summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/merge.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-11-03Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.jsing1-205/+256
ok beck@ (who was struggling to keep lunch down while reviewing the diff)
2016-11-03Don't do OCSP validation when we have disabled certificate verificationbeck2-5/+8
or certificate validation. ok jsing@
2016-11-03convert configuration manuals from pod to mdocschwarze9-305/+340
2016-11-03convert remaining ASN1 object manuals from pod to mdocschwarze5-175/+299
2016-11-03Only set an error from libssl related code, if an error has not alreadyjsing2-7/+47
been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
2016-11-03convert HMAC and MD5 manuals from pod to mdocschwarze5-210/+393
2016-11-03convert EVP manuals from pod to mdocschwarze49-2724/+4229
2016-11-03Fix handshake failures:beck1-20/+26
split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
2016-11-03Clean up the TLS handshake digest handling - this refactors some of thejsing2-30/+43
code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
2016-11-02bit more cleanup;jmc1-9/+9
2016-11-02fix shadow declaration of time in parameter list.beck1-2/+2
ok jsing@
2016-11-02Ensure handshake is complete before processing an ocsp response for a ctxbeck1-0/+3
ok jsing@
2016-11-02tweak previous;jmc1-32/+26
2016-11-02convert ERR manuals from pod to mdoc; while reading this,schwarze23-705/+963
i wtfed, laughed, puked, and cried in more or less that order...
2016-11-02bump minor for ocsp api additionsbeck1-1/+1
2016-11-02Add OCSP client side support to libtls.beck8-9/+641
- Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
2016-11-02convert DSA and EC manuals from pod to mdocschwarze33-1241/+2658
2016-11-02Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FNjsing2-7/+13
macros. Only change in generated assembly is due to line numbering.
2016-11-02Expand another LHASH_OF macro.jsing1-2/+2
2016-11-02Expand DECLARE_LHASH_OF and LHASH_OF macros.jsing1-3/+5
2016-11-02Expand DECLARE_PEM_rw macro.jsing1-2/+7
2016-11-02Expand IMPLEMENT_LHASH_COMP_FN/IMPLEMENT_LHASH_HASH_FN macros - the onlyjsing1-5/+17
change to generated assembly results from a difference in line numbers.
2016-11-02Wrap some >80 char lines.jsing1-9/+9
2016-11-02convert DES and DH manuals from pod to mdocschwarze15-715/+1244
2016-10-31remove some old option letters and also make P non-settable. It hasotto1-24/+6
been the default for ages, and I see no valid reason to be able to disable it. ok natano@
2016-10-31bump to LibreSSL 2.5.1bcook1-3/+3
2016-10-28Pages in the malloc cache are either reused quickly or unmappedotto1-14/+1
quickly. In both cases it does not make sense to set hints on them. So remove that option, which is just a remainder of old times when malloc used to hold on to pages. ok stefan@
2016-10-22$OpenBSD$tb3-0/+3
2016-10-22- fix MALLOC_STATS compileotto1-3/+6
- redundant cast is redundant
2016-10-21fix some void * arithmetic by castingotto1-4/+4
2016-10-21and recommit with fixed GCotto1-103/+112
2016-10-20backout for now; flag combination GC is not okotto1-110/+103
2016-10-20avoid sentence splicing;jmc1-2/+2
2016-10-20canary corruption message changed a bitotto1-5/+5
2016-10-20Also place canaries in > page sized objects (if C is in effect); ok tb@otto1-103/+110
2016-10-19unifdef OPENSSL_NO_CMSjsing8-123/+8
2016-10-19Update client hello messages to follow the removal of fixed ECDH.jsing1-89/+65
2016-10-19Remove support for fixed ECDH cipher suites - these is not widely supportedjsing7-466/+42
and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
2016-10-19Remove the save_errno dance inside strerror_r(3). It is from thebluhm1-5/+3
time when we had national language support. OK millert@
2016-10-17If BN_div_word() fails (by returning (BN_ULONG)-1) or if the divisionguenther1-4/+8
fails to reduce the input in the expected space then fail out instead of overflowing the allocated buffer. combines openssl commits 28a89639da50b1caed4ff3015508f23173bf3e49 and 3612ff6fcec0e3d1f2a598135fe12177c0419582 ok doug@ beck@
2016-10-16Move libcrypto, librpcsvc and gnu/usr.bin/cc/include from RDIRS to PRDIRS,tb1-2/+4
and add prereq targets, so some header files are generated by BUILDUSER during 'make prereq' instead of by root during 'make includes'. Switch the order of 'make cleandir' and 'make includes' during 'make build' so we don't generate many files twice. Except for some machine@ symlinks from ${MACHINE}/stand, /usr/obj is now clean from files generated by root during 'make build'. Those will be cleaned up in a second step. help, testing & ok deraadt, input from natano, further testing rpe
2016-10-16Roll back uintptr_t cast changes after discussions with tedu, otto anddtucker3-24/+7
others. C11 6.5.6.9 says: When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. In these cases the objects are arrays of char so the result is defined, and we believe that the report is based on a compiler incorrectly trapping on defined behaviour.
2016-10-15Wrap _malloc_init() so internal calls go directlyguenther2-2/+6
prodded by otto@ ok kettenis@ otto@
2016-10-14Cast pointers to uintptr_t to avoid potential signedness errors.dtucker3-7/+24
Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with & ok millert, ok deraadt.
2016-10-140xd0 -> 0xdb; ok deraadt@ millert@ tedu@otto1-3/+3
2016-10-12optimize canary code a bit by storing offset of sizes table instead ofotto1-5/+7
recomputing it all the time
2016-10-08make clear the length printed is the requested lengthotto1-3/+3
2016-10-07grammar fix previous;jmc1-2/+2
2016-10-07document "chunk canary corrupted" errorotto1-2/+7
2016-10-07stray tabotto1-2/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-21 18:33:19 +0000