| Age | Commit message (Collapse) | Author |
|---|
|
guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.
|
|
ok millert@, kettenis@
|
|
Instead of asserting, return an error code for I/O errors. This is based
on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks
for two calloc()s while I'm here.
ok miod@
|
|
a compiler warning about shadowing a global declaration.
OK jsing@
|
|
value, which we have no use for. ok kettenis@
|
|
because the API design isn't fully settled.
Requested by jsing@ and tedu@.
|
|
patch from Sunil at Nimmagadda dot net
|
|
While here, stop calling the Internet "the ARPA Internet".
|
|
technically, filenames are not restricted to ASCII.
Patch from Kaspars at Bankovskis dot net, no opposition when shown on tech@.
|
|
archdep.h help from kettenis@
|
|
ok deraadt miod
|
|
|
|
ok kurt@
|
|
afterwards. openssl has a more complicated fix, but it's less intrusive
for now to simply hoist the expensive part (fake key generation) up without
sweating a branch or two.
ok bcook jsing
|
|
fails.
ok kurt@
|
|
Noticed while testing libtls on FreeBSD.
|
|
ok miod@
|
|
This adds alpha-specific first-pass GOT relocation code to boot.h.
The assembly code is pure magic. The numeric register
names don't make it easier to understand (or compare with the
equivalent ld.so code). Unfortunately the assembler only understands
a few symbolic register names.
Renames the crt0.o entry point to __start. Our compiler was already using
__start and the linker will soon follow.
ok kurt@
|
|
|
|
from this case where we have a static buffer and cant realloc.
ok phessler, claudio, reyk
|
|
|
|
use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.
|
|
to determine if DT_JMPREL relocations are REL or RELA and conditionally
perform DT_JMPREL in either REL or RELA as needed (idea from kettenis@).
Remove unneeded i386 RELA implementation. i386 static pie working now.
okay kettenis@
|
|
|
|
the ones used in the code.
pointed out by schwarze@
|
|
architectures with variable page size.
|
|
Note that ommitting PROT_EXEC for the PLT is deliberate; static PIE
binaries should never actually hit the PLT.
We're still debating what to do when mprotect(2) fails. But that is no
excuse not to at least attempt to fix things up.
ok deraadt@
|
|
instead handle it internally as $ra
solution from kettenis, ok guenther
|
|
|
|
|
|
|
|
|
|
sure we move on to the next relocation entry.
While there, also skip relocations for REL architectures.
|
|
rcsu0.o where the initial 'r' is for relocatable. rcsu0.o performs
self-relocation on static pie binaries by calling a slightly modified
copy of ld.so's _dl_boot_bind() in boot.h.
The first arch implementatation is also included for amd64 where
__start calls _dl_boot_bind() and then calls ___start(). Includes
parts from kettenis@ to help get R_X86_64_64 relocations working
and proper handling for undefined weak symbols.
This is the first part of several to get static pie self-relocating
binaries working. binutils, gcc and kernel changes are forthcoming
to complete the solution, then per-arch implementations are needed
for MD_RCRT0_START in csu.
okay kettenis@ pascal@ deraadt@
|
|
|
|
ok martynas@, millert@, doug@
|
|
|
|
ramdisk libc builds. there has to be a better way without #ifdef's
in gross places, but I don't see it yet.
|
|
naddy found sparc64 gets a little slower when unrolled.
ok deraadt
|
|
|
|
libtls accepts size_t for lengths but libssl accepts int. This verifies
that the input does not exceed INT_MAX. It also avoids truncating size_t
when comparing with int and adds printf-style attributes for
tls_set_error().
with input from deraadt@ and tedu@
ok tedu@
|
|
|
|
|
|
the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
|
|
|
|
ok millert
|
|
|
|
|
|
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
|
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
