| Age | Commit message (Collapse) | Author |
|---|
|
|
|
spotted by deraadt@
|
|
receiving side of proc_connect(). Move some code from main into
proc_init(), the function is now called by parent and children, not
just the parent and it is less copy + paste for other daemons.
OK florian@
|
|
|
|
|
|
the main goal of this change is to reduce the amount of code that
is generated as a result of using the macro implementation (RB_FOO)
of red black trees. on amd64 we should get a few dozen kilobytes
of code space back, and make red black trees more icache friendly
at the same time.
the new (RBT_FOO) implementation is modelled on the existing one,
but has some minor api variations. generally you can replace RB_
with RBT_ and get most of the way to converting code.
internally the red black tree functions all take an rb_type struct
that describes the layout of the object wired into a tree (ie, the
offset of the RBT_ENTRY inside a node), the comparison function,
and an optional augment function. because the functions are supposed
to be used for all types, they end up taking void * for the node
pointers instead of specific types. the tree is operated on as
pointers between the RBT_ENTRY structs instead of the nodes, which
gave me some type safety when implementing the code (cos casts
to/from void * dont ever fail, and continually calculating the
offset of the rb entry is annoying). RBT_ENTRYs are turned into
node pointers by prepending the offset stored in the rb_type struct
before theyre given to the comparison function or returned to the
caller.
to provide type safety on top of this, RBT_PROTOTYPE generates static
inline function wrappers that only take arguments of the right type,
and implicitly provide the rb_type struct argument to the actual
RBT functions. therefore the actual functions should never be called
directly, all calls should go through the RBT_ wrappers.
RBT_GENERATE is responsible for creating the rb_type struct used
by these wrappers. notably it also generates a wrapper around the
compare function so the user provided one must take the right types
instead of void *.
in terms of speed, this code is comparable to the macro implementation.
eg, insertion is very slightly slower in microbenchmarks, but
deletion appears to be significantly faster. this is possibly because
of the aggressive inlining ive done inside the delete codepaths.
the code is not yet wired into the kernel build.
it also needs to be said that there have been several attempts
before this to provide functions for at least some parts of the
kernels red black trees. that work made this a lot easier.
ok deraadt@ jung@ tedu@
|
|
These descriptors are filled with value parsed from untrusted USB
descriptors and we don't want to left memory unitialized if an error
occurs during the parsing.
|
|
from .5 to 1.5 ofthe value. This is how the man page describes it and
nobody can remember why it was not being used as a hard limit.
ok benno@
|
|
noticed by pirofti
|
|
|
|
descriptors.
No functionnal change.
|
|
ok krw@
|
|
|
|
OK deraadt
|
|
|
|
|
|
Found with STACK, originally from OpenSSL, ok @beck
|
|
in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc,
with some cleanup on the way in by myself and jsing@
ok bcook@
|
|
ok krw@
|
|
Based on a diff from Kinichiro Inoguchi.
ok beck@
|
|
ok deraadt@
|
|
ok bcook
|
|
|
|
|
|
|
|
ok tedu@
|
|
ok beck@
|
|
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@
|
|
used if TLS 1.0 is enabled. Sugessted/discussed with jsing@ and bcook@.
ok guenther@ sthen@
|
|
ok beck
|
|
ok beck@
|
|
|
|
BN_mod_word() can return incorrect results if the supplied modulus is
too big, so we need to fall back to BN_div_word.
Now that BN_mod_word may fail, handle errors properly update the man page.
Thanks to Brian Smith for pointing out these fixes from BoringSSL:
https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89
https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be
ok beck@
|
|
certificates provided in the response. - makes our newly added
ocsp regress test pass too..
ok bcook@
|
|
implementations.
In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
|
|
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@
|
|
|
|
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
|
|
Generalized Time on requests as per RFC6960
|
|
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@
|
|
Improved patch from Cesar Pereida. See
https://github.com/libressl-portable/openbsd/pull/61 for more details.
ok beck@
|
|
Mistake noted by Billy Brumley. Many thanks.
|
|
in constant time even if the flag BN_FLG_CONSTTIME is set. This issue
was reported by Cesar Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA). The fix was developed by Cesar Pereida.
|
|
|
|
14 years ago these were changed in OpenSSL to be the same
as the _ex functions. We use the _ex functions only internally
to ensure it is obvious the ctx must be cleared.
ok bcook@
|
|
The outer while() loop is missing, so we only read up to chunk_max bytes.
|
|
hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis
|
|
additionally, in EncodeUpdate, if the amount written would overflow,
return 0 instead to prevent bugs in the caller.
CVE-2016-2105 and CVE-2016-2106 from openssl.
|
|
for both the mac and padding bytes.
CVE-2016-2107 from openssl
|
|
CVE-2016-2108 from openssl.
|
