| Age | Commit message (Collapse) | Author |
|---|
|
|
|
to look up the mapping for the futex address.
ok visa@, mpi@
|
|
client KEX DHE processing, rather than reusing the buffer that is used
to send/receive handshake messages.
ok beck@ inoguchi@
|
|
ok beck@ inoguchi@
|
|
|
|
returns to const pointers:
- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().
Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.
|
|
"See witness(4)" is unneccessary, and just bulks this already large page: remove it;
|
|
less keying material is needed.
Based on code written by djm@ and markus@ for ssh.
|
|
This is a code base that intends on providing a simplified interface for
mid-level cryptographic operations. In due course various applications and
libraries will be able to benefit from a clean and robust API, rather than
using libcrypto or other similar APIs directly.
Discussed at length with deraadt@, djm@, markus@, beck@ and others.
|
|
Also allocate a dedicated buffer to hold the shared secret, rather than
reusing init_buf.
ok inoguchi@ tb@
|
|
These are insecure and should not be used - furthermore, we would should
not have been allowing their negotiation with TLSv1.2 (as noted by Robert
Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher
suites also fixes this issue.
ok beck@ inoguchi@
|
|
UI_method_get_flusher(), UI_method_get_opener(),
UI_method_get_prompt_constructor(), UI_method_get_reader(), and
UI_method_get_writer().
tested in a bulk build by sthen
ok jsing
|
|
BIO_meth_get_callback_ctrl, BIO_meth_get_create, BIO_meth_get_ctrl,
BIO_meth_get_destroy, BIO_meth_get_gets, BIO_meth_get_puts,
BIO_meth_get_read, and BIO_meth_get_write.
ok jsing
|
|
a little:
Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the appropriate place and simplify the
logic for dealing with the potentially NULL pkey argument (includes a neat
tweak from jsing). Finally, kill an ugly comment that has been rotting for
twenty years and merge the lines around it.
tested in a bulk build by sthen
ok jsing
|
|
tested in a bulk build by sthen
ok jsing
|
|
X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen
suggested by & ok jsing
|
|
tested in a bulk build by sthen
ok jsing
|
|
tested in a bulk build by sthen
ok bcook, jsing
|
|
ok drahm@
|
|
This prevents a panic due to a double free if a program exits after having
called accept(2) and dup2(2) on the same fd but without the corresponding
connect(5).
It will also allows us to simplify file descriptor locking. The error code
has been choosed to match Linux's behavior.
Pointed by Mathieu on tech@ after a discussion with guenther@. ok visa@
|
|
so passing "nan" and "-nan" produces a NaN with the right sign.
Bug reported and diff provided by George Koehler.
ok kettenis@
|
|
|
|
|
|
|
|
Diff from Jack Burton <jack at saosce dot com dot au>.
|
|
to do it a second time by hand, badly. While here, do some style cleanup.
This incomplete list of function pointers appears in EVP_PKEY_asn1_copy()
as well, fix it by adding sig_print to the members copied over.
ok bcook
|
|
system's ino for VOP_GETATTR(9) and VOP_READDIR(9) rather than the
internally generated fuse ino.
ok mpi@
|
|
interpret.
ok mpi@
|
|
VOP_CLOSE(9). The associated FUSE file handle is however not closed at this
time and is instead closed on VOP_RELEASE(9) because that's the only time
it's guaranteed to be no longer used. Directory handles are now only closed
on VOP_RELEASE(9) for the same reason.
ok mpi@
|
|
to the argument of UI_create_method(3). Adjust the manual.
|
|
to the ASN1_OBJECT argment of X509_NAME_add_entry_by_OBJ(3).
Adjust the manual.
|
|
to the input argument of ASN1_STRING_to_UTF8(3). Adjust the manual.
|
|
to the input argument of i2o_ECPublicKey(3). Adjust the manual.
|
|
to both arguments of X509_check_private_key(3). Adjust the manual.
|
|
tb@ added const qualifiers to the pointer arguments of some X509_get_ext*(3)
and X509_REVOKED_get_ext*(3) functions. Adjust the manual.
|
|
tb@ added a const qualifier to the X509_NAME argument of these output
functions. Adjust the manual.
|
|
tb@ added const qualifiers to some arguments of X509_NAME read accessors.
Adjust the manual.
|
|
to the X509_NAME_ENTRY argument of X509_NAME_add_entry(3) and in
x509.h rev. 1.55 2018/05/18 18:02:07 to the "bytes" argument of
X509_NAME_add_entry_by_OBJ(3) and X509_NAME_add_entry_by_NID(3).
Adjust the manual.
|
|
added const qualifiers to some arguments of some X509_NAME_ENTRY functions.
Adjust the manual.
|
|
to one argument each of X509_EXTENSION_set_object(3)
and X509_EXTENSION_get_critical(3). Adjust the manual.
|
|
For pure ECDHE we do not need to construct a new key using the one that
was set up during the other half of the key exchange. Also, since we do not
support any form of ECDH the n == 0 case is not valid (per RFC 4492 section
5.7), so we can ditch this entirely.
ok inoguchi@ tb@
|
|
ok beck@ tb@
|
|
ok visa@
|
|
^^^^^
tested in a bulk build by sthen
ok jsing
|
|
tested in a bulk build by sthen
ok jsing
|
|
tested in a bulk build by sthen
ok jsing
|
|
Tested in a bulk build by sthen
ok jsing
|
|
tested in a bulk build by sthen
ok jsing
|
|
X509V3_get_d2i() and X509V3_extensions_print(), and one to the 'title'
argument of the latter function.
tested in a bulk build by sthen
ok jsing
|
|
one to the last argument of each one of i2s_ASN1_OCTET_STRING(),
s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(),
and i2s_ASN1_ENUMERATED_TABLE().
tested in a bulk build by sthen
ok jsing
|
