summaryrefslogtreecommitdiff
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Insta-MFH (r252338): update docs to reflect correct default privsep settingDag-Erling Smørgrav2013-06-282-2/+2
| | | | Notes: svn path=/stable/9/; revision=252339
* Pull in OpenSSH 6.2p2 from head.Dag-Erling Smørgrav2013-05-3099-1299/+5111
| | | | Notes: svn path=/stable/9/; revision=251135
* MFH r250595:Bryan Drewery2013-05-291-1/+1
| | | | | | | | | | | The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOW and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the same value. Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique. Notes: svn path=/stable/9/; revision=251087
* Remove (harmless) duplicate entry for VersionAddendum.Dag-Erling Smørgrav2013-03-291-1/+0
| | | | | | | | Noticed by: dim@ MFC after: 1 week Notes: svn path=/stable/9/; revision=248915
* MFV r248595:Xin LI2013-03-217-34/+39
| | | | | | | | | | | | | | | - Integrate OpenSSL revisions fb092ef4fca897344daf7189526f5f26be6487ce, a93cc7c57333f4538cbcdedd2e961a5a38caa52d, and 76c61a5d1adb92388f39e585e4af860a20feb9bb. This removes the newly added orig_len field of SSL3_RECORD and restored ABI. Approved by: benl Notes: svn path=/stable/9/; revision=248604
* MFH (r248465): revert upstream decommissioning of authorized_keys2Dag-Erling Smørgrav2013-03-181-2/+1
| | | | Notes: svn path=/stable/9/; revision=248468
* Redo r241528:Xin LI2013-03-151-1/+1
| | | | | | | MFC r240339: openssl: change SHLIB_VERSION_NUMBER to reflect the reality. Notes: svn path=/stable/9/; revision=248334
* Merge OpenSSL 0.9.8y. This is a direct commit to stable/9 as HEAD is on aXin LI2013-03-1446-910/+1978
| | | | | | | different release now. Notes: svn path=/stable/9/; revision=248272
* Pull in OpenSSH 6.1 from head.Dag-Erling Smørgrav2013-02-28129-3019/+5412
| | | | Notes: svn path=/stable/9/; revision=247485
* Clean some 'svn:executable' properties in the tree.Pedro F. Giffuni2013-01-299-0/+0
| | | | | | | | | | | | | | Submitted by: Christoph Mallon While here, merge some other mergeinfo properties that were left behind from my commits /head/include:r241008,241141,241181 /head/contrib/gcc:r244776,244792 /head/cddl:r238457,238509,238558 Notes: svn path=/stable/9/; revision=246069
* MFC r244975:Xin LI2013-01-161-1/+1
| | | | | | | Indicate that we are using OpenSSL with some local modifications. Notes: svn path=/stable/9/; revision=245482
* MFC r244973:Xin LI2013-01-161-17/+8
| | | | | | | | | Integrate OpenSSL changeset 22950 (appro): bn_word.c: fix overflow bug in BN_add_word. Notes: svn path=/stable/9/; revision=245481
* MFC r243034:Dimitry Andric2012-11-171-2/+0
| | | | | | | | In crypto/heimdal/lib/sl/slc-lex.l, don't define YY_NO_INPUT, since %option nounput is already specified. Notes: svn path=/stable/9/; revision=243195
* MFC r240339: openssl: change SHLIB_VERSION_NUMBER to reflect the realityAndriy Gapon2012-10-141-1/+1
| | | | Notes: svn path=/stable/9/; revision=241528
* MFC: r237657, r237658, r237666Jung-uk Kim2012-07-0285-967/+1645
| | | | | | | Merge OpenSSL 0.9.8x and regen manual pages. Notes: svn path=/stable/9/; revision=237998
* MFC r237568:Xin LI2012-07-022-5/+8
| | | | | | | Fetch both ECDSA and RSA keys by default in ssh-keyscan(1). Notes: svn path=/stable/9/; revision=237940
* OpenSSH: allow VersionAddendum to be used againEygene Ryabinkin2012-06-035-28/+60
| | | | | | | | | | | | | | | | | | | | | | | Prior to this, setting VersionAddendum will be a no-op: one will always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum set in the config and a bare BASE_VERSION + VERSION_HPN when there is no VersionAddendum is set. HPN patch requires both parties to have the "hpn" inside their advertized versions, so we add VERSION_HPN to the VERSION_BASE if HPN is enabled and omitting it if HPN is disabled. VersionAddendum now uses the following logics: * unset (default value): append " " and VERSION_ADDENDUM; * VersionAddendum is set and isn't empty: append " " and VersionAddendum; * VersionAddendum is set and empty: don't append anything. Approved by: des Reviewed by: bz Notes: svn path=/stable/9/; revision=236520
* Update the previous openssl fix. [12:01]Bjoern A. Zeeb2012-05-302-9/+8
| | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Notes: svn path=/stable/9/; revision=236304
* Fix multiple OpenSSL vulnerabilities.Bjoern A. Zeeb2012-05-0311-39/+162
| | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) Notes: svn path=/stable/9/; revision=234954
* Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]Colin Percival2011-12-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam Notes: svn path=/stable/9/; revision=228843
* MFH r225852: regenerate after hpn patchDag-Erling Smørgrav2011-10-041-1/+4
| | | | | | | Approved by: re (kib) Notes: svn path=/stable/9/; revision=225983
* Remove the svn:keywords property and restore the historical $FreeBSD$ tag.Dag-Erling Smørgrav2011-09-161-1/+1
| | | | | | | | Approved by: re (kib) MFC after: 3 weeks Notes: svn path=/head/; revision=225614
* Fix SSL memory handlig for (EC)DH cipher suites, in particular forXin LI2011-09-082-7/+21
| | | | | | | | | | | | multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib) Notes: svn path=/head/; revision=225446
* Fix two more $FreeBSD$ keywords.Brooks Davis2011-08-032-2/+2
| | | | | | | | Reported by: pluknet Approved by: re (implicit) Notes: svn path=/head/; revision=224642
