IABSD.fr/src/lib

Branch :


Log

Author Commit Date CI Message
47f2496f 2025-06-15 15:58:56 crypto_ex_data: use same sizeof idiom as everywhere else in our own code ok beck
1a751a5f 2025-06-15 15:43:00 Remove aesni_init_key(). The various methods can now use the regular init key functions, since the call to AES_set_{en,de}crypt_key() will be routed to the AES-NI implementation, if supported. ok tb@
41eed276 2025-06-15 15:11:50 Integrate AES-NI into the AES code. Currently, the AES-NI code is only integrated into EVP - add code to integrate AES-NI into AES. Rename the assembly provided functions and provide C versions for the original names, which check for AES-NI support and dispatch to the appropriate function. This means that the AES_* public API will now use AES-NI, if available. ok tb@
3ebadeb6 2025-06-15 14:18:31 Provide machine dependent CPU capabilities for i386. This indicates if AES-NI is available via CRYPTO_CPU_CAPS_I386_AES. ok tb@
2c2a083c 2025-06-15 14:16:11 Provide CRYPTO_CPU_CAPS_AMD64_AES in machine dependent CPU capabilities. ok tb@
577fe228 2025-06-14 06:48:47 Fix signature of BN_zero This was changed a bit more than two years ago.
f8007ba6 2025-06-13 18:48:05 Switch misuse of .Ft to the more appropriate .Vt macro, and remove useless quoting of .Ft arguments.
f6773c1f 2025-06-13 18:45:02 Fix a documentation bug: pcap_fopen_offline(3) returns a pointer, not a structure. Also remove useless quoting of .Ft arguments.
74a1e058 2025-06-13 18:34:00 The mdoc(7) .Ft macro does not need quoting of its arguments, but about 10% of our manual pages using this macro employed useless quoting anyway. Remove these quotes such that they do not incite fear, uncertainty, and doubt in developers who happen to look at these pages. jmc@ and tb@ agree with the direction.
430d307e 2025-06-13 13:56:43 tweak previous: cull a stray .Pp that crept in and caused a warning: mandoc: intro.2:164:2: WARNING: skipping paragraph macro: Pp before It
e52d87dc 2025-06-13 13:25:32 ENOTDIR is used often enough to refer to a fd situation rather than a pathname situation, so we should mention this in the documentation. The message is not changed.
f3df33fd 2025-06-12 16:07:09 <uvm/uvmexp.h> is clearly only for VM_MALLOC_CONF, but <sys/sysctl.h> takes care of doing that include.
966ca342 2025-06-12 15:59:30 Bring the DESCRIPTION a bit closer to reality, in particular stop claiming that the "add" functions add anything. Indicate that they are mostly NOOPs nowadays, but without being overly specific. Also, more explicitly discourage abusing OpenSSL_add_all_algorithms(3) for loadiing a configuration file. Guidance and OK tb@.
b52a5c78 2025-06-12 11:23:36 Drop __multf3 from the list; it isn't actually exported. ok deraadt@, tb@
97ca9391 2025-06-12 01:16:50 fix incomplete NAME sections; OK jsg@
2de8940e 2025-06-12 00:21:39 fpurge() first appeared in 4.3BSD-Reno ok deraadt@ schwarze@
c82f3d91 2025-06-11 23:41:19 EC_GROUP_check: rephrase a sentence so it's a bit less awkward
8e6fb259 2025-06-11 23:21:08 The functions SMIME_read_ASN1(3) and SMIME_write_ASN1(3) are no longer public, so delete their manual pages. OK tb@
c383fa08 2025-06-11 23:16:32 Since the function SMIME_write_ASN1(3) is no longer public, move the descriptions of CMS_REUSE_DIGEST, PKCS7_REUSE_DIGEST, SMIME_BINARY, and SMIME_CRLFEOL and some improved wordings from that former page to SMIME_write_CMS(3) and SMIME_write_PKCS7(3), with some further polishing. Feedback and OK tb@.
