summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Simple emulation of POSIX pty APIs posix_openpt(), ptsname(),millert2012-12-034-6/+414
| | | | | grantpt() and unlockpt() using /dev/ptm. Man pages from FreeBSD. OK kettenis@ deraadt@ beck@ ajacoutot@ naddy@
* New CA root certificates, ok beck@.sthen2012-12-031-99/+1705
| | | | | | | | | | | | | | - additional cert's from GlobalSign. - additional cert's from VeriSign and replace existing ones with 'Signature Algorithm: md2WithRSAEncryption' with their currently distributed sha1WithRSAEncryption versions. - new CAs: AddTrust (root for most Comodo certificates also heavily used in academic networks), Comodo (most of their certs are rooted in AddTrust but TERENA use the Comodo AAA Certificate Services root for some things so add that separately), UserTrust Network/UTN (part of Comodo) and Starfield (part of Go Daddy).
* Additional CA root certificates: GeoTrust/Equifax, Go Daddy, StartCom, thawte.sthen2012-12-011-0/+1187
| | | | ok beck@ william@ todd@
* Regenerate the text information for all certificates with recent opensslsthen2012-11-301-439/+465
| | | | | | and include sha1 signatures for all certs (some were missing). No certificate changes, this is just for consistency. ok beck@
* Remove retired Thawte/Verisign certificates.sthen2012-11-301-499/+0
| | | | | | Remove intermediate GoDaddy certificate, this file should just contain roots. ok beck@ phessler@
* Document a known bug in the DES crypt cipher implementation which we'restsp2012-11-301-2/+6
| | | | | | | | | | not going to fix in order to stay compatible with legacy password data. Nobody should use DES crypt anyway these days. See http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc for details about this bug. Discussed with deraadt and beck about half a year ago (I'm pruning Ms from my tree).
* - put the various options into the same order as those in resolv.hjmc2012-11-291-17/+38
| | | | | | | | | | | | | | | - sync RES_DEBUG with resolv.conf.5 - document RES_PRIMARY, but mark it unsupported (like we already do for RES_AAAONLY) - use the exact same text (about being enabled by default) for RES_RECURSE as for the other two defaults - document RES_INSECURE{1,2} - description lifted from resolv.conf.5 - document RES_NOALIASES - mostly sync the RES_USE_EDNS0 text with resolv.conf.5 - RES_USE_DNSSEC not documented for now. something to come... ok sthen
* remove some useless Tn and double punctuation;jmc2012-11-191-16/+7
|
* RES_IGNTC is no longer ignored; ok sthenjmc2012-11-191-4/+4
|
* Ensure that the base provided to strtol(3) is between 2 and 36 inclusive,jsing2012-11-181-1/+12
| | | | | | or the special value of 0. ok deraadt@ otto@
* Per POSIX, fix raise() and abort() to send the signal to the current thread.guenther2012-11-101-3/+5
| | | | | | Should make coredumps from abort() easier to debug too. ok kurt@
* Add a new malloc option 'U' => "Free unmap" that does the guarding/djm2012-11-022-18/+36
| | | | | | | | | | | | unmapping of freed allocations without disabling chunk randomisation like the "Freeguard" ('F') option does. Make security 'S' option use 'U' and not 'F'. Rationale: guarding with no chunk randomisation is great for debugging use-after-free, but chunk randomisation offers better defence against "heap feng shui" style attacks that depend on carefully constructing a particular heap layout so we should leave this enabled when requesting security options.
* On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don'tkettenis2012-10-318-18/+10
| | | | | | | | | | have to go through the PLT/GOT to get at them anymore. In fact going through the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P. Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@ who did most of the actual work of tracking down the issue. ok millert@, mikeb@
* Restore r1.10, lost during last update:miod2012-10-222-2/+2
| | | | Disable use of dladdr() on a.out arches, they do not provide it (yet);
* Makefile and header changes for OpenSSL-1.0.1cdjm2012-10-1320-139/+361
| | | | major cranks
* import files that CVS missed; sighdjm2012-10-1310-0/+1498
|
* resolve conflictsdjm2012-10-13504-7535/+33760
|
* This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-1342-591/+570
|\ | | | | branch.
| * import OpenSSL-1.0.1cdjm2012-10-13339-4357/+15664
| |
* | This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-13219-1382/+57417
|\ \ | | | | | | branch.
| * | import OpenSSL-1.0.1cdjm2012-10-13248-2332/+62631
| | |
* | | This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-13160-1420/+48653
|\ \ \ | | | | | | | | branch.
| * | | import OpenSSL-1.0.1cdjm2012-10-13359-4455/+63120
| | | |
* | | | last stage of rfc changes, using consistent Rs/Re blocks, and moving thejmc2012-09-279-88/+91
| | | | | | | | | | | | | | | | references into a STANDARDS section;
* | | | Make setenv(3) consistent with unsetenv(3), giving EINVAL if passedjeremy2012-09-232-20/+10
| | | | | | | | | | | | | | | | | | | | | | | | an empty name, NULL pointer, or a name containing an '=' character. OK millert@, guenther@
* | | | remove some wacky Xo/Xc;jmc2012-09-161-3/+3
| | | |
* | | | remove tahoe-specific makefile machinery, no such hardware is known to bemiod2012-09-151-5/+1
| | | | | | | | | | | | | | | | | | | | in working condition anymore (assuming there would be interest in running on it).
