| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
discussed with tedu, ok jsing
|
| |
|
|
|
|
| |
and others to the regress framework. These remaining ones just
muddle us up when re-reading code repeatedly.
ok jsing
|
| |
|
|
| |
ok miod
|
| |
|
|
|
| |
hackathon, just saying 'ass ember' was enough to start giggles.
Unfortunately far more offensive stuff remains in here...
|
| |
|
|
|
|
| |
(From Frantisek Boranek)
OK from miod@
|
| |
|
|
|
|
| |
(From Martin Brejcha)
OK from tedu@, miod@ and deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.
Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.
Send this support straight to the abyss.
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
this nasty function.
This gets rid of the nasty tmp variables used to hold temporary strings
and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks
for buf (since the original code dereferences it before checking). It also
gets rid of the insane possibility this could return -1 when stuff is
using the return values to compute lengths All the failure cases now
return 0 and an empty string like the first error case in the original
code.
ok miod@ tedu@
|
| |
|
|
| |
ok guenther
|
| |
|
|
|
| |
since all other characters are mapped through transparently.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
memset(a->data, 0, (unsigned int)a->max);
but the decl is:
size_t max;
size_t could be larger than int, especially in some of the systems OpenSSL
purports to support.
How do _intentionally truncating_ casts like enter into a codebase?
Lack of understanding of C, at a minimum. Generally the objects are
small, but this code is _intentionally unready_ for large objects.
ok miod
|
| |
|
|
|
|
| |
in this file directly use __attribute__.
ok deraadt@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
| |
since the calculated value is not actually used in the uninitialised case.
Change the code so that we only do the calculation if we actually need it.
Issue detected by clang and reported by both brad@ and Brent Cook.
|
| | |
|
| |
|
|
| |
from Brent Cook
|
| | |
|
| |
|
|
|
|
|
| |
rather than only in the config file, to trip people up later.
Found, and fix pleaded for by <spider@skuggor.se> who apparently
spent hours chasing it down.
ok miod@
|
| |
|
|
| |
behaviour of this code, to prevent people from blindly changing it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
But do use the abort(), which we are hoping all future vendors will move
towards the more modern "do not flush streams"; hint hint, if you didn't
do that already, there are grave risks because much software brings risk
without that behaviour. We didn't cause the change.. POSIX did...
ok beck
|
| | |
|
| | |
|
| |
|
|
| |
gets rid of the second last use of the awful DECIMAL_SIZE.
|
| | |
|
| |
|
|
| |
ok tedu guenther
|
| | |
|
| | |
|
| |
|
|
|
| |
that is OBJ_obj2txt() can return a larger value..
ok tedu@
|
| | |
|
| |
|
|
|
|
|
| |
being relaced by reallocarray(). you will have to look at the diff.
there can be no explanations for the extra casts. as beck says,
"Don't go towards the light theo!"
ok beck tedu
|
| |
|
|
| |
in the "size_t nmemb, size_t size"
|
| |
|
|
|
|
|
|
|
| |
potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be. checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu
|
| |
|
|
| |
ok to firebomb from tedu@
|
| |
|
|
|
| |
that does not.
"fire bomb" tedu@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.
ok miod guenther
|
| |
|
|
|
|
| |
opensslconf.h is just a dummy, we're lightyears away from working userspace.
ok deraadt@
|
| |
|
|
|
|
|
|
| |
#if 1 /* new with openssl 0.9.4 */
current code;
#else
obsolete code;
#endif
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was
overloaded to indicate success/failure, along with the number of bytes
written as output. This change adds an explicit *out_len argument which
is used to return the number of output bytes and the return value is now
an int that is purely used to identify success or failure.
This change effectively rides the last libcrypto crank (although I do not
expect there to be many users of the EVP AEAD API currently).
Thanks to Adam Langley for providing the improved code that this diff is
based on.
ok miod@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
call it, and windows service software can figure this out on its own.
ok beck miod
|
| | |
|
| |
|
|
| |
ok beck
|
