| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Based on OpenSSL and BoringSSL.
ok bcook@
|
|
ok jsing@
|
|
|
|
general cleanup
diff from Kaspars Bankovskis (kaspars (at) bankovskis.net)
ok and tweaks schwarze@, jmc@
|
|
|
|
|
|
while here, remove the lie that regex(3) character classes would
depend on the locale;
ok jmc@
|
|
|
|
and strlen that provide a significantly faster performance than our
previous .c or .S implementations. Based on NetBSD's code.
Tested with different amd64 CPUs.
ok deraadt@ mikeb@
|
|
|
|
|
|
|
|
It may take a few iterations to get the tone right.
previously discussed with millert
|
|
the same thingies. Therefore these "lists of functions" man pages can go
away.
Hurray! I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)
|
|
observed by jonas termansen
|
|
|
|
to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode. If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from enh at google
|
|
|
|
|
|
ok deraadt naddy
|
|
|
|
Casting a pointer to an unsigned long discards bits on an LLP64 system.
ok deraadt@
|
|
Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.
discussed with tedu@ & deraadt@
|
|
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
ok jsing@
|
|
void pointer is undefined and initialising an array with {} is a syntax
error.
Based on a diff from kinichiro inoguchi.
|
|
system. *blush*
|
|
sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter
only frees the stack itself and does not free the items.
From Basskrapfen on github.
|
|
generating code for 64-bit mips userland.
|
|
|
|
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
|
|
|
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
The semantics of tls_error() are changed slightly: the last error message is
not necessarily preserved between subsequent calls into the library.
When the previous call to libtls succeeds, client programs should treat the
return value of tls_error() as undefined.
ok tedu@
|
|
only sometimes being available... and when it was available it was via
the crypto engine. GOST is now part of libcrypto proper.
Instead of trying to do EVP PKEY lookups via string literals and the
ASN1 interfaces, lookup the methods directly using the appropriate NID.
ok bcook@
|
|
|
|
|
|
ok tedu@
|
|
|
|
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
|
|
breaking the hardlink between file system entries, confusing apropos(1).
Split malloc.conf(5) out of malloc(3) as suggested by deraadt@.
Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
|
|
|
|
|
