summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* hand-KNF the remaining bitsderaadt2014-06-272-196/+212
|
* Remove M_ASN1_New* macros which are only used in X509_PKEY_new() are obfuscatemiod2014-06-274-44/+32
| | | | | | it to hide memory leaks in the error paths, and fix aforementioned memory leaks. ok jsing@ logan@ deraadt@
* Add back an #ifndef MAP_INHERIT_ZERO chunk to support the old getpid()deraadt2014-06-261-1/+13
| | | | | mechanism, to aid in portability to other systems as requested. ok matthew
* save errno in ERR_put_error(), so that SYSerr doesn't have any accidentalderaadt2014-06-262-2/+6
| | | | | cases where errno can be trashed. ok jsing
* fix HD() misuse; from brent cookderaadt2014-06-262-4/+4
|
* AT_BASE returns us the *address* of the start of ld.so, sobeck2014-06-252-4/+4
| | | | | use the address, not what it points to (which is always the same) ok deraadt@
* get the page of data at AT_SYSINFO_EHDRbeck2014-06-252-4/+4
| | | | ok deraadt@
* comment fixes from theobeck2014-06-252-10/+12
|
* Possibly obtain a little bit of entropy from addresses returnedbeck2014-06-252-4/+46
| | | | | by getauxval if we have it. ok deraadt@
* O_NOFOLLOW would be very nice to have here if the version of linuxbeck2014-06-252-20/+22
| | | | | we are running supports it. from enh@google.com
* Alexander Schrijver posted a diff to remove references to the c_rehash script,jmc2014-06-251-6/+5
| | | | | | which we don;t have in base. after some discussion with jca, i've not removed these references, but tried to make it clearer it's distributed with openssl and not included in base;
* document why we explicit_bzeroderaadt2014-06-251-2/+2
|
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-2410-40/+18
|
* Remove previously commented out wrong code, as well as the comment saying thismiod2014-06-242-6/+2
| | | | is incorrect code.
* Remove ancient workaround for previous century's compilers in the declarationmiod2014-06-242-4/+2
| | | | of CRYPTO_EX_DATA; riding upon the libcrypto major bump.
* Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals itmiod2014-06-245-1256/+4
| | | | | should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
* Crank libcrypto major since my previous commit changed the size of thejsing2014-06-242-2/+2
| | | | ChaCha context. Other changes will also ride this crank.
* If a chacha operation does not consume all of the generated key stream,jsing2014-06-246-14/+92
| | | | | | | | | | | | | | | | ensure that we save it and consume it on subsequent writes. Otherwise we end up discarding part of the key stream and instead generate a new block at the start of the next write. This was only an issue for callers that did multiple writes that are not multiples of 64 bytes - in particular, the ChaCha20Poly1305 usage does not hit this problem since it performs encryption in a single-shot. For the same reason, this is also a non-issue when openssl(1) is used to encrypt with ChaCha. Issue identified by insane coder; reported to bugs@ by Joseph M. Schwartz. ok beck@
* Extend the chacha regress to cover the ChaCha interface, in addition to thejsing2014-06-241-22/+99
| | | | | | | single-shot CRYPTO_chacha_20() interface (the ChaCha interface was already tested via the EVP regress, but not extensively). The additional ChaCha tests include single-shot writes, along with partial/single-byte writes that currently fail due to a bug in the underlying implementation.
* Some KNF.jsing2014-06-242-12/+24
|
* Replace 48 lines of code with a single inet_pton() call. The previousjsing2014-06-242-96/+6
| | | | | | | | | | | | | handrolled version could not even make use of sscanf(), since that would not work with a certain antiquated compiler. It is worth noting that there is a tiny change in behaviour - previously calling BIO_get_host_ip() with something that looked like it might be a valid IP address (for example, "1." or even ".") would result in it returning failure rather than trying a BIO_gethostbyname() - now we'll always try a BIO_gethostbyname() if it was not a valid IPv4 address. ok beck@ miod@ deraadt@
* Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magicallyjsing2014-06-242-32/+6
| | | | | | appear by itself. ok beck@ miod@
* Fix memory leak.logan2014-06-241-2/+4
| | | | | | Thanks to Brenk Cook. OK from miod@
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-2310-26/+48
| | | | ok miod
* unbreak build of getentropy_sysctl - we need linux/sysctl.h, andbeck2014-06-232-36/+42
| | | | RANDOM_UUID is an enum member.
* unbreak - main needs to be extern in here somewhere.beck2014-06-232-2/+4
|
* KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() andguenther2014-06-222-48/+88
| | | | | | multiline comments ok jsing@
* Add regress tests for BIO_get_host_ip().jsing2014-06-221-2/+70
|
* BIO_sock_init() no longer does anything, so stop calling it.jsing2014-06-222-20/+2
|
* Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.jsing2014-06-222-28/+8
|
* In BIO_get_port(), use strol() with appropriate range checks rather thanjsing2014-06-226-68/+100
| | | | | | | an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@
* Add a skeleton regress for crypto/bio, which currently only coversjsing2014-06-223-1/+94
| | | | | BIO_get_port() and fails since the current code believes that "-1" is a valid port.
* Hook in the aead regress.jsing2014-06-221-1/+2
|
* nuke unused test programs; ok jsingderaadt2014-06-224-92/+4
|
* More KNF.jsing2014-06-222-10/+10
|
* KNF.jsing2014-06-226-416/+406
|
* KNF.jsing2014-06-2212-1922/+2162
|
* More KNF.jsing2014-06-226-18/+18
|
* matthew reminds me to update regress to reflect current spectedu2014-06-211-10/+3
|
* repair indentation for an inner loop; shorten some macros and variablederaadt2014-06-212-258/+270
| | | | | names to shorten line lengths ok beck
* always compare memcmp against 0, for clarity.tedu2014-06-216-14/+14
|
* loosen the spec for timingsafe functions slightly, so as to nottedu2014-06-211-10/+5
| | | | artificially constrain alternative implementations. ok deraadt
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-216-46/+58
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Specify the correct strength bits for 3DES cipher suites.jsing2014-06-212-30/+26
| | | | | | From OpenSSL. ok miod@
* Add DTLS support to ssltest and wire up some regress tests.jsing2014-06-212-8/+41
| | | | ok miod@
* Switch to the ISC licensed versions of these files, which Google has madejsing2014-06-214-202/+52
| | | | | | available via boringssl. ok deraadt@
* Pull out the sequence number selection and handle this up front. Also, thejsing2014-06-212-18/+12
| | | | correct record is already known, so avoid reassignment.
* More KNF and clean up.jsing2014-06-212-26/+18
|
* More KNF.jsing2014-06-2116-122/+112
|
* KNFmiod2014-06-216-248/+274
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 02:45:45 +0000