matthew
f82197f5b3
Add timingsafe_memcmp().
ok deraadt, jmc, tedu
10 years ago
millert
3c0d2bba38
Disable the "switch to insertion sort" optimization to avoid quadratic
behavior for certain inputs. From NetBSD. OK tedu@
10 years ago
deraadt
4d186eab67
Provide support for non-funopen systems.
ok beck
10 years ago
millert
08e366a469
Add ed25519 ssh host keys to /etc/mtree/special.
From inframare at arachnogoat dot com; OK deraadt@ sthen@
10 years ago
deraadt
3bacac9dca
Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receives
collateral damage.
The syncronous nature of this mechanism has hampered performance for
symmetric crypto relative to brute-force cpu. The assymetric crypto
support never really materialized in drivers.
So abandon the complexity.
ok tedu beck mikeb
some disagrement from djm but if he wants to test /dev/crypto ciphers
he should do it without this this gigantic API in the way
10 years ago
deraadt
f909f7742d
mop up ifndef KERNEL goo; ok miod
10 years ago
jasper
55df821768
add cron_flags which seemed to have been forgotten here.
ok aja@ dcoppa@
10 years ago
gilles
7b7c7b435b
replace sendmail with smtpd in a comment
reported by Scott McEachern <scott@blackstaff.ca>
ok deraadt@ and todd@
10 years ago
chl
059cda96b7
remove set but not used variable
found while building portable OpenNTPD
ok henning@
10 years ago
deraadt
a2912d4d42
merge ohash into 1 source file, then we can revisit next roadmap items.
ok espie
10 years ago
deraadt
8cc9987be6
A few months back there was a big community fuss regarding direct-use
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.
Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.
Send this support straight to the abyss.
ok kettenis
10 years ago
otto
7626939dd1
move random bytes buffer to be part of mmaped pages; ok tedu@
10 years ago
jca
43205a26de
Delete the extraneous "return" statement at the end of a void function.
From Fritjof Bornebusch.
10 years ago
tobiasu
0a6aa6daf0
Fix ia64 cross-gcc target.
opensslconf.h is just a dummy, we're lightyears away from working userspace.
ok deraadt@
10 years ago
halex
7ff02e8812
remove /usr/src. avoids useless whining from daily security mail.
ok landry@ ajacoutot@
10 years ago
otto
547175abed
move all stats collecting under MALLOC_STATS; ok krw@
10 years ago
guenther
d8f32da30f
Can't use a variable 'c' in a standard include; rename it to '_c'
ok deraadt@ millert@
10 years ago
tedu
5cecb6190c
"for every change..."
10 years ago
tedu
000a9e3989
define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselves
ok beck
10 years ago
tedu
1a72835e95
update nosuidcoredump example. mentioned by stefan wollny
10 years ago
otto
17d6cb272d
fix MALLOC_STATS (not compiled in by default); ok tedu@
10 years ago
tedu
118f2caf23
factor out a bit of the chunk index code and use it to make sure that a
freed chunk is actually freeable immediately. catch more errors.
hints/ok otto
10 years ago
chl
3acff291fd
Add missing header needed by isdigit().
While there, sort headers.
ok tedu@
10 years ago
tedu
1653fb274d
refactor some of the des crypt code to use fewer globals.
ok miod
10 years ago
jmc
e2130d28c0
update NAME and MLINKS for previous;
10 years ago
tedu
f5ab287545
document crypt_checkpass
10 years ago
tedu
f1d92dda6c
add prototypes for new crypt functions
10 years ago
jsing
0d73d94aa6
When OPENSSL_LOAD_CONF was added it ended up with more #if 0 code,
more #ifdefs and a new source file that contains a single function.
Nuke the #if 0 code that is now a macro and move the single function in
evp_acnf.c to c_all.c, which is where the other code lives. While here,
tidy evp.h slightly, remove an unnecessary #ifdef __OpenBSD__ and nuke
a comment that is now a lie.
ok miod@
10 years ago
sthen
b1478de08d
use $2b in the bcrypt example, ok tedu
10 years ago
jsing
0cad80226a
Add a ChaCha20-Poly1305 AEAD EVP implementation to libcrypto, from Adam
Langley's Chromium OpenSSL patches.
ok miod@
10 years ago
jsing
9ec5260ddd
Add an AEAD EVP interface to libcrypto, along with AES-GCM AEAD
implementations. This largely pulls in Adam Langley's AEAD patches from
Chromium's OpenSSL.
ok miod@
10 years ago
tedu
4514bdd79a
stop flushing streams in abort(). it's hackish and unsafe, and no longer
required. try to document this fact and some of the history.
with feedback from deraadt guenther millert
10 years ago
jsing
82c1207976
Add poly1305 to libcrypto utilising Andrew Moon's public domain
implementation.
ok miod@
10 years ago
jmc
4f0b6ce40e
zap trailing whitespace;
10 years ago
miod
65ef63a7ad
Fix format strings involving time_t arguments, fixes `ntpd -d' on sparc (and
probably more 32-bit platforms).
Problem noticed by tobiasu@; ok tobiasu@ dtucker@ sthen@ benno@
10 years ago
espie
b950df0d1c
these files have moved to libutil
10 years ago
miod
1a4a7a3239
Move the `pqueue' part of libcrypto, which is a glorified sorted linked list
of 64-bit data, and only used by DTLS, to libssl where it belongs.
Remove pqueue_print() which is a debugging interface and serves no useful
purpose, except for the regress test, which grows its own pqueue_print()
routine.
Bump libcrypto major and libssl minor.
WARNING: do not update your tree right now, more changes are coming, which
will ride the libcrypto major bump.
10 years ago
tedu
990b65b159
no md5crypt
10 years ago
tedu
5d44aecec4
remove md5crypt.
while changing things, add a crypt_checkpass wrapper that handles most of
the edge cases. (not quite ready for production, though.)
ok deraadt
10 years ago
espie
a7f9b5b34c
move the ohash functions into libutil by popular demand.
It's not a standard interface, so it doesn't belong in libc.
I hate duplicating the code in client programs, so do beck@, kettenis@,
schwarze@, millert@, miod@... and they agree with libutil.
10 years ago
espie
c49c33b22a
tweak interface to do the right thing, after useful comments from millert@
(mostly use a calloc function to avoid potential integer overflow)
10 years ago
tedu
508b771a99
change to having four freelists per size, to reduce another source of
deterministic behavior. four selected because it's more than three, less
than five. i.e., no particular reason.
10 years ago
otto
d7088c5a04
fix MALLOC_STATS code that was broken in rev 1.159, not compiled in by default
10 years ago
deraadt
37fcd04989
wording improvements; David Vasek
10 years ago
deraadt
a14ce349c7
move reallocarray() to a seperate file so that -portable applications
can avoid reinventing the wheel
ok guenther schwarze
10 years ago
miod
2b4aa706d9
regen
10 years ago
miod
194ee296ec
Remove irrelevant devices from the ramdisk target; spotted by deraadt
10 years ago
halex
3a717658e6
comment style fix
ok crickets@
10 years ago
sthen
75a71ee2cd
pass daemon_flags to nsd-control when used to check/reload/stop nsd,
the only useful option here is to specify an alternative config path,
which must be used for these operations as well as for startup.
10 years ago
deraadt
7fa36fd938
miod forgot about fcrypt_b.c being needed, before he went off to get his
beauty sleep. He's probably having a nightmare about this right now....
ok tedu
10 years ago