kmx git

Commit	Date	Message
cccdd689	2014-11-19T07:43:07	add minimal winsock->BSD networking header shims also add license header to existing shims
1bbde19a	2014-11-20T00:24:20	add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
58fcd3c3	2014-11-20T00:26:55	Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).
7f0646f6	2014-11-19T06:26:38	Update win32 build defines
96bf8be0	2014-11-20T08:46:02	update and mask unit tests when running on win32 Update pq_test to ignore changes in whitespace. Update for new testssl params, specify absolute paths to test binaries. Fork-based tests do not make sense on Windows. Disable building biotest, since it is too specific to OpenBSD's behavior to be useful on other platforms.
43e041a5	2014-11-21T07:09:49	don't ignore a non-existent file
2103690c	2014-11-19T22:02:17	improve readability of generated Makefile.am files
1bd0c2fb	2014-11-18T08:04:18	ignore gost and camellia dirs
29f8d827	2014-11-18T08:02:32	Enable GOST in libcrypto and libssl, contributed by Dmitry Eremin-Solenikov Ensure the public camellia.h header is installed along with gost.h
648e9136	2014-11-05T20:52:00	Use _WIN32 instead of __WIN32. ok bcook@
f223e6f1	2014-11-17T17:48:46	Add the Cammelia cipher to libcrypto. from miod@: There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
d84aa5cb	2014-11-03T21:06:40	Quiet clang warnings about unused arguments in general. Check if we are using clang, rather than simply if we are on OS X. Note: recent LLVM releases do not seem to need this anyway.
94ec2b6b	2014-11-03T21:05:47	make 'autoreconf' work from dist tarball We need to include VERSION for it to run.
0aeb93b9	2014-10-27T19:22:03	override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@
8abf8e1e	2014-10-27T20:01:21	override native arc4random_buf on OS X While the native OS X implementation is fork-safe, it does not seed safely, as of the latest released OS X libc sources, version 997.90.3. It only uses weak sources of entropy if accessing /dev/urandom fails. ok beck@ deraadt@
e864776f	2014-10-27T20:00:58	update README to reflect current porting approach ok beck@ deraadt@
1c559194	2014-10-30T15:40:57	Add an OpenSSL compatible ./config wrapper This allows sofware expecting OpenSSL's config script, to a limited extent, to continue building without changes. Thanks to technion for pointing this out and providing the initial patch.
a2373f70	2014-10-30T10:52:29	wrap arc4random header ok @doug
a4cc9539	2014-10-29T15:44:36	Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug
727bccd0	2014-10-29T15:59:35	use the correct HOST_OS for the Windows build ok doug@
72c1e56b	2014-10-29T15:46:20	enable -lcrypto -lssl with all test programs directly. This removes the need to specify each one individually. ok doug@
ccaf9cdd	2014-10-26T09:23:03	remove duplicate (and overlapping) .1 manpages openssl.1 contains all of the information from the other application manpages, and is the only one packaged in OpenBSD. So, remove the other obsolete .1 manpages (and avoid overlapping system pages like passwd.1)
8b695e53	2014-10-22T19:12:18	set various glibc flags that also are useful with mingw for example, asprintf/vasprintf are unmasked with _GNU_SOURCE in mingw
eb26e56b	2014-10-22T13:06:36	undef LIBRESSL_INTERNAL for the pidwrap test.
a91d1013	2014-10-22T15:47:31	update string.h for include strings.h for HPUX environment
54259e50	2014-10-22T12:37:06	include a proper check for memmem when configuring unit tests This allows the proper compatibility header definition to be exposed.
48520cf6	2014-10-22T11:16:39	bump version
04bb7a66	2014-10-15T22:28:34	update with 2.1.1 changes ok beck@
a007fb9d	2014-10-14T22:51:02	LibreSSL portable README update Add more info on how to build from source, where to download it from.
24082531	2014-10-14T22:25:16	add extended ChangeLog file help people more easily find the code and changes
6b729df5	2014-10-14T22:23:16	update gitignore to see changelog
9c8cf593	2014-10-14T21:54:37	add missing commas from man links
67ec615a	2014-10-14T20:55:04	update man links
3d3c2467	2014-10-14T20:54:42	don't fail to make dist on a clean repo
cf1c1f35	2014-10-14T20:44:55	crank version
0534fffe	2014-10-13T06:12:07	update to new converted SSL manpages
5c23f251	2014-09-26T16:12:53	clear local manpage cache before generating a release tarball Remove the possibility of having any bad or old manpages in releases while still being able to cache for quick development tarballs.
