| Age | Commit message (Collapse) | Author |
|---|
|
Historically (and currently in OpenSSL), BN_asc2bn() could be called with
NULL, but only for positive numbers. So BN_asc2bn(NULL, "1") would succeed
but BN_asc2bn(NULL, "-1"), would crash. The other *2bn functions return a
length, so accepting a NULL makes some sense since it allows callers to
skip over part of the string just parsed (atoi-style).
For BN_asc2bn() a NULL bn makes no sense because it returns a boolean. The
recent CBS rewrite makes BN_asc2bn(NULL, *) always crash which in turn made
Coverity throw a fit.
Another change of behavior from that rewrite pertains to accidents (or is
it madness?) like -0x-11 and 0x-11 being parsed as decimal -17 (which Ingo
of course spotted and diligently documented). This will be addressed later.
ok jsing
|
|
Purely cosmetic change taking into account the fact that this function
returns a length rather than a boolean. This is the last offender in the
library.
ok jsing
|
|
It returns a length, not a Boolean, so check for 0 explicitly. This is
purely cosmetic.
ok jsing
|
|
|
|
This file is already enough of an eyesore without them.
|
|
RFC 5280 disallows multiple extensions with the same OID. Since libcrypto
does not check that currently, do this by hand. This only deals with CA
certs for now, EE certs could do that similarly.
Found with BBN test corpora
ok job
|
|
RFC 3779 doesn't say anything about empty lists of IP addresses and AS
numbers. Of course the RFC 3779 code in libcrypto implements a check for
empty lists for AS numbers but fails to do so for IP addresses...
While RFC 6487 is explicit about disallowing empty lists of IP addresses,
it is not explicit about disallowing empty ipAddressesOrRanges, but that
seems to be the intent.
Found with BBN test corpora
ok job
|
|
__builtin_return_address(a) with a != 0.
|
|
OK dlg@
Reported-by: syzbot+a377d5cd833c2343429a@syzkaller.appspotmail.com
|
|
ok deraadt, brynet
|
|
|
|
clockintr_stagger()"
octeon machines do not increment the global variable "ncpus"
(init_main.c) in the same spot as other platforms, which violates the
KASSERT in clockintr_stagger(), causing a panic.
We need to bring octeon's behavior into alignment with every other
platform before proceeding with this patch.
Reported and debugged by bluhm@.
|
|
From Jan Stary
|
|
From Jan Stary
Ok patrick@
|
|
Result is the same and gets rid of a lbolt use.
OK miod@
|
|
ok deraadt@
|
|
Also use ibuf_data() and ibuf_size().
OK tb@
|
|
|
|
From Thomas Zimmermann
4b4cae8e4b37c7ad4d9721dbda060a62e49e3c17 in linux-6.1.y/6.1.35
0e3172bac3f43759719384403fe2d1e4c61f87e0 in mainline linux
|
|
From Alex Deucher
21863dc45aed8d68a2573cce032ecbc8fe7c5bf5 in linux-6.1.y/6.1.35
e61f67749b351c19455ce3085af2ae9af80023bc in mainline linux
|
|
From Kenneth Feng
6f5b5ce9397d91b0a8bc8d15dc8fd72bc0aacaa4 in linux-6.1.y/6.1.35
7ca302d488f80cf4529620acc1c545f9022d8bb8 in mainline linux
|
|
From Mario Limonciello
b69a10df900386871703a4cc3be974485f52ff7c in linux-6.1.y/6.1.35
7ab1a4913d0051cf5196ef7987b5fa42c25e13b6 in mainline linux
|
|
From Mario Limonciello
b2706d862b6577b8218bdef1c238e175624b906d in linux-6.1.y/6.1.35
3eb1a3a04056ba3df3205e169b8acc9da0c65a94 in mainline linux
|
|
From Hersen Wu
ee8c6580c3106b0061c7cdff1804e5a1f1e1d7fe in linux-6.1.y/6.1.35
e749dd10e5f292061ad63d2b030194bf7d7d452c in mainline linux
|
|
From Sonny Jiang
5d1fdfb3d185a9726478ba174235eff7c16f1101 in linux-6.1.y/6.1.35
9db5ec1ceb5303398ec4f899d691073d531257c3 in mainline linux
|
|
From Sukrut Bellary
8ca9880735b0a33a4ff54328d6c5eb60fe2b0a6d in linux-6.1.y/6.1.35
60ecaaf54886b0642d5c4744f7fbf1ff0d6b3e42 in mainline linux
|
|
From Maya Matuszczyk
c45aed74318e65b8da938a593c124ad2ee1a1e66 in linux-6.1.y/6.1.35
1aa7f416175619e0286fddc5fc44e968b06bf2aa in mainline linux
|
|
ok stsp
|
|
If there are multiple matches when using autocomplete, the list of
matching file names was output as-is. However, for a single match,
control characters are escaped before the file name is displayed.
