| Age | Commit message (Collapse) | Author |
|---|
|
The FreeBSD-native arc4random_buf implementation falls back to weak sources of
entropy if the sysctl fails. Remove these dangerous fallbacks by overriding
locally.
Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with pthread_atfork()
simply fail silently. So, it is not always possible to detect a PID wraparound.
I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation.
Tested on FreeBSD 9 and 10.
|
|
not all versions of <linux/random.h> include <linux/types.h> by default
|
|
fixed.
|
|
cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and
to be able to tell broken versions apart easily.
|
|
If getrandom returns a temporary failure, make sure errno is not polluted when
it succeeds. Thanks to deraadt@ for pointing it out.
|
|
like the sysctl path
|
|
This enables support for the new getrandom(2) syscall in Linux 3.17.
If the call exists and fails, return a failure in getentropy(2) emulation as
well. This adds a EINTR check in case the urandom pool is not initialized.
Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04
ok deraadt@
|
|
case of failing to map the 2nd object.
found by Paul Maurers
|
|
Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined,
only enabling inline assembly, but the RSA / RC4-5 blocks (used only in
amd64 systems) turn on implicitly. Guard these two as well.
This simplifies enabling just inline ASM in portable, no effective
change in OpenBSD.
|
|
the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.
The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)
|
|
|
|
|
|
Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
|
|
|
|
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.
ok deraadt@
|
|
It may make sense to later replace this with a Critical Section later.
ok guenther@
|
|
it shows up in libraries. Even the system call is probably not finalized.
Bit dissapointed it has turned out to be a descriptor-less read() with
EINVAL and EINTR error conditions, but we can work with it.
|
|
|
|
|
|
|
|
|
|
|
|
into one if a system has an awesome getentropy(). In that case it
is valid to totally throw away the rsx state in the child. If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix. _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew
|
|
1. Use "len" parameter instead of sizeof(*rs).
2. Simplify the atfork handler to be strictly async signal safe by
simply writing to a global volatile sig_atomic_t object, and then
checking for this in _rs_forkdetect(). (Idea from discussions with
Szabolcs Nagy and Rich Felker.)
3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO
fork semantics to avoid any skew in behavior across platforms.
ok deraadt
|
|
making it much easier for libressl -portable to fill in the gaps.
ok bcook beck
|
|
Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX
defines are pulled in by <link.h> now.
ok beck@
|
|
into the hash; hoping the system has some ASLR or PIE. This replaces and
substantially improves upon &main which proved problematic with some picky
linkers.
Work with kettenis, testing by beck
|
|
ok beck
|
|
distractions to people testing and seeing link errors in some setups.
This will come back in another form
ok deraadt@
|
|
OK: beck@
|
|
add a function to use function pointers that does not take sizeof(fptr).
OK beck@
|
|
done for other symmetric algorithms recently.
|
|
keep linux distros happy that don't have it.
ok bcook@
|
|
|
|
|
|
using O_NOFOLLOW - cope with it as best as possible by trying two
different paths. - written by deraadt@ and kettenis@
|
|
is
|
|
|
|
probably ok beck jsing miod
|
|
can know...
ok jsing@
|
|
ok beck@
|
|
compiled-in, with nonfunctional code, to be able to cope with the RSA
patent.
However, we don't use this option, and the RSA patent has expired more than 10
years ago, so just drop this piece.
|
|
which had never been installed, so it's unlikely something ever used this
in the last 15~20 years.
ok deraadt@ jsing@ beck@
|
|
|
|
|
|
|
|
|
|
Since we assume the PRNG above is doing "something old, something new"
folding, shortcut and do fewer repeats through the timing loop.
ok beck
|
|
|
|
use the address, not what it points to (which is always the same)
ok deraadt@
|