* Add support for dynamically adjusted buffers to allow the full use ofBrooks Davis2011-08-0331-43/+747
| | | | | | | | | | | | | | | | | | | | | | | | | | | | the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) Notes: svn path=/head/; revision=224638
* Fix clang warning (why is there nowhere yyparse() is declared?).Ben Laurie2011-05-181-0/+1
| | | | | | | Approved by: philip (mentor) Notes: svn path=/head/; revision=222081
* Merge two upstream patches from vendor branch. No functional changes.Dag-Erling Smørgrav2011-05-052-2/+3
|\ | | | | | | Notes: svn path=/head/; revision=221487
* | Upgrade to OpenSSH 5.8p2.Dag-Erling Smørgrav2011-05-04126-4243/+5746
|\| | | | | | | Notes: svn path=/head/; revision=221420
* | Fix Incorrectly formatted ClientHello SSL/TLS handshake messages couldSimon L. B. Nielsen2011-02-121-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS Notes: svn path=/head/; revision=218625
* | Merge OpenSSL 0.9.8q into head.Simon L. B. Nielsen2010-12-0317-30/+146
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days Notes: svn path=/head/; revision=216166
| * | Import OpenSSL 0.9.8q.vendor/openssl/0.9.8qSimon L. B. Nielsen2010-12-027-10/+44
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=216135 svn path=/vendor-crypto/openssl/0.9.8q/; revision=216136; tag=vendor/openssl/0.9.8q
* | | Merge OpenSSL 0.9.8p into head.Simon L. B. Nielsen2010-11-22127-530/+871
|\| | | | | | | | | | | | | | | | | | | | | | | Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt Notes: svn path=/head/; revision=215697
| * | Import OpenSSL 0.9.8p.vendor/openssl/0.9.8pSimon L. B. Nielsen2010-11-2150-187/+276
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=215643 svn path=/vendor-crypto/openssl/0.9.8p/; revision=215644; tag=vendor/openssl/0.9.8p
* | | Fix double-free in OpenSSL's SSL ECDH code.Simon L. B. Nielsen2010-11-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long... Notes: svn path=/head/; revision=215288
* | | Upgrade to OpenSSH 5.6p1.Dag-Erling Smørgrav2010-11-1168-978/+3235
|\ \ \ | | |/ | |/| | | | Notes: svn path=/head/; revision=215116
* | | Forgot to svn rm this when I imported 5.4p1.Dag-Erling Smørgrav2010-11-101-25/+0
| | | | | | | | | | | | Notes: svn path=/head/; revision=215083
* | | Remove copyright strings printed at login time via login(1) or sshd(8).Ed Maste2010-09-281-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) Notes: svn path=/head/; revision=213250
* | | Bring in OpenSSL checkin 19821:Rui Paulo2010-09-212-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make inline assembler clang-friendly [from HEAD]. openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2 openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1 Approved by: simon Notes: svn path=/head/; revision=212961
* | | More commasDag-Erling Smørgrav2010-06-012-2/+2
| | | | | | | | | | | | Notes: svn path=/head/; revision=208724
* | | Missing commasDag-Erling Smørgrav2010-06-0111-11/+11
| | | | | | | | | | | | Notes: svn path=/head/; revision=208709
* | | Fix .Dd line: FreeBSD's mdoc code doesn't understand OpenBSD's $Mdocdate$.Colin Percival2010-05-281-1/+1
| | | | | | | | | | | | | | | | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=208606
* | | Upgrade to OpenSSH 5.5p1.Dag-Erling Smørgrav2010-04-2825-88/+254
|\| | | | | | | | | | | Notes: svn path=/head/; revision=207319
* | | Enhance r199804 by marking the daemonised child as immune to OOM insteadKonstantin Belousov2010-04-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of short-living parent. Only mark the master process that accepts connections, do not protect connection handlers spawned from inetd. Submitted by: Mykola Dzham <i levsha me> Reviewed by: attilio MFC after: 1 week Notes: svn path=/head/; revision=206397
* | | Merge OpenSSL 0.9.8n into head.Simon L. B. Nielsen2010-04-0128-37/+115
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt Notes: svn path=/head/; revision=206046
| * | Import OpenSSL 0.9.8n.vendor/openssl/0.9.8nSimon L. B. Nielsen2010-04-0114-23/+51
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=206035 svn path=/vendor-crypto/openssl/0.9.8n/; revision=206037; tag=vendor/openssl/0.9.8n
* | | Readd $FreeBSD$ to the OpenSSL config file as that's useful forSimon L. B. Nielsen2010-03-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | mergemaster. Suggested by: dougb Notes: svn path=/head/; revision=205137
* | | Merge OpenSSL 0.9.8m into head.Simon L. B. Nielsen2010-03-13238-19816/+4287
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks Notes: svn path=/head/; revision=205128
| * | Import OpenSSL 0.9.8m.vendor/openssl/0.9.8mSimon L. B. Nielsen2010-02-28113-16066/+1266
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=204477 svn path=/vendor-crypto/openssl/0.9.8m/; revision=204478; tag=vendor/openssl/0.9.8m
* | | Upgrade to OpenSSH 5.4p1.Dag-Erling Smørgrav2010-03-09124-3003/+10877
|\ \ \ | | |/ | |/| | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=204917
* | | Add a missing $FreeBSD$ string.Ed Schouten2010-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I was requested to add this string to any file that was modified by my commit, which I forgot to do so. Requested by: des Notes: svn path=/head/; revision=202231
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 22:31:22 +0000