| #
54e5ba05 |
| 17-Jul-2017 |
Rich Salz |
Fix use-after-free
Also fix a RANDerr call.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3947)
|
| #
3ee1eac2 |
| 05-Jul-2017 |
Rich Salz |
Standardize apps use of -rand, etc.
Standardized the -rand flag and added a new one:
-rand file...
Always reads the specified files
-writerand file
Standardize apps use of -rand, etc.
Standardized the -rand flag and added a new one:
-rand file...
Always reads the specified files
-writerand file
Always writes to the file on exit
For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.
Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.
Fix error reporting in write_file and -rand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)
show more ...
|
| #
1ef45418 |
| 06-Jul-2017 |
Rich Salz |
Remove some now-unneeded VMS controls
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3875)
|
| #
9ee344f5 |
| 05-Jul-2017 |
Rich Salz |
Cleanup RAND_load_file,RAND_write_file
Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it a
Cleanup RAND_load_file,RAND_write_file
Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it as writing 1024 bytes, even though we don't need more than 256
from a security perspective. But the amount isn't specified, now, so we
can change it later if we want.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3864)
show more ...
|
| #
810ef917 |
| 14-Jun-2017 |
Rich Salz |
Undo commit de02ec2
Original text:
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This i
Undo commit de02ec2
Original text:
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.or
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
| #
6974fca4 |
| 05-Dec-2016 |
Paul Hovey |
updated macro spacing for styling purposes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
|
| #
8bd62abe |
| 05-Dec-2016 |
Paul Hovey |
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184
Reviewed-by: Richard L
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
| #
7dc0ad4d |
| 20-Sep-2016 |
Andy Polyakov |
