summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-10-31Libevent has compatibilty wrappers in evutil. OpenBSD does not useAlexander Bluhm
them anymore, but evutil is still part of libevent's interface. Separate the API of evutil from libevent and do not include evutil.h from event.h automatically. A version bump is not necessary as the library itself does not change. Bulk ports build done by landry@ had no fallout. OK nicm@ deraadt@
2014-10-31Use "const char tempchars[]" instead of "const char *tempchars".Todd C. Miller
Since tempchars is never reassigned there's no need to indirect through a pointer. Still getting used to this newfangled C89.
2014-10-31Remove an outdated comment re EDH vs DHE - DHE is now used consistently andJoel Sing
there are backwards compatible names/aliases for EDH.
2014-10-31Update comments for TLS ExtensionType values - many of the referencedJoel Sing
drafts are now RFCs. Also add the TLS extension type for ALPN and be consistent with RFC reference formatting.
2014-10-31Crank libssl major due to recent additions, removals and changes.Joel Sing
2014-10-31Remove now unused remnants from public structs.Joel Sing
2014-10-31Add support for automatic DH ephemeral keys.Joel Sing
This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
2014-10-31Remove support for ephemeral/temporary RSA private keys.Joel Sing
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
2014-10-31Rename libressl to libtls to avoid confusion and to make it easier toJoel Sing
distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31Use CDIAGFLAGS from bsd.own.mk and append additional warning flags.Alexander Bluhm
All warnings have been fixed in libevent. OK nicm@
2014-10-30clean up verbiage around the calculations; ok ingo jmc ottoTheo de Raadt
2014-10-30Don't mention old systems where realloc(NULL, n) didn't work as weTodd C. Miller
don't want to give people the idea that this is non-portable (it has been present since C89). OK deraadt@ schwarze@
2014-10-30Fix whitespace errors in libevent.Alexander Bluhm
OK nicm@
2014-10-30The fdsz and n_events variables contain unsigned values that areAlexander Bluhm
derived from size_t and passed to functions as size_t parameters. Change them from int to size_t to avoid compiler warnings. OK doug@ nicm@
2014-10-29After removing all the #ifdef, the wrappers in evutil are ratherAlexander Bluhm
useless. Let libevent call the libc functions directly. OK nicm@
2014-10-29Remove workaround for Mac OS X kqueue bug.Alexander Bluhm
OK nicm@
2014-10-29Do not cast a (const void *) pointer to (void *) to avoid a warning.Alexander Bluhm
OK nicm@
2014-10-28deregister; no binary changeJonathan Gray
ok jsing@ miod@
2014-10-28Check the result of sk_*_push() operations for failure.Miod Vallat
ok doug@ jsing@
2014-10-26The open flags param to mkostemps() should be "flags" not "oflags"Todd C. Miller
for consistency with the rest of the manual.
2014-10-26mknod(2) now supports creating FIFOs too. Fix description of device filePhilip Guenther
creation while here. ok jmc@ schwarze@ millert@
2014-10-25Remove unnecessary netinet/in_systm.h include.Lawrence Teo
ok millert@
2014-10-23Save space in man page: err() -> errc() and combine vars.Doug Hogan
Suggested by millert@ and schwarze@. OK schwarze@, millert@
2014-10-22We prefer to use call reallocarray() with nmemb first and size second.Todd C. Miller
Requested by guenther@
2014-10-22In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocationMiod Vallat
of p12->mac->salt->data has actually succeeded. In one of my trees for a long time already...
2014-10-22Use reallocarray() instead of calloc() (originally was realloc).Todd C. Miller
OK deraadt@
2014-10-22Avoid a NULL pointer dereference that can be triggered byJoel Sing
SSL3_RT_HANDSHAKE replays. Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks! ok deraadt@
2014-10-22Place most of the RAND_* functions under #ifndef LIBRESSL_INTERNAL (someJoel Sing
are still needed for the engine). Our code should use arc4random instead.
2014-10-22Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().Joel Sing
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
2014-10-22Avoid writing in second person in malloc.3Doug Hogan
ok deraadt@
2014-10-22Don't leak the old data if _kvm_reallocarray() failsPhilip Guenther
ok millert@ doug@
2014-10-20List extensions in the STANDARDS section, replacing some text below CAVEATS.Ingo Schwarze
Remove excessive technicalities on zero-sized objects as suggested by deraadt@. contributions and ok deraadt@, ok jmc@ on an earlier version
2014-10-20digests: *_LONG_LOG2 is not used, stop talking about it.Brent Cook
Modified patch from Dmitry Eremin-Solenikov leave the sole public define in ripemd.h ok deraadt@ miod@
2014-10-20SSL: Fix memory leak in d2i_SSL_SESSION.Brent Cook
Modified version of patch from Dmitry Eremin-Solenikov. ==28360== 98 bytes in 2 blocks are definitely lost in loss record 7 of 7 ==28360== at 0x402AC54: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==28360== by 0x40E2D2C: ASN1_STRING_set (asn1_lib.c:393) ==28360== by 0x40EC22C: asn1_ex_c2i (tasn_dec.c:959) ==28360== by 0x40EC632: asn1_d2i_ex_primitive (tasn_dec.c:824) ==28360== by 0x40ED2E6: ASN1_item_ex_d2i (tasn_dec.c:230) ==28360== by 0x40ED421: ASN1_item_d2i (tasn_dec.c:133) ==28360== by 0x40F0335: d2i_ASN1_OCTET_STRING (tasn_typ.c:75) ==28360== by 0x405FD6D: d2i_SSL_SESSION (ssl_asn1.c:367) ==28360== by 0x405DD6E: ssl3_send_newsession_ticket (s3_srvr.c:2743) ==28360== by 0x405EA48: ssl3_accept (s3_srvr.c:665) ==28360== by 0x4067C34: SSL_accept (ssl_lib.c:922) ==28360== by 0x404E97B: ssl23_get_client_hello (s23_srvr.c:573) ok miod@ beck@
2014-10-19make RETURN VALUES more conciseIngo Schwarze
and fix two instances of "new sentence, new line" while here feedback and ok jmc@, ok doug@
2014-10-19Revamp malloc.3 by reordering the sections and rewriting parts.Doug Hogan
The old man page had a lot of useful information, but it was all mixed together which made it difficult to reference. The main theme in this commit is that the sections are more focused: * DESCRIPTION describes the overall behavior * RETURN VALUES describes what it may return (including implementation defined values) * EXAMPLES shows why we recently started an audit on malloc and realloc usage in the tree. * Added CAVEATS which describes what is implementation defined, gotchas and security implications of misusing these functions * Added IDIOMS which describes how these functions should or should not be used The MALLOC_OPTIONS section was left unchanged. Function names were added to DIAGNOSTICS and STANDARDS. The MALLOC_OPTIONS and DIAGNOSTICS sections were pushed down in the page so more pertinent information is higher up. This has gone through several revisions thanks to input from deraadt@ and schwarze@. Ingo also helped with some of the mandoc formatting. OK schwarze@ (as far as it is a good starting point and the code snippets look ok)
2014-10-19Revert last commit due to changed semantics found by make release.Doug Hogan
2014-10-18Remove some #ifdef from libevent.Alexander Bluhm
OK nicm@
2014-10-18Better POSIX compliance in realpath(3).Doug Hogan
millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
2014-10-18None of these need to include <openssl/rand.h>Joel Sing
2014-10-18Sort/group includes.Joel Sing
2014-10-18Remove the remaining #ifdef HAVE_ and the #define _GNU_SOURCE.Alexander Bluhm
OK nicm@
2014-10-18Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().Joel Sing
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
2014-10-18reallocarray() -- a little tricky to reviewTheo de Raadt
ok doug millert
2014-10-18Typical malloc() with size multiplication to reallocarray().Doug Hogan
ok deraadt@
2014-10-17Remove #ifdef HAVE_backend and remove references to unimplementedAlexander Bluhm
backends. OK nicm@
2014-10-17trivial sync of the first sentence of the DESCRIPTIONIngo Schwarze
with btree(3) and recno(3); from jean-philippe at ouellet dot biz
2014-10-17Remove some #ifdef HAVE_syscall.Alexander Bluhm
OK nicm@
2014-10-17Remove #ifdef HAVE_.*_H, just include the header files.Alexander Bluhm
Do not include sys/param.h. OK nicm@
2014-10-17Remove non-exposed malloc/realloc/free wrappers, and then substituteTheo de Raadt
reallocarray() where it helps. ok doug