Add option handling with a callback function for argument processing.jsing2014-08-282-2/+10
|
* Convert openssl(1) crl to new option/usage handling.jsing2014-08-281-186/+246
|
* Given the usage option name/argument name width a few more characters.jsing2014-08-281-2/+2
|
* Ensure that a format option argument is a known specifier.jsing2014-08-281-2/+10
|
* Add option handling for ordered flags.jsing2014-08-282-2/+8
|
* Add option handling for input/output formats.jsing2014-08-282-2/+8
|
* preserve errno value on success.bcook2014-08-282-8/+12
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* Convert openssl(1) prime to the new options/usage handling.jsing2014-08-271-60/+81
|
* Reset the config struct before calling options_parse(), otherwise configjsing2014-08-271-1/+3
| | | | options from the previous run stick in interactive mode.
* Add an option type that handles argument to integer conversion.jsing2014-08-272-4/+22
|
* Implement table-driven option parsing that allows an application tojsing2014-08-273-76/+192
| | | | | | | | | | | | | | | | | specify what its valid options are and where it wants them to be stored. This also allows for usage to be generated, almost for free, ensuring that the options and usage are automatically kept in sync. This will allow for a single option parsing implementation, rather than the current one-hand-rolled-option-parsing-and-random-usage-implementation per application. As a starting point, port the openssl(1) rand application to the new option parsing and usage (along with associated code clean up). With input from doug@. ok bcook@ doug@
* Add the API function ressl_config_set_ecdhcurve(config, name) to set areyk2014-08-274-9/+29
| | | | | | non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
* remove nginx referencesrobert2014-08-261-2/+1
|
* Update regress to follow openssl(1) move.jsing2014-08-269-2/+244
|
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-2658-88/+84
| | | | | | | | a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
* constify strerror return valuebcook2014-08-242-4/+4
| | | | | | | | | There is no intention to modify the string returned by strerror and doing so is forbidden by the standard. from Jonas 'Sortie' Termansen ok tedu@ deraadt@
* Include <sys/time.h> to get struct timevalbcook2014-08-242-2/+4
| | | | | | | | | The crypto/bio/bss_dgram.c file assumes that another file indirectly includes <stdlib.h> that includes <sys/time.h>. from Jonas 'Sortie' Termansen ok deraadt@ tedu@
* Include <sys/select.h> to get selectbcook2014-08-244-4/+9
| | | | | | | | | These files currently depends on the wrapper <stdlib.h> file indirectly including a header that provides select(). from Jonas 'Sortie' Termansen ok deraadt@ tedu@
* Let SSL_CIPHER_description() allocate the buffer for the description,jsing2014-08-241-4/+6
| | | | | | | | | | | | | | | | rather than passing in a fixed size buffer. This is yet another example of a horribly designed API - if the given buffer is NULL then SSL_CIPHER_description() allocates one for us (great!), which we then need to free (no problem). However, if this allocation fails it returns a pointer to a static string "OPENSSL_malloc Error" - obviously bad things happen if we call free() with this pointer. Unfortunately, there is no way of knowing that the function failed, other than comparing the returned string against the string literal - so do that before calling free()... Joint work with beck@ during g2k14.
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-2410-58/+38
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Remove non-standard GOST cipher suites (which are not compiled injsing2014-08-232-136/+2
| | | | | | currently). From Dmitry Eremin-Solenikov.
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-238-80/+60
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 10:25:48 +0000