summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add more functions (based on those used in OpenSSH) to the free NULL test.jsing2018-02-071-1/+19
|
* Restore the old behavior when a port number without a host name isbluhm2018-02-071-10/+12
| | | | | | passed to BIO_get_accept_socket(). This is part of the API and it fixes "openssl ocsp -port 12345" in server mode. from markus@; OK jsing@ beck@
* Do not call freeaddrinfo() with a NULL parameter.bluhm2018-02-061-2/+3
| | | | OK jsing@
* Remove manual shutdown and close of the socket since in this casetb2018-02-061-7/+1
| | | | | | SSL_free will do this a second time. ok jsing
* Respect the OPENSSL make variable everywhere so thattb2018-02-067-20/+22
| | | | | | | | | | make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl actually does the expected thing instead of running a mixture of both the openssl below /usr/obj and the one below /usr/bin. Found the hard way via backtraces that made no sense whatsoever. ok jsing
* Do not bother NULLing pointers in memory that is freed immediately after.jsing2018-02-051-3/+1
|
* Be consistent with the goto label names used in libtls code.jsing2018-02-054-51/+52
| | | | No change to generated assembly.
* keep in sync with ld.so malloc.cotto2018-01-301-2/+3
|
* word fix; from edgar pettijohnjmc2018-01-301-3/+3
|
* typootto2018-01-281-2/+2
|
* add malloc_threaderrotto2018-01-281-1/+2
|
* - An error in the multithreaded case could print the wrong function nameotto2018-01-281-12/+23
| | | | | | | - Start with a full page of struct region_info's - Save an mprotect in the init code: allocate 3 pages with none and make the middle page r/w instead of a r/w allocation and two calls to make the guard pages none
* Test for correct error when on thread allocates, and another does a double freeotto2018-01-282-0/+71
|
* Initialize variables to avoid compiler warningsinoguchi2018-01-283-6/+6
| | | | ok jsing@
* Update regress to match removal of ssl_parse_clienthello_tlsext().jsing2018-01-271-5/+8
|
* Complete the TLS extension handling rewrite for the server-side.jsing2018-01-275-98/+86
| | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
* Clarify the comment re the F5 EC curves extension bug.jsing2018-01-271-5/+6
| | | | Also reference the knowledge base article instead of a discussion thread.
* Convert ssl3_put_cipher_by_char() to CBB.jsing2018-01-271-9/+26
| | | | | | | While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@
* - do not junk pages returned by free_bytes(), all freed chunks are alreadyotto2018-01-261-19/+19
| | | | | junked - freezero(): only clear requested size
* Make the NEON codepaths conditional on __STRICT_ALIGNMENT not beingkettenis2018-01-243-5/+5
| | | | | | defined as they rely on unaligned access. ok joel@
* Zap the rotor, it was a wrong idea. Cluebat applied by kshe whootto2018-01-181-6/+3
| | | | | came also up with this diff. Simple, no bias and benchmarks show the extra random calls disappear in te measurement noise.
* Move to ffs(3) for bitmask scanning. I played with this earlier,otto2018-01-181-21/+11
| | | | | | | but at that time ffs function calls were generated instead of the compiler inlining the code. Now that ffs is marked protected in libc this is handled better. Thanks to kshe who prompted me to look at this again.
