| Age | Commit message (Collapse) | Author |
|---|
|
text tweaked and ok djm
|
|
ok djm
|
|
tested by many; ok florian@
|
|
OK claudio@ jca@
|
|
|
|
around broken GOST implementations. It looks like client certificates with
GOST have been completely broken since reimport of the GOST code, so no-one
is using LibreSSL this way. The client side was fixed only last week for
TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed
simplifcation and cleanup, so it is time for it to go.
suggested by and ok jsing
|
|
patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
|
|
invalid change cipher spec. Found due to dead assignment warnings
by the Clang static analyzer.
ok inoguchi (previous version), jsing
|
|
From Edgar Pettijohn.
|
|
This prototype was removed inadvertantly in r1.50.
OK jsing@
|
|
|
|
unveil calls should follow. ok various, including jmc
|
|
|
|
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing
|
|
type, sigalgs/rsa/ec/gost. Move a few special dances for GOST where they
belong now. This prompted a fix for a long-standing bug with GOST client
certificate authentication where tls1_transcript_data() fails since the
transcript was already freed before. Add a bit of missing error checking
and leave some further cleanup for later.
idea, guidance & ok jsing
|
|
Based on a diff from Edgar Pettijohn III.
|
|
The current crypto_lock_init() function is not called early enough, meaning
that locks are already in use before it gets called. Worse, locks could be
in use when they are then initialised. Furthermore, since functions like
CRYPTO_lock() are public API, these could be called directly bypassing
initialisation.
Avoid these issues by using static initialisers.
ok bcook@
|
|
|
|
|
|
|
|
The previous code meant that a caller could set the locking callback, after
which CRYPTO_get_locking_callback() would return non-NULL. Some existing
code depends on this behaviour, specifically to identify if lock handling
has been configured. As such, always returning NULL from
CRYPTO_get_locking_callback() can result in unexpected application
behaviour.
ok bcook@
|
|
relocation of ld.so's GOT without using it, so _reloc_alpha_got()
merely made the call to _dl_boot_bind() from asm simpler...while
itself being a call that required special handling.
diff and muild baking by miod@
ok guenther@
|
|
If DTLS sees a HelloVerifyRequest the transcript is reset - the previous
tls1_init_finished_mac() function could be called multiple times and would
discard any existing state. The replacement tls1_transcript_init() is more
strict and fails if a transcript already exists.
Provide an explicit tls1_transcript_reset() function and call it from the
appropriate places. This also lets us make DTLS less of a special snowflake
and call tls1_transcript_init() in the same place as used for TLS.
ok beck@ tb@
|
|
now that there is essentially no malloc.conf;
text tweaked by deraadt; ok otto deraadt
|
|
libs have it, it is a function that is considered harmful, so:
Delete malloc_usable_size(). It is a function that blurs the line
between malloc managed memory and application managed memory and
exposes some of the internal workings of malloc. If an application
relies on that, it is likely to break using another implementation
of malloc. If you want usable size x, just allocate x bytes. ok
deraadt@ and other devs
|
|
here could creates non-uniformity since very short fetches of 0 would
be excluded. blocks of 0 are just as random as any other data, including
blocks of 4 4 4.. This is a misguided attempt to identify errors from the
entropy churn/gather code doesn't make sense, errors don't happen.
ok bcook
|
|
PROTO_NORMAL(). Problem noted by deraadt@
|
|
|
|
Discussed with beck@
|
|
In TLSv1.2, if the client does not send a signature algorithms extension
then for RSA key exchange a signature algorithm of {sha1,rsa} is implied.
The MD5+SHA1 hash only applies to older versions of TLS, which do not
support sigalgs.
|
|
|
|
Because of hw.smt we need a way to determine whether a given CPU is "online"
or "offline" from userspace. KERN_CPTIME2 is an array, and so cannot be
cleanly extended for this purpose, so add a new sysctl(2) KERN_CPUSTATS
with an extensible struct. At the moment it's just KERN_CPTIME2 with a
flags member, but it can grow as needed.
KERN_CPUSTATS appears to have been defined by BSDi long ago, but there are
few (if any) packages in the wild still using the symbol so breakage in ports
should be near zero. No other system inherited the symbol from BSDi, either.
Then, use the new sysctl(2) in systat(1) and top(1):
- systat(1) draws placeholder marks ('-') instead of percentages for
offline CPUs in the cpu view.
- systat(1) omits offline CPU ticks when drawing the "big bar" in
the vmstat view. The upshot is that the bar isn't half idle when
half your logical CPUs are disabled.
- top(1) does not draw lines for offline CPUs; if CPUs toggle on or
offline in interactive mode we redraw the display to expand/reduce
space for the new/missing CPUs. This is consistent with what some
top(1) implementations do on Linux.
- top(1) omits offline CPUs from the totals when CPU totals are
combined into a single line (the '-1' flag).
Originally prompted by deraadt@. Discussed endlessly with deraadt@,
ketennis@, and sthen@. Tested by jmc@ and jca@. Earlier versions also
discussed with jca@. Earlier versions tested by jmc@, tb@, and many
others.
docs ok jmc@, kernel bits ok ketennis@, everything ok sthen@,
"Is your stuff in yet?" deraadt@
|
|
|
|
|
|
|
|
joel's line of thinking about it
|
|
sigalg for MD5_SHA1 and using it as the non sigalgs default
ok jsing@
|
|
from Rian Hunter
|
|
for a timing vullnerability in ECDSA signature generation (CVE-2018-0735).
Note that the blinding that we introduced back in June for ECDSA and DSA
should mitigate this and related issues. This simply adds an additional
layer of protection.
discussed with jsing
|
|
avoiding runtime failures on architectures using ld.lld. Also add a note to
libcurses shlib_version reminding about bumps (as done with libcrypto/libssl).
Thanks guenther@ for suggestions of tests involving library bumps and jca@
for doing these tests and hint about DPADD.
Looks good kettenis@, ok jca@
|
|
instead of 'uint16_t'
Found with llvm's static analyzer, noticed that it was also already reported in
Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's
equivalent code.
OK tb@ and jsing@
|
|
Makes connections to outlook.office365.com work
|
|
|
|
Spotted by maestre@, ok tb@
|
|
ok tb@
|
|
ok bcook
|
|
Include check for appropriate RSA key size when used with PSS.
ok tb@
|
|
ok beck@
|
|
ok beck@
|
|
ok beck inoguchi
|
