Age | Commit message (Collapse) | Author |
|
|
|
when it's really old. but no actual ports fallout in espie's build.
ok deraadt
|
|
rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze
|
|
to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode. If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert
|
|
add siphash
delete setkey, encrypt, cfree
|
|
pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt
|
|
login_cap_t lives and i don't want to forward declare it in unistd.h
|
|
|
|
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
|
|
(Both NetBSD and FreeBSD provide these prototypes)
ok millert@
|
|
version with zero args, so it should only be visible if __BSD_VISIBLE
(and not also for __XPG_VISIBLE). Contrawise, readlink() has been
part of base POSIX since 1995, so move to proper #if area for that.
Move crypt_checkpass() to the pure-BSD section of the file.
setpgrp() issue noted by Matti Karnaattu (mkarnaattu (at) gmail.com)
ok millert@
|
|
|
|
discussion, help and ok guenther@
|
|
Markus Mueller.
|
|
|
|
|
|
indirectly prodded by krw@
|
|
when creating them: mkostemp(), mkostemps(), the 'e' mode letter for
fopen(), freopen(), fdopen(), and popen(). The close-on-exec flag will
be cleared by the action created by posix_spawn_file_actions_adddup2().
Also, add support for the C11 'x' mode letter for fopen() and freopen(),
setting O_EXCL when possibly creating files.
Note: this requires kernel support for pipe2() and dup3()!
ok millert@
|
|
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.
ok matthew@
|
|
diff from frantisek holop (minusf (at) obiit.org)
|
|
align with POSIX and other systems.
Pointed out by Elliott Hughes on tech
ok deraadt
|
|
required for libc++
ok guenther afresh1
|
|
|
|
* you can #include <sys/endian.h> instead of <machine/endian.h>,
and ditto <endian.h> (fixes code that pulls in <sys/endian.h> first)
* those will always export the symbols that POSIX specified for
<endian.h>, including the new {be,le}{16,32,64}toh() set. c.f.
http://austingroupbugs.net/view.php?id=162
if __BSD_VISIBLE then you also get the symbols that our <machine/endian.h>
currently exports (ntohs, NTOHS, dlg's bemtoh*, etc)
* when doing POSIX compiles (not __BSD_VISIBLE), then <netinet/in.h> and
<arpa/inet.h> will *stop* exporting the extra symbols like BYTE_ORDER
and betoh*
ok deraadt@
|
|
|
|
|
|
|
|
the new shiny -U switch)
dumpdates part originating from, and discussed with, Maximilian Fillinger
seems reasonable to krw@, "get it in" deraadt@
|
|
ok jsing@
|
|
because you care. reminded by matthew.
|
|
buffersize is enforced strictly, this supplies sufficient entropy
payload to act as seed material. Discourage general use of this
API, but lock down this function name as the go-to for userland
PRNG seeding. Improve documentation.
ok miod matthew
|
|
I accepted that he's right (again) to seperate this out from heavy
sysctl API and this will simply a variety of things. Functionname
is not used by anyone in the ports tree, so we guess we can use it.
Shocking that no application has a function called this.
ok matthew & others who pushed him to start this early on
|
|
ok deraadt, jmc, tedu
|
|
ok deraadt@ millert@
|
|
|
|
|
|
|
|
It's not a standard interface, so it doesn't belong in libc.
I hate duplicating the code in client programs, so do beck@, kettenis@,
schwarze@, millert@, miod@... and they agree with libutil.
|
|
(mostly use a calloc function to avoid potential integer overflow)
|
|
OK millert@
|
|
- Explicitly cast double-precision constants as needed for
FLT_EVAL_METHOD = 2 archs
OK guenther@, ratchov@
|
|
This is a getaddrinfo() flag that is defined thusly in RFC 3493:
If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be
returned only if an IPv4 address is configured on the local system,
and IPv6 addresses shall be returned only if an IPv6 address is
configured on the local system. The loopback address is not
considered for this case as valid as a configured address.
For example, when using the DNS, a query for AAAA records should
occur only if the node has at least one IPv6 address configured
(other than IPv6 loopback) and a query for A records should occur
only if the node has at least one IPv4 address configured (other
than the IPv4 loopback).
The flag is set by default when hints is NULL.
ok Eric Faurot, Jason McIntyre
|
|
malloc can, as always, be emulated via realloc(NULL).
ok deraadt
|
|
already manually disabled).
ok deraadt@
|
|
value to use for the strerror() message as an argument. Originally from
FreeBSD 3.0
Patch from Steffen Nurpmeso (sdaoden (at) gmail.com) with minor tweaks.
|
|
the _* functions outside libc
|
|
Like calloc(), except without the cleared-memory gaurantee
ok beck guenther, discussed for more than a year...
|
|
|
|
|
|
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.
ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
|