summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* fixup typosbcook2014-07-193-55/+54
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-194-55/+55
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-183-33/+24
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-184-0/+243
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-161-1/+3
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-132-2/+28
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-134-4/+16
| | | | ok beck
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-133-3/+15
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-121-0/+56
| | | | OK: beck@
* Remove signed/unsigned warning, statement before declaration andwouter2014-07-123-29/+32
| | | | | | add a function to use function pointers that does not take sizeof(fptr). OK beck@
* Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenmiod2014-07-121-4/+1
| | | | done for other symmetric algorithms recently.
* guard inclusion of sys/sysctl.h so we can detect at compile time andbeck2014-07-121-1/+3
| | | | | keep linux distros happy that don't have it. ok bcook@
* remove gratuitous differences, ok beckderaadt2014-07-121-39/+40
|
* remove gratuitous differences, ok beck bcookderaadt2014-07-122-12/+12
|
* Solaris uses a symbolic link for /dev/urandom which harms best practice ofbeck2014-07-121-18/+34
| | | | | using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
* odds are that some ABI change occured today, no matter how careful everyonederaadt2014-07-121-1/+1
| | | | is
* i'm a dumbdumb. fix build.tedu2014-07-1114-15/+15
|
* move all the feature settings to a common header.tedu2014-07-1115-938/+17
| | | | probably ok beck jsing miod
* Make sure we leave OPENSSL_NO_PSK in the conf files so thingsbeck2014-07-1113-0/+13
| | | | | can know... ok jsing@
* remove unused variables getentropy for OS Xbcook2014-07-091-3/+3
| | | | ok beck@
* RSA_NULL used to be a compile option allowing the RSA interfaces to bemiod2014-07-091-2/+2
| | | | | | | | compiled-in, with nonfunctional code, to be able to cope with the RSA patent. However, we don't use this option, and the RSA patent has expired more than 10 years ago, so just drop this piece.
* Remove undocumented _des_crypt() interface and its companion header file,miod2014-07-081-2/+2
| | | | | | | which had never been installed, so it's unlikely something ever used this in the last 15~20 years. ok deraadt@ jsing@ beck@
* getentropy for osx and solaris. will be needed for a portable releasebeck2014-07-082-0/+838
|
* fix oops, accidental delete.. darn copying of files between machinesbeck2014-07-081-2/+2
|
* j should be an int, like repeatbeck2014-07-081-3/+4
|
* unbreak last commit - but same intent, make re-seed less expensivebeck2014-07-081-12/+16
|
* repeat calls to getentrypy() with the same pid likely indicate reseeds.deraadt2014-07-081-3/+10
| | | | | | Since we assume the PRNG above is doing "something old, something new" folding, shortcut and do fewer repeats through the timing loop. ok beck
* fix HD() misuse; from brent cookderaadt2014-06-261-2/+2
|
* AT_BASE returns us the *address* of the start of ld.so, sobeck2014-06-251-2/+2
| | | | | use the address, not what it points to (which is always the same) ok deraadt@
* get the page of data at AT_SYSINFO_EHDRbeck2014-06-251-2/+2
| | | | ok deraadt@
* comment fixes from theobeck2014-06-251-5/+6
|
* Possibly obtain a little bit of entropy from addresses returnedbeck2014-06-251-2/+23
| | | | | by getauxval if we have it. ok deraadt@
* O_NOFOLLOW would be very nice to have here if the version of linuxbeck2014-06-251-10/+11
| | | | | we are running supports it. from enh@google.com
* Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals itmiod2014-06-241-2/+2
| | | | | should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
* Crank libcrypto major since my previous commit changed the size of thejsing2014-06-241-1/+1
| | | | ChaCha context. Other changes will also ride this crank.
* unbreak build of getentropy_sysctl - we need linux/sysctl.h, andbeck2014-06-231-18/+21
| | | | RANDOM_UUID is an enum member.
* unbreak - main needs to be extern in here somewhere.beck2014-06-231-1/+2
|
* repair indentation for an inner loop; shorten some macros and variablederaadt2014-06-211-129/+135
| | | | | names to shorten line lengths ok beck
* hash in correct pointerderaadt2014-06-211-2/+2
|
* KNFbeck2014-06-201-48/+56
|
* indentderaadt2014-06-201-2/+2
|
* rearrange so that the main function with the important comments is at the topotto2014-06-201-78/+80
| | | | ok deraadt@ beck@
* Work in progress on how to deal with the inherit unreliability ofbeck2014-06-201-0/+439
| | | | | | /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
* Provide support for non-funopen systems.deraadt2014-06-111-2/+2
| | | | ok beck
* Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesderaadt2014-06-101-2/+2
| | | | | | | | | | | | | collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
* A few months back there was a big community fuss regarding direct-usederaadt2014-06-021-2/+2
| | | | | | | | | | | | of the intel RDRAND instruction. Consensus was RDRAND should probably only be used as an additional source of entropy in a mixer. Guess which library bends over backwards to provide easy access to RDRAND? Yep. Guess which applications are using this support? Not even one... but still, this is being placed as a trap for someone. Send this support straight to the abyss. ok kettenis
* Fix ia64 cross-gcc target.tobiasu2014-05-271-0/+3
| | | | | | opensslconf.h is just a dummy, we're lightyears away from working userspace. ok deraadt@
* "for every change..."tedu2014-05-251-1/+1
|
* define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselvestedu2014-05-251-1/+2
| | | | ok beck
* When OPENSSL_LOAD_CONF was added it ended up with more #if 0 code,jsing2014-05-161-2/+2
| | | | | | | | | | | more #ifdefs and a new source file that contains a single function. Nuke the #if 0 code that is now a macro and move the single function in evp_acnf.c to c_all.c, which is where the other code lives. While here, tidy evp.h slightly, remove an unnecessary #ifdef __OpenBSD__ and nuke a comment that is now a lie. ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-02 11:35:39 +0000