14125471 2025-06-11 18:11:55 pk7_asn1: delete lines containing nothing but a tab
da941465 2025-06-11 14:23:14 Lie less below RETURN VALUES, add a related BUGS entry, and since SMIME_write_ASN1(3) is no longer public, replace the .Xr to it with some other pointers. OK tb@
575fc61e 2025-06-11 13:48:54 SMIME_read_ASN1(3) and SMIME_write_ASN1(3) are no longer public, so link to SMIME_read_CMS(3), SMIME_read_PKCS7(3), SMIME_write_CMS(3), and/or SMIME_write_PKCS7(3) instead; OK tb@
d72f8b34 2025-06-11 13:41:03 SMIME_read_ASN1(3) is no longer public, so link to SMIME_read_CMS(3) or SMIME_read_PKCS7(3) instead, and sprinkle a few other .Xrs that may be helpful; OK tb@
725adbd6 2025-06-11 07:41:12 Explain why we still need OPENSSL_init() (autoconf)
25dd8fed 2025-06-11 04:08:15 Remove BF_PTR In bf_local.h r1.2, openssl/opensslconf.h was pulled out of the HEADER_BF_LOCL_H header guard, so BF_PTR was never defined from opensslfeatures.h. Thus, alpha, mips64, sparc64 haven't used the path that is supposedly optimized for them. On the M3k the speed gain of bf-cbc with BF_PTR is roughly 5%, so not really great. This is blowfish, so I don't think we want to carry complications for alpha and mips64 only. ok jsing kenjiro
42cfcc5e 2025-06-10 17:19:45 Delete the pesky LIBRARY sections and move the .Lb macros to their new home in SYNOPSIS. OK jsg@ tedu@
710bbf07 2025-06-10 12:55:33 .Lb libfuse ; OK tedu@
ce95613e 2025-06-10 12:52:51 .Lb libarm ; OK tedu@
efcd8228 2025-06-10 08:53:37 err.c: fix previous: 8 spaces -> tab
6b7165bf 2025-06-09 17:49:45 Fix comment: unsigned int, not just int
13cef4fa 2025-06-09 15:34:35 one DES_LONG hid in arch/sh/opensslconf.h
eaf31d1a 2025-06-09 14:37:48 Move (mostly) MI constants to proper headers Most of the constants here are only defined if a specific header is in scope. So move the machine-independent macros to those headers and lose the header guards. Most of these should actually be typedefs but let's change this when we're bumping the major since this technically has ABI impact. IDEA_INT RC2_INT and RC4_INT are always unsigned int DES_LONG is always unsigned int except on i386 This preserves the existing situation on OpenBSD. If you're using portable on i386 with a compiler that does not define __i386__, there's an ABI break. ok jsing
23f4dfa0 2025-06-09 14:28:33 Make OPENSSL_IA32_SSE2 the default for i386 and remove the flag. The OPENSSL_IA32_SSE2 flag controls whether a number of the perlasm scripts generate additional implementations that use SSE2 functionality. In all cases except ghash, the code checks OPENSSL_ia32cap_P for SSE2 support, before trying to run SSE2 code. For ghash it generates a CLMUL based implementation in addition to different MMX version (one MMX version hides behind OPENSSL_IA32_SSE2, the other does not), however this does not appear to actually use SSE2. We also disable AES-NI on i386 if OPENSSL_IA32_SSE2. On OpenBSD, we've always defined OPENSSL_IA32_SSE2 so this is effectively a no-op. The only change is that we now check MMX rather than SSE2 for the ghash MMX implementation. ok bcook@ beck@
234f524d 2025-06-09 13:58:28 Remove GNU assembler version check. GNU assembler version 2.19 was released in 2014, so it does not seem unreasonable to expect that we have an assembler that supports AVX. Furthermore, the current check fails on LLVM. ok bcook@ beck@
7445a4f7 2025-06-09 13:51:48 Stop defining OPENSSL_IA32_SSE2 on amd64. This no longer does anything on this architecture. ok bcook@ beck@
24daa640 2025-06-09 12:43:53 Retire the manual pages OPENSSL_load_builtin_modules(3) and OBJ_NAME_add(3) because these functions no longer exist. OK tb@
