summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simple regress test for the amd64 bn_mul_mont bug found by Joyentmiod2014-06-203-2/+86
| | | | | ( https://github.com/joyent/node/issues/7704 ), about to be fixed in libcrypto.
* Move the crypto/bn regression test one directory deeper in preparation formiod2014-06-203-7/+15
| | | | it getting siblings.
* arc4random: hard fail with raise(SIGKILL) if getentropy() returns -1matthew2014-06-201-3/+4
| | | | | | | Allow other non-zero return values in case we change our mind to return an ssize_t byte count instead of simple success/fail. ok deraadt, djm
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-1918-44/+44
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-192-4/+12
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-192-4/+26
| | | | add missing unlock in one case. ok lteo miod
* Move rs_chacha and rs_buf into the same memory page and don't mark itmatthew2014-06-191-22/+31
| | | | | | | | | MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu
* Always call atexit handlers as if they were registered with __cxa_atexit.kettenis2014-06-183-19/+13
| | | | | | | | | | | The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@
* Add regress tests to make sure arc4random(3) is reinitializedmatthew2014-06-183-2/+181
| | | | correctly in fork children.
* In ssl3_send_newsession_ticket(), fix a memory leak in an error path.miod2014-06-182-4/+8
|
* Missinc calloc() return value check; ok deraadt@miod2014-06-181-1/+5
|
* Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in themiod2014-06-182-8/+20
| | | | | | error paths from tls_decrypt_ticket(). ok tedu@
* Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()miod2014-06-182-22/+22
| | | | | | when no storage buffer is passed. ok deraadt@ tedu@
* In SSL_COMP_add_compression_method(), make sure error cases actually returnmiod2014-06-182-4/+4
| | | | | | `error' rather than `success'. ok deraadt@
* ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.tedu2014-06-172-4/+8
|
* Use MAP_INHERIT_ZERO in arc4random(3)matthew2014-06-171-37/+44
| | | | | | | | Now instead of calling getpid() each time a user invokes arc4random(), we're able to rely on the kernel zero'ing out the RNG state if the process forks. ok deraadt, djm
* free iv, then cleanse. from Cyril Jouvetedu2014-06-152-4/+4
|
* Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 ratherjsing2014-06-152-18/+8
| | | | | | than '\0' for several memset(). ok beck@ miod@
* Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()jsing2014-06-152-12/+4
| | | | | | does something special... just use calloc() instead. ok beck@ miod@
* Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().jsing2014-06-152-2/+4
| | | | ok beck@ miod@
* The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of thejsing2014-06-152-4/+4
| | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
* Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),jsing2014-06-157-55/+28
| | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
* oops, typo. James Hartley is fast at trying -currentderaadt2014-06-151-2/+2
|
* In srandomdev(), use arc4random_buf() instead of from the kernel.deraadt2014-06-151-4/+3
| | | | discussion with matthew
* Add more bounded attributes to the buffer and md5/sha headers in libsslavsm2014-06-146-38/+70
| | | | ok miod@
* typomiod2014-06-132-4/+4
|
* For now... assume success of getentropy() just like we assumed successderaadt2014-06-131-3/+3
| | | | of sysctl(). Mark it with XXX while we consider.
* Correctly calculate the key block length when using export ciphers.jsing2014-06-132-2/+10
|
* Overhaul the keyblock handling in ssl3_change_cipher_state(). Usejsing2014-06-131-32/+45
| | | | | meaningful variable names with use with pointer arithmitic rather than complex array indexing.
* Correctly calculate the key block length when used with export ciphers.jsing2014-06-131-17/+24
| | | | While here, use meaningful variable names and simplify the calculation.
* Remove deprecated RFC2292 ancillary data convenience functions.chrisz2014-06-132-488/+2
| | | | | | They are obsoleted by the RFC3542 api. ok mpi@
* use getgentropy() call. If it fails, things are pretty bad --deraadt2014-06-131-8/+3
| | | | | call abort(). this direction discussed at length with miod beck tedu matthew etc
* use getentropy; from matthewderaadt2014-06-131-5/+2
|
* Use meaningful variable names, rather than i, j, k and cl.jsing2014-06-131-23/+27
|
* Do not bother trying to work out of we can reuse a cipher context - justjsing2014-06-131-22/+12
| | | | | throw it away and create a new one. This simplifies the code and also allows ASR to do its thing.
* Separate the comression handling from the cipher/message digest handling injsing2014-06-131-43/+47
| | | | ssl3_change_cipher_state().
* Swap compress/expand around so they are in the correct order - these endedjsing2014-06-132-28/+28
| | | | up in the wrong order when the code was refactored.
* The export_key/export_iv variables are only used in the is_export case.jsing2014-06-131-7/+10
| | | | Also use c rather than &c[0].
* Rename a bunch of variables in ssl3_change_cipher_state() for readability.jsing2014-06-131-38/+40
| | | | This also brings it inline with tls1_change_cipher_state_cipher().
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-1310-14/+162
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* Switch the AES-GCM cipher suites to SSL_CIPHER_ALGORITHM2_AEAD.jsing2014-06-132-42/+136
|
* Combine the MAC handling for both !EVP_CIPH_FLAG_AEAD_CIPHER andjsing2014-06-132-28/+22
| | | | EVP_CIPH_FLAG_AEAD_CIPHER into the same if/else block.
* Use SSL3_SEQUENCE_SIZE and if we're going to preincrement we may as welljsing2014-06-131-4/+3
| | | | do it properly.
* Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which arejsing2014-06-138-66/+498
| | | | | | | | | | | | | those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-138-8/+98
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-1324-700/+29
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* Add timingsafe_memcmp().matthew2014-06-136-38/+153
| | | | ok deraadt, jmc, tedu
* Add regress tests for timingsafe_bcmp and timingsafe_memcmp.matthew2014-06-133-2/+86
| | | | | timingsafe_memcmp tests are disabled for now, pending its addition to libc.
* Add regress test for explicit_bzero.matthew2014-06-123-2/+145
|
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-126-80/+194
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 00:46:37 +0000