miod [Thu, 17 Apr 2014 19:59:12 +0000 (19:59 +0000)]
Use of OPENSSL_SYS_xxx defines in public header files considered harmful.
miod [Thu, 17 Apr 2014 19:53:32 +0000 (19:53 +0000)]
Bob O.D.'ed on the o_dir code so high he forgot to rm the `test' after
rewriting the code.
miod [Thu, 17 Apr 2014 19:33:42 +0000 (19:33 +0000)]
sprintf: bad.
snprintf: good.
snprintf with a correct size: better!
(harmless in this case)
tedu [Thu, 17 Apr 2014 19:28:08 +0000 (19:28 +0000)]
I'm just trying to improve the code...
afresh1 [Thu, 17 Apr 2014 19:22:31 +0000 (19:22 +0000)]
Remove utils that we don't use
opensslwrap.sh and shlib_wrap.sh are used by tests that are getting replaced,
x86asm.sh is obsoleted by our Makefile machinery
ok miod
afresh1 [Thu, 17 Apr 2014 19:20:52 +0000 (19:20 +0000)]
Remove unused ssl utils
This code is the reason perl has a name as a write only language.
ok deraadt miod
schwarze [Thu, 17 Apr 2014 19:19:54 +0000 (19:19 +0000)]
Garbage collect one pair of needless parentheses in SQL code generation;
note this doesn't affect performance, SQLite generates the same byte code.
While here, make the calls to exprspec() easier to understand.
afresh1 [Thu, 17 Apr 2014 19:19:14 +0000 (19:19 +0000)]
expunge more of the old build system
ok deraadt miod
otto [Thu, 17 Apr 2014 19:07:14 +0000 (19:07 +0000)]
whitespace
otto [Thu, 17 Apr 2014 19:06:04 +0000 (19:06 +0000)]
rm redundant declaration; from Xin Li
miod [Thu, 17 Apr 2014 18:49:35 +0000 (18:49 +0000)]
Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.
jsg [Thu, 17 Apr 2014 18:38:53 +0000 (18:38 +0000)]
fix some more leaks, mostly suggestions from miod
ok miod@
miod [Thu, 17 Apr 2014 18:37:48 +0000 (18:37 +0000)]
Remove the benchmark part of the selftest. It uses the undocumented
OPENSSL_rdtsc() routine to get a high-precision timestamp, and (although
this is the only user of this routine in libcrypto) forces every platform
willing to provide fast assembly versions of some routines, to also
provide OPENSSL_rdtsc().
miod [Thu, 17 Apr 2014 18:33:21 +0000 (18:33 +0000)]
crypto/modes/gcm128.c can be used as its own selftest. Add it to regress,
conveniently leaving the benchmark code not compiled in the test.
miod [Thu, 17 Apr 2014 18:16:45 +0000 (18:16 +0000)]
Ok, there was a need for OPENSSL_cleanse() instead of bzero() to prevent
supposedly smart compilers from optimizing memory cleanups away. Understood.
Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.
But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?
sthen [Thu, 17 Apr 2014 18:13:26 +0000 (18:13 +0000)]
spidey senses
miod [Thu, 17 Apr 2014 18:11:46 +0000 (18:11 +0000)]
Move the machine-specific parts of the libcrypto Makefile to per-arch makefile
fragments, to ease maintainance, and see through the fog of bugs.
"looks good" deraadt@
deraadt [Thu, 17 Apr 2014 17:50:44 +0000 (17:50 +0000)]
some KNF cleanup following the script
miod [Thu, 17 Apr 2014 17:49:36 +0000 (17:49 +0000)]
Invoke OPENSSL_add_all_algorithms_noconf() to enforce OPENSSL_cpuid_setup()
has been called, for, depending how libcrypto, it might be a hidden symbol.
