summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-04-10Use freezero() for the internal opaque structures, instead of the currentJoel Sing
explicit_bzero()/free(). Less code and potentially less overhead.
2017-04-10Use freezero() for X25519 keys - same result with more readable code.Joel Sing
2017-04-10document three additional functions;Ingo Schwarze
from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
2017-04-10Rework and significantly extend TLS name verification tests to matchJoel Sing
changes in libtls.
2017-04-10Rework name verification code so that a match is indicated via an argument,Joel Sing
rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
2017-04-10syncTheo de Raadt
2017-04-10freezero() the key block; simpler code and less of it.Joel Sing
2017-04-10Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.Joel Sing
In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
2017-04-10Fix tabs in example code.Jeremie Courreges-Anglas
2017-04-10fix some .Xr errors that jmc@ found with mdoclint(1)Ingo Schwarze
2017-04-10new manual page SSL_get_server_tmp_key(3)Ingo Schwarze
from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
2017-04-10Additional SSL_SESSION documentationIngo Schwarze
from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
2017-04-10slaacdctl -> slaacctl;Jason McIntyre
2017-04-10Use __ASSEMBLER__ instead of __LANGUAGE_ASSEMBLY.Visa Hankala
The latter is not defined by clang. OK guenther@, kettenis@
2017-04-10Found another len += snprintf...Theo de Raadt
ok mikeb
2017-04-10syncTheo de Raadt
2017-04-10for pure *_ctrl() wrapper macros, move the reference from ssl(3)Ingo Schwarze
to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
2017-04-10Clean up disabled declaration in the text struct.Frederic Cambus
OK deraadt@
2017-04-10syncJonathan Gray
2017-04-10Generate and install arm_neon.h on arm and arm64.Mark Kettenis
ok jsg@
2017-04-10The canonical name for ctl programs is without 'd'.Florian Obser
Pointed out by Brad. OK deraadt@
2017-04-10new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;Ingo Schwarze
from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
2017-04-10Check early if the mandatory carp "interface" was configured.Reyk Floeter
This allows the new -n config check to work correctly. OK jsg@ deraadt@
2017-04-10Remove always false comparison: inosused type is ino_t, which isFrederic Cambus
unsigned. While there, fix a whitespace issue. OK deraadt@
2017-04-10tweak previous;Jason McIntyre
2017-04-10Convert various client key exchange functions to freezero(3). The memoryJoel Sing
contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
2017-04-10syncTheo de Raadt
2017-04-10Introducing freezero(3) a version of free that guarantees the processOtto Moerbeek
no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
2017-04-10monir bump for freezeroOtto Moerbeek
2017-04-10Attempt to map msk(4) interrupt via MSI.Jonathan Gray
The device tree that ships with the overdrive 1000 has an interrupt-map property that is known to be wrong. Using MSI on msk makes the builtin Ethernet on the overdrive 1000 work. Tested on arm64 with "Marvell Yukon 88E8059" rev 0x00, Yukon-2 Optima (0x1) and i386 with "Marvell Yukon 88E8072" rev 0x10, Yukon-2 Extreme rev. B0 (0x2) Committing this early in the release cycle to try find cases where using MSI doesn't work. Based on part of an earlier patch from jmatthew@ ok jmatthew@ kettenis@
2017-04-10pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0Ingo Schwarze
2017-04-10typo fix; from <Jon dot Spillett at oracle dot com>Ingo Schwarze
via OpenSSL commit 7bd27895
2017-04-09Add a few missing quad-precision support functions on arm64 and reorder theMark Kettenis
list to match what's in CMakeLists.txt. ok sthen@
2017-04-09Sync symbol lists for trap/interrupt frame detection with what ddb(4) usesPhilip Guenther
ok deraadt@
2017-04-09Seven casts, a couple of tweaks and CFLAGS+=-Wsign-compare for theKenneth R Westerback
win. No intentional functional change.
2017-04-09malloc -> mallocarray; a typoTheo de Raadt
2017-04-09Convert some malloc(9) to mallocarray(9)David Hill
ok deraadt@
2017-04-09Convert a malloc(9) to mallocarray(9)David Hill
ok deraadt@
2017-04-09Convert some malloc(9) to mallocarray(9)David Hill
ok deraadt@
2017-04-09Convert some malloc(9) to mallocarray(9)David Hill
ok deraadt@
2017-04-09Convert some malloc(9) to mallocarray(9)David Hill
ok deraadt@
2017-04-09Use mallocarray to allocate multicast group memberships.David Hill
ok deraadt@
2017-04-09Correct wakeup() dance in sensor_task_work()Theo de Raadt
Problem noticed by krw
2017-04-09Simplify/clean up BUF_MEM_grow_clean().Joel Sing
ok beck@
2017-04-09With recallocarray() BUF_MEM_grow() is essentially the same asJoel Sing
BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
2017-04-09Explicitly test for NULL.Joel Sing
ok beck@
2017-04-09Improve unknown protocol version handling.Joel Sing
2017-04-09Remove unused #define's and struct.Martin Natano
2017-04-09image/svg+xml is a default inbuilt media type.Florian Obser
Pointed out by Anton Lindqvist (anton.lindqvist AT gmail), thanks!
2017-04-09Fix multiple cases of reading past the end of a buffer in the sasyncd(8)Jonathan Gray
config parser found with afl. feedback and ok millert@ ok deraadt@
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 04:43:31 +0000