summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Don't support very old versions of Netscape (is there any other kind?).doug2015-02-071-6/+5
| | | | | | | | | | | | | | Apparently "very old" Netscape versions illegally included empty content and a detached signature. OpenSSL removed the #if 0 that protected these users and added a new button OPENSSL_DONT_SUPPORT_OLD_NETSCAPE. It appears to be off by default to keep the hopes and dreams of very old Netscape users alive. We decided to be rebels and disable support. If you installed your browser from floppy disks, it's time to upgrade! Based on OpenSSL commit: 02a938c953b3e1ced71d9a832de1618f907eb96d ok tedu@, miod@, jsing@
* Delete a lot of #if 0 code in libressl.doug2015-02-0745-673/+55
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Crank major for libcrypto since symbols have been removed.jsing2015-02-072-4/+4
| | | | Requested by deraadt@
* Combine c_allc.c and c_alld.c into c_all.c - there is not much point havingjsing2015-02-074-363/+232
| | | | | | | this split across files, especially when two of them have less code than license text. ok bcook@ beck@ doug@ miod@
* Declare the x509_(mem|file|dir)_lookup symbols as static because theyreyk2015-02-053-6/+6
| | | | | | | | shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-287-9/+58
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* Use field names in struct initialisers.jsing2015-01-223-33/+33
| | | | No change to generated assembly.
* Add X509_STORE_load_mem() to load certificates from a memory bufferreyk2015-01-226-6/+171
| | | | | | | | | | | instead of disk. OpenSSL didn't provide a built-in API from loading certificates in a chroot'ed process that doesn't have direct access to the files. X509_STORE_load_mem() provides a new backend that will be used by libssl and libtls to implement such privsep-friendly functionality. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Assume that the size of a pointer will not change at runtime.bcook2015-01-221-28/+15
| | | | | | | Change the runtime check for whether a long is smaller than a pointer to a compile-time check. Replace the silly hash for LLP64 platforms. ok tedu@
* Add arc4random/getentropy shims for NetBSD.bcook2015-01-194-0/+300
| | | | | | | | | | The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state after a fork, so provide an override until the fork-safe version in CVS appears in a release. These are the same as the FreeBSD shims. ok deraadt@
* Delete the MANLINT variable and the related SUFFIXES rules becauseschwarze2015-01-161-2/+2
| | | | | | | | since yesterday, "mandoc -Tlint -Wfatal" can no longer fail. Instead, as suggested by deraadt@, provide a manlint target that is *not* run during make build, but can be run whenever you want to check syntax of manuals. "nice stuff" deraadt@
* back in september I did the large abstraction refactoring to allow thesederaadt2015-01-1512-12/+24
| | | | other systems to fit into the same mold, so add copyright
* Fix a memory leak in bss_dgram.doug2015-01-121-3/+13
| | | | | | | | Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
* Avoid a double-free in an error path.doug2015-01-081-1/+2
| | | | ok jsing@ beck@
* mix in more virtual memory and process informationbcook2015-01-072-4/+8
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-064-0/+992
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* Fix incorrect OPENSSL_assert() usage.doug2015-01-031-24/+53
| | | | | | | | Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
* Use platform-defined method of printing a pointer.bcook2014-12-081-2/+2
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
* Make GOST compile with a strict C compiler - in this case incrementing ajsing2014-12-073-10/+12
| | | | | | | void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
* Correctly output the result in STREEBOG512_Final() when running on a big-endianmiod2014-12-071-5/+28
| | | | system. *blush*
* Make sure to load absolute symbol address with `dla' instead of `la' whenmiod2014-12-072-5/+17
| | | | generating code for 64-bit mips userland.
* Revert to the use of C code for the basic BN routines (bn_add_words,miod2014-12-072-4/+14
| | | | | bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
* Remove OPENSSL_FIPSCANISTER mentions.miod2014-12-074-17/+1
|
* fix manual names that clash with other manualsschwarze2014-12-062-2/+2
|
* delete four MLINKS that are both duplicate and wrongschwarze2014-12-061-5/+1
|
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-062-17/+21
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* Move Windows OS-specific functions to make porting easier.bcook2014-12-033-29/+94
| | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
* We're not supporting 16-bit Windows, remove cast.bcook2014-12-031-3/+2
| | | | ok jsing@ deraadt@
* handle the (impossible) situation of a size_t - 1 buffer fromderaadt2014-12-031-2/+2
| | | | | EC_POINT_point2oct so that later allocation does not overflow with miod
* Spotted another opportunity to use reallocarray().deraadt2014-12-031-2/+2
| | | | ok miod
* remove superflous gettimeofday wrapper.bcook2014-11-261-9/+2
| | | | ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
* memset like a normal human.bcook2014-11-261-10/+10
| | | | ok beck@ tedu@ miod@
* normalize set/getsockopt usage.bcook2014-11-263-45/+27
| | | | | | | | | | Remove the remaining random casts on optval. Fixups for this can be handled by the portability layer all in once place. Remove remaining fake socklen_t unions, though beck@ points out that this also removes support for socklen_t changing its length at runtime. RIP. ok tedu@ beck@ miod@ deraadt@
* Linux has had IP_MTU since 2005, don't force it.bcook2014-11-261-8/+4
| | | | ok beck@ miod@ tedu@ deraadt@
* mop up a barely started project... getting in the way of grepping the tree!deraadt2014-11-222-8/+0
|
* MPE support, begone. ok teduderaadt2014-11-211-2/+2
|
* Oops, make sure camellia is compiled on platforms without an arch-specificmiod2014-11-201-1/+2
| | | | Makefile.inc (i.e. landisk and m88k)
* Nuke yet more obvious #include duplications.krw2014-11-191-3/+1
| | | | ok deraadt@
* include camellia.h using the public include pathbcook2014-11-191-2/+2
|
* Argh, another bug introduced in r1.3; Dmitry Eremin-Solenikovmiod2014-11-181-2/+2
|
* Enable the build of GOST routines in libcrypto. Riding upon the Cammeliamiod2014-11-182-7/+6
| | | | libcrypto minor bump.
* More missing error checks I forgot to commit last week, part of the largemiod2014-11-181-12/+23
| | | | cleanup diff.
* Return success in param_copy_gost01() if there is no private key to copy;miod2014-11-181-2/+2
| | | | | broken in r1.3. Spotted by Dmitry Eremin-Solenikov
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-183-6/+6
| | | | the function argument not being NULL
* Add the Cammelia cipher to libcrypto.miod2014-11-1725-26/+67
| | | | | | | | | | | | | | | | | | There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
* Make the ECDSA_SIG bowels public. This matches RSA_SIG and DSA_SIG, and wemiod2014-11-172-30/+30
| | | | | | expect a good use for this knowledge in the tree in the near future. Contributed by Vincent Gross, thanks!
* Add many missing error checks (probably not exhaustive, but a good start):miod2014-11-136-287/+488
| | | | | | | | | | | | - make VKO_compute_key() no longer void so that it can return failure. - fix unchecked allocations in too many routines to mention /-: - fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(), VKO_compute_key(). - fix the gost2001_do_sign() interface violation by having its sole caller free the BIGNUM it passes to that function by itself, instead of having the callee do this. Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
* Sacrifice this code to the KNF deities.miod2014-11-139-402/+401
|
* Fix GOST TC26-B curve description.miod2014-11-121-2/+2
|