| Age | Commit message (Collapse) | Author |
|---|
|
changed the entire tree to use fd_set allocation, and this manpage documented
the "calloc(howmany(max+1, NFDBITS), sizeof(fd_mask))" idiom. Since then we
completed converting the entire tree to poll(2), for many reasons, even ssh/sshd.
Now the use of kernel-only sys/param.h-found howmany() and related macross grate
on me, so it is time to recommend use of poll(2) instead. [On a related note,
MacOS poll(2) is been dangerously broken for many years; that is their problem to
handle as the whole ecosystem joins us in pivoting select -> poll)
ok millert
|
|
Our poll does not use EAGAIN but code needs to handle it for portability.
OK deraadt@ visa@
|
|
Subset of FreeBSD commit 4339c67c485f0b1f7699863fc29f6c06862d1dde:
Moved the optimization for tiny x from __kernel_{cos,sin}[f](x) to
{cos_sin}[f](x) so that x doesn't need to be reclassified in the
"kernel" functions to determine if it is tiny (it still needs to be
reclassified in the cosine case for other reasons that will go away).
...
Parts of the original change were applied separately before.
Suggested by kettenis@
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
The same change was done by NetBSD some time back as:
Disable x87 implementations of sin, cos, tan.
The x87 hardware uses a bad approximation to pi for argument
reduction, and consequently yields bad answers for inputs near pi or
pi/2.
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
The result passes more tests from msun suite. In particular,
testacc(cos, -0.34061437849088045332L, 0.94254960031831729956L,
ALL_STD_EXCEPT, FE_INEXACT);
matches instead of being 1e-16 off.
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
|
|
|
|
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
|
suggestion from tb@
|
|
CID 21653
ok jsing@ millert@ tb@
|
|
input from tb@
|
|
CID 24893
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24839
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24778
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24812
ok jsing@ millert@ tb@
|
|
It returns 1 on success and 0 for failure, never negative value.
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 21665 24835
comment from jsing@ and tb@
ok jsing@ millert@ tb@
|
|
CID 24869
ok jsing@ millert@ tb@
|
|
This adds the SM2 algorithm defined in the Chinese standards
GB/T 32918.1-2016, GB/T 32918.2-2016, GB/T 32918.3-2016,
GB/T 32918.4-2016 and GB/T 32918.5-2017.
This is an ISC licensed implementation contributed by Ribose.inc, based
on the same code that was contributed to OpenSSL by Jack Lloyd. The port
to LibreSSL was done by Ronald Tse and Nickolay Olshevsky.
Github PR #105
I made quite a few cleanup passes on this, but more is needed, some
of which will happen in-tree before this is linked to the build.
ok deraadt inoguchi (a long time ago), jsing
|
|
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
|
|
CID 345137
ok jsing@ tb@
|
|
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.
This also could fix Coverity CID 345319.
ok jsing@ tb@
|
|
and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are
security fixes #531 #534 #532 #538 #539 and other changes #527 #513
#514 #502 #503. No library bump necessary.
OK millert@
|
|
ok tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
This function has a weird dance of allocating an ASN1_STRING in an
inner scope and assigning it to a void pointer in an outer scope for
passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error.
This can be simplified and streamlined.
ok inoguchi
|
|
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
|
and Symbol addition and removal in libcrypto.
|
|
|
|
ok jsing
|
|
Stop reaching into DH internals and use the new API functions instead.
ok inoguchi jsing
|
|
Trivial conversion to cope with opaque BIO.
|
|
|
|
This is a completely mechanical conversion to use accessors instead
of reaching inside the structs by hand.
ok millert
|
|
ok inoguchi
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This removes OBJ_bsearch_ex_() from the exported symbols and makes
OBJ_bsearch_() semi-private. It is still used in libssl.
While here, remove some hideous unused macros
ok inoguchi jsing
|
|
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
