summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.jsing2014-06-221-14/+4
|
* In BIO_get_port(), use strol() with appropriate range checks rather thanjsing2014-06-223-34/+50
| | | | | | | an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@
* nuke unused test programs; ok jsingderaadt2014-06-222-46/+2
|
* More KNF.jsing2014-06-221-5/+5
|
* KNF.jsing2014-06-223-208/+203
|
* KNF.jsing2014-06-226-961/+1081
|
* More KNF.jsing2014-06-223-9/+9
|
* repair indentation for an inner loop; shorten some macros and variablederaadt2014-06-212-258/+270
| | | | | names to shorten line lengths ok beck
* Switch to the ISC licensed versions of these files, which Google has madejsing2014-06-212-101/+26
| | | | | | available via boringssl. ok deraadt@
* More KNF.jsing2014-06-218-61/+56
|
* KNFmiod2014-06-213-124/+137
|
* KNFmiod2014-06-213-178/+186
|
* hash in correct pointerderaadt2014-06-212-4/+4
|
* Remove the OPENSSL_*cap getenv's. A program should not be able toderaadt2014-06-203-25/+5
| | | | | change the behaviour of the library in such a complicated fashion. ok miod
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* KNFbeck2014-06-202-96/+112
|
* indentderaadt2014-06-202-4/+4
|
* rearrange so that the main function with the important comments is at the topotto2014-06-202-156/+160
| | | | ok deraadt@ beck@
* Work in progress on how to deal with the inherit unreliability ofbeck2014-06-202-0/+878
| | | | | | /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
* Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both mightmiod2014-06-201-70/+0
| | | | have been used under DJGPP in the previous century (if at all).
* Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();miod2014-06-202-4/+4
| | | | | noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 )
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* free iv, then cleanse. from Cyril Jouvetedu2014-06-151-2/+2
|
* Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 ratherjsing2014-06-151-9/+4
| | | | | | than '\0' for several memset(). ok beck@ miod@
* Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()jsing2014-06-151-6/+2
| | | | | | does something special... just use calloc() instead. ok beck@ miod@
* Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().jsing2014-06-151-1/+2
| | | | ok beck@ miod@
* The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of thejsing2014-06-151-2/+2
| | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
* Add more bounded attributes to the buffer and md5/sha headers in libsslavsm2014-06-143-19/+35
| | | | ok miod@
* typomiod2014-06-131-2/+2
|
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-123-40/+97
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
* tags as requested by miod and teduderaadt2014-06-12690-609/+697
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-1/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* Tsk. Tsk. Someone forgot to compile test the other half.jsing2014-06-111-2/+2
|
* Provide support for non-funopen systems.deraadt2014-06-112-10/+32
| | | | ok beck
* c-file-style hints, begone; ok beckderaadt2014-06-1145-45/+45
|
* Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesderaadt2014-06-105-1370/+3
| | | | | | | | | | | | | collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
* KNF.jsing2014-06-108-756/+756
|
* KNF.jsing2014-06-1011-435/+516
|
* Use C99 initialisers for EVP_MD structs, for clarity, grepability and tojsing2014-06-1011-180/+266
| | | | | | protect from future field reordering/removal. No difference in generated assembly.
* use memset instead of bzeroderaadt2014-06-091-2/+2
|
* do not include dso.h where it is not needed; ok miodderaadt2014-06-093-3/+0
|
* Stop using DSO_global_lookup to reach getaddrinfo() and friendsderaadt2014-06-081-40/+3
| | | | discussed with tedu, ok jsing
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-0724-2907/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* malloc() result does not need a cast.deraadt2014-06-0748-71/+69
| | | | ok miod
* s/assember/assembler/ before someone gets offended. At the lastderaadt2014-06-0610-15/+15
| | | | | hackathon, just saying 'ass ember' was enough to start giggles. Unfortunately far more offensive stuff remains in here...
* Fix a leak that can occur when len == 0, and as a result we leak a \0 byte.logan2014-06-041-1/+1
| | | | | | (From Frantisek Boranek) OK from miod@
* Fix memory leak.logan2014-06-031-0/+1
| | | | | | (From Martin Brejcha) OK from tedu@, miod@ and deraadt@
* A few months back there was a big community fuss regarding direct-usederaadt2014-06-028-195/+2
| | | | | | | | | | | | of the intel RDRAND instruction. Consensus was RDRAND should probably only be used as an additional source of entropy in a mixer. Guess which library bends over backwards to provide easy access to RDRAND? Yep. Guess which applications are using this support? Not even one... but still, this is being placed as a trap for someone. Send this support straight to the abyss. ok kettenis
* Clean up some of the nightmare of string and pointer arithmatic inbeck2014-06-011-52/+36
| | | | | | | | | | | | | this nasty function. This gets rid of the nasty tmp variables used to hold temporary strings and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks for buf (since the original code dereferences it before checking). It also gets rid of the insane possibility this could return -1 when stuff is using the return values to compute lengths All the failure cases now return 0 and an empty string like the first error case in the original code. ok miod@ tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 03:45:07 +0000