openbsd
9 years agoEliminate the -r option and always do sysctl OID, username, groupname,
guenther [Mon, 15 Dec 2014 01:48:54 +0000 (01:48 +0000)]
Eliminate the -r option and always do sysctl OID, username, groupname,
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.

ok millert@ otto@

9 years agoAdd error handling for EVP_DigestInit_ex().
doug [Mon, 15 Dec 2014 00:46:53 +0000 (00:46 +0000)]
Add error handling for EVP_DigestInit_ex().

A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.

Changed internal ssl3_cbc_digest_record() to return a value due to the above
change.  It will also now set md_out_size=0 on failure.

This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364

ok miod@

9 years agounconditionally align SSL payloads
bcook [Sun, 14 Dec 2014 21:49:29 +0000 (21:49 +0000)]
unconditionally align SSL payloads

Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.

ok miod@

9 years agoBy now relayd expects tls in its config file and writes tls into
bluhm [Sun, 14 Dec 2014 20:30:51 +0000 (20:30 +0000)]
By now relayd expects tls in its config file and writes tls into
its log file.  Change regression tests form ssl to tls.

9 years agoRevert r1.10: properly built shared libraries will never have any DISP26
miod [Sun, 14 Dec 2014 19:55:12 +0000 (19:55 +0000)]
Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

9 years agoSwitch man(1) to the mandoc implementation.
schwarze [Sun, 14 Dec 2014 17:55:36 +0000 (17:55 +0000)]
Switch man(1) to the mandoc implementation.
OK krw@ naddy@ sthen@  "commit it now" deraadt@

I won't remove the files in src/usr.bin/man, such that we can quickly
switch back in case a problem is found.

9 years agominimally document -IOKTW; requested by naddy@
schwarze [Sun, 14 Dec 2014 17:48:48 +0000 (17:48 +0000)]
minimally document -IOKTW; requested by naddy@

9 years agoRemove unused <stdlib.h>
bcallah [Sun, 14 Dec 2014 16:55:59 +0000 (16:55 +0000)]
Remove unused <stdlib.h>
ok lteo@ krw@ deraadt@

9 years agoConvert all of the straight forward client handshake handling code to use
jsing [Sun, 14 Dec 2014 16:19:38 +0000 (16:19 +0000)]
Convert all of the straight forward client handshake handling code to use
the new handshake functions.

ok miod@

9 years agoProvide functions for starting, finishing and writing SSL handshake
jsing [Sun, 14 Dec 2014 16:07:26 +0000 (16:07 +0000)]
Provide functions for starting, finishing and writing SSL handshake
messages. This will allow for removal of repeated/duplicated code.

Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.

Partially based on similar changes in OpenSSL.

ok miod@

9 years agoRemove trailing whitespace.
jsing [Sun, 14 Dec 2014 15:30:50 +0000 (15:30 +0000)]
Remove trailing whitespace.

9 years agothese are no longer used, remove
gilles [Sun, 14 Dec 2014 15:26:56 +0000 (15:26 +0000)]
these are no longer used, remove

9 years agounifdef OPENSSL_NO_NEXTPROTONEG
jsing [Sun, 14 Dec 2014 14:48:00 +0000 (14:48 +0000)]
unifdef OPENSSL_NO_NEXTPROTONEG

9 years agoRemove redundant NULL checks before free - BN_free(), BIO_free_all() and
jsing [Sun, 14 Dec 2014 14:45:33 +0000 (14:45 +0000)]
Remove redundant NULL checks before free - BN_free(), BIO_free_all() and
EC_GROUP_free() all have implicit NULL checks.

9 years agounifdef OPENSSL_NO_NEXTPROTONEG
jsing [Sun, 14 Dec 2014 14:42:06 +0000 (14:42 +0000)]
unifdef OPENSSL_NO_NEXTPROTONEG

9 years agounifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef
jsing [Sun, 14 Dec 2014 14:34:43 +0000 (14:34 +0000)]
unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.

ok miod@

9 years agounifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currently
jsing [Sun, 14 Dec 2014 13:45:47 +0000 (13:45 +0000)]
unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currently
enabled and I would hope that no one is using client certificates with DTLS
and Netscape, assuming it even supported it...

ok bcook@ miod@

9 years agoHandle ed command "s" as a one line command, which it is.
tobias [Sun, 14 Dec 2014 09:12:59 +0000 (09:12 +0000)]
Handle ed command "s" as a one line command, which it is.
Prevents arbitrary ed command executions in following lines.

ok millert

9 years agomacro cleanup; from Kaspars at Bankovskis dot net
schwarze [Sun, 14 Dec 2014 07:42:50 +0000 (07:42 +0000)]
macro cleanup; from Kaspars at Bankovskis dot net

9 years agoDisable MWAIT again, this time on both i386 and amd64. Too many systems
guenther [Sun, 14 Dec 2014 05:04:49 +0000 (05:04 +0000)]
Disable MWAIT again, this time on both i386 and amd64.  Too many systems
run excessively hot with it to have it on by default, and I still don't
have good logic to let acpicpu enable it when the AML says it's good.

