| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rather than passing in a fixed size buffer.
This is yet another example of a horribly designed API - if the given
buffer is NULL then SSL_CIPHER_description() allocates one for us (great!),
which we then need to free (no problem). However, if this allocation fails
it returns a pointer to a static string "OPENSSL_malloc Error" - obviously
bad things happen if we call free() with this pointer.
Unfortunately, there is no way of knowing that the function failed, other
than comparing the returned string against the string literal - so do that
before calling free()...
Joint work with beck@ during g2k14.
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows us to remove the ERR_load_crypto_strings() call, along with
the various SSL_load_error_strings() and OpenSSL_add_ssl_algorithms()
calls scattered around the place.
ok beck@
|
| |
|
|
|
|
| |
load_config() once when we start.
ok miod@
|
| | |
|
| |
|
|
|
|
| |
this again in each app.
ok miod@
|
| |
|
|
|
|
|
|
| |
Currently "apps.h" needs to be included before any of the openssl headers
and there are several cases where the code depends on headers that are
included by something included by apps.h...
More untangling saved for later on.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in each application (since there is no longer a non-monolithic mode).
In typical OpenSSL fashion, the code is inconsistent and there are multiple
ways that bio_err was initialised - none of them actually checked to see if
the initialisation actually succeeded. Additionally, it is worth noting
that in at least two cases bio_err was also being used before it would have
been initialised.
ok miod@
|
| |
|
|
|
|
|
| |
signal(SIGPIPE, SIG_IGN) and apps_shutdown is a no-op. So just do that
instead.
ok beck@
|
| |
|
|
|
|
| |
as well ("openssl ciphers -h").
"sure" miod@
|
| |
|
|
| |
ok deraadt@
|
| | |
|
| |
|
|
| |
ok tedu@
|
| | |
|
| |
|
|
|
|
|
|
| |
USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It
makes every file buy a kitchen sink, because 11 files forgot to.
EXIT() is really exit(), a gentle surprise
but... OPENSSL_EXIT() is really just return(), because noone compiles the
openssl command non-monolithic anymore
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
so that its lovecraftian horror is not forever lost, i reproduce below
a comment from the deleted code.
/* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/
|
| |
|
|
|
|
| |
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
jsing
deraadt
lteo
tedu
djm
markus
beck
ryker