| Commit message (Collapse) | Author | Files | Lines |
|---|
|
SSL_free will do this a second time.
ok jsing
|
|
make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl
actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.
ok jsing
|
|
|
|
No change to generated assembly.
|
|
|
|
|
|
|
|
|
|
- Start with a full page of struct region_info's
- Save an mprotect in the init code: allocate 3 pages with none and
make the middle page r/w instead of a r/w allocation and two calls to make the
guard pages none
|
|
|
|
ok jsing@
|
|
|
|
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be
passed all the way through from ssl3_get_client_hello(). The renegotation
check gets pulled up into ssl3_get_client_hello() which is where other
such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates
of any known extensions (the old pre-rewrite code only did this for some
extensions).
ok inoguchi@
|
|
Also reference the knowledge base article instead of a discussion thread.
|
|
While here make the CBS usage in ssl3_get_cipher_by_char() more consistent
with other code.
ok inoguchi@
|
|
junked
- freezero(): only clear requested size
|
|
defined as they rely on unaligned access.
ok joel@
|
|
came also up with this diff. Simple, no bias and benchmarks show the extra
random calls disappear in te measurement noise.
|
|
but at that time ffs function calls were generated instead of the
compiler inlining the code. Now that ffs is marked protected in
libc this is handled better. Thanks to kshe who prompted me to
look at this again.
|
|
dance, mark it protected. This works better for both gcc and clang: gcc
blocks overriding of internal calls, while clang permits inlining again.
ok otto@
|
|
ok sthen@ jsing@
|
|
|
|
|
|
the assembly code in libcrypto assumes unaligned access is allowed for
ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being
defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD.
ok tom@
|
|
This extern variable appears not to be used.
And it is overridden by local variable in doConnection().
This causes MSVC warning C4459 "declaration of 'verify_error'
hides global declaration".
OK millert@
|
|
|
|
NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid
triggering this, likely due to the EC formats list also being NULL.
While here, setup the EC formats list so that we actually include the EC
points format extension in the server hello extensions.
Found the hard way by bcook@
|
|
some cleanup; tested by sthen@ on a ports build
|
|
cleanups. From Jan Kokemueller. OK deraadt@
|
|
(w/ _dlctl reference) into static executables. It's all Mark's code so
put his preferred copyright on it.
ok kettenis@
|
|
|
|
My read of this: Long time ago (Think Conan, not dinasaurs) during the race
to make speedier processors, a cpu vendor built a pipeline with a bad stall,
and proposed a tremendously hasky workaround. A wizard adopted this into his
perl scroll, and failed to reflect later when no compiler adopted the practice.
This relic remains at the tail end of some functions in OpenSSL as
".byte 0xf3,0xc3". Banish it straight to hell.
ok mlarkin, others also stared blankly
|
|
for a protocol string.
Issue found by semarie@, who also provided the diff.
|
|
|
|
architectures, so that the regress passes on both.
|
|
block which defines a variable late, after code. Place this chunk into
a { subblock } to satisfy old compilers and old eyes.
|
|
|
|
_libc___cxa_thread_atexit_impl reference on gcc architectures that breaks
the build.
|
|
Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.
Discussed with Scott Cheloha
|
|
interface is also made available as __cxa_thread_atexit_impl to satisfy the
needs of GNU libstdc++.
ok guenther@, millert@
|
|
Found by gcc.
OK jca@
|
|
instead of trying to work and then triggering a double-free().
problem noted by trondd (trondd (at) kagu-tsuchi.com)
ok beck@
|
|
ok beck
|
|
to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when
building with clang, instead mark those as protected visibility to get rid
of the PLT relocations. We can't take the address of them then, but that's
ok: it's a build-time error not a run-time error.
ok kettenis@
|
|
ok claudio@ benno@
|
|
POSIX functions) and turn the weird DIAGNOSTICS section into a normal
RETURN VALUES section while here.
|
|
Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol"
options that are key/value pairs. This allows the user to specify ciphers
and protocols in a form that are accepted by tls_config_set_ciphers() and
tls_config_set_protocols() respectively.
ok beck@
(also ok jmc@ for a previous revision of the man page).
|
|
This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h)
from API that needs to continue to exist.
ok beck@ inoguchi@
|
|
|
|
If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.
ok beck@ inoguchi@
|
