summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-06-13Add comments about how the CBS constants are constructed.doug2-24/+86
Also, introduce a few more #defines to make it obvious. ok miod@ jsing@
2015-06-13Reject long-form tags in CBS_peek_asn1_tag.doug2-2/+16
Currently, CBS only handles short-form tags. ok miod@ jsing@
2015-06-13Fix bad indenting in LibreSSL.doug10-24/+24
jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
2015-06-13Remove unneeded sys/sysctl.h on linux.bcook2-4/+2
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
2015-06-11Avoid an infinite loop that can occur when verifying a message with anlibressl-v2.2.0jsing2-4/+4
unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@
2015-06-11Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2-8/+54
length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
2015-06-11Avoid an infinite loop that can be triggered by parsing an ASN.1jsing2-6/+16
ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@
2015-06-05Link ssl and crypto via BSDOBJDIR, works with native and cross buildstobiasu1-3/+3
ok mpi@
2015-06-05Fix library search path so we link against the freshly built libcrypto.sotobiasu1-2/+2
instead of a stale one. ok miod@ mpi@
2015-06-04force reseeding if pid has changed.eric1-2/+7
ok deraadt@
2015-05-29Need to operate of CXXFLAGS now.miod1-3/+3
2015-05-26Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod1-2/+2
work again.
2015-05-26Add OPENSSL_NO_EGD to opensslfeatures.h.bcook2-0/+2
Since RAND_egd has been removed from LibreSSL, simplify porting software that relies on it. See https://github.com/libressl-portable/openbsd/pull/34 from Bernard Spil, ok deraadt@
2015-05-25Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as usingguenther2-8/+8
256bit keys problem noted by Tim Kuijsten (info (at) netsend.nl) ok deraadt@ miod@ bcook@
2015-05-24Maximilian dot Fillinger at uni-duesseldorf dot deschwarze3-74/+109
starts helping with the pod2mdoc(1)-based conversion of LibreSSL crypto manuals from perlpod(1) to mdoc(7). Here comes the first file, slightly tweaked by me.
2015-05-23bump to version 2.2bcook2-4/+4
ok deraadt@
2015-05-20No need to check the return value of memcpy() if you actually checked thismiod2-6/+4
pointer for NULL the line above; ok doug@
2015-05-17Record inter-library dependencies between libcrypto, libssl and libtlskettenis6-2/+11
2015-05-15Make index/rindex weak aliases of strchr/strrchr since they are notmillert4-90/+6
part of the ISO C standard and have also been dropped from POSIX. OK guenther@ kettenis@
2015-05-15Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg10-30/+32
ok doug@
2015-05-14rev 1.3 introduced a check to an if statement without adding braces.jsg1-3/+1
Claudio points out the size is checked by an earlier test so just remove it to restore the original handling of the partial octet case. Discussed with claudio and gilles.
2015-05-13If crypt(3) is called with an unknown setting, return NULL insteadbluhm1-1/+3
of some undefined value. OK tedu@
2015-05-12Add dlclose(3) to SEE ALSOguenther1-2/+3
ok millert@ jmc@ schwarze@
2015-05-11When checking flags that will be passed to open(), test the O_ACCMODE portionguenther1-2/+3
separately to avoid false negatives. ok miod@ millert@
2015-05-08Make this run on strict alignment architectures.miod1-6/+9
2015-05-04Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@sthen1-0/+381
2015-04-30use strdup() to init stringderaadt2-6/+4
ok doug millert
2015-04-29Add whitespace and replace OPENSSL_free with free in documentation.doug6-22/+22
ok jsing@
2015-04-29Call CBB_add_space() rather than reimplementing it.doug2-4/+4
ok jsing@
2015-04-29Rename cbb_buffer_add_u to cbb_add_u and remove redundant code.doug2-30/+12
All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base. cbb_add_u() now has that common code in one place. ok jsing@
2015-04-29Added len_len error checking for internal cbb_buffer_add_u().doug2-2/+8
ok jsing@
2015-04-29Call CBS_mem_equal() rather than reimplementing it.doug2-6/+4
ok jsing@
2015-04-29Avoid NULL deref in CBS_get_any_asn1_element().doug2-4/+6
This function is documented as allowing NULL for out_header_len. ok jsing@
2015-04-29Added error checking for len argument in cbs_get_u().doug2-2/+8
tweak + ok jsing@
2015-04-29free() can handle NULL.doug2-16/+8
ok jsing@
2015-04-29Reject dNSName of " " for subjectAltName extension.doug1-1/+20
RFC 5280 says " " must not be used as a dNSName. ok jsing@ jca@
2015-04-29Add missing BN_CTX_end() calls.doug8-36/+36
After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@
2015-04-27Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.bcook2-4/+6
Include it if we have the sysctl syscall.
2015-04-27Support AIX versions without WPAR support.bcook2-2/+10
From Michael Felt.
2015-04-25Don't ignore the reference count in X509_STORE_free.doug2-2/+10
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
2015-04-25Check for invalid leading zeros in CBS_get_asn1_uint64.doug3-8/+20
ASN.1 integers cannot have all zeros or all ones for the first 9 bits. This rule ensures the numbers are encoded with the smallest number of content octets (see ITU-T Rec X.690 section 8.3.2). Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16 ok deraadt@ jsing@
2015-04-23Do not need to buf[0] = 0 before strlcpy(buf, ...deraadt2-4/+2
2015-04-15Only set the cipher list if one was specified and actually check the returnjsing1-7/+12
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv() handling. ok bcook@ doug@
2015-04-15Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing6-42/+30
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
2015-04-15Now that tls_close() is more robust, consider a failure to be fatal.jsing1-1/+1
2015-04-15Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Alsojsing1-5/+6
ensure that outlen is set to zero so that tls_read() has read(2) like semantics for EOF. Spotted by doug@
2015-04-15Make tls_close() more robust - do not rely on a close notify being receivedjsing1-13/+17
from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we failed to send a close notify on a non-blocking socket. Otherwise be more forceful and always shutdown/close the socket regardless of other failures. Also do not consider ENOTCONN or ECONNRESET to be a shutdown failure, since there are various situations where this can occur. ok doug@ guenther@
2015-04-14Another couple of commas in the wrong place, ok jmcnicm1-3/+3
2015-04-14Move verify externs into the header file.jsing4-12/+8
2015-04-14Convert openssl(1) s_time to new option handling.jsing1-201/+178
ok doug@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 19:43:18 +0000