Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | - adjust krb5 directories | jasper | 2011-01-03 | 1 | -8/+5 |
| | | | | - zap a trailing tab | ||||
* | - ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is not | jasper | 2010-12-28 | 1 | -2/+3 |
| | | | | common/encouraged practice | ||||
* | - generate and install pkg-config files for openssl, which more and more | jasper | 2010-12-28 | 2 | -1/+122 |
| | | | | | | | | projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@ | ||||
* | remove comment that hasn't been true for quite a while now; | otto | 2010-12-22 | 1 | -6/+1 |
| | | | | ok deraadt@ djm@ | ||||
* | avoid pointer arithmetic on void * | dhill | 2010-12-16 | 1 | -5/+5 |
| | | | | | | tested for a while by me. ok otto@ | ||||
* | move CRYPTO_VIAC3_MAX out of cryptodev.h and into the only | jsg | 2010-12-16 | 2 | -0/+4 |
| | | | | | | file it will be used from. requested by/ok mikeb@ | ||||
* | The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX length | jsg | 2010-12-16 | 2 | -4/+4 |
| | | | | | | | which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt | ||||
* | Security fix for CVE-2010-4180 as mentioned in ↵ | jasper | 2010-12-15 | 4 | -0/+16 |
| | | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@ | ||||
* | involes -> involves; from Carlos Alberto Pereira Gomes | jmc | 2010-11-30 | 1 | -1/+1 |
| | |||||
* | - Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix). | jasper | 2010-11-17 | 2 | -36/+84 |
| | | | | ok djm@ deraadt@ | ||||
* | remove skipjack and cast from the libc; ok deraadt | mikeb | 2010-10-28 | 3 | -1053/+2 |
| | |||||
* | print the pointer value that caused the error (if available); ok | otto | 2010-10-21 | 1 | -47/+54 |
| | | | | deraadt@ nicm@ (on an earlier version) | ||||
* | Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@ | miod | 2010-10-18 | 2 | -2/+2 |
| | |||||
* | OpenSSL grows another undocumented header, apparently needed on armish | djm | 2010-10-07 | 1 | -1/+2 |
| | |||||
* | More OpenSSL fixes: | djm | 2010-10-06 | 7 | -26/+30 |
| | | | | | | | | | - Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@ | ||||
* | Retire Skipjack | mikeb | 2010-10-06 | 4 | -4/+0 |
| | | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts. | ||||
* | Our make already uses sh -e when executing commands. | naddy | 2010-10-04 | 1 | -7/+7 |
| | | | | Revert the "set -e" additions and kill unneeded subshells. ok djm@ | ||||
* | DES_LONG should be u_int on all platforms, it was spuriously | djm | 2010-10-03 | 1 | -1/+1 |
| | | | | u_long on i386. suggested by deraadt@ and kettenis@ | ||||
* | percolate up errors from perl asm scripts, correctly enable SHA-256 asm on | djm | 2010-10-02 | 1 | -9/+9 |
| | | | | amd64 | ||||
* | fix -Wall due to API change | djm | 2010-10-01 | 2 | -6/+6 |
| | |||||
* | update supporting files, crank library majors | djm | 2010-10-01 | 18 | -274/+621 |
| | |||||
* | add missing; yay for cvs! | djm | 2010-10-01 | 5 | -0/+607 |
| | |||||
* | resolve conflicts, fix local changes | djm | 2010-10-01 | 1649 | -188904/+70184 |
| | |||||
* | This commit was generated by cvs2git to track changes on a CVS vendor | djm | 2010-10-01 | 189 | -4739/+34138 |
|\ | | | | | branch. | ||||
| * | import OpenSSL-1.0.0a | djm | 2010-10-01 | 569 | -17816/+61097 |
| | | |||||
| * | This commit was manufactured by cvs2git to create branch 'unlabeled-1.1.1'. | cvs2svn | 2010-07-01 | 1 | -0/+992 |
| | | |||||
* | | This commit was generated by cvs2git to track changes on a CVS vendor | djm | 2010-10-01 | 121 | -3204/+4684 |
|\ \ | | | | | | | branch. | ||||
| * | | import OpenSSL-1.0.0a | djm | 2010-10-01 | 798 | -31734/+48478 |
| | | | |||||
* | | | This commit was generated by cvs2git to track changes on a CVS vendor | djm | 2010-10-01 | 339 | -5051/+49844 |
|\ \ \ | | | | | | | | | branch. | ||||
| * | | | import OpenSSL-1.0.0a | djm | 2010-10-01 | 373 | -6688/+55495 |
| | | | | |||||
| * | | | This commit was manufactured by cvs2git to create branch 'OPENSSL'. | cvs2svn | 2010-07-01 | 1 | -0/+992 |
| | | | | |||||
* | | | | Make gcvt() better match printf("%g") behavior, it now passes regress. | millert | 2010-09-25 | 1 | -11/+23 |