This makes the behavior more consistent by escaping control chars
in the list of matches too. Discussed with deraadt@, OK op@
|
|
Sometimes causes boot hang after mounting root partition.
Thread 1: https://marc.info/?l=openbsd-misc&m=168736497407357&w=2
Thread 2: https://marc.info/?l=openbsd-misc&m=168737429214370&w=2
|
|
noticed and ok millert@
|
|
Don't copy in a buffer the filter' output for parsing as we may truncate
filter-dataline (i.e. the mail body). Instead, parse the string by
advancing the pointer without copying or modifications.
Issue reported by Joachim Schneider on the OpenSMTPD-portable
repository.
ok millert@
|
|
exactly this use case where the new memory needs to be zeroed during resize.
Since recallocarray() takes care of all this there is no need to bzero()
memory anymore.
OK tb@ millert@
|
|
or keep the memory pointed at by the char ** parameter.
Allows mpfree() to be used against the global mountpoints[] and
eliminates a couple of manual loops to free the current contents
of mountpoints[].
No intentional functional change.
|
|
automatically on a timeout after RTM_DESYNC (i.e. route socket
overflow). ported across from ospfd. fixes/ok claudio@
(it's much harder to overflow the routing socket buffer these
days since it was bumped to 2MB, but still happens occasionally
on a busy machine).
|
|
|
|
mix of types used in these functions make this rather hard.
The expected data checks are still not great but a step in the right
direction.
OK tb@
|
|
extra buffer first.
OK tb@
|
|
On some architectures, we can provide an optimised (often single
instruction) count-leading-zero implementation. In order to do this
effectively, provide bn_clzw() as a static inline that can be replaced
by an architecture specific version. The default implementation defers
to the bn_word_clz() function (which may also be architecture specific).
ok tb@
|
|
This mostly moves away from memcpy(ibuf_seek(buf, off, size), data, size) to
ibuf_set(buf, off, data, size). Also ibuf_reserve() is replaced with
ibuf_add_zero().
OK tb@
|
|
|
|
Provide bn_bitsize(), which performs a constant time scan of a BN in order
to determine the bit size of the BN value. Use this for BN_num_bits() such
that it is no longer dependent on the bn->top value.
ok tb@
|
|
Test BN_sqr() with a newly allocated BN, a BN explicitly set to zero and
small values that fit in a single BN_ULONG.
|
|
Currently BN_hex2bn() removes the leading zeros, however this will not be
the case in the future.
|
|
Currently BN_hex2bn() removes the leading zeros, however this will not be
the case in the future.
|
|
|
|
Previously this directive would accept certificate algorithm names, but
these were unusable in practice as OpenSSH does not support CA chains.
part of bz3577; ok dtucker@
|
|
are valid for CA signing. Previous behaviour was to list all signing
algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@
|
|
bz3581
|
|
tested by and ok kettenis@
|
