| Age | Commit message (Collapse) | Author |
|---|
|
side of the array being partitioned to save on stack space. Greater
savings can be gained by choosing recursion for the smaller side
of the partition and eliminating recursion for the larger side.
This also results in a small but measurable performance gain.
OK otto@ schwarze@
|
|
SSL_get_peer_certificate() increases the ref count whereas extra_certs
do not because SSL_get_peer_cert_chain() won't increase ref counts.
OK beck@
|
|
From "fenderq" on freenode via tj@
|
|
- document posix_memalign() does not play nice with reacallocarray(3) and
freezero(3)
|
|
sizeof(struct) not sizeof(pointer).
otto@ points out that on OpenBSD currently freezero() would have still
zeroed the entire allocation, but this is not documented behaviour and
may change in future.
ok tom@
|
|
runtime support code libcompiler_rt for this. This code uses functions that
live in libpthread, so code that uses TLS support will need to be linked
with -lpthread. This should allow more ports to build with base clang.
ok espie@
|
|
finalbuf is also free'd if kn_encode_base64 somehow fails
hint from tb@, OK millert@ and tb@
|
|
handling to be interative instead of recursive.
Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@
|
|
|
|
it returns "len", which is a size_t value, as an int...
|
|
and document that handling of process group 0 is not specified by
the standard.
|
|
keep these around.
ok beck@
|
|
process ID when negated.
|
|
to the CBB, then doubling, start with an initial size of 64 bytes. Almost
all uses will exceed this size and we avoid multiple small recallocarray()
calls during the initial usage.
ok beck@
|
|
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@
|
|
complete a TLS handshake.
|
|
already completed a TLS handshake.
|
|
with the other pid-specific details.
|
|
ok jsing@, gcc@, regress@
|
|
potentially dealing with key material. Also switch a calloc to malloc,
since we immediately copy the same amount of data to the newly allocated
buffer.
|
|
|
|
Discussed with beck@
|
|
|
|
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.
Requested some time ago by tedu@.
ok beck@
|
|
a tls_load_file() call, ensuring that it the contents become inaccessible.
This is specifically needed on platforms where the library allocators may
be different from the application allocator.
ok beck@
|
|
in C. Ride previous minor bump
ok tom@ inoguchi@ jsing@
|
|
Rides minor bump.
ok beck@
|
|
|
|
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
|
|
|
OK jmc@
|
|
discarded by the kernel. Document that at least one pending signal
will be delivered before sigprocmask() returns.
|
|
update their descriptions. In sysctl.8 refer to /etc/sysctl.conf in FILES.
discussed with and ok jmc
|
|
Even though this is not a real public interface we need the symbol in
the shared library so that relayd can use it (needed for TLS key privsep)
OK beck@
|
|
|
|
|
|
ok beck
|
|
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
|
not exist or is not a child of the calling process.
Document what happens when SIGCHLD is ignored or SA_NOCLDWAIT is
set in sa_flags (this part from FreeBSD).
OK guenther@
|
|
|
|
Inputs from guenther@, ok kettenis@, visa@
|
|
|
|
ok jsing@
|
|
gcc4. This should avoid failed builds while transitioning compilers.
While here also make the CFLAGS blocks consistent across makefiles.
Discussed with deraadt@, ok beck@
|
|
previous code was safe since data would always be NULL if data_len was
uninitialised, however compilers cannot know this.
|
|
not be awful or have any claims on supporting ipv6 when it does so
very badly
ok jsing@
|
|
material inaccessible, then call it from the appropriate places.
ok beck@
|
|
DTLS cookie validation. This can mask a later failure and result in a
positive return value being returned from ssl3_get_client_hello(), when
it should return a negative value to propagate the error.
Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit
message "Fix DTLS cookie management bugs".
Fix based on OpenSSL.
Issue reported by Nicolas Bouliane <nbouliane at jive dot com>.
ok beck@
|
