summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix an oversight that caused the test program to segfault:schwarze2016-05-261-2/+2
| | | | Don't try to calculate strlen(NULL).
* systematically test all combinations of REG_STARTEND, REG_NEWLINE,schwarze2016-05-261-9/+85
| | | | and REG_NOTBOL with line and word anchors
* support for testing REG_STARTEND together with REG_NOTBOLschwarze2016-05-261-1/+4
|
* use -nameopt esc_msb so "NetLock Kft" cert has the non-asciijsg2016-05-251-2/+2
| | | | | | and non-utf8 bytes escaped. ok sthen@
* Remove iruserok(_sa)? and __ivaliduser(sa)?guenther2016-05-232-90/+20
| | | | ok millert@ deraadt@
* Eliminate __check_rhosts_file and __rcmd_errstr: they were only used byguenther2016-05-231-5/+1
| | | | | | rlogind and rshd (remember them?) ok deraadt@
* Stop exposing <sys/localedef.h> and various symbols internal to the libcguenther2016-05-231-0/+106
| | | | | | | locale implementation: _{Current,Default}*Locale, __[mn]locale_changed, __mb_len_max_runtime ok millert@ schwarze@ deraadt@
* Fix a short-read bug in the previous version of asn1_d2i_read_biobcook2016-05-202-52/+56
| | | | The outer while() loop is missing, so we only read up to chunk_max bytes.
* remove hppa64 port, which we never got going beyond broken single users.deraadt2016-05-112-314/+0
| | | | | | hppa reverse-stack gives us a valuable test case, but most developers don't have a 2nd one to proceed further with this. ok kettenis
* Add RETURN VALUES section and .Xr to memmem(3).schwarze2016-05-111-3/+4
| | | | | From Michal Mazurek <akfaew at jasminek dot net>. OK tedu@
* Oops: the caching of TCB address in single-threaded processes on archs withguenther2016-05-101-2/+2
| | | | slow TCB_GET (alpha, arm, mips64, sh) was broken when I switched CPP symbols.
* Fix mangled function signatures.jsing2016-05-091-5/+5
| | | | From Carlin Bingham <cb at viennan dot net>, thanks!
* Use a Thread Information Block in both single and multi-threaded programs.guenther2016-05-073-135/+252
| | | | | | | | | | | | | | | | | This stores errno, the cancelation flags, and related bits for each thread and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable! Make libpthread dlopen'able by moving the cancelation wrappers into libc and doing locking and fork/errno handling via callbacks that libpthread registers when it first initializes. 'errno' *must* be declared via <errno.h> now! Clean up libpthread's symbol exports like libc. On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec. Testing by various, particularly sthen@ and patrick@ ok kettenis@
* fix for integer overflow in encode and encrypt update functions.tedu2016-05-044-12/+22
| | | | | | additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
* fix a padding oracle in aesni cbc mac check. there must be enough datatedu2016-05-042-2/+8
| | | | | for both the mac and padding bytes. CVE-2016-2107 from openssl
* internal only negative types should not be handled here.tedu2016-05-046-18/+6
| | | | CVE-2016-2108 from openssl.
* be careful about consuming excessive memory by reading in chunks.tedu2016-05-042-28/+74
| | | | CVE-2016-2109 from openssl.
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-0414-110/+60
|
* prefer limits.h over sys/limits.hbcook2016-05-032-4/+4
|
* patch from openssl for multiple issues:tedu2016-05-0316-60/+530
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* Remove a vax remnant (that was really a no-op anyway).millert2016-05-021-3/+1
|
* Remove old NeXT-specific cruft. From mmcc@millert2016-05-011-13/+1
|
* spelling fix;jmc2016-04-281-2/+2
|
* Crank majors for lib{crypto,ssl,tls} due to symbol removals, symboljsing2016-04-285-5/+5
| | | | additions and functionality changes.
* Factor our the keypair handling in libtls. This results in more readablejsing2016-04-287-52/+164
| | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
* Rework the error handling in libtls so that we can associate errors withjsing2016-04-285-28/+90
| | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
* don't go into an unbreakable infinite loop during operations suchtedu2016-04-282-2/+4
| | | | | as reading passwords. allow ^C to break. the pain was mine, the fix is miod's.
* Update regress test to reflect changes in the cipher list.jsing2016-04-281-61/+62
|
* Implement the IETF ChaCha20-Poly1305 cipher suites.jsing2016-04-2810-92/+336
| | | | | | | | | Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
* Update AEAD regress to match EVP_aead_chacha20_poly1305() changes.jsing2016-04-282-83/+83
|
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-286-30/+30
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* add "dns" to openssl ocspsemarie2016-04-261-2/+2
| | | | | | problem reported by Alexandre (kAworu) ok beck@ deraadt@ sthen@
* Allow setenv(3) and putenv(3) to operate on a NULL environ pointer.millert2016-04-251-11/+15
| | | | | | The getenv(3) and unsetenv(3) functions already support this. This will make it easier to emulate the glibc clearenv() function in ports. Based on a diff from and OK jca@
* no more outlen; from remcojmc2016-04-241-5/+3
| | | | ok bcook deraadt
* typos;jmc2016-04-241-3/+3
|
* fix typo in comment; ok becktj2016-04-192-4/+4
|
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-132-8/+8
| | | | EVP_aead_chacha20_poly1305_ietf().
* After opening an AEAD, ensure that the decrypted output matches thejsing2016-04-131-0/+5
| | | | plaintext for the regress test case.
* two times a define to an inline function, from Michael McConville; ok djm@otto2016-04-121-10/+19
|
* tweak MALLOC_STATS printing (switched off by default), prodded byotto2016-04-091-14/+14
| | | | Michael McConville
* redundant memset(3), from Michael McConville, ok armani@otto2016-04-091-2/+1
|
* hexidecimal->hexadecimal; from mmccjmc2016-04-071-4/+4
| | | | ok beck
* Prefer _MUTEX_*LOCK over _THREAD_PRIVATE_MUTEX_*LOCK() when thread-specificguenther2016-04-052-8/+8
| | | | | | data isn't necessary. ok mpi@, ok&tweak natano@
* Update example in comment: setlogin doesn't use {PROTO,DEF}_WRAP() nowguenther2016-04-051-8/+8
|
* Document ``use after free'' error messageotto2016-04-031-2/+4
|
* for some time now mandoc has not required MLINKS to functionjmc2016-03-307-1233/+7
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-272-2/+6
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* fix the last bunch of NAME sections that were overlooked earlierschwarze2016-03-261-2/+9
| | | | | such that the MLINKS removal can be committed after this; OK jmc@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-214-8/+8
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-209-13/+13
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 15:15:25 +0000