Age | Commit message (Collapse) | Author |
|
aarch64/powerpc/powerpc64, making use of the count leading
zeros instruction. Also add a brief regression test.
ok deraadt@ kettenis@
|
|
|
|
as the per-thread register.
ok patrick@, drahn@
|
|
|
|
|
|
|
|
to match the order they are listed in the RFC. No functional change.
|
|
just commit this kettenis@
|
|
This probably should be backed out after fully debugged, vector
instructions caused problems with debug configuration.
|
|
Determine location of toc based on PC relative location and load into %r2
|
|
Initial attempt to port powerpc code to powerpc64
Expects TOC loading in ENTRY(),
ok kettenis@ (some cleanup required)
|
|
Initial attempt to port powerpc code to powerpc64
Expects TOC loading in ENTRY(),
memmove.S is the powerpc 32 bit, optimization is possible for 64 bit
and handle len of > 32 bits.
|
|
|
|
This is a almost a direct copy from powerpc with 64 bit mods,
with two additions present in 64 arch.
NOTE: long double 128 is not supported currently.
|
|
|
|
Initial attempt to port powerpc code to powerpc64
Expects TOC loading in ENTRY(),
ok kettenis@
|
|
Expects ELFv2 TOC loading in ENTRY(),
build with -gdwarf-4
Split SYS.h into SYS.h and DEFS.h
fix tabs after #define
|
|
and EVP_PKEY_id(3), then describe the "type" parameters of
various functions more precisely referencing that information.
In particular, document X509_get_signature_type(3) which was
so far missing.
OK tb@
|
|
and for flagging which pages to check;
|
|
When first called, queue and send a close notify, before returning 0 or 1
to indicate if a close notify has already been received from the peer. If
called again only attempt to read a close notify if there is no pending
application data and only read one record from the wire. In particular,
this avoids continuing to read application data where the peer continues
to send application data.
Issue noted by naddy@ with ftp(1).
ok jca@ tb@
|
|
OK tb@
|
|
OK tb@
|
|
still widely used according to code searches on the web, so people
reading existing code will occasionally want to look them up.
While here, correct the return type of X509_CRL_get0_lastUpdate(3)
and X509_CRL_get0_nextUpdate(3), which return const pointers.
Also, add some precision regarding RETURN VALUES.
|
|
RFC 8446 section 9.2 imposes some requirements on the extensions sent
in the ClientHello: key_share and supported_groups must either both be
present or both be absent. If no pre_shared_key was sent, the CH must
contain both signature_algorithms and supported_groups. If either of
these conditions is violated, servers must abort the handshake with a
missing_extensions alert. Add a function that enforces this. If we are
going to enforce that clients send an SNI, we can also do this in this
function.
Fixes failing test case in tlsfuzzer's test-tls13-keyshare-omitted.py
ok beck inoguchi jsing
|
|
|
|
This filter, already implemented in macOS and Dragonfly BSD, returns
exceptional conditions like the reception of out-of-band data.
The functionnality is similar to poll(2)'s POLLPRI & POLLRDBAND and
it can be used by the kqfilter-based poll & select implementation.
ok millert@ on a previous version, ok visa@
|
|
avoid \*(Gt and \*(Lt, .Dv NULL, .Cm for pledge promises
|
|
and a few other wording and markup improvements while here;
OK jmc@ ratchov@
|
|
missed a subsequent fix for an off-by-one in that code. If the first
byte of a CBC padding of length 255 is mangled, we don't detect that.
Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7
Fixes the failing tlsfuzzer lucky 13 test case.
ok beck inoguchi
|
|
and point to UI_UTIL_read_pw(3) instead;
tb@ agrees with the general direction
|
|
correct the description of X509_get_X509_PUBKEY(3),
document error handling of the read accessors,
and mention the relevant STANDARDS
|
|
|
|
which is still under a free license. Wording tweaked by me.
|
|
and some other wording improvements with respect to types;
OK ratchov@
|
|
are very long (function pointers), such that a number of input lines
in the SYNOPSIS do not fit into 80 columns. Consequently, consistently
use .Fo/.Fa/.Fc rather than .Fn for better readability of the source
code. Mechanical diff, no output change.
|
|
of integers for clarity and to read better;
one of the issues (abuse of .Sm) was originally reported by jmc@;
ok jmc@ ratchov@
|
|
|
|
Add detailed information on the return values of all the functions
in this page and remove the previous incorrect information.
tweaks & ok schwarze
|
|
Move pem_password_cb(3) to the file PEM_read(3) and rewrite
its description from scratch for precision and conciseness.
Plus some minor improvements in the vicinity.
Tweaks and OK tb@.
|
|
amount of text, the ERRORS section, in the previous commit
|
|
tb@ agrees that it should not be part of the public API
|
|
tweaks and OK tb@
|
|
ok tb
|
|
|
|
|
|
how our tree gets built. If this was done in all the libraries (imagine
sys/dev), it would disrupt the development process hugely. So it should
not be done here either. use 'make includes' by hand instead.
|
|
because there are callers who were inspecting unrelated fields.
discussion with eric, otto, solution from semarie
this is errata 6.6/031_asr and 6.7/009_asr
|
|
section 4.1.2 to ensure subsequent ClientHello messages after a
HelloRetryRequest messages must be unchanged from the initial
ClientHello.
ok tb@ jsing@
|
|
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
|
This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX
containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy
to copy cipher_data to the target struct. The result is that the
copy contains a pointer to the wrong struct, which then leads to a
use-after-free. The custom copy handler fixes things up to avoid
that.
Issue reported by Guido Vranken
ok beck inoguchi jsing
|