summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* update for new symbols and codetedu2015-11-181-2/+2
|
* Add icdb, the internal c database. A simpler replacement for the oldtedu2015-11-181-0/+367
| | | | Berzerkeley DB code.
* add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etcsthen2015-11-161-0/+722
| | | | req by and OK dlg, no objections in 5 days
* ui_new -> UI_new;jmc2015-11-151-2/+2
|
* fix references to lhash(3);jmc2015-11-152-14/+16
|
* mutli -> multimiod2015-11-144-6/+6
|
* Various *syncron* -> *synchron* typos.miod2015-11-142-2/+2
|
* Give clear directions on how to declare, PROTO_*() and DEF_*() new symbolsguenther2015-11-141-0/+97
| | | | prodded by deraadt@
* Since rtable was hoisted to the top with setrtable, it should have noderaadt2015-11-131-10/+7
| | | | | bearing on the following pledge setups anymore. ok benno
* with -V argument, dont set rtable on the socket, instead set if for the wholebenno2015-11-121-15/+4
| | | | | | | | | process, before pledge(). This way the rtable can be pledged too. the discussion about removing -V is postponed. diff from beck@, i wrote the same diff without seeing his, and various people at u2k15 agreed this is the right thing to do. ok phessler@
* add mul and mul_add to NAME;jmc2015-11-121-0/+4
|
* update cross references after deleting the imaginary MLINKSschwarze2015-11-125-6/+6
| | | | bn_internal(3) and lhash(3)
* Convert the handful of manuals that had imaginary names,schwarze2015-11-1213-1154/+2210
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1130-56/+99
| | | | | | entry for them; feedback/ok schwarze
* Convert five more manuals from POD to mdoc.schwarze2015-11-1111-463/+638
| | | | | I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
* Convert and enable CMS manuals.schwarze2015-11-1133-1253/+2040
| | | | Already some time ago, bcook@ said these can be installed.
* update NAME section to include all documented functions,jmc2015-11-106-18/+18
| | | | | | or otherwise change Dt to reflect the name of an existing function; feedback/ok schwarze
* SSL_CTX_sess_set_remove mlink should be SSL_CTX_sess_set_remove_cb;jmc2015-11-101-2/+2
|
* libc.so can't be unloaded, so move the hidden atexit() and pthread_atfork()guenther2015-11-101-1/+13
| | | | | | | | | | | stubs for the executable from crtbegin.o into libc, which lets them be excluded from static links that don't use them. For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini sections for libc aren't called at the right times anyway, so it's good that they're unused. libc.so just needs __guard_local and the .note.openbsd.ident section, so add them to stack_protector.c for now (this will be improved) "good time" deraadt@
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* Make sure we use a sigjmp_buf in the sigsetjmp() part of the test.miod2015-11-084-4/+7
|
* inet(4), not inet(3);jmc2015-11-081-3/+3
|
* Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2015-11-062-4/+4
| | | | reported by Ruslan Babayev.
* Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2015-11-052-10/+10
| | | | | | | | | 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
* Mention ROTL() is always invoked with a proper shift value, due to the way themiod2015-11-052-2/+4
| | | | | CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
* bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2015-11-032-6/+6
| | | | | | Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
* Fix typo in comment of previous commit: "that that".reyk2015-11-022-6/+6
|
* bump minors after adding EVP_aead_chacha20_poly1305_ietf()reyk2015-11-025-5/+5
| | | | OK jsing@
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-027-41/+298
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* delete old lint ARGSUSED commentsguenther2015-11-011-2/+1
|
* KNF; from Rob Piercederaadt2015-11-011-3/+3
|
* print unsigned ints with %u, not %d. Reported by Pascal Cuoq.miod2015-10-301-2/+2
|
* Add explicit LL suffixes to the numerical constants which do not fit in 32 bits.miod2015-10-301-8/+8
|
* Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod2015-10-304-2/+6
| | | | | relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
* Change test to use length 128 (shortest long-form encoding).libressl-v2.3.1doug2015-10-251-2/+2
| | | | From BoringSSL commit: d13a5e15d4e4eb51513be665306a2beba39869df
* Move the _atfork_list definition to atexit.c so that the fork syscall stubguenther2015-10-251-1/+5
| | | | | | doesn't get pulled into all static executables ok millert@ jca@
* Hide __atexit and __atexit_register_cleanup()guenther2015-10-253-4/+12
| | | | | | | | Wrap __cxa_{atexit,finalize}() so the call from exit() goes direct Switch regress/lib/libc/atexit/ to be built with -static so that it can still access __atexit* ok millert@ jca@
* Sort the obsolete flags.doug2015-10-252-12/+12
|
* Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2015-10-252-10/+8
| | | | | | For backward compatibility, the flags are redefined as 0. ok jsing@
* Remove last vestige of SSL_OP_NO_SSLv3 support.doug2015-10-252-8/+2
| | | | | | No part of LibreSSL checks for this flag any longer. ok jsing@
* Simplify ssl23_get_client_hello error handling.doug2015-10-252-52/+52
| | | | | | | | | | ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
* Missing initializer; spotted by coverity.miod2015-10-251-2/+2
|
* The only thing that was translated into multiple languages in OpenBSDbluhm2015-10-251-23/+1
| | | | | | | | | are the errno messages and signal names. Everything else is in English. We are not planning to translate more text. Running a mixed system with less than 1% of the text in native language makes no sense. So remove the NLS support from libc messages. The catopen(3) functions stay as they are. OK stsp@ mpi@
* Use sigaction() instead of signal() to avoid pulling in unnecessaryguenther2015-10-251-3/+5
| | | | | | | wrappers. To keep uses from crawling back in, mark signal() as deprecated inside libc. ok deraadt@
* Use dprintf() instead of fprintf() in the signal handlerguenther2015-10-251-3/+4
|
* Cast ctype functions' arguments to unsigned char.mmcc2015-10-231-5/+5
|
* Switch if_nameindex(3) to use the new NET_RT_IFNAMES sysctl to get theclaudio2015-10-233-88/+73
| | | | | | | | list of interface names. At the same time switch if_nametoindex(3) and if_indextoname(3) to use if_nameindex(3) instead of getifaddrs(3). if_nameindex(3) exposes much less then getifaddrs(3) and is allowed by pledge(2). With and OK deraadt@
* Add ifnameindex to te libc regress testsclaudio2015-10-231-3/+3
|
* Initial pledge of netcat - unfortunately flawed because fiddling the rtableidbeck2015-10-231-1/+27
| | | | | | | in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff
* Use waitpid() instead of wait() to avoid returning early from another childguenther2015-10-231-2/+3
| | | | | | exiting, and loop the waitpid() on EINTR ok deraadt@ millert@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 13:12:27 +0000