summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Convert the handful of manuals that had imaginary names,schwarze2015-11-1213-1154/+2210
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1130-56/+99
| | | | | | entry for them; feedback/ok schwarze
* Convert five more manuals from POD to mdoc.schwarze2015-11-1111-463/+638
| | | | | I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
* Convert and enable CMS manuals.schwarze2015-11-1133-1253/+2040
| | | | Already some time ago, bcook@ said these can be installed.
* update NAME section to include all documented functions,jmc2015-11-106-18/+18
| | | | | | or otherwise change Dt to reflect the name of an existing function; feedback/ok schwarze
* SSL_CTX_sess_set_remove mlink should be SSL_CTX_sess_set_remove_cb;jmc2015-11-101-2/+2
|
* libc.so can't be unloaded, so move the hidden atexit() and pthread_atfork()guenther2015-11-101-1/+13
| | | | | | | | | | | stubs for the executable from crtbegin.o into libc, which lets them be excluded from static links that don't use them. For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini sections for libc aren't called at the right times anyway, so it's good that they're unused. libc.so just needs __guard_local and the .note.openbsd.ident section, so add them to stack_protector.c for now (this will be improved) "good time" deraadt@
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* Make sure we use a sigjmp_buf in the sigsetjmp() part of the test.miod2015-11-084-4/+7
|
* inet(4), not inet(3);jmc2015-11-081-3/+3
|
* Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2015-11-062-4/+4
| | | | reported by Ruslan Babayev.
* Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2015-11-052-10/+10
| | | | | | | | | 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
* Mention ROTL() is always invoked with a proper shift value, due to the way themiod2015-11-052-2/+4
| | | | | CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
* bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2015-11-032-6/+6
| | | | | | Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
* Fix typo in comment of previous commit: "that that".reyk2015-11-022-6/+6
|
* bump minors after adding EVP_aead_chacha20_poly1305_ietf()reyk2015-11-025-5/+5
| | | | OK jsing@
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-027-41/+298
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* delete old lint ARGSUSED commentsguenther2015-11-011-2/+1
|
* KNF; from Rob Piercederaadt2015-11-011-3/+3
|
* print unsigned ints with %u, not %d. Reported by Pascal Cuoq.miod2015-10-301-2/+2
|
* Add explicit LL suffixes to the numerical constants which do not fit in 32 bits.miod2015-10-301-8/+8
|
* Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod2015-10-304-2/+6
| | | | | relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
* Change test to use length 128 (shortest long-form encoding).libressl-v2.3.1doug2015-10-251-2/+2
| | | | From BoringSSL commit: d13a5e15d4e4eb51513be665306a2beba39869df
* Move the _atfork_list definition to atexit.c so that the fork syscall stubguenther2015-10-251-1/+5
| | | | | | doesn't get pulled into all static executables ok millert@ jca@
* Hide __atexit and __atexit_register_cleanup()guenther2015-10-253-4/+12
| | | | | | | | Wrap __cxa_{atexit,finalize}() so the call from exit() goes direct Switch regress/lib/libc/atexit/ to be built with -static so that it can still access __atexit* ok millert@ jca@
* Sort the obsolete flags.doug2015-10-252-12/+12
|
* Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2015-10-252-10/+8
| | | | | | For backward compatibility, the flags are redefined as 0. ok jsing@
* Remove last vestige of SSL_OP_NO_SSLv3 support.doug2015-10-252-8/+2
| | | | | | No part of LibreSSL checks for this flag any longer. ok jsing@
* Simplify ssl23_get_client_hello error handling.doug2015-10-252-52/+52
| | | | | | | | | | ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
* Missing initializer; spotted by coverity.miod2015-10-251-2/+2
|
* The only thing that was translated into multiple languages in OpenBSDbluhm2015-10-251-23/+1
| | | | | | | | | are the errno messages and signal names. Everything else is in English. We are not planning to translate more text. Running a mixed system with less than 1% of the text in native language makes no sense. So remove the NLS support from libc messages. The catopen(3) functions stay as they are. OK stsp@ mpi@
* Use sigaction() instead of signal() to avoid pulling in unnecessaryguenther2015-10-251-3/+5
| | | | | | | wrappers. To keep uses from crawling back in, mark signal() as deprecated inside libc. ok deraadt@
* Use dprintf() instead of fprintf() in the signal handlerguenther2015-10-251-3/+4
|
* Cast ctype functions' arguments to unsigned char.mmcc2015-10-231-5/+5
|
* Switch if_nameindex(3) to use the new NET_RT_IFNAMES sysctl to get theclaudio2015-10-233-88/+73
| | | | | | | | list of interface names. At the same time switch if_nametoindex(3) and if_indextoname(3) to use if_nameindex(3) instead of getifaddrs(3). if_nameindex(3) exposes much less then getifaddrs(3) and is allowed by pledge(2). With and OK deraadt@
* Add ifnameindex to te libc regress testsclaudio2015-10-231-3/+3
|
* Initial pledge of netcat - unfortunately flawed because fiddling the rtableidbeck2015-10-231-1/+27
| | | | | | | in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff
* Use waitpid() instead of wait() to avoid returning early from another childguenther2015-10-231-2/+3
| | | | | | exiting, and loop the waitpid() on EINTR ok deraadt@ millert@
* Loop the waitpid() on EINTR, and save and restore the disposition ofguenther2015-10-231-9/+12
| | | | | | | SIGINT and SIGQUIT with sigaction() instead of signal() so that all bits are preserved. ok deraadt@ millert@
* Merge the sigaction() and sigprocmask() overloads/wrappers from libpthreadguenther2015-10-232-9/+9
| | | | | | | | | into libc, and move pthread_sigmask() as well (just a trivial wrapper). This provides consistent handling of SIGTHR between single- and multi-threaded programs and is a step in the merge of all the libpthread overloads, providing some ASM and Makefile bits that the other wrappers will need. ok deraadt@ millert@
* Cast ctype function arguments to unsigned char.mmcc2015-10-221-2/+2
| | | | ok guenther@
* Add a regress test for if_indextoname() and if_nametoindex()claudio2015-10-222-0/+42
|
* Another change that is needed to restore the previous behaviour ofjsing2015-10-222-10/+6
| | | | | | | ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
* Restore previous behaviour and allowjsing2015-10-222-4/+14
| | | | | | | | ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
* Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULLjsing2015-10-221-1/+19
| | | | | | | pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set.
* Fix case where we wanted to test ASN1_TIME_set_string() but were testingjsing2015-10-222-6/+6
| | | | ASN1_UTCTIME_set_string() twice instead.
* Add a regress for libc handling of SIGTHRguenther2015-10-222-0/+71
|
* Reject too small bits value in BN_generate_prime_ex(), so that it does not riskmiod2015-10-216-8/+44
| | | | | | | | becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@
* In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 codejsing2015-10-212-126/+2
| | | | | | | | | | | | | | will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@
* Lob a style(9) grenade in here.jsing2015-10-206-344/+370
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 20:28:23 +0000