summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* If crypt(3) is called with an unknown setting, return NULL insteadbluhm2015-05-131-1/+3
| | | | | of some undefined value. OK tedu@
* Add dlclose(3) to SEE ALSOguenther2015-05-121-2/+3
| | | | ok millert@ jmc@ schwarze@
* When checking flags that will be passed to open(), test the O_ACCMODE portionguenther2015-05-111-2/+3
| | | | | | separately to avoid false negatives. ok miod@ millert@
* Make this run on strict alignment architectures.miod2015-05-081-6/+9
|
* Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@sthen2015-05-041-0/+381
|
* use strdup() to init stringderaadt2015-04-302-6/+4
| | | | ok doug millert
* Add whitespace and replace OPENSSL_free with free in documentation.doug2015-04-296-22/+22
| | | | ok jsing@
* Call CBB_add_space() rather than reimplementing it.doug2015-04-292-4/+4
| | | | ok jsing@
* Rename cbb_buffer_add_u to cbb_add_u and remove redundant code.doug2015-04-292-30/+12
| | | | | | | All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base. cbb_add_u() now has that common code in one place. ok jsing@
* Added len_len error checking for internal cbb_buffer_add_u().doug2015-04-292-2/+8
| | | | ok jsing@
* Call CBS_mem_equal() rather than reimplementing it.doug2015-04-292-6/+4
| | | | ok jsing@
* Avoid NULL deref in CBS_get_any_asn1_element().doug2015-04-292-4/+6
| | | | | | This function is documented as allowing NULL for out_header_len. ok jsing@
* Added error checking for len argument in cbs_get_u().doug2015-04-292-2/+8
| | | | tweak + ok jsing@
* free() can handle NULL.doug2015-04-292-16/+8
| | | | ok jsing@
* Reject dNSName of " " for subjectAltName extension.doug2015-04-291-1/+20
| | | | | | RFC 5280 says " " must not be used as a dNSName. ok jsing@ jca@
* Add missing BN_CTX_end() calls.doug2015-04-298-36/+36
| | | | | | | | After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@
* Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.bcook2015-04-272-4/+6
| | | | Include it if we have the sysctl syscall.
* Support AIX versions without WPAR support.bcook2015-04-272-2/+10
| | | | From Michael Felt.
* Don't ignore the reference count in X509_STORE_free.doug2015-04-252-2/+10
| | | | | | | | | Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
* Check for invalid leading zeros in CBS_get_asn1_uint64.doug2015-04-253-8/+20
| | | | | | | | | | ASN.1 integers cannot have all zeros or all ones for the first 9 bits. This rule ensures the numbers are encoded with the smallest number of content octets (see ITU-T Rec X.690 section 8.3.2). Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16 ok deraadt@ jsing@
* Do not need to buf[0] = 0 before strlcpy(buf, ...deraadt2015-04-232-4/+2
|
* Only set the cipher list if one was specified and actually check the returnjsing2015-04-151-7/+12
| | | | | | | value from SSL_CTX_set_cipher_list(). Also remove pointless getenv() handling. ok bcook@ doug@
* Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing2015-04-156-42/+30
| | | | | | | | | | ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
* Now that tls_close() is more robust, consider a failure to be fatal.jsing2015-04-151-1/+1
|
* Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Alsojsing2015-04-151-5/+6
| | | | | | | ensure that outlen is set to zero so that tls_read() has read(2) like semantics for EOF. Spotted by doug@
* Make tls_close() more robust - do not rely on a close notify being receivedjsing2015-04-151-13/+17
| | | | | | | | | | | from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we failed to send a close notify on a non-blocking socket. Otherwise be more forceful and always shutdown/close the socket regardless of other failures. Also do not consider ENOTCONN or ECONNRESET to be a shutdown failure, since there are various situations where this can occur. ok doug@ guenther@
* Another couple of commas in the wrong place, ok jmcnicm2015-04-141-3/+3
|
* Move verify externs into the header file.jsing2015-04-144-12/+8
|
* Convert openssl(1) s_time to new option handling.jsing2015-04-141-201/+178
| | | | ok doug@
* Clean up and improve openssl(1) errstr:jsing2015-04-141-21/+28
| | | | | | | | | - Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL return value in a more appropriate manner. - Use stroul() instead of sscanf() with appropriate error checking. ok doug@
* Convert openssl(1) errstr to new option handling.jsing2015-04-131-6/+34
| | | | ok bcook@ doug@
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-124-88/+4
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Send OPENSSL_issetugid() straight to hell, no final cigarette.deraadt2015-04-117-34/+6
| | | | | | | | | | | | | | | | | | | The issetugid() API is supposed to make a strong promise where "0 means it is safe to look at the environment". Way back in the past someone on the OpenSSL team responded to the environment access danger by creating a wrapper called OPENSSL_issetugid, and went to use it a number of places. However, by default on systems lacking true issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False safety. Which means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite. Can you believe the OpenSSL team? This nastiness was noticed over the years, however noone could gain traction and get it fixed in OpenSSL. Also see a paragraph about this in http://www.tedunangst.com/flak/post/worst-common-denominator-programming ok jsing
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-1113-115/+30
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* Put back a goto end that was unintentionally removed.jsing2015-04-111-1/+2
| | | | Spotted by doug@
* Convert openssl(1) pkeyparam to new option handling.jsing2015-04-111-61/+74
|
* Make pthread_atfork() track the DSO that called it like atexit() does,guenther2015-04-073-2/+81
| | | | | | | | | | unregistering callbacks if the DSO is unloaded. Move the callback handling from libpthread to libc, though libpthread still overrides the inner call to handle locking and thread-library reinitialization. Major version bump for both libc and libpthread. verification that this fixes various ports ajacoutot@ asm assistance miod@; ok millert@ deraadt@
* bludgeon DES support out of crypt. long live the bcrypt.tedu2015-04-062-761/+9
|
* improve realloc. when expanding a region, actually use the free page cachetedu2015-04-061-7/+16
| | | | | instead of simply zapping it. this can save many syscalls in a program that repeatedly grows and shrinks a buffer, as observed in the wild.
* readdir() is thread-safe when DIR handles aren't shared, so delete the lock.guenther2015-04-062-6/+2
| | | | | | | (POSIX is fixing its description: readdir_r() was a botch) Patch from Carlos Mart�n Nieto (cmn (at) dwim.me) no -portable concerns bcook@
* comma fix;jmc2015-04-031-3/+3
|
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-022-8/+14
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Correct man page title.jsing2015-04-021-2/+2
| | | | | | Diff from Tim van der Molen. ok jmc@
* Document the fact that the tls_accept_*() functions can returnjsing2015-04-021-7/+11
| | | | | | TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
* Bump libtls minor due to API addition.jsing2015-03-311-1/+1
|
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-314-9/+39
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled atjsing2015-03-314-44/+4
| | | | | | | compile time, which we do not do and are unlikely to ever do. Additionally, there are two runtime configurable alternatives that exist. ok bcook@ doug@
* Store errors that occur during a tls_accept_socket() call on the contextjsing2015-03-314-11/+12
| | | | | | | for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen.
* add initial AIX getentropy/arc4random files. Thanks to Michael Felt.bcook2015-03-304-0/+1002
|
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-2716-206/+112
| | | | | | in four different places. ok doug@ guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 05:12:31 +0000