| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Termansen, thanks!
|
|
in kernel and user land.
OK florian@ mpi@
|
|
Markus Mueller.
|
|
|
|
|
|
to the truth
|
|
indirectly prodded by krw@
|
|
ok millert@ manpage feedback jmc@
|
|
when creating them: mkostemp(), mkostemps(), the 'e' mode letter for
fopen(), freopen(), fdopen(), and popen(). The close-on-exec flag will
be cleared by the action created by posix_spawn_file_actions_adddup2().
Also, add support for the C11 'x' mode letter for fopen() and freopen(),
setting O_EXCL when possibly creating files.
Note: this requires kernel support for pipe2() and dup3()!
ok millert@
|
|
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.
ok matthew@
|
|
|
|
If getrandom returns a temporary failure, make sure errno is not polluted when
it succeeds. Thanks to deraadt@ for pointing it out.
|
|
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
|
|
non-standard ECDH curve by name or to disable it by passing NULL.
OK jsing@
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
|
concept ok deraadt@
diff looks ok tedu@
|
|
There is no intention to modify the string returned by strerror and
doing so is forbidden by the standard.
from Jonas 'Sortie' Termansen
ok tedu@ deraadt@
|
|
The crypto/bio/bss_dgram.c file assumes that another file indirectly
includes <stdlib.h> that includes <sys/time.h>.
from Jonas 'Sortie' Termansen
ok deraadt@ tedu@
|
|
These files currently depends on the wrapper <stdlib.h> file indirectly
including a header that provides select().
from Jonas 'Sortie' Termansen
ok deraadt@ tedu@
|
|
rather than passing in a fixed size buffer.
This is yet another example of a horribly designed API - if the given
buffer is NULL then SSL_CIPHER_description() allocates one for us (great!),
which we then need to free (no problem). However, if this allocation fails
it returns a pointer to a static string "OPENSSL_malloc Error" - obviously
bad things happen if we call free() with this pointer.
Unfortunately, there is no way of knowing that the function failed, other
than comparing the returned string against the string literal - so do that
before calling free()...
Joint work with beck@ during g2k14.
|
|
ssl3_cipher_get_value() helper function, which returns the cipher suite
value for the given cipher.
ok miod@
|
|
currently).
From Dmitry Eremin-Solenikov.
|
|
ssl3_get_cipher_by_id().
ok bcook@
|
|
|
|
So add the types blksize_t (a.k.a. int32_t) and blkcnt_t (a.k.a.
int64_t). Use blkcnt_t in stat.h since the base type (int64_t) does
not change. blksize_t in stat.h will follow after the tree is audited
for signed issues, since the base type will change from u_int32_t
to a POSIX compliant int32_t.
Guidance and feedback from guenther@
ok millert@
|
|
|
|
|
|
Let the compiler optimize these. Even older versions of gcc generate
equal or better quality code than the inline asm.
ok miod@
|
|
These macros and asm inlines simulate a function returning a value, but
nothing ever uses this return value. Remove the pseudo-returns and
(void) casts discarding the unused values.
This, maybe unsurprisingly, speeds things up a bit. It also removes the
GCC 4.9 warnings about unused values.
ok miod@ deraadt@
|
|
to hold the malloc lock across mmap syscalls in all cases. dropping it
allows another thread to access the existing chunk cache if necessary.
could be improved to be a bit more aggressive, but i've been testing this
simple diff for some time now with good results.
|
|
from Justus Baumgartner (meddev50 (at) gmail.com)
|
|
from Justus Baumgartner (meddev50 (at) gmail.com)
ok jmc@
|
|
like the sysctl path
|
|
ok jmc@
|
|
This enables support for the new getrandom(2) syscall in Linux 3.17.
If the call exists and fails, return a failure in getentropy(2) emulation as
well. This adds a EINTR check in case the urandom pool is not initialized.
Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04
ok deraadt@
|
|
|
|
circular lists. Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go. Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@
|
|
on it, simplifying error checking, reducing system calls, and improving
thread-safety for libraries.
ok miod@
|
|
millert@ and jmc@ agree that "overriden" is wrong
|
|
case of failing to map the 2nd object.
found by Paul Maurers
|
|
original OpenSSL commit message follows:
Fixed as shown; to be released post-1.0.2
commit bebbb11d132cc149f7713d6693703f8bfae10072
Author: Ingo Schwarze <schwarze@usta.de>
Date: Sat Jan 18 11:46:25 2014 +0100
RT3239: Extra comma in NAME lines of two manpages
In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.
While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).
Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
|
|
Without the cast/mask, the compiler is allowed to optimize this directly
to the correct CPU intrinsic for rotate.
|
|
Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined,
only enabling inline assembly, but the RSA / RC4-5 blocks (used only in
amd64 systems) turn on implicitly. Guard these two as well.
This simplifies enabling just inline ASM in portable, no effective
change in OpenBSD.
|
|
memory and can return NULL.
ok miod@
|
|
ssl3_get_cert_verify().
ok guenther@ jsing@
|
|
ok guenther@ jsing@
|
|
of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than
using a less-readable hardcoded constant everywhere) and replace the
ssl3_put_char_by_bytes(NULL, NULL) calls with it.
ok bcook@ miod@
|
|
up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
