summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tab lovederaadt2014-07-192-6/+6
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-196-6/+30
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-196-6/+44
|
* fixup typosbcook2014-07-196-110/+108
|
* Fix strtonum range to unbreak -pass fd:0lteo2014-07-191-2/+2
| | | | ok deraadt@
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-1910-138/+135
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-186-66/+48
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* missing newlinederaadt2014-07-181-2/+2
|
* Remove "const" from the lsearch(3) manual's synopsis too.matthew2014-07-181-3/+3
| | | | Reminded by Rafael Neves
* zap trailing whitespace;jmc2014-07-181-3/+3
|
* Change lsearch()'s "base" argument to require a non-const pointer tomatthew2014-07-181-2/+2
| | | | | | | align with POSIX and other systems. Pointed out by Elliott Hughes on tech ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-1810-36/+543
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* avoid errx(); Jonas Termansenderaadt2014-07-171-3/+5
|
* avoid sys/param.h; Jonas Termansenderaadt2014-07-174-10/+12
|
* it is 2014, and we still need to encourage people away from srand()deraadt2014-07-172-5/+14
| | | | and random(). Sigh.
* "Race-free because we're running single-threaded in a newderaadt2014-07-171-1/+5
| | | | | address space, and once allocated rs is never deallocated." document the forkhandler to save reviewers time, with matthew
* Missing bounds check in ssl3_get_certificate_request(), was not spotted inmiod2014-07-172-2/+12
| | | | 1.78; reported by Ilja Van Sprundel.
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-172-4/+8
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* Fix tlsext_tick_lifetime_hint value in test #2 to make sure themiod2014-07-161-29/+29
| | | | | (tlsext_tick_lifetime_hint > 0) test also passes on 32-bit platforms (tlsext_tick_lifetime_hint is a long).
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-162-2/+6
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* do not need a variable to track locking, since all code paths have itderaadt2014-07-162-10/+4
| | | | locked throughout.
* #ifdef wrap the _rs_forkhandlerderaadt2014-07-161-1/+3
|
* added handler for an atfork hook from kettenis@bcook2014-07-161-1/+10
| | | | ok deraadt@ beck@ kettenis@
* not needed anymorederaadt2014-07-142-1173/+0
|
* Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().miod2014-07-142-12/+12
| | | | From BoringSSL.
* whitespacederaadt2014-07-1445-172/+172
|
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-142-54/+38
| | | | ok tedu
* Add configuration handling for certificate and key files.jsing2014-07-133-7/+22
|
* Add stubs for the proposed server API.jsing2014-07-133-1/+72
|
* Stop leaking internal library pointers in error messages.jsing2014-07-132-4/+4
| | | | Requested by miod@
* Tabs, not spaces.jsing2014-07-133-22/+22
|
* Rename the context allocation from ressl_new to ressl_client, which makesjsing2014-07-133-1/+30
| | | | | it completely obvious what the context is for. Ensure client functions are used on client contexts.
* Split the context allocation out from the configuration. This will allowjsing2014-07-132-5/+14
| | | | | | us to properly report errors that occur during configuration processing. Discussed with tedu@
* Move the client code into a separate file.jsing2014-07-133-161/+185
|
* Rename various configuration handling functions.jsing2014-07-132-13/+14
| | | | Requested by and discussed with tedu@.
* Use a single ressl.h header file.jsing2014-07-135-45/+18
| | | | Discussed with beck@ and tedu@.
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-132-2/+4
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-132-118/+108
|
* tweak previous;jmc2014-07-131-2/+2
|
* missing bracket in previous;jmc2014-07-131-2/+2
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-132-52/+594
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-132-54/+2
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-132-4/+2
|
* Expand the tlsext_sigalg macros. The end result is about the same numberjsing2014-07-132-32/+38
| | | | | | of lines and much more readable. ok miod@
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-132-150/+196
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* Add a regress test for the ASN1 handling of SSL session tickets.jsing2014-07-133-1/+389
|
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1340-145/+155
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-132-2/+4
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-1319-27/+27
|
* Warn about the use of BUF_strdup.miod2014-07-131-2/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 05:48:37 +0000