summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,tedu2015-01-121-9/+9
| | | | nor are they the same size.
* Fix a memory leak in bss_dgram.doug2015-01-122-6/+26
| | | | | | | | Free data->saved_message.data. Based on OpenSSL commit: 41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr to NULL to avoid accidental reuse and handles malloc failing. ok beck@, input + ok miod@
* missing , found by Dongsheng Songderaadt2015-01-081-3/+3
|
* Avoid a double-free in an error path.doug2015-01-082-2/+4
| | | | ok jsing@ beck@
* stupid me. need errno.htedu2015-01-071-1/+2
|
* set errno = EINVAL for invalid salts and hashes in most functions.tedu2015-01-071-12/+20
| | | | | | | remember to set EACCES in bcrypt_checkpass for hash differences. the higher level crypt_checkpass function will reset errno to EACCES in all cases, which is probably the right behavior, but this change gives code working with the lower level functions the correct errno if they care.
* mix in more virtual memory and process informationbcook2015-01-072-4/+8
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-064-0/+992
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* rename kern enter/exit macros to malloc enter/leave to better reflecttedu2015-01-051-7/+7
| | | | what's going on.
* convert clock() to clock_gettime() for improved precision (and accuracy?)tedu2015-01-051-7/+9
| | | | | guenther suggested using thread time, which actually may improve accuracy if somebody puts this in a threaded program.
* Fix incorrect OPENSSL_assert() usage.doug2015-01-032-48/+106
| | | | | | | | Instead of asserting, return an error code for I/O errors. This is based on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks for two calloc()s while I'm here. ok miod@
* Rename the tls_connect_socket() parameter 'socket' to 's' to avoidbluhm2015-01-021-4/+4
| | | | | a compiler warning about shadowing a global declaration. OK jsing@
* Revert previous; tls_accept_socket() was intentionally undocumentedschwarze2015-01-011-7/+1
| | | | | because the API design isn't fully settled. Requested by jsing@ and tedu@.
* minimally document tls_accept_socket();schwarze2015-01-011-2/+8
| | | | patch from Sunil at Nimmagadda dot net
* copy bcrypt autotune from encrypt(1) and expose via crypt_newhashtedu2014-12-302-5/+43
| | | | ok deraadt miod
* don't leak timing info about padding errors by generating a fake keytedu2014-12-292-10/+20
| | | | | | | afterwards. openssl has a more complicated fix, but it's less intrusive for now to simply hoist the expensive part (fake key generation) up without sweating a branch or two. ok bcook jsing
* include netinet/in.h to define struct in6_addr.bcook2014-12-271-1/+2
| | | | Noticed while testing libtls on FreeBSD.
* simplify crypt_checkpass. The API promise is that this function doesn'ttedu2014-12-241-11/+5
| | | | | | | | | use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
* Add size_t to int checks for SSL functions.doug2014-12-173-8/+39
| | | | | | | | | | libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
* typo; ok deraadtsthen2014-12-162-3/+3
|
* warn for correct symbolderaadt2014-12-161-2/+2
|
* Now that we have Camellia support in libcrypto, bring in the SHA256 flavour ofmiod2014-12-164-4/+328
| | | | the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
* Add error handling for EVP_DigestInit_ex().doug2014-12-1515-56/+98
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* unconditionally align SSL payloadsbcook2014-12-146-78/+36
| | | | | | | | Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-146-212/+134
| | | | | | the new handshake functions. ok miod@
* Provide functions for starting, finishing and writing SSL handshakejsing2014-12-146-8/+120
| | | | | | | | | | | | | | | messages. This will allow for removal of repeated/duplicated code. Additionally, DTLS was written by wholesale copying of the SSL/TLS code, with some DTLS specifics being added to the duplicated code. Since these SSL handshake message functions know how to handle both SSL/TLS and DTLS, upon conversion the duplicate versions will become identical (or close to), at which point the DTLS versions can be removed and the SSL/TLS versions used for both protocols. Partially based on similar changes in OpenSSL. ok miod@
* Remove trailing whitespace.jsing2014-12-1459-559/+559
|
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-1412-130/+12
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currentlyjsing2014-12-142-46/+2
| | | | | | | enabled and I would hope that no one is using client certificates with DTLS and Netscape, assuming it even supported it... ok bcook@ miod@
* catch up with swab.c rev. 1.9:schwarze2014-12-121-5/+23
| | | | update SYNOPSIS and DESCRIPTION and add STANDARDS
* update swab() to match the current posix definition. "rationale: none."tedu2014-12-111-50/+24
| | | | | | rewrite the function to be simpler as well. the compiler can unroll the loop for us if necessary. ok schwarze
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-1017-42/+115
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-1018-154/+30
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* libssl major++jsing2014-12-102-2/+2
|
* Add support for ALPN.jsing2014-12-1010-16/+594
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* add stdint.h to ssl.h.bcook2014-12-102-2/+6
| | | | ok jsing@
* Xr and Ox fixes;jmc2014-12-093-12/+18
|
* random seed buffer must be unsignedderaadt2014-12-091-2/+2
|
* no more string(3);jmc2014-12-091-3/+2
|
* fix NAME;jmc2014-12-091-3/+3
|
* improve warnings from rand_r(), rand(), and random()libressl-v2.1.2deraadt2014-12-092-3/+8
| | | | | It may take a few iterations to get the tone right. previously discussed with millert
* In ingo's new world order, we do not want multiple manual pages describingderaadt2014-12-093-247/+3
| | | | | | | the same thingies. Therefore these "lists of functions" man pages can go away. Hurray! I've wanted these pages to die for around 10 years! ok ingo (and i think jmc)
* more standardsier: cast to int to make sure we keep the negative numbers.tedu2014-12-091-2/+2
| | | | observed by jonas termansen
* Oops, got the sense of the test backwards. Hilarious that we didn't spot it.deraadt2014-12-081-1/+1
|
* Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48()deraadt2014-12-0813-159/+267
| | | | | | | | | | | | | | | | | to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are unaffected by this change and remain in deterministic mode (for now). Verified as a good roadmap forward by auditing 8800 pieces of software. Roughly 60 pieces of software will need adaptation to request the deterministic mode. Violates POSIX and C89, which violate best practice in this century. ok guenther tedu millert
* delete documentation for deleted DES interfacestedu2014-12-082-87/+3
|
* remove cfree from documentationtedu2014-12-081-19/+3
|
* delete obsolete sunos cfree function. ok deraadt millert naddytedu2014-12-082-42/+3
|
* remove setkey and encrypt interfaces. they are useless and dangerous.tedu2014-12-083-116/+9
| | | | ok deraadt naddy
* Use platform-defined method of printing a pointer.bcook2014-12-082-4/+4
| | | | | | Casting a pointer to an unsigned long discards bits on an LLP64 system. ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-03 23:59:05 +0000