9 years agoAn UVM_ADV_NORMAL -> MADV_NORMAL was missed here
guenther [Sat, 13 Dec 2014 23:29:14 +0000 (23:29 +0000)]
An UVM_ADV_NORMAL -> MADV_NORMAL was missed here

9 years agoyet more mallocarray() changes.
doug [Sat, 13 Dec 2014 21:05:32 +0000 (21:05 +0000)]
yet more mallocarray() changes.

ok tedu@ deraadt@

9 years agoSort members by size to reduce structure padding
guenther [Sat, 13 Dec 2014 21:02:32 +0000 (21:02 +0000)]
Sort members by size to reduce structure padding

9 years agoAdd .Xr to chflagsat(2)
guenther [Sat, 13 Dec 2014 21:00:19 +0000 (21:00 +0000)]
Add .Xr to chflagsat(2)

9 years agoCorrect the handling of symbolic links by chmod/chgrp/chown/chflags,
guenther [Sat, 13 Dec 2014 20:59:24 +0000 (20:59 +0000)]
Correct the handling of symbolic links by chmod/chgrp/chown/chflags,
making them more resistant to TOCTOU race conditions too.

ok tobias@

9 years agoclaim posix 2008 compat. apparently people look at this and get scared
tedu [Sat, 13 Dec 2014 20:42:41 +0000 (20:42 +0000)]
claim posix 2008 compat. apparently people look at this and get scared
when it's really old. but no actual ports fallout in espie's build.
ok deraadt

9 years agoProvide our own copy of {round,trunc}_page() now that uvm's is unreachable from
miod [Sat, 13 Dec 2014 16:26:13 +0000 (16:26 +0000)]
Provide our own copy of {round,trunc}_page() now that uvm's is unreachable from
non-_KERNEL code.

9 years agoA first shot at MOP boot instructions.
miod [Sat, 13 Dec 2014 15:45:53 +0000 (15:45 +0000)]
A first shot at MOP boot instructions.

9 years agojust released mandoc 1.13.2
schwarze [Sat, 13 Dec 2014 15:30:52 +0000 (15:30 +0000)]
just released mandoc 1.13.2

9 years agoInstall netboot.mop
miod [Sat, 13 Dec 2014 14:45:57 +0000 (14:45 +0000)]
Install netboot.mop

9 years agoCreate a MOP version of the network boot loader; verified to boot on DEC 3000.
miod [Sat, 13 Dec 2014 14:45:34 +0000 (14:45 +0000)]
Create a MOP version of the network boot loader; verified to boot on DEC 3000.

9 years agoGive the mop suite the ability to process alpha Elf64 files and create mop
miod [Sat, 13 Dec 2014 14:44:59 +0000 (14:44 +0000)]
Give the mop suite the ability to process alpha Elf64 files and create mop
alpha images of them.

9 years agoAdd DKIM signing example based on eric@'s asiabsdcon slides
millert [Sat, 13 Dec 2014 13:36:03 +0000 (13:36 +0000)]
Add DKIM signing example based on eric@'s asiabsdcon slides
OK gilles@ jmc@

9 years agoFix a regression found by Carsten dot Kunze at arcor dot de:
schwarze [Sat, 13 Dec 2014 13:13:26 +0000 (13:13 +0000)]
Fix a regression found by Carsten dot Kunze at arcor dot de:
Do not show bogus quotes when .Bl -column phrases are quoted.

9 years agoThe function savestr allows NULL return values during Plan A patching so in
tobias [Sat, 13 Dec 2014 10:31:07 +0000 (10:31 +0000)]
The function savestr allows NULL return values during Plan A patching so in
case of out of memory conditions, Plan B can step in.  In many cases, NULL
value is not properly handled, so use xstrdup here (it's outside Plan A/B
patching, which means that even Plan B relies on successful operations).

