summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Bring back these two files to the 3.1 branch, after the latest libssl updateOPENBSD_3_1miod2003-05-254-0/+68
| | | | | destroyed them by mistake. Sorry for the inconvenience, 3.1-STABLE should build again now.
* Errata #025 (markus):miod2003-03-191-14/+12
| | | | Fix for Klima-Pokorny-Rosa attack on RSA in SSL/TLS
* Errata #024 (markus):miod2003-03-192-5/+31
| | | | Enforce blinding on RSA operations involving private keys.
* MFC (markus@):miod2003-02-232-0/+12
| | | | check for size < 0 when allocating memory, from openssl (-r1.34)
* Errata 021:miod2003-02-223-11/+48
| | | | | | | | | | | | security fix from openssl 0.9.7a: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) adapted from a patch from Ryan W. Maple, via markus@
* Apply http://www.isc.org/products/BIND/patches/bind4910.diffmillert2002-11-141-22/+37
| | | | Fixes bugs listed in http://www.isc.org/products/BIND/bind-security.html
* Disable the engine stuffjason2002-09-261-1/+2
|
* Pull in patch from current:jason2002-09-063-47/+77
| | | | | Fix (itojun): allocate 64K recieve buffer for DNS responses.
* Pull in patch from current:jason2002-08-051-4/+5
| | | | Better fixes from openssl cvs; from markus@
* Pull in patch from current:jason2002-07-311-2/+2
| | | | | Fix (deraadt): permit calloc(0, N) and calloc(N, 0) -- malloc(0) does the right thing
* Pull in patch from current:jason2002-07-3016-7/+99
| | | | | | Fix (markus), errata 013: apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
* Pull in patch from current:jason2002-07-301-1/+7
| | | | | | Fix (deraadt): return failure if integer overflow happens. sigh; too people had to help get this right.
* avoid remote buffer overrun on hostbuf[]. From: Joost Pol <joost@pine.nl>millert2002-06-262-43/+33
| | | | | | | | correct bad practice in the code - it uses two changing variables to manage buffer (buf and buflen). we eliminate buflen and use fixed point (ep) as the ending pointer. From: itojun this fix is critical.
* This commit was manufactured by cvs2git to create branch 'OPENBSD_3_1'.cvs2svn2002-03-12554-134971/+0
|
* Tack on MagniComp (BSD) license since this originally came from rdist.millert2002-03-121-2/+30
|
* Xr getifaddrs(3) and networking(4) in SEE ALSO section.millert2002-03-071-1/+4
|
* Replace SIOCGIFCONF-using NRL versions with KAME versions that usemillert2002-03-073-333/+201
| | | | getifaddrs(3). Fixes problems on LP64 platforms.
* skip sockaddr correctly if sa_len < sockaddr. from niklasitojun2002-02-251-0/+3
|
* Vax O1 workaround no longer needed.hugh2002-02-231-2/+1
|
* deraadt@ objects to the caveat remark, so remove it.miod2002-02-231-11/+1
|
* Slightly improve wording and punctuation.miod2002-02-231-4/+4
|
* Add a caveat section pointing out that people affecting the return valuemiod2002-02-231-5/+13
| | | | | | | | of getopt() to char variables instead of int lose on arches where char is unsigned by default. Clean the example by not pasting parts of <unistd.h> into it, and by not using atoi(3).
* We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.millert2002-02-198-155/+11
|
* Manual cleanup of remaining userland __P use (excluding packages maintained ↵millert2002-02-1710-52/+46
| | | | outside the tree)
* Part one of userland __P removal. Done with a simple regexp with some minor ↵millert2002-02-1629-105/+105
| | | | hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
* Remove references to nonexistent man pages. Ok theo, millert.kjell2002-02-121-2/+1
|
* but... on vax... des_enc.c requires -O1deraadt2002-02-101-1/+2
|
* fix the history refsmickey2002-01-241-2/+2
|
* THREAD_UNLOCK() on error before returning; millert@ ok.fgsch2002-01-231-1/+3
|
* Special case a_strnid.c on vax.hugh2002-01-211-1/+5
|
* If the user passes in "" as the string to resolve the lstat() willmillert2002-01-121-2/+6
| | | | | | fail anyway so check for that. Also convert "." to "" since that way we avoid the lstat() (which we don't need) and the subsequent chdir() and some dir checks.
* label abort() from inside library as ILLEGALderaadt2002-01-023-7/+8
|
* more pid_t usederaadt2002-01-021-3/+4
|
* Add missing .Os. deraadt@ oknordin2002-01-021-1/+2
|
* Two functions can return errors here, not just one.miod2001-12-291-2/+4
|
* fix to match documented behaviour. RAND_file_name must return a pointer tobeck2001-12-202-18/+26
| | | | buf, not something else.
* FQDN subjectAltName in certs, used in isakmpd(8) examples. beck@ ok.ho2001-12-111-0/+7
|
* when strerror() has an Unknown error, also set EINVALderaadt2001-12-081-3/+8
|
* alloca cannot check if the allocation is valid. mention the consequences; ↵deraadt2001-12-061-1/+13
| | | | millert ok
* correct an alignment mis-conception for malloc(0) returned regions.tdeval2001-12-051-14/+25
| | | | OK deraadt@
* document how malloc(0) blobbies are stored, and their characterderaadt2001-12-051-1/+6
|
* 2nd param is constderaadt2001-11-211-2/+2
|
* sync with reality; scope identifier comes even without NI_WITHSCOPEID.itojun2001-11-151-7/+2
|
* make NI_WITHSCOPEID a default (always on), to synchronize with recent 2553bis.itojun2001-11-151-24/+20
| | | | sync with kame.
* sync with kame better. open some renaming #defines (ENI_xx).itojun2001-11-141-42/+27
|
* Missing ssl manpages and mlinks; beck@ ok.fgsch2001-11-061-4/+129
|
* Comment out info on U (utrace) malloc option since we don't support itmillert2001-11-051-8/+8
| | | | on OpenBSD.
* remove dangling spaces and tabsmickey2001-11-011-16/+16
|
* Grammar. Thanks markus@tdeval2001-10-301-2/+2
|
* mprotect allocations sized at 0 bytes. This will cause a fault for accesstdeval2001-10-302-37/+50
| | | | | to such, permitting them to be discovered, instead of exploited as the ssh crc insertion detector was. Idea by theo, written by tdeval.