3f944e83	2014-08-27T21:46:43	update for upstream move of the openssl app
e7edc4a7	2014-08-18T21:55:37	ensure compatibility with posix shell remove bash comparison, thanks kinichiro
01726893	2014-08-17T07:58:32	add --disable-asm flag for disabling inline asm Surprisingly (or not), a lot of OpenSSL's inline assembly actually makes things slower with a relatively modern compiler (read, gcc >= 4.x).
2cef68f3	2014-08-16T14:16:01	allow inline asm use default of -std=gnu99 for it to be recognized
2d719eb3	2014-08-16T08:17:32	set _DEFAULT_SOURCE on linux hosts this is the replacement for _BSD_SOURCE on newer glibc's
6dccbae6	2014-08-12T17:21:48	update stdio.h for including stdarg.h it seems that including stdarg.h is needed for defining va_list environment is hpux 11.31(ia64) with gcc 4.7.1. without stdarg.h, I got compilation error like this. "error: 'va_list' undeclared (first use in this function)" I checked with gcc -E, then I noticed that __va_list is defined but va_list is not. "typedef __gnuc_va_list __va_list;" with including stdarg.h, va_list is defined. "typedef __gnuc_va_list va_list;"
46b6df7c	2014-08-12T06:20:58	remove configure.am.tpl, pull in VERSION directly from wouter@
d6a485d1	2014-08-08T07:31:28	rebase on pull when updating the openbsd branch this avoids inadvertent local merges
00b51d5c	2014-08-02T21:43:56	conditionally build strnlen if needed. it is only used by strndup prodded by Sortie@
c95574be	2014-07-31T18:18:45	tie master libressl branch to openbsd master Added OPENBSD_BRANCH to set what branch update.sh should checkout.
3e21619b	2014-07-31T18:53:48	Crank version on HEAD to 2.1.0 2.0 cointinues on OPENBSD_5_6 branch
105da446	2014-07-30T22:16:01	define MAP_ANON for systems with MAP_ANONYMOUS switch the sense of this check
8d89fb07	2014-07-30T07:07:48	merge endian definitions between AIX/HP-UX/Solaris
ff58a2e3	2014-07-30T13:22:00	update include/machine/endian.h for hpux portability. ok bcook@
b9ff0728	2014-07-30T06:53:02	harmonize asprintf with OpenSSH * use the original name for the file from OpenSSH (remove duplicate version) * add va_copy/__va_copy checks to configure * incorporate proposed fixes to openssh version: + include more system headers directly for various definitions + limit the scope of va_copy/va_end to their affected vsnprintf calls + simplify error handling, removing a dead assignment
a07e3370	2014-07-29T18:21:58	include comment on windows services
af705b3f	2014-07-29T07:39:23	add sys/mman.h shim to define MAP_ANON if needed thanks to kinichiro for pointing this out ok deraadt@ beck@
983103b0	2014-07-28T21:06:37	stub win32 issetugid implementation ok deraadt@ beck@
46dd7aac	2014-07-28T21:00:25	added dist.sh script - generates tarball ok deraadt@ beck@
d328203f	2014-07-28T20:57:43	produce a error if platform has no arc4random hook ok deraadt@ beck@
35e2d8d0	2014-07-28T19:26:15	add asprintf / vasprintf from OpenSSH portable ok deraadt@ beck@
02ad0041	2014-07-25T14:58:53	Update endian.h for AIX/IRIX Added AIX/IRIX compatibility for endian detection. ok bcook@ deraadt@ beck@
981fc361	2014-07-28T12:09:38	Guard individual compatibility header prototypes. This is to avoid redefining prototypes from the libc headers. Also, simplify the autoconf function checks and remove some copy/paste errors checking for 'write'. ok wouter@
cd168d51	2014-07-28T07:50:48	split big line
e48e4f0e	2014-07-27T06:20:33	prefer - over /dev/stdin for cmp test
f8195c9c	2014-07-27T06:15:26	check link requirements for dl_iterate_phdr Note that gcc chose to disable this rather than cause link issues with older copies of Solaris 10: https://gcc.gnu.org/ml/gcc-patches/2012-01/msg00816.html If we want to support Solaris <10.10 (I'd rather support up-to-date versions), getentropy_solaris would need to change.
1b62d5e4	2014-07-27T06:13:54	remove bash-isms from test scripts
0a74a4d4	2014-07-27T06:11:56	add strndup/strnlen compat functions from OpenBSD
fb67b92e	2014-07-27T06:10:23	include system headers for err.h compat macros
6383a072	2014-07-27T06:09:51	remove thread_private.h, no longer needed