9 years agomacro cleanup; from Kaspars Bankovskis, tweaked a bit
schwarze [Sat, 13 Dec 2014 10:27:50 +0000 (10:27 +0000)]
macro cleanup; from Kaspars Bankovskis, tweaked a bit

9 years agoProperly validate ranges:
tobias [Sat, 13 Dec 2014 10:26:48 +0000 (10:26 +0000)]
Properly validate ranges:

- avoid out of boundary access on very short program names
- fix compiler warning when converting values between 0 and INT_MAX

ok deraadt, millert

9 years agoThinkPad Edge E130, event 0x6060 is supposed to indicate toggle
deraadt [Sat, 13 Dec 2014 05:29:50 +0000 (05:29 +0000)]
ThinkPad Edge E130, event 0x6060 is supposed to indicate toggle
between default Fn and media Fn modes.  We don't do that, so
ignore the toggle.
From Frederic Nowak

9 years agoadd a sxidog_activate() function so the kernel will link again
jsg [Sat, 13 Dec 2014 00:49:20 +0000 (00:49 +0000)]
add a sxidog_activate() function so the kernel will link again
after the changes made in rev 1.5

9 years agofree correct size. it's variable!
tedu [Fri, 12 Dec 2014 22:58:48 +0000 (22:58 +0000)]
free correct size. it's variable!

9 years agocatch up with swab.c rev. 1.9:
schwarze [Fri, 12 Dec 2014 20:06:13 +0000 (20:06 +0000)]
catch up with swab.c rev. 1.9:
update SYNOPSIS and DESCRIPTION and add STANDARDS

9 years agosizeof(*ptr) for some free()
tedu [Fri, 12 Dec 2014 19:02:07 +0000 (19:02 +0000)]
sizeof(*ptr) for some free()

9 years agoconvert some hash tables (the easy ones) to siphash. ok benno.
tedu [Fri, 12 Dec 2014 18:15:51 +0000 (18:15 +0000)]
convert some hash tables (the easy ones) to siphash. ok benno.

9 years agomarkup fixes from Kaspars at Bankovskis dot net;
schwarze [Fri, 12 Dec 2014 17:04:22 +0000 (17:04 +0000)]
markup fixes from Kaspars at Bankovskis dot net;
some of this is already contained upstream in NetBSD,
the rest will be sent there

9 years agooops, i was not supposed to disable mwait. found by stsp
tedu [Fri, 12 Dec 2014 16:51:32 +0000 (16:51 +0000)]
oops, i was not supposed to disable mwait. found by stsp

9 years agoLike previously done in relayd, change the keyword "ssl" to "tls" to
reyk [Fri, 12 Dec 2014 14:45:59 +0000 (14:45 +0000)]
Like previously done in relayd, change the keyword "ssl" to "tls" to
reflect reality.

OK benno@

9 years agomarkup fixes, and repair some wrong argument types while here;
schwarze [Fri, 12 Dec 2014 14:23:17 +0000 (14:23 +0000)]
markup fixes, and repair some wrong argument types while here;
from Kaspars at Bankovskis dot net

9 years agoIncrease cipher suite test coverage by including all cipher suites that
jsing [Fri, 12 Dec 2014 12:23:35 +0000 (12:23 +0000)]
Increase cipher suite test coverage by including all cipher suites that
use RSA authentication, rather than only those that use RSA key exchange.

9 years agoChange the keyword "ssl" to "tls" to reflect reality since we
reyk [Fri, 12 Dec 2014 10:05:09 +0000 (10:05 +0000)]
Change the keyword "ssl" to "tls" to reflect reality since we
effectively disabled support for the SSL protocols.  SSL remains a
common term describing SSL/TLS, there is some controvery about this
change, and the name really doesn't matter, but I feel confident about
it now.

(btw., sthen@ pointed out some historical context:
http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html)

OK benno@, with input from tedu@

9 years agoput global_ptrace here too so users know how to spell it. poke by jmc
tedu [Fri, 12 Dec 2014 08:42:48 +0000 (08:42 +0000)]
put global_ptrace here too so users know how to spell it. poke by jmc

9 years agosysctl kern.global_ptrace.
tedu [Fri, 12 Dec 2014 07:46:24 +0000 (07:46 +0000)]
sysctl kern.global_ptrace.
controls whether you can ptrace any process with appropriate privileges
or only one own's children.
ok deraadt

