Commit Graph

2413 Commits

Author SHA1 Message Date
joerg
44ed6e91de Prefer "." for the current address and not the PPC specific "$". 2013-08-04 17:15:21 +00:00
tls
14b0477b50 Re-check the entropy level after we call RAND_poll(), so that we do
not continuously suck data out of /dev/urandom if we receive a stream
of requests larger than the initial-entropy threshold (hi Roland!).
2013-07-28 14:13:29 +00:00
wiz
a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
tteras
2d9f2eda4f From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1
remote address as Radius Calling-Station-Id.
2013-07-19 10:54:52 +00:00
christos
a2f4868d2a add RTM_LOSING, RTM_REDIRECT 2013-07-18 17:02:58 +00:00
tteras
4595769cee From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up,
allowing logging events from init_avc() to show up as well.
2013-07-12 13:11:50 +00:00
joerg
9e69720425 Fix violations of the sequence point rule. 2013-06-28 15:04:35 +00:00
riastradh
82db4b9858 Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.

Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
2013-06-24 04:21:19 +00:00
christos
c59ba37534 Add an option --enable-wildcard-match to enable wildcard matching and explain
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
2013-06-20 15:41:18 +00:00
tteras
4f62ef74bd From Paul Barker: Remove redundant memset after calloc that caused compile
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
2013-06-18 05:39:50 +00:00
christos
54da44c072 Accept - as stdin
Be nice and let the user know which file it could not open.
2013-06-14 16:29:14 +00:00
tteras
05fbc8efab From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
establish-sa for tunnel mode SAs.
2013-06-03 05:49:31 +00:00
tteras
fdd5bac4fc From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
2013-05-23 05:42:29 +00:00
elric
3966285084 AUTHCID is optional for the GSSAPI mechanism. 2013-05-16 13:02:12 +00:00
elric
cdfc977bf0 principals have principles. 2013-05-14 15:33:21 +00:00
mlelstv
34b99be967 The previous patch didn't apply cleanly, because our code doesn't
use #ifdef OPENSSL_HAS_ECC.
Apply manually.
Drop now unused len variable.
2013-05-14 05:18:11 +00:00
christos
c8fbe6c64a use explicit_bzero instead of memset to zero memory 2013-05-10 16:39:25 +00:00
christos
6fd620669a remove error(1) output. 2013-05-10 16:38:47 +00:00
mbalmer
b1090dff8a racoon default config is in /etc/racoon/racoon.conf 2013-05-08 20:03:02 +00:00
mlelstv
e976afb5c5 Identityfile warnings fixes.
https://bugzilla.mindrot.org/show_bug.cgi?id=2084
2013-04-29 17:59:50 +00:00
christos
90a83642c1 restore logging behavior: don't treat user disconnect messages as errors,
just log them.
2013-04-25 20:10:28 +00:00
joerg
8d7f62402c Use __dead. 2013-04-12 18:09:30 +00:00
joerg
e29eeb0057 Add __printflike. 2013-04-12 18:09:19 +00:00
joerg
f1ca729c04 Don't force pthread linkage. 2013-04-12 18:08:10 +00:00
tteras
32d6075c95 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Do not send out
illegal zero length MODE_CFG attributes.
2013-04-12 10:03:45 +00:00
tteras
3d2760a386 Some logging improvements. 2013-04-12 09:53:10 +00:00
christos
ce11a51f1d welcome to openssh-6.2 2013-03-29 16:19:44 +00:00
christos
d2a9b9efd7 from openbsd 2013-03-29 14:52:38 +00:00
agc
ca99397396 fix some lint on i386, noticed by Greg Troxel, thanks! 2013-03-19 01:00:16 +00:00
riastradh
6641d1f9ad Touch e_aes.c to force a rebuild with new compiler flags for AES-NI. 2013-02-18 21:20:50 +00:00
riastradh
249c85457d Fix build goo for OpenSSL AES-NI support.
OpenSSL now supports AES-NI in evp, not in an engine.  We can now get
rid of the no longer maintained aesni engine, which was broken last
summer.  Not only can OpenSSL now use AES-NI for everything it did
before we broke it last summer, but it can also use AES-NI for more
encryption modes than before, such as CTR.

Tested on amd64, both vanilla and in an i386 chroot.

ok christos
2013-02-18 21:15:25 +00:00
christos
82e8c5f133 need bsd.own.mk 2013-02-12 20:55:37 +00:00
christos
b261027db1 mv the MKCRYPTO protection higher; ideally should be at the top for this 2013-02-12 20:31:13 +00:00
christos
a7c38cbf62 merge in 1.0.1e 2013-02-12 19:52:11 +00:00
christos
5f71164a5e Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
     supporting platforms or when small records were transferred.
     [Andy Polyakov, Steve Henson]
2013-02-12 19:10:49 +00:00
christos
fdbbeac71e remove obsolete file 2013-02-08 22:37:14 +00:00
christos
6b8892b719 fix generation 2013-02-08 15:22:03 +00:00
matt
e67266a84f Change bclr 14,2 to beqlr 2013-02-08 03:05:43 +00:00
christos
1e387e93ca descend! 2013-02-08 01:54:20 +00:00
christos
a6b0cd16cd commit the new man page. 2013-02-07 17:30:08 +00:00
christos
0e9a2dbd88 one more page 2013-02-07 16:48:28 +00:00
christos
f496c772c6 reorg and add missing file. 2013-02-06 17:03:51 +00:00
christos
ffecf7319c bump and add extra file 2013-02-05 23:38:46 +00:00
christos
523f268b9f merge changes 2013-02-05 21:31:23 +00:00
christos
85e90c0ff3 regen 2013-02-05 19:21:27 +00:00
christos
44ce355adb regen! 2013-02-05 19:18:41 +00:00
christos
340218d9b9 import 1.0.1d for http://www.openssl.org/news/secadv_20130204.txt 2013-02-05 19:04:09 +00:00
tteras
fde1259d48 Fix source port selection 2013-02-05 11:36:17 +00:00
tteras
0849876e12 From Ian West <ian@niw.com.au>: Fix double free of the radius info on
config reload.
2013-02-05 06:22:29 +00:00
manu
00e5ebee00 Pull multiple free bua fix from upstream:
http://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=d21bf10dea6588b632a65b4fe594e04f288aad83;hp=d47c01a31a67ff4370b1883a58cabd0279752bb4

Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2013-02-04 01:44:47 +00:00