Reported by jsg@
jsg [Thu, 17 Apr 2014 17:30:22 +0000 (17:30 +0000)]
fix some of the leaks
ok miod@ looks good deraadt@
jsg [Thu, 17 Apr 2014 17:11:10 +0000 (17:11 +0000)]
fix a potential double free
ok miod@
beck [Thu, 17 Apr 2014 16:30:59 +0000 (16:30 +0000)]
remove OPENSSL_realloc_clean usage here - replace with intrinsics to make
it obvious what should happen.
ok tedu@
tedu [Thu, 17 Apr 2014 16:17:41 +0000 (16:17 +0000)]
Fully kill FIPS API. Forcible certification conflicts with the goals of a
free software project. ok beck deraadt
Ports calling FIPS_mode_set(1): mongodb
jsing [Thu, 17 Apr 2014 16:14:15 +0000 (16:14 +0000)]
Initial KNF.
nicm [Thu, 17 Apr 2014 15:48:02 +0000 (15:48 +0000)]
#nnT went away a while ago, remove a leftover from the manpage.
jsing [Thu, 17 Apr 2014 15:43:33 +0000 (15:43 +0000)]
Initial KNF.
nicm [Thu, 17 Apr 2014 15:37:55 +0000 (15:37 +0000)]
Add some UTF-8 utility functions and use them to prevent the width limit
on formats from splitting UTF-8 characters improperly.
claudio [Thu, 17 Apr 2014 15:36:53 +0000 (15:36 +0000)]
Sync show.c with the route version. Make the two files more similar but
still not identical. OK sthen@ mpi@ jca@
claudio [Thu, 17 Apr 2014 15:35:35 +0000 (15:35 +0000)]
Sync show.c to what we have in netstat.c (at least steal some good idioms
from there). OK sthen@ mpi@ jca@
jsing [Thu, 17 Apr 2014 15:30:56 +0000 (15:30 +0000)]
Initial KNF.
guenther [Thu, 17 Apr 2014 15:28:26 +0000 (15:28 +0000)]
Don't default enable the debug functionality with its unprotected getenv().
ok eric@ sthen@ deraadt@
jsing [Thu, 17 Apr 2014 15:17:22 +0000 (15:17 +0000)]
More KNF.
jsing [Thu, 17 Apr 2014 15:12:00 +0000 (15:12 +0000)]
More KNF.
guenther [Thu, 17 Apr 2014 14:52:50 +0000 (14:52 +0000)]
Make sure the original thread is blocked until any other threads are
completely detached from the process before letting it exit, so that
sleeping in systrace_exit() doesn't reorder them and lead to a panic.
Panic reported by Fabian Raetz (fabian.raetz (at) gmail.com)
ok tedu@
okan [Thu, 17 Apr 2014 14:49:11 +0000 (14:49 +0000)]
remove special case for uucp entries.
ok guenther
nicm [Thu, 17 Apr 2014 14:45:49 +0000 (14:45 +0000)]
Some more long lines.
jsing [Thu, 17 Apr 2014 14:43:34 +0000 (14:43 +0000)]
Initial KNF.
beck [Thu, 17 Apr 2014 14:28:44 +0000 (14:28 +0000)]
I've replaced everything in this file. ISC liscense it with my copyright
jsing [Thu, 17 Apr 2014 14:24:41 +0000 (14:24 +0000)]
Initial KNF.
nicm [Thu, 17 Apr 2014 14:13:59 +0000 (14:13 +0000)]
Only scroll by one line at a time in choose mode, lists are generally
pretty small.
jsing [Thu, 17 Apr 2014 14:09:44 +0000 (14:09 +0000)]
Remove defines for unwanted OS support...
ok miod@
jsg [Thu, 17 Apr 2014 14:08:57 +0000 (14:08 +0000)]
remove some code that is now unused after guenther's changes in 1.20.
jsing [Thu, 17 Apr 2014 13:58:39 +0000 (13:58 +0000)]
KNF.
jsing [Thu, 17 Apr 2014 13:58:24 +0000 (13:58 +0000)]
Initial KNF.
krw [Thu, 17 Apr 2014 13:46:48 +0000 (13:46 +0000)]
Oops. INADDR_ANY != INADDR_BROADCAST. Fixes DHCPDISCOVERY and
DHCPDECLINE.
