summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* delete obsolete sunos cfree function. ok deraadt millert naddytedu2014-12-082-42/+3
|
* remove setkey and encrypt interfaces. they are useless and dangerous.tedu2014-12-083-116/+9
| | | | ok deraadt naddy
* Use platform-defined method of printing a pointer.bcook2014-12-082-4/+4
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
* avoid left shift overflow in reallocarray.bcook2014-12-081-2/+2
| | | | | | | | Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
* remove duplicate initialization of .sid_ctx in testbcook2014-12-071-3/+1
|
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-24/+34
| | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@
* Make GOST compile with a strict C compiler - in this case incrementing ajsing2014-12-076-20/+24
| | | | | | | void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
* Correctly output the result in STREEBOG512_Final() when running on a big-endianmiod2014-12-072-10/+56
| | | | system. *blush*
* Fix a memory leak in tls_check_subject_altname() by callingjsing2014-12-071-2/+2
| | | | | | | sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter only frees the stack itself and does not free the items. From Basskrapfen on github.
* Make sure to load absolute symbol address with `dla' instead of `la' whenmiod2014-12-074-10/+34
| | | | generating code for 64-bit mips userland.
* revert previous change for now, adjusting based on comments from jsing@bcook2014-12-074-36/+27
|
* Revert to the use of C code for the basic BN routines (bn_add_words,miod2014-12-072-4/+14
| | | | | bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
* Remove OPENSSL_FIPSCANISTER mentions.miod2014-12-078-34/+2
|
* Remove unused variable.jsing2014-12-071-5/+1
| | | | From Benjamin Baier <programmer at netzbasis.de>
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-074-27/+36
| | | | | | | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@
* Handle GF(2^m) EC curves for C code generation.jsing2014-12-071-5/+7
| | | | From Minux Ma.
* Remove get_optional_pkey_id() - it is a hack that existed due to GOSTjsing2014-12-072-92/+16
| | | | | | | | | | only sometimes being available... and when it was available it was via the crypto engine. GOST is now part of libcrypto proper. Instead of trying to do EVP PKEY lookups via string literals and the ASN1 interfaces, lookup the methods directly using the appropriate NID. ok bcook@
* fix manual names that clash with other manualsschwarze2014-12-064-4/+4
|
* delete four MLINKS that are both duplicate and wrongschwarze2014-12-061-5/+1
|
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-064-34/+42
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* malloc(3) is in the "comp" install set, malloc.conf(5) in "man",schwarze2014-12-062-128/+10
| | | | | | breaking the hardlink between file system entries, confusing apropos(1). Split malloc.conf(5) out of malloc(3) as suggested by deraadt@. Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
* Remove now bogus comment that got missed in the GOST commit.jsing2014-12-062-10/+4
|
* Fix some horrible style(9) violations...jsing2014-12-062-126/+126
|
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-068-198/+52
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-066-222/+248
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-062-4/+6
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-062-6/+30
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
* The -ssl2 flag does nothing - remove the flag and any tests that werejsing2014-12-062-34/+4
| | | | using it.
* add missing .Fn macros in the SYNOPSIS; found with mandoc.db(5)schwarze2014-12-042-10/+10
|
* Allow overriding the path to the testssl and openssl binaries.bcook2014-12-031-9/+9
| | | | | | | This is needed by the portable tree to point directly to the newly-built binaries when running unit tests. discussed with jsing@ and others
* Move Windows OS-specific functions to make porting easier.bcook2014-12-034-31/+165
| | | | | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on Windows. Sorry, these are no-op on other platforms. ok jsing@ deraadt@
* Move Windows OS-specific functions to make porting easier.bcook2014-12-035-53/+183
| | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
* We're not supporting 16-bit Windows, remove cast.bcook2014-12-032-6/+4
| | | | ok jsing@ deraadt@
* handle the (impossible) situation of a size_t - 1 buffer fromderaadt2014-12-032-4/+4
| | | | | EC_POINT_point2oct so that later allocation does not overflow with miod
* Spotted another opportunity to use reallocarray().deraadt2014-12-032-4/+4
| | | | ok miod
* Fill the buffer with 'z' instead of 'a' since 'a' is part of themillert2014-12-032-38/+150
| | | | | | | string we are testing. Add tests to verify that we get SIGSEGV when passed a NULL src or dst. It is better to crash than for an implementation to check for NULL and try to recover.
* Add brainpool curves to eccurves_default[], accidentally missing from 1.32;miod2014-12-022-4/+10
| | | | from OpenSSL HEAD via Thomas Jakobi.
* Add simple strlcpy regressmillert2014-12-023-3/+123
|
* convert select() to poll(). This is one of the most complicatedderaadt2014-12-022-40/+63
| | | | | | conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.
* Conversion of braindead select() path to braindead poll() path.deraadt2014-12-021-17/+17
| | | | Also looked at by bcook
* Add simple strlcat regressmillert2014-12-023-2/+124
|
* Add strnlen to SUBDIRS so we actually run its tests.millert2014-12-021-2/+2
|
* add some openbsd tags, and a first pass at cleanup;jmc2014-12-02166-210/+708
|
* macro cleanup; kaspars at bankovskis dot netschwarze2014-12-022-49/+55
|
* Replace all 14 instances of .St -ansiC-99 in our tree with .St -isoC-99.schwarze2014-11-3011-33/+33
| | | | | | The former is not used anywhere in NetBSD, FreeBSD, or DragonFly and not supported by groff, so i'm going to delete it from mandoc(1). We don't need two macros for the same thing.
* obvious STANDARDS updateschwarze2014-11-302-14/+10
|
* restructure libc/string + libc/arch/*/string coperation regardingderaadt2014-11-308-155/+309
| | | | | | | | | | | | | | | | (potentially) MD versions (function dependent, not filename dependent) split out memcpy/memmove/bcopy and strchr/index/strrchr/rindex Bring back amd64 .S versions And the final touch: switch all architectures temporarily to MI memcpy.c, which contains syslog + abort for overlapping copies. A nice harsh undefined behaviour. We will clean the entire userland of the remaining issues in this catagory, then switch to the optimised memcpy which skips the memmove check. I tried to cut this change into pieces, but testing each sub-step on every architecture is too time consuming and mindnumbing. ok miod
* Remove non-portable use of .Pf that doesn't work with groff;schwarze2014-11-302-16/+8
| | | | found because the groff_mdoc(7) macros warn about it.
* Ensure that sess_cert is not NULL at the start ofjsing2014-11-272-50/+18
| | | | | | | ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
* Avoid a double-free in an error path.jsing2014-11-272-4/+2
| | | | | | Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 21:27:29 +0000