deraadt [Thu, 17 Apr 2014 13:20:30 +0000 (13:20 +0000)]
OPENSSL_DECLARE_EXIT serves no purpose.
jmatthew [Thu, 17 Apr 2014 13:18:41 +0000 (13:18 +0000)]
In debug output, print loop ids as decimals and port ids as 24bit hex.
Fix some parameters and wording too.
nicm [Thu, 17 Apr 2014 13:02:59 +0000 (13:02 +0000)]
Set PATH explicitly, either from client or session
environment. Previously it came from the session environment. From J
Raynor.
nicm [Thu, 17 Apr 2014 12:57:28 +0000 (12:57 +0000)]
Wrap some long lines.
deraadt [Thu, 17 Apr 2014 12:48:51 +0000 (12:48 +0000)]
1. RAND_seed is now DEPRECATED
2. Even passing a digest in as entropy is sloppy.
But apparently the OpenSSL guys could find no objects of lesser value to
pass to the pluggable random subsystem, and had to resort to private keys
and digests. Classy.
ok djm
nicm [Thu, 17 Apr 2014 12:43:38 +0000 (12:43 +0000)]
Don't limit the DCS buffer to 256 bytes, expand it as needed. Requested
by Suraj Kurapati.
deraadt [Thu, 17 Apr 2014 12:42:43 +0000 (12:42 +0000)]
RAND_seed now does nothing, so skip the operation
deraadt [Thu, 17 Apr 2014 12:14:26 +0000 (12:14 +0000)]
Do not feed RSA private key information to the random subsystem as
entropy. It might be fed to a pluggable random subsystem....
What were they thinking?!
ok guenther
nicm [Thu, 17 Apr 2014 11:38:35 +0000 (11:38 +0000)]
Remove some unnecessary includes and fix a typo.
jsg [Thu, 17 Apr 2014 10:56:25 +0000 (10:56 +0000)]
remove duplicated tests in if statements
ok krw@ sthen@ deraadt@
guenther [Thu, 17 Apr 2014 10:50:36 +0000 (10:50 +0000)]
Fix for ", " issue in jsing's knf script
deraadt [Thu, 17 Apr 2014 10:28:20 +0000 (10:28 +0000)]
Do not need to map to another silly name for unistd.h here either
deraadt [Thu, 17 Apr 2014 10:24:08 +0000 (10:24 +0000)]
unistd.h is always in the same place; no need to #include the result of
a maze of conditional #define's
deraadt [Thu, 17 Apr 2014 10:17:56 +0000 (10:17 +0000)]
minimal fix for ', ' issue in jsing's indent script
krw [Thu, 17 Apr 2014 09:59:30 +0000 (09:59 +0000)]
Eliminate a couple of always-NULL parameters. Eliminate some
pointless repetition of well-known info in log messages. Pass
around smaller bits of info. Make 'inaddr_any' a const struct
initialized with { INADDR_ANY }.
Tweaks and ok guenther@
guenther [Thu, 17 Apr 2014 09:56:09 +0000 (09:56 +0000)]
Correct some time_t printing; factor out a grotty block while here
Based on a diff from Arto Jonsson (ajonsson (at) kapsi.fi)
ok deraadt@
sthen [Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)]
OpenSSL PR#3309: when looking for an extension, set the last found position
to -1 to properly search all extensions. ok tedu@
From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=
300b9f0b70
nicm [Thu, 17 Apr 2014 09:13:13 +0000 (09:13 +0000)]
Correct the dance to fix the active pane in join-pane by pulling the
(right) code from break-pane and window_remove_pane into a helper
function.
guenther [Thu, 17 Apr 2014 09:01:25 +0000 (09:01 +0000)]
It's been a quarter century: we can assume volatile is present with that name.
jsg [Thu, 17 Apr 2014 08:06:59 +0000 (08:06 +0000)]
Remove the ossltests target, these are now all in libcrypto regress
except sha256t/sha512t which are likely to be removed for license reasons.
nicm [Thu, 17 Apr 2014 07:55:43 +0000 (07:55 +0000)]
Remove the "info" message mechanism, this was only used for about five
mostly useless and annoying messages. Change those commands to silence
on success like all the others. Still accept the -q command line flag
and "quiet" server option for now.
jsg [Thu, 17 Apr 2014 07:52:08 +0000 (07:52 +0000)]
move enginetest to regress as was done with the other tests
nicm [Thu, 17 Apr 2014 07:51:38 +0000 (07:51 +0000)]
Extend the -q flag to set-option to suppress errors about unknown
options - this will allow options to be removed more easily.