dbfd3f95 2025-06-09 12:42:46 EVP_cleanup(3) is no longer relevant here since it no longer has any effect. OK tb@
1ccd8002 2025-06-09 12:06:23 This file is no longer relevant because the function CONF_module_add() is no longer public. Even though ASN1_add_oid_module() still exists as an internal function, this file contains more misleading (DSO, OPENSSL_load_builtin_modules) than useful information, so delete it. OK tb@
ca887080 2025-06-09 10:14:38 SSL_shutdown(): remove pointless NULL check. reported by smatch via jsg ok beck
c8a0fb63 2025-06-09 09:40:57 If OK to read flag is set, don't set write space to buffer size. Avoids a problem where after fpurge(), putc() characters to a read-write FILE may be lost. If this doesn't work, gnulib accesses FILE internals. From Eric Blake in FreeBSD PR 137819. ok yasuoka@
5863e374 2025-06-09 02:07:30 .Lb libradius ; OK yasuoka@ tedu@
1d858eeb 2025-06-08 22:58:09 mention that SSL_load_error_strings(3) lives in libssl; "sounds good" tb@
a8680c8b 2025-06-08 22:52:00 .Lb libssl libcrypto ; OK tb@
61351504 2025-06-08 22:49:42 delete an "intentionally undocumented" comment regarding stuff that no longer exists, and add .Lb libssl libcrypto; OK tb@
e5b65a2f 2025-06-08 22:47:20 add the missing .In line and add .Lb libssl libcrypto ; OK tb@
4579975d 2025-06-08 22:40:29 .Lb libcrypto ; OK tb@
d4aada61 2025-06-08 22:37:23 remove some "intentionally undocumented" comments regarding stuff that no longer exists, and add .Lb; OK tb@
2e898360 2025-06-08 22:30:52 add the missing .In line and add .Lb libcrypto ; OK tb@
41ab2432 2025-06-08 12:48:44 .Lb libalpha ; OK matthieu@ tedu@. There is no .In macro because application code using these functions needs to copy the required prototypes from the manual page into the code instead of using any #include directive. According to matthieu@, this "was used by the X server on alpha, which has been broken for several years. No one seems to care enough to try to figure out what is needed to fix it."
a29a425e 2025-06-08 11:22:18 Remove ${MULTIPLE_OF_EIGHT}_BIT* These are unused internally and very few things look at them, none of which should really matter to us, except possibly free pascal on Windows. sizeof has been available since forever... ok jsing
4165ed75 2025-06-08 07:49:45 More code clean up. Fix some things that got missed in the last pass - the majority is use of post-increment rather than unnecessary pre-increment.
8b0b9e0d 2025-06-08 07:38:42 Remove more mess related to arm assembly.
03ca89d1 2025-06-08 07:37:49 Garbage collect DES_PTR pointed out by/ok jsing
dc0813ea 2025-06-08 04:48:07 Remove DES_RISC* codesearch.debian.net only shows some legacy openssl patches plus binkd (a FidoNet mailer) as sole potential user. net-snmp and a strongswan DES plugin bundle some opt-in libdes/openssl legacy things. If this should break any of this, I don't think we need to care. If you're really going to use DES you can also use non bleeding edge libressl. We can remove the big 'default values' block because one of DES_RISC1, DES_RISC2, DES_UNROLL is always defined (you can ignore DES_PTR for this), so this is dead support code for mostly dead platforms. ok kenjiro
5ece6a59 2025-06-07 23:56:57 fpclassify(3) and isgreater(3) are the last two pages living in src/lib/libc that require <math.h>, which implies that POSIX allows them to be in libm. While -lm is not currently required on OpenBSD, which POSIX is also fine with, providing -lm for these may help portability elsewhere. Requested by guenther@ and tedu@.
