summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* pasto in function name in the SYNOPSIS; from semarie@schwarze2017-10-041-3/+3
|
* Document how ioctl(2) LIOCSFD on /dev/klog registers a socket pairbluhm2017-09-271-2/+19
| | | | | to receive sendsyslog(2) messages. discussed with martijn@; OK jmc@ deraadt@
* Xr; from jan staryjmc2017-09-271-2/+3
|
* bump version in advance of final releasebcook2017-09-261-3/+3
|
* bump wo 2.6.2bcook2017-09-261-3/+3
|
* sendsyslog should take a const char * everywhere.espie2017-09-251-3/+3
| | | | okay bluhm@, deraadt@
* If tls_config_parse_protocols() is called with a NULL pointer, return thejsing2017-09-251-1/+4
| | | | | default protocols instead of crashing - this makes the behaviour more useful and mirrors what we already do in tls_config_set_ciphers() et al.
* Annotate some API-side memory leaks for future resolution.jsing2017-09-251-1/+3
|
* Fix various issues in the OCSP extension parsing code:jsing2017-09-251-20/+14
| | | | | | | | | | | | | | | | | | - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@
* When building the OCSP extension, only add the length prefixed extensionsjsing2017-09-251-6/+6
| | | | | | | after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
* Kill unused functionjca2017-09-231-9/+1
| | | | Spotted by krw@
* Make delayed free non-optional and make F do an extensive double free check.otto2017-09-231-21/+26
| | | | ok tb@ tedu@
* tweak previous: remove trailing blank and improve a wording;schwarze2017-09-211-4/+4
| | | | requested by jmc@
* Properly document the typical write(2) loop,schwarze2017-09-201-16/+18
| | | | | | and delete misleading parts from the CAVEATS; issue reported by <ScottCheloha at gmail dot com> on bugs@; OK espie@ millert@
* Keep track of which keypair is in use by a TLS context.jsing2017-09-204-14/+25
| | | | | | | | | | This fixes a bug where by a TLS server with SNI would always only return the OCSP staple for the default keypair, rather than returning the OCSP staple associated with the keypair that was selected via SNI. Issue reported by William Graeber and confirmed by Andreas Bartelt. Fix tested by William Graeber and Andreas Bartelt - thanks!
* Slightly restructure tls_ocsp_verify_cb() to make it more like libtls code.jsing2017-09-201-6/+7
|
* Provide a useful error if there are no OCSP URLs in the peer certificate.jsing2017-09-201-1/+4
|
* Fix indentation.jsing2017-09-201-1/+1
|
* Document readdir_r() return value and update style of the examplemillert2017-09-181-6/+9
| | | | code. Adapted from a diff by Ross L Richardson.
* __progname has type char *, we cannot change its type without causingotto2017-09-171-3/+3
| | | | | havoc all over the place. So add some casts to silence the compiler. ok deraadt@ guenther@
* mapalign returns MAP_FAILED for failuer; from George Koehlerotto2017-09-121-2/+2
|
* Update the documentation regarding /dev/mem and /dev/kmem;schwarze2017-09-121-2/+4
| | | | | | Theo already clamped down on these devices last year. Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>. OK deraadt@
* check double free before canary for chunks; ok millert@otto2017-09-111-5/+5
|
* shm_open(), sysconf(), tcflow(), and tcsendbreak() are not permitted to beguenther2017-09-104-10/+11
| | | | | | | cancellation points in POSIX, so change them to invoke the non-cancellation point versions of open(), close(), nanosleep(), and write() ok deraadt@ millert@
* Fix spelling of 4.3BSD-Net/2.schwarze2017-09-101-3/+3
|
* sysctl strings include the termingating NUL character in both in and out lengthstom2017-09-101-2/+4
| | | | | | Prompted by Nan Xiao noticing the redundancy of bzero+termination - thanks. ok deraadt@
* In compiler-rt, a few assembler implementations for i386 floating pointnaddy2017-09-081-7/+17
| | | | | | | | | conversion functions use SSE2 instructions, but these are not guarded by #ifdef __SSE2__, and there is no implementation using general purpose registers. For these functions, use the generic C variants instead, otherwise they will cause SIGILL on older processors. From FreeBSD; ok deraadt@ mlarkin@ patrick@
* Remove unused 32bit version of elf_hash().mpi2017-09-053-62/+2
| | | | | | Riding previous libc bump. ok kettenis@
* New POSIX xlocale implementation written from scratch.schwarze2017-09-0573-1031/+2947
| | | | | | | | | | | | Complete in the sense that all POSIX *locale(3) and *_l(3) functions are included, but in OpenBSD, we of course only really care about LC_CTYPE and we only support ASCII and UTF-8. With important help from kettenis@, guenther@, and jca@. Repeated testing in ports bulk builds by naddy@. Additional testing by jca@, sebastia@, dcoppa@, and others. OK kettenis@ dcoppa@, and guenther@ on an earlier version. Riding guenther@'s libc/librthread major bump.
