summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Piotr Sikora pointed me at a more refined diff for the buffer releasetedu2014-04-102-0/+4
| | | | | | issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
* crank major; struct ssl_ctx_st changes; ok teduderaadt2014-04-102-2/+2
|
* Disable Segglemann's RFC520 hearbeat.deraadt2014-04-101-2/+2
| | | | | | | | | | | | I am completely blown away that the same IETF that cannot efficiently allocate needed protocol, service numbers, or other such things when they are needed, can so quickly and easily rubber stamp the addition of a 64K Covert Channel in a critical protocol. The organization should look at itself very carefully, find out how this this happened, and everyone who allowed this to happen on their watch should be evicted from the decision making process. IETF, I don't trust you. ok tedu markus
* disable buf freelists. we'll see what happens next.tedu2014-04-101-1/+2
| | | | ok deraadt
* don't release the read buffer if we're not done reading from it.tedu2014-04-102-4/+0
| | | | ok benno deraadt
* Remove CA certificates which are not listed in Mozilla's certdata.txt.sthen2014-04-091-1823/+0
| | | | | | Notably this removes CAcert who it turns out have strict requirements on redistribution (http://www.cacert.org/policy/RootDistributionLicense.php) which we don't meet.
* Use root CAs that are used by TeleSec (Deutsche Telekom AG):reyk2014-04-091-0/+313
| | | | | | | | | - Baltimore CyberTrust Root - Deutsche Telekom Root CA 2 - T-TeleSec GlobalRoot Class 2 - T-TeleSec GlobalRoot Class 3 ok sthen@
* use char * for strings, saving casts. add return codes to base64 functionstedu2014-04-081-15/+26
|
* cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability fromdjm2014-04-074-26/+54
| | | | OpenSSL git; ok sthen@
* Add some missing names to the NAME sections.schwarze2014-04-075-15/+19
| | | | | | For inet(3), go the other way, remove some bogus symlinks. Found while testing the new makewhatis(8). ok jmc@
* Update Copyright notice; ok otto@ beck@ deraadt@.schwarze2014-04-031-2/+4
| | | | | This is merely a by-product of figuring out the amount of phk@ code contained herein; i'm not planning to hack on this file.
* I have discussed these licenses with Poul-Henning Kamp and he has agreed tobeck2014-04-031-8/+17
| | | | this license change. We will remember that we all still like beer.
* Poul-Henning Kamp informed me he is allright with this licensing change.beck2014-03-251-11/+4
|
* oops, merge errortedu2014-03-241-2/+2
|
* clear stack variables, suggested by djmtedu2014-03-231-1/+4
|
* some improvements suggested by djm.tedu2014-03-231-4/+6
| | | | | | use better constant for salt size. always copy ":" to gerror, in case somebody is dumb enough to overwrite it timingsafe_bcmp before somebody whines about strcmp
* two functions don't need to be exportedtedu2014-03-231-3/+3
|
* minimal change to implementation of bcrypt to not require static globals.tedu2014-03-231-39/+88
| | | | | | add some friendlier functions. move the classic static data api into wrapper functions. a few more changes to come...
* remove the never used bm string functionstedu2014-03-233-329/+3
|
* switch to shorter ISC license. this was ok with Niels Provos.tedu2014-03-221-27/+12
|
* consolidate the base64 code in one place, and remove inadequate test codetedu2014-03-191-86/+56
|
* right or wrong, bcrypt() is declared in pwd.h, not unistd.htedu2014-03-191-2/+3
|
* Retire hp300, mvme68k and mvme88k ports. These ports have no users, keepingmiod2014-03-182-278/+3
| | | | | | | this hardware alive is becoming increasingly difficult, and I should heed the message sent by the three disks which have died on me over the last few days. Noone sane will mourn these ports anyway. So long, and thanks for the fish.