9 years agosysctl kern.global_ptrace.
tedu [Fri, 12 Dec 2014 07:45:46 +0000 (07:45 +0000)]
sysctl kern.global_ptrace.
controls whether you can ptrace any process with appropriate privileges
or only one own's children.
ok deraadt

9 years agoRange check the value of the base for typeset -i base x=y. Instead of
jsg [Fri, 12 Dec 2014 05:00:55 +0000 (05:00 +0000)]
Range check the value of the base for typeset -i base x=y.  Instead of
erroring for values outside of the range switch to base 10 to match the
behaviour of ksh93.  As we have a smaller digit alphabet than ksh93 the
accepted range is smaller (2-36) than ksh93 (2-64).  The other form
of setting a base, typeset -i x=base#y already has a range check that
errors (as ksh93 also does for that syntax).
Fixes a crash found with the afl fuzzer.

9 years agoBounds check the file path used in the 'w' command. Modified version
jsg [Fri, 12 Dec 2014 03:32:55 +0000 (03:32 +0000)]
Bounds check the file path used in the 'w' command.  Modified version
of a diff from Sebastien Marie to prevent a crash found by Sebastien
with the afl fuzzer.

9 years agoRework the pointer swap in the 'P' command to make the intent
jsg [Fri, 12 Dec 2014 03:22:35 +0000 (03:22 +0000)]
Rework the pointer swap in the 'P' command to make the intent
clearer and avoid a crash on 'g;P' found by Sebastien Marie with
the afl fuzzer.

9 years agosysctl_proc_vmmap(): Allow retrieving "self" VM mapping without privilege.
uebayasi [Fri, 12 Dec 2014 03:04:11 +0000 (03:04 +0000)]
sysctl_proc_vmmap(): Allow retrieving "self" VM mapping without privilege.

Previous version OK'ed by tedu@ deraadt@

9 years agoXr getdtablecount
deraadt [Fri, 12 Dec 2014 01:40:04 +0000 (01:40 +0000)]
Xr getdtablecount

9 years agorevert chunk I didn't mean to commit yet; via jmc@
djm [Fri, 12 Dec 2014 00:02:17 +0000 (00:02 +0000)]
revert chunk I didn't mean to commit yet; via jmc@

9 years agoupdate swab() to match the current posix definition. "rationale: none."
tedu [Thu, 11 Dec 2014 23:05:38 +0000 (23:05 +0000)]
update swab() to match the current posix definition. "rationale: none."
rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze

9 years agosync
deraadt [Thu, 11 Dec 2014 21:16:35 +0000 (21:16 +0000)]
sync

9 years agowe do not need the complexity of an assembly swab function here.
tedu [Thu, 11 Dec 2014 20:41:08 +0000 (20:41 +0000)]
we do not need the complexity of an assembly swab function here.
ok deraadt

9 years agouse a local swapbytes function instead of relying on undefined
tedu [Thu, 11 Dec 2014 20:39:06 +0000 (20:39 +0000)]
use a local swapbytes function instead of relying on undefined
overlapping swab behavior. vaguely ok kettenis

9 years agoThe utwitch(4) driver was never added here. Obviously it belongs in the
deraadt [Thu, 11 Dec 2014 20:33:09 +0000 (20:33 +0000)]
The utwitch(4) driver was never added here.  Obviously it belongs in the
"Human Interface Devices" section.

9 years agoDo not blindly dereference hw_vendor and hw_prod without checking them for
miod [Thu, 11 Dec 2014 20:24:48 +0000 (20:24 +0000)]
Do not blindly dereference hw_vendor and hw_prod without checking them for
NULL first, for they are not guaranteed to be allocated.
Found the hard way by Tobias Stoeckmann; ok deraadt@

9 years agoFix previous:
schwarze [Thu, 11 Dec 2014 20:24:05 +0000 (20:24 +0000)]
Fix previous:
As pointed out by stsp@, LC_CTYPE *does* affect the ctype.h functions.
Use a wording similar to a suggestion by deraadt@.
Feedback and OK jmc@, OK stsp@.

