summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* make spelling in previous consistent within the page;jmc2019-01-091-3/+3
|
* Document SO_ZEROIZE socket option.bluhm2019-01-081-2/+9
| | | | OK claudio@
* Fix most of the .Li abuse:schwarze2019-01-061-47/+49
| | | | | | | | | * Use .Vt for struct names and other type names like in_port_t. * Use .Dv for #define'd constants like CPUSTATES and KERN_SYSVIPC_INFO. * Use .Va for sysctl variable names like "machdep". Not touching some of the .Li use related to networking; that stuff looks suspicious in more than one way and a diff would need review.
* note that tracefile must be null when clearing points.tedu2019-01-061-7/+4
| | | | ok kn
* Replace two-operand instruction aliases that clang does notvisa2019-01-051-2/+2
| | | | | | understand with the three-operand instructions. No binary change with gas.
* correct article;jmc2019-01-022-6/+6
|
* nanosleep: loop tsleep(9) to ensure coverage of the full timeout range.cheloha2018-12-311-4/+5
| | | | | | | | | | | | tsleep(9)'s maximum timeout shrinks as HZ grows, so this ensures we do not return early from longer timeouts on alpha or on custom kernels. POSIX says you cannot return early unless a signal is delivered, so this makes us more compliant with the standard. While here, remove the 100 million second upper bound. It is an artifact from itimerfix() and it serves no discernible purpose. ok tedu@ visa@
* getgruid_r -> getgrgid_rtb2018-12-281-3/+3
| | | | from Lauri Tirkkonen
* document kern.pool_debug; ok tedu@anton2018-12-261-2/+20
|
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* Use the same additional arch specific files for sparc64 as is done for mipsclaudio2018-12-251-1/+22
| | | | | or aarch64. Needed to build userland with clang. OK visa@ kettenis@
* Make this page much more readable by deleting as much text as possibleschwarze2018-12-241-28/+9
| | | | | | | | | about functions that are deprecated, identical to other functions, and never made sense in the first place. As deraadt@ points out, we should not hide the information that matters in a heap of clutter. It would waste reader's time and make confusion and accidental misuse more likely. OK deraadt@ jmc@
* EVP_MD_CTX_cleanup() is deprecated and doesn't free, so recommend usingtb2018-12-234-12/+12
| | | | | | EVP_MD_CTX_free() instead if the goal is to avoid leaking memory. From my corresponding upstream commit, reminded by schwarze
* Document EVP_PKEY_new_mac_key(3);schwarze2018-12-221-8/+50
| | | | | from Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
* Delete irrelevant HISTORY details. Simply use BN_rand(3); thereschwarze2018-12-221-12/+2
| | | | | | | is no need to know at which time BN_pseudo_rand(3) was made the same as BN_rand(3). Considering that question might even mislead people to attempt ill-advised #ifdef'ing. Pointed out by deraadt@.
* The wrong header file was given for EVP_PKEY_CTX_set_signature_md(3).schwarze2018-12-211-13/+69
| | | | | | | | | | | | | Also clarify to which algorithms it applies. From Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000. Document EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3), EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3). From Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL_1_1_1-stable branch, which is still under a free license.
* Document the ECDSA_SIG_new(3) return value.schwarze2018-12-211-2/+10
| | | | | | Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400 by Ken Goldman <kgoldman at us dot ibm dot com>, but use the same wording as in ASN1_item_new(3) instead.
* Clarify behaviour of DH_get0_pqg(3) and DH_get0_key(3) with NULL arguments;schwarze2018-12-211-4/+19
| | | | | from <Matthias dot St dot Pierre at ncp dash e dot com> via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
* grammar and style fixes from wesinator at githubschwarze2018-12-211-13/+14
| | | | via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
* Since OpenBSD 6.1, BN_pseudo_rand*(3) does the same as BN_rand*(3).schwarze2018-12-211-10/+18
| | | | | Say so, and note that OpenSSL followed suit in 1.1.0 according to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
* Mention that some functions call BN_GENCB_call(3) with a secondschwarze2018-12-211-4/+15
| | | | | argument of 3; from Beat Bolli <dev at drbeat dot li> via OpenSSL commit bd93f1ac Jul 28 16:45:22 2018 -0400.
* Add support for {preinit,init,fini}_array sections in static binariesguenther2018-12-213-2/+34
| | | | ok kettenis@
* Correctly describe the return values of BN_hex2bn(3) and BN_dec2bn(3).schwarze2018-12-191-5/+8
| | | | | | Inspired by OpenSSL commit a130950d Aug 23 12:06:41 2017 -0400 by Rich Salz <rsalz at openssl dot org>, but using a more explicit wording, and fixing *both* places rather than only half of them.
