Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bring back these two files to the 3.1 branch, after the latest libssl updateOPENBSD_3_1 | miod | 2003-05-25 | 4 | -0/+68 |
| | | | | | destroyed them by mistake. Sorry for the inconvenience, 3.1-STABLE should build again now. | ||||
* | Errata #025 (markus): | miod | 2003-03-19 | 1 | -14/+12 |
| | | | | Fix for Klima-Pokorny-Rosa attack on RSA in SSL/TLS | ||||
* | Errata #024 (markus): | miod | 2003-03-19 | 2 | -5/+31 |
| | | | | Enforce blinding on RSA operations involving private keys. | ||||
* | MFC (markus@): | miod | 2003-02-23 | 2 | -0/+12 |
| | | | | check for size < 0 when allocating memory, from openssl (-r1.34) | ||||
* | Errata 021: | miod | 2003-02-22 | 3 | -11/+48 |
| | | | | | | | | | | | | security fix from openssl 0.9.7a: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) adapted from a patch from Ryan W. Maple, via markus@ | ||||
* | Apply http://www.isc.org/products/BIND/patches/bind4910.diff | millert | 2002-11-14 | 1 | -22/+37 |
| | | | | Fixes bugs listed in http://www.isc.org/products/BIND/bind-security.html | ||||
* | Disable the engine stuff | jason | 2002-09-26 | 1 | -1/+2 |
| | |||||
* | Pull in patch from current: | jason | 2002-09-06 | 3 | -47/+77 |
| | | | | | Fix (itojun): allocate 64K recieve buffer for DNS responses. | ||||
* | Pull in patch from current: | jason | 2002-08-05 | 1 | -4/+5 |
| | | | | Better fixes from openssl cvs; from markus@ | ||||
* | Pull in patch from current: | jason | 2002-07-31 | 1 | -2/+2 |
| | | | | | Fix (deraadt): permit calloc(0, N) and calloc(N, 0) -- malloc(0) does the right thing | ||||
* | Pull in patch from current: | jason | 2002-07-30 | 16 | -7/+99 |
| | | | | | | Fix (markus), errata 013: apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2 | ||||
* | Pull in patch from current: | jason | 2002-07-30 | 1 | -1/+7 |
| | | | | | | Fix (deraadt): return failure if integer overflow happens. sigh; too people had to help get this right. | ||||
* | avoid remote buffer overrun on hostbuf[]. From: Joost Pol <joost@pine.nl> | millert | 2002-06-26 | 2 | -43/+33 |
| | | | | | | | | correct bad practice in the code - it uses two changing variables to manage buffer (buf and buflen). we eliminate buflen and use fixed point (ep) as the ending pointer. From: itojun this fix is critical. | ||||
* | This commit was manufactured by cvs2git to create branch 'OPENBSD_3_1'. | cvs2svn | 2002-03-12 | 554 | -134971/+0 |
| | |||||
* | Tack on MagniComp (BSD) license since this originally came from rdist. | millert | 2002-03-12 | 1 | -2/+30 |
| | |||||
* | Xr getifaddrs(3) and networking(4) in SEE ALSO section. | millert | 2002-03-07 | 1 | -1/+4 |
| | |||||
* | Replace SIOCGIFCONF-using NRL versions with KAME versions that use | millert | 2002-03-07 | 3 | -333/+201 |
| | | | | getifaddrs(3). Fixes problems on LP64 platforms. | ||||
* | skip sockaddr correctly if sa_len < sockaddr. from niklas | itojun | 2002-02-25 | 1 | -0/+3 |
| | |||||
* | Vax O1 workaround no longer needed. | hugh | 2002-02-23 | 1 | -2/+1 |
| | |||||
* | deraadt@ objects to the caveat remark, so remove it. | miod | 2002-02-23 | 1 | -11/+1 |
| | |||||
* | Slightly improve wording and punctuation. | miod | 2002-02-23 | 1 | -4/+4 |
| | |||||
* | Add a caveat section pointing out that people affecting the return value | miod | 2002-02-23 | 1 | -5/+13 |
| | | | | | | | | of getopt() to char variables instead of int lose on arches where char is unsigned by default. Clean the example by not pasting parts of <unistd.h> into it, and by not using atoi(3). | ||||
