| Commit message (Collapse) | Author | Files | Lines |
|---|
|
separately to avoid false negatives.
ok miod@ millert@
|
|
|
|
|
|
ok doug millert
|
|
ok jsing@
|
|
ok jsing@
|
|
All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base.
cbb_add_u() now has that common code in one place.
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
|
This function is documented as allowing NULL for out_header_len.
ok jsing@
|
|
tweak + ok jsing@
|
|
ok jsing@
|
|
RFC 5280 says " " must not be used as a dNSName.
ok jsing@ jca@
|
|
After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning. There were missing BN_CTX_end() calls in error paths. One diff
chunk was simply removing redundant code related to this.
ok deraadt@
|
|
Include it if we have the sysctl syscall.
|
|
From Michael Felt.
|
|
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.
Thanks to william at 25thandclement dot com for reporting this!
ok deraadt@ jsing@ beck@
|
|
ASN.1 integers cannot have all zeros or all ones for the first 9 bits.
This rule ensures the numbers are encoded with the smallest number of
content octets (see ITU-T Rec X.690 section 8.3.2).
Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16
ok deraadt@ jsing@
|
|
|
|
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.
ok bcook@ doug@
|
|
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.
Inspired by simliar changes in BoringSSL.
ok beck@ doug@
|
|
|
|
ensure that outlen is set to zero so that tls_read() has read(2) like
semantics for EOF.
Spotted by doug@
|
|
from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we
failed to send a close notify on a non-blocking socket.
Otherwise be more forceful and always shutdown/close the socket regardless
of other failures. Also do not consider ENOTCONN or ECONNRESET to be a
shutdown failure, since there are various situations where this can occur.
ok doug@ guenther@
|
|
|
|
|
|
ok doug@
|
|
- Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL
return value in a more appropriate manner.
- Use stroul() instead of sscanf() with appropriate error checking.
ok doug@
|
|
ok bcook@ doug@
|
|
i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken.
Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d.
ok deraadt@, jsing@
|
|
The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment". Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places. However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False
safety. Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.
Can you believe the OpenSSL team?
This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL. Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming
ok jsing
|
|
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others
|
|
Spotted by doug@
|
|
|
|
unregistering callbacks if the DSO is unloaded. Move the callback
handling from libpthread to libc, though libpthread still overrides the
inner call to handle locking and thread-library reinitialization.
Major version bump for both libc and libpthread.
verification that this fixes various ports ajacoutot@
asm assistance miod@; ok millert@ deraadt@
|
|
|
|
instead of simply zapping it. this can save many syscalls in a program
that repeatedly grows and shrinks a buffer, as observed in the wild.
|
|
(POSIX is fixing its description: readdir_r() was a botch)
Patch from Carlos Mart�n Nieto (cmn (at) dwim.me)
no -portable concerns bcook@
|
|
|
|
close the connection. Also correctly handle the error on failure.
Diff from cookieandscream via github.
|
|
Diff from Tim van der Molen.
ok jmc@
|
|
TLS_READ_AGAIN and TLS_WRITE_AGAIN.
Based on a diff from Tim van der Molen.
|
|
|
|
accepted via an existing pair of file descriptors.
Based on a diff from Jan Klemkow.
|
|
compile time, which we do not do and are unlikely to ever do. Additionally,
there are two runtime configurable alternatives that exist.
ok bcook@ doug@
|
|
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.
Issue reported by Tim van der Molen.
|
|
|
|
in four different places.
ok doug@ guenther@
|
|
|
|
socket becomes invalid between these calls (e.g. connection closed), write
will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can
handle write's -1 return value (errno will be EPIPE). Ultimately, it leads
to program exit, too -- but with nicer error message. :)
with input by and ok djm
|
