summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-257-25/+16
| | | | | | Remove unnecessary NULL check. ok miod@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-231-4/+7
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-231-10/+17
| | | | | | | within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-231-6/+11
| | | | | | value is happily dereferenced without checking it for being non-NULL). ok beck@
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-222-12/+10
| | | | | | | EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-221-8/+8
| | | | | | | | | | | it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-226-15/+20
| | | | | NULL before an intrinsic strdup. ok miod@
* better match proposed syscall apibcook2014-07-222-16/+4
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-212-12/+12
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-216-12/+18
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-212-4/+4
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-208-8/+74
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-202-2/+42
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-202-2/+74
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* Mark the format string argument to BIO_*printf as not being allowed to be NULLguenther2014-07-201-5/+7
| | | | ok bcook@
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-196-42/+6
|
* tab lovederaadt2014-07-192-6/+6
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-196-6/+30
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-196-6/+44
|
* fixup typosbcook2014-07-196-110/+108
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-198-110/+110
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-186-66/+48
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-188-0/+486
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* avoid sys/param.h; Jonas Termansenderaadt2014-07-171-3/+4
|
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-162-2/+6
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* do not need a variable to track locking, since all code paths have itderaadt2014-07-161-5/+2
| | | | locked throughout.
* Improve RAND_write_file(), chmod crud, etc.deraadt2014-07-141-27/+19
| | | | ok tedu
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1315-60/+63
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-131-1/+2
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-138-12/+12
|
* unbreak build this needed to be an and..beck2014-07-134-8/+8
| | | | ok jsing@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-134-4/+56
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-138-8/+32
| | | | ok beck
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* Possible PBEPARAM leak in the error path.miod2014-07-131-6/+8
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without havingmiod2014-07-131-3/+9
| | | | | | | | | | | | | to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* Take out __bounded__ in the include files we use it in when not on OpenBSD.beck2014-07-134-5/+16
| | | | | | | while we can take it out in portable at compile time, it is still a problem when we install this header file on a system that doesn't support __bounded__ if this is unguarded. ok miod@ bcook@
* No need to include evp_locl.h in there.miod2014-07-136-18/+6
|
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-136-6/+30
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* remove silly castderaadt2014-07-131-2/+2
|
* No need to include asn1_mac.h here.miod2014-07-122-4/+2
|
* Remove this sentence:miod2014-07-121-3/+2
| | | | | | | ``The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them.'' This kind of naively optimistic attitude is not compatible with security.
* more MLINKSmiod2014-07-121-1/+56
|
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-122-0/+112
| | | | OK: beck@
* Remove signed/unsigned warning, statement before declaration andwouter2014-07-126-58/+64
| | | | | | add a function to use function pointers that does not take sizeof(fptr). OK beck@
* We have EVP_CIPH_FLAG_DEFAULT_ASN1 in evp.h; no need to keep constructs tomiod2014-07-121-34/+28
| | | | | | build on pre-EVP_CIPH_FLAG_DEFAULT_ASN1 codebases. ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-24 04:41:36 +0000