summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add explicit LL suffixes to the numerical constants which do not fit in 32 bits.miod2015-10-301-8/+8
|
* Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod2015-10-304-2/+6
| | | | | relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
* Change test to use length 128 (shortest long-form encoding).libressl-v2.3.1doug2015-10-251-2/+2
| | | | From BoringSSL commit: d13a5e15d4e4eb51513be665306a2beba39869df
* Move the _atfork_list definition to atexit.c so that the fork syscall stubguenther2015-10-251-1/+5
| | | | | | doesn't get pulled into all static executables ok millert@ jca@
* Hide __atexit and __atexit_register_cleanup()guenther2015-10-253-4/+12
| | | | | | | | Wrap __cxa_{atexit,finalize}() so the call from exit() goes direct Switch regress/lib/libc/atexit/ to be built with -static so that it can still access __atexit* ok millert@ jca@
* Sort the obsolete flags.doug2015-10-252-12/+12
|
* Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2015-10-252-10/+8
| | | | | | For backward compatibility, the flags are redefined as 0. ok jsing@
* Remove last vestige of SSL_OP_NO_SSLv3 support.doug2015-10-252-8/+2
| | | | | | No part of LibreSSL checks for this flag any longer. ok jsing@
* Simplify ssl23_get_client_hello error handling.doug2015-10-252-52/+52
| | | | | | | | | | ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
* Missing initializer; spotted by coverity.miod2015-10-251-2/+2
|
* The only thing that was translated into multiple languages in OpenBSDbluhm2015-10-251-23/+1
| | | | | | | | | are the errno messages and signal names. Everything else is in English. We are not planning to translate more text. Running a mixed system with less than 1% of the text in native language makes no sense. So remove the NLS support from libc messages. The catopen(3) functions stay as they are. OK stsp@ mpi@
* Use sigaction() instead of signal() to avoid pulling in unnecessaryguenther2015-10-251-3/+5
| | | | | | | wrappers. To keep uses from crawling back in, mark signal() as deprecated inside libc. ok deraadt@
* Use dprintf() instead of fprintf() in the signal handlerguenther2015-10-251-3/+4
|
* Cast ctype functions' arguments to unsigned char.mmcc2015-10-231-5/+5
|
* Switch if_nameindex(3) to use the new NET_RT_IFNAMES sysctl to get theclaudio2015-10-233-88/+73
| | | | | | | | list of interface names. At the same time switch if_nametoindex(3) and if_indextoname(3) to use if_nameindex(3) instead of getifaddrs(3). if_nameindex(3) exposes much less then getifaddrs(3) and is allowed by pledge(2). With and OK deraadt@
* Add ifnameindex to te libc regress testsclaudio2015-10-231-3/+3
|
* Initial pledge of netcat - unfortunately flawed because fiddling the rtableidbeck2015-10-231-1/+27
| | | | | | | in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff
* Use waitpid() instead of wait() to avoid returning early from another childguenther2015-10-231-2/+3
| | | | | | exiting, and loop the waitpid() on EINTR ok deraadt@ millert@
* Loop the waitpid() on EINTR, and save and restore the disposition ofguenther2015-10-231-9/+12
| | | | | | | SIGINT and SIGQUIT with sigaction() instead of signal() so that all bits are preserved. ok deraadt@ millert@
* Merge the sigaction() and sigprocmask() overloads/wrappers from libpthreadguenther2015-10-232-9/+9
| | | | | | | | | into libc, and move pthread_sigmask() as well (just a trivial wrapper). This provides consistent handling of SIGTHR between single- and multi-threaded programs and is a step in the merge of all the libpthread overloads, providing some ASM and Makefile bits that the other wrappers will need. ok deraadt@ millert@
* Cast ctype function arguments to unsigned char.mmcc2015-10-221-2/+2
| | | | ok guenther@
* Add a regress test for if_indextoname() and if_nametoindex()claudio2015-10-222-0/+42
|
* Another change that is needed to restore the previous behaviour ofjsing2015-10-222-10/+6
| | | | | | | ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
* Restore previous behaviour and allowjsing2015-10-222-4/+14
| | | | | | | | ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
* Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULLjsing2015-10-221-1/+19
| | | | | | | pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set.
* Fix case where we wanted to test ASN1_TIME_set_string() but were testingjsing2015-10-222-6/+6
| | | | ASN1_UTCTIME_set_string() twice instead.
* Add a regress for libc handling of SIGTHRguenther2015-10-222-0/+71
|
* Reject too small bits value in BN_generate_prime_ex(), so that it does not riskmiod2015-10-216-8/+44
| | | | | | | | becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@
* In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 codejsing2015-10-212-126/+2
| | | | | | | | | | | | | | will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@
* Lob a style(9) grenade in here.jsing2015-10-206-344/+370
|
* free rbio before wbiobeck2015-10-192-14/+14
| | | | ok jsing@
* Stop supporing "legcay" time formats that OpenSSL supports. Rewrite thebeck2015-10-1915-1220/+698
| | | | | | utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
* Change regress to not believe legacy times are validbeck2015-10-191-65/+4
|
* Need <string.h> for memset()guenther2015-10-181-1/+2
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-1745-89/+179
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-1724-48/+48
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Remove pointless externs - the structs are declared in the same files ajsing2015-10-166-16/+6
| | | | few lines above.
* Expand DECLARE_ASN1_ALLOC_FUNCTIONS and DECLARE_ASN1_FUNCTIONS_constjsing2015-10-166-22/+68
| | | | macros. The only change in the generated assembly is due to line numbering.
* Remove pointless uses of DECLARE_ASN1_ENCODE_FUNCTIONS_const.jsing2015-10-166-16/+10
| | | | | DECLARE_ASN1_FUNCTIONS_const already includes this macro so using both means we end up with duplicate function prototypes and externs.
* Fix use of pointer value after BIO_free, and remove senseless NULL checks.beck2015-10-162-14/+16
| | | | ok bcook@
* Put tls_config_verify_client_optional() in the right place.jsing2015-10-161-6/+6
|
* Fix tpyo.jsing2015-10-161-3/+3
|
* Implement real "flock" request and add it to userland programs thatmillert2015-10-161-2/+2
| | | | use pledge and file locking. OK deraadt@
* actually include the prerequisite dependency for BIO instead of doing nastynessbeck2015-10-162-10/+4
|
* better fix for overrun reported by Qualys Security.tedu2015-10-142-8/+2
| | | | | | buf is at all times kept nul terminated, so there is no need to enforce this again upon exit. (no need to move buf around after we exahust space.) ok beck miod
* Bail out early if we have no buf_lenbeck2015-10-142-2/+10
| | | | ok miod@
* fix a memory leak reported by Qualys Security.tedu2015-10-142-6/+8
| | | | | | move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod
* Ensure we don't write a 0 byte past end of the buffer in the error case.beck2015-10-142-6/+6
| | | | ok bcook@ deraadt@
* tweak previous (two details i apparently missed)schwarze2015-10-141-4/+6
|
* Add EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API.reyk2015-10-144-1/+285
| | | | | | | | | | | | The "authenticated encryption with additional data" API is used for ciphers like AES-GCM or ChaCha20-Poly1305. The manpage is a beginning and certainly needs more work, especially improvements in the EXAMPLES section. Based on agl's source code comments. Converted from pod to mandoc by schwarze@ OK schwarze@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 00:33:41 +0000