summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/system.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-12-30copy bcrypt autotune from encrypt(1) and expose via crypt_newhashtedu2-5/+43
ok deraadt miod
2014-12-29don't leak timing info about padding errors by generating a fake keytedu2-10/+20
afterwards. openssl has a more complicated fix, but it's less intrusive for now to simply hoist the expensive part (fake key generation) up without sweating a branch or two. ok bcook jsing
2014-12-28Fix subtle typo.jsing1-2/+2
2014-12-28Add regress tests for default option handling.jsing1-1/+48
2014-12-28Allow a default option to be specified by having a NULL name, but a validjsing1-4/+4
option type. In this case process the option as per normal.
2014-12-28Add regress tests for multiple argument callback functions.jsing1-1/+38
2014-12-28Provide an option type that allows for a callback function to consume anjsing2-3/+12
arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
2014-12-28Add option parsing regress tests with end of options handling.jsing1-17/+50
2014-12-28Teach option parsing that a single hyphen denotes the end of named optionsjsing1-2/+14
(as currently only implemented by some of the openssl(1) applications).
2014-12-28Add regress tests for option parsing with multiple unnamed arguments.jsing1-3/+45
2014-12-28Provide a mechanism for option parsing to return the number of argumentsjsing7-14/+22
that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
2014-12-28Update regress to match change in unnamed argument handling.jsing1-6/+5
2014-12-28Only accept a single unnamed argument - the existing behaviour is tojsing1-1/+12
silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
2014-12-28Slightly simplify options parsing logic.jsing1-65/+58
2014-12-28Update options regress to match option function pointer change.jsing1-4/+4
2014-12-28Provide two different function pointers for option function callbacks. Thisjsing4-13/+14
allows for simpler code in the common cases and will allow for further extension to support the complex cases.
2014-12-28Provide initial regress tests for the complex option parsing that is neededjsing3-1/+239
for openssl(1), which is also variable in behaviour between applications (and currently inconsistent).
2014-12-27include netinet/in.h to define struct in6_addr.bcook1-1/+2
Noticed while testing libtls on FreeBSD.
2014-12-24simplify crypt_checkpass. The API promise is that this function doesn'ttedu1-11/+5
use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
2014-12-24Clean up CIPHERS and related sections:lteo1-154/+10
- Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
2014-12-19CA.sh and CA.pl are gonelteo1-6/+1
2014-12-19Sync message digest algorithms with the ones actually implemented inlteo1-9/+29
"openssl dgst". feedback/ok jmc@
2014-12-17Add size_t to int checks for SSL functions.doug3-8/+39
libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
2014-12-16typo; ok deraadtsthen2-3/+3
2014-12-16warn for correct symbolderaadt1-2/+2
2014-12-16Now that we have Camellia support in libcrypto, bring in the SHA256 flavour ofmiod4-4/+328
the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
2014-12-15Move 40MB of .rodata and 40MB of stack to .bss; allows this test to run onmiod1-3/+7
platforms with small MAXTSIZ or MAXSSIZ.
2014-12-15Add error handling for EVP_DigestInit_ex().doug15-56/+98
A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
2014-12-14unconditionally align SSL payloadsbcook6-78/+36
Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
2014-12-14Convert all of the straight forward client handshake handling code to usejsing6-212/+134
the new handshake functions. ok miod@
2014-12-14Provide functions for starting, finishing and writing SSL handshakejsing6-8/+120
messages. This will allow for removal of repeated/duplicated code. Additionally, DTLS was written by wholesale copying of the SSL/TLS code, with some DTLS specifics being added to the duplicated code. Since these SSL handshake message functions know how to handle both SSL/TLS and DTLS, upon conversion the duplicate versions will become identical (or close to), at which point the DTLS versions can be removed and the SSL/TLS versions used for both protocols. Partially based on similar changes in OpenSSL. ok miod@
2014-12-14Remove trailing whitespace.jsing59-559/+559
2014-12-14unifdef OPENSSL_NO_NEXTPROTONEGjsing1-12/+0
2014-12-14Remove redundant NULL checks before free - BN_free(), BIO_free_all() andjsing1-17/+12
EC_GROUP_free() all have implicit NULL checks.
2014-12-14unifdef OPENSSL_NO_NEXTPROTONEGjsing4-41/+4
2014-12-14unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing12-130/+12
mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
2014-12-14unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currentlyjsing2-46/+2
enabled and I would hope that no one is using client certificates with DTLS and Netscape, assuming it even supported it... ok bcook@ miod@
2014-12-12catch up with swab.c rev. 1.9:schwarze1-5/+23
update SYNOPSIS and DESCRIPTION and add STANDARDS
2014-12-12Increase cipher suite test coverage by including all cipher suites thatjsing1-5/+5
use RSA authentication, rather than only those that use RSA key exchange.
2014-12-11update swab() to match the current posix definition. "rationale: none."tedu1-50/+24
rewrite the function to be simpler as well. the compiler can unroll the loop for us if necessary. ok schwarze
2014-12-10ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing17-42/+115
calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
2014-12-10Remove support for GOST R 34.10-94 signature authentication, along withjsing18-154/+30
the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
2014-12-10Add ALPN support to openssl(1).jsing2-11/+95
Based on OpenSSL.
2014-12-10Add regress for ALPN.jsing2-1/+180
Based on OpenSSL.
2014-12-10libssl major++jsing2-2/+2
2014-12-10Add support for ALPN.jsing10-16/+594
Based on OpenSSL and BoringSSL. ok bcook@
2014-12-10add stdint.h to ssl.h.bcook2-2/+6
ok jsing@
2014-12-10fix previous.daniel1-2/+4
2014-12-09Xr and Ox fixes;jmc3-12/+18
2014-12-09random seed buffer must be unsignedderaadt1-2/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 18:20:31 +0000