summaryrefslogtreecommitdiff
path: root/src/lib/libc/string/wcscpy.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-02-28Reduce usage of predefined strings in manpages.bentley1-7/+7
Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
2015-02-26Prefix function parameter names with underscores in tls.h, since this makesjsing1-42/+44
them guaranteed to not conflict per POSIX. ok espie@ guenther@
2015-02-25No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice.millert1-1/+1
OK guenther@
2015-02-25Fix CVE-2014-3570: properly calculate the square of a BIGNUM value.bcook7-1331/+672
See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@
2015-02-25Trivial fix for test progress output.bcook1-4/+7
Remove unneeded dangling else, compound statements on a single line.
2015-02-25Avoid NULL pointer deref in hashinfo_free() when calling from error paths.doug1-2/+3
Also, nuke debugging printfs per jsing and bcook. ok bcook@, jsing@
2015-02-25Fix CVE-2015-0205: Do not accept client authentication with Diffie-Hellmanbcook2-4/+4
certificates without requiring a CertificateVerify message. From OpenSSL commit: https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3 Thanks to Karthikeyan Bhargavan for reporting this. ok miod@
2015-02-24we don't let strtonum errors bleed through now.tedu1-4/+2
2015-02-24Set errno to EINVAL, instead of letting ERANGE escape out.tedu1-2/+4
Printing strerror() in that case will say result too large, even if rounds is actually too small. invalid is less specific, but less incorrect. ok millert
2015-02-23fourth batch of perlpod(1) to mdoc(7) conversionschwarze37-1276/+2521
2015-02-22While slick, this isn't accessing multiple directories concurrently, soguenther1-29/+35
using *at functions is equivalent to chdir()ing, which eases portability. Tested with mixes of absolute and relative paths. Eliminate a FILE leak too. prodded by jsing@
2015-02-22Bump libcrypto and libssl majors, due to various recent churn.jsing4-4/+4
Discussed with/requested by deraadt@ at the conclusion of s2k15.
2015-02-22Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing15-25/+159
This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
2015-02-22There is not much point constructing an SSL_CIPHER, then callingjsing2-14/+6
ssl3_cipher_get_value() to get the cipher suite value that we just put in the struct - use the cipher suite value directly.
2015-02-22Remove IMPLEMENT_STACK_OF noops.jsing4-8/+4
2015-02-22Update for recent verify related naming changes.jsing2-28/+28
2015-02-22Bump libtls major due to symbol removal.jsing1-3/+2
2015-02-22Rename tls_config_insecure_noverifyhost() tojsing4-21/+20
tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
2015-02-22Check return values when setting dheparams and ecdhecurve for the defaultjsing1-11/+14
configuration.
2015-02-22In the interests of being secure by default, make the default TLS ciphersjsing2-2/+17
be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that allows the previous default ciphers to be selected. Discussed with tedu@ during s2k15.
2015-02-21explain how tls_accept_socket works.tedu1-2/+9
2015-02-21tls_config_set_protocols is really void. Greg Martin.tedu1-3/+3
2015-02-21fill out docs a bit more, notably the read/write again behaviors.tedu1-3/+27
ok jsing
2015-02-19If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,jsing2-6/+16
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
2015-02-19BN_free() has its own NULL check.jsing1-14/+7
2015-02-19KNF.jsing1-766/+834
2015-02-18fix coverity 105350 and 10345beck1-1/+2
ok miod@, doug@
2015-02-17Memory leak in error path. Coverity CID 78822.miod2-16/+18
ok doug@
2015-02-16Amend documentation for AI_ADDRCONFIGjca1-2/+4
ok jmc@
2015-02-16third batch of perlpod(1) to mdoc(7) conversionschwarze25-1367/+2121
2015-02-16Add more error checking and free resources in bytestringtest.doug1-26/+47
2015-02-15Avoid calling BN_CTX_end() on a context that wasn't started.doug2-8/+8
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@
2015-02-15Use "In" to mark up include files, instead of wrongly wrapping with Aq.bentley1-3/+3
Aq is not the same as <> in non-ASCII situations, so this caused incorrect output in some places. And it provided no semantics besides. ok schwarze@
2015-02-15Regenmiod6-528/+564
2015-02-15s/tls_load_keys/tls_load_file/jsing1-2/+2
2015-02-15Document tls_config_parse_protocols() and update documentation forjsing2-5/+27
tls_config_set_protocols().
2015-02-15Fix various memory leaks by not exiting so abruptly from failed tests.miod1-579/+507
2015-02-15Remove ancient gcc workaround on mips.miod1-3/+2
2015-02-15Memory leak. Coverity CID 78865miod1-2/+3
2015-02-15Wrong logic; Coverity CID 78894miod1-1/+1
2015-02-15If we decide to discard the provided seed buffer because its size is notmiod2-16/+12
large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
2015-02-15Check ASN1_OCTET_STRING_new() for failure. Coverity CID 78904miod2-12/+16
ok doug@
2015-02-15In ec_wNAF_mul(), move the declaration of tmp_wNAF higher in scope, so thatmiod2-12/+10
all the function's exit paths can make sure it gets freed. Coverity CID 78861 tweaks & ok doug@ jsing@
2015-02-15lsearch and lfind return void *tedu1-4/+4
2015-02-14Support for nc -T on IPv6 addresses.jca1-7/+16
ok sthen@
2015-02-14Remove asn1_ex_i2c() prototype, now that this function has been made static;miod2-4/+2
reminded by bcook@
2015-02-14Words read better when they are separated by spaces.miod2-2/+2
2015-02-141.18 would introduce a possible out-of-bounds access in the error path;miod2-14/+10
Coverity CID 105346 ok doug@
2015-02-14Remove DEBUG_PKCS5V2 code.miod2-50/+2
2015-02-14Unchecked allocations in x509_name_canon().miod2-2/+10
ok doug@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 19:31:00 +0000