summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/merge.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-07-19Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod4-16/+32
fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
2015-07-19Only close descriptor if not already closed.doug1-3/+5
Fixes coverity 78916. ok miod@ bcook@
2015-07-19Free variable before potentially reusing.doug1-1/+2
Fixes coverity 78824. ok bcook@ miod@
2015-07-19Free passin on error.doug1-4/+4
Fixes coverity 78826. ok miod@ bcook@
2015-07-19Fix coverity 105339, by correctly checking return from strtollbeck1-1/+1
ok miod@ bcook@
2015-07-19Put explicit braces around assignment used in a conditional.miod2-4/+4
ok bcook@ doug@
2015-07-19Remove the logic responsible for outputting most AES-NI instructions asmiod6-214/+0
raw byte sequences. The toolchains have had some time to update and assemble the instructions correctly (except for p{ins,ext}rd which are not supported yet by as(1) under OpenBSD, but will be fixed shortly). Inspired by a discussion between tedu@ and John-Mark Gurney. Verified to still work on Mac OS X and average Linux distros by bcook@
2015-07-19Replace `.byte 0x48,0x83,0xEC,0x08' with `sub \$8,%rsp' which is exactly themiod2-4/+4
same four bytes, unobfuscated.
2015-07-19Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2-116/+110
The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
2015-07-19Remove case that can never happen.doug2-10/+2
It's a little convoluted due to gotos, but at that point, pci is always NULL. Spotted by Coverity 21702. ok miod@ beck@ bcook@
2015-07-19Fix Coverity 72742 - ret is overwritten immediately after this.beck2-4/+2
ok doug@
2015-07-19Remove effectively unused variable.doug1-4/+1
Fixes Coverity issue 21693. ok beck@ bcook@
2015-07-19Assign p to CBS_data since it is used later.doug2-4/+6
The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
2015-07-19abort when ENGINE_remove fails, fix Coverity 21656bcook2-10/+4
ok doug@, beck@
2015-07-18Convert dtls1_get_message_header to CBS and change to int.doug6-32/+74
Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
2015-07-18rand_err doesn't exist anymore, coverity 78808beck2-6/+6
ok doug@
2015-07-18Coverity 21651beck2-6/+14
ok doug@
2015-07-18Convert dtls1_get_record to CBS.doug2-42/+56
ok miod@, input + ok jsing@
2015-07-18Remove repeated code in dtls1_get_record.doug2-80/+32
The "if" is a bit ugly, but this does remove a lot of repetitive code. This will be converted to CBS later as well. ok miod@ jsing@ roughly ok with it after seeing the CBS version
2015-07-18Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFERbluhm1-1/+4
in libtls. This gives tls_write() a similar short write semantics as write(2). So implementing daemons with libevent buffers will be easier and workarounds in syslogd and httpd can be removed. OK tedu@ beck@ reyk@
2015-07-18Dead code, Coverity 78798beck2-6/+2
ok bcook@ doug@
2015-07-18simplify length checking in do_indefinite_convertbcook1-11/+17
Fixes Coverity 117506, 117507, 117508 ok doug@
2015-07-18Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2-12/+16
lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
2015-07-18Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug10-58/+26
This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
2015-07-18remove mysterious, decorative comment blockletsbcook1-21/+21
2015-07-18Explicitly mark ignored BN_* return vals in tests.bcook1-6/+6
The tests will fail all the same. Fixes Coverity 78811 21659 21658 21657. Discussed with beck@
2015-07-18check sscanf conversion, fixes Coverity 21666bcook1-2/+6
ok doug@, miod@, guenther@
2015-07-18Check the return value of ASN1_STRING_set(), for it may fail to allocatemiod4-12/+28
memory. Coverity CID 24810, 24846. ok bcook@ doug@
2015-07-18Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.doug6-28/+22
This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
2015-07-18Unbreak, add errno headerjeremy1-1/+2
OK tedu@
2015-07-18set errno in null cases, just in case.tedu1-2/+3
2015-07-18standards compliant error return (null). will make ruby happier, at least.tedu1-5/+2
ok deraadt jeremy
2015-07-18Fix leak found by coverity, issue 78897 - which also brough tobeck6-50/+66
light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
2015-07-17delete doubled words;schwarze8-8/+8
patch from Theo Buehler <theo at math dot ethz dot ch>
2015-07-17extenstion -> extensionmiod2-2/+2
2015-07-17fix leak, found by coverity, ID 78877beck1-3/+3
ok miod@ jsing@
2015-07-17Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug4-24/+34
ok miod@ jsing@
2015-07-17Remove SSLv3 support from openssl(1) s_time.doug1-13/+3
ok miod@ bcook@ beck@
2015-07-17Remove SSLv3 support from openssl(1) s_server.doug1-7/+2
ok miod@ bcook@ beck@
2015-07-17Remove SSLv3 support from openssl(1) s_client.doug1-4/+1
ok miod@ bcook@ beck@
2015-07-17Remove support for SSLv3 from openssl(1) ciphers.doug1-27/+5
ok miod@ bcook@
2015-07-17Remove compat hack that disabled ECDHE-ECDSA on OS X.doug10-208/+26
For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
2015-07-17Remove workaround for TLS padding bug from SSLeay days.doug13-79/+25
OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
2015-07-16Bump LIBRESSL_VERSION defines.bcook2-6/+14
Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
2015-07-16Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;miod2-4/+8
from OpenSSL (RT #3683) ok doug@ jsing@
2015-07-16fix coverity leak - ID 78921beck1-3/+11
ok miod@, bcook@
2015-07-16kill leak, found by coverity, ID 105348beck1-2/+5
ok miod@
2015-07-16After reading a password with terminal echo off, restore the terminal toguenther2-12/+10
its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
2015-07-16Explicitely cast a char into unsigned long before shifting it left by 24, formiod2-4/+4
this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
2015-07-16Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2-10/+18
Coverity CID 78796; ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-21 12:43:01 +0000