summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* optimization and some cleanup; mostly from kshe (except the unmap() part)otto2018-01-081-67/+51
|
* On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunatelykettenis2018-01-075-12/+16
| | | | | | | | the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
* Remove unused extern variable in openssl(1) s_timeinoguchi2018-01-071-2/+1
| | | | | | | | | This extern variable appears not to be used. And it is overridden by local variable in doConnection(). This causes MSVC warning C4459 "declaration of 'verify_error' hides global declaration". OK millert@
* Only init chunk_info once, plus some moving of code to group related functions.otto2018-01-011-273/+267
|
* Initialise new_cipher in the serverhello TLS extensions test, to avoid ajsing2017-12-281-3/+14
| | | | | | | | | | NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@
* step one in avoiding unneccesary init of chunk_info;otto2017-12-271-65/+81
| | | | some cleanup; tested by sthen@ on a ports build
* Fix one possible buffer overflow and one underflow. Also some minormillert2017-12-241-20/+36
| | | | cleanups. From Jan Kokemueller. OK deraadt@
* Move __cxa_thread_atexit* to its own .c file to avoid pulling the codeguenther2017-12-164-39/+64
| | | | | | | (w/ _dlctl reference) into static executables. It's all Mark's code so put his preferred copyright on it. ok kettenis@
* bump to 2.7.0bcook2017-12-111-3/+3
|
* http://repzret.org/p/repzret/deraadt2017-12-113-8/+8
| | | | | | | | | | My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
* Make tls_config_parse_protocols() work correctly when passed a NULL pointerjsing2017-12-091-3/+5
| | | | | | for a protocol string. Issue found by semarie@, who also provided the diff.
* Add a regress test for tls_config_parse_protocols().jsing2017-12-093-1/+183
|
* Use a test value that fits into a long on both 32-bit and 64-bitjsing2017-12-091-9/+11
| | | | architectures, so that the regress passes on both.
* In the middle of CRYPTO_gcm128_finish() there is a complicated #ifdefderaadt2017-12-091-6/+8
| | | | | block which defines a variable late, after code. Place this chunk into a { subblock } to satisfy old compilers and old eyes.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Remove DEF_STRONG(__cxa_thread_atexit_impl). This produces an unwantedkettenis2017-12-051-2/+1
| | | | | _libc___cxa_thread_atexit_impl reference on gcc architectures that breaks the build.
* Seperate real and user timer interfacesjca2017-12-054-17/+15
| | | | | | | | | Use more descriptive names, and make it clearer that real and user timers work on different static storage. The end goal is to be able to reuse those timer functions, instead of inlining other timer implementations subject to clock jumps. Discussed with Scott Cheloha
* Implement __cxa_thread_atexit to support C++11 thread_local scope. Thekettenis2017-12-053-3/+58
| | | | | | | interface is also made available as __cxa_thread_atexit_impl to satisfy the needs of GNU libstdc++. ok guenther@, millert@
* Avoid using an uninitialized variable.visa2017-12-011-4/+6
| | | | | | Found by gcc. OK jca@
* Mixing -url with any of -host, -port, or -path should be a usage errorguenther2017-11-291-7/+8
| | | | | | | instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@
* add -i to SYNOPSIS/usage() and sundry tweaks;jmc2017-11-292-6/+8
| | | | ok beck
* clang doesn't propagate attributes like "asm labels" and "visibility(hidden)"guenther2017-11-294-11/+23
| | | | | | | | | to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when building with clang, instead mark those as protected visibility to get rid of the PLT relocations. We can't take the address of them then, but that's ok: it's a build-time error not a run-time error. ok kettenis@
* Add option -i to allow oscpcheck to be used to validate an on-disk staplebeck2017-11-282-49/+103
| | | | ok claudio@ benno@
* Add the missing STANDARDS section (kettenis@ noticed that these areschwarze2017-11-281-6/+14
| | | | | POSIX functions) and turn the weird DIAGNOSTICS section into a normal RETURN VALUES section while here.
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-282-41/+65
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.jsing2017-11-281-81/+78
| | | | | | | This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
* Add regress coverage for ASN1_TYPE_{get,set}_int_octetstring()jsing2017-11-282-2/+147
|
* Correct TLS extensions handling when no extensions are present.jsing2017-11-281-1/+13
| | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
* Add regress test coverage for building clienthello and serverhellojsing2017-11-281-4/+201
| | | | | extensions, both with extensions being present and not present. The not present case currently fails.
* Add regress for CBB_discard_child().jsing2017-11-281-2/+56
| | | | Converted from BoringSSL.
* Add CBB_discard_child(), which allows for a child CBB to be discarded.jsing2017-11-282-2/+22
| | | | Based on BoringSSL.
* GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionstb2017-11-288-19/+19
| | | | | | | | with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
* Use clock_gettime and getrusage to compute real and user time.jca2017-11-241-16/+33
| | | | Better handling of clock jumps, from Scott Cheloa.
* Revert recent changes to unbreak ports/net/sambajca2017-11-041-2/+8
| | | | | | | | While it is not clear (to me) why that ports ends up with corrupted shared libs, reverting those changes fixes the issue and should allow us to close p2k17 more smoothly. Discussed with a bunch, ok ajacoutot@ guenther@
* 's' should include 'f'; from Jacqueline Jolicoeurotto2017-11-021-2/+2
|
* openssl s_time -connect host:port needs dns promise for pledge(2) otherwise itmestre2017-11-021-2/+2
| | | | | | | | will SIGABRT Bug found by Scott Cheloha <scottcheloha at gmail.com> OK deraadt@
* Change pthread_cleanup_{push,pop} to macros that store the cleanup infoguenther2017-10-281-8/+2
| | | | | | | | | | | | | | on the stack instead of mallocing the list and move the APIs from libpthread to libc so that they can be used inside libc. Note: the standard was explicitly written to permit/support this "macro with unmatched brace" style and it's what basically everyone else already does. We xor the info with random cookies with a random magic to detect/trip-up overwrites. Major bump to both libc and libpthread due to the API move. ok mpi@
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
* Restore a return that was inadvertently removed from freezero() in r1.234,jsing2017-10-191-1/+2
| | | | | | | which results in an internal double free when internal functions are not in use. ok otto@
* add missing HISTORY; based on CVS logs and release announcementsschwarze2017-10-171-2/+7
|
* Add a regression test for ldexp(3).visa2017-10-153-2/+82
|
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-122-5/+5
|
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-124-556/+143
| | | | With review/feedback from inoguchi@
* Drop prototypes for ssl23_*() functions, which no longer exist.jsing2017-10-121-11/+1
|
* Add STANDARDS: denis@ spotted that it was missing.schwarze2017-10-121-2/+19
| | | | OK deraadt@ jca@ jmc@
* Update regress now that ssl_cipher_list_to_bytes() takes a CBB.jsing2017-10-111-3/+9
| | | | Based on a diff from doug@
* Convert ssl3_client_hello() to CBB.jsing2017-10-114-93/+64
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-113-53/+19
| | | | Based on a diff from doug@
* Revise regress now that ssl_bytes_to_cipher_list() takes a CBS.jsing2017-10-101-20/+10
|
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-103-29/+19
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-30 18:38:31 +0000