a5c82283	2014-07-24T20:23:24	remove per-OS arc4random_buf overrides If an OS provides an arc4random_buf implementation in its C library, prefer it over an in-library version. This allows OS-specific implementations to become more robust over time. It also prevents possible link-time confusion as to which arc4random_buf implementation is in use by an application when linked with LibreSSL. The built-in unit tests will identify some common issues, such as fork safety and PID wrap handling. Other elements, such as seeding mechanisms, should be audited by the vendor or user for correctness. ok deraadt@ beck@
55d07e70	2014-07-23T19:18:45	clarify license and origin for pidwraptest The original author clarified the license, so we are fine to ship with the PID wraparound test. Run it by default if libressl is using the native arc4random supplied from the OS. ok deraadt@
8bf6bdeb	2014-07-21T21:07:26	add calloc to the list (integer overflow..)
ee6e8828	2014-07-21T21:02:21	Update README to indicate general policy about intrinsics
dd883345	2014-07-21T20:36:14	bump version
ea6e7116	2014-07-21T18:57:06	build openbsd memmem implementation for explicit_bzero test memmem is not always available, and not all memmem's work the same way ok beck@ guenther@
451dbd96	2014-07-21T18:56:24	compute absolute paths to source removes relative path hackery ok beck@ guenther@
33bc05ca	2014-07-21T18:30:31	better handle disabled tests and exclude files ok beck@ guenther@
23dc97f8	2014-07-21T18:25:54	rename local tests to end in test.c ok beck@ guenther@
f425f564	2014-07-21T07:50:32	test for and use system explicit_bzero if it exists ok beck@ guenther@
0ec7cdcb	2014-07-21T07:34:01	include err.h shim Includes compatible replacements, or uses system err.h if available. ok beck@ guenther@
4335a49f	2014-07-21T05:40:28	use correct link order for app and tests ok beck@ guenther@
8a44ab84	2014-07-21T04:21:59	preserve timestamps on copy from upstream checkout this saves time on rebuilds when testing tarballs ok beck@ guenther@
f4d98ff1	2014-07-20T14:45:26	conditionally disable -Wpointer-sign where supported ok beck@
136ddd7a	2014-07-20T13:59:03	update guard, add win32 support for endian.h Thanks to Jonas 'Sortie' Termansen for pointing the guard inconsistency out. ok beck@
9c2c499b	2014-07-20T13:40:14	Use correct static link order for unit tests. thanks to Jonas 'Sortie' Termansen ok beck@
237250e0	2014-07-20T13:32:44	include <_bsd_types.h> on MinGW ok beck@
edebb7a6	2014-07-19T10:49:08	remove thread_private.h defines, moved to arc4random_*.h
1b1bce16	2014-07-17T23:58:46	update to newly-refactored arc4random compatibility shims the thread-private bits can move next ok beck@
d697fdb4	2014-07-17T21:20:34	initial underpinnings for mingw/cross compilation support Use canonical host rather than target so that this works: CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32 Conditionally compile Linux issetugid compatibility function ok beck@
c41fb098	2014-07-15T20:14:37	crank version
0bc4bdde	2014-07-15T17:22:39	move fork_rand.sh so it does not get run every time the test takes many minutes to run on an OS with a slow fork() call ok beck@
d3746d3a	2014-07-15T17:20:09	indicate failure to the test harness ok beck@
477f1f01	2014-07-15T16:43:00	added fork_rand test to check for PID wraparound ok beck@
32d9eeee	2014-07-15T14:50:05	register the atfork handler from arc4random From kettenis@ People have suggested using pthread_atfork(3) before, but discarded the idea because it involves linking with -lpthread, which has other undesirable consequences. However: * Most systems actually have pthread_atfork(3) in libc. I verified this on OS X and Solaris. I believe this is the case on Linux systems that use musl as well. * On Linux systems that use glibc, this isn't the case. However, those systems have __register_atfork(3), which is fully documented in the "Linux Standard Base Core Specification". ok kettenis@ deraadt@ beck@
7f2fab20	2014-07-15T14:49:34	enable the asn1 test
c5c2aa37	2014-07-14T20:50:52	Add the public signing key so it can be fetched from github
bbd51d0e	2014-07-14T16:09:18	give section 1 man pages a .1 suffix instead of .3 ok beck@
687a2966	2014-07-14T15:43:18	remove stray brackets in --with-enginesdir/openssldir support ok beck@
82610be0	2014-07-13T03:14:27	Crank ok bcook@
4b8c359b	2014-07-13T03:13:35	remove problematic DISTCLEANFILES variable ok bcook@
e0386dd2	2014-07-13T03:02:25	rc4_util.c went away ok bcook@
c1f7374d	2014-07-12T09:15:11	We're probably gonna need this for solaris 10

