| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ssl3_get_cipher_by_id().
ok bcook@
|
|
|
|
|
|
Let the compiler optimize these. Even older versions of gcc generate
equal or better quality code than the inline asm.
ok miod@
|
|
These macros and asm inlines simulate a function returning a value, but
nothing ever uses this return value. Remove the pseudo-returns and
(void) casts discarding the unused values.
This, maybe unsurprisingly, speeds things up a bit. It also removes the
GCC 4.9 warnings about unused values.
ok miod@ deraadt@
|
|
to hold the malloc lock across mmap syscalls in all cases. dropping it
allows another thread to access the existing chunk cache if necessary.
could be improved to be a bit more aggressive, but i've been testing this
simple diff for some time now with good results.
|
|
|
|
like the sysctl path
|
|
this causes errors with stricter C compilers
|
|
This enables support for the new getrandom(2) syscall in Linux 3.17.
If the call exists and fails, return a failure in getentropy(2) emulation as
well. This adds a EINTR check in case the urandom pool is not initialized.
Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04
ok deraadt@
|
|
|
|
circular lists. Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go. Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@
|
|
millert@ and jmc@ agree that "overriden" is wrong
|
|
case of failing to map the 2nd object.
found by Paul Maurers
|
|
original OpenSSL commit message follows:
Fixed as shown; to be released post-1.0.2
commit bebbb11d132cc149f7713d6693703f8bfae10072
Author: Ingo Schwarze <schwarze@usta.de>
Date: Sat Jan 18 11:46:25 2014 +0100
RT3239: Extra comma in NAME lines of two manpages
In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.
While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).
Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
|
|
Without the cast/mask, the compiler is allowed to optimize this directly
to the correct CPU intrinsic for rotate.
|
|
Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined,
only enabling inline assembly, but the RSA / RC4-5 blocks (used only in
amd64 systems) turn on implicitly. Guard these two as well.
This simplifies enabling just inline ASM in portable, no effective
change in OpenBSD.
|
|
memory and can return NULL.
ok miod@
|
|
ssl3_get_cert_verify().
ok guenther@ jsing@
|
|
ok guenther@ jsing@
|
|
of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than
using a less-readable hardcoded constant everywhere) and replace the
ssl3_put_char_by_bytes(NULL, NULL) calls with it.
ok bcook@ miod@
|
|
up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
|
|
|
the cipher list. This reduces code size, saves data segment space and
prevents them from being turned back on at runtime by flipping a bit in
memory.
ok guenther@
|
|
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
|
|
|
|
|
structure when a zero-length fragment is received.
Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74
diff by miod@, ok guenther@ bcook@ deraadt@
|
|
- make sure the output buffer is always NUL terminated if buf_len
was initially greater than zero.
- reject OIDs that are too long, too short, or not in proper base-127
Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87
ok bcook@
|
|
pointed out by Watson Ladd (watson (at) matasano.com)
ok deraadt@
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636
with comment/whitespace style tweaks
ok bcook@ miod@
|
|
to only apply to s23_srvr.c.
|
|
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).
Instead, compare for the exact value it ought to return upon success.
ok deraadt@
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
ok guenther miod
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
ok bcook
|
|
|
|
Adam Langley close to three years ago, which were commited in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214
ok jsing@
|
|
behaviour that allows a PEM block to be fed through the base64 decoder.
Reported by Dmitry Eremin-Solenikov on tech@
ok deraadt@ tedu@
|
|
and UI_add_verify_string() return -1 (and maybe -2?) on failure and
>=0 on success, instead of always zero on success
problem reported by Mark Patruck (mark (at) wrapped.cx)
ok miod@
|
|
directly from file.
|
|
|
|
context (if necessary) and handles the TLS/SSL handshake over the given
socket.
|
|
|
|
a specific server configuration function and call this from
ressl_configure.
|
|
|
|
|
|
|
|
|
|
ok guenther@ jsing@
|
|
the return value is stored in must be signed. Fixes a test for error.
ok jsing@ guenther@
|
