summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/merge.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-06-15Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug8-106/+40
This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
2015-06-15Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.doug5-81/+11
This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
2015-06-15Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.doug4-22/+16
This is a hack for an old version of SSLeay which predates OpenSSL.
2015-06-15Update SSL_OP_* to remove ancient hacks that are no longer enabled.doug2-26/+22
2015-06-13Split up the logic in CBB_flush to separately handle the lengths.doug2-42/+64
Also, add comments about assuming short-form. ok miod@, tweak + ok jsing@
2015-06-13Explain the ASN.1 restriction that requires extra logic for encoding.doug2-4/+36
ok miod@ jsing@
2015-06-13When initial capacity is 0, always use NULL buffer.doug2-14/+16
malloc(0) is implementation defined and there's no reason to introduce that ambiguity here. Added a few cosmetic changes in sizeof and free. ok miod@ jsing@
2015-06-13Add comments about how the CBS constants are constructed.doug2-24/+86
Also, introduce a few more #defines to make it obvious. ok miod@ jsing@
2015-06-13Reject long-form tags in CBS_peek_asn1_tag.doug2-2/+16
Currently, CBS only handles short-form tags. ok miod@ jsing@
2015-06-13Fix bad indenting in LibreSSL.doug10-24/+24
jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
2015-06-13Remove unneeded sys/sysctl.h on linux.bcook2-4/+2
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
2015-06-11Avoid an infinite loop that can occur when verifying a message with anlibressl-v2.2.0jsing2-4/+4
unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@
2015-06-11Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2-8/+54
length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
2015-06-11Avoid an infinite loop that can be triggered by parsing an ASN.1jsing2-6/+16
ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@
2015-06-05Link ssl and crypto via BSDOBJDIR, works with native and cross buildstobiasu1-3/+3
ok mpi@
2015-06-05Fix library search path so we link against the freshly built libcrypto.sotobiasu1-2/+2
instead of a stale one. ok miod@ mpi@
2015-06-04force reseeding if pid has changed.eric1-2/+7
ok deraadt@
2015-05-29Need to operate of CXXFLAGS now.miod1-3/+3
2015-05-26Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod1-2/+2
work again.
2015-05-26Add OPENSSL_NO_EGD to opensslfeatures.h.bcook2-0/+2
Since RAND_egd has been removed from LibreSSL, simplify porting software that relies on it. See https://github.com/libressl-portable/openbsd/pull/34 from Bernard Spil, ok deraadt@
2015-05-25Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as usingguenther2-8/+8
256bit keys problem noted by Tim Kuijsten (info (at) netsend.nl) ok deraadt@ miod@ bcook@
2015-05-24Maximilian dot Fillinger at uni-duesseldorf dot deschwarze3-74/+109
starts helping with the pod2mdoc(1)-based conversion of LibreSSL crypto manuals from perlpod(1) to mdoc(7). Here comes the first file, slightly tweaked by me.
2015-05-23bump to version 2.2bcook2-4/+4
ok deraadt@
2015-05-20No need to check the return value of memcpy() if you actually checked thismiod2-6/+4
pointer for NULL the line above; ok doug@
2015-05-17Record inter-library dependencies between libcrypto, libssl and libtlskettenis6-2/+11
2015-05-15Make index/rindex weak aliases of strchr/strrchr since they are notmillert4-90/+6
part of the ISO C standard and have also been dropped from POSIX. OK guenther@ kettenis@
2015-05-15Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg10-30/+32
ok doug@
2015-05-14rev 1.3 introduced a check to an if statement without adding braces.jsg1-3/+1
Claudio points out the size is checked by an earlier test so just remove it to restore the original handling of the partial octet case. Discussed with claudio and gilles.
2015-05-13If crypt(3) is called with an unknown setting, return NULL insteadbluhm1-1/+3
of some undefined value. OK tedu@
2015-05-12Add dlclose(3) to SEE ALSOguenther1-2/+3
ok millert@ jmc@ schwarze@
2015-05-11When checking flags that will be passed to open(), test the O_ACCMODE portionguenther1-2/+3
separately to avoid false negatives. ok miod@ millert@
2015-05-08Make this run on strict alignment architectures.miod1-6/+9
2015-05-04Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@sthen1-0/+381
2015-04-30use strdup() to init stringderaadt2-6/+4
ok doug millert
2015-04-29Add whitespace and replace OPENSSL_free with free in documentation.doug6-22/+22
ok jsing@
2015-04-29Call CBB_add_space() rather than reimplementing it.doug2-4/+4
ok jsing@
2015-04-29Rename cbb_buffer_add_u to cbb_add_u and remove redundant code.doug2-30/+12
All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base. cbb_add_u() now has that common code in one place. ok jsing@
2015-04-29Added len_len error checking for internal cbb_buffer_add_u().doug2-2/+8
ok jsing@
2015-04-29Call CBS_mem_equal() rather than reimplementing it.doug2-6/+4
ok jsing@
2015-04-29Avoid NULL deref in CBS_get_any_asn1_element().doug2-4/+6
This function is documented as allowing NULL for out_header_len. ok jsing@
2015-04-29Added error checking for len argument in cbs_get_u().doug2-2/+8
tweak + ok jsing@
2015-04-29free() can handle NULL.doug2-16/+8
ok jsing@
2015-04-29Reject dNSName of " " for subjectAltName extension.doug1-1/+20
RFC 5280 says " " must not be used as a dNSName. ok jsing@ jca@
2015-04-29Add missing BN_CTX_end() calls.doug8-36/+36
After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@
2015-04-27Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.bcook2-4/+6
Include it if we have the sysctl syscall.
2015-04-27Support AIX versions without WPAR support.bcook2-2/+10
From Michael Felt.
2015-04-25Don't ignore the reference count in X509_STORE_free.doug2-2/+10
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
2015-04-25Check for invalid leading zeros in CBS_get_asn1_uint64.doug3-8/+20
ASN.1 integers cannot have all zeros or all ones for the first 9 bits. This rule ensures the numbers are encoded with the smallest number of content octets (see ITU-T Rec X.690 section 8.3.2). Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16 ok deraadt@ jsing@
2015-04-23Do not need to buf[0] = 0 before strlcpy(buf, ...deraadt2-4/+2
2015-04-15Only set the cipher list if one was specified and actually check the returnjsing1-7/+12
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv() handling. ok bcook@ doug@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 10:52:25 +0000