* * Fix another instance of directly writing to the target with a utilityschwarze2014-03-181-4/+6
| | | | | | | that might fail. * Keep the build log clean. * Make sure syntax checks run again when doing: make clean; make ok espie@
* prevent failed command from generating bogus fileespie2014-03-181-2/+2
| | | | okay guenther@
* prepare manpages for new perl.espie2014-03-1819-40/+48
| | | | | | | Note that I missed two of these in the diff shown initially, thx to the atrocious Makefile rule... okay millert@, sthen@, basically
* Sync with the way struct ether_addr is actually defined inlteo2014-03-181-3/+3
| | | | netinet/if_ether.h
* lint is dead (long live the lint!), so stop using it as a cpp conditionalguenther2014-03-162-4/+4
| | | | | | (namespace pollution!) or talking about its opinion on code. ok krw@
* Unhook httpd(8) from build; man page bitsflorian2014-03-131-10/+3
| | | | | | | tweaks jmc@ OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@ "The time is right." and much help getting the show on the road deraadt@
* Unbreak nc -6 -l. Don't retrieve and thus later set the routing tablejca2014-03-121-3/+2
| | | | | unless -V is passed (intent of the previous commit), and use SOL_SOCKET instead of IPPROTO_IP to set the rtable in local_listen(). ok sthen@
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-2712-26/+82
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* Once more, the default routing table id is inherited from the processclaudio2014-02-261-3/+2
| | | | like for any other process as well. OK by many
* solar's testsuite revealed insufficient validation of invalid input hashes.tedu2014-02-241-8/+10
| | | | add a more complete check for the rounds parameter. ok deraadt
* in HISTORY, say where this actually came from;schwarze2014-02-231-5/+7
| | | | ok deraadt@ bentley@
* replace spaces with tabs for indentationstsp2014-02-171-2/+2
|
* remove redundant testtedu2014-02-171-3/+2
|
* sticking strlen into a char leads to wraparound at 256. fix this andtedu2014-02-171-5/+18
| | | | | | introduce a new 'b' hash minor. still generate 'a' minors for now. reported by solar designer. diff by some combination of solar and jca. ok deraadt
* one of the examples needs -N to work again;jmc2014-02-101-3/+3
| | | | | | | the paper trail appears to be: reported in feebsd pr docs/185353 by rol robert-eckardt de fix suggested by peter wemm diff submitted to tech by allan jude
* Fix inet6_opt_init() to only check extlen when extbuff is not NULLmpi2014-02-071-5/+2
| | | | | | as per RFC 3542, from DragonFlyBSD via Eitan Adler. ok bluhm@
* Remove unnecessary stdio.h include.stsp2014-02-051-2/+1
| | | | Patch by Jean-Philippe Ouellet ; ok krw@
* Always set errno when returning NULL. OK kettenis@ henning@millert2014-02-051-7/+17
|
* add explicit_bzero to NAME;jmc2014-01-221-2/+3
|
* add explicit_bzero to libc. implementation subject to change, but starttedu2014-01-223-4/+37
| | | | the ball rolling. ok deraadt.
* Ouch... recommend arc4random, not random.deraadt2014-01-211-3/+3
| | | | spotted by tedu
* obvious .Pa fixes; found with mandocdb(8)schwarze2014-01-2113-49/+49
|
* Fix an obvious .Fn/.Fa typo, found while testing mandocdb(8).schwarze2014-01-201-3/+3
|
* Usually, you don't want macros in the .Nd line, so remove instances of .Tnschwarze2014-01-191-5/+3
| | | | | | marking up words that are not trademarks (ASCII, I/O, NFS, TCP, TELNET). While here, remove .Tn markup from the same words in the body of these pages, too.
* Punctuation after macro arguments needs to be in a separate argument.schwarze2014-01-191-3/+4
| | | | Found while testing mandocdb(8).
* don't try writing past the end unless we have totedu2013-12-311-8/+16
| | | | ok gilles millert
* - Verify that the FPU exception flags weren't clobbered as required by C99.martynas2013-12-296-10/+48
| | | | - Additionally, test _setjmp and sigsetjmp as implementations are different.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-11 14:19:46 +0000