cccdd689

2014-11-19T07:43:07

add minimal winsock->BSD networking header shims also add license header to existing shims

1bbde19a

2014-11-20T00:24:20

add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us

58fcd3c3

2014-11-20T00:26:55

Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).

7f0646f6

2014-11-19T06:26:38

Update win32 build defines

96bf8be0

2014-11-20T08:46:02

update and mask unit tests when running on win32 Update pq_test to ignore changes in whitespace. Update for new testssl params, specify absolute paths to test binaries. Fork-based tests do not make sense on Windows. Disable building biotest, since it is too specific to OpenBSD's behavior to be useful on other platforms.

43e041a5

2014-11-21T07:09:49

don't ignore a non-existent file

2103690c

2014-11-19T22:02:17

improve readability of generated Makefile.am files

1bd0c2fb

2014-11-18T08:04:18

ignore gost and camellia dirs

29f8d827

2014-11-18T08:02:32

Enable GOST in libcrypto and libssl, contributed by Dmitry Eremin-Solenikov Ensure the public camellia.h header is installed along with gost.h

648e9136

2014-11-05T20:52:00

Use _WIN32 instead of __WIN32. ok bcook@

f223e6f1

2014-11-17T17:48:46

Add the Cammelia cipher to libcrypto. from miod@: There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.

d84aa5cb

2014-11-03T21:06:40

Quiet clang warnings about unused arguments in general. Check if we are using clang, rather than simply if we are on OS X. Note: recent LLVM releases do not seem to need this anyway.

94ec2b6b

2014-11-03T21:05:47

make 'autoreconf' work from dist tarball We need to include VERSION for it to run.

