summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* KNFmiod2014-06-213-178/+186
|
* hash in correct pointerderaadt2014-06-212-4/+4
|
* Remove the OPENSSL_*cap getenv's. A program should not be able toderaadt2014-06-203-25/+5
| | | | | change the behaviour of the library in such a complicated fashion. ok miod
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* KNFbeck2014-06-202-96/+112
|
* indentderaadt2014-06-202-4/+4
|
* rearrange so that the main function with the important comments is at the topotto2014-06-202-156/+160
| | | | ok deraadt@ beck@
* Work in progress on how to deal with the inherit unreliability ofbeck2014-06-202-0/+878
| | | | | | /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
* Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both mightmiod2014-06-201-70/+0
| | | | have been used under DJGPP in the previous century (if at all).
* Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();miod2014-06-202-4/+4
| | | | | noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 )
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* free iv, then cleanse. from Cyril Jouvetedu2014-06-151-2/+2
|
* Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 ratherjsing2014-06-151-9/+4
| | | | | | than '\0' for several memset(). ok beck@ miod@
* Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()jsing2014-06-151-6/+2
| | | | | | does something special... just use calloc() instead. ok beck@ miod@
* Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().jsing2014-06-151-1/+2
| | | | ok beck@ miod@
* The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of thejsing2014-06-151-2/+2
| | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
* Add more bounded attributes to the buffer and md5/sha headers in libsslavsm2014-06-143-19/+35
| | | | ok miod@
* typomiod2014-06-131-2/+2
|
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-123-40/+97
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
* tags as requested by miod and teduderaadt2014-06-12690-609/+697
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-1/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* Tsk. Tsk. Someone forgot to compile test the other half.jsing2014-06-111-2/+2
|
* Provide support for non-funopen systems.deraadt2014-06-112-10/+32
| | | | ok beck
* c-file-style hints, begone; ok beckderaadt2014-06-1145-45/+45
|
* Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesderaadt2014-06-105-1370/+3
| | | | | | | | | | | | | collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
* KNF.jsing2014-06-108-756/+756
|
* KNF.jsing2014-06-1011-435/+516
|
* Use C99 initialisers for EVP_MD structs, for clarity, grepability and tojsing2014-06-1011-180/+266
| | | | | | protect from future field reordering/removal. No difference in generated assembly.
* use memset instead of bzeroderaadt2014-06-091-2/+2
|
* do not include dso.h where it is not needed; ok miodderaadt2014-06-093-3/+0
|
* Stop using DSO_global_lookup to reach getaddrinfo() and friendsderaadt2014-06-081-40/+3
| | | | discussed with tedu, ok jsing
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-0724-2907/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* malloc() result does not need a cast.deraadt2014-06-0748-71/+69
| | | | ok miod
* s/assember/assembler/ before someone gets offended. At the lastderaadt2014-06-0610-15/+15
| | | | | hackathon, just saying 'ass ember' was enough to start giggles. Unfortunately far more offensive stuff remains in here...
* Fix a leak that can occur when len == 0, and as a result we leak a \0 byte.logan2014-06-041-1/+1
| | | | | | (From Frantisek Boranek) OK from miod@
* Fix memory leak.logan2014-06-031-0/+1
| | | | | | (From Martin Brejcha) OK from tedu@, miod@ and deraadt@
* A few months back there was a big community fuss regarding direct-usederaadt2014-06-028-195/+2
| | | | | | | | | | | | of the intel RDRAND instruction. Consensus was RDRAND should probably only be used as an additional source of entropy in a mixer. Guess which library bends over backwards to provide easy access to RDRAND? Yep. Guess which applications are using this support? Not even one... but still, this is being placed as a trap for someone. Send this support straight to the abyss. ok kettenis
* Clean up some of the nightmare of string and pointer arithmatic inbeck2014-06-011-52/+36
| | | | | | | | | | | | | this nasty function. This gets rid of the nasty tmp variables used to hold temporary strings and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks for buf (since the original code dereferences it before checking). It also gets rid of the insane possibility this could return -1 when stuff is using the return values to compute lengths All the failure cases now return 0 and an empty string like the first error case in the original code. ok miod@ tedu@
* realloc with NULL is same as mallocderaadt2014-06-011-4/+1
| | | | ok guenther
* There is no need for is{upper,lower}() tests before to{lower,uppper}(),deraadt2014-06-012-27/+8
| | | | | since all other characters are mapped through transparently. ok jsing
* Commit this before the head-scratching leads to premature baldness:deraadt2014-06-011-1/+1
| | | | | | | | | | | | | memset(a->data, 0, (unsigned int)a->max); but the decl is: size_t max; size_t could be larger than int, especially in some of the systems OpenSSL purports to support. How do _intentionally truncating_ casts like enter into a codebase? Lack of understanding of C, at a minimum. Generally the objects are small, but this code is _intentionally unready_ for large objects. ok miod
* Remove __bio_h__attr__ wrapper around __attribute__, since earlier statementsmiod2014-06-011-10/+4
| | | | | | in this file directly use __attribute__. ok deraadt@
* Add a deprecated attribute to all CRYPTO_dbg_ functions.miod2014-06-011-10/+10
| | | | ok deraadt@
* Avoid the use of an uninitialised variable. In reality, this is a non-issuejsing2014-06-011-2/+1
| | | | | | | since the calculated value is not actually used in the uninitialised case. Change the code so that we only do the calculation if we actually need it. Issue detected by clang and reported by both brad@ and Brent Cook.
* EBCDIC support died a while ago, except in a comment.deraadt2014-06-011-2/+0
|
* Get the public headers from the official place with <openssl/ >deraadt2014-05-316-6/+7
| | | | from Brent Cook
* annoying whitespacederaadt2014-05-311-3/+3
|
* Change the actual default for returned asn1 strings to be utf8 in the code,beck2014-05-311-1/+1
| | | | | | | rather than only in the config file, to trip people up later. Found, and fix pleaded for by <spider@skuggor.se> who apparently spent hours chasing it down. ok miod@
* Add a comment documenting where libssl depends upon the current (objectionable)miod2014-05-311-0/+1
| | | | behaviour of this code, to prevent people from blindly changing it.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 21:52:21 +0000