| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
These were disabled and the internals that need to remain were fixed.
Time for this garbage to go.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of heaps of unchecked strlcpy/strlcat/snprintf doing hard to follow
gymnastics, use a byte string, a somewhat comprehensible computation of the
number of bytes to dump per output line and write using checked BIO_printf()
directly to the BIO.
Longer strings will still overflow the terminal width of 80 and even longer
strings will still overflow the return value (undefined behavior). I don't
care much about the former but the latter should be fixed in a later pass.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
apache-httpd uses BIO_dump(), libssl uses BIO_dump_indent(), and the
openssl(1) app uses both. Otherwise this is unused. This is horribly
bad code even by libcrypto standards.
By doing away with the callbacks fixes incorrect error checking for
fwrite() but there is a lot more wrong in here. This can be cleaned
up in a later pass, the only concern here is to be able to remove the
unused variants in the next major bump.
ok beck
|
| | |
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Passing an indent value of 67 results in DUMP_WIDTH_LESS_IDENT returning a
value of zero, which is promptly used for division. Likewise, passing a
value larger than 67 results in a negative value being returned.
Prevent this by limiting indent to 64 (which matches OpenSSL's current
behaviour), as well as ensuring that dump_width is > 0.
Should fix oss-fuzz #52464 and #52467.
ok miod@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
is pure comedy gold, and now documented as such, sadly this bit of pure
Muppet genius can't really in good consience stay in the tree as is.
Change BIO_dump to always return the number of bytes printed on success
and to stop printing and return -1 on failure if a writing function
fails.
ok tb@, jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
return the number of items read of written.
When you intend to return the number of bytes actually processed, it is
wise to pass 1 as the item size and the size as the number of items.
But in *some* places, the OpenSSL does the opposite, and has extra logic
to change a successful return of 1 (item processed) into the real size.
And, guess why it does that? Because of old VMS, for they (used to) have a
substandard stdio implementation.
Note that this change causes the return values of BIO_dump_fp() and
BIO_dump_indent_fp() to no longer be useless (actual number of callback calls),
but actual bytes output. Given the irrelevance of the return value before,
it is unlikely that anything depends upon it (and if something does, it
probably has other problems in need for a fix...)
ok tedu@ beck@ jsing@
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
| |
are needed in the source files that actually require them.
ok beck@ miod@
|
| | |
|
| |
|
|
| |
ok to firebomb from tedu@
|
| | |
|
| |
|
|
|
|
| |
truncation is either desirable, not an issue, or is detected and handled later
ok deraadt@
|
| |
|
|
|
|
| |
funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat
for API comptibility only.
ok tedu@
|
| |
|
|
|
|
|
|
| |
- Because they're not like us, son. They use macros to wrap stdio routines,
for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
obfuscate the code.
ok tedu@
|
| | |
|
| |
|
|
|
| |
with the bearded ones...
some API's that nobody should be using will dissapear with this commit.
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| |
|
|
|
| |
where the return value is ignored changing to (void) snprintf.
ok deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