noted by sthen@
beck [Thu, 17 Apr 2014 13:45:44 +0000 (13:45 +0000)]
simply wrap around intrinsics, and knf cleanup.
ok miod@ deraadt@
beck [Thu, 17 Apr 2014 13:37:48 +0000 (13:37 +0000)]
Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
jsing [Thu, 17 Apr 2014 13:29:21 +0000 (13:29 +0000)]
Revert unintended whitespace changes.
deraadt [Thu, 17 Apr 2014 13:29:09 +0000 (13:29 +0000)]
OPENSSL_gmtime() is not a gmtime() wrapper. It is a gmtime_r().
Always trying to confuse people...
ok guenther
deraadt [Thu, 17 Apr 2014 13:20:30 +0000 (13:20 +0000)]
OPENSSL_DECLARE_EXIT serves no purpose.
jmatthew [Thu, 17 Apr 2014 13:18:41 +0000 (13:18 +0000)]
In debug output, print loop ids as decimals and port ids as 24bit hex.
Fix some parameters and wording too.
nicm [Thu, 17 Apr 2014 13:02:59 +0000 (13:02 +0000)]
Set PATH explicitly, either from client or session
environment. Previously it came from the session environment. From J
Raynor.
nicm [Thu, 17 Apr 2014 12:57:28 +0000 (12:57 +0000)]
Wrap some long lines.
deraadt [Thu, 17 Apr 2014 12:48:51 +0000 (12:48 +0000)]
1. RAND_seed is now DEPRECATED
2. Even passing a digest in as entropy is sloppy.
But apparently the OpenSSL guys could find no objects of lesser value to
pass to the pluggable random subsystem, and had to resort to private keys
and digests. Classy.
ok djm
nicm [Thu, 17 Apr 2014 12:43:38 +0000 (12:43 +0000)]
Don't limit the DCS buffer to 256 bytes, expand it as needed. Requested
by Suraj Kurapati.
deraadt [Thu, 17 Apr 2014 12:42:43 +0000 (12:42 +0000)]
RAND_seed now does nothing, so skip the operation
deraadt [Thu, 17 Apr 2014 12:14:26 +0000 (12:14 +0000)]
Do not feed RSA private key information to the random subsystem as
entropy. It might be fed to a pluggable random subsystem....
What were they thinking?!
ok guenther
nicm [Thu, 17 Apr 2014 11:38:35 +0000 (11:38 +0000)]
Remove some unnecessary includes and fix a typo.
jsg [Thu, 17 Apr 2014 10:56:25 +0000 (10:56 +0000)]
remove duplicated tests in if statements
ok krw@ sthen@ deraadt@
guenther [Thu, 17 Apr 2014 10:50:36 +0000 (10:50 +0000)]
Fix for ", " issue in jsing's knf script
deraadt [Thu, 17 Apr 2014 10:28:20 +0000 (10:28 +0000)]
Do not need to map to another silly name for unistd.h here either
deraadt [Thu, 17 Apr 2014 10:24:08 +0000 (10:24 +0000)]
unistd.h is always in the same place; no need to #include the result of
a maze of conditional #define's
deraadt [Thu, 17 Apr 2014 10:17:56 +0000 (10:17 +0000)]
minimal fix for ', ' issue in jsing's indent script
krw [Thu, 17 Apr 2014 09:59:30 +0000 (09:59 +0000)]
Eliminate a couple of always-NULL parameters. Eliminate some
pointless repetition of well-known info in log messages. Pass
around smaller bits of info. Make 'inaddr_any' a const struct
initialized with { INADDR_ANY }.
