| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2014-06-24 | Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magically | jsing | 2 | -32/+6 | |
| appear by itself. ok beck@ miod@ | |||||
| 2014-06-24 | Fix memory leak. | logan | 1 | -2/+4 | |
| Thanks to Brenk Cook. OK from miod@ | |||||
| 2014-06-23 | Since this is a library, place issetugid() before every getenv() | deraadt | 10 | -26/+48 | |
| ok miod | |||||
| 2014-06-23 | unbreak build of getentropy_sysctl - we need linux/sysctl.h, and | beck | 2 | -36/+42 | |
| RANDOM_UUID is an enum member. | |||||
| 2014-06-23 | unbreak - main needs to be extern in here somewhere. | beck | 2 | -2/+4 | |
| 2014-06-22 | KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and | guenther | 2 | -48/+88 | |
| multiline comments ok jsing@ | |||||
| 2014-06-22 | Add regress tests for BIO_get_host_ip(). | jsing | 1 | -2/+70 | |
| 2014-06-22 | BIO_sock_init() no longer does anything, so stop calling it. | jsing | 2 | -20/+2 | |
| 2014-06-22 | Just use SOMAXCONN and IPPROTO_TCP, since we know we have them. | jsing | 2 | -28/+8 | |
| 2014-06-22 | In BIO_get_port(), use strol() with appropriate range checks rather than | jsing | 6 | -68/+100 | |
| an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@ | |||||
| 2014-06-22 | Add a skeleton regress for crypto/bio, which currently only covers | jsing | 3 | -1/+94 | |
| BIO_get_port() and fails since the current code believes that "-1" is a valid port. | |||||
| 2014-06-22 | Hook in the aead regress. | jsing | 1 | -1/+2 | |
| 2014-06-22 | nuke unused test programs; ok jsing | deraadt | 4 | -92/+4 | |
| 2014-06-22 | More KNF. | jsing | 2 | -10/+10 | |
| 2014-06-22 | KNF. | jsing | 6 | -416/+406 | |
| 2014-06-22 | KNF. | jsing | 12 | -1922/+2162 | |
| 2014-06-22 | More KNF. | jsing | 6 | -18/+18 | |
| 2014-06-21 | matthew reminds me to update regress to reflect current spec | tedu | 1 | -10/+3 | |
| 2014-06-21 | repair indentation for an inner loop; shorten some macros and variable | deraadt | 2 | -258/+270 | |
| names to shorten line lengths ok beck | |||||
| 2014-06-21 | always compare memcmp against 0, for clarity. | tedu | 6 | -14/+14 | |
| 2014-06-21 | loosen the spec for timingsafe functions slightly, so as to not | tedu | 1 | -10/+5 | |
| artificially constrain alternative implementations. ok deraadt | |||||
| 2014-06-21 | Pull the code that builds a DTLS sequence number out into its own function | jsing | 6 | -46/+58 | |
| to avoid duplication. Also use fewer magic numbers. ok miod@ | |||||
| 2014-06-21 | Specify the correct strength bits for 3DES cipher suites. | jsing | 2 | -30/+26 | |
| From OpenSSL. ok miod@ | |||||
| 2014-06-21 | Add DTLS support to ssltest and wire up some regress tests. | jsing | 2 | -8/+41 | |
| ok miod@ | |||||
| 2014-06-21 | Switch to the ISC licensed versions of these files, which Google has made | jsing | 4 | -202/+52 | |
| available via boringssl. ok deraadt@ | |||||
| 2014-06-21 | Pull out the sequence number selection and handle this up front. Also, the | jsing | 2 | -18/+12 | |
| correct record is already known, so avoid reassignment. | |||||
| 2014-06-21 | More KNF and clean up. | jsing | 2 | -26/+18 | |
| 2014-06-21 | More KNF. | jsing | 16 | -122/+112 | |
| 2014-06-21 | KNF | miod | 6 | -248/+274 | |
| 2014-06-21 | KNF | miod | 6 | -356/+372 | |
| 2014-06-21 | Fix memory leak in error path. | logan | 2 | -4/+4 | |
| OK from miod@ | |||||
| 2014-06-21 | Protect explicit_bzero() from link-time optimization | matthew | 1 | -7/+10 | |
| Modern compiler toolchains are capable of optimizing even across translation unit boundaries, so simply moving the memory clearing into a separate function is not guaranteed to clear memory. To avoid this, we take advantage of ELF weak symbol semantics, and insert a call to an empty, weakly named function. The semantics of calling this function aren't determinable until load time, so the compiler and linker need to keep the memset() call. There are still ways a toolchain might defeat this trick (e.g., optimistically expecting the weak symbol to not be overloaded, and only calling memset() if it is; promoting weak symbols to strong symbols at link-time when emitting a static binary because they won't be interposed; implementing load-time optimizations). But at least for the foreseeable future, these seem unlikely. ok deraadt | |||||
| 2014-06-21 | hash in correct pointer | deraadt | 2 | -4/+4 | |
| 2014-06-20 | Remove the OPENSSL_*cap getenv's. A program should not be able to | deraadt | 6 | -50/+10 | |
| change the behaviour of the library in such a complicated fashion. ok miod | |||||
| 2014-06-20 | wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protect | deraadt | 2 | -4/+4 | |
| setuid applications from being fooled. ok miod | |||||
| 2014-06-20 | KNF | beck | 2 | -96/+112 | |
| 2014-06-20 | indent | deraadt | 2 | -4/+4 | |
| 2014-06-20 | rearrange so that the main function with the important comments is at the top | otto | 2 | -156/+160 | |
| ok deraadt@ beck@ | |||||
| 2014-06-20 | Work in progress on how to deal with the inherit unreliability of | beck | 2 | -0/+878 | |
| /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@ | |||||
| 2014-06-20 | Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both might | miod | 2 | -140/+0 | |
| have been used under DJGPP in the previous century (if at all). | |||||
| 2014-06-20 | Fix incorrect bounds check in amd64 assembly version of bn_mul_mont(); | miod | 4 | -8/+8 | |
| noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 ) | |||||
| 2014-06-20 | Simple regress test for the amd64 bn_mul_mont bug found by Joyent | miod | 3 | -2/+86 | |
| ( https://github.com/joyent/node/issues/7704 ), about to be fixed in libcrypto. | |||||
| 2014-06-20 | Move the crypto/bn regression test one directory deeper in preparation for | miod | 3 | -7/+15 | |
| it getting siblings. | |||||
| 2014-06-20 | arc4random: hard fail with raise(SIGKILL) if getentropy() returns -1 | matthew | 1 | -3/+4 | |
| Allow other non-zero return values in case we change our mind to return an ssize_t byte count instead of simple success/fail. ok deraadt, djm | |||||
| 2014-06-19 | convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring | tedu | 18 | -44/+44 | |
| libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod | |||||
| 2014-06-19 | check stack push return and make some effort to clean up. ok beck miod | tedu | 2 | -4/+12 | |
| 2014-06-19 | improve error checking. set error code on error, and check malloc return. | tedu | 2 | -4/+26 | |
| add missing unlock in one case. ok lteo miod | |||||
| 2014-06-19 | Move rs_chacha and rs_buf into the same memory page and don't mark it | matthew | 1 | -22/+31 | |
| MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu | |||||
| 2014-06-18 | Always call atexit handlers as if they were registered with __cxa_atexit. | kettenis | 3 | -19/+13 | |
| The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@ | |||||
| 2014-06-18 | Add regress tests to make sure arc4random(3) is reinitialized | matthew | 3 | -2/+181 | |
| correctly in fork children. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |