| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
There was no limitation for the length of openssl conf value.
This brings possibility of out-of-memory problem as oss-fuzz had detected.
This diff restricts the length of conf value up to 64k.
ok jsing@
|
| |
|
|
|
| |
here, just the normal version.
ok jsing@
|
| |
|
|
|
|
|
|
| |
This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as
OpenSSL. As a result, by default the openssl.conf file is not loaded during
autoinit, which makes autoinit safe for pledge(stdio).
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well
thread safety modifications for the existing LibreSSL init
functions. The initialization routines are called automatically
by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
| |
|
|
| |
ok bcook
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok doug millert
|
| |
|
|
|
|
|
|
|
| |
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
| |
|
|
| |
15 years.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
| |
|
|
|
| |
NULL before an intrinsic strdup.
ok miod@
|
| |
|
|
|
|
| |
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
|
| |
|
|
| |
via OpenSSL trunk.
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| |
|
|
|
|
| |
are needed in the source files that actually require them.
ok beck@ miod@
|
| |
|
|
|
|
| |
Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@
|
| |
|
|
| |
ok beck@ jsing@
|
| |
|
|
| |
ok miod
|
| | |
|
| | |
|
| |
|
|
|
|
| |
and others to the regress framework. These remaining ones just
muddle us up when re-reading code repeatedly.
ok jsing
|
| |
|
|
| |
ok miod
|
| |
|
|
| |
ok tedu guenther
|
| | |
|
| |
|
|
| |
ok to firebomb from tedu@
|
| |
|
|
|
|
|
| |
including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
| |
|
|
|
| |
declaration to pass -Wextra, should we want to add it to CFLAGS.
No binary change.
|
| |
|
|
|
|
|
|
| |
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
| | |
|
| |
|
|
|
|
| |
truncation is either desirable, not an issue, or is detected and handled later
ok deraadt@
|
| |
|
|
|
|
| |
funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat
for API comptibility only.
ok tedu@
|
| | |
|
| |
|
|
|
| |
"dance on it's grave" says beck
ok guenther beck
|
| |
|
|
|
|
|
| |
malloc it, do unbounded strlcpy's to it... but instead of asnprintf.
While there, let's put a '/' between the two path components! Wonder
how old that bug is..
ok guenther
|
| |
|
|
| |
ok miod@ lteo@
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| | |
|
| |
|
|
|
| |
with the bearded ones...
some API's that nobody should be using will dissapear with this commit.
|
| |
|
|
|
| |
where the return value is ignored changing to (void) snprintf.
ok deraadt@
|
| |
|
|
|
| |
that it is easier to find code pieces. They are getting in the way.
ok miod
|
| | |
|
| | |
|
| |\
| |
| | |
branch.
|
| | | |
|
