summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_err.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-11-11add missing functions to NAME, or otherwise correct the mlinkjmc30-56/+99
entry for them; feedback/ok schwarze
2015-11-11Convert five more manuals from POD to mdoc.schwarze11-463/+638
I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
2015-11-11Convert and enable CMS manuals.schwarze33-1253/+2040
Already some time ago, bcook@ said these can be installed.
2015-11-10update NAME section to include all documented functions,jmc6-18/+18
or otherwise change Dt to reflect the name of an existing function; feedback/ok schwarze
2015-11-10SSL_CTX_sess_set_remove mlink should be SSL_CTX_sess_set_remove_cb;jmc1-2/+2
2015-11-10libc.so can't be unloaded, so move the hidden atexit() and pthread_atfork()guenther1-1/+13
stubs for the executable from crtbegin.o into libc, which lets them be excluded from static links that don't use them. For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini sections for libc aren't called at the right times anyway, so it's good that they're unused. libc.so just needs __guard_local and the .note.openbsd.ident section, so add them to stack_protector.c for now (this will be improved) "good time" deraadt@
2015-11-09update some client/server info; from jan klemkowjmc1-5/+5
ok jsing
2015-11-08Make sure we use a sigjmp_buf in the sigsetjmp() part of the test.miod4-4/+7
2015-11-08inet(4), not inet(3);jmc1-3/+3
2015-11-06Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2-4/+4
reported by Ruslan Babayev.
2015-11-05Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2-10/+10
24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
2015-11-05Mention ROTL() is always invoked with a proper shift value, due to the way themiod2-2/+4
CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
2015-11-03bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2-6/+6
Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
2015-11-02Fix typo in comment of previous commit: "that that".reyk2-6/+6
2015-11-02bump minors after adding EVP_aead_chacha20_poly1305_ietf()reyk5-5/+5
OK jsing@
2015-11-02Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk7-41/+298
"ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
2015-11-01delete old lint ARGSUSED commentsguenther1-2/+1
2015-11-01KNF; from Rob Piercederaadt1-3/+3
2015-10-30print unsigned ints with %u, not %d. Reported by Pascal Cuoq.miod1-2/+2
2015-10-30Add explicit LL suffixes to the numerical constants which do not fit in 32 bits.miod1-8/+8
2015-10-30Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod4-2/+6
relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
2015-10-25Change test to use length 128 (shortest long-form encoding).libressl-v2.3.1doug1-2/+2
From BoringSSL commit: d13a5e15d4e4eb51513be665306a2beba39869df
2015-10-25Move the _atfork_list definition to atexit.c so that the fork syscall stubguenther1-1/+5
doesn't get pulled into all static executables ok millert@ jca@
2015-10-25Hide __atexit and __atexit_register_cleanup()guenther3-4/+12
Wrap __cxa_{atexit,finalize}() so the call from exit() goes direct Switch regress/lib/libc/atexit/ to be built with -static so that it can still access __atexit* ok millert@ jca@
2015-10-25Sort the obsolete flags.doug2-12/+12
2015-10-25Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2-10/+8
For backward compatibility, the flags are redefined as 0. ok jsing@
2015-10-25Remove last vestige of SSL_OP_NO_SSLv3 support.doug2-8/+2
No part of LibreSSL checks for this flag any longer. ok jsing@
2015-10-25Simplify ssl23_get_client_hello error handling.doug2-52/+52
ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
2015-10-25Missing initializer; spotted by coverity.miod1-2/+2
2015-10-25The only thing that was translated into multiple languages in OpenBSDbluhm1-23/+1
are the errno messages and signal names. Everything else is in English. We are not planning to translate more text. Running a mixed system with less than 1% of the text in native language makes no sense. So remove the NLS support from libc messages. The catopen(3) functions stay as they are. OK stsp@ mpi@
2015-10-25Use sigaction() instead of signal() to avoid pulling in unnecessaryguenther1-3/+5
wrappers. To keep uses from crawling back in, mark signal() as deprecated inside libc. ok deraadt@
2015-10-25Use dprintf() instead of fprintf() in the signal handlerguenther1-3/+4
2015-10-23Cast ctype functions' arguments to unsigned char.mmcc1-5/+5
2015-10-23Switch if_nameindex(3) to use the new NET_RT_IFNAMES sysctl to get theclaudio3-88/+73
list of interface names. At the same time switch if_nametoindex(3) and if_indextoname(3) to use if_nameindex(3) instead of getifaddrs(3). if_nameindex(3) exposes much less then getifaddrs(3) and is allowed by pledge(2). With and OK deraadt@
2015-10-23Add ifnameindex to te libc regress testsclaudio1-3/+3
2015-10-23Initial pledge of netcat - unfortunately flawed because fiddling the rtableidbeck1-1/+27
in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff
2015-10-23Use waitpid() instead of wait() to avoid returning early from another childguenther1-2/+3
exiting, and loop the waitpid() on EINTR ok deraadt@ millert@
2015-10-23Loop the waitpid() on EINTR, and save and restore the disposition ofguenther1-9/+12
SIGINT and SIGQUIT with sigaction() instead of signal() so that all bits are preserved. ok deraadt@ millert@
2015-10-23Merge the sigaction() and sigprocmask() overloads/wrappers from libpthreadguenther2-9/+9
into libc, and move pthread_sigmask() as well (just a trivial wrapper). This provides consistent handling of SIGTHR between single- and multi-threaded programs and is a step in the merge of all the libpthread overloads, providing some ASM and Makefile bits that the other wrappers will need. ok deraadt@ millert@
2015-10-22Cast ctype function arguments to unsigned char.mmcc1-2/+2
ok guenther@
2015-10-22Add a regress test for if_indextoname() and if_nametoindex()claudio2-0/+42
2015-10-22Another change that is needed to restore the previous behaviour ofjsing2-10/+6
ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
2015-10-22Restore previous behaviour and allowjsing2-4/+14
ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
2015-10-22Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULLjsing1-1/+19
pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set.
2015-10-22Fix case where we wanted to test ASN1_TIME_set_string() but were testingjsing2-6/+6
ASN1_UTCTIME_set_string() twice instead.
2015-10-22Add a regress for libc handling of SIGTHRguenther2-0/+71
2015-10-21Reject too small bits value in BN_generate_prime_ex(), so that it does not riskmiod6-8/+44
becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@
2015-10-21In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 codejsing2-126/+2
will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@
2015-10-20Lob a style(9) grenade in here.jsing6-344/+370
2015-10-19free rbio before wbiobeck2-14/+14
ok jsing@