* Instead of trying to handle ffs() with the normal rename-mark-hidden-and-aliasguenther2018-01-182-4/+6
| | | | | | | dance, mark it protected. This works better for both gcc and clang: gcc blocks overriding of internal calls, while clang permits inlining again. ok otto@
* Add s_server and s_client -tlsextdebug messagesinoguchi2018-01-151-1/+9
| | | | ok sthen@ jsing@
* Adjust references for sysctl(3) to sysctl(2)deraadt2018-01-121-4/+4
|
* optimization and some cleanup; mostly from kshe (except the unmap() part)otto2018-01-081-67/+51
|
* On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunatelykettenis2018-01-075-12/+16
| | | | | | | | the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
* Remove unused extern variable in openssl(1) s_timeinoguchi2018-01-071-2/+1
| | | | | | | | | This extern variable appears not to be used. And it is overridden by local variable in doConnection(). This causes MSVC warning C4459 "declaration of 'verify_error' hides global declaration". OK millert@
* Only init chunk_info once, plus some moving of code to group related functions.otto2018-01-011-273/+267
|
* Initialise new_cipher in the serverhello TLS extensions test, to avoid ajsing2017-12-281-3/+14
| | | | | | | | | | NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@
* step one in avoiding unneccesary init of chunk_info;otto2017-12-271-65/+81
| | | | some cleanup; tested by sthen@ on a ports build
* Fix one possible buffer overflow and one underflow. Also some minormillert2017-12-241-20/+36
| | | | cleanups. From Jan Kokemueller. OK deraadt@
* Move __cxa_thread_atexit* to its own .c file to avoid pulling the codeguenther2017-12-164-39/+64
| | | | | | | (w/ _dlctl reference) into static executables. It's all Mark's code so put his preferred copyright on it. ok kettenis@
* bump to 2.7.0bcook2017-12-111-3/+3
|
* http://repzret.org/p/repzret/deraadt2017-12-113-8/+8
| | | | | | | | | | My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
* Make tls_config_parse_protocols() work correctly when passed a NULL pointerjsing2017-12-091-3/+5
| | | | | | for a protocol string. Issue found by semarie@, who also provided the diff.
* Add a regress test for tls_config_parse_protocols().jsing2017-12-093-1/+183
|
* Use a test value that fits into a long on both 32-bit and 64-bitjsing2017-12-091-9/+11
| | | | architectures, so that the regress passes on both.
* In the middle of CRYPTO_gcm128_finish() there is a complicated #ifdefderaadt2017-12-091-6/+8
| | | | | block which defines a variable late, after code. Place this chunk into a { subblock } to satisfy old compilers and old eyes.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Remove DEF_STRONG(__cxa_thread_atexit_impl). This produces an unwantedkettenis2017-12-051-2/+1
| | | | | _libc___cxa_thread_atexit_impl reference on gcc architectures that breaks the build.
* Seperate real and user timer interfacesjca2017-12-054-17/+15
| | | | | | | | | Use more descriptive names, and make it clearer that real and user timers work on different static storage. The end goal is to be able to reuse those timer functions, instead of inlining other timer implementations subject to clock jumps. Discussed with Scott Cheloha
* Implement __cxa_thread_atexit to support C++11 thread_local scope. Thekettenis2017-12-053-3/+58
| | | | | | | interface is also made available as __cxa_thread_atexit_impl to satisfy the needs of GNU libstdc++. ok guenther@, millert@
* Avoid using an uninitialized variable.visa2017-12-011-4/+6
| | | | | | Found by gcc. OK jca@
* Mixing -url with any of -host, -port, or -path should be a usage errorguenther2017-11-291-7/+8
| | | | | | | instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@
* add -i to SYNOPSIS/usage() and sundry tweaks;jmc2017-11-292-6/+8
| | | | ok beck
* clang doesn't propagate attributes like "asm labels" and "visibility(hidden)"guenther2017-11-294-11/+23
| | | | | | | | | to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when building with clang, instead mark those as protected visibility to get rid of the PLT relocations. We can't take the address of them then, but that's ok: it's a build-time error not a run-time error. ok kettenis@
* Add option -i to allow oscpcheck to be used to validate an on-disk staplebeck2017-11-282-49/+103
| | | | ok claudio@ benno@
* Add the missing STANDARDS section (kettenis@ noticed that these areschwarze2017-11-281-6/+14
| | | | | POSIX functions) and turn the weird DIAGNOSTICS section into a normal RETURN VALUES section while here.
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-282-41/+65
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 14:24:59 +0000