summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* pledge nc better - Load the certificate into memory and then do the pledge,beck2015-12-081-5/+21
| | | | | this allows us to drop the rpath fromt the nc pledge. ok deraadt@, tedu@
* Add root certificate for COMODO RSA Certification Authority, ok beck@sthen2015-12-071-0/+122
| | | | | | | In some cases sites signed by this are covered by the old "AddTrust External CA Root" that we already had, but that depends on the site sending a fairly large chain of intermediate certificates which most aren't doing (because there's no need because this newer one is in browser stores..).
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-072-4/+4
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Get rid of modulo bias and replace the naive shuffle by thetb2015-12-071-20/+16
| | | | | | | | Knuth-Fisher-Yates shuffle to make the random sequence of ports less biased. Based on the implementation in sys/netinet/ip_id.c. With helpful input from daniel@ and beck@ ok beck@ despite eye twitching
* Fix for OpenSSL CVE-2015-3195beck2015-12-042-6/+16
| | | | ok djm@ jsing@
* Fix for OpenSSL CVE-2015-3194beck2015-12-032-4/+4
| | | | ok krw@
* s_server also needs DNS; reported by tb@jca2015-12-011-2/+2
|
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-012-4/+4
|
* Phrase allocation failure more clearly. ok deraadt@mmcc2015-12-011-3/+3
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-012-4/+4
| | | | ok jcs@ deraadt@ theo@
* change Xrs from now-defunct db(3) to dbopen(3); this wasn;t ajmc2015-11-302-6/+6
| | | | | | | straight replace: thanks both to schwarze and maja for feedback on how to rewrite parts; i've snuck in an rcs id->openbsd id change in dev_mkdb too;
* Wrap <icdb.h> so that calls go direct and the symbols are all weakguenther2015-11-251-1/+12
| | | | ok tedu@
* syslog() here is pointless; ok millertderaadt2015-11-251-2/+0
|
* Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} withinmillert2015-11-242-7/+10
| | | | | | | libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
* Correct file name, no text change (no history yet, but sorry for the churn).schwarze2015-11-242-26/+26
| | | | Issue noticed by jmc@, OK jmc@.
* Document that these functions are now in strings.h.daniel2015-11-247-19/+22
| | | | ok millert@
* Don't fake a bulleted list by prefixing items with 'o'.bentley2015-11-241-8/+8
| | | | ok jmc@
* rename variable 'sun' to allow building on Solarisbcook2015-11-231-13/+13
| | | | ok deraadt@
* In pledge(), put "dns" right after "inet".jca2015-11-212-4/+4
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-212-4/+4
| | | | From todd@
* Partial revert of revision 1.26:schwarze2015-11-211-18/+18
| | | | | Do *not* install the CMS_* manuals for now given that the code is currently disabled. Cluestick applied by jsing@.
* point to netintro(4) rather than (now removed) networking(4);jmc2015-11-212-6/+6
|
* do not need sys/param.hderaadt2015-11-201-1/+0
|
* add a version field to prevent mayhem if different data gets storedtedu2015-11-181-3/+7
|
* update for new symbols and codetedu2015-11-181-2/+2
|
* Add icdb, the internal c database. A simpler replacement for the oldtedu2015-11-181-0/+367
| | | | Berzerkeley DB code.
* add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etcsthen2015-11-161-0/+722
| | | | req by and OK dlg, no objections in 5 days
* ui_new -> UI_new;jmc2015-11-151-2/+2
|
* fix references to lhash(3);jmc2015-11-152-14/+16
|
* mutli -> multimiod2015-11-144-6/+6
|
* Various *syncron* -> *synchron* typos.miod2015-11-142-2/+2
|
* Give clear directions on how to declare, PROTO_*() and DEF_*() new symbolsguenther2015-11-141-0/+97
| | | | prodded by deraadt@
* Since rtable was hoisted to the top with setrtable, it should have noderaadt2015-11-131-10/+7
| | | | | bearing on the following pledge setups anymore. ok benno
* with -V argument, dont set rtable on the socket, instead set if for the wholebenno2015-11-121-15/+4
| | | | | | | | | process, before pledge(). This way the rtable can be pledged too. the discussion about removing -V is postponed. diff from beck@, i wrote the same diff without seeing his, and various people at u2k15 agreed this is the right thing to do. ok phessler@
* add mul and mul_add to NAME;jmc2015-11-121-0/+4
|
* update cross references after deleting the imaginary MLINKSschwarze2015-11-125-6/+6
| | | | bn_internal(3) and lhash(3)
* Convert the handful of manuals that had imaginary names,schwarze2015-11-1213-1154/+2210
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1130-56/+99
| | | | | | entry for them; feedback/ok schwarze
* Convert five more manuals from POD to mdoc.schwarze2015-11-1111-463/+638
| | | | | I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
* Convert and enable CMS manuals.schwarze2015-11-1133-1253/+2040
| | | | Already some time ago, bcook@ said these can be installed.
* update NAME section to include all documented functions,jmc2015-11-106-18/+18
| | | | | | or otherwise change Dt to reflect the name of an existing function; feedback/ok schwarze
* SSL_CTX_sess_set_remove mlink should be SSL_CTX_sess_set_remove_cb;jmc2015-11-101-2/+2
|
* libc.so can't be unloaded, so move the hidden atexit() and pthread_atfork()guenther2015-11-101-1/+13
| | | | | | | | | | | stubs for the executable from crtbegin.o into libc, which lets them be excluded from static links that don't use them. For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini sections for libc aren't called at the right times anyway, so it's good that they're unused. libc.so just needs __guard_local and the .note.openbsd.ident section, so add them to stack_protector.c for now (this will be improved) "good time" deraadt@
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* Make sure we use a sigjmp_buf in the sigsetjmp() part of the test.miod2015-11-084-4/+7
|
* inet(4), not inet(3);jmc2015-11-081-3/+3
|
* Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2015-11-062-4/+4
| | | | reported by Ruslan Babayev.
* Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2015-11-052-10/+10
| | | | | | | | | 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
* Mention ROTL() is always invoked with a proper shift value, due to the way themiod2015-11-052-2/+4
| | | | | CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
* bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2015-11-032-6/+6
| | | | | | Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 11:34:01 +0000