| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1j.
This is part of an upcoming FreeBSD security advisory.
Approved by: re (so@ blanket)
|
|
|
|
| |
Merge OpenSSL 1.0.1i.
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
|
|
|
|
|
| |
Switch using the new $2b$ format by default, when bcrypt is used.
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
|
|
|
|
| |
This is "make tinderbox" clean.
|
|
|
|
| |
MFH (r264308): restore p level in debugging output
|
|
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:
- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.
For now we are still generating the older $2a$ format of password
but we will migrate to the new format once the format is formally
finalized.
|
|
|
|
| |
MFH (r261340): enable sandboxing by default
|
|
|
|
|
|
|
|
|
| |
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.
Approved by: re (marius)
|
|
|
|
|
|
|
|
|
|
| |
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
|
|
|
|
| |
Approved by: re (blanket)
|
|
|
|
|
|
| |
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
|
|
|
|
| |
for a key revocation list and more fine-grained authentication control.
|
|
|
|
| |
Approved by: secteam (simon), benl (silence)
|
|
|
|
|
|
|
|
|
| |
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
|
| |
|
|
|
|
| |
Specifically, GHASH_ASM belongs to crypto/modes.
|
|
|
|
| |
Approved by: benl (maintainer)
|
|
|
|
|
|
| |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
|
|
|
| |
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
|
|
|
|
|
|
|
|
| |
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.
Discussed with: bf
MFC after: 2 weeks
|
|
|
|
|
|
|
|
| |
- change "the the" to "the"
Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:
RWX --- --- /lib/libcrypto.so.6
RWX --- --- /lib/libmd.so.5
RWX --- --- /lib/libz.so.6
RWX --- --- /lib/libzpool.so.2
RWX --- --- /usr/lib/liblzma.so.5
These were found using scanelf, from the sysutils/pax-utils port.
Reviewed by: kib
|
| |
|
| |
|
|
|
|
| |
Approved by: rrs (mentor)
|
|
|
|
| |
Approved by: rrs (mentor)
|
|
|
|
| |
code made obsolete in the same commit.
|
|
|
|
|
| |
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
|
|
|
|
|
|
|
| |
read-only by default, meaning files copied can't be overwritten next time.
Reviewed by: imp
Approved by: ken (mentor)
|
| |
|
|
|
|
|
|
|
| |
When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.
|
|
|
|
| |
Obtained from: projects/ppc64
|
| |
|
|
|
|
|
|
|
|
| |
for regenerating OpenSSL manual pages.
- Explicitly set the OpenSSL release date so manual pages contain
the date OpenSSL was released and not just the date OpenSSL was
imported into the FreeBSD base system.
- Update for Makefile for OpenSSL 0.9.8n.
|
|
|
|
| |
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
| |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
|
|
|
| |
MFC after: 1 month
|
|
|
|
|
| |
Noticed by: delphij, David Cornejo <dave@dogwood.com>
Forgotten by: des
|
|
|
|
|
|
|
|
| |
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)
|
|
|
|
| |
Reviewed by: des
|
| |
|
| |
|
|
|
|
| |
MFC after: 3 months
|
|
|
|
|
|
|
|
|
|
| |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
|
|
|
|
|
|
| |
Implement openssl config needed for mips.
Submitted by: gonzo@
Reviewed by: simon@
|