nicm [Thu, 17 Apr 2014 07:43:20 +0000 (07:43 +0000)]
Do not show the -fg, -bg and -attr options. If asked for one explicitly,
show the equivalent -style option instead.
nicm [Thu, 17 Apr 2014 07:36:45 +0000 (07:36 +0000)]
Remove the monitor-content option and associated bits and bobs. It's
never worked very well. If there is a big demand for it to return, will
consider better ways to do it.
jsg [Thu, 17 Apr 2014 07:23:14 +0000 (07:23 +0000)]
call the correct decrypt function in aes_cbc_cipher()
From:
commit
e9c80e04c1a3b5a0de8e666155ab4ecb2697a77d
Author: Andy Polyakov <appro@openssl.org>
Date: Wed Dec 18 21:42:46 2013 +0100
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
Our e_camellia.c does not have this problem.
ok miod@ deraadt@
dlg [Thu, 17 Apr 2014 06:38:54 +0000 (06:38 +0000)]
rework this to implement the active path checks when mpath asks for
it rather than on attach. just need to implement a sense handler
to detect failover and this is done.
thanks to jmatthew@ for plugging this together again for me.
tedu [Thu, 17 Apr 2014 02:50:32 +0000 (02:50 +0000)]
tag some functions with bounded. idea and ok djm
djm [Wed, 16 Apr 2014 23:28:12 +0000 (23:28 +0000)]
remove the identity files from this manpage - ssh-agent doesn't deal
with them at all and the same information is duplicated in ssh-add.1
(which does deal with them); prodded by deraadt@
djm [Wed, 16 Apr 2014 23:22:45 +0000 (23:22 +0000)]
skip leading zero bytes in buffer_put_bignum2_from_string();
reported by jan AT mojzis.com; ok markus@
nicm [Wed, 16 Apr 2014 23:05:38 +0000 (23:05 +0000)]
Memory leak in error path and unnecessary assignment, from clang.
bmercer [Wed, 16 Apr 2014 22:33:03 +0000 (22:33 +0000)]
Add ufs2 support and get one step closer to making ffs2 bootable. This work was done by Pedro Martelletto for bitrig. One small tweak to make it buildable with -Werror. "Please commit" miod@
deraadt [Wed, 16 Apr 2014 22:00:43 +0000 (22:00 +0000)]
sync
schwarze [Wed, 16 Apr 2014 21:35:48 +0000 (21:35 +0000)]
Rename the mpages.id column to mpages.pageid. There is no good reason
to call this kid by a different name here than in all other tables.
Easier to polish this now than after enabling.
tedu [Wed, 16 Apr 2014 21:16:33 +0000 (21:16 +0000)]
TANSTAAFL - delete the buf freelist code. if you need a better malloc, get
a better malloc. ok beck deraadt
nicm [Wed, 16 Apr 2014 21:16:19 +0000 (21:16 +0000)]
Remove a leftover prototype and fix some spacing.
nicm [Wed, 16 Apr 2014 21:02:41 +0000 (21:02 +0000)]
Remove the choose-list command to prepare for some later choose-* work.
tedu [Wed, 16 Apr 2014 20:39:09 +0000 (20:39 +0000)]
add back SRP. i was being too greedy.
beck [Wed, 16 Apr 2014 20:36:35 +0000 (20:36 +0000)]
Clean up dangerous strncpy use. This included a use where the resulting
string was potentially not nul terminated and a place where malloc return
was unchecked.
while we're at it remove dummytest.c
ok miod@
miod [Wed, 16 Apr 2014 19:54:20 +0000 (19:54 +0000)]
- Why do we hide from the OpenSSL police, dad?
- Because they're not like us, son. They use macros to wrap stdio routines,
for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
obfuscate the code.
ok tedu@
tedu [Wed, 16 Apr 2014 19:42:24 +0000 (19:42 +0000)]
> As I walk through the valley of the shadow of death
> I take a look at my life and realize there's nothin' left
> Cause I've been blasting and laughing so long,
> That even my mama thinks that my mind is gone
Remove even more unspeakable evil being perpetuated in the name of VMS.
