| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
ok deraadt@
|
|
implementations.
In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
|
|
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@
|
|
hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis
|
|
additions and functionality changes.
|
|
|
|
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
|
|
ok jsing@, deraadt@, beck@
|
|
OK jsing@
|
|
utctime and gentime wrappers accordingly. Along with some other cleanup.
this also removes the need for timegm.
ok bcook@ sthen@ jsing@
|
|
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing
together in one function that converts into a struct tm. While we are at it this
also brings us into conformance with RFC 5280 for times allowed in an X509 cert,
as OpenSSL is very liberal with what it allows.
input and fixes from deraadt@ jsing@ guethther@ and others.
ok krw@, guenther@, jsing@
|
|
|
|
|
|
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
|
SHA-0 was withdrawn shortly after publication 20 years ago and replaced
with SHA-1. This will require a major crank.
ok bcook@, jsing@
|
|
four line function and a tonne of license text.
ok beck@
|
|
ok deraadt@ "hurray! finally!" miod@ "Yay!" sthen@
|
|
cpu's specific hardware capabilities users of libcrypto might be interested
in, as an integer value. This deprecates the existing OPENSSL_ia32cap()
macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so
that you can mess with stuff you shouldn't mess with).
Interpreting the value returned by OPENSSL_cpu_caps() is, of course,
machine-dependent.
Minor version bump for libcrypto.
ok beck@ jsing@
|
|
machinery. OpenBSD has never been not ELF on amd64, and changing this will
actually make -portable life slightly easier in the near future.
|
|
|
|
|
|
|
|
OpenSSL stopped building it last year and removed it this year.
Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1.
Also cranked major version in libcrypto, libssl and libtls.
"fine with me" bcook@ miod@
|
|
bcook@ notes that this check really only impacted 64-bit Windows. Also,
changed the check to be unsigned for consistency.
ok bcook@
|
|
ok miod@ jsing@
|
|
ok deraadt@ jsing@ miod@
|
|
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@
|
|
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
|
|
|
|
Include it if we have the sysctl syscall.
|
|
From Michael Felt.
|
|
The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment". Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places. However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False
safety. Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.
Can you believe the OpenSSL team?
This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL. Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming
ok jsing
|
|
|
|
|
|
routines on hppa, the cause for sha512-parisc subtly misbehaving has been
found: despite having fallback pa1.1 code when running on a 32-bit cpu, the
shift constants used in the sigma computations in sha512 are >= 32 and are
silently truncated to 5 bits by the assembler, so there is no chance of
getting this code to work on a non-pa2.0 processor.
However, the pa1.1 fallback code for sha256 is safe, as it never attempts to
shift by more than 31, so reenable it again.
|
|
regress tests but causes tls ciphersuite using sha386 to fail; found the
hard way by henning@.
I can't see anything wrong in the generated assembly code yet, but building
a libcrypto with no assembler code but sha512_block_data_order() is enough
to trigger Henning's issue, so the bug lies there.
No ABI change; ok deraadt@
|
|
Discussed with/requested by deraadt@ at the conclusion of s2k15.
|
|
be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
|
be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@
|
|
This code is not compiled in and OPENSSL_NO_STORE is already defined in
opensslfeatures.h. No symbol removal for libcrypto.
ok beck@
|
|
Requested by deraadt@
|
|
this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@
|
|
instead of disk. OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files. X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@
|
|
other systems to fit into the same mold, so add copyright
|
|
|
|
patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@
|
|
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
