| Commit message (Collapse) | Author | Files | Lines |
|---|
|
The underlying code has long been removed, making this a no-op.
If your random subsystem actually requires that you seed it from a file,
then you really should go and buy a new random subsystem that was built
after 1990.
Diff from Brent Cook.
ok deraadt@
|
|
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.
Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.
Send this support straight to the abyss.
ok kettenis
|
|
|
|
|
|
isn't even exported, there's no (sane) way for someone else to use the
typedef. Eliminate the typedef and just use "struct _pqueue *".
duplicate typedef pointed out by Brent Cook (busterb (at) gmail.com)
ok miod@
|
|
this nasty function.
This gets rid of the nasty tmp variables used to hold temporary strings
and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks
for buf (since the original code dereferences it before checking). It also
gets rid of the insane possibility this could return -1 when stuff is
using the return values to compute lengths All the failure cases now
return 0 and an empty string like the first error case in the original
code.
ok miod@ tedu@
|
|
ok guenther
|
|
|
|
meaningful variable names with pointer arithmitic, rather than n, i, j
and p with array indexing.
Based on Adam Langley's chromium diffs.
ok miod@
|
|
results in the key block length calculation also being correct. Rename a
number of variables so that their purpose becomes clear and simplify some
of the code.
Inspired by Adam Langley's chromium diffs.
ok miod@
|
|
since all other characters are mapped through transparently.
ok jsing
|
|
memset(a->data, 0, (unsigned int)a->max);
but the decl is:
size_t max;
size_t could be larger than int, especially in some of the systems OpenSSL
purports to support.
How do _intentionally truncating_ casts like enter into a codebase?
Lack of understanding of C, at a minimum. Generally the objects are
small, but this code is _intentionally unready_ for large objects.
ok miod
|
|
|
|
in this file directly use __attribute__.
ok deraadt@
|
|
ok deraadt@
|
|
fixes to keep building.
|
|
since the calculated value is not actually used in the uninitialised case.
Change the code so that we only do the calculation if we actually need it.
Issue detected by clang and reported by both brad@ and Brent Cook.
|
|
|
|
single variable with a descriptive name, instead of two poorly named
variables.
Largely based on Adam Langley's chromium patches.
ok miod@
|
|
removes the need for zero values to be specified (meaning that we usually
specify two fields instead of 12), makes the field names grepable and
protects from future field reordering/removal.
ok beck@ miod@
|
|
from Brent Cook
|
|
|
|
rather than only in the config file, to trip people up later.
Found, and fix pleaded for by <spider@skuggor.se> who apparently
spent hours chasing it down.
ok miod@
|
|
mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX
(BUF_MEM_grow_clean has its own integer bounds checks).
ok deraadt@
|
|
behaviour of this code, to prevent people from blindly changing it.
|
|
|
|
|
|
|
|
|
|
|
|
wrapped in #ifdef DOXYGEN...
Requested by miod@
|
|
OPENSSL_NO_EC.
ok tedu@
|
|
OPENSSL_NO_TLSEXT.
ok tedu@
|
|
From Fritjof Bornebusch.
|
|
|
|
But do use the abort(), which we are hoping all future vendors will move
towards the more modern "do not flush streams"; hint hint, if you didn't
do that already, there are grave risks because much software brings risk
without that behaviour. We didn't cause the change.. POSIX did...
ok beck
|
|
|
|
|
|
|
|
a not quite appropriate data structure. ok jsing
|
|
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
|
gets rid of the second last use of the awful DECIMAL_SIZE.
|
|
|
|
ok tedu guenther
|
|
DTLS code had a chunk that checked to see if the SSL version was *not*
DTLS. Turns out that this is inside a big #if 0 block with a comment
explaining why DTLS will never need this code...
The DTLS code was clearly written by wholesale copying the SSLv3 code.
Any code not applicable to DTLS was seemingly #if 0'd or commented out
and left for others to find.
d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function
that has the same function signature as do_ssl3_write(), except that the
create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument
is unused for DTLS (although there is code that pretends to use it) since
it uses explicit IV (as the comment notes).
Instead of leaving this turd lying around, nuke the #if 0'd code (along
with the check for *not* DTLS) and remove the pointless
create_empty_fragment argument given the only two do_dtls1_write() calls
specify zero.
This kind of thing also makes you wonder how much actual peer review
occurred before the code was initially committed...
ok beck@
|
|
based initialisation, use more readable variable names and use a goto
rather than duplicating the frees for the error and non-error paths...
ok beck@
|
|
|
|
|
|
that is OBJ_obj2txt() can return a larger value..
ok tedu@
|
|
|