(and lesser evils done in the name of others.)
ok miod
tedu [Wed, 16 Apr 2014 19:36:19 +0000 (19:36 +0000)]
lots of ifdef cleanup
tedu [Wed, 16 Apr 2014 19:33:40 +0000 (19:33 +0000)]
repair knf
okan [Wed, 16 Apr 2014 19:14:57 +0000 (19:14 +0000)]
Remove ifdef'd out KerberosIV and stream encryption support. While
here, sort arguments.
ok tedu miod (who had the same diff with an additional bit of clean-up)
miod [Wed, 16 Apr 2014 19:13:01 +0000 (19:13 +0000)]
No need to define ANSI_SOURCE and NO_ERR. TERMIOS kept until ui/ui_openssl.c
gets a second trim.
okan [Wed, 16 Apr 2014 19:03:14 +0000 (19:03 +0000)]
add missing parens so that errorhost gets properly initialized.
ok tedu miod (who had the same diff)
schwarze [Wed, 16 Apr 2014 18:59:38 +0000 (18:59 +0000)]
Give the mlinks and keys tables a pageid index,
as suggested by jeremy@ and espie@.
The mlinks index speeds up basic apropos(1) searches by around 30%
because it speeds up the final SELECT FROM mlinks query by about 95%.
For large result sets, the overall speedup gets even larger, in the
extreme case of "apropos Nd~." by more than 90%.
The keys index finally makes the apropos(1) -O option usable: It no longer
incurs relevant extra cost, while in the past it was embarrassingly slow.
This comes at a cost: Total database build times grow by about 5%,
and each index adds about 10% database size with -Q. I consider that
acceptable in view of the huge apropos(1) performance gains.
The -Q database for /usr/share/man still remains below 1 MB.
miod [Wed, 16 Apr 2014 18:47:51 +0000 (18:47 +0000)]
No need to build with -DOPENSSL_NO_CAPIENG and -DOPENSSL_NO_HW_xxx for all
now removed engines.
krw [Wed, 16 Apr 2014 18:46:41 +0000 (18:46 +0000)]
Make dhclient -q even quieter. Make it immediately effective rather
than possibly emitting a couple of random memory allocation error
messages first.
ok guenther@
tedu [Wed, 16 Apr 2014 18:35:14 +0000 (18:35 +0000)]
quoth the readme:
NOTE: Don't expect any of these programs to work with current
OpenSSL releases, or even with later SSLeay releases.
ok miod
tedu [Wed, 16 Apr 2014 18:28:08 +0000 (18:28 +0000)]
delete a few leftovers
tedu [Wed, 16 Apr 2014 18:23:52 +0000 (18:23 +0000)]
fix a few bugs observed on viva64.com/en/b/0250/
ok krw miod
beck [Wed, 16 Apr 2014 18:05:55 +0000 (18:05 +0000)]
Thanks to the knobs in tools.ietf.org/html/rfc5746, we have a knob
to say "allow this connection to negotiate insecurely". de-fang the code
that respects this option to ignore it.
ok miod@
tedu [Wed, 16 Apr 2014 17:59:16 +0000 (17:59 +0000)]
disentangle SRP code from TLS
tedu [Wed, 16 Apr 2014 17:55:34 +0000 (17:55 +0000)]
whack the ifdef pinata:
OPENSSL_SYSNAME_VXWORKS
OPENSSL_SYS_VMS
OPENSSL_SYS_MSDOS
OPENSSL_UNISTD
OPENSSL_SYS_WIN16
WIN_CONSOLE_BUG
OPENSSL_SYS_WINCE
SGTTY
OPENSSL_SYS_MACINTOSH_CLASSIC
MAC_OS_GUSI_SOURCE
OPENSSL_SYS_NETWARE
OPENSSL_SYS_SUNOS
__DJGPP__
OPENSSL_SYS_BEOS
OPENSSL_SYS_WIN32
guenther [Wed, 16 Apr 2014 17:52:31 +0000 (17:52 +0000)]
SSLv3_client_method() doesn't support TLSv1.*; use SSLv23_client_method()
the for anything where version negotiation would be useful.