9 years agoslightly reshuffle some code to reduce the diff with portable;
schwarze [Thu, 11 Dec 2014 19:50:04 +0000 (19:50 +0000)]
slightly reshuffle some code to reduce the diff with portable;
no functional change

9 years agoregen
tedu [Thu, 11 Dec 2014 19:48:38 +0000 (19:48 +0000)]
regen

9 years agoremove urio
tedu [Thu, 11 Dec 2014 19:48:02 +0000 (19:48 +0000)]
remove urio

9 years agoremove urio
tedu [Thu, 11 Dec 2014 19:46:15 +0000 (19:46 +0000)]
remove urio

9 years agourio has been removed
tedu [Thu, 11 Dec 2014 19:45:28 +0000 (19:45 +0000)]
urio has been removed

9 years agodragonflybsd has added a urio driver. conservation of urios requires
tedu [Thu, 11 Dec 2014 19:44:16 +0000 (19:44 +0000)]
dragonflybsd has added a urio driver. conservation of urios requires
that we delete ours, which isn't actually useful.
ok mpi sthen

9 years agoconvert bcopy to memcpy/memmove. ok krw
tedu [Thu, 11 Dec 2014 19:21:57 +0000 (19:21 +0000)]
convert bcopy to memcpy/memmove. ok krw

9 years agoMake sure you'll never look at stack garbage, prodded by kettenis@.
mpi [Thu, 11 Dec 2014 18:55:15 +0000 (18:55 +0000)]
Make sure you'll never look at stack garbage, prodded by kettenis@.

9 years agoHandle UPSes with broken report descriptors.
mpi [Thu, 11 Dec 2014 18:50:32 +0000 (18:50 +0000)]
Handle UPSes with broken report descriptors.

As reported by David Higgs some UPSes might send fewer bytes than
requested.  When such thing happens, do like apcupsd and adjust
the size of the given descriptor.

Based on a diff provided by David Higgs, thanks!

9 years agoChange uhidev(4) set/get report functions in various way.
mpi [Thu, 11 Dec 2014 18:39:27 +0000 (18:39 +0000)]
Change uhidev(4) set/get report functions in various way.

Always pass the parent uhidev(4) descriptor corresponding to the single
USB device with multiple reportIDs instead of a child.

Make uhidev_get_report() aware of non NUL reportID by prepending a byte
to the given buffer, just like uhidev_set_report{,async}() already do.

Return the number of bytes written or read upon success and -1 otherwise.
This allow callers to deal with short reads without having do mess with
xfer error codes madness.

Reviewed and tested by David Higgs.

9 years agoWhen scanning backwards for the last dot in a filename,
schwarze [Thu, 11 Dec 2014 17:06:55 +0000 (17:06 +0000)]
When scanning backwards for the last dot in a filename,
stop at the '/' marking the beginning of the filename.
This allows to configure a Content-Type for a filename without a dot.
OK reyk@

9 years agomerge conflicts
brad [Thu, 11 Dec 2014 16:26:58 +0000 (16:26 +0000)]
merge conflicts

9 years agoRemove an undocumented limit on the length of the pattern and string
millert [Thu, 11 Dec 2014 16:25:34 +0000 (16:25 +0000)]
Remove an undocumented limit on the length of the pattern and string
to match of PATH_MAX.  As fnmatch() is used for matching more than
just pathnames, this can prevent legitimate matches for long strings
or partterns.  OK miod@ tedu@

9 years agoupdate to Unbound 1.5.1, ok sthen@
brad [Thu, 11 Dec 2014 16:17:58 +0000 (16:17 +0000)]
update to Unbound 1.5.1, ok sthen@

9 years agotypos; from kaspars bankovskis
jmc [Thu, 11 Dec 2014 14:33:48 +0000 (14:33 +0000)]
typos; from kaspars bankovskis

9 years agoaccording to kaspars bankovskis, allocbuf was removed in -r1.88
jmc [Thu, 11 Dec 2014 14:29:42 +0000 (14:29 +0000)]
according to kaspars bankovskis, allocbuf was removed in -r1.88
of sys/kern/vfs_bio.c;

9 years agoDelete #ifdef'd code that hasn't been compiled in years from sparc64 ofwboot.
stsp [Thu, 11 Dec 2014 10:52:07 +0000 (10:52 +0000)]
Delete #ifdef'd code that hasn't been compiled in years from sparc64 ofwboot.
ok miod@

9 years agoDo not change the interface of a route if it is not intended.
mpi [Thu, 11 Dec 2014 08:55:10 +0000 (08:55 +0000)]
Do not change the interface of a route if it is not intended.

When a route change message is submitted, looks for a new ifa to attach
the route only if a gateway, an ifp or an ifa has been specified.

Fix a regression reported by Florian Riehm, ok bluhm@.

9 years agoDo not use "struct route" when it is not necessary.
mpi [Thu, 11 Dec 2014 08:45:44 +0000 (08:45 +0000)]
Do not use "struct route" when it is not necessary.