* Specify the return values of some of these functions more precisely;schwarze2018-12-191-15/+16
| | | | | | | | inspired by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 by Paul Yang <yang sot yang at baishancloud dot com>, but without creating a RETURN VALUES section because that makes no sense here: it would either result in a confusing order of information or in duplicate information.
* typo;schwarze2018-12-191-4/+5
| | | | | from Jakub Wilk <jwilk at jwilk dot net> via OpenSSL commit a21285b3 Aug 21 18:30:34 2018 +0200
* "a" MIDI, not "an";jmc2018-12-181-3/+3
|
* Restore the optimization for unbuffered I/O. The buffer needs tomillert2018-12-161-1/+31
| | | | | be reset before each call to __srefill(). Passes new regress. OK semarie@
* Regenerate root CA list using updated format-pem.pl. Specifically thissthen2018-12-161-101/+1
| | | | | | | | | | | | | drops CA certificates whose validity dates don't comply with the rules on ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at least RFC 2459, section 4.1.2.5). LibreSSL strictly enforces this, so attempting to validate certificates signed by these CAs just result in the following: error 13 at 1 depth lookup:format error in certificate's notBefore field "probably" beck@
* Add a check that libressl is actually able to verify CA certs.sthen2018-12-161-12/+28
| | | | Skip outputting them if invalid (e.g. GENERALIZEDTIME date before 2050).
* Back out rev 1.17 for now, it causes issues with python when buildingmillert2018-12-161-31/+1
| | | | databases/tdb from ports.
* Revisit the optimization for unbuffered I/O. We can use the buffermillert2018-12-141-1/+31
| | | | | | passed to fread(3) directly in the FILE * and call __srefill() in a loop without the memcpy(). This preserves the expected behavior in all cases. OK semarie@, "This is neat" tedu@
* Back out the optimization in rev 1.13, it does not update flags onmillert2018-12-141-16/+1
| | | | EOF or error. This caused a regression in the cPickle python extension.
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* further document pcap_dump; from jan staryjmc2018-12-131-5/+13
| | | | text tweaked and ok djm
* some pcap_setdirection details; from jan staryjmc2018-12-121-2/+11
| | | | ok djm
* Improve speed for the multi-threaded case by reducing lock contention.otto2018-12-101-30/+21
| | | | tested by many; ok florian@
* add basic MPLS filtering supportdenis2018-12-095-8/+67
| | | | OK claudio@ jca@
* style; OK ottoflorian2018-12-091-3/+3
|
* Remove an ugly hack in the client certificate verification code that workstb2018-12-071-48/+44
| | | | | | | | | | around broken GOST implementations. It looks like client certificates with GOST have been completely broken since reimport of the GOST code, so no-one is using LibreSSL this way. The client side was fixed only last week for TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed simplifcation and cleanup, so it is time for it to go. suggested by and ok jsing
* remove a stray line accidentally left behind in rev. 1.120;schwarze2018-12-051-3/+2
| | | | patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
* Send SSL_AD_DECODE alerts in the case of a bad hello request or antb2018-12-031-7/+7
| | | | | | | invalid change cipher spec. Found due to dead assignment warnings by the Clang static analyzer. ok inoguchi (previous version), jsing
* Fix a typo and remove broken example.mpi2018-11-301-45/+3
| | | | From Edgar Pettijohn.
* Restore function prototype for ASN1_dup, fixing usage on I32LP64 platforms.jeremy2018-11-301-1/+7
| | | | | | This prototype was removed inadvertantly in r1.50. OK jsing@
* remove double .Pp. oops - sorry for not spotting!jmc2018-11-291-2/+1
|
* Improve introduction so there is more clarity about the patterns ofderaadt2018-11-291-17/+17
| | | | unveil calls should follow. ok various, including jmc
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* expose the default cert file as a function, not a define. it's reallytedu2018-11-295-10/+24
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* Refactor a tangle in ssl3_send_client_verify() into one function for eachtb2018-11-291-118/+213
| | | | | | | | | | type, sigalgs/rsa/ec/gost. Move a few special dances for GOST where they belong now. This prompted a fix for a long-standing bug with GOST client certificate authentication where tls1_transcript_data() fails since the transcript was already freed before. Add a bit of missing error checking and leave some further cleanup for later. idea, guidance & ok jsing
* fuse_parse_cmd_line(3) is called fuse_parse_cmdline(3).mpi2018-11-285-25/+25
| | | | Based on a diff from Edgar Pettijohn III.
* Correct lock initialisation for libcrypto.jsing2018-11-282-16/+55
| | | | | | | | | | | | The current crypto_lock_init() function is not called early enough, meaning that locks are already in use before it gets called. Worse, locks could be in use when they are then initialised. Furthermore, since functions like CRYPTO_lock() are public API, these could be called directly bypassing initialisation. Avoid these issues by using static initialisers. ok bcook@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.