| Age | Commit message (Collapse) | Author |
|---|
|
|
|
OK deraadt@
|
|
ok patrick@
|
|
the CERROR handling code had a gross mistake in that that it didn't
continue processing the code after the macro if no error occurred.
ok kettenis@
|
|
choosing MBR partitioning.
|
|
copied from other 64 bit arch
ok jsg@
|
|
otherwise a write will still fault on hardware that doesn't implement
hardware updates for these bits.
ok drahn@
|
|
initialize_interface() logic into closer alignment, and try harder to
initialize link_state at start up.
|
|
After jsing's recent commits, SSL3_CC_{READ,WRITE,CLIENT,SERVER}
and the derived SSL3_CHANGE_CIPHER_{CLIENT,SERVER}_{READ,WRITE}
are no longer used by LibreSSL and should never be used again.
discussed with jsing
|
|
Replace flag gymnastics at call sites with separate read and write,
functions which call the common code. Condition on s->server instead of
using SSL_ST_ACCEPT, for consistency and more readable code.
ok inoguchi@ tb@
|
|
This avoids calling into the key block setup code multiple times and makes
the server code consistent with the client.
ok inoguchi@ tb@
|
|
Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into
separate read and write functions. Move the calls of these functions into
tls1_change_cipher_state() so they directly follow the change of cipher
state in the record layer, which avoids having to duplicate the calls in
the client and server.
ok inoguchi@ tb@
|
|
There are several paths where a subtle bug could result in
tls1_transcript_hash_value() being called with a NULL handshake hash - add
an explicit check for this case. As noted by tb@, due to the wonders of
the libcrypto EVP APIs, combined with integer promotion, we already have
a NULL check - this one is just more obvious.
ok tb@
|
|
Require master key length to be greater than zero if we're asked to derive
verify data for a finished or peer finished message.
ok tb@
|
|
We already derive the peer finished in ssl3_do_change_cipher_spec(), which
DTLS relies on. In the case of TLS we've been doing it twice - once in
ssl3_get_message() and once in ssl3_do_change_cipher_spec().
ok tb@
|
|
Instead of using the output parameters directly, null them out at the
beginning and work with local variables which are only assigned to the
output parameters on success. This way we avoid leaking stale pointers
back to the caller.
requested/ok jsing
|
|
a rewritten resolv.conf, and without being too precise, the order they will
be in the file
discussed with florian and jmc
|
|
r1.39. Issue originally reported by Anton Kasimov via rob@.
OK claudio@
|
|
same was done for route_attach().
Also do soisconnected() after `kp' is fully initialized. This chair
movement affects nothing for PF_KEY sockets but makes code more
consistent.
ok bluhm@ mpi@
|
|
BINDINGS' but not under 'DIRED COMMANDS'. Add it in.
|
|
ok drahn@
|
|
|
|
ok deraadt@
|
|
ok gnezdo@
|
|
This is what was tested, but I forgot to commit a file.
|
|
introduced by the previous libagentx commit. There's a few of the new tests
failing, mark those as such.
|
|
about 40 LoC and fixes a potential out of bounds read.
Bug found by bluhm@ on arm64 regress
OK bluhm@
|
|
Added a comment for SYSCTL_INT_READONLY.
OK mvs@
|
|
OK mvs@
|
|
(PF_ROUTE) sockets. This can be done because we have no cases where one
thread should lock two sockets simultaneously.
Against the previous version rtm_senddesync_timer() execution was moved
to process context.
Also this time `so_lock' used for routing sockets only but in the future
it will be used to other socket types too.
tested by claudio@
ok claudio@ bluhm@
|
|
OK deraadt@
|
|
|
|
|
|
When using the object reuse facility of c2i_ASN1_OBJECT, the dynamically
allocated strings a may contain are set to NULL, so we must free them
beforehand. Also clear the flag, because that's what OpenSSL chose to do.
From Richard Levitte OpenSSL 1.1.1 65b88a75921533ada8b465bc8d5c0817ad927947
ok inoguchi
|
|
If TS_compute_imprint fails after md_alg was allocated, there will be a
double free in its caller. Obvious fix is to null out the output
parameter md_alg just like it's already done for imprint and imprint_len.
From Pauli Dale, OpenSSL 1.1.1, a3dea76f742896b7d75a0c0529c0af1e628bd853
ok inoguchi jsing
|
|
While these calls are part of the legacy extensions and deprecated, they
are really useful for debugging purposes.
ok jsg@
|
|
the control socket instead of fatal().
OK deraadt
|
|
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
|
|
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
|
|
|
|
|
|
For breakpoints stval will have a vaddr. For illegal instructions stval
may be as large as a register or the widest instruction.
Also avoid using an uninitialised variable for stval.
ok mlarkin@ drahn@
|
|
cd /usr/src/gnu/llvm/llvm/docs
gmake -f Makefile.sphinx man
cd /usr/src/gnu/llvm/clang/docs
gmake -f Makefile.sphinx man
cmake -DLLVM_ENABLE_SPHINX=ON -DLLDB_INCLUDE_TESTS=OFF /usr/src/gnu/llvm/lldb/
make docs-lldb-man
|
|
|
|
|
|
ok kettenis@ mlarkin@
|
|
The master key and its length are only stored in one location, so it makes
no sense to handle these outside of the derivation function (the current
'out' argument is unused). This simplifies the various call sites.
If derivation fails for some reason, fail hard rather than continuing on
and hoping that something deals with this correctly later.
ok inoguchi@ tb@
|
|
ok hackroom
tested by plenty
|
|
ok kettenis@
|
|
functions are sysctl_int() and sysctl_rdint(). This brings us back
the 4.4BSD implementation. Then sysctl_int_bounded() builds the
magic for range checks on top. sysctl_bounded_arr() is a wrapper
around it to support multiple variables.
Introduce macros that describe the meaning of the magic boundary
values. Use these macros in obvious places.
input and OK gnezdo@ mvs@
|
