summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-01-13Add the possibility to use the openssl s_client tool with an httpbluhm1-4/+24
proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@
2015-01-13Implement more thorough error checks:lteo1-12/+38
- Check the return value of every relevant function call. - If BIO_new() returns NULL instead of a valid BIO, do not attempt to blindly use the NULL value as a BIO throughout the rest of the code. - Ensure that bio_out is freed by BIO_free_all() at the end of all error paths. ok doug@
2015-01-12rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,tedu1-9/+9
nor are they the same size.
2015-01-12Fix a memory leak in bss_dgram.doug2-6/+26
Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
2015-01-08Convert spkac.c to the new option handling code.doug1-100/+137
input + ok jsing@
2015-01-08Convert pkcs8.c to the new option handling code.doug1-157/+220
Minor KNF in a few places too. input + ok jsing@
2015-01-08Convert asn1pars.c to the new option handling.doug1-137/+206
Also, removed a few useless if null checks. input from bcook@ input + ok jsing@
2015-01-08missing , found by Dongsheng Songderaadt1-3/+3
2015-01-08Avoid a double-free in an error path.doug2-2/+4
ok jsing@ beck@
2015-01-07stupid me. need errno.htedu1-1/+2
2015-01-07set errno = EINVAL for invalid salts and hashes in most functions.tedu1-12/+20
remember to set EACCES in bcrypt_checkpass for hash differences. the higher level crypt_checkpass function will reset errno to EACCES in all cases, which is probably the right behavior, but this change gives code working with the lower level functions the correct errno if they care.
2015-01-07mix in more virtual memory and process informationbcook2-4/+8
2015-01-06add initial HP-UX getentropy/arc4random support.bcook4-0/+992
patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
2015-01-05rename kern enter/exit macros to malloc enter/leave to better reflecttedu1-7/+7
what's going on.
2015-01-05Convert openssl(1) passwd to new option handling.jsing1-119/+151
ok doug@
2015-01-05convert clock() to clock_gettime() for improved precision (and accuracy?)tedu1-7/+9
guenther suggested using thread time, which actually may improve accuracy if somebody puts this in a threaded program.
2015-01-05Zap a reference to .rnd, which is likely the last RANDFILE remnant onlteo1-3/+2
this man page. ok jsing@
2015-01-03Fix incorrect OPENSSL_assert() usage.doug2-48/+106
Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
2015-01-03Check the return values of several reallocarray() calls. While here,lteo3-3/+17
also check the return value of an adjacent malloc() call. ok jsing@
2015-01-02Rename the tls_connect_socket() parameter 'socket' to 's' to avoidbluhm1-4/+4
a compiler warning about shadowing a global declaration. OK jsing@
2015-01-02Remove ifdef statements for TIMES and USE_TOD; they don't do anything,lteo1-5/+1
apart from introducing a bug where the -elapsed option is not listed in the usage output when it should be. feedback/ok bcook@ jsing@
2015-01-01Provide option types for binary AND, binary OR and silently discarding anjsing2-2/+13
option.
2015-01-01Convert the openssl(1) enc command to the new option parsing and usage.jsing1-250/+382
With input from doug@
2015-01-01Revert previous; tls_accept_socket() was intentionally undocumentedschwarze1-7/+1
because the API design isn't fully settled. Requested by jsing@ and tedu@.
2015-01-01minimally document tls_accept_socket();schwarze1-2/+8
patch from Sunil at Nimmagadda dot net
2014-12-30copy bcrypt autotune from encrypt(1) and expose via crypt_newhashtedu2-5/+43
ok deraadt miod
2014-12-29don't leak timing info about padding errors by generating a fake keytedu2-10/+20
afterwards. openssl has a more complicated fix, but it's less intrusive for now to simply hoist the expensive part (fake key generation) up without sweating a branch or two. ok bcook jsing
2014-12-28Fix subtle typo.jsing1-2/+2
2014-12-28Add regress tests for default option handling.jsing1-1/+48
2014-12-28Allow a default option to be specified by having a NULL name, but a validjsing1-4/+4
option type. In this case process the option as per normal.
2014-12-28Add regress tests for multiple argument callback functions.jsing1-1/+38
2014-12-28Provide an option type that allows for a callback function to consume anjsing2-3/+12
arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
2014-12-28Add option parsing regress tests with end of options handling.jsing1-17/+50
2014-12-28Teach option parsing that a single hyphen denotes the end of named optionsjsing1-2/+14
(as currently only implemented by some of the openssl(1) applications).
2014-12-28Add regress tests for option parsing with multiple unnamed arguments.jsing1-3/+45
2014-12-28Provide a mechanism for option parsing to return the number of argumentsjsing7-14/+22
that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
2014-12-28Update regress to match change in unnamed argument handling.jsing1-6/+5
2014-12-28Only accept a single unnamed argument - the existing behaviour is tojsing1-1/+12
silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
2014-12-28Slightly simplify options parsing logic.jsing1-65/+58
2014-12-28Update options regress to match option function pointer change.jsing1-4/+4
2014-12-28Provide two different function pointers for option function callbacks. Thisjsing4-13/+14
allows for simpler code in the common cases and will allow for further extension to support the complex cases.
2014-12-28Provide initial regress tests for the complex option parsing that is neededjsing3-1/+239
for openssl(1), which is also variable in behaviour between applications (and currently inconsistent).
2014-12-27include netinet/in.h to define struct in6_addr.bcook1-1/+2
Noticed while testing libtls on FreeBSD.
2014-12-24simplify crypt_checkpass. The API promise is that this function doesn'ttedu1-11/+5
use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
2014-12-24Clean up CIPHERS and related sections:lteo1-154/+10
- Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
2014-12-19CA.sh and CA.pl are gonelteo1-6/+1
2014-12-19Sync message digest algorithms with the ones actually implemented inlteo1-9/+29
"openssl dgst". feedback/ok jmc@
2014-12-17Add size_t to int checks for SSL functions.doug3-8/+39
libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
2014-12-16typo; ok deraadtsthen2-3/+3
2014-12-16warn for correct symbolderaadt1-2/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 20:35:34 +0000