summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add RETURN VALUES section and .Xr to memmem(3).schwarze2016-05-111-3/+4
| | | | | From Michal Mazurek <akfaew at jasminek dot net>. OK tedu@
* Oops: the caching of TCB address in single-threaded processes on archs withguenther2016-05-101-2/+2
| | | | slow TCB_GET (alpha, arm, mips64, sh) was broken when I switched CPP symbols.
* Fix mangled function signatures.jsing2016-05-091-5/+5
| | | | From Carlin Bingham <cb at viennan dot net>, thanks!
* Use a Thread Information Block in both single and multi-threaded programs.guenther2016-05-073-135/+252
| | | | | | | | | | | | | | | | | This stores errno, the cancelation flags, and related bits for each thread and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable! Make libpthread dlopen'able by moving the cancelation wrappers into libc and doing locking and fork/errno handling via callbacks that libpthread registers when it first initializes. 'errno' *must* be declared via <errno.h> now! Clean up libpthread's symbol exports like libc. On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec. Testing by various, particularly sthen@ and patrick@ ok kettenis@
* fix for integer overflow in encode and encrypt update functions.tedu2016-05-044-12/+22
| | | | | | additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
* fix a padding oracle in aesni cbc mac check. there must be enough datatedu2016-05-042-2/+8
| | | | | for both the mac and padding bytes. CVE-2016-2107 from openssl
* internal only negative types should not be handled here.tedu2016-05-046-18/+6
| | | | CVE-2016-2108 from openssl.
* be careful about consuming excessive memory by reading in chunks.tedu2016-05-042-28/+74
| | | | CVE-2016-2109 from openssl.
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-0414-110/+60
|
* prefer limits.h over sys/limits.hbcook2016-05-032-4/+4
|
* patch from openssl for multiple issues:tedu2016-05-0316-60/+530
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* Remove a vax remnant (that was really a no-op anyway).millert2016-05-021-3/+1
|
* Remove old NeXT-specific cruft. From mmcc@millert2016-05-011-13/+1
|
* spelling fix;jmc2016-04-281-2/+2
|
* Crank majors for lib{crypto,ssl,tls} due to symbol removals, symboljsing2016-04-285-5/+5
| | | | additions and functionality changes.
* Factor our the keypair handling in libtls. This results in more readablejsing2016-04-287-52/+164
| | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
* Rework the error handling in libtls so that we can associate errors withjsing2016-04-285-28/+90
| | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
* don't go into an unbreakable infinite loop during operations suchtedu2016-04-282-2/+4
| | | | | as reading passwords. allow ^C to break. the pain was mine, the fix is miod's.
* Implement the IETF ChaCha20-Poly1305 cipher suites.jsing2016-04-2810-92/+336
| | | | | | | | | Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-286-30/+30
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* Allow setenv(3) and putenv(3) to operate on a NULL environ pointer.millert2016-04-251-11/+15
| | | | | | The getenv(3) and unsetenv(3) functions already support this. This will make it easier to emulate the glibc clearenv() function in ports. Based on a diff from and OK jca@
* no more outlen; from remcojmc2016-04-241-5/+3
| | | | ok bcook deraadt
* typos;jmc2016-04-241-3/+3
|
* fix typo in comment; ok becktj2016-04-192-4/+4
|
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-132-8/+8
| | | | EVP_aead_chacha20_poly1305_ietf().
* two times a define to an inline function, from Michael McConville; ok djm@otto2016-04-121-10/+19
|
* tweak MALLOC_STATS printing (switched off by default), prodded byotto2016-04-091-14/+14
| | | | Michael McConville
* redundant memset(3), from Michael McConville, ok armani@otto2016-04-091-2/+1
|
* Prefer _MUTEX_*LOCK over _THREAD_PRIVATE_MUTEX_*LOCK() when thread-specificguenther2016-04-052-8/+8
| | | | | | data isn't necessary. ok mpi@, ok&tweak natano@
* Update example in comment: setlogin doesn't use {PROTO,DEF}_WRAP() nowguenther2016-04-051-8/+8
|
* Document ``use after free'' error messageotto2016-04-031-2/+4
|
* for some time now mandoc has not required MLINKS to functionjmc2016-03-307-1233/+7
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-272-2/+6
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* fix the last bunch of NAME sections that were overlooked earlierschwarze2016-03-261-2/+9
| | | | | such that the MLINKS removal can be committed after this; OK jmc@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-214-8/+8
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-209-13/+13
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* properly guard to macrosmmcc2016-03-171-5/+5
| | | | ok otto@
* explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2016-03-172-48/+54
| | | | | | | information and they should not be a performance bottleneck ok miod@ krw@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-1510-18/+18
| | | | Started by diff from Mical Mazurek.
* small step towards multiple pools: move two globls into the struct dir_infootto2016-03-141-112/+126
| | | | ok @stefan armani@
* environ and __progname are not declared in a public header; declare themguenther2016-03-134-10/+4
| | | | | | in libc's hidden/stdlib.h instead of in each .c file that needs one ok deraadt@ gsoares@ mpi@
* Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook2016-03-134-4/+4
| | | | | | | | Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
* Add error handling to the remaining calls to bn_wexpand().bcook2016-03-124-32/+46
| | | | | | | Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
* Remove sentences in RETURN VALUES sections saying that functions withmmcc2016-03-1228-79/+14
| | | | | | | | | | | | | void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
* Bump for LibreSSL 2.4.0bcook2016-03-122-6/+6
|
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-1130-148/+92
| | | | ok doug@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-106-14/+14
|
* un-vax;jmc2016-03-101-3/+3
|
* http -> https for IETF/IANA URLs in commentsmmcc2016-03-072-8/+8
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-064-6/+18
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 18:09:06 +0000