* Add additional errno values required by POSIX.jsg2017-09-052-3/+15
| | | | ok jca@ kettenis@ deraadt@
* Move mutex, condvar, and thread-specific data routes, pthread_once, andguenther2017-09-0552-3856/+504
| | | | | | | | pthread_exit from libpthread to libc, along with low-level bits to support them. Major bump to both libc and libpthread. Requested by libressl team. Ports testing by naddy@ ok kettenis@
* Checking sizeof size_t by SIZE_MAX instead of _LP64inoguchi2017-09-031-7/+7
| | | | ok bcook@
* delete pointless .Tn ASCII found by jca@ with mandoc -Tlintschwarze2017-09-021-5/+4
|
* Remove OPENSSL_NO_NEXTPROTONEG - some software creates conflictingjsing2017-08-311-1/+0
| | | | | prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes defined.
* Mention strtok_r in STANDARDSjca2017-08-311-2/+6
| | | | POSIX 2001 instead of POSIX.1c suggested by millert@ and jmc@, ok jmc@
* Move the full extension building into tlsext_{client,server}hello_build(),jsing2017-08-302-47/+26
| | | | | | leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers. ok doug@
* Bump libssl/libtls minors due to symbol (re)addition.jsing2017-08-302-2/+2
|
* Bring back the NPN related symbols.jsing2017-08-303-3/+36
| | | | | | | | | | | Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
* Bring back the RSA_SSLV23_PADDING define.jsing2017-08-301-1/+2
| | | | Several pieces of software expect this to be available unconditionally.
* Fix ifdef to if in gcm128.cinoguchi2017-08-301-2/+2
| | | | ok deraadt@ bcook@
* When OCSP status type is unknown, ignore the extension.doug2017-08-291-1/+6
| | | | | | | This needs to skip past the CBS data or it will be treated as a decode error even though it returns 1. ok jsing@
* It is confusing to talk about priorities being ordered from highmillert2017-08-291-6/+6
| | | | | | | to low when they are actually numbered in the opposite (numerical) order. Use "ordered by decreasing importance" instead. Also try to make it clear that LOG_UPTO uses the numerical priorities where a larger value means a lower priority. OK jmc@
* Actually parse the ALPN extension in a client hello, even if no ALPNjsing2017-08-291-4/+4
| | | | | | | | callback has been installed. This ensures that the ALPN extension is valid and avoids leaving unprocessed extension data, which leads to a decode error. Found the hard way by jsg@
* isunordered() returns true if at least one of the arguments is NaNmillert2017-08-291-7/+3
| | | | OK espie@
* ECDHE-RSA-DES-CBC3-SHA should not be marked HIGH.jsing2017-08-281-2/+2
| | | | Spotted by Andreas Bartelt <obsd at bartula dot de>
* Bump lib{crypto,ssl,tls} majors due to symbol removals.jsing2017-08-283-6/+6
|
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-283-83/+28
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Remove documentation for EVP_aead_chacha20_poly1305_ietf() - this wasjsing2017-08-281-13/+3
| | | | removed/renamed a long time back.
* Put the opening curly brace in the right place.jsing2017-08-281-2/+3
|
* Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and relatedjsing2017-08-289-202/+11
| | | | | | code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@