summaryrefslogtreecommitdiff
path: root/src/lib/libc (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move to a smaller rbytes buffer and skip a random part. Not tootto2014-06-271-3/+4
| | | | | | improve the random stream itself (it doesn't), but to introduce noise in the arc4random calling pattern. Thanks to matthew@ who pointed out bias in a previous diff, ok deraadt@ matthew@
* Add back an #ifndef MAP_INHERIT_ZERO chunk to support the old getpid()deraadt2014-06-261-1/+13
| | | | | mechanism, to aid in portability to other systems as requested. ok matthew
* document why we explicit_bzeroderaadt2014-06-251-2/+2
|
* loosen the spec for timingsafe functions slightly, so as to nottedu2014-06-211-10/+5
| | | | artificially constrain alternative implementations. ok deraadt
* Protect explicit_bzero() from link-time optimizationmatthew2014-06-211-7/+10
| | | | | | | | | | | | | | | | | | | | Modern compiler toolchains are capable of optimizing even across translation unit boundaries, so simply moving the memory clearing into a separate function is not guaranteed to clear memory. To avoid this, we take advantage of ELF weak symbol semantics, and insert a call to an empty, weakly named function. The semantics of calling this function aren't determinable until load time, so the compiler and linker need to keep the memset() call. There are still ways a toolchain might defeat this trick (e.g., optimistically expecting the weak symbol to not be overloaded, and only calling memset() if it is; promoting weak symbols to strong symbols at link-time when emitting a static binary because they won't be interposed; implementing load-time optimizations). But at least for the foreseeable future, these seem unlikely. ok deraadt
* arc4random: hard fail with raise(SIGKILL) if getentropy() returns -1matthew2014-06-201-3/+4
| | | | | | | Allow other non-zero return values in case we change our mind to return an ssize_t byte count instead of simple success/fail. ok deraadt, djm
* Move rs_chacha and rs_buf into the same memory page and don't mark itmatthew2014-06-191-22/+31
| | | | | | | | | MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu
* Always call atexit handlers as if they were registered with __cxa_atexit.kettenis2014-06-182-14/+8
| | | | | | | | | | | The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@
* Use MAP_INHERIT_ZERO in arc4random(3)matthew2014-06-171-37/+44
| | | | | | | | Now instead of calling getpid() each time a user invokes arc4random(), we're able to rely on the kernel zero'ing out the RNG state if the process forks. ok deraadt, djm
* oops, typo. James Hartley is fast at trying -currentderaadt2014-06-151-2/+2
|
* In srandomdev(), use arc4random_buf() instead of from the kernel.deraadt2014-06-151-4/+3
| | | | discussion with matthew
* For now... assume success of getentropy() just like we assumed successderaadt2014-06-131-3/+3
| | | | of sysctl(). Mark it with XXX while we consider.
* Remove deprecated RFC2292 ancillary data convenience functions.chrisz2014-06-132-488/+2
| | | | | | They are obsoleted by the RFC3542 api. ok mpi@
* use getgentropy() call. If it fails, things are pretty bad --deraadt2014-06-131-8/+3
| | | | | call abort(). this direction discussed at length with miod beck tedu matthew etc
* use getentropy; from matthewderaadt2014-06-131-5/+2
|
* Add timingsafe_memcmp().matthew2014-06-135-33/+152
| | | | ok deraadt, jmc, tedu
* Disable the "switch to insertion sort" optimization to avoid quadraticmillert2014-06-121-13/+2
| | | | behavior for certain inputs. From NetBSD. OK tedu@
* Really remove the obsolete manpages left by earlier commitchrisz2014-06-112-0/+0
| | | | which just emptied the file but didn't remove it.
* Remove manpages about deprecated RFC2292 ancillary data convenience functions.chrisz2014-06-114-769/+4
| | | | | | They are obsoleted by the RFC3542 api. ok mpi@
* mop up ifndef KERNEL goo; ok miodderaadt2014-06-1012-60/+12
|
* move random bytes buffer to be part of mmaped pages; ok tedu@otto2014-06-021-21/+18
|
* Delete the extraneous "return" statement at the end of a void function.jca2014-05-311-2/+1
| | | | From Fritjof Bornebusch.
