| Age | Commit message (Collapse) | Author |
|---|
|
ok jsing
|
|
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
|
|
|
|
|
|
|
|
recallocarray(), with its guarantee that memory becoming unallocated is
explicitly discarded, is too slow. In rpki-client forming one particular
ibuf takes more then 4mins because every recallocarray() call ends up
doing a fresh malloc + memcpy + freezero call.
For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid
any memory reallocations.
OK tb@
|
|
The existing description was lacking and incorrect, respectively.
|
|
|
|
reminded by mandoc -Tlint
|
|
Remove the corresponding documentation.
|
|
ok jsing
|
|
Return 0 on success, return <= 0 on failure. Sigh. In particular, if an
allocation failed, the password that no one entered was considered valid.
ok jsing
|
|
According to some, a fail-open password verification function is par for
the course for libcrypto. Unfortunately, we have been recommending its use
over similarly named EVP functions after what amounted to a coin toss a
few years back. Luckily enough, no one followed that advice and we can
soon remove this API for good.
|
|
updated and were instead replaced by ?. ok millert
|
|
This API family has been neutered and will be removed in the next bump.
Further cross references will be untangled in the future.
|
|
ok miod
|
|
It is no longer possible to set an attribute on an EVP_PKEY, so this
code is dead.
ok miod
|
|
The last consumer in openssl(1) pkcs12 has been removed, so we no longer
need this function.
ok miod
|
|
We document, and posix requires, to return a NUL-terminated string on
a successful call to getaddrinfo(3) when AI_CANONNAME was set.
If the canonical name cannot be determined, return the node name as
suggested by posix.
OK guenther
|
|
Reduces upcoming diffs and avoids annoying prototypes.
|
|
These functions have been disabled for a while and they will be removed
in the next major bump.
|
|
declarations to reduce <stdio.h> pollution. Declare __isthreaded
in thread_private.h where it's really needed.
ok deraadt@
|
|
into fewer files that don't need them.
ok deraadt@
|
|
assuming some local .h will pull it in
ok deraadt@
|
|
The original reason was some corner cases around COPY relocations, which
caused problems for miniperl which directly modified environ and accessed
environ via libc functions.
This causes duplicate symbols for environ/__progname in some (poorly written)
apps, but is allowed on most other architectures.
Since the time this was added other arm architecture changes mean that we
don't need it, so remove it.
debugged with kettenis@ and jca@
tested and OK guenther@
|
|
|
|
Some macros are still exposed, but apart from the loss of a very nice way
of saying "this is completely misdesigned, overengineered and not properly
thought through" the only thing we would have learned from it is that this
stuff is "probably useless".
|
|
Try the -S option
|
|
|
|
|
|
|
|
ok guenther
|
|
|
|
|
|
Symbols.list
|
|
|
|
without poking directly into the FILE structure.
Repeated testing, "nope, need a few more" feedback, and ok tb@
|
|
requirements for setting the underlying file position when flushing
read-mode streams, and make an fseek()-after-fflush() not change the
underlying file position.
Much testing, review, and assistance from tb@
ok tb@ millert@
|
|
|
|
Provide a per architecture crypto_arch.h - this will be used in a similar
manner to bn_arch.h and will allow for architecture specific #defines and
static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here.
ok tb@
|
|
unused in ports and on codesearch
|
|
|
|
|
|
|
|
visibility and manpages and add restrict qualifiers in all the
specified places to the *printf family.
ok millert@
|
|
and manpages and add restrict qualifiers.
ok millert@
|
|
|
|
and add restrict qualifiers. While here, rename the BUGS section
to CAVEATS since they're really "these probably don't do what you
want" notes and not things that need fixing.
ok millert@
|
|
|
|
|
