| Age | Commit message (Collapse) | Author |
|---|
|
ok bluhm@
|
|
against failure reported in dmesg (hmm, is it time to delete those fault
messages?)
|
|
Also tweak the pagefault test to work better on arches
that do not modify the stack pointer on return.
|
|
Replace it with Perl pack() to get hex representation of -1 on
current platform. Make test pass again on i386.
|
|
and server. Together with the syslogd ktrace this helps debugging.
|
|
not contain the CA of the server certificate.
|
|
tests that use and check selected SSL version.
|
|
use-after-free and double-free issues in calling programs.
The bug was introduced in SSLeay-0.6.0 released on June 21, 1996
and has been present since OpenBSD 2.4.
I found the bug while documenting the function.
The bug could bite in two ways that looked quite different from the
perspective of the calling code:
* If a stack was passed in that already contained some X509_INFO
objects and an error occurred, all the objects passed in would be
freed, but without removing the freed pointers from the stack,
so the calling code would probable continue to access the freed
pointers and eventually free them a second time.
* If the input BIO contained at least two valid PEM objects followed by
at least one PEM object causing an error, at least one freed pointer
would be put onto the stack, even though the function would return NULL
rather than the stack. But the calling code would still have a pointer
to the stack, so it would be likely to access the new bogus pointers
sooner or later.
Fix all this by remembering the size of the input stack on entry
and cutting it back to exactly that size when exiting due to an
error, but no further.
While here, do some related cleanup:
* Garbage collect the automatic variables "error" and "i"
which were only used at one single place each.
* Use NULL rather than 0 for pointers.
I like bugfixes that make the code four lines shorter, reduce the
number of variables by one, reduce the number of brace-blocks by
one, reduce the number if if-statements by one, and reduce the
number of else-clauses by one.
Tweaks and OK tb@.
|
|
after getting rid of the "copyless" crutch
|
|
|
|
|
|
|
|
|
|
print the stack address [for comparison in dmesg post-fault]
|
|
|
|
|
|
|
|
|
|
|
|
(on OpenBSD) or out of tree (in Portable).
|
|
|
|
|
|
bettertls.com, and a verification suite to try each certificate
in the same manner as the web based tests do using X509_verify.
This includes the list of "known" failures today in our validaion
code so we can move forward without moving back.
|
|
|
|
A number of these tests are known to fail due to bugs/incorrect
verification implementation.
|
|
ok beck@ tb@
|
|
This provides a script that generates a variety of certificate chains
and assembles them into bundles containing various permutations, which
can be used to test our X.509 verification.
A Go program is included to verify each of these bundles.
ok beck@ tb@
|
|
Otherwise we end up switching to TLSv1.3 and using a TLSv1.3 cipher suite.
|
|
|
|
Makes the test work on architectures where char is unsigned.
ok deraadt@, millert@
|
|
and for their modifiers, written from scratch.
|
|
and for their modifiers, written from scratch.
|
|
This was removed from libssl a very long time ago...
|
|
|
|
With the pipefail option set, the exit status of a pipeline is 0 if all
commands succeed, or the return status of the rightmost command that
fails. This can help stronger error checking, but is not a silver
bullet. For example, commands will exhibit a non-zero exit status if
they're killed by a SIGPIPE when writing to a pipe. Yet pipefail was
considered useful enough to be included in the next POSIX standard.
This implementation remembers the value of the pipefail option when
a pipeline is started, as described as option 1) in
https://www.austingroupbugs.net/view.php?id=789#c4102
Requested by ajacoutot@, ok millert@
|
|
ok stsp
|
|
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
|
|
|
since this is expected to fail on most 32-bit PowerPC CPUs given the
lack of a proper permission bit.
|
|
ok job
|
|
This makes the regress work correctly again - this was previously masked
by the fact that tls_close() (and hence SSL_shutdown()) was draining the
circular buffer, whereas now we're leaving data behind from a previous
test, resulting in the ordering test failing.
|
|
This is the name the other BSDs use for this, there is no reason to
be different, the IPv6 RFCs call these addresses temporary, and some
software in ports wants to use this as well.
Most recently pointed out for firefox by landry.
OK claudio, sthen
|
|
ok beck jsing
|
|
|
|
|
|
|
|
aarch64/powerpc/powerpc64, making use of the count leading
zeros instruction. Also add a brief regression test.
ok deraadt@ kettenis@
|
|
|
|
|
|
|
