| Commit message (Collapse) | Author | Files | Lines |
|---|
|
void pointer is undefined and initialising an array with {} is a syntax
error.
Based on a diff from kinichiro inoguchi.
|
|
system. *blush*
|
|
sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter
only frees the stack itself and does not free the items.
From Basskrapfen on github.
|
|
generating code for 64-bit mips userland.
|
|
|
|
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
|
|
|
From Benjamin Baier <programmer at netzbasis.de>
|
|
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
The semantics of tls_error() are changed slightly: the last error message is
not necessarily preserved between subsequent calls into the library.
When the previous call to libtls succeeds, client programs should treat the
return value of tls_error() as undefined.
ok tedu@
|
|
From Minux Ma.
|
|
only sometimes being available... and when it was available it was via
the crypto engine. GOST is now part of libcrypto proper.
Instead of trying to do EVP PKEY lookups via string literals and the
ASN1 interfaces, lookup the methods directly using the appropriate NID.
ok bcook@
|
|
|
|
|
|
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
|
|
breaking the hardlink between file system entries, confusing apropos(1).
Split malloc.conf(5) out of malloc(3) as suggested by deraadt@.
Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
|
|
|
|
|
|
the associated peer_rsa_tmp goop.
This was only needed for export cipher handling and intentional RFC
violations. The export cipher suites have already been removed and
previous cleanup means that we will never send ServerKeyExchange messages
from the server side for RSA.
|
|
storing and processing in wire encoded form.
Inspired by boringssl.
ok miod@
|
|
The EC curve handling code assumes this to be the case and will read one
byte off the end of the curve list during processing, in the case where it
is not.
ok miod@
|
|
the buffer. The later size check would catch this, however reading first
and checking later is less than ideal.
ok miod@
|
|
using it.
|
|
|
|
This is needed by the portable tree to point directly to the newly-built
binaries when running unit tests.
discussed with jsing@ and others
|
|
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on
Windows. Sorry, these are no-op on other platforms.
ok jsing@ deraadt@
|
|
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
ok jsing@ deraadt@
|
|
ok jsing@ deraadt@
|
|
EC_POINT_point2oct so that later allocation does not overflow
with miod
|
|
ok miod
|
|
string we are testing.
Add tests to verify that we get SIGSEGV when passed a NULL src or dst.
It is better to crash than for an implementation to check for NULL
and try to recover.
|
|
from OpenSSL HEAD via Thomas Jakobi.
|
|
|
|
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.
|
|
Also looked at by bcook
|
|
|
|
|
|
|
|
|
|
The former is not used anywhere in NetBSD, FreeBSD, or DragonFly
and not supported by groff, so i'm going to delete it from mandoc(1).
We don't need two macros for the same thing.
|
|
|
|
(potentially) MD versions (function dependent, not filename dependent)
split out memcpy/memmove/bcopy and strchr/index/strrchr/rindex
Bring back amd64 .S versions
And the final touch: switch all architectures temporarily to MI
memcpy.c, which contains syslog + abort for overlapping copies. A nice
harsh undefined behaviour. We will clean the entire userland of the
remaining issues in this catagory, then switch to the optimised memcpy
which skips the memmove check.
I tried to cut this change into pieces, but testing each sub-step on
every architecture is too time consuming and mindnumbing.
ok miod
|
|
found because the groff_mdoc(7) macros warn about it.
|
|
ssl3_send_client_key_exchange(), rather than checking it in the key
exchange algorithm specific code.
ok beck@ miod@
|
|
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
crafted server response used in conjunction with an anonymous DH or
anonymous ECDH ciphersuite.
Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
ok tedu@ miod@ deraadt@
|
|
ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
|
|
ok beck@ tedu@ miod@
|
|
Remove the remaining random casts on optval. Fixups for this can be handled by
the portability layer all in once place.
Remove remaining fake socklen_t unions, though beck@ points out that this also
removes support for socklen_t changing its length at runtime. RIP.
ok tedu@ beck@ miod@ deraadt@
|
|
ok beck@ miod@ tedu@ deraadt@
|
