summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/buffer/buffer.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-07-13While we thought this would make portable life easier it actuallybeck1-3/+1
makes it much harder. ok bcook@ kettenis@
2014-07-13No need to include evp_locl.h in there.miod12-36/+12
2014-07-13Take away the use of the address of main as a source of entropy. Causesbeck6-6/+30
distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
2014-07-13KNF and some code cleaning.jsing2-72/+92
2014-07-13remove silly castderaadt2-4/+4
2014-07-13Another large dose of KNF.jsing2-472/+814
2014-07-12Apply a large dose of KNF.jsing2-252/+404
2014-07-12duplicate function names in head1miod2-2/+2
2014-07-12The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing18-236/+236
Based on changes to OpenSSL trunk. ok beck@ miod@
2014-07-12No need to include asn1_mac.h here.miod4-8/+4
2014-07-12remove double brackets. fixes build with clang.jsg2-4/+4
ok jsing@
2014-07-12Remove this sentence:miod2-6/+4
``The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them.'' This kind of naively optimistic attitude is not compatible with security.
2014-07-12more MLINKSmiod1-1/+56
2014-07-12getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2-0/+112
OK: beck@
2014-07-12Remove signed/unsigned warning, statement before declaration andwouter6-58/+64
add a function to use function pointers that does not take sizeof(fptr). OK beck@
2014-07-12We have EVP_CIPH_FLAG_DEFAULT_ASN1 in evp.h; no need to keep constructs tomiod2-68/+56
build on pre-EVP_CIPH_FLAG_DEFAULT_ASN1 codebases. ok jsing@
2014-07-12Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenmiod19-314/+73
done for other symmetric algorithms recently.
2014-07-12Provide ssl_version_string() function, which uses one of those modern Cjsing8-56/+62
constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
2014-07-12In openssl_startup(), call SSL_library_init() and SSL_load_error_strings().jsing8-28/+10
This allows us to remove the ERR_load_crypto_strings() call, along with the various SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() calls scattered around the place. ok beck@
2014-07-12Make the BLOCK_CIPHER_{generic,custom} macros expand to more readable structmiod2-134/+204
definitions using C99 field initializers. No functional change.
2014-07-12Wrap "thread_private.h" with #ifdef __OpenBSD__ so that other systemsderaadt1-1/+3
can copy this file (plus chacha_private.h) directly and reuse it trivially. Well, as long as they have a getentropy() as well.. ok beck
2014-07-12Remove extra parenthesis.jsing2-4/+4
2014-07-12need_cert is now always true, so remove the variable and associatedjsing2-66/+42
conditionals. ok miod@
2014-07-12More KNF.jsing1-95/+108
2014-07-12Remove #ifndefs for OPENSSL_NO_DH, OPENSSL_NO_ECDH andjsing1-41/+0
OPENSSL_NO_X509_VERIFY. We're not going to build with these and the same removal has already been done for libssl.
2014-07-12openssl(1) is only built as a single monolithic binary, so just calljsing39-154/+47
load_config() once when we start. ok miod@
2014-07-12jsing and I are investigating removal of all? most? 'getenv from library'deraadt2-2/+6
instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
2014-07-12A few fixes/improvements:miod2-40/+38
- first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
2014-07-12Make sure the return value of X509_NAME_oneline(, NULL,) is checked againstmiod4-10/+26
NULL. ok deraadt@ guenther@ jsing@
2014-07-12if (x) FOO_free(x) -> FOO_free(x).miod128-1098/+638
Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
2014-07-12more MLINKsmiod1-1/+4
2014-07-12guard inclusion of sys/sysctl.h so we can detect at compile time andbeck2-2/+6
keep linux distros happy that don't have it. ok bcook@
2014-07-12Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod6-6/+24
X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
2014-07-12remove gratuitous differences, ok beckderaadt2-78/+80
2014-07-12remove gratuitous differences, ok beck bcookderaadt4-24/+24
2014-07-12Split arc4random_uniform into it's own file, to assist other projectsderaadt3-39/+60
now using this as upstream code. The particular problem is systems that contain older arc4random derivations lacking arc4random_uniform(). ok tedu miod
2014-07-12Solaris uses a symbolic link for /dev/urandom which harms best practice ofbeck2-36/+68
using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
2014-07-12Remove remnants from PSK, KRB5 and SRP.jsing16-318/+86
ok beck@ miod@
2014-07-12typosmiod6-10/+10
2014-07-12Place comments in a block above the if statement, rather than attemptingjsing4-94/+126
to interleave them within the conditions. Also fix wrapping and indentation.
2014-07-12Make disabling last cipher work.guenther2-18/+18
From Thijs Alkemade via OpenSSL trunk ok miod@
2014-07-12-DOPENSSL_NO_KRB5 is no longer neededderaadt1-2/+2
ok guenther
2014-07-12odds are that some ABI change occured today, no matter how careful everyonederaadt2-2/+2
is
2014-07-12enough churn, a crank is advised by guenther..deraadt2-2/+2
2014-07-12Initial version of libressl - a library that provides a clean, simple,jsing9-0/+847
consistent and secure-by-default API for SSL clients (and soon servers). This is a long way from complete and the interface will likely change substantially - committing now so that further work can happen in the tree. Initiated by tedu@ and inspired by discussions with tedu@, beck@ and other developers.
2014-07-11As reported by David Ramos, most consumer of ssl_get_message() perform latemiod6-106/+296
bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
2014-07-11Provide LIBRESSL_VERSION_NUMBER for people who use such things tobeck2-2/+4
detect versions distinct from OPENSSL_BLAH_WOOF.. ok jsing@ tedu@ deraadt@
2014-07-11Another regress test for OpenSSL PR #3397 (Joyent 7704), from agl via OpenSSLmiod1-0/+57
RT.
2014-07-11Regression test for PKCS5_PBKDF2_HMAC(), written by Christian Heimes ; frommiod3-1/+224
OpenSSL trunk
2014-07-11missing \deraadt1-2/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 03:19:31 +0000