| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
| |
this also adds a rename shim that allows overwrites
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
From deraadt@ upstream:
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
|
| |
|
|
|
| |
This includes a WIP failsafe issetugid for now, while research continues
on the proper way to do this in a race-free fashion in AIX.
|
| |
|
|
|
|
| |
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
|
| |
|
|
|
| |
Noticed while testing similar code for AIX.
ok beck@
|
| |
|
|
|
| |
Fail closed if we cannot obtain the process flags. Noticed while looking
at a similar function for AIX.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
|
| |
|
|
|
|
|
|
|
|
| |
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
|
| |
|
|
| |
based on a patch from Jan Engelhardt
|
| |
|
|
| |
There are issues building with inline assembly on Windows 64-bit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.
The build method is a little different than OpenSSL and OpenBSD. All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.
Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
|
| |
|
|
|
|
| |
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
|
| |
|
|
|
|
|
|
|
| |
Remove a lot of complex shell code. Upstream churn has slowed down, so
it is now easier to maintain this directly as automake files. This is
also needed to start integrating CPU-specific acceleration support.
Since we are deriving the copy list from the Makefile.am files, we can
now get rid of copy_src/copy_crypto.
|
| |
|
|
|
| |
This adds a Windows-specific versions of several symbols from libcrypto
and openssl(1).
|
| | |
|
| |
|
|
| |
ok bcook@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
|
| |
|
|
| |
ok @doug
|
| |
|
|
|
|
|
|
|
| |
Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS.
Clarify some ambiguous dependencies around strnlen/strndup.
Unconditionally enable pidwraptest for all arc4random implementations.
Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf.
ok @doug
|
| |
|
|
|
|
| |
it is only used by strndup
prodded by Sortie@
|
| |
|
|
|
|
|
|
|
| |
* use the original name for the file from OpenSSH (remove duplicate version)
* add va_copy/__va_copy checks to configure
* incorporate proposed fixes to openssh version:
+ include more system headers directly for various definitions
+ limit the scope of va_copy/va_end to their affected vsnprintf calls
+ simplify error handling, removing a dead assignment
|
| | |
|
| |
|
|
| |
ok deraadt@ beck@
|
| |
|
|
| |
ok deraadt@ beck@
|
| |
|
|
| |
ok deraadt@ beck@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck@ guenther@
|
| | |
|
| |
|
|
|
|
| |
the thread-private bits can move next
ok beck@
|
| |
|
|
|
|
|
|
|
| |
Use canonical host rather than target so that this works:
CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
Conditionally compile Linux issetugid compatibility function
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From kettenis@
People have suggested using pthread_atfork(3) before, but discarded
the idea because it involves linking with -lpthread, which has other
undesirable consequences. However:
* Most systems actually have pthread_atfork(3) in libc. I verified
this on OS X and Solaris. I believe this is the case on Linux
systems that use musl as well.
* On Linux systems that use glibc, this isn't the case. However,
those systems have __register_atfork(3), which is fully documented
in the "Linux Standard Base Core Specification".
ok kettenis@ deraadt@ beck@
|
| |
|
|
| |
ok beck@
|
| | |
|
| |
|
|
|
|
| |
it is not needed as a library export
ok beck@
|
| |
|
|
| |
ok bcook@
|
| |
|
