joerg
44ed6e91de
Prefer "." for the current address and not the PPC specific "$".
2013-08-04 17:15:21 +00:00
tls
14b0477b50
Re-check the entropy level after we call RAND_poll(), so that we do
...
not continuously suck data out of /dev/urandom if we receive a stream
of requests larger than the initial-entropy threshold (hi Roland!).
2013-07-28 14:13:29 +00:00
wiz
a5684d07dd
Use Mt for email addresses.
2013-07-20 21:39:55 +00:00
tteras
2d9f2eda4f
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1
...
remote address as Radius Calling-Station-Id.
2013-07-19 10:54:52 +00:00
christos
a2f4868d2a
add RTM_LOSING, RTM_REDIRECT
2013-07-18 17:02:58 +00:00
tteras
4595769cee
From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up,
...
allowing logging events from init_avc() to show up as well.
2013-07-12 13:11:50 +00:00
joerg
9e69720425
Fix violations of the sequence point rule.
2013-06-28 15:04:35 +00:00
riastradh
82db4b9858
Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
...
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
2013-06-24 04:21:19 +00:00
christos
c59ba37534
Add an option --enable-wildcard-match to enable wildcard matching and explain
...
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
2013-06-20 15:41:18 +00:00
tteras
4f62ef74bd
From Paul Barker: Remove redundant memset after calloc that caused compile
...
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
2013-06-18 05:39:50 +00:00
christos
54da44c072
Accept - as stdin
...
Be nice and let the user know which file it could not open.
2013-06-14 16:29:14 +00:00
tteras
05fbc8efab
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
...
establish-sa for tunnel mode SAs.
2013-06-03 05:49:31 +00:00
tteras
fdd5bac4fc
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix
...
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
2013-05-23 05:42:29 +00:00
elric
3966285084
AUTHCID is optional for the GSSAPI mechanism.
2013-05-16 13:02:12 +00:00
elric
cdfc977bf0
principals have principles.
2013-05-14 15:33:21 +00:00
mlelstv
34b99be967
The previous patch didn't apply cleanly, because our code doesn't
...
use #ifdef OPENSSL_HAS_ECC.
Apply manually.
Drop now unused len variable.
2013-05-14 05:18:11 +00:00
christos
c8fbe6c64a
use explicit_bzero instead of memset to zero memory
2013-05-10 16:39:25 +00:00
christos
6fd620669a
remove error(1) output.
2013-05-10 16:38:47 +00:00
mbalmer
b1090dff8a
racoon default config is in /etc/racoon/racoon.conf
2013-05-08 20:03:02 +00:00
mlelstv
e976afb5c5
Identityfile warnings fixes.
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2084
2013-04-29 17:59:50 +00:00
christos
90a83642c1
restore logging behavior: don't treat user disconnect messages as errors,
...
just log them.
2013-04-25 20:10:28 +00:00
joerg
8d7f62402c
Use __dead.
2013-04-12 18:09:30 +00:00
joerg
e29eeb0057
Add __printflike.
2013-04-12 18:09:19 +00:00
joerg
f1ca729c04
Don't force pthread linkage.
2013-04-12 18:08:10 +00:00
tteras
32d6075c95
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Do not send out
...
illegal zero length MODE_CFG attributes.
2013-04-12 10:03:45 +00:00
tteras
3d2760a386
Some logging improvements.
2013-04-12 09:53:10 +00:00
christos
ce11a51f1d
welcome to openssh-6.2
2013-03-29 16:19:44 +00:00
christos
d2a9b9efd7
from openbsd
2013-03-29 14:52:38 +00:00
agc
ca99397396
fix some lint on i386, noticed by Greg Troxel, thanks!
2013-03-19 01:00:16 +00:00
riastradh
6641d1f9ad
Touch e_aes.c to force a rebuild with new compiler flags for AES-NI.
2013-02-18 21:20:50 +00:00
riastradh
249c85457d
Fix build goo for OpenSSL AES-NI support.
...
OpenSSL now supports AES-NI in evp, not in an engine. We can now get
rid of the no longer maintained aesni engine, which was broken last
summer. Not only can OpenSSL now use AES-NI for everything it did
before we broke it last summer, but it can also use AES-NI for more
encryption modes than before, such as CTR.
Tested on amd64, both vanilla and in an i386 chroot.
ok christos
2013-02-18 21:15:25 +00:00
christos
82e8c5f133
need bsd.own.mk
2013-02-12 20:55:37 +00:00
christos
b261027db1
mv the MKCRYPTO protection higher; ideally should be at the top for this
2013-02-12 20:31:13 +00:00
christos
a7c38cbf62
merge in 1.0.1e
2013-02-12 19:52:11 +00:00
christos
5f71164a5e
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
...
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]
2013-02-12 19:10:49 +00:00
christos
fdbbeac71e
remove obsolete file
2013-02-08 22:37:14 +00:00
christos
6b8892b719
fix generation
2013-02-08 15:22:03 +00:00
matt
e67266a84f
Change bclr 14,2 to beqlr
2013-02-08 03:05:43 +00:00
christos
1e387e93ca
descend!
2013-02-08 01:54:20 +00:00
christos
a6b0cd16cd
commit the new man page.
2013-02-07 17:30:08 +00:00
christos
0e9a2dbd88
one more page
2013-02-07 16:48:28 +00:00
christos
f496c772c6
reorg and add missing file.
2013-02-06 17:03:51 +00:00
christos
ffecf7319c
bump and add extra file
2013-02-05 23:38:46 +00:00
christos
523f268b9f
merge changes
2013-02-05 21:31:23 +00:00
christos
85e90c0ff3
regen
2013-02-05 19:21:27 +00:00
christos
44ce355adb
regen!
2013-02-05 19:18:41 +00:00
christos
340218d9b9
import 1.0.1d for http://www.openssl.org/news/secadv_20130204.txt
2013-02-05 19:04:09 +00:00
tteras
fde1259d48
Fix source port selection
2013-02-05 11:36:17 +00:00
tteras
0849876e12
From Ian West <ian@niw.com.au>: Fix double free of the radius info on
...
config reload.
2013-02-05 06:22:29 +00:00
manu
00e5ebee00
Pull multiple free bua fix from upstream:
...
http://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=d21bf10dea6588b632a65b4fe594e04f288aad83;hp=d47c01a31a67ff4370b1883a58cabd0279752bb4
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.
Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2013-02-04 01:44:47 +00:00