openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2014-06-30	simplify and unobfuscate a variable to fix a mem leak.	tedu	2	-12/+18
	original diff by logan
2014-06-30	fix the identical leak in three different files.	tedu	6	-12/+18
	reported by Brent Cook, original diff by logan
2014-06-29	Free "data" when it's no longer in use.	logan	1	-1/+2
	(Thanks to Brent Cook) OK from jsing@
2014-06-29	Fix file descriptor leak	logan	1	-1/+2
	(Thanks to Brent Cook) OK from jsing@
2014-06-29	Remove yet another unused file... a backup copy (minus copyright and	jsing	2	-132/+0
	includes) follows this commit message:
2014-06-29	KNF.	jsing	22	-3212/+3126
	I just spent too long chasing a bug in here and really should have done this first. Gem of the day... is it an if test or a for loop? No, it is a super ifloop! if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
2014-06-29	Remove another unused source file - I got suspicious when I found a	jsing	2	-920/+0
	function that ended with: if (ret & 0x01) if (ret & V_ASN1_CONSTRUCTED) }
2014-06-29	More KNF.	jsing	2	-64/+98

2014-06-29	correct issetugid sense as spotted by Stijn van Drongelen.	deraadt	2	-6/+14
	Substantially expand the conditional to reduce potential for error.
2014-06-28	Add a missing word.	jca	2	-2/+2

2014-06-28	Fix a memory leak and another one that occurs in the error paths.	logan	2	-4/+12
	(Thanks to Brent Cook) OK from tedu@
2014-06-28	Fix 9 memory leaks.	logan	2	-2/+20
	(Thanks to Brent Cook) With help from tedu@ OK from tedu@
2014-06-28	Fix 2 memory leaks.	logan	2	-2/+6
	(Thanks to Brent Cook) OK from tedu@
2014-06-28	Use strtonum() instead of atoi(), and then impose what are we think	deraadt	13	-102/+211
	are the current range checks. Help from millert and lteo. Please test now that it is deployed and let us know if any numbers are off.. ok lteo
2014-06-27	When building a BN on the stack in BN_div(), make sure to initialize all its	miod	2	-2/+4
	fields (i.e. the flags field) before using it. This is currently harmless, but might not be if we end up invoking other BN functions checking for constant-time processing requirement in the future.
2014-06-27	re-init and init code paths are now more shared, so the getpid()-based	deraadt	1	-2/+3
	portable code path must handle that; with brent cook
2014-06-27	extra evil spaces snuck in over the last while	deraadt	1	-20/+20

2014-06-27	Move to a smaller rbytes buffer and skip a random part. Not to	otto	1	-3/+4
	improve the random stream itself (it doesn't), but to introduce noise in the arc4random calling pattern. Thanks to matthew@ who pointed out bias in a previous diff, ok deraadt@ matthew@
2014-06-27	save_errno botch; spotted by miod	deraadt	2	-4/+4

2014-06-27	hand-KNF macro the do { } while loops	deraadt	8	-80/+98

2014-06-27	hand-KNF the remaining bits	deraadt	2	-196/+212

2014-06-27	Remove M_ASN1_New* macros which are only used in X509_PKEY_new() are obfuscate	miod	4	-44/+32
	it to hide memory leaks in the error paths, and fix aforementioned memory leaks. ok jsing@ logan@ deraadt@
2014-06-26	Add back an #ifndef MAP_INHERIT_ZERO chunk to support the old getpid()	deraadt	1	-1/+13
	mechanism, to aid in portability to other systems as requested. ok matthew
2014-06-26	save errno in ERR_put_error(), so that SYSerr doesn't have any accidental	deraadt	2	-2/+6
	cases where errno can be trashed. ok jsing
2014-06-26	fix HD() misuse; from brent cook	deraadt	2	-4/+4

