| Commit message (Collapse) | Author | Files | Lines |
|---|
|
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
- make VKO_compute_key() no longer void so that it can return failure.
- fix unchecked allocations in too many routines to mention /-:
- fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(),
VKO_compute_key().
- fix the gost2001_do_sign() interface violation by having its sole caller
free the BIGNUM it passes to that function by itself, instead of having
the callee do this.
Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
|
|
|
|
|
|
return the number of items read of written.
When you intend to return the number of bytes actually processed, it is
wise to pass 1 as the item size and the size as the number of items.
But in *some* places, the OpenSSL does the opposite, and has extra logic
to change a successful return of 1 (item processed) into the real size.
And, guess why it does that? Because of old VMS, for they (used to) have a
substandard stdio implementation.
Note that this change causes the return values of BIO_dump_fp() and
BIO_dump_indent_fp() to no longer be useless (actual number of callback calls),
but actual bytes output. Given the irrelevance of the return value before,
it is unlikely that anything depends upon it (and if something does, it
probably has other problems in need for a fix...)
ok tedu@ beck@ jsing@
|
|
CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song <dongsheng.song@gmail.com>
|
|
other allocations in the same block couldn't.
problem pointed out by David Ramos on the openssl-dev list
ok miod@ doug@
|
|
|
|
|
|
|
|
instead of a printf and a success return, when the operation fails.
|
|
`gost_' prefix to them, so that we do not pollute the global namespace too
much.
|
|
|
|
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.
|
|
This functionality was already available (and optional), and used in the
bowels of the ASN.1 code. This exposes it as a public interface, which will
be used by the upcoming GOST code.
Crank libcrypto minor version.
From Dmitry Eremin-Solenikov.
|
|
necessary for upcoming GOST code.
From Dmitry Eremin-Solenikov
|
|
|
|
|
|
|
|
Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL.
|
|
which was already done for libssl some time back.
|
|
|
|
diff From: Mike Burns
(though my fix differs a bit)
|
|
|
|
DTLS (whatever that is) instead of for TLS too. ok jsing.
|
|
|
|
The FreeBSD-native arc4random_buf implementation falls back to weak sources of
entropy if the sysctl fails. Remove these dangerous fallbacks by overriding
locally.
Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with pthread_atfork()
simply fail silently. So, it is not always possible to detect a PID wraparound.
I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation.
Tested on FreeBSD 9 and 10.
|
|
established using a pair of existing file descriptors.
Based on a diff/request from Jan Klemkow.
Rides previous libtls rename/library bump.
Discussed with tedu@.
|
|
that use these algorithms (and SEED was removed from libcrypto some time
ago).
ok doug@
|
|
|
|
|
|
Based on OpenSSL.
|
|
there are backwards compatible names/aliases for EDH.
|
|
drafts are now RFCs. Also add the TLS extension type for ALPN and be
consistent with RFC reference formatting.
|
|
|
|
|
|
This allows an SSL server to enable DHE ciphers with a single setting,
which results in an DH key being generated based on the server key length.
Partly based on OpenSSL.
|
|
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
|
|
|
|
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
|
|
|
|
don't want to give people the idea that this is non-portable (it
has been present since C89). OK deraadt@ schwarze@
|
|
would be the next stage of embiggening. restore 16k.
|
|
if one pipe stalls out. from a diff by Arne Becker.
(buffer size left alone for now)
|
|
ok jsing@ miod@
|
|
ok doug@ jsing@
|
|
POLLHUP too. OK deraadt@
|
|
programs.
ok deraadt@ millert@
|
|
Suggested by millert@ and schwarze@.
OK schwarze@, millert@
|
|
of p12->mac->salt->data has actually succeeded.
In one of my trees for a long time already...
|
