| Age | Commit message (Collapse) | Author |
|---|
|
DTLS code had a chunk that checked to see if the SSL version was *not*
DTLS. Turns out that this is inside a big #if 0 block with a comment
explaining why DTLS will never need this code...
The DTLS code was clearly written by wholesale copying the SSLv3 code.
Any code not applicable to DTLS was seemingly #if 0'd or commented out
and left for others to find.
d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function
that has the same function signature as do_ssl3_write(), except that the
create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument
is unused for DTLS (although there is code that pretends to use it) since
it uses explicit IV (as the comment notes).
Instead of leaving this turd lying around, nuke the #if 0'd code (along
with the check for *not* DTLS) and remove the pointless
create_empty_fragment argument given the only two do_dtls1_write() calls
specify zero.
This kind of thing also makes you wonder how much actual peer review
occurred before the code was initially committed...
ok beck@
|
|
from Benjamin Baier
|
|
based initialisation, use more readable variable names and use a goto
rather than duplicating the frees for the error and non-error paths...
ok beck@
|
|
Tweak some error descriptions based on that
Completely reword ETXTBSY description based on a suggestion from millert@
tweaks and oks jmc@ millert@ sobrado@
|
|
running
ok millert@ sobrado@
|
|
|
|
|
|
that is OBJ_obj2txt() can return a larger value..
ok tedu@
|
|
|
|
|
|
being relaced by reallocarray(). you will have to look at the diff.
there can be no explanations for the extra casts. as beck says,
"Don't go towards the light theo!"
ok beck tedu
|
|
|
|
ok deraadt
|
|
|
|
in the "size_t nmemb, size_t size"
|
|
potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be. checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu
|
|
|
|
|
|
ok to firebomb from tedu@
|
|
from Alexander Schrijver
|
|
|
|
that does not.
"fire bomb" tedu@
|
|
|
|
|
|
|
|
ok deraadt@
|
|
|
|
ok deraadt jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by adding an enc_flags field to the ssl3_enc_method, specifying four flags
that are used with this field and providing macros for evaluating these
conditions. Currently the version requirements are identified by
continually checking the version number and other criteria.
This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2,
since they have different enc_flags from TLS v1.
Based on changes in OpenSSL head.
No objection from miod@
|
|
EVP_CIPHER_CTX_free() does a NULL check, then calls EVP_CIPHER_CTX_cleanup()
and frees the memory. COMP_CTX_free() also had its own NULL check, so there
is no point in duplicating that here.
ok beck@
|
|
|
|
|
|
a filesystem. fs_nspf and its derivitives like fs_spc are DEV_BSIZE
values, not actual hardware disk sector values. Adjust initializations
accordingly.
Tweak header and man page comments to make the DEV_BSIZE'ness more
obvious for future spelunkers.
No-op for DEV_BSIZE (a.k.a. 512-byte) sector devices but should help
checking filesystems on, e.g., 4k-byte sector devices.
ok jmc@ on the man page tweaks.
|
|
unchecked.
In the case of tls1_change_cipher_state(), it is fairly pointless to use
ssl_replace_hash(), since it does not initialise the hash and there is
special handling required in the DTLS write case. Instead, just inline
the part of ssl_replace_hash() that is needed and only
ssl_clear_hash_ctx() the write hash in the non-DTLS case.
Also add a detailed comment explaining why there needs to be specialised
handling for DTLS write context and where the contexts are actually freed.
ok miod@
|
|
ok miod@
|
|
calls EVP_MD_CTX_create(), which will return NULL if it fails to allocate
memory.
ok miod@
|
|
PAGE_SIZE bytes. Completes the MAXPHYS optimizations in the read path.
with input from guenther@ who suggested a version that was a little easier
to understand. Tested on i386 and amd64.
|
|
|
|
|
|
|
|
STANDARDS already notes these flags are compliant; it also stops us looking
redundant referring to older posix revs;
for -g, also note that output can safely be used by the shell;
while here, zap some unneeded Fl i missed in previous;
|
|
|
|
|
|
ok afresh@
|