beadac4b 2025-06-07 20:50:40 .Lb libevent in some WIP pages that are not yet installed
44b12aca 2025-06-07 20:37:45 .Lb libevent ; OK tedu@
c3fb235e 2025-06-07 15:50:12 Trim trailing whitespace
4f09611f 2025-06-07 15:49:22 Spelling, discussed with jsing
c6539648 2025-06-07 10:33:06 .Lb libm ; OK tedu@
43bdc3b5 2025-06-07 10:25:12 tls13_ctx_new(): fix calloc() incantation Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...). ok jsg
88350ef7 2025-06-07 10:23:21 Fix weird calloc() argument order ok jsg
d757ecc8 2025-06-07 10:04:45 .Lb libz ; OK tb@ tedu@
921df737 2025-06-07 09:56:51 .Lb libpcap ; OK dlg@ tedu@
a2fdf17a 2025-06-07 09:53:06 .Lb libsndio ; OK ratchov@ tedu@
f83cb516 2025-06-07 09:51:54 sioctl_revents(3) was missing from the name section, and add .Lb libsndio to the SYNOPSIS; OK ratchov@ tedu@
6bc9d332 2025-06-07 09:45:07 English grammar: add a missing word; from Jan Stary <hans at stare dot cz>
2c19ae91 2025-06-07 09:32:35 do_PVK_body: Unconditionally free enctmp enctmp is only allocated if saltlen > 0, so there is no harm in checking for that, but it's also pointless. Unconfuses smatch who thinks there might be a memory leak: pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp' found by jsg
2062ef68 2025-06-07 09:28:00 Fix smatch warning in asn1_primitive_print() Remove unnecessary and inconsistent NULL check for 'it', which the only caller, asn1_item_print_ctx(), already dereferenced. found by jsg ok kenjiro
b2c6c93a 2025-06-07 04:37:01 crypto_ex_data: fix allocation size of classes_new classes_new is an array of pointers to struct crypto_ex_data, not an array of struct crypto_ex_data_index, so this overallocated by 240 or 480 bytes on ILP32 or LP64, respectively. found by jsg using smatch ok jsing
5d8200c9 2025-06-07 00:30:54 The pthread_sigmask(3) function is a special case. The POSIX specification of the c99 utility explicitly requires it to be declared in <signal.h> (and not in <pthread.h>) and yet allows it to require -lpthread. While OpenBSD does not require -lpthread and provides the function in libc, which POSIX permits, specifying -lpthread can do no harm and may improve portability, so say .Lb libpthread here, too. Requested by guenther@.
288e47d5 2025-06-07 00:16:52 .Lb libpthread ; significant help and OK from guenther@ and tedu@ OpenBSD actually provides the functions documented in about 20 of these 70 manual pages in libc rather than in libpthread, which the POSIX specification of the c99 utility explicitly permits. Recommend specifying -lpthread for all of them anyway. That not only does no harm, but may even improve portability.
a2f4fefd 2025-06-06 22:01:39 .Lb libutil ; OK tedu@
3ca9b1da 2025-06-06 21:53:13 .Lb libkvm ; OK tedu@
a424e829 2025-06-06 21:50:10 While we have fabs(3), frexp(3), ldexp(3), and modf(3) in libc, we have their eight *f and *l variants in libm, so add .Lb libm as suggested by tedu@: "A little extra -lm won't hurt anyone."
5a5f6d11 2025-06-06 21:38:27 fix multiple small markup issues and add .Lb libusbhid ; OK anton@ tedu@
a3a8500a 2025-06-06 21:34:12 .Lb libskey ; OK millert@ tedu@
45bd099d 2025-06-06 21:09:33 Add a roff(7) comment saying "these functions live in libc" to help future manpage editors, as suggested by miod@ and tedu@.
