summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* This commit was generated by cvs2git to track changes on a CVS vendormiod2014-04-13111-1172/+3427
|\ | | | | branch.
| * Import OpenSSL 1.0.1gmiod2014-04-13134-1395/+3912
| |
| * This commit was manufactured by cvs2git to create branch 'OPENSSL'.cvs2svn2013-02-141-0/+790
| |
* | This commit was generated by cvs2git to track changes on a CVS vendormiod2014-04-135-5/+18
|\ \ | | | | | | branch.
| * | Import OpenSSL 1.0.1gmiod2014-04-13182-1088/+3051
| | |
* | | Move build machinery for libcrypto from libssl/crypto to libcrypto, as wellmiod2014-04-1142-977/+4998
| | | | | | | | | | | | | | | | | | | | | | | | | | | as configuration files; split manpages and .pc files between libcrypto and libssl. No functional change, only there to make engineering easier, and libcrypto sources are still found in libssl/src/crypto at the moment. ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
* | | oops, typo, spotted by Matthias Schelerderaadt2014-04-101-2/+2
| | |
* | | Piotr Sikora pointed me at a more refined diff for the buffer releasetedu2014-04-102-0/+4
| | | | | | | | | | | | | | | | | | issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
* | | crank major; struct ssl_ctx_st changes; ok teduderaadt2014-04-102-2/+2
| | |
* | | Disable Segglemann's RFC520 hearbeat.deraadt2014-04-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I am completely blown away that the same IETF that cannot efficiently allocate needed protocol, service numbers, or other such things when they are needed, can so quickly and easily rubber stamp the addition of a 64K Covert Channel in a critical protocol. The organization should look at itself very carefully, find out how this this happened, and everyone who allowed this to happen on their watch should be evicted from the decision making process. IETF, I don't trust you. ok tedu markus
* | | disable buf freelists. we'll see what happens next.tedu2014-04-101-1/+2
| | | | | | | | | | | | ok deraadt
* | | don't release the read buffer if we're not done reading from it.tedu2014-04-102-4/+0
| | | | | | | | | | | | ok benno deraadt
* | | Remove CA certificates which are not listed in Mozilla's certdata.txt.sthen2014-04-091-1823/+0
| | | | | | | | | | | | | | | | | | Notably this removes CAcert who it turns out have strict requirements on redistribution (http://www.cacert.org/policy/RootDistributionLicense.php) which we don't meet.
* | | Use root CAs that are used by TeleSec (Deutsche Telekom AG):reyk2014-04-091-0/+313
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Baltimore CyberTrust Root - Deutsche Telekom Root CA 2 - T-TeleSec GlobalRoot Class 2 - T-TeleSec GlobalRoot Class 3 ok sthen@
* | | use char * for strings, saving casts. add return codes to base64 functionstedu2014-04-081-15/+26
| | |
* | | cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability fromdjm2014-04-074-26/+54
| | | | | | | | | | | | OpenSSL git; ok sthen@
* | | Add some missing names to the NAME sections.schwarze2014-04-075-15/+19
| | | | | | | | | | | | | | | | | | For inet(3), go the other way, remove some bogus symlinks. Found while testing the new makewhatis(8). ok jmc@
* | | Update Copyright notice; ok otto@ beck@ deraadt@.schwarze2014-04-031-2/+4
| | | | | | | | | | | | | | | This is merely a by-product of figuring out the amount of phk@ code contained herein; i'm not planning to hack on this file.
* | | I have discussed these licenses with Poul-Henning Kamp and he has agreed tobeck2014-04-031-8/+17
| | | | | | | | | | | | this license change. We will remember that we all still like beer.
* | | Poul-Henning Kamp informed me he is allright with this licensing change.beck2014-03-251-11/+4
| | |
* | | oops, merge errortedu2014-03-241-2/+2
| | |
* | | clear stack variables, suggested by djmtedu2014-03-231-1/+4
| | |
* | | some improvements suggested by djm.tedu2014-03-231-4/+6
| | | | | | | | | | | | | | | | | | use better constant for salt size. always copy ":" to gerror, in case somebody is dumb enough to overwrite it timingsafe_bcmp before somebody whines about strcmp
* | | two functions don't need to be exportedtedu2014-03-231-3/+3
| | |
* | | minimal change to implementation of bcrypt to not require static globals.tedu2014-03-231-39/+88
| | | | | | | | | | | | | | | | | | add some friendlier functions. move the classic static data api into wrapper functions. a few more changes to come...
* | | remove the never used bm string functionstedu2014-03-233-329/+3
| | |
* | | switch to shorter ISC license. this was ok with Niels Provos.tedu2014-03-221-27/+12
| | |
* | | consolidate the base64 code in one place, and remove inadequate test codetedu2014-03-191-86/+56
| | |
* | | right or wrong, bcrypt() is declared in pwd.h, not unistd.htedu2014-03-191-2/+3
| | |
* | | Retire hp300, mvme68k and mvme88k ports. These ports have no users, keepingmiod2014-03-182-278/+3
| | | | | | | | | | | | | | | | | | | | | this hardware alive is becoming increasingly difficult, and I should heed the message sent by the three disks which have died on me over the last few days. Noone sane will mourn these ports anyway. So long, and thanks for the fish.
* | | * Fix another instance of directly writing to the target with a utilityschwarze2014-03-181-4/+6
| | | | | | | | | | | | | | | | | | | | | that might fail. * Keep the build log clean. * Make sure syntax checks run again when doing: make clean; make ok espie@
* | | prevent failed command from generating bogus fileespie2014-03-181-2/+2
| | | | | | | | | | | | okay guenther@
* | | prepare manpages for new perl.espie2014-03-1819-40/+48
| | | | | | | | | | | | | | | | | | | | | Note that I missed two of these in the diff shown initially, thx to the atrocious Makefile rule... okay millert@, sthen@, basically
* | | Sync with the way struct ether_addr is actually defined inlteo2014-03-181-3/+3
| | | | | | | | | | | | netinet/if_ether.h
* | | lint is dead (long live the lint!), so stop using it as a cpp conditionalguenther2014-03-162-4/+4
| | | | | | | | | | | | | | | | | | (namespace pollution!) or talking about its opinion on code. ok krw@
* | | Unhook httpd(8) from build; man page bitsflorian2014-03-131-10/+3
| | | | | | | | | | | | | | | | | | | | | tweaks jmc@ OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@ "The time is right." and much help getting the show on the road deraadt@
* | | Unbreak nc -6 -l. Don't retrieve and thus later set the routing tablejca2014-03-121-3/+2
| | | | | | | | | | | | | | | unless -V is passed (intent of the previous commit), and use SOL_SOCKET instead of IPPROTO_IP to set the rtable in local_listen(). ok sthen@
* | | SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-2712-26/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* | | Once more, the default routing table id is inherited from the processclaudio2014-02-261-3/+2
| | | | | | | | | | | | like for any other process as well. OK by many
* | | solar's testsuite revealed insufficient validation of invalid input hashes.tedu2014-02-241-8/+10
| | | | | | | | | | | | add a more complete check for the rounds parameter. ok deraadt
* | | in HISTORY, say where this actually came from;schwarze2014-02-231-5/+7
| | | | | | | | | | | | ok deraadt@ bentley@
* | | replace spaces with tabs for indentationstsp2014-02-171-2/+2
| | |
* | | remove redundant testtedu2014-02-171-3/+2
| | |
* | | sticking strlen into a char leads to wraparound at 256. fix this andtedu2014-02-171-5/+18
| | | | | | | | | | | | | | | | | | introduce a new 'b' hash minor. still generate 'a' minors for now. reported by solar designer. diff by some combination of solar and jca. ok deraadt
* | | one of the examples needs -N to work again;jmc2014-02-101-3/+3
| | | | | | | | | | | | | | | | | | | | | the paper trail appears to be: reported in feebsd pr docs/185353 by rol robert-eckardt de fix suggested by peter wemm diff submitted to tech by allan jude
* | | Fix inet6_opt_init() to only check extlen when extbuff is not NULLmpi2014-02-071-5/+2
| | | | | | | | | | | | | | | | | | as per RFC 3542, from DragonFlyBSD via Eitan Adler. ok bluhm@
* | | Remove unnecessary stdio.h include.stsp2014-02-051-2/+1
| | | | | | | | | | | | Patch by Jean-Philippe Ouellet ; ok krw@
* | | Always set errno when returning NULL. OK kettenis@ henning@millert2014-02-051-7/+17
| | |
* | | add explicit_bzero to NAME;jmc2014-01-221-2/+3
| | |
* | | add explicit_bzero to libc. implementation subject to change, but starttedu2014-01-223-4/+37
| | | | | | | | | | | | the ball rolling. ok deraadt.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 08:11:23 +0000