| | | | | | | | | | | | | | | | | OK deraadt@ | ||||
* | | | | Add timingsafe_bcmp(3) to libc, mention that it's already in the | matthew | 2010-09-24 | 3 | -5/+62 |
| | | | | | | | | | | | | | | | | | | | | | | | | kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ | ||||
* | | | | Implement if_freenameindex() as a real function as required by posix. | claudio | 2010-09-24 | 1 | -1/+7 |
| | | | | | | | | | | | | | | | | OK deraadt@, millert@ | ||||
* | | | | more wacky macro fixing; | jmc | 2010-09-19 | 1 | -37/+37 |
| | | | | |||||
* | | | | observe the following spelling: | jmc | 2010-09-10 | 2 | -9/+9 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - wide character (noun) - wide-character (adjective) this is the "fix of least resistance", and appears to be in line with posix style; a tiny fix still needed for curses, but i'll mail that upstream; | ||||
* | | | | Use mandoc instead of groff to build PostScript manuals; note that | schwarze | 2010-09-09 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | | | | | | | | these are not built by default, but only built when MANPS is set. kristaps@ and jmc@ agree with the idea, and the patch doesn't bother deraadt@ at all | ||||
* | | | | Oracle has re-licensed sunrpc under a three-clause BSD license. | millert | 2010-09-01 | 2 | -54/+58 |
| | | | | | | | | | | | | | | | | Update our sources appropriately. OK deraadt@ jsg@ | ||||
* | | | | Check for duplicate variables in the environment when setting a value | millert | 2010-08-23 | 2 | -11/+24 |
| | | | | | | | | | | | | | | | | via setenv() or putenv(). OK miod@ | ||||
* | | | | Sync hcreate(3) with NetBSD, adding some caveats. | ray | 2010-07-28 | 1 | -12/+67 |
| | | | | | | | | | | | | | | | | OK jmc | ||||
* | | | | getopt_long.c replaced getopt.c 6+ years ago; we can retire | blambert | 2010-07-22 | 1 | -7/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | the REPLACE_GETOPT macro, at long last ok millert@ | ||||
* | | | | Document new unsetenv() error returns. | naddy | 2010-07-06 | 1 | -2/+8 |
| | | | | | | | | | | | | | | | | From Nicolas Legrand <nlegrand@ethelred.fr>; ok jmc@ | ||||
* | | | | getpeereid() can now be a library routine using getsockopt() with | deraadt | 2010-07-01 | 3 | -3/+158 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | SOL_SOCKET and SO_PEERCRED, only issue being that it cannot return EFAULT for a page fault. The kernel code will soon be put into compat, and then in 10 years or so tedu will delete it. ok guenther millert | ||||
* | | | | oops. Missed this from my aes-ni commit. | thib | 2010-07-01 | 1 | -3/+4 |
| | | | | |||||
* | | | | AES-NI engine support for OpenSSL. | thib | 2010-07-01 | 20 | -6/+3322 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is code mostly picked up from upstream OpenSSL, or to be more exact a diff from David Woodhouse <dwmw2 at infradead dot org>. Remember to make includes before doing a build! no objections from djm@ OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now) | ||||
* | | | | use a union to align the dns answer buffer until gcc4 is fixed | deraadt | 2010-06-29 | 1 | -5/+8 |
| | | | | |||||
* | | | | use a union to align the dns answer buffer until gcc4 is fixed | deraadt | 2010-06-29 | 1 | -5/+8 |
| | | | | |||||
* | | | | Make unsetenv(NULL) and unsetenv("") give EINVAL, per POSIX. ok deraadt@ | naddy | 2010-06-29 | 1 | -1/+5 |
| | | | | |||||
* | | | | VIA xcrypt for amd64, simpler version of a diff from deraadt | jsg | 2010-06-29 | 2 | -12/+38 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with suggestions from miod. The codepath doesn't seem to be called yet, this will be investigated later. looks good miod@, ok deraadt@ | ||||
* | | | | Add the extendedKeyUsage flags serverAuth and clientAuth. Newer Windows | reyk | 2010-06-26 | 1 | -0/+3 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version require these flags to accept the X.509 certificates from the gateway or client; I just add both flags to make it work in both cases and verified it with win7, for example when authenticating against iked. go ahead beck@ |