| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
circular lists. Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go. Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
being-standardized <endian.h>
ok deraadt@ millert@ beck@
|
| |
|
|
|
|
|
|
| |
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.
ok deraadt@
|
| |
|
|
|
|
|
|
|
| |
6.11.5 - Storage-class specifiers:
The placement of a storage-class specifier other than at the
beginning of the declaration specifiers in a declaration is
an obsolescent feature.
Diff from Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
into one if a system has an awesome getentropy(). In that case it
is valid to totally throw away the rsx state in the child. If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix. _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew
|
| |
|
|
| |
Reminded by Rafael Neves
|
| | |
|
| |
|
|
|
|
|
| |
align with POSIX and other systems.
Pointed out by Elliott Hughes on tech
ok deraadt
|
| |
|
|
|
| |
making it much easier for libressl -portable to fill in the gaps.
ok bcook beck
|
| |
|
|
| |
and random(). Sigh.
|
| |
|
|
|
| |
address space, and once allocated rs is never deallocated."
document the forkhandler to save reviewers time, with matthew
|
| | |
|
| |
|
|
| |
ok deraadt@ beck@ kettenis@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
high bit as required by posix. wouldn't want to break any standards.
idea and ok deraadt
|
| |
|
|
|
|
| |
Update byteorder(3) to cover the new functions in <endian.h>
ok deraadt@ millert@
|
| |
|
|
|
| |
makes it much harder.
ok bcook@ kettenis@
|
| |
|
|
|
|
| |
can copy this file (plus chacha_private.h) directly and reuse it
trivially. Well, as long as they have a getentropy() as well..
ok beck
|
| |
|
|
|
|
| |
now using this as upstream code. The particular problem is systems
that contain older arc4random derivations lacking arc4random_uniform().
ok tedu miod
|
| |
|
|
|
|
|
| |
__atexit tables and touches global variables. From Srinavasa Nagaraju
through Android/Elliott Hughes.
ok tedu@, guenther@
|
| |
|
|
| |
ok deraadt
|
| |
|
|
|
| |
handlers. if this happens, restart the loop.
ok kettenis matthew millert miod
|
| |
|
|
| |
ok otto
|
| |
|
|
| |
new wording agreed by at least kettenis@ millert@ otto@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@ deraadt@ jsing@ guenther@
|
| |
|
|
| |
portable code path must handle that; with brent cook
|
| | |
|
| |
|
|
|
|
| |
improve the random stream itself (it doesn't), but to introduce
noise in the arc4random calling pattern. Thanks to matthew@ who
pointed out bias in a previous diff, ok deraadt@ matthew@
|
| |
|
|
|
| |
mechanism, to aid in portability to other systems as requested.
ok matthew
|
| | |
|
| |
|
|
| |
artificially constrain alternative implementations. ok deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modern compiler toolchains are capable of optimizing even across
translation unit boundaries, so simply moving the memory clearing into
a separate function is not guaranteed to clear memory.
To avoid this, we take advantage of ELF weak symbol semantics, and
insert a call to an empty, weakly named function. The semantics of
calling this function aren't determinable until load time, so the
compiler and linker need to keep the memset() call.
There are still ways a toolchain might defeat this trick (e.g.,
optimistically expecting the weak symbol to not be overloaded, and
only calling memset() if it is; promoting weak symbols to strong
symbols at link-time when emitting a static binary because they won't
be interposed; implementing load-time optimizations). But at least
for the foreseeable future, these seem unlikely.
ok deraadt
|
| |
|
|
|
|
|
| |
Allow other non-zero return values in case we change our mind to
return an ssize_t byte count instead of simple success/fail.
ok deraadt, djm
|
| |
|
|
|
|
|
|
|
| |
MAP_INHERIT_ZERO anymore. This restores arc4random's previous
behavior where fork children would mix in some randomness from the
parent process.
New behavior noticed by deraadt
ok deraadt, tedu
|
| |
|
|
|
|
|
|
|
|
|
| |
The extra argument doesn't hurt genuine atexit handlers and this fixes a
bug where we didn't provide the argument (effectively passing garbage) for
functions registered with __cxa_atexit in the main executable.
Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes
<enh@google.com>.
ok matthew@
|
| |
|
|
|
|
|
|
| |
Now instead of calling getpid() each time a user invokes arc4random(),
we're able to rely on the kernel zero'ing out the RNG state if the
process forks.
ok deraadt, djm
|
| | |
|
| |
|
|
| |
discussion with matthew
|
| |
|
|
| |
of sysctl(). Mark it with XXX while we consider.
|
| |
|
|
|
|
| |
They are obsoleted by the RFC3542 api.
ok mpi@
|
| |
|
|
|
| |
call abort().
this direction discussed at length with miod beck tedu matthew etc
|
| | |
|