Also, constipate a couple formatting strings to make compilers and
linkers happier.
ok tedu@
guenther [Wed, 16 Apr 2014 17:46:23 +0000 (17:46 +0000)]
Zero-pad usec format to handle values less than 100,000 correctly
ok matthew@ tedu@
jsing [Wed, 16 Apr 2014 17:04:13 +0000 (17:04 +0000)]
Initial KNF.
jsing [Wed, 16 Apr 2014 16:55:21 +0000 (16:55 +0000)]
Initial KNF.
tedu [Wed, 16 Apr 2014 16:49:12 +0000 (16:49 +0000)]
Mandatory Surgeon Guenther's Warning: This code could not possibly be
correct because it doesn't zerofill the front of usecs, but that's the
way I found it.
a more thorough emulation of the old code, but with fewer whacky snprintf
pointer arithmetic antics. ok beck guenther
jsing [Wed, 16 Apr 2014 16:47:20 +0000 (16:47 +0000)]
Initial KNF.
jsing [Wed, 16 Apr 2014 16:34:09 +0000 (16:34 +0000)]
More KNF.
jsing [Wed, 16 Apr 2014 15:57:42 +0000 (15:57 +0000)]
First pass for KNF.
tedu [Wed, 16 Apr 2014 15:39:45 +0000 (15:39 +0000)]
revert. the full horror has only now revealed itself.
tedu [Wed, 16 Apr 2014 15:35:36 +0000 (15:35 +0000)]
replace some bio_snprintf crazy with regular snprintf.
beck had a diff to convert to strftime, but it's easier to verify this
is functionally the same. ok beck.
guenther [Wed, 16 Apr 2014 15:10:07 +0000 (15:10 +0000)]
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.
ok tedu@ beck@
jsing [Wed, 16 Apr 2014 15:00:28 +0000 (15:00 +0000)]
More KNF.
florian [Wed, 16 Apr 2014 14:43:43 +0000 (14:43 +0000)]
My previous attempt to chdir(2) to the directory containing the cgi
script was not quite right. slowcgi would try to chdir("") with a
SCRIPT_NAME of /foo.cgi; chdir("/") in that case.
I'm not sure how one would configure nginx/slowcgi to get to that
point though.
OK benno@
zhuk [Wed, 16 Apr 2014 14:39:05 +0000 (14:39 +0000)]
Whitespace tweaks before further tweaks; no objections from ajacoutot@.
beck [Wed, 16 Apr 2014 14:31:03 +0000 (14:31 +0000)]
Make this byzantine horror a shell of it's former self by stubbing the
functions. The ability to set the debug mem functions died with mem.c,
but some of the rest of this is still exposed API so we can't delete it..
yet...
ok tedu@
krw [Wed, 16 Apr 2014 13:57:58 +0000 (13:57 +0000)]
OpenSSL is not the only place with bloated code! Remove unused
function 'option_as_string()'.
reyk [Wed, 16 Apr 2014 13:57:14 +0000 (13:57 +0000)]
Some software expects RAND_status() to return 1 for success, so always
return 1 in the arc4random backend because there is no possible error
condition. Unbreaks lynx, git and friends.
ok miod@ dcoppa@
krw [Wed, 16 Apr 2014 13:12:22 +0000 (13:12 +0000)]
Tweak network interface configuration so that after 1st attempted
(rather than first successfull) configuration, the default selection
becomes [done]. This allows one to <cr> past network configuration.
e.g. when dhcp is not working.
Requested by deraadt@. ok halex@.
mpi [Wed, 16 Apr 2014 13:04:38 +0000 (13:04 +0000)]
Merge in_fixaddr() into in_selectsrc() in order to prepare for
IP_SENDSRCADDR support. This reduces the differences with the
IPv6 version and kill some comments that are no longer true.
ok jca@, chrisz@, mikeb@
jsing [Wed, 16 Apr 2014 13:01:09 +0000 (13:01 +0000)]
Clean up non-fatal error handling - we know which error numbers we have
defined.
ok miod@ beck@
sthen [Wed, 16 Apr 2014 12:08:46 +0000 (12:08 +0000)]
unbreak install; /usr/share/man/man3/EVP_PKEY_print_private.3 should link to
/usr/share/man/man3/EVP_PKEY_print_public.3 not itself, from deraadt
aoyama [Wed, 16 Apr 2014 12:01:33 +0000 (12:01 +0000)]
Add generic driver for "NEC PC-9801(*) extension board slot" on
LUNA-88K.
LUNA-88K{,2} has one or two slot(s) that can attach the extension
board designed for PC-9801. This driver provides dedicated mmap(2)
and capability for waiting specified interrupt on that slot so that we
can use the extension board from userland program.
