summaryrefslogtreecommitdiff
path: root/lib/libcrypto
AgeCommit message (Collapse)Author
2015-01-16Delete the MANLINT variable and the related SUFFIXES rules becauseIngo Schwarze
since yesterday, "mandoc -Tlint -Wfatal" can no longer fail. Instead, as suggested by deraadt@, provide a manlint target that is *not* run during make build, but can be run whenever you want to check syntax of manuals. "nice stuff" deraadt@
2015-01-15back in september I did the large abstraction refactoring to allow theseTheo de Raadt
other systems to fit into the same mold, so add copyright
2015-01-07mix in more virtual memory and process informationBrent Cook
2015-01-06add initial HP-UX getentropy/arc4random support.Brent Cook
patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
2014-12-07Revert to the use of C code for the basic BN routines (bn_add_words,Miod Vallat
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words) on sgi, because the generated assembly code isn't R4000-safe.
2014-12-06delete four MLINKS that are both duplicate and wrongIngo Schwarze
2014-12-03Move Windows OS-specific functions to make porting easier.Brent Cook
Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. ok jsing@ deraadt@
2014-11-22mop up a barely started project... getting in the way of grepping the tree!Theo de Raadt
2014-11-20Oops, make sure camellia is compiled on platforms without an arch-specificMiod Vallat
Makefile.inc (i.e. landisk and m88k)
2014-11-18Enable the build of GOST routines in libcrypto. Riding upon the CammeliaMiod Vallat
libcrypto minor bump.
2014-11-17Add the Cammelia cipher to libcrypto.Miod Vallat
There used to be a strong reluctance to provide this cipher in LibreSSL in the past, because the licence terms under which Cammelia was released by NTT were free-but-not-in-the-corners, by restricting the right to modify the source code, as well retaining the right to enforce their patents against anyone in the future. However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html , NTT changed its mind and made this code truly free. We only wish there had been more visibility of this, for we could have had enabled Cammelia earlier (-: Licence change noticed by deraadt@. General agreement from the usual LibreSSL suspects. Crank libcrypto.so minor version due to the added symbols.
2014-11-11correct the failure case for getentropy on win32Brent Cook
CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails. From: Dongsheng Song <dongsheng.song@gmail.com>
2014-11-09GOST crypto algorithms (well, most of them), ported from the removed GOSTMiod Vallat
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
2014-11-09Introduce EVP_MD_CTX_ctrl(), to allow for fine control of a given digest.Miod Vallat
This functionality was already available (and optional), and used in the bowels of the ASN.1 code. This exposes it as a public interface, which will be used by the upcoming GOST code. Crank libcrypto minor version. From Dmitry Eremin-Solenikov.
2014-11-03Add hooks to override native arc4random_buf on FreeBSD.Brent Cook
The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
2014-10-11include header needed by older linux kernelsBrent Cook
not all versions of <linux/random.h> include <linux/types.h> by default
2014-10-01openssl.cnf tweaks following recent changes to usr.bin/openssl:Stuart Henderson
- don't define default_bits, allowing the compiled-in default (now 2048 bits) to take priority. - add commented-out default_md line in case somebody needs an easy way to change this. - remove some sample sections which aren't really useful in the default file (/etc/examples is the place for a more descriptive config, this file should be barebones). Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
2014-09-27Revert r1.5 and reenable assembler version of ghash now that it has beenMiod Vallat
fixed.
2014-09-27Disable assembler code for ghash on hppa, causes wrong computations in someMiod Vallat
cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
2014-09-16A few more MLINKs.Miod Vallat
2014-08-28preserve errno value on success.Brent Cook
If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
2014-08-16only build the getrandom path if SYS_getrandom is defined.bcook
like the sysctl path
2014-08-16getrandom(2) support for getentropy_linuxbcook
This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
2014-08-14fixed overrid(d)en typoTobias Stoeckmann
millert@ and jmc@ agree that "overriden" is wrong
2014-08-13munmap correct object in (extremely unlikely, and effectively terminal)Theo de Raadt
case of failing to map the 2nd object. found by Paul Maurers
2014-08-11Guard RSA / RC4-5 ASM when NO_ASM is not definedbcook
Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD.
2014-07-28Remove SRP code. It contains a bug (this should not surprise anyone), butTed Unangst
the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
2014-07-22better match proposed syscall apibcook
2014-07-21protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookTheo de Raadt
2014-07-21Use explicit_bzero() instead of memset() on buffers going out of scope.Philip Guenther
Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
2014-07-21cast from void * before math; enh@googleTheo de Raadt
2014-07-20Move more OS-specific functionality to arc4random.h headers.bcook
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
2014-07-20initial win32 ARC4_LOCK/UNLOCK implementation.bcook
It may make sense to later replace this with a Critical Section later. ok guenther@
2014-07-20Demonstrate how new linux getrandom() will be called, at least untilTheo de Raadt
it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
2014-07-19remove disabled main hook; we use phdr now; ok bcookTheo de Raadt
2014-07-19tab loveTheo de Raadt
2014-07-19Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook
2014-07-19move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook
2014-07-19fixup typosbcook
2014-07-19Change _rs_allocate so it can combine the two regions (rs and rsx)Theo de Raadt
into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
2014-07-18Cleanup portable arc4random fork detection code:Matthew Dempsky
1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
2014-07-18Seperate arc4random's os-dependent parts into static inline functions,Theo de Raadt
making it much easier for libressl -portable to fill in the gaps. ok bcook beck
2014-07-16Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderMark Kettenis
Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
2014-07-13Use dl_iterate_phdr() to iterate over the segments and throw the addressesTheo de Raadt
into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
2014-07-13Provide a link to the canonical API specification.Theo de Raadt
ok beck
2014-07-13Take away the use of the address of main as a source of entropy. CausesBob Beck
distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
2014-07-12more MLINKSMiod Vallat
2014-07-12getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter
OK: beck@
2014-07-12Remove signed/unsigned warning, statement before declaration andwouter
add a function to use function pointers that does not take sizeof(fptr). OK beck@
2014-07-12Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenMiod Vallat
done for other symmetric algorithms recently.