Tweaks and ok guenther@
guenther [Thu, 17 Apr 2014 09:56:09 +0000 (09:56 +0000)]
Correct some time_t printing; factor out a grotty block while here
Based on a diff from Arto Jonsson (ajonsson (at) kapsi.fi)
ok deraadt@
sthen [Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)]
OpenSSL PR#3309: when looking for an extension, set the last found position
to -1 to properly search all extensions. ok tedu@
From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=
300b9f0b70
nicm [Thu, 17 Apr 2014 09:13:13 +0000 (09:13 +0000)]
Correct the dance to fix the active pane in join-pane by pulling the
(right) code from break-pane and window_remove_pane into a helper
function.
guenther [Thu, 17 Apr 2014 09:01:25 +0000 (09:01 +0000)]
It's been a quarter century: we can assume volatile is present with that name.
jsg [Thu, 17 Apr 2014 08:06:59 +0000 (08:06 +0000)]
Remove the ossltests target, these are now all in libcrypto regress
except sha256t/sha512t which are likely to be removed for license reasons.
nicm [Thu, 17 Apr 2014 07:55:43 +0000 (07:55 +0000)]
Remove the "info" message mechanism, this was only used for about five
mostly useless and annoying messages. Change those commands to silence
on success like all the others. Still accept the -q command line flag
and "quiet" server option for now.
jsg [Thu, 17 Apr 2014 07:52:08 +0000 (07:52 +0000)]
move enginetest to regress as was done with the other tests
nicm [Thu, 17 Apr 2014 07:51:38 +0000 (07:51 +0000)]
Extend the -q flag to set-option to suppress errors about unknown
options - this will allow options to be removed more easily.
nicm [Thu, 17 Apr 2014 07:43:20 +0000 (07:43 +0000)]
Do not show the -fg, -bg and -attr options. If asked for one explicitly,
show the equivalent -style option instead.
nicm [Thu, 17 Apr 2014 07:36:45 +0000 (07:36 +0000)]
Remove the monitor-content option and associated bits and bobs. It's
never worked very well. If there is a big demand for it to return, will
consider better ways to do it.
jsg [Thu, 17 Apr 2014 07:23:14 +0000 (07:23 +0000)]
call the correct decrypt function in aes_cbc_cipher()
From:
commit
e9c80e04c1a3b5a0de8e666155ab4ecb2697a77d
Author: Andy Polyakov <appro@openssl.org>
Date: Wed Dec 18 21:42:46 2013 +0100
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
Our e_camellia.c does not have this problem.
ok miod@ deraadt@
dlg [Thu, 17 Apr 2014 06:38:54 +0000 (06:38 +0000)]
rework this to implement the active path checks when mpath asks for
it rather than on attach. just need to implement a sense handler
to detect failover and this is done.
thanks to jmatthew@ for plugging this together again for me.
tedu [Thu, 17 Apr 2014 02:50:32 +0000 (02:50 +0000)]
tag some functions with bounded. idea and ok djm
djm [Wed, 16 Apr 2014 23:28:12 +0000 (23:28 +0000)]
remove the identity files from this manpage - ssh-agent doesn't deal
with them at all and the same information is duplicated in ssh-add.1
(which does deal with them); prodded by deraadt@
djm [Wed, 16 Apr 2014 23:22:45 +0000 (23:22 +0000)]
skip leading zero bytes in buffer_put_bignum2_from_string();
reported by jan AT mojzis.com; ok markus@
nicm [Wed, 16 Apr 2014 23:05:38 +0000 (23:05 +0000)]
Memory leak in error path and unnecessary assignment, from clang.
bmercer [Wed, 16 Apr 2014 22:33:03 +0000 (22:33 +0000)]
Add ufs2 support and get one step closer to making ffs2 bootable. This work was done by Pedro Martelletto for bitrig. One small tweak to make it buildable with -Werror. "Please commit" miod@
deraadt [Wed, 16 Apr 2014 22:00:43 +0000 (22:00 +0000)]
sync
schwarze [Wed, 16 Apr 2014 21:35:48 +0000 (21:35 +0000)]
Rename the mpages.id column to mpages.pageid. There is no good reason
to call this kid by a different name here than in all other tables.