(*)PC-9801 is a Japanese popular personal computer, mainly used in
1980-90's. (see http://en.wikipedia.org/wiki/NEC_PC-9801)
ok miod@, and man pages jmc@
guenther [Wed, 16 Apr 2014 10:52:58 +0000 (10:52 +0000)]
It's been a quarter century: we can assume volatile is present with that name.
zhuk [Wed, 16 Apr 2014 10:31:27 +0000 (10:31 +0000)]
Make directory ordering in our libtool stable. Fixes quiet a few issues
ajacoutot@, me and probably others were seeing. No fallout in bulk build.
Input from espie@ and ajacoutot@.
Prodding by ajacoutot@
Bulk test by jasper@
mpi [Wed, 16 Apr 2014 09:50:10 +0000 (09:50 +0000)]
Sync the list of man pages for libcrypto, explicity rename conflicting
pages instead of doing it in the Makefiles and move a libssl page where
it belongs.
ok miod@
mpi [Wed, 16 Apr 2014 09:41:43 +0000 (09:41 +0000)]
Remove pointless man pages that were not installed.
ok miod@
blambert [Wed, 16 Apr 2014 08:52:28 +0000 (08:52 +0000)]
close memory leaks in snmp client code
ok reyk@
jsg [Wed, 16 Apr 2014 08:29:22 +0000 (08:29 +0000)]
adapt to test file moves
md2test and rsatest targets removed as the files have been removed
jsg [Wed, 16 Apr 2014 08:25:06 +0000 (08:25 +0000)]
adapt to the less old des api
nicm [Wed, 16 Apr 2014 08:02:31 +0000 (08:02 +0000)]
Because we pass the file descriptor from client to server, tmux can't
usefully work if stdin is /dev/tty. Complain about it more clearly.
jsg [Wed, 16 Apr 2014 05:57:05 +0000 (05:57 +0000)]
sync with iked chap_ms.c
jsg [Wed, 16 Apr 2014 05:49:55 +0000 (05:49 +0000)]
des_cblock -> DES_cblock
miod [Wed, 16 Apr 2014 05:16:39 +0000 (05:16 +0000)]
Upgrade from des_old misery
miod [Wed, 16 Apr 2014 04:59:56 +0000 (04:59 +0000)]
More des_foo -> DES_foo
miod [Wed, 16 Apr 2014 04:38:11 +0000 (04:38 +0000)]
Remove _CRAY references. Note that this pleads for the use of <stdint.h>
fixed-width types instead of choosing int or long depending upon what we
think the architecture support.
miod [Wed, 16 Apr 2014 04:31:32 +0000 (04:31 +0000)]
Remove DES_read_password and DES_read_2passwords which are `modern' flavours
of des_old.h routines, acting as wrappers about the OpenSSL UI API.
Nothing should use these functions directly.
Riding the recent libcrypto major bump (in a `des' car).
miod [Wed, 16 Apr 2014 04:17:29 +0000 (04:17 +0000)]
This was subtly using des_old.h defines (des_key_schedule) without using any
of its routines. Trivial fix, since des_old.h used to mention
#define des_key_schedule DES_key_schedule
beck [Wed, 16 Apr 2014 03:24:53 +0000 (03:24 +0000)]
Your operating system memory allocation functions are your friend. If they
are not please fix your operating system. Replace mem.c with an API-compatible
wrapper that just calls the system functions and does not allow a one word
modification of a variable in a running shared library to turn on memory
debug functions that expose things that should not be seen.
ok tedu@
tedu [Wed, 16 Apr 2014 03:24:47 +0000 (03:24 +0000)]
dead file
tedu [Wed, 16 Apr 2014 03:21:29 +0000 (03:21 +0000)]
API compat fix. RAND_load_file can never fail now. discovered and ok beck.
tedu [Wed, 16 Apr 2014 02:51:01 +0000 (02:51 +0000)]
missed vms comment
tedu [Wed, 16 Apr 2014 02:50:09 +0000 (02:50 +0000)]
first round of unifdef hammering
tedu [Wed, 16 Apr 2014 02:42:05 +0000 (02:42 +0000)]
Remove non-posix support. Why is OPENSSL_isservice even here?
Is this a crypto library or a generic platform abstraction library?
"A hack to make Visual C++ 5.0 work correctly" ... time to upgrade.
tedu [Wed, 16 Apr 2014 02:14:27 +0000 (02:14 +0000)]
spray the apps directory with anti-VMS napalm.
so that its lovecraftian horror is not forever lost, i reproduce below
a comment from the deleted code.
/* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/
tedu [Wed, 16 Apr 2014 01:43:06 +0000 (01:43 +0000)]
strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,
it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck