| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
OK deraadt@
|
| |
|
|
| |
review by millert, binary checking process with doug, concept with guenther
|
| |
|
|
|
|
|
|
| |
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
|
| |
|
|
|
|
|
|
| |
since yesterday, "mandoc -Tlint -Wfatal" can no longer fail.
Instead, as suggested by deraadt@, provide a manlint target
that is *not* run during make build, but can be run
whenever you want to check syntax of manuals.
"nice stuff" deraadt@
|
| |
|
|
| |
ok tedu@
|
| |
|
|
| |
other systems to fit into the same mold, so add copyright
|
| | |
|
| |
|
|
|
|
|
|
| |
Use the same logic from the read, write, accept functions to inform
the caller wether a readable or writable socket is needed. After
that event, the connect function must be called again. All the
checks before connecting are done only once.
OK tedu@
|
| |
|
|
| |
nor are they the same size.
|
| |
|
|
|
|
|
|
| |
Free data->saved_message.data. Based on OpenSSL commit:
41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr
to NULL to avoid accidental reuse and handles malloc failing.
ok beck@, input + ok miod@
|
| | |
|
| |
|
|
| |
ok jsing@ beck@
|
| | |
|
| |
|
|
|
|
|
| |
remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.
|
| | |
|
| |
|
|
|
|
| |
patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@
|
| |
|
|
| |
what's going on.
|
| |
|
|
|
| |
guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.
|
| |
|
|
|
|
|
|
| |
Instead of asserting, return an error code for I/O errors. This is based
on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks
for two calloc()s while I'm here.
ok miod@
|
| |
|
|
|
| |
a compiler warning about shadowing a global declaration.
OK jsing@
|
| |
|
|
|
| |
because the API design isn't fully settled.
Requested by jsing@ and tedu@.
|
| |
|
|
| |
patch from Sunil at Nimmagadda dot net
|
| |
|
|
| |
ok deraadt miod
|
| |
|
|
|
|
|
| |
afterwards. openssl has a more complicated fix, but it's less intrusive
for now to simply hoist the expensive part (fake key generation) up without
sweating a branch or two.
ok bcook jsing
|
| |
|
|
| |
Noticed while testing libtls on FreeBSD.
|
| |
|
|
|
|
|
|
|
| |
use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.
|
| |
|
|
|
|
|
|
|
|
| |
libtls accepts size_t for lengths but libssl accepts int. This verifies
that the input does not exceed INT_MAX. It also avoids truncating size_t
when comparing with int and adds printf-style attributes for
tls_set_error().
with input from deraadt@ and tedu@
ok tedu@
|
| | |
|
| | |
|
| |
|
|
| |
the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
| |
|
|
|
|
|
|
| |
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
| |
|
|
|
|
| |
the new handshake functions.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
messages. This will allow for removal of repeated/duplicated code.
Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.
Partially based on similar changes in OpenSSL.
ok miod@
|
| | |
|
| |
|
|
|
|
|
| |
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
| |
|
|
|
|
|
| |
enabled and I would hope that no one is using client certificates with DTLS
and Netscape, assuming it even supported it...
ok bcook@ miod@
|
| |
|
|
| |
update SYNOPSIS and DESCRIPTION and add STANDARDS
|
| |
|
|
|
|
| |
rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze
|
| |
|
|
|
|
|
|
| |
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
| |
|
|
|
|
|
| |
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
| | |
|
| |
|
|
|
|
| |
Based on OpenSSL and BoringSSL.
ok bcook@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
It may take a few iterations to get the tone right.
previously discussed with millert
|
| |
|
|
|
|
|
| |
the same thingies. Therefore these "lists of functions" man pages can go
away.
Hurray! I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)
|
