summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* more standardsier: cast to int to make sure we keep the negative numbers.tedu2014-12-091-2/+2
| | | | observed by jonas termansen
* Oops, got the sense of the test backwards. Hilarious that we didn't spot it.deraadt2014-12-081-1/+1
|
* Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48()deraadt2014-12-0813-159/+267
| | | | | | | | | | | | | | | | | to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are unaffected by this change and remain in deterministic mode (for now). Verified as a good roadmap forward by auditing 8800 pieces of software. Roughly 60 pieces of software will need adaptation to request the deterministic mode. Violates POSIX and C89, which violate best practice in this century. ok guenther tedu millert
* delete documentation for deleted DES interfacestedu2014-12-082-87/+3
|
* remove cfree from documentationtedu2014-12-081-19/+3
|
* delete obsolete sunos cfree function. ok deraadt millert naddytedu2014-12-082-42/+3
|
* remove setkey and encrypt interfaces. they are useless and dangerous.tedu2014-12-083-116/+9
| | | | ok deraadt naddy
* Use platform-defined method of printing a pointer.bcook2014-12-082-4/+4
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
* avoid left shift overflow in reallocarray.bcook2014-12-081-2/+2
| | | | | | | | Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-073-21/+27
| | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@
* Make GOST compile with a strict C compiler - in this case incrementing ajsing2014-12-076-20/+24
| | | | | | | void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
* Correctly output the result in STREEBOG512_Final() when running on a big-endianmiod2014-12-072-10/+56
| | | | system. *blush*
* Fix a memory leak in tls_check_subject_altname() by callingjsing2014-12-071-2/+2
| | | | | | | sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter only frees the stack itself and does not free the items. From Basskrapfen on github.
* Make sure to load absolute symbol address with `dla' instead of `la' whenmiod2014-12-074-10/+34
| | | | generating code for 64-bit mips userland.
* revert previous change for now, adjusting based on comments from jsing@bcook2014-12-074-36/+27
|
* Revert to the use of C code for the basic BN routines (bn_add_words,miod2014-12-072-4/+14
| | | | | bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
* Remove OPENSSL_FIPSCANISTER mentions.miod2014-12-078-34/+2
|
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-27/+36
| | | | | | | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@
* Remove get_optional_pkey_id() - it is a hack that existed due to GOSTjsing2014-12-072-92/+16
| | | | | | | | | | only sometimes being available... and when it was available it was via the crypto engine. GOST is now part of libcrypto proper. Instead of trying to do EVP PKEY lookups via string literals and the ASN1 interfaces, lookup the methods directly using the appropriate NID. ok bcook@
* fix manual names that clash with other manualsschwarze2014-12-064-4/+4
|
* delete four MLINKS that are both duplicate and wrongschwarze2014-12-061-5/+1
|
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-064-34/+42
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* malloc(3) is in the "comp" install set, malloc.conf(5) in "man",schwarze2014-12-062-128/+10
| | | | | | breaking the hardlink between file system entries, confusing apropos(1). Split malloc.conf(5) out of malloc(3) as suggested by deraadt@. Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
* Remove now bogus comment that got missed in the GOST commit.jsing2014-12-062-10/+4
|
* Fix some horrible style(9) violations...jsing2014-12-062-126/+126
|
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-068-198/+52
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-066-222/+248
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-062-4/+6
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-062-6/+30
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
* add missing .Fn macros in the SYNOPSIS; found with mandoc.db(5)schwarze2014-12-042-10/+10
|
* Move Windows OS-specific functions to make porting easier.bcook2014-12-035-53/+183
| | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
* We're not supporting 16-bit Windows, remove cast.bcook2014-12-032-6/+4
| | | | ok jsing@ deraadt@
* handle the (impossible) situation of a size_t - 1 buffer fromderaadt2014-12-032-4/+4
| | | | | EC_POINT_point2oct so that later allocation does not overflow with miod
* Spotted another opportunity to use reallocarray().deraadt2014-12-032-4/+4
| | | | ok miod
* Add brainpool curves to eccurves_default[], accidentally missing from 1.32;miod2014-12-022-4/+10
| | | | from OpenSSL HEAD via Thomas Jakobi.
* add some openbsd tags, and a first pass at cleanup;jmc2014-12-02166-210/+708
|
* macro cleanup; kaspars at bankovskis dot netschwarze2014-12-022-49/+55
|
* Replace all 14 instances of .St -ansiC-99 in our tree with .St -isoC-99.schwarze2014-11-3011-33/+33
| | | | | | The former is not used anywhere in NetBSD, FreeBSD, or DragonFly and not supported by groff, so i'm going to delete it from mandoc(1). We don't need two macros for the same thing.
* obvious STANDARDS updateschwarze2014-11-302-14/+10
|
* restructure libc/string + libc/arch/*/string coperation regardingderaadt2014-11-308-155/+309
| | | | | | | | | | | | | | | | (potentially) MD versions (function dependent, not filename dependent) split out memcpy/memmove/bcopy and strchr/index/strrchr/rindex Bring back amd64 .S versions And the final touch: switch all architectures temporarily to MI memcpy.c, which contains syslog + abort for overlapping copies. A nice harsh undefined behaviour. We will clean the entire userland of the remaining issues in this catagory, then switch to the optimised memcpy which skips the memmove check. I tried to cut this change into pieces, but testing each sub-step on every architecture is too time consuming and mindnumbing. ok miod
* Remove non-portable use of .Pf that doesn't work with groff;schwarze2014-11-302-16/+8
| | | | found because the groff_mdoc(7) macros warn about it.
* Ensure that sess_cert is not NULL at the start ofjsing2014-11-272-50/+18
| | | | | | | ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
* Avoid a double-free in an error path.jsing2014-11-272-4/+2
| | | | | | Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
* Avoid a NULL dereference in the DTLS client that can be triggered by ajsing2014-11-272-2/+18
| | | | | | | | | | | | crafted server response used in conjunction with an anonymous DH or anonymous ECDH ciphersuite. Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in copied code. Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
* remove superflous gettimeofday wrapper.bcook2014-11-262-18/+4
| | | | ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
* memset like a normal human.bcook2014-11-262-20/+20
| | | | ok beck@ tedu@ miod@
* normalize set/getsockopt usage.bcook2014-11-266-90/+54
| | | | | | | | | | Remove the remaining random casts on optval. Fixups for this can be handled by the portability layer all in once place. Remove remaining fake socklen_t unions, though beck@ points out that this also removes support for socklen_t changing its length at runtime. RIP. ok tedu@ beck@ miod@ deraadt@
* Linux has had IP_MTU since 2005, don't force it.bcook2014-11-262-16/+8
| | | | ok beck@ miod@ tedu@ deraadt@
* rand() is a pseudo-random number generatormillert2014-11-251-3/+3
|
* Don't describe random() as "better".millert2014-11-251-5/+5
| | | | | Remove the bug about rand() being faster. Add a bug about historical implementations seeding very poorly.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-18 13:37:02 +0000