openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2014-06-21	Pull out the sequence number selection and handle this up front. Also, the	jsing	2	-18/+12
	correct record is already known, so avoid reassignment.
2014-06-21	More KNF and clean up.	jsing	2	-26/+18

2014-06-21	More KNF.	jsing	16	-122/+112

2014-06-21	KNF	miod	6	-248/+274

2014-06-21	KNF	miod	6	-356/+372

2014-06-21	Fix memory leak in error path.	logan	2	-4/+4
	OK from miod@
2014-06-21	Protect explicit_bzero() from link-time optimization	matthew	1	-7/+10
	Modern compiler toolchains are capable of optimizing even across translation unit boundaries, so simply moving the memory clearing into a separate function is not guaranteed to clear memory. To avoid this, we take advantage of ELF weak symbol semantics, and insert a call to an empty, weakly named function. The semantics of calling this function aren't determinable until load time, so the compiler and linker need to keep the memset() call. There are still ways a toolchain might defeat this trick (e.g., optimistically expecting the weak symbol to not be overloaded, and only calling memset() if it is; promoting weak symbols to strong symbols at link-time when emitting a static binary because they won't be interposed; implementing load-time optimizations). But at least for the foreseeable future, these seem unlikely. ok deraadt
2014-06-21	hash in correct pointer	deraadt	2	-4/+4

2014-06-20	Remove the OPENSSL_*cap getenv's. A program should not be able to	deraadt	6	-50/+10
	change the behaviour of the library in such a complicated fashion. ok miod
2014-06-20	wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protect	deraadt	2	-4/+4
	setuid applications from being fooled. ok miod
2014-06-20	KNF	beck	2	-96/+112

2014-06-20	indent	deraadt	2	-4/+4

2014-06-20	rearrange so that the main function with the important comments is at the top	otto	2	-156/+160
	ok deraadt@ beck@
2014-06-20	Work in progress on how to deal with the inherit unreliability of	beck	2	-0/+878
	/dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
2014-06-20	Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both might	miod	2	-140/+0
	have been used under DJGPP in the previous century (if at all).
2014-06-20	Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();	miod	4	-8/+8
	noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 )
2014-06-20	Simple regress test for the amd64 bn_mul_mont bug found by Joyent	miod	3	-2/+86
	( https://github.com/joyent/node/issues/7704 ), about to be fixed in libcrypto.
2014-06-20	Move the crypto/bn regression test one directory deeper in preparation for	miod	3	-7/+15
	it getting siblings.
2014-06-20	arc4random: hard fail with raise(SIGKILL) if getentropy() returns -1	matthew	1	-3/+4
	Allow other non-zero return values in case we change our mind to return an ssize_t byte count instead of simple success/fail. ok deraadt, djm
2014-06-19	convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring	tedu	18	-44/+44
	libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
2014-06-19	check stack push return and make some effort to clean up. ok beck miod	tedu	2	-4/+12

2014-06-19	improve error checking. set error code on error, and check malloc return.	tedu	2	-4/+26
	add missing unlock in one case. ok lteo miod
2014-06-19	Move rs_chacha and rs_buf into the same memory page and don't mark it	matthew	1	-22/+31
	MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu
2014-06-18	Always call atexit handlers as if they were registered with __cxa_atexit.	kettenis	3	-19/+13
	The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@
2014-06-18	Add regress tests to make sure arc4random(3) is reinitialized	matthew	3	-2/+181
	correctly in fork children.
2014-06-18	In ssl3_send_newsession_ticket(), fix a memory leak in an error path.	miod	2	-4/+8

2014-06-18	Missinc calloc() return value check; ok deraadt@	miod	1	-1/+5

2014-06-18	Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in the	miod	2	-8/+20
	error paths from tls_decrypt_ticket(). ok tedu@
2014-06-18	Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()	miod	2	-22/+22
	when no storage buffer is passed. ok deraadt@ tedu@
2014-06-18	In SSL_COMP_add_compression_method(), make sure error cases actually return	miod	2	-4/+4
	`error' rather than `success'. ok deraadt@
2014-06-17	ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.	tedu	2	-4/+8

2014-06-17	Use MAP_INHERIT_ZERO in arc4random(3)	matthew	1	-37/+44
	Now instead of calling getpid() each time a user invokes arc4random(), we're able to rely on the kernel zero'ing out the RNG state if the process forks. ok deraadt, djm
2014-06-15	free iv, then cleanse. from Cyril Jouve	tedu	2	-4/+4

2014-06-15	Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 rather	jsing	2	-18/+8
	than '\0' for several memset(). ok beck@ miod@
2014-06-15	Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()	jsing	2	-12/+4
	does something special... just use calloc() instead. ok beck@ miod@
2014-06-15	Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().	jsing	2	-2/+4
	ok beck@ miod@
2014-06-15	The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of the	jsing	2	-4/+4
	EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
2014-06-15	Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),	jsing	7	-55/+28
	so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
2014-06-15	oops, typo. James Hartley is fast at trying -current	deraadt	1	-2/+2

2014-06-15	In srandomdev(), use arc4random_buf() instead of from the kernel.	deraadt	1	-4/+3
	discussion with matthew
2014-06-14	Add more bounded attributes to the buffer and md5/sha headers in libssl	avsm	6	-38/+70
	ok miod@
2014-06-13	typo	miod	2	-4/+4

2014-06-13	For now... assume success of getentropy() just like we assumed success	deraadt	1	-3/+3
	of sysctl(). Mark it with XXX while we consider.
2014-06-13	Correctly calculate the key block length when using export ciphers.	jsing	2	-2/+10

2014-06-13	Overhaul the keyblock handling in ssl3_change_cipher_state(). Use	jsing	1	-32/+45
	meaningful variable names with use with pointer arithmitic rather than complex array indexing.
2014-06-13	Correctly calculate the key block length when used with export ciphers.	jsing	1	-17/+24
	While here, use meaningful variable names and simplify the calculation.
2014-06-13	Remove deprecated RFC2292 ancillary data convenience functions.	chrisz	2	-488/+2
	They are obsoleted by the RFC3542 api. ok mpi@
2014-06-13	use getgentropy() call. If it fails, things are pretty bad --	deraadt	1	-8/+3
	call abort(). this direction discussed at length with miod beck tedu matthew etc
2014-06-13	use getentropy; from matthew	deraadt	1	-5/+2

2014-06-13	Use meaningful variable names, rather than i, j, k and cl.	jsing	1	-23/+27