Commit Graph

808 Commits

Author SHA1 Message Date
christos
0e9a2dbd88 one more page 2013-02-07 16:48:28 +00:00
christos
f496c772c6 reorg and add missing file. 2013-02-06 17:03:51 +00:00
christos
ffecf7319c bump and add extra file 2013-02-05 23:38:46 +00:00
christos
523f268b9f merge changes 2013-02-05 21:31:23 +00:00
christos
85e90c0ff3 regen 2013-02-05 19:21:27 +00:00
christos
44ce355adb regen! 2013-02-05 19:18:41 +00:00
christos
340218d9b9 import 1.0.1d for http://www.openssl.org/news/secadv_20130204.txt 2013-02-05 19:04:09 +00:00
manu
00e5ebee00 Pull multiple free bua fix from upstream:
http://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=d21bf10dea6588b632a65b4fe594e04f288aad83;hp=d47c01a31a67ff4370b1883a58cabd0279752bb4

Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2013-02-04 01:44:47 +00:00
christos
469af362c9 use the version in the source tree, instead of the build host 2013-02-01 21:02:48 +00:00
christos
387f092185 print only the version as the full version confuses pkgconfig. 2013-01-22 13:51:45 +00:00
apb
5950e8a8de FILESBUILD_<filename>=yes can replace both
CLEANFILES+=<filename> and realall: <filename>
2013-01-19 21:57:55 +00:00
christos
4aa8d00fa6 add a dependency to realall from Takeshi Nakayama 2013-01-19 21:05:46 +00:00
christos
98c3902e37 Add pkgconfig gluons 2013-01-18 18:09:55 +00:00
christos
9109786ace #!/bin/sh 2013-01-18 17:56:11 +00:00
martin
1c77afcb0e Compile bignum.c with -O1 only on ia64 to avoid a gcc bug 2012-12-27 14:16:16 +00:00
christos
fb2eb83f75 make sure that our hpn patches are up-to-date 2012-12-12 18:19:25 +00:00
christos
2649c70094 update to 6.1
This is primarily a bugfix release.

Features:

 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.

Bugfixes:

 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.
2012-12-12 17:42:39 +00:00
christos
03f1b832fc From ftp.openbsd.org 2012-12-12 16:52:23 +00:00
agc
28853c6d2d Make the mp_digit type an "unsigned long" so that it works for ILP32 and
LP64.

Fixes problems showing up on regression tests on i386 (which work fine on
amd64) i.e. turn:

	t_netpgpverify (1/1): 2 test cases
	    netpgpverify_dsa: [0.309746s] Failed: atf-check failed; see the output of the test for details
	    netpgpverify_rsa: [0.183148s] Passed.
	[0.495102s]

	Failed test cases:
	    t_netpgpverify:netpgpverify_dsa

	Summary for 1 test programs:
	    1 passed test cases.
	    1 failed test cases.
	    0 expected failed test cases.
	    0 skipped test cases.

into:

	t_netpgpverify (1/1): 2 test cases
	    netpgpverify_dsa: [0.236076s] Passed.
	    netpgpverify_rsa: [0.154680s] Passed.
	[0.393034s]

	Summary for 1 test programs:
	    2 passed test cases.
	    0 failed test cases.
	    0 expected failed test cases.
	    0 skipped test cases.
2012-12-03 18:02:22 +00:00
wiz
759d63f41f Remove trailing whitespace, sort SEE ALSO, comment out reference
to non-existing libbz2(3).

XXX: bn(3) references correct? (man page doesn't exist in NetBSD)
2012-11-28 09:23:14 +00:00
agc
054ef4df4b revert previous change for LIBDPLIBS until I have a chance to work out the
order for building pre-req libs
2012-11-22 21:20:44 +00:00
martin
6747337601 Initialize "ok" (and thereby fix the vax build) 2012-11-22 11:26:28 +00:00
agc
ef7daf19a9 link libz and libbz2 into the netpgpverify library, rather than into the
executable, via LIBDPLIBS.
2012-11-22 04:05:57 +00:00
agc
53475f6b40 Fix some lint 2012-11-22 00:38:45 +00:00
agc
e5e8eae465 Fix some lint - from Havard Eidnes 2012-11-22 00:37:55 +00:00
agc
2752da196a fix problem on 32-bit problems - with thanks to Alan Barrett and
Jonathan Kollasch
2012-11-20 18:45:37 +00:00
agc
9bf07868ef don't assume every platform is 64-bit - just use standard integer arithmetic 2012-11-20 17:57:40 +00:00
agc
640eb22bcb Merge netpgpverify(1) and libnetpgpverify(3) from the
agc-netpgp-standalone branch.