* move all stats collecting under MALLOC_STATS; ok krw@otto2014-05-261-28/+33
|
* fix MALLOC_STATS (not compiled in by default); ok tedu@otto2014-05-211-18/+19
|
* factor out a bit of the chunk index code and use it to make sure that atedu2014-05-181-14/+33
| | | | | freed chunk is actually freeable immediately. catch more errors. hints/ok otto
* correctly match size and buffer. from enh at googletedu2014-05-171-3/+3
|
* Add missing header needed by isdigit().chl2014-05-171-4/+5
| | | | | | While there, sort headers. ok tedu@
* refactor some of the des crypt code to use fewer globals.tedu2014-05-172-42/+45
| | | | ok miod
* update NAME and MLINKS for previous;jmc2014-05-162-5/+7
|
* document crypt_checkpasstedu2014-05-161-1/+14
|
* use $2b in the bcrypt example, ok tedusthen2014-05-161-3/+3
|
* stop flushing streams in abort(). it's hackish and unsafe, and no longertedu2014-05-142-21/+13
| | | | | required. try to document this fact and some of the history. with feedback from deraadt guenther millert
* remove md5crypt.tedu2014-05-125-195/+65
| | | | | | while changing things, add a crypt_checkpass wrapper that handles most of the edge cases. (not quite ready for production, though.) ok deraadt
* change to having four freelists per size, to reduce another source oftedu2014-05-121-16/+20
| | | | | deterministic behavior. four selected because it's more than three, less than five. i.e., no particular reason.
* fix MALLOC_STATS code that was broken in rev 1.159, not compiled in by defaultotto2014-05-101-2/+2
|
* Add a bit more detail about dot notation from the old inet(3) manpage.guenther2014-05-091-3/+11
| | | | ok jmc@
* move reallocarray() to a seperate file so that -portable applicationsderaadt2014-05-083-18/+46
| | | | | can avoid reinventing the wheel ok guenther schwarze
* comment style fixhalex2014-05-071-2/+3
| | | | ok crickets@
* missing NULL checks to see if init is needed. found hard way by deraadt.tedu2014-05-061-3/+3
|
* fix stupid committedu2014-05-061-5/+5
|
* use explicit_bzerotedu2014-05-061-5/+5
|
* clear a stack buffer with explicit_bzerotedu2014-05-061-2/+2
|
* move chacha context and buffer out of bss and allow mmap to place themtedu2014-05-061-6/+16
| | | | wherever it decides it would like them. first step. ok deraadt dlg djm
* delete useless test codederaadt2014-05-041-23/+1
|
* now that 5.5 has been released with compatibility for 2b hashes,tedu2014-05-031-2/+2
| | | | switch to generating them by default. prodded by deraadt and sthen
* 1. Drop support for no minor. This variant doesn't exist anymore.tedu2014-05-031-44/+30
| | | | | | | | | | 2. Pull up the actual minor processing code into the switch that parses it. 3. atoi is actually simpler than strtonum in this case, but check the input beforehand so we don't get unexpected results. 4. Slightly more consistent style between various parse and check and increment operations on salt. ok deraadt
* tweak previous; ok sthenjmc2014-05-011-3/+3
|
* nibbles aren't enough random, use bytes. does a better job of pickingtedu2014-05-011-14/+14
| | | | | a free chunk at random and may allow to increase delayed chunk array. ok otto
* first cut at documenting the change to malloc doing a partial 'junk' bysthen2014-04-301-2/+7
| | | | default and the new 'j' option to disable this; ok jmc@
* Implement AI_ADDRCONFIGsperreault2014-04-281-3/+14
| | | | | | | | | | | | | | | | | | | | This is a getaddrinfo() flag that is defined thusly in RFC 3493: If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be returned only if an IPv4 address is configured on the local system, and IPv6 addresses shall be returned only if an IPv6 address is configured on the local system. The loopback address is not considered for this case as valid as a configured address. For example, when using the DNS, a query for AAAA records should occur only if the node has at least one IPv6 address configured (other than IPv6 loopback) and a query for A records should occur only if the node has at least one IPv4 address configured (other than the IPv4 loopback). The flag is set by default when hints is NULL. ok Eric Faurot, Jason McIntyre
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 07:27:09 +0000