| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok markus@
|
|
This prevents us from incorrectly choosing a PKCS1 based signature
if the client advertises support for them but also prefers them to
PSS such as appears to be the case with gnuTLS.
ok jsing@
|
|
No intentional functional change.
|
|
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
ok jsing
|
|
When operating in middlebox compatibility mode, the TLSv1.3 client needs
to send a dummy ChangeCipherSpec message immediately before its second
flight of handshake messages (when early data is not offered).
ok tb@
|
|
|
|
ok tb@
|
|
|
|
version to 3.2.0
|
|
ok jsing@, tb@, inoguchi@
|
|
stricter. Previously, we would accept any vector if it advertised the
"null" compression method. RFC 8446 4.1.2 specifies that the only legal
vector has length one and contains a zero byte for the null method.
ok jsing
|
|
and if the two lengths differed, the later CBS_write_bytes() would
correctly fail anyway.
Discussed with jsing
|
|
alert. Found with tlsfuzzer.
ok jsing
|
|
ok inoguchi@ tb@
|
|
Avoids an uninitialized variable warning. ok kettenis@
|
|
Silences an uninitialized warning in net/art.c
"reasonable" jmatthew@, ok mpi@
|
|
|
|
This fixes the case where a send function signals that an alert should be
sent, then returns failure. Previously the failure would be propagated
up, without the alert being sent.
Issued noted by tb@
ok tb@
|
|
events and command completions as that's the only vector they can go to.
tx/rx queues are mapped to subsequent vectors.
ok mpi@ dlg@
|
|
Split the record protection engagement code into a separate
tls13_server_engage_record_protection() function and call this from
tls13_server_hello_sent(). Also move some functions around to keep the
logical ordering/grouping.
ok inoguchi@ tb@ (as part of a larger diff)
|
|
Rename surrounding code to reflect that. ok kettenis@
|
|
Fix synced from unwind/libunbound.
unwind(8) crash on landisk (strict alignement arch) reported by otto@,
original diff ok deraadt@ otto@
|
|
Fixes a crash on landisk (strict alignement arch) reported by otto@
ok deraadt@ otto@
|
|
does the same thing.
ok patrick@
|
|
clue
to avoid setting interface mtu.
|
|
|
|
Mixing up function and void pointers isn't defined by POSIX or the
C standard. POSIX only specifies that casting the result of dlsym(3) to
an appropriate function pointer works.
Avoid all this by using a typedef.
from Michael Forney, ok tb@
|
|
|
|
column for df subcommand. Fixes misalignment in some cases.
|
|
information in struct acpi_attach_args.
ok mpi@
|
|
CMSG_DATA man page. Avoids SIGBUS on landisk; ok kettenis@ jca@
|
|
While here, use consistent casing and don't use .Ev for
set-user-ID/set-group-ID.
from Miod
|
|
from Miod
|
|
and also not needed. This just needs a char lookup ('{') like it is done
in all the other rules with '{'. With this parse.y can be compiled with
bison.
OK otto@ benno@
|
|
OK florian@
|
|
This prevent exiting processes from hanging when a slave pseudo terminal
is close(2)d before its master.
From NetBSD via anton@.
Reported-by: syzbot+2ed25b5c40d11e4c3beb@syzkaller.appspotmail.com
ok anton@, kettenis@
|
|
|
|
|
|
terminate the connection with an unexpected_message alert.
See RFC 8446 section 5.4.
Found with tlsfuzzer
hint/ok jsing
|
|
|
|
|
|
desynchronising error; reminded by Aymeric Vincent
ok deraadt markus
|
|
regex in test. So make regress passes for the release, the error
message will be improved later.
discussed with jsing@
|
|
From gilles@, OK deraadt@ jung@
|
|
ok bcook inoguchi deraadt
|
|
discussed with jsing@
|
|
Do not use the pointer returned by ibuf_reserve() after calling another
ibuf function. After the call the internal buffer may have moved by realloc()
and so the pointer is invalid. Instead use ibuf_size() to get the current
offset in the buffer and use ibuf_seek() later on to write back the updated
lsa age into the buffer at the right spot.
This fixes an issue seen by Richard Chivers on routers with many passive
interfaces.
OK stsp@ denis@ deraadt@ also tested by sthen@
|
|
ibuf function. After the call the internal buffer may have moved by realloc()
and so the pointer is invalid. Instead use ibuf_size() to get the current
offset in the buffer and use ibuf_seek() later on to write back the updated
lsa age into the buffer at the right spot.
This fixes an issue seen by Richard Chivers on routers with many passive
interfaces.
OK stsp@ deraadt@
|
|
preserve symbolic links. Instead just ignore them.
OK benno@ deraadt@
|