Easier to polish this now than after enabling.
tedu [Wed, 16 Apr 2014 21:16:33 +0000 (21:16 +0000)]
TANSTAAFL - delete the buf freelist code. if you need a better malloc, get
a better malloc. ok beck deraadt
nicm [Wed, 16 Apr 2014 21:16:19 +0000 (21:16 +0000)]
Remove a leftover prototype and fix some spacing.
nicm [Wed, 16 Apr 2014 21:02:41 +0000 (21:02 +0000)]
Remove the choose-list command to prepare for some later choose-* work.
tedu [Wed, 16 Apr 2014 20:39:09 +0000 (20:39 +0000)]
add back SRP. i was being too greedy.
beck [Wed, 16 Apr 2014 20:36:35 +0000 (20:36 +0000)]
Clean up dangerous strncpy use. This included a use where the resulting
string was potentially not nul terminated and a place where malloc return
was unchecked.
while we're at it remove dummytest.c
ok miod@
miod [Wed, 16 Apr 2014 19:54:20 +0000 (19:54 +0000)]
- Why do we hide from the OpenSSL police, dad?
- Because they're not like us, son. They use macros to wrap stdio routines,
for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
obfuscate the code.
ok tedu@
tedu [Wed, 16 Apr 2014 19:42:24 +0000 (19:42 +0000)]
> As I walk through the valley of the shadow of death
> I take a look at my life and realize there's nothin' left
> Cause I've been blasting and laughing so long,
> That even my mama thinks that my mind is gone
Remove even more unspeakable evil being perpetuated in the name of VMS.
(and lesser evils done in the name of others.)
ok miod
tedu [Wed, 16 Apr 2014 19:36:19 +0000 (19:36 +0000)]
lots of ifdef cleanup
tedu [Wed, 16 Apr 2014 19:33:40 +0000 (19:33 +0000)]
repair knf
okan [Wed, 16 Apr 2014 19:14:57 +0000 (19:14 +0000)]
Remove ifdef'd out KerberosIV and stream encryption support. While
here, sort arguments.
ok tedu miod (who had the same diff with an additional bit of clean-up)
miod [Wed, 16 Apr 2014 19:13:01 +0000 (19:13 +0000)]
No need to define ANSI_SOURCE and NO_ERR. TERMIOS kept until ui/ui_openssl.c
gets a second trim.
okan [Wed, 16 Apr 2014 19:03:14 +0000 (19:03 +0000)]
add missing parens so that errorhost gets properly initialized.
ok tedu miod (who had the same diff)
schwarze [Wed, 16 Apr 2014 18:59:38 +0000 (18:59 +0000)]
Give the mlinks and keys tables a pageid index,
as suggested by jeremy@ and espie@.
The mlinks index speeds up basic apropos(1) searches by around 30%
because it speeds up the final SELECT FROM mlinks query by about 95%.
For large result sets, the overall speedup gets even larger, in the
extreme case of "apropos Nd~." by more than 90%.
The keys index finally makes the apropos(1) -O option usable: It no longer
incurs relevant extra cost, while in the past it was embarrassingly slow.
This comes at a cost: Total database build times grow by about 5%,
and each index adds about 10% database size with -Q. I consider that
acceptable in view of the huge apropos(1) performance gains.
The -Q database for /usr/share/man still remains below 1 MB.
miod [Wed, 16 Apr 2014 18:47:51 +0000 (18:47 +0000)]
No need to build with -DOPENSSL_NO_CAPIENG and -DOPENSSL_NO_HW_xxx for all
now removed engines.
krw [Wed, 16 Apr 2014 18:46:41 +0000 (18:46 +0000)]
Make dhclient -q even quieter. Make it immediately effective rather
than possibly emitting a couple of random memory allocation error
messages first.
ok guenther@
tedu [Wed, 16 Apr 2014 18:35:14 +0000 (18:35 +0000)]
quoth the readme:
NOTE: Don't expect any of these programs to work with current
OpenSSL releases, or even with later SSLeay releases.
ok miod
tedu [Wed, 16 Apr 2014 18:28:08 +0000 (18:28 +0000)]
delete a few leftovers