0aeb93b9

2014-10-27T19:22:03

override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@

8abf8e1e

2014-10-27T20:01:21

override native arc4random_buf on OS X While the native OS X implementation is fork-safe, it does not seed safely, as of the latest released OS X libc sources, version 997.90.3. It only uses weak sources of entropy if accessing /dev/urandom fails. ok beck@ deraadt@

e864776f

2014-10-27T20:00:58

update README to reflect current porting approach ok beck@ deraadt@

1c559194

2014-10-30T15:40:57

Add an OpenSSL compatible ./config wrapper This allows sofware expecting OpenSSL's config script, to a limited extent, to continue building without changes. Thanks to technion for pointing this out and providing the initial patch.

a2373f70

2014-10-30T10:52:29

wrap arc4random header ok @doug

a4cc9539

2014-10-29T15:44:36

Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug

727bccd0

2014-10-29T15:59:35

use the correct HOST_OS for the Windows build ok doug@

72c1e56b

2014-10-29T15:46:20

enable -lcrypto -lssl with all test programs directly. This removes the need to specify each one individually. ok doug@

ccaf9cdd

2014-10-26T09:23:03

remove duplicate (and overlapping) .1 manpages openssl.1 contains all of the information from the other application manpages, and is the only one packaged in OpenBSD. So, remove the other obsolete .1 manpages (and avoid overlapping system pages like passwd.1)

8b695e53

2014-10-22T19:12:18

set various glibc flags that also are useful with mingw for example, asprintf/vasprintf are unmasked with _GNU_SOURCE in mingw

eb26e56b

2014-10-22T13:06:36

undef LIBRESSL_INTERNAL for the pidwrap test.

a91d1013

2014-10-22T15:47:31

update string.h for include strings.h for HPUX environment

54259e50

2014-10-22T12:37:06

include a proper check for memmem when configuring unit tests This allows the proper compatibility header definition to be exposed.

48520cf6

2014-10-22T11:16:39

bump version

04bb7a66

2014-10-15T22:28:34

update with 2.1.1 changes ok beck@

a007fb9d

2014-10-14T22:51:02

LibreSSL portable README update Add more info on how to build from source, where to download it from.

24082531

2014-10-14T22:25:16

add extended ChangeLog file help people more easily find the code and changes

6b729df5

2014-10-14T22:23:16

update gitignore to see changelog

9c8cf593

2014-10-14T21:54:37

add missing commas from man links

67ec615a

2014-10-14T20:55:04

update man links

3d3c2467

2014-10-14T20:54:42

don't fail to make dist on a clean repo

cf1c1f35

2014-10-14T20:44:55

crank version

0534fffe

2014-10-13T06:12:07

update to new converted SSL manpages

5c23f251

2014-09-26T16:12:53

clear local manpage cache before generating a release tarball Remove the possibility of having any bad or old manpages in releases while still being able to cache for quick development tarballs.

3f944e83

2014-08-27T21:46:43

update for upstream move of the openssl app

e7edc4a7

2014-08-18T21:55:37

ensure compatibility with posix shell remove bash comparison, thanks kinichiro

01726893

2014-08-17T07:58:32

add --disable-asm flag for disabling inline asm Surprisingly (or not), a lot of OpenSSL's inline assembly actually makes things slower with a relatively modern compiler (read, gcc >= 4.x).

2cef68f3

2014-08-16T14:16:01

allow inline asm use default of -std=gnu99 for it to be recognized

2d719eb3

2014-08-16T08:17:32

set _DEFAULT_SOURCE on linux hosts this is the replacement for _BSD_SOURCE on newer glibc's

6dccbae6

2014-08-12T17:21:48

update stdio.h for including stdarg.h it seems that including stdarg.h is needed for defining va_list environment is hpux 11.31(ia64) with gcc 4.7.1. without stdarg.h, I got compilation error like this. "error: 'va_list' undeclared (first use in this function)" I checked with gcc -E, then I noticed that __va_list is defined but va_list is not. "typedef __gnuc_va_list __va_list;" with including stdarg.h, va_list is defined. "typedef __gnuc_va_list va_list;"

46b6df7c

2014-08-12T06:20:58

remove configure.am.tpl, pull in VERSION directly from wouter@

d6a485d1

2014-08-08T07:31:28

rebase on pull when updating the openbsd branch this avoids inadvertent local merges

00b51d5c

2014-08-02T21:43:56

conditionally build strnlen if needed. it is only used by strndup prodded by Sortie@

c95574be

2014-07-31T18:18:45

tie master libressl branch to openbsd master Added OPENBSD_BRANCH to set what branch update.sh should checkout.

