| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Now that ressl config takes copies of the keys passed to it, the keys need
to be explicitly cleared. While this can be done by calling the appropriate
functions with a NULL pointer, it is simpler and more obvious to call one
function that does this for you.
ok tedu@
|
|
read the PEM-encoded certificate chain from memory instead of a file.
This idea is derived from an older implementation in relayd that was
needed to use the function with a privep'ed process in a chroot. Now
it is time to get it into LibreSSL to make the API more privsep-
friendly and to make it available for other programs and the ressl
library.
ok jsing@ miod@
|
|
ok bcook@
|
|
for it may be NULL. Do not leak memory upon error.
ok bcook@
|
|
manual field fiddling to create an ASN1_INTEGER object, instead of using
M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes.
That person had probably never looked into malloc(3) and never heard of
allocation size rounding.
Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by
ASN1_INTEGER_set(), to achieve a similar result, without the need for
/* version == 0 */ comments.
ok bcook@
|
|
caller worrying about leaks or lifetimes.
after feedback from jsing
|
|
fixed.
|
|
the 64-bit code has to be disabled under OpenBSD/hppa.
|
|
cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and
to be able to tell broken versions apart easily.
|
|
ok miod@
|
|
Based on OpenSSL.
ok miod@
|
|
ok tedu@
|
|
X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of
allocations.
ok tedu@
|
|
the first EVP block.
ok tedu@
|
|
ok tedu@
|
|
for the server hello.
From OpenSSL.
ok miod@
|
|
strdup() to allocated directory list components.
ok jsing@
|
|
effectively built two "static" data structures - instead of doing this,
just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
|
ssl3_send_finished(). While this previously checked against a zero return
value (which could occur on failure), we may as well test against the
expected length, since we already know what that is.
|
|
end up with a value of zero, primarily since ssl3_take_mac() fails to check
the return value from the final_finish_mac() call. This would then mean that
an SSL finished message with a zero-byte payload would successfully match
against the calculated finish MAC.
Avoid this by checking the length of peer_finish_md_len and the SSL
finished message payload, against the known length already stored in
the SSL3_ENC_METHOD finish_mac_length field (making use of a previously
unused field).
ok miod@ (a little while back)
|
|
From OpenSSL.
|
|
is off by default (instead of being enabled unconditionally).
The TLS padding extension was added as a workaround for a bug in F5 SSL
terminators, however appears to trigger bugs in IronPort SMTP appliances.
Now the SSL client gets to choose which of these devices it wants to
trigger bugs in...
Ported from OpenSSL.
Discussed with many.
ok miod@
|
|
some changes an a_int.c did not get applied to a_enum.c; despite style
changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value
the same way BN_to_ASN1_INTEGER() does.
ok bcook@ beck@ jsing@
|
|
Replace an if() posse with a switch() statement in traverse_string().
Remove unnecessary casts in cpy_*(),
with tweaks from guenther@; ok bcook@ jsing@ guenther@
|
|
These are copied from the existing [[:<:]] and [[:>:]] tests.
|
|
From Ming <gzchenym at 126.com>
|
|
|
|
To avoid making tests machine dependent, only test values inside 32bit
LONG_{MIN,MAX} and outside 64bit LONG_{MIN,MAX}, but none in between.
While here, cover 32bit edge cases, negative values, and overflows.
ok jsing@
|
|
ok jsing@
|
|
|
|
|
|
of the resulting FILE *), then pass fopen() the 'e' mode letter to
mark it close-on-exec.
ok miod@
|
|
Mention that invalid bases do set EINVAL (as required by POSIX);
this part of the change uses part of an earlier patch by millert@.
Minor mdoc(7) cleanup and sync between the two pages while here.
Feedback and ok jmc@ and millert@.
|
|
required by the C standard when called with an invalid base:
strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax().
Same behaviour for strtoq() and strtouq() even though not standardized.
No functional change in strtol(), it was the only one already correct.
While here, simplify the conditional expression for checking the base
and sync whitespace and comments among the six files.
ok millert@
|
|
|
|
found with the new mandoc(1) MANDOCERR_AN_MISSING warning;
no text changes
|
|
nor do we plan on supporting them.
ok guenther@
|
|
OK aja@ mikeb@
|
|
ok jsing@
|
|
|
|
If the option/argument string exceeds the given width, add a hanging indent
prior to displaying the description. Also, if the description includes
newlines, wrap and indent for each newline so that the indentation is
correctly maintained.
|
|
in kernel and user land.
OK florian@ mpi@
|
|
ok millert@ manpage feedback jmc@
|
|
|
|
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.
|
|
need to also be called from some of the applications.
|
|
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
|
|
|
|
