summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix a memory leak in bss_dgram.doug2015-01-122-6/+26
| | | | | | | | Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
* Convert spkac.c to the new option handling code.doug2015-01-081-100/+137
| | | | input + ok jsing@
* Convert pkcs8.c to the new option handling code.doug2015-01-081-157/+220
| | | | | Minor KNF in a few places too. input + ok jsing@
* Convert asn1pars.c to the new option handling.doug2015-01-081-137/+206
| | | | | | | Also, removed a few useless if null checks. input from bcook@ input + ok jsing@
* missing , found by Dongsheng Songderaadt2015-01-081-3/+3
|
* Avoid a double-free in an error path.doug2015-01-082-2/+4
| | | | ok jsing@ beck@
* stupid me. need errno.htedu2015-01-071-1/+2
|
* set errno = EINVAL for invalid salts and hashes in most functions.tedu2015-01-071-12/+20
| | | | | | | remember to set EACCES in bcrypt_checkpass for hash differences. the higher level crypt_checkpass function will reset errno to EACCES in all cases, which is probably the right behavior, but this change gives code working with the lower level functions the correct errno if they care.
* mix in more virtual memory and process informationbcook2015-01-072-4/+8
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-064-0/+992
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* rename kern enter/exit macros to malloc enter/leave to better reflecttedu2015-01-051-7/+7
| | | | what's going on.
* Convert openssl(1) passwd to new option handling.jsing2015-01-051-119/+151
| | | | ok doug@
* convert clock() to clock_gettime() for improved precision (and accuracy?)tedu2015-01-051-7/+9
| | | | | guenther suggested using thread time, which actually may improve accuracy if somebody puts this in a threaded program.
* Zap a reference to .rnd, which is likely the last RANDFILE remnant onlteo2015-01-051-3/+2
| | | | | | this man page. ok jsing@
* Fix incorrect OPENSSL_assert() usage.doug2015-01-032-48/+106
| | | | | | | | Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
* Check the return values of several reallocarray() calls. While here,lteo2015-01-033-3/+17
| | | | | | also check the return value of an adjacent malloc() call. ok jsing@
* Rename the tls_connect_socket() parameter 'socket' to 's' to avoidbluhm2015-01-021-4/+4
| | | | | a compiler warning about shadowing a global declaration. OK jsing@
* Remove ifdef statements for TIMES and USE_TOD; they don't do anything,lteo2015-01-021-5/+1
| | | | | | | apart from introducing a bug where the -elapsed option is not listed in the usage output when it should be. feedback/ok bcook@ jsing@
* Provide option types for binary AND, binary OR and silently discarding anjsing2015-01-012-2/+13
| | | | option.
* Convert the openssl(1) enc command to the new option parsing and usage.jsing2015-01-011-250/+382
| | | | With input from doug@
* Revert previous; tls_accept_socket() was intentionally undocumentedschwarze2015-01-011-7/+1
| | | | | because the API design isn't fully settled. Requested by jsing@ and tedu@.
* minimally document tls_accept_socket();schwarze2015-01-011-2/+8
| | | | patch from Sunil at Nimmagadda dot net
* copy bcrypt autotune from encrypt(1) and expose via crypt_newhashtedu2014-12-302-5/+43
| | | | ok deraadt miod
* don't leak timing info about padding errors by generating a fake keytedu2014-12-292-10/+20
| | | | | | | afterwards. openssl has a more complicated fix, but it's less intrusive for now to simply hoist the expensive part (fake key generation) up without sweating a branch or two. ok bcook jsing
* Fix subtle typo.jsing2014-12-281-2/+2
|
* Add regress tests for default option handling.jsing2014-12-281-1/+48
|
* Allow a default option to be specified by having a NULL name, but a validjsing2014-12-281-4/+4
| | | | option type. In this case process the option as per normal.
* Add regress tests for multiple argument callback functions.jsing2014-12-281-1/+38
|
* Provide an option type that allows for a callback function to consume anjsing2014-12-282-3/+12
| | | | | arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
* Add option parsing regress tests with end of options handling.jsing2014-12-281-17/+50
|
* Teach option parsing that a single hyphen denotes the end of named optionsjsing2014-12-281-2/+14
| | | | (as currently only implemented by some of the openssl(1) applications).
* Add regress tests for option parsing with multiple unnamed arguments.jsing2014-12-281-3/+45
|
* Provide a mechanism for option parsing to return the number of argumentsjsing2014-12-287-14/+22
| | | | | that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
* Update regress to match change in unnamed argument handling.jsing2014-12-281-6/+5
|
* Only accept a single unnamed argument - the existing behaviour is tojsing2014-12-281-1/+12
| | | | | | | silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
* Slightly simplify options parsing logic.jsing2014-12-281-65/+58
|
* Update options regress to match option function pointer change.jsing2014-12-281-4/+4
|
* Provide two different function pointers for option function callbacks. Thisjsing2014-12-284-13/+14
| | | | | allows for simpler code in the common cases and will allow for further extension to support the complex cases.
* Provide initial regress tests for the complex option parsing that is neededjsing2014-12-283-1/+239
| | | | | for openssl(1), which is also variable in behaviour between applications (and currently inconsistent).
* include netinet/in.h to define struct in6_addr.bcook2014-12-271-1/+2
| | | | Noticed while testing libtls on FreeBSD.
* simplify crypt_checkpass. The API promise is that this function doesn'ttedu2014-12-241-11/+5
| | | | | | | | | use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
* Clean up CIPHERS and related sections:lteo2014-12-241-154/+10
| | | | | | | | | | | | | | - Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
* CA.sh and CA.pl are gonelteo2014-12-191-6/+1
|
* Sync message digest algorithms with the ones actually implemented inlteo2014-12-191-9/+29
| | | | | | "openssl dgst". feedback/ok jmc@
* Add size_t to int checks for SSL functions.doug2014-12-173-8/+39
| | | | | | | | | | libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
* typo; ok deraadtsthen2014-12-162-3/+3
|
* warn for correct symbolderaadt2014-12-161-2/+2
|
* Now that we have Camellia support in libcrypto, bring in the SHA256 flavour ofmiod2014-12-164-4/+328
| | | | the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
* Move 40MB of .rodata and 40MB of stack to .bss; allows this test to run onmiod2014-12-151-3/+7
| | | | platforms with small MAXTSIZ or MAXSSIZ.
* Add error handling for EVP_DigestInit_ex().doug2014-12-1515-56/+98
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 11:50:03 +0000