| Age | Commit message (Collapse) | Author |
|---|
|
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
|
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
|
the new handshake functions.
ok miod@
|
|
messages. This will allow for removal of repeated/duplicated code.
Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.
Partially based on similar changes in OpenSSL.
ok miod@
|
|
|
|
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
|
enabled and I would hope that no one is using client certificates with DTLS
and Netscape, assuming it even supported it...
ok bcook@ miod@
|
|
|
|
non-_KERNEL code.
|
|
|
|
update SYNOPSIS and DESCRIPTION and add STANDARDS
|
|
some of this is already contained upstream in NetBSD,
the rest will be sent there
|
|
from Kaspars at Bankovskis dot net
|
|
controls whether you can ptrace any process with appropriate privileges
or only one own's children.
ok deraadt
|
|
|
|
rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze
|
|
ok deraadt
|
|
As pointed out by stsp@, LC_CTYPE *does* affect the ctype.h functions.
Use a wording similar to a suggestion by deraadt@.
Feedback and OK jmc@, OK stsp@.
|
|
to match of PATH_MAX. As fnmatch() is used for matching more than
just pathnames, this can prevent legitimate matches for long strings
or partterns. OK miod@ tedu@
|
|
|
|
|
|
|
|
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
|
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
|
|
|
Based on OpenSSL and BoringSSL.
ok bcook@
|
|
ok jsing@
|
|
|
|
general cleanup
diff from Kaspars Bankovskis (kaspars (at) bankovskis.net)
ok and tweaks schwarze@, jmc@
|
|
|
|
|
|
while here, remove the lie that regex(3) character classes would
depend on the locale;
ok jmc@
|
|
|
|
and strlen that provide a significantly faster performance than our
previous .c or .S implementations. Based on NetBSD's code.
Tested with different amd64 CPUs.
ok deraadt@ mikeb@
|
|
|
|
|
|
|
|
It may take a few iterations to get the tone right.
previously discussed with millert
|
|
the same thingies. Therefore these "lists of functions" man pages can go
away.
Hurray! I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)
|
|
observed by jonas termansen
|
|
|
|
to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode. If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from enh at google
|