2014-06-25	AT_BASE returns us the address of the start of ld.so, so	beck	2	-4/+4
	use the address, not what it points to (which is always the same) ok deraadt@
2014-06-25	get the page of data at AT_SYSINFO_EHDR	beck	2	-4/+4
	ok deraadt@
2014-06-25	comment fixes from theo	beck	2	-10/+12

2014-06-25	Possibly obtain a little bit of entropy from addresses returned	beck	2	-4/+46
	by getauxval if we have it. ok deraadt@
2014-06-25	O_NOFOLLOW would be very nice to have here if the version of linux	beck	2	-20/+22
	we are running supports it. from enh@google.com
2014-06-25	Alexander Schrijver posted a diff to remove references to the c_rehash script,	jmc	1	-6/+5
	which we don;t have in base. after some discussion with jca, i've not removed these references, but tried to make it clearer it's distributed with openssl and not included in base;
2014-06-25	document why we explicit_bzero	deraadt	1	-2/+2

2014-06-24	Unifdef -UNO_SYS_TYPES_H	miod	10	-40/+18

2014-06-24	Remove previously commented out wrong code, as well as the comment saying this	miod	2	-6/+2
	is incorrect code.
2014-06-24	Remove ancient workaround for previous century's compilers in the declaration	miod	2	-4/+2
	of CRYPTO_EX_DATA; riding upon the libcrypto major bump.
2014-06-24	Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals it	miod	5	-1256/+4
	should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
2014-06-24	Crank libcrypto major since my previous commit changed the size of the	jsing	2	-2/+2
	ChaCha context. Other changes will also ride this crank.
2014-06-24	If a chacha operation does not consume all of the generated key stream,	jsing	6	-14/+92
	ensure that we save it and consume it on subsequent writes. Otherwise we end up discarding part of the key stream and instead generate a new block at the start of the next write. This was only an issue for callers that did multiple writes that are not multiples of 64 bytes - in particular, the ChaCha20Poly1305 usage does not hit this problem since it performs encryption in a single-shot. For the same reason, this is also a non-issue when openssl(1) is used to encrypt with ChaCha. Issue identified by insane coder; reported to bugs@ by Joseph M. Schwartz. ok beck@
2014-06-24	Extend the chacha regress to cover the ChaCha interface, in addition to the	jsing	1	-22/+99
	single-shot CRYPTO_chacha_20() interface (the ChaCha interface was already tested via the EVP regress, but not extensively). The additional ChaCha tests include single-shot writes, along with partial/single-byte writes that currently fail due to a bug in the underlying implementation.
2014-06-24	Some KNF.	jsing	2	-12/+24

2014-06-24	Replace 48 lines of code with a single inet_pton() call. The previous	jsing	2	-96/+6
	handrolled version could not even make use of sscanf(), since that would not work with a certain antiquated compiler. It is worth noting that there is a tiny change in behaviour - previously calling BIO_get_host_ip() with something that looked like it might be a valid IP address (for example, "1." or even ".") would result in it returning failure rather than trying a BIO_gethostbyname() - now we'll always try a BIO_gethostbyname() if it was not a valid IPv4 address. ok beck@ miod@ deraadt@
2014-06-24	Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magically	jsing	2	-32/+6
	appear by itself. ok beck@ miod@
2014-06-24	Fix memory leak.	logan	1	-2/+4
	Thanks to Brenk Cook. OK from miod@
2014-06-23	Since this is a library, place issetugid() before every getenv()	deraadt	10	-26/+48
	ok miod
2014-06-23	unbreak build of getentropy_sysctl - we need linux/sysctl.h, and	beck	2	-36/+42
	RANDOM_UUID is an enum member.
2014-06-23	unbreak - main needs to be extern in here somewhere.	beck	2	-2/+4

2014-06-22	KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and	guenther	2	-48/+88
	multiline comments ok jsing@
2014-06-22	Add regress tests for BIO_get_host_ip().	jsing	1	-2/+70

2014-06-22	BIO_sock_init() no longer does anything, so stop calling it.	jsing	2	-20/+2

2014-06-22	Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.	jsing	2	-28/+8