summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/recallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-08-13move endian/word size checks from runtime to compile timebcook4-325/+340
ok guenther@
2017-08-13Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.doug1-10/+38
Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
2017-08-13Convert the sigma and tau initialisers to byte arrays, rather than usingjsing1-3/+12
strings. The original code is perfectly valid C, however it causes some compilers to complain since it lacks room for a string NUL terminator and the compiler is not smart enough to realise that these are only used as byte arrays and never treated as strings. ok bcook@ beck@ inoguchi@
2017-08-13Remove support for the TLS padding extension.jsing2-39/+4
This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense. ok bcook@ beck@ doug@
2017-08-13Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG.jsing2-27/+4
This was a workaround for a server that needed to talk GOST to old/broken CryptoPro clients. This has no impact on TLS clients that are using GOST. ok bcook@ beck@ doug@
2017-08-12Rewrite the TLS status request extension to use the new TLS extension framework.beck4-178/+307
ok jsing@
2017-08-12Minimize #includes, particularly to avoid thread_private.hguenther2-7/+3
ok tedu@
2017-08-12Add regress coverage for the TLS signature algorithms extension.jsing1-1/+163
2017-08-12Convert TLS signature algorithms extension handling to the new framework.jsing6-63/+99
ok beck@ doug@
2017-08-12bump to 2.6.1bcook1-3/+3
2017-08-12Rewrite session ticket TLS extension handling using CBB/CBS and the newdoug4-66/+447
extension framework. ok jsing@ beck@
2017-08-12Remove NPN test coverage.jsing2-129/+1
2017-08-12Remove NPN support - the -nextprotoneg options now become no-ops.jsing4-113/+13
ok bcook@ beck@ doug@
2017-08-12Remove NPN support.jsing7-377/+28
NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
2017-08-12errant whitespacebeck1-3/+3
2017-08-12fix resource leaks, ok @guentherbcook1-3/+7
2017-08-12Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deletingschwarze5-6/+173
the read accessors we don't have and fixing the prototypes - the data type of each and every argument differs in the OpenSSL manuals. Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@.
2017-08-12New manual page SSL_set_tmp_ecdh(3) written from scratch.schwarze4-7/+112
Feedback and OK jsing@.
2017-08-12Remove lots of outdated information found by jsing@.schwarze1-192/+14
OK jsing.
2017-08-12Document tls_config_set_dheparams().jsing1-4/+13
2017-08-12Document tls_reset().jsing1-2/+13
2017-08-12Update the TLSv1.2 Client Hello messages, due to the removal of DSAjsing1-20/+18
sigalgs.
2017-08-12Remove support for DSS/DSA, since we removed the cipher suites a whilejsing9-85/+16
back. ok guenther@
2017-08-12Clear the child pointer in CBB_cleanup(), so that we have fewer pointersjsing1-1/+2
hanging around to potentially invalid address space. Discussed with beck@ and doug@
2017-08-11remove bogus ".POD" from .Dt name; noticed by jsing@schwarze1-3/+3
2017-08-11Be consistent with goto labels, failure flag and use of FAIL macro.jsing1-128/+105
2017-08-11doug@ added code in here as well.jsing1-1/+2
2017-08-11Sort by extension/function name.jsing1-577/+576
2017-08-11I don't think eay will ever fix this...jsing1-2/+2
2017-08-11style(9) in ssl_set_cert_masks().jsing1-7/+7
2017-08-11Rewrite EllipticCurves TLS extension handling using CBB/CBS and the newdoug5-77/+472
extension framework. input + ok jsing@
2017-08-11Convert ssl3_send_certificate_request() to CBB.jsing3-63/+73
ok beck@ doug@
2017-08-11new sentence, new line;jmc1-3/+4
2017-08-11Add doug@'s copyright since he just added code to these two files.jsing2-2/+4
2017-08-11Bump minor due to symbol addition.jsing1-1/+1
Prompted by jsg@, since I apparently left it sitting in my tree...
2017-08-11Rewrite the ECPointFormats TLS extension handling using CBB/CBS and thedoug5-148/+595
new extension framework. input + ok jsing@
2017-08-10Add a tls_config_set_ecdhecurves() function to libtls, which allows thejsing7-34/+108
names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
2017-08-10Clean up the EC key/curve configuration handling.jsing7-120/+54
Over the years OpenSSL grew multiple ways of being able to specify EC keys (and/or curves) for use with ECDH and ECDHE key exchange. You could specify a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via a callback that was provided with insufficient information (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to problems (like ECDHE not being enabled) and potential weird configuration (like being able to do ECDHE without the ephemeral part...). We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs. The only exception is the SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous behaviour by configuring the curve of the given EC key as the only curve being enabled. Everything else becomes a no-op. ok beck@ doug@
2017-08-10first draft of tests for newlocale(3), duplocale(3), uselocale(3)schwarze2-0/+268
2017-08-09Pull out the code that identifies if we have an ECC cipher in the cipherjsing3-34/+52
list or if we are negotiating an ECC cipher in the handshake. This dedups some of the existing code and will make the EC extension rewrites easier. ok doug@
2017-08-09Don't use tls_cert_hash for the hashing used by the engine offloading magicclaudio3-11/+24
for the TLS privsep code. Instead use X509_pubkey_digest() because only the key should be used as identifier. Relayd is rewriting certificates and then the hash would change. Rename the hash is struct tls_keypair to pubkey_hash to make clear what this hash is about. With input and OK jsing@
2017-08-09Consistently return from each SSL/SSL_CTX control case, rather thanjsing1-33/+27
breaking from some and returning from others.
2017-08-09Split out the remaining SSL_CTX controls into individual functions.jsing1-40/+88
2017-08-09Start splitting out SSL_CTX controls into individual functions, so thatjsing1-71/+92
they can eventually be exposed as direct functions/symbols.
2017-08-09Be consistent and return from each SSL control case, rather than breakingjsing1-18/+10
from some.
2017-08-09Split out the remaining SSL controls into individual functions.jsing1-46/+93
2017-08-09Split more controls into individual functions.jsing1-64/+91
2017-08-09Start splitting out controls into individual functions, so that they canjsing1-29/+63
eventually be exposed as direct functions/symbols.
2017-08-09Remove unnecessary curly braces and unindent. Also add a few blank linesjsing1-11/+13
for readability.
2017-08-09Fix conditionals for DH controls.jsing1-3/+3
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-30 03:46:46 +0000