summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-10-16Fix tpyo.jsing1-3/+3
2015-10-16Implement real "flock" request and add it to userland programs thatmillert1-2/+2
use pledge and file locking. OK deraadt@
2015-10-16actually include the prerequisite dependency for BIO instead of doing nastynessbeck2-10/+4
2015-10-14better fix for overrun reported by Qualys Security.tedu2-8/+2
buf is at all times kept nul terminated, so there is no need to enforce this again upon exit. (no need to move buf around after we exahust space.) ok beck miod
2015-10-14Bail out early if we have no buf_lenbeck2-2/+10
ok miod@
2015-10-14fix a memory leak reported by Qualys Security.tedu2-6/+8
move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod
2015-10-14Ensure we don't write a 0 byte past end of the buffer in the error case.beck2-6/+6
ok bcook@ deraadt@
2015-10-14tweak previous (two details i apparently missed)schwarze1-4/+6
2015-10-14Add EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API.reyk4-1/+285
The "authenticated encryption with additional data" API is used for ciphers like AES-GCM or ChaCha20-Poly1305. The manpage is a beginning and certainly needs more work, especially improvements in the EXAMPLES section. Based on agl's source code comments. Converted from pod to mandoc by schwarze@ OK schwarze@ jsing@
2015-10-13In rev 1.15 the sizeof argument was fixed in a strlcat() call butmillert1-2/+2
the truncation check immediately following it was not updated to match. Not an issue in practice since the buffers are the same size. OK deraadt@
2015-10-13Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL.jsing2-10/+10
2015-10-13Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into anjsing6-10/+40
actual function. This removes the last ASN1_dup_of usage from the tree. Feedback from doug@ and miod@
2015-10-13Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros tojsing2-38/+38
ASN1_item_{d2i,i2d}_{bio,fp}() function calls. ok beck@ doug@
2015-10-13Single byte read/write tests.jsing1-0/+67
2015-10-13Add test coverage for peer certificate info and connection info.jsing2-6/+231
2015-10-13Make regress work again post hackathon tls_handshake/tls_read/tls_writejsing1-7/+42
changes.
2015-10-13Group d2i/i2d function prototypes by type and add missing externs for thejsing2-14/+24
DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs.
2015-10-12unifdef EVP_CHECK_DES_KEY: Ben Kaduk noticed it has a syntax error; thatguenther4-40/+4
error was present in the original 2004 commit, so it hasn't been used in over 11 years, thus exceeding our deprecation requirements by over a decade. OpenSSL has chosen to *fix it*; we'll gladly watch it burn ok jsing@
2015-10-11Userspace doesn't need to use SUN_LEN(): connect() and bind() must acceptguenther1-8/+3
sizeof(struct sockaddr_un), so do the simple, portable thing ok beck@ deraadt@
2015-10-10Initial support for pledges in openssl(1) commands.doug47-46/+281
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
2015-10-10normalize the ordering of tame requests (particularily, "rpath wpath cpath",deraadt1-2/+2
which i have put in that order). this is not important, but helps look for outliers which might be strange. it hints that "ioctl" should be reassessed in a few places, to see if "tty" is better; that "unix" may be used in some places where "route" could now work.
2015-10-09fix a gotcha in the connect refactoring, that could result in droppingderaadt1-1/+5
through and trying to bind failed v6 connects. ok guenther
2015-10-09Change all tame callers to namechange to pledge(2).deraadt1-3/+3
2015-10-08If getaddrinfo() succeeds, then don't try look ups with other flags, evenguenther1-41/+39
if the connect()s failed. In concert with some resolver fixes in libc, this lets ntpd be tame()ed problem isolated by theo, who had fun untangling the libc and libtls behaviors to place blame for not being able to tame ntpd ok beck@ deraadt@ jsing@
2015-10-08trailing whitespace;jmc1-6/+6
2015-10-08Rip the guts out of another gibbering horror of a time comparison function, andbeck4-74/+48
mark it as #ifndef LIBRESSL_INTERNAL at least we don't use this. ok jsing@
2015-10-08revert previous accidental commitbeck4-46/+72
2015-10-08Spelling in commentbeck6-78/+50
2015-10-07Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck6-9/+98
certificate validity times for tls connections. ok jsing@
2015-10-07Allow us to get cipher and version even if there is not a peer certificate.beck2-15/+21
ok doug@
2015-10-07include <sys/time.h> for gettimeofday(2)bcook2-2/+4
2015-10-07tame "stdio inet rpath cpath wpath proc" seems to be sufficient forderaadt1-1/+7
all the wading in here. "proc" is for the speed command, which fork()'s. ok doug
2015-10-06prefer limits.h over sys/limits.hbcook2-6/+6
ok deraadt@
2015-10-06these do not use ioctl.hderaadt2-4/+2
2015-10-05Make sure dot is not set after tz - fixes incorrect handling, which allowsjsing2-4/+4
20151005171301+1.09Z to be treated as a valid time. ok beck@
2015-10-05Wrap <resolv.h> so that internal calls go directguenther3-5/+11
ok millert@
2015-10-04Apply some style(9), tweak a few things for readability and add somejsing2-72/+80
additional bounds checks. ok beck@
2015-10-04wrap __ivaliduser_sa() so the internal call is direct (at least until weguenther1-0/+2
stop exporting it)
2015-10-04recv() and send() aren't overriden by libpthread (vs recvfrom() and sendto()!)guenther2-2/+4
so wrap them to make internal calls go direct
2015-10-03SSL_new(): fix ref counting and memory leak in error path.doug2-16/+6
Rather than a half-hearted attempt to free up resources and fix ref counting at the SSL_CTX level, let SSL_free() do its job. This diff got lost in the shuffle somewhere. It's from last year. Ref counting error reported by Parakleta in github ticket #51. Thanks! ok jsing@, beck@
2015-10-03BIO_get_fd() could return fd 0; fix error condition. Found atderaadt1-2/+2
http://marc.info/?l=openssl-dev&m=144374015404899&w=2 ok doug
2015-10-02avoid sys/param.h, by using PATH_MAXderaadt1-1/+1
2015-10-02Add another invalid time, which is currently accepted.jsing1-1/+4
2015-10-02Flense the greasy black guts of unreadble string parsing code out of three areasbeck15-543/+666
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
2015-10-02s/ssl3_client_kex/ssl3_send_client_kex/ for consistency with the caller.jsing2-18/+22
2015-10-01include <sys/types.h> for ssize_tbcook1-1/+3
ok jsing@, deraadt@
2015-10-01Another s/M_ASN1_INTEGER_free/ASN1_INTEGER_free/.jsing1-2/+2
Found the hard way by Mark Patruck.
2015-10-01Eliminate the last of the LINTEDn and PRINTFLIKEn comments. In oneguenther6-15/+7
case, by deleting some useless '& of an array' we also eliminate the need for the casts which prompted the original lint warnings ok deraadt@
2015-09-30Place all of the ASN1 M_ macros under #ifndef LIBRESSL_INTERNAL.jsing2-60/+74
2015-09-30Expand M_i2d_ASN1_OCTET_STRING macros - no change in generated assembly,jsing2-6/+10
aside from line numbers.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-03 10:09:35 +0000