summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand (follow)
Commit message (Collapse)AuthorAgeFilesLines
* libcrypto: constify most error string tablestb2024-06-241-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* Finish hiding symbols in rand.hbeck2024-04-103-5/+13
| | | | | This removes the LIBRESSL_INTERNAL guards and marks the functions within as LCRYPTO_UNUSED
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-192-14/+2
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Unbreak the namespace build after a broken mk.conf and tool misfire hadbeck2023-07-072-12/+2
| | | | | | | | me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
* hide symbols in sm, rand, and poly1305beck2023-07-073-3/+18
| | | | ok jsing@
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-4/+2
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
| | | | ok miod@
* rand_err doesn't exist anymore, coverity 78808beck2015-07-181-3/+3
| | | | ok doug@
* Place most of the RAND_* functions under #ifndef LIBRESSL_INTERNAL (somejsing2014-10-221-1/+4
| | | | are still needed for the engine). Our code should use arc4random instead.
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-222-6/+5
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-141-27/+19
| | | | ok tedu
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-2/+1
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-103-5/+11
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* tags as requested by miod and teduderaadt2014-06-124-3/+4
|
* More KNF.jsing2014-05-241-2/+2
|
* KNF.jsing2014-05-244-91/+91
|
* Another e_os2.h -> opensslconf.h.jsing2014-05-241-1/+3
|
* use intrinsic strlcpy and strlcat everywhere so we only have one set ofbeck2014-04-191-1/+1
| | | | | | funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat for API comptibility only. ok tedu@
* Put the final pieces from e_os.h in the required places, and remove it.deraadt2014-04-181-1/+0
| | | | | "dance on it's grave" says beck ok guenther beck
* another round of chemo for the RAND code to provide clarity.tedu2014-04-184-379/+85
| | | | ok deraadt
* egd support is too dangerous to leave where somebody might find it.tedu2014-04-182-113/+0
| | | | ok deraadt.
* define RFILE only in the file that needs itderaadt2014-04-181-1/+1
|
* Some software expects RAND_status() to return 1 for success, so alwaysreyk2014-04-161-2/+10
| | | | | | | return 1 in the arc4random backend because there is no possible error condition. Unbreaks lynx, git and friends. ok miod@ dcoppa@
* API compat fix. RAND_load_file can never fail now. discovered and ok beck.tedu2014-04-161-3/+7
|
* we don't use these files for buildingtedu2014-04-151-77/+0
|
* Moved to regress/lib/libcrypto.miod2014-04-151-219/+0
|
* Replace the old OpenSSL PRNG by direct use of arc4random_buf(), keeping themiod2014-04-158-1565/+52
| | | | | | | | | | | | | | | | | | | | | existing RAND interfaces unchanged. All interfaces allowing external feed or seed of the RNG (either from a file or a local entropy gathering daemon) are kept for ABI compatibility, but are no longer do anything. While the OpenSSL PRNG was required 15+ years ago when many systems lacked proper entropy collection, things have evolved and one can reasonably assume it is better to use the kernel (system global) entropy pool rather than trying to build one's own and having to compensate for thread scheduling... <RANT> Whoever thought that RAND_screen(), feeding the PRNG with the contents of the local workstation's display, under Win32, was a smart idea, ought to be banned from security programming. </RANT> ok beck@ deraadt@ tedu@
* remove auto-generated dependencies from the old unused build system, soderaadt2014-04-141-87/+0
| | | | | that it is easier to find code pieces. They are getting in the way. ok miod
* Don't bother compiling files which end up containingmiod2014-04-144-1291/+0
| | | | | | #if OPENSSL_SYS_NOTYOURS <whole file> #endif
* Remove some stuff that isn't needed.beck2014-04-131-1/+1
| | | | ok miod@ deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-136-9/+39
|
* resolve conflictsdjm2012-10-135-18/+149
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-34/+74
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-033-9/+24
|
* This commit was generated by cvs2git to track changes on a CVS vendordjm2011-11-031-2/+2
|\ | | | | branch.
| * import OpenSSL 1.0.0edjm2011-11-031-2/+2
| |
* | resolve conflicts, fix local changesdjm2010-10-0113-570/+209
| |
* | resolve conflictsdjm2009-04-062-3/+3
| |
* | resolve conflictsdjm2009-01-097-47/+233
| |
* | This commit was generated by cvs2git to track changes on a CVS vendordjm2009-01-091-0/+152
|\ \ | | | | | | branch.
| * | import openssl-0.9.8jdjm2009-01-094-29/+232
| | |
* | | update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-6/+11
| | |
* | | use one call to arc4random_buf() instead of lots of arc4random()djm2008-09-101-8/+2
| | |
* | | resolve conflictsdjm2008-09-069-137/+165
| | |
* | | This commit was generated by cvs2git to track changes on a CVS vendordjm2008-09-061-89/+52
|\| | | | | | | | branch.
| * | import of OpenSSL 0.9.8hdjm2008-09-066-183/+200
| | |
* | | This commit was generated by cvs2git to track changes on a CVS vendordjm2008-09-061-0/+183
|\ \ \ | | |/ | |/| branch.
| * | import of OpenSSL 0.9.8hdjm2008-09-061-0/+183
| | |
| * | import openssl-0.9.7dmarkus2004-04-071-4/+6
| | |
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:01:13 +0000