summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* mop up a barely started project... getting in the way of grepping the tree!deraadt2014-11-221-4/+0
|
* Oops, make sure camellia is compiled on platforms without an arch-specificmiod2014-11-201-1/+2
| | | | Makefile.inc (i.e. landisk and m88k)
* Enable the build of GOST routines in libcrypto. Riding upon the Cammeliamiod2014-11-181-6/+6
| | | | libcrypto minor bump.
* Add the Cammelia cipher to libcrypto.miod2014-11-1712-12/+33
| | | | | | | | | | | | | | | | | | There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
* correct the failure case for getentropy on win32bcook2014-11-111-3/+3
| | | | | | CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails. From: Dongsheng Song <dongsheng.song@gmail.com>
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-091-1/+10
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Introduce EVP_MD_CTX_ctrl(), to allow for fine control of a given digest.miod2014-11-091-1/+1
| | | | | | | | | This functionality was already available (and optional), and used in the bowels of the ASN.1 code. This exposes it as a public interface, which will be used by the upcoming GOST code. Crank libcrypto minor version. From Dmitry Eremin-Solenikov.
* Add hooks to override native arc4random_buf on FreeBSD.bcook2014-11-032-0/+149
| | | | | | | | | | | | | | | | The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
* include header needed by older linux kernelsbcook2014-10-111-1/+2
| | | | not all versions of <linux/random.h> include <linux/types.h> by default
* Revert r1.5 and reenable assembler version of ghash now that it has beenmiod2014-09-271-3/+3
| | | | fixed.
* Disable assembler code for ghash on hppa, causes wrong computations in somemiod2014-09-272-4/+4
| | | | | cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
* preserve errno value on success.bcook2014-08-281-4/+6
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* only build the getrandom path if SYS_getrandom is defined.bcook2014-08-161-3/+7
| | | | like the sysctl path
* getrandom(2) support for getentropy_linuxbcook2014-08-161-13/+10
| | | | | | | | | | | This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
* munmap correct object in (extremely unlikely, and effectively terminal)deraadt2014-08-133-6/+6
| | | | | case of failing to map the 2nd object. found by Paul Maurers
* Guard RSA / RC4-5 ASM when NO_ASM is not definedbcook2014-08-111-1/+3
| | | | | | | | | Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD.
* Remove SRP code. It contains a bug (this should not surprise anyone), buttedu2014-07-281-5/+1
| | | | | | | | | | | the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
* better match proposed syscall apibcook2014-07-221-8/+2
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-211-6/+6
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-213-6/+9
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-211-2/+2
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-204-4/+37
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-201-1/+21
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-201-1/+37
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-193-21/+3
|
* tab lovederaadt2014-07-191-3/+3
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-193-3/+15
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-193-3/+22
|
* fixup typosbcook2014-07-193-55/+54
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-194-55/+55
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-183-33/+24
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-184-0/+243
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-161-1/+3
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-132-2/+28
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-134-4/+16
| | | | ok beck
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-133-3/+15
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-121-0/+56
| | | | OK: beck@
* Remove signed/unsigned warning, statement before declaration andwouter2014-07-123-29/+32
| | | | | | add a function to use function pointers that does not take sizeof(fptr). OK beck@
* Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenmiod2014-07-121-4/+1
| | | | done for other symmetric algorithms recently.
* guard inclusion of sys/sysctl.h so we can detect at compile time andbeck2014-07-121-1/+3
| | | | | keep linux distros happy that don't have it. ok bcook@
* remove gratuitous differences, ok beckderaadt2014-07-121-39/+40
|
* remove gratuitous differences, ok beck bcookderaadt2014-07-122-12/+12
|
* Solaris uses a symbolic link for /dev/urandom which harms best practice ofbeck2014-07-121-18/+34
| | | | | using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
* odds are that some ABI change occured today, no matter how careful everyonederaadt2014-07-121-1/+1
| | | | is
* i'm a dumbdumb. fix build.tedu2014-07-1114-15/+15
|
* move all the feature settings to a common header.tedu2014-07-1115-938/+17
| | | | probably ok beck jsing miod
* Make sure we leave OPENSSL_NO_PSK in the conf files so thingsbeck2014-07-1113-0/+13
| | | | | can know... ok jsing@
* remove unused variables getentropy for OS Xbcook2014-07-091-3/+3
| | | | ok beck@
* RSA_NULL used to be a compile option allowing the RSA interfaces to bemiod2014-07-091-2/+2
| | | | | | | | compiled-in, with nonfunctional code, to be able to cope with the RSA patent. However, we don't use this option, and the RSA patent has expired more than 10 years ago, so just drop this piece.
* Remove undocumented _des_crypt() interface and its companion header file,miod2014-07-081-2/+2
| | | | | | | which had never been installed, so it's unlikely something ever used this in the last 15~20 years. ok deraadt@ jsing@ beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:32:06 +0000