Rewrite the netpgpverify(1) functionality from RFC4880 up.  This is a
completely new implementation, and uses its own bignum library derived
from libtommath.  Apart from libz and libbz2, it just uses its own
library and is self-contained - this makes it easier to embed, and to
use from scripting languages.

netpgpverify(1) now verifies all the signed files i've thrown at it,
and the added bonus of using no functionality from libcrypto - all of
its bignum functionality comes from its own libnetpgpverify.so.
netpgpverify(1) now verifies not only signatures on binary files, but
also signatures on text documents.  This fixes PR/46930.  Please don't
start me on the hoops I had to jump through to calculate the digests
on text files; trust me, you will regret it.

% supersize `which netpgpverify`
   text    data     bss     dec     hex filename
   4452     860      72    5384    1508 /usr/bin/netpgpverify
  79542    1408       0   80950   13c36 /usr/lib/libz.so.1
  43994     984     488   45466    b19a /usr/lib/libgcc_s.so.1
1318116   49644   69272 1437032  15ed68 /usr/lib/libc.so.12
  57253    4184       0   61437    effd /usr/lib/libbz2.so.1
 108726    1712       0  110438   1af66 /usr/lib/libnetpgpverify.so.4
  1612083    58792   69832   1740707   0x1a8fa3   total
%

% make t
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16
diff expected16 output16
rm -f output16
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17
diff expected17 output17
rm -f output17
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18
diff expected18 output18
rm -f output18
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19
diff expected19 output19
rm -f output19
...
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
diff expected46 output46
rm -f output46
cd tests/netpgpverify && make && atf-run
atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa
atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile
t_netpgpverify:netpgpverify_rsa  ->  passed  [0.221s]
t_netpgpverify:netpgpverify_dsa  ->  passed  [0.117s]

2/2 passed (0 failed)
Committed action 19
%
2012-11-20 05:26:24 +00:00
christos
c254700c5c wait for trousers 2012-11-04 19:46:42 +00:00
christos
df3a32c7fb use LIBDPLIBS 2012-11-04 19:45:58 +00:00
christos
452fa9e672 Hook in TPM utils 2012-11-04 16:29:12 +00:00
christos
0ccc9c4c06 Don't forget to re-assign sock after dup2(); from Jarle Greipsland 2012-10-26 12:42:10 +00:00
christos
839f71d992 Take better care of closing file descriptors in the agent child and dealing
with dup2 and std{in,out,err}.
2012-09-18 15:18:01 +00:00
christos
ff8ddb8d69 fix MKREPRO build not to put Generated from ${NETBSDSRCDIR} in files. 2012-09-05 19:31:04 +00:00
christos
cd376cd5d3 Prefer SIXTY_FOUR_BIT_LONG instead of SIXTY_FOUR_BIT as before 2012-08-12 17:24:59 +00:00
christos
bfc28188e6 define OPENSSL_THREADS, from drochner. 2012-08-12 12:43:49 +00:00
joerg
e16a720f89 Don't depend on HAVE_GCC being always defined. 2012-08-10 12:20:10 +00:00
christos
cd27e50e59 add #include <machine/asm.h>, use PIC_PLT() 2012-08-04 11:03:34 +00:00
christos
faf72548c4 add this directory to the search path 2012-07-31 11:08:34 +00:00
christos
1a28d260d0 - -m64 is needed for ghash
- add montgomery multiplication assembly
2012-07-31 10:33:45 +00:00
matt
d19212c5d5 Fix mips asm to not use outdated stuff. 2012-07-30 18:40:36 +00:00
christos
6cced2a43a make sure alloca is undefed on SSP 2012-07-30 17:16:23 +00:00
christos
f87f89779c only use alloca if not __SSP__ 2012-07-30 17:15:45 +00:00
martin
a1e40c3f35 Do not use dots in identifiers (replace by _) 2012-07-30 15:00:39 +00:00
matt
fcff60e41a Add sparccpuid.S 2012-07-30 13:53:19 +00:00
christos
c77791c047 fix the generation 2012-07-30 10:25:24 +00:00
matt
72331d9777 Fix init call to OPENSSL_cpuid_setup.
XXX why are using a globally visible routine in a constructor?
2012-07-29 13:17:53 +00:00
christos
4364423588 make sure that the PLT change is not lost 2012-07-28 19:21:57 +00:00
matt
fec343bc7e Call OPENSSL_cpuid_setup through PLT to avoid DT_TEXTREL 2012-07-28 18:06:08 +00:00
matt
8a64184d2a Get new openssl to work on powerpc. 2012-07-27 23:01:23 +00:00