This structure is now only used to pass a cached route entry to
ip{6,}_output() which will be converted shortly.

With inputs from millert@, ok bluhm@

9 years agoexplicitly include sys/param.h in files that use the howmany() macro;
djm [Thu, 11 Dec 2014 08:20:09 +0000 (08:20 +0000)]
explicitly include sys/param.h in files that use the howmany() macro;
from portable

9 years agoMake quotactlcmd formatting consistent with others
guenther [Thu, 11 Dec 2014 05:44:12 +0000 (05:44 +0000)]
Make quotactlcmd formatting consistent with others
Fix some indentation in the generated .c file

9 years agomention AuthorizedKeysCommandUser must be set for
djm [Thu, 11 Dec 2014 05:25:06 +0000 (05:25 +0000)]
mention AuthorizedKeysCommandUser must be set for
AuthorizedKeysCommand to be run; bz#2287

9 years agoshow in debug output which hostkeys are being tried when attempting
djm [Thu, 11 Dec 2014 05:13:28 +0000 (05:13 +0000)]
show in debug output which hostkeys are being tried when attempting
hostbased auth; patch from Iain Morgan

9 years agoMake manual reflect reality:
djm [Thu, 11 Dec 2014 04:16:14 +0000 (04:16 +0000)]
Make manual reflect reality:
sftp-server's -d option accepts a "%d" option, not a "%h" one.

bz#2316; reported by Kirk Wolf

9 years agoHISTORY correction: v7, not v6.
schwarze [Wed, 10 Dec 2014 21:15:30 +0000 (21:15 +0000)]
HISTORY correction: v7, not v6.
Facts checked by Kaspars Bankovskis using tuhs.org archives.
The commit introducing the claim that it was in v6 (by
Keith Bostic on June 9, 1993) does not cite any sources:
http://svnweb.freebsd.org/csrg?view=revision&revision=62961

9 years agoadd missing sentence to RETURN VALUES; from Kaspars at Bankovskis dot net
schwarze [Wed, 10 Dec 2014 19:46:48 +0000 (19:46 +0000)]
add missing sentence to RETURN VALUES; from Kaspars at Bankovskis dot net

9 years agosync
deraadt [Wed, 10 Dec 2014 19:45:32 +0000 (19:45 +0000)]
sync

9 years agoThe macros endtoken and isgood aren't used anywhere... zap them and
tobias [Wed, 10 Dec 2014 19:44:21 +0000 (19:44 +0000)]
The macros endtoken and isgood aren't used anywhere... zap them and
their data structures.

ok jsg, millert

9 years agoIf default file descriptors (0, 1, 2) have to be assigned to /dev/null,
tobias [Wed, 10 Dec 2014 19:42:14 +0000 (19:42 +0000)]
If default file descriptors (0, 1, 2) have to be assigned to /dev/null,
don't accidentally assign 3, too.

ok millert, with input by and ok bluhm

9 years agoFile descriptors are of type int, not short. While at it, adjust remaining
tobias [Wed, 10 Dec 2014 19:40:21 +0000 (19:40 +0000)]
File descriptors are of type int, not short.  While at it, adjust remaining
short to int too -- there are no space savings anymore, as stated by millert.

ok bluhm, millert

9 years agouse .Rv and simplify wording; from Kaspars at Bankovskis dot net
schwarze [Wed, 10 Dec 2014 19:30:22 +0000 (19:30 +0000)]
use .Rv and simplify wording; from Kaspars at Bankovskis dot net

9 years agouse .Rv; no change of meaning; from Kaspars at Bankovskis dot net
schwarze [Wed, 10 Dec 2014 19:19:00 +0000 (19:19 +0000)]
use .Rv; no change of meaning; from Kaspars at Bankovskis dot net

9 years agossl3_init_finished_mac() calls BIO_new() which can fail since it in turn
jsing [Wed, 10 Dec 2014 15:43:31 +0000 (15:43 +0000)]
ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.

ok bcook@

9 years agoRemove support for GOST R 34.10-94 signature authentication, along with
jsing [Wed, 10 Dec 2014 15:36:46 +0000 (15:36 +0000)]
Remove support for GOST R 34.10-94 signature authentication, along with
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.

Discussed with Dmitry Eremin-Solenikov.

9 years agoretire shutdown hooks; ok deraadt, krw
mikeb [Wed, 10 Dec 2014 15:29:52 +0000 (15:29 +0000)]
retire shutdown hooks; ok deraadt, krw