3e21619b

2014-07-31T18:53:48

Crank version on HEAD to 2.1.0 2.0 cointinues on OPENBSD_5_6 branch

105da446

2014-07-30T22:16:01

define MAP_ANON for systems with MAP_ANONYMOUS switch the sense of this check

8d89fb07

2014-07-30T07:07:48

merge endian definitions between AIX/HP-UX/Solaris

ff58a2e3

2014-07-30T13:22:00

update include/machine/endian.h for hpux portability. ok bcook@

b9ff0728

2014-07-30T06:53:02

harmonize asprintf with OpenSSH * use the original name for the file from OpenSSH (remove duplicate version) * add va_copy/__va_copy checks to configure * incorporate proposed fixes to openssh version: + include more system headers directly for various definitions + limit the scope of va_copy/va_end to their affected vsnprintf calls + simplify error handling, removing a dead assignment

a07e3370

2014-07-29T18:21:58

include comment on windows services

af705b3f

2014-07-29T07:39:23

add sys/mman.h shim to define MAP_ANON if needed thanks to kinichiro for pointing this out ok deraadt@ beck@

983103b0

2014-07-28T21:06:37

stub win32 issetugid implementation ok deraadt@ beck@

46dd7aac

2014-07-28T21:00:25

added dist.sh script - generates tarball ok deraadt@ beck@

d328203f

2014-07-28T20:57:43

produce a error if platform has no arc4random hook ok deraadt@ beck@

35e2d8d0

2014-07-28T19:26:15

add asprintf / vasprintf from OpenSSH portable ok deraadt@ beck@

02ad0041

2014-07-25T14:58:53

Update endian.h for AIX/IRIX Added AIX/IRIX compatibility for endian detection. ok bcook@ deraadt@ beck@

981fc361

2014-07-28T12:09:38

Guard individual compatibility header prototypes. This is to avoid redefining prototypes from the libc headers. Also, simplify the autoconf function checks and remove some copy/paste errors checking for 'write'. ok wouter@

cd168d51

2014-07-28T07:50:48

split big line

e48e4f0e

2014-07-27T06:20:33

prefer - over /dev/stdin for cmp test

f8195c9c

2014-07-27T06:15:26

check link requirements for dl_iterate_phdr Note that gcc chose to disable this rather than cause link issues with older copies of Solaris 10: https://gcc.gnu.org/ml/gcc-patches/2012-01/msg00816.html If we want to support Solaris <10.10 (I'd rather support up-to-date versions), getentropy_solaris would need to change.

1b62d5e4

2014-07-27T06:13:54

remove bash-isms from test scripts

0a74a4d4

2014-07-27T06:11:56

add strndup/strnlen compat functions from OpenBSD

fb67b92e

2014-07-27T06:10:23

include system headers for err.h compat macros

6383a072

2014-07-27T06:09:51

remove thread_private.h, no longer needed

a5c82283

2014-07-24T20:23:24

remove per-OS arc4random_buf overrides If an OS provides an arc4random_buf implementation in its C library, prefer it over an in-library version. This allows OS-specific implementations to become more robust over time. It also prevents possible link-time confusion as to which arc4random_buf implementation is in use by an application when linked with LibreSSL. The built-in unit tests will identify some common issues, such as fork safety and PID wrap handling. Other elements, such as seeding mechanisms, should be audited by the vendor or user for correctness. ok deraadt@ beck@

55d07e70

2014-07-23T19:18:45

clarify license and origin for pidwraptest The original author clarified the license, so we are fine to ship with the PID wraparound test. Run it by default if libressl is using the native arc4random supplied from the OS. ok deraadt@

8bf6bdeb

2014-07-21T21:07:26

add calloc to the list (integer overflow..)

