| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok miod@
|
|
Based on OpenSSL.
ok miod@
|
|
ok tedu@
|
|
X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of
allocations.
ok tedu@
|
|
the first EVP block.
ok tedu@
|
|
ok tedu@
|
|
for the server hello.
From OpenSSL.
ok miod@
|
|
strdup() to allocated directory list components.
ok jsing@
|
|
effectively built two "static" data structures - instead of doing this,
just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
|
ssl3_send_finished(). While this previously checked against a zero return
value (which could occur on failure), we may as well test against the
expected length, since we already know what that is.
|
|
end up with a value of zero, primarily since ssl3_take_mac() fails to check
the return value from the final_finish_mac() call. This would then mean that
an SSL finished message with a zero-byte payload would successfully match
against the calculated finish MAC.
Avoid this by checking the length of peer_finish_md_len and the SSL
finished message payload, against the known length already stored in
the SSL3_ENC_METHOD finish_mac_length field (making use of a previously
unused field).
ok miod@ (a little while back)
|
|
From OpenSSL.
|
|
is off by default (instead of being enabled unconditionally).
The TLS padding extension was added as a workaround for a bug in F5 SSL
terminators, however appears to trigger bugs in IronPort SMTP appliances.
Now the SSL client gets to choose which of these devices it wants to
trigger bugs in...
Ported from OpenSSL.
Discussed with many.
ok miod@
|
|
some changes an a_int.c did not get applied to a_enum.c; despite style
changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value
the same way BN_to_ASN1_INTEGER() does.
ok bcook@ beck@ jsing@
|
|
Replace an if() posse with a switch() statement in traverse_string().
Remove unnecessary casts in cpy_*(),
with tweaks from guenther@; ok bcook@ jsing@ guenther@
|
|
These are copied from the existing [[:<:]] and [[:>:]] tests.
|
|
From Ming <gzchenym at 126.com>
|
|
|
|
To avoid making tests machine dependent, only test values inside 32bit
LONG_{MIN,MAX} and outside 64bit LONG_{MIN,MAX}, but none in between.
While here, cover 32bit edge cases, negative values, and overflows.
ok jsing@
|
|
ok jsing@
|
|
|
|
|
|
of the resulting FILE *), then pass fopen() the 'e' mode letter to
mark it close-on-exec.
ok miod@
|
|
Mention that invalid bases do set EINVAL (as required by POSIX);
this part of the change uses part of an earlier patch by millert@.
Minor mdoc(7) cleanup and sync between the two pages while here.
Feedback and ok jmc@ and millert@.
|
|
required by the C standard when called with an invalid base:
strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax().
Same behaviour for strtoq() and strtouq() even though not standardized.
No functional change in strtol(), it was the only one already correct.
While here, simplify the conditional expression for checking the base
and sync whitespace and comments among the six files.
ok millert@
|
|
|
|
found with the new mandoc(1) MANDOCERR_AN_MISSING warning;
no text changes
|
|
nor do we plan on supporting them.
ok guenther@
|
|
OK aja@ mikeb@
|
|
ok jsing@
|
|
|
|
If the option/argument string exceeds the given width, add a hanging indent
prior to displaying the description. Also, if the description includes
newlines, wrap and indent for each newline so that the indentation is
correctly maintained.
|
|
in kernel and user land.
OK florian@ mpi@
|
|
ok millert@ manpage feedback jmc@
|
|
|
|
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.
|
|
need to also be called from some of the applications.
|
|
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If getrandom returns a temporary failure, make sure errno is not polluted when
it succeeds. Thanks to deraadt@ for pointing it out.
|
|
|
|
options from the previous run stick in interactive mode.
|
|
|
|
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.
This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.
As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).
With input from doug@.
ok bcook@ doug@
|
|
non-standard ECDH curve by name or to disable it by passing NULL.
OK jsing@
|
