| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Generalized Time on requests as per RFC6960
|
|
|
|
|
|
|
|
|
| |
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@
|
|
|
|
|
|
|
| |
Improved patch from Cesar Pereida. See
https://github.com/libressl-portable/openbsd/pull/61 for more details.
ok beck@
|
|
|
|
| |
Mistake noted by Billy Brumley. Many thanks.
|
|
|
|
|
|
|
| |
in constant time even if the flag BN_FLG_CONSTTIME is set. This issue
was reported by Cesar Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA). The fix was developed by Cesar Pereida.
|
| |
|
| |
|
|
|
|
|
|
|
| |
14 years ago these were changed in OpenSSL to be the same
as the _ex functions. We use the _ex functions only internally
to ensure it is obvious the ctx must be cleared.
ok bcook@
|
|
|
|
| |
ok tedu@
|
|
|
|
| |
ok natano@ millert@ deraadt@
|
|
|
|
| |
ok jung@
|
| |
|
|
|
|
| |
OK deraadt@ jca@ jung@ florian@
|
|
|
|
|
|
| |
existing naming standards. Also provide functions for setting a struct
tls_error * directly (rather than having to have a struct tls * or a
struct tls_config *).
|
| |
|
| |
|
| |
|
|
|
|
|
| |
in some cases. Be consistent and use "dst" everywhere like for
strlcat(3) and strncat(3). From Tim Kuijsten.
|
|
|
|
|
|
| |
and non-utf8 bytes escaped.
ok sthen@
|
|
|
|
| |
ok millert@ deraadt@
|
|
|
|
|
|
| |
rlogind and rshd (remember them?)
ok deraadt@
|
|
|
|
|
|
|
| |
locale implementation: _{Current,Default}*Locale, __[mn]locale_changed,
__mb_len_max_runtime
ok millert@ schwarze@ deraadt@
|
|
|
|
| |
The outer while() loop is missing, so we only read up to chunk_max bytes.
|
|
|
|
|
|
| |
hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis
|
|
|
|
|
| |
From Michal Mazurek <akfaew at jasminek dot net>.
OK tedu@
|
|
|
|
| |
slow TCB_GET (alpha, arm, mips64, sh) was broken when I switched CPP symbols.
|
|
|
|
| |
From Carlin Bingham <cb at viennan dot net>, thanks!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!
Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!
Clean up libpthread's symbol exports like libc.
On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.
Testing by various, particularly sthen@ and patrick@
ok kettenis@
|
|
|
|
|
|
| |
additionally, in EncodeUpdate, if the amount written would overflow,
return 0 instead to prevent bugs in the caller.
CVE-2016-2105 and CVE-2016-2106 from openssl.
|
|
|
|
|
| |
for both the mac and padding bytes.
CVE-2016-2107 from openssl
|
|
|
|
| |
CVE-2016-2108 from openssl.
|
|
|
|
| |
CVE-2016-2109 from openssl.
|
| |
|
| |
|
|
|
|
|
|
|
| |
missing padding check in aesni functions
overflow in evp encode functions
use of invalid negative asn.1 types
ok beck
|
| |
|
| |
|
| |
|
|
|
|
| |
additions and functionality changes.
|
|
|
|
|
|
|
|
|
| |
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
|
|
|
|
|
|
|
|
|
|
|
| |
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
|
|
|
|
|
| |
as reading passwords. allow ^C to break.
the pain was mine, the fix is miod's.
|
|
|
|
|
|
|
|
|
| |
Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix,
effectively replaces the original Google implementation. We continue to
support both the IETF and Google versions, however the existing names
now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
Feedback from doug@
|
|
|
|
|
|
|
| |
and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will
become the standard version.
Discussed with many.
|
|
|
|
|
|
| |
The getenv(3) and unsetenv(3) functions already support this.
This will make it easier to emulate the glibc clearenv() function in ports.
Based on a diff from and OK jca@
|
|
|
|
| |
ok bcook deraadt
|
| |
|
| |
|
|
|
|
| |
EVP_aead_chacha20_poly1305_ietf().
|
| |
|