a866c4c7 2025-06-06 20:52:27 .Lb libossaudio , and reference sioctl_open(3) properly; OK ratchov@ tedu@
361533b7 2025-06-06 07:41:01 Fix EVP_DecryptFinal() for CCM ciphers There is an old trap that you must not call EVP_*Final() when using AES-CCM. While encrypting this happens to be a noop and succeeds, but when decrypting, the call fails. This behavior changed in OpenSSL and BoringSSL, making the trap even worse since we now fail when the others succeed. This is an adaptation of OpenSSL commit 197421b1 to fix this. See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336 ok beck kenjiro
9a0f4693 2025-06-06 00:04:33 use the first nibble in DLT_RAW as a link type field. this lets you filter on ip or ip6 payloads, and rejects every other link type. ok claudio@
402b23ce 2025-06-05 18:59:11 .Lb libkeynote libm libcrypto ; OK tedu@
03cfeab9 2025-06-05 18:57:01 .Lb libedit libcurses ; OK tedu@
b57dcb7b 2025-06-05 18:47:18 use .Lb for libi386 and libamd64; OK guenther@ tedu@
5c99a53f 2025-06-05 18:43:07 .Lb libagentx ; OK martijn@ tedu@
c8758384 2025-06-05 08:55:07 Add back #include <sys/types.h> for pid_t This makes imsg.h is self-standing again and unbreaks the build of audio/amused whose player.c managed to include imsg.h before pulling in sys/types.h. ok claudio
57a8f85d 2025-06-05 07:50:30 pkcs7.h: drop two spaces before a tab
6c5cd6d4 2025-06-05 06:37:24 Rename the header guard of des.h with HEADER_DES_H libdes is dead, Jim. Only its successors continue to haunt us. discussed with jsing
644a22cd 2025-06-05 06:34:11 Remove preprocessor branching on HEADER_DES_H This was the header guard for des_old.h introduced in 2002 and removed in 2014. The header guard for des.h is HEADER_NEW_DES_H for the sake of inconsistency (ostensibly due to backward compat concerns with libdes). ok jsing
ea02ff1e 2025-06-05 04:14:50 opensslconf.h: remove md2 leftovers md2.h left on Apr 15, 2014, along with jpake and seed. In particular, HEADER_MD2_H is never defined. These bits have been dead ever since. ok jsing
60a11250 2025-06-04 10:25:30 libtls: abort handshake on no ALPN protcol overlap RFC 7301, section 3.2: In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert. This change makes tlsext_alpn_server_process() send the alert rather than pretending no callback was present. ok jsing
78ca79c0 2025-06-04 09:09:25 Bump minor version because of symbol additions.
a6a83a45 2025-06-04 09:08:52 More imsg function additions: imsgbuf_get() will replace imsg_get() in the long run. Has much simpler return value since nobody uses the imsg_get() return value for anything. imsg_ibufq_push() and imsg_ibufq_pop() allows to push and pop imsg into an ibufq so they can be processed at a later stage or from a different task. OK tb@
7dadfe6f 2025-06-04 09:07:58 Kill internal use of imsg_add() and use ibuf_add() instead. Also ibuf_free() now preserves the errno so no need for any extra dance. OK tb@
41a801a1 2025-06-04 09:06:56 Preserve errno in ibuf_free() so we don't have to do it in the callers. OK tb@
a2618958 2025-06-04 09:06:21 Add a few extra len == 0 checks just to avoid possible UB via memcpy and memset. OK tb@
309618ec 2025-06-04 09:04:52 Add ibufq API to support multithreaded use of ibufs ibufq_new() allocates a new struct ibufqueue ibufq_free() flushes all ibufs and frees the ibufqueue ibufq_push() enqueues an ibuf onto the queue ibufq_pop() dequeues an ibuf from the queue ibufq_queuelen() returns the current queue length ibufq_concat() concatenates all ibufs from the 2nd queue to the end of the first queue. msgbuf_concat() enqueue all ibufs from the ibuf queue into the msgbuf. Adjust the internal msgbuf code to use ibufq as well. OK tb@
9a015d61 2025-06-04 09:03:05 Implement following new helper functions: ibuf_add_strbuf, ibuf_get_strbuf functions to insert or parse a fixed size string buffer. These function ensure that the returned string is always NUL terminated and return errors (errno EOVERFLOW) when the string is truncated to fit into the buffer. Two new convenience functions for imsg parsing imsg_get_buf() and imsg_get_strbuf(). The first simply wraps ibuf_get() and the latter ibuf_get_strbuf(). imsg_get_buf() is like imsg_get_data() but does not enforce that all data has to be pulled in one go. Two functions to adjust the max payload of a buffer: imsg_set_maxsize() and ibuf_set_maxsize(). Align imsgbuf_set_maxsize() with imsg_set_maxsize() and use the payload size (excluding the IMSG_HEADER_SIZE). man page updates by tb@ OK tb@
1c8bb539 2025-06-04 09:00:44 Make imsg.h freestanding by adding sys/queue.h to imsg.h and use stdint.h and stddef.h to get types and NULL. OK tb@
ce1bcb34 2025-06-04 00:38:01 Revert 1.144 of lib/libc/stdlib/malloc.3. It was changed by accident by my previous commit.