ee6e8828

2014-07-21T21:02:21

Update README to indicate general policy about intrinsics

dd883345

2014-07-21T20:36:14

bump version

ea6e7116

2014-07-21T18:57:06

build openbsd memmem implementation for explicit_bzero test memmem is not always available, and not all memmem's work the same way ok beck@ guenther@

451dbd96

2014-07-21T18:56:24

compute absolute paths to source removes relative path hackery ok beck@ guenther@

33bc05ca

2014-07-21T18:30:31

better handle disabled tests and exclude files ok beck@ guenther@

23dc97f8

2014-07-21T18:25:54

rename local tests to end in test.c ok beck@ guenther@

f425f564

2014-07-21T07:50:32

test for and use system explicit_bzero if it exists ok beck@ guenther@

0ec7cdcb

2014-07-21T07:34:01

include err.h shim Includes compatible replacements, or uses system err.h if available. ok beck@ guenther@

4335a49f

2014-07-21T05:40:28

use correct link order for app and tests ok beck@ guenther@

8a44ab84

2014-07-21T04:21:59

preserve timestamps on copy from upstream checkout this saves time on rebuilds when testing tarballs ok beck@ guenther@

f4d98ff1

2014-07-20T14:45:26

conditionally disable -Wpointer-sign where supported ok beck@

136ddd7a

2014-07-20T13:59:03

update guard, add win32 support for endian.h Thanks to Jonas 'Sortie' Termansen for pointing the guard inconsistency out. ok beck@

9c2c499b

2014-07-20T13:40:14

Use correct static link order for unit tests. thanks to Jonas 'Sortie' Termansen ok beck@

237250e0

2014-07-20T13:32:44

include <_bsd_types.h> on MinGW ok beck@

edebb7a6

2014-07-19T10:49:08

remove thread_private.h defines, moved to arc4random_*.h

1b1bce16

2014-07-17T23:58:46

update to newly-refactored arc4random compatibility shims the thread-private bits can move next ok beck@

d697fdb4

2014-07-17T21:20:34

initial underpinnings for mingw/cross compilation support Use canonical host rather than target so that this works: CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32 Conditionally compile Linux issetugid compatibility function ok beck@

c41fb098

2014-07-15T20:14:37

crank version

0bc4bdde

2014-07-15T17:22:39

move fork_rand.sh so it does not get run every time the test takes many minutes to run on an OS with a slow fork() call ok beck@

d3746d3a

2014-07-15T17:20:09

indicate failure to the test harness ok beck@

477f1f01

2014-07-15T16:43:00

added fork_rand test to check for PID wraparound ok beck@

32d9eeee

2014-07-15T14:50:05

register the atfork handler from arc4random From kettenis@ People have suggested using pthread_atfork(3) before, but discarded the idea because it involves linking with -lpthread, which has other undesirable consequences. However: * Most systems actually have pthread_atfork(3) in libc. I verified this on OS X and Solaris. I believe this is the case on Linux systems that use musl as well. * On Linux systems that use glibc, this isn't the case. However, those systems have __register_atfork(3), which is fully documented in the "Linux Standard Base Core Specification". ok kettenis@ deraadt@ beck@

7f2fab20

2014-07-15T14:49:34

enable the asn1 test

c5c2aa37

2014-07-14T20:50:52

Add the public signing key so it can be fetched from github

bbd51d0e

2014-07-14T16:09:18

give section 1 man pages a .1 suffix instead of .3 ok beck@

687a2966

2014-07-14T15:43:18

remove stray brackets in --with-enginesdir/openssldir support ok beck@

82610be0

2014-07-13T03:14:27

Crank ok bcook@

4b8c359b

2014-07-13T03:13:35

remove problematic DISTCLEANFILES variable ok bcook@

e0386dd2

2014-07-13T03:02:25

rc4_util.c went away ok bcook@

c1f7374d

2014-07-12T09:15:11

We're probably gonna need this for solaris 10

kc3-lang/libressl

Log