| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok millert@
|
|
|
|
data.
|
|
condition.
|
|
|
|
suggested and ok reyk@
|
|
Bump MAXADDRS/ALIASES to the original of 35, and silently ignore extras
instead of failing.
Noticed by markson on freenode.
OK eric@ "with revised diff", phessler@.
|
|
an additional 28 bytes of .rodata (or .data) is provided to the network. In
most cases this is a non-issue since the memory content is already public.
Issue found and reported by Felix Groebert of the Google Security Team.
ok bcook@ beck@
|
|
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
|
|
OK guenther@
|
|
them guaranteed to not conflict per POSIX.
ok espie@ guenther@
|
|
See https://www.openssl.org/news/secadv_20150108.txt for a more detailed
discussion.
Original OpenSSL patch here:
https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0
The regression test is modified a little for KNF.
ok miod@
|
|
|
|
certificates without requiring a CertificateVerify message.
From OpenSSL commit:
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3
Thanks to Karthikeyan Bhargavan for reporting this.
ok miod@
|
|
|
|
Printing strerror() in that case will say result too large, even if rounds is
actually too small. invalid is less specific, but less incorrect.
ok millert
|
|
While here, correctly mark up time_t as a variable type and use prettier
double quotes.
ok schwarze@
|
|
|
|
Discussed with/requested by deraadt@ at the conclusion of s2k15.
|
|
This allows for clients that willingly choose to perform a downgrade and
attempt to establish a second connection at a lower protocol after the
previous attempt unexpectedly failed, to be notified and have the second
connection aborted, if the server does in fact support a higher protocol.
TLS has perfectly good version negotiation and client-side fallback is
dangerous. Despite this, in order to maintain maximum compatability with
broken web servers, most mainstream browsers implement this. Furthermore,
TLS_FALLBACK_SCSV only works if both the client and server support it and
there is effectively no way to tell if this is the case, unless you control
both ends.
Unfortunately, various auditors and vulnerability scanners (including
certain online assessment websites) consider the presence of a not yet
standardised feature to be important for security, even if the clients do
not perform client-side downgrade or the server only supports current TLS
protocols.
Diff is loosely based on OpenSSL with some inspiration from BoringSSL.
Discussed with beck@ and miod@.
ok bcook@
|
|
ssl3_cipher_get_value() to get the cipher suite value that we just
put in the struct - use the cipher suite value directly.
|
|
|
|
|
|
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
|
|
configuration.
|
|
be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that
allows the previous default ciphers to be selected.
Discussed with tedu@ during s2k15.
|
|
|
|
|
|
ok jsing
|
|
ok dlg
|
|
No actual change, but makes it easier to reuse the code elsewhere.
Suggested by Andre Smagin
|
|
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this
by explicitly checking for NULL at the start of the bnrand() function.
Fixes Coverity ID 78831.
ok miod@
|
|
ok doug@
|
|
ok jmc@
|
|
|
|
|
|
from continuation lines, of which there are many
|
|
|
|
|
|
release. ok millert
|
|
|
|
device names. Remove wrong comments.
|
|
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new()
call above it will have allocated a ctx without calling BN_CTX_start() on
it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting
up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
|
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
|
|
|
|
|
tls_config_set_protocols().
|
|
changed from EINVAL to ENOTTY in sys/net/if_media.c r1.19; it should just
indicate that monitor mode is not available, rather than return a general
error. ok dcoppa jca
|
|
large enough, do it correctly so that the local seed buffer on the stack
gets properly initialized in the first iteration of the loop.
While there, remove an outdated and bogus comment.
Coverity CID 21785
ok doug@ jsing@
|