* | | | Document that strtod functions accept INF, NAN, NAN(). From Michal Mazurek.martynas2012-09-151-3/+28
| | | |
* | | | specify the bounds of the dst to strlcat (both values were static andderaadt2012-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | equal, but it is more correct) from Michal Mazurek
* | | | Fix precedence bug (& has lower precedence than !=).pirofti2012-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Okay otto@. Found by Michal Mazurek <akfaew at jasminek dot net>, thanks!
* | | | arc4random_buf is the easy way to fill a buffer now. ok deraadttedu2012-09-041-10/+3
| | | |
* | | | remove lint leftovers; ok guenther@okan2012-09-041-5/+1
| | | |
* | | | rfc 2553 (not 2533) has been replaced by rfc 3493;jmc2012-08-221-5/+6
| | | |
* | | | When deciding whether we're PIC in a (generated) asm file, check for both PICpascal2012-08-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | and __PIC__ defines. Makes things easier for PIE. ok djm@
* | | | - remove inconsistent/obsolete commentsjmc2012-08-214-48/+35
| | | | | | | | | | | | | | | | | | | | - update rfc references - make the Rs/Re blocks more consistent
* | | | flesh out the rfc section;jmc2012-08-211-10/+33
| | | | | | | | | | | | | | | | rfc 5321 replaces 974 and 2821;
* | | | rfc 4291 replaces rfcs 2373 and 3513;jmc2012-08-201-9/+16
| | | |
* | | | remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-023-25/+3
| | | | | | | | | | | | | | | | ok guenther@
* | | | remove reference to no longer existing description of nonexistent devices;naddy2012-07-261-7/+4
| | | | | | | | | | | | | | | | ok deraadt@ tedu@, wording tweaks jmc@
* | | | Use same (lame) verbiage to explain ifa_dstaddr as is used forkrw2012-07-131-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ifa_broadaddr. i.e. make it make clear that this field is only valid for P2P. (Hint: one's a field, and one's a #define giving a new name to said field) ok guenther@
* | | | Skip printing another SSLv2-only command in s_client's usage text.sthen2012-07-121-0/+2
| | | | | | | | | | | | | | | | jmc@ noticed this in the manpage while updating it, but it applies here too.
* | | | Disable SSLv2 in OpenSSL. No objections from djm.sthen2012-07-1119-7/+94
| | | | | | | | | | | | | | | | Brad, jasper and naddy helped with test builds, fixing ports, etc.
* | | | fix an off-by-one error where the return value would point to thenaddy2012-07-111-2/+2
| | | | | | | | | | | | | | | | character after the '\0'; ok guenther@
* | | | use PAGE_SHIFT instead of PGSHIFT, in preperation for futurederaadt2012-07-091-2/+2
| | | | | | | | | | | | | | | | | | | | param.h symbol reduction. ok guenther
* | | | Zap extra spaces from function pointer argumentsguenther2012-07-082-8/+8
| | | | | | | | | | | | | | | | Pointed out by Joachim Schipper (joachim at joachimschipper.nl)
* | | | Describe tdelete()'s return value correctly and update the related CAVEATguenther2012-07-081-12/+15
| | | | | | | | | | | | | | | | | | | | Based on a note from Steffen Daode Nurpmeso (sdaoden at googlemail.com) ok jmc@
* | | | after a talk with ariane, use MAP_FIXED for mquery to avoid the cost oftedu2012-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | scanning for free space if the hint isn't available. also, on further inspection, this will prevent pmap_prefer from "improving" our hint.
* | | | Change arc4random_uniform() to calculate ``2**32 % upper_bound'' asmatthew2012-06-241-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``-upper_bound % upper_bound''. Simplifies the code and makes it the same on both ILP32 and LP64 architectures, and also slightly faster on LP64 architectures by using a 32-bit remainder instead of a 64-bit remainder. Pointed out by Jorden Verwer on tech@ ok deraadt; no objections from djm or otto
* | | | - document newly imported AF_INET6 support to net_inet_{pton,ntop}gilles2012-06-241-5/+26
| | | | | | | | | | | | | | | | diff from Florian Obser, ok jmc@
* | | | add support for AF_INET6 to inet_net_pton() and inet_net_ntop()gilles2012-06-222-2/+68
| | | | | | | | | | | | | | | | | | | | | | | | using inet_pton() and inet_ntop() as suggested by claudio ok claudio@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 09:15:42 +0000