summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-04-17Do not feed RSA private key information to the random subsystem asTheo de Raadt
entropy. It might be fed to a pluggable random subsystem.... What were they thinking?! ok guenther
2014-04-17remove duplicated tests in if statementsJonathan Gray
ok krw@ sthen@ deraadt@
2014-04-17unistd.h is always in the same place; no need to #include the result ofTheo de Raadt
a maze of conditional #define's
2014-04-17OpenSSL PR#3309: when looking for an extension, set the last found positionStuart Henderson
to -1 to properly search all extensions. ok tedu@ From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=300b9f0b70
2014-04-17move enginetest to regress as was done with the other testsJonathan Gray
2014-04-17call the correct decrypt function in aes_cbc_cipher()Jonathan Gray
From: commit e9c80e04c1a3b5a0de8e666155ab4ecb2697a77d Author: Andy Polyakov <appro@openssl.org> Date: Wed Dec 18 21:42:46 2013 +0100 evp/e_[aes|camellia].c: fix typo in CBC subroutine. It worked because it was never called. Our e_camellia.c does not have this problem. ok miod@ deraadt@
2014-04-17tag some functions with bounded. idea and ok djmTed Unangst
2014-04-16TANSTAAFL - delete the buf freelist code. if you need a better malloc, getTed Unangst
a better malloc. ok beck deraadt
2014-04-16add back SRP. i was being too greedy.Ted Unangst
2014-04-16Clean up dangerous strncpy use. This included a use where the resultingBob Beck
string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
2014-04-16- Why do we hide from the OpenSSL police, dad?Miod Vallat
- Because they're not like us, son. They use macros to wrap stdio routines, for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to obfuscate the code. ok tedu@
2014-04-16> As I walk through the valley of the shadow of deathTed Unangst
> I take a look at my life and realize there's nothin' left > Cause I've been blasting and laughing so long, > That even my mama thinks that my mind is gone Remove even more unspeakable evil being perpetuated in the name of VMS. (and lesser evils done in the name of others.) ok miod
2014-04-16delete a few leftoversTed Unangst
2014-04-16fix a few bugs observed on http://www.viva64.com/en/b/0250/Ted Unangst
ok krw miod
2014-04-16Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knobBob Beck
to say "allow this connection to negotiate insecurely". de-fang the code that respects this option to ignore it. ok miod@
2014-04-16disentangle SRP code from TLSTed Unangst
2014-04-16whack the ifdef pinata:Ted Unangst
OPENSSL_SYSNAME_VXWORKS OPENSSL_SYS_VMS OPENSSL_SYS_MSDOS OPENSSL_UNISTD OPENSSL_SYS_WIN16 WIN_CONSOLE_BUG OPENSSL_SYS_WINCE SGTTY OPENSSL_SYS_MACINTOSH_CLASSIC MAC_OS_GUSI_SOURCE OPENSSL_SYS_NETWARE OPENSSL_SYS_SUNOS __DJGPP__ OPENSSL_SYS_BEOS OPENSSL_SYS_WIN32
2014-04-16Zero-pad usec format to handle values less than 100,000 correctlyPhilip Guenther
ok matthew@ tedu@
2014-04-16Mandatory Surgeon Guenther's Warning: This code could not possibly beTed Unangst
correct because it doesn't zerofill the front of usecs, but that's the way I found it. a more thorough emulation of the old code, but with fewer whacky snprintf pointer arithmetic antics. ok beck guenther
2014-04-16revert. the full horror has only now revealed itself.Ted Unangst
2014-04-16replace some bio_snprintf crazy with regular snprintf.Ted Unangst
beck had a diff to convert to strftime, but it's easier to verify this is functionally the same. ok beck.
2014-04-16Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromPhilip Guenther
the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
2014-04-16More KNF.Joel Sing
2014-04-16More KNF.Joel Sing
2014-04-16Make this byzantine horror a shell of it's former self by stubbing theBob Beck
functions. The ability to set the debug mem functions died with mem.c, but some of the rest of this is still exposed API so we can't delete it.. yet... ok tedu@
2014-04-16Some software expects RAND_status() to return 1 for success, so alwaysReyk Floeter
return 1 in the arc4random backend because there is no possible error condition. Unbreaks lynx, git and friends. ok miod@ dcoppa@
2014-04-16Clean up non-fatal error handling - we know which error numbers we haveJoel Sing
defined. ok miod@ beck@
2014-04-16Sync the list of man pages for libcrypto, explicity rename conflictingMartin Pieuchot
pages instead of doing it in the Makefiles and move a libssl page where it belongs. ok miod@
2014-04-16Remove _CRAY references. Note that this pleads for the use of <stdint.h>Miod Vallat
fixed-width types instead of choosing int or long depending upon what we think the architecture support.
2014-04-16Remove DES_read_password and DES_read_2passwords which are `modern' flavoursMiod Vallat
of des_old.h routines, acting as wrappers about the OpenSSL UI API. Nothing should use these functions directly. Riding the recent libcrypto major bump (in a `des' car).
2014-04-16Your operating system memory allocation functions are your friend. If theyBob Beck
are not please fix your operating system. Replace mem.c with an API-compatible wrapper that just calls the system functions and does not allow a one word modification of a variable in a running shared library to turn on memory debug functions that expose things that should not be seen. ok tedu@
2014-04-16dead fileTed Unangst
2014-04-16API compat fix. RAND_load_file can never fail now. discovered and ok beck.Ted Unangst
2014-04-16Remove non-posix support. Why is OPENSSL_isservice even here?Ted Unangst
Is this a crypto library or a generic platform abstraction library? "A hack to make Visual C++ 5.0 work correctly" ... time to upgrade.
2014-04-16strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,Ted Unangst
it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
2014-04-16Remove disabled code that wouldn't work now that cleanse_ptr wasMatthew Dempsky
removed. Also, fix some nearby KNF nits that were bothering me. ok beck
2014-04-16KNFRyan Thomas McBride
2014-04-16you do not want to do the things this program doesTed Unangst
2014-04-15strip this to the boneTed Unangst
2014-04-15Three wrappers in this file: OPENSSL_strncasecmp, OPENSSL_strcasecmp,Theo de Raadt
and OPENSSL_memcmp. All modern systems have strncasecmp. No need to rewrite it. Same with memcmp, call the system one! It is more likely to be hot in the icache, and is specifically optimized for the platform. I thought these OpenSSL people cared about performance? ok tedu
2014-04-15use explicit_bzero instead of a bizarro "no compiler could ever be smartTed Unangst
enough to optimize this" monstrosity.
2014-04-15remove md2, jpake, and seed clutter.Ted Unangst
2014-04-15o_dir.c had a very funny odor. all users of this now use standard functions.Bob Beck
consign it to the Attic. ok deraadt@
2014-04-15Remove wraparounds for operating systems which lack issetugid().Theo de Raadt
I will note that some were missing, looking at you Solaris!!! Anyone home? Using my own copyright on the file now, since this is a rewrite of a trivial wrapper around a system call I invented. ok beck
2014-04-15remove ssl2 support even more completely.Ted Unangst
in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
2014-04-15 $infile="/home/eay/ssl/SSLeay/MINFO";Ted Unangst
I wonder when these scripts were last used...
2014-04-15The more you remove Chtulhu^WVMS tentacles, the more there areMiod Vallat
2014-04-15we don't use these files for buildingTed Unangst
2014-04-1512 years ago, old_des.h was used to provide compatibility with libdes.Ted Unangst
The man page says "Compatibility des_ functions are provided for a short while" and indeed even the original commit message says "The compatibility functions will be removed in some future release, at the latest in version 1.0." So here we are, a short while later. Now I've only been an OpenBSD developer for 11 years, one year less than this header has existed, but in that brief time, I've learned a thing or two about deleting obsolete code. It doesn't delete itself. And worse, people will continue using it until you force them onto a better path.
2014-04-1512 years ago, old_des.h was used to provide compatibility with libdes.Ted Unangst
The man page says "Compatibility des_ functions are provided for a short while" and indeed even the original commit message says "The compatibility functions will be removed in some future release, at the latest in version 1.0." So here we are, a short while later. Now I've only been an OpenBSD developer for 11 years, one year less than this header has existed, but in that brief time, I've learned a thing or two about deleting obsolete code. It doesn't delete itself. And worse, people will continue using it until you force them onto a better path.