* | We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft. | millert | 2002-02-19 | 8 | -155/+11 |
| | |||||
* | Manual cleanup of remaining userland __P use (excluding packages maintained ↵ | millert | 2002-02-17 | 10 | -52/+46 |
| | | | | outside the tree) | ||||
* | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | millert | 2002-02-16 | 29 | -105/+105 |
| | | | | hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | ||||
* | Remove references to nonexistent man pages. Ok theo, millert. | kjell | 2002-02-12 | 1 | -2/+1 |
| | |||||
* | but... on vax... des_enc.c requires -O1 | deraadt | 2002-02-10 | 1 | -1/+2 |
| | |||||
* | fix the history refs | mickey | 2002-01-24 | 1 | -2/+2 |
| | |||||
* | THREAD_UNLOCK() on error before returning; millert@ ok. | fgsch | 2002-01-23 | 1 | -1/+3 |
| | |||||
* | Special case a_strnid.c on vax. | hugh | 2002-01-21 | 1 | -1/+5 |
| | |||||
* | If the user passes in "" as the string to resolve the lstat() will | millert | 2002-01-12 | 1 | -2/+6 |
| | | | | | | fail anyway so check for that. Also convert "." to "" since that way we avoid the lstat() (which we don't need) and the subsequent chdir() and some dir checks. | ||||
* | label abort() from inside library as ILLEGAL | deraadt | 2002-01-02 | 3 | -7/+8 |
| | |||||
* | more pid_t use | deraadt | 2002-01-02 | 1 | -3/+4 |
| | |||||
* | Add missing .Os. deraadt@ ok | nordin | 2002-01-02 | 1 | -1/+2 |
| | |||||
* | Two functions can return errors here, not just one. | miod | 2001-12-29 | 1 | -2/+4 |
| | |||||
* | fix to match documented behaviour. RAND_file_name must return a pointer to | beck | 2001-12-20 | 2 | -18/+26 |
| | | | | buf, not something else. | ||||
* | FQDN subjectAltName in certs, used in isakmpd(8) examples. beck@ ok. | ho | 2001-12-11 | 1 | -0/+7 |
| | |||||
* | when strerror() has an Unknown error, also set EINVAL | deraadt | 2001-12-08 | 1 | -3/+8 |
| | |||||
* | alloca cannot check if the allocation is valid. mention the consequences; ↵ | deraadt | 2001-12-06 | 1 | -1/+13 |
| | | | | millert ok | ||||
* | correct an alignment mis-conception for malloc(0) returned regions. | tdeval | 2001-12-05 | 1 | -14/+25 |
| | | | | OK deraadt@ | ||||
* | document how malloc(0) blobbies are stored, and their character | deraadt | 2001-12-05 | 1 | -1/+6 |
| | |||||
* | 2nd param is const | deraadt | 2001-11-21 | 1 | -2/+2 |
| | |||||
* | sync with reality; scope identifier comes even without NI_WITHSCOPEID. | itojun | 2001-11-15 | 1 | -7/+2 |
| | |||||
* | make NI_WITHSCOPEID a default (always on), to synchronize with recent 2553bis. | itojun | 2001-11-15 | 1 | -24/+20 |
| | | | | sync with kame. | ||||
* | sync with kame better. open some renaming #defines (ENI_xx). | itojun | 2001-11-14 | 1 | -42/+27 |
| | |||||
* | Missing ssl manpages and mlinks; beck@ ok. | fgsch | 2001-11-06 | 1 | -4/+129 |
| | |||||
* | Comment out info on U (utrace) malloc option since we don't support it | millert | 2001-11-05 | 1 | -8/+8 |
| | | | | on OpenBSD. | ||||
* | remove dangling spaces and tabs | mickey | 2001-11-01 | 1 | -16/+16 |
| | |||||
* | Grammar. Thanks markus@ | tdeval | 2001-10-30 | 1 | -2/+2 |
| | |||||
* | mprotect allocations sized at 0 bytes. This will cause a fault for access | tdeval | 2001-10-30 | 2 | -37/+50 |
| | | | | | to such, permitting them to be discovered, instead of exploited as the ssh crc insertion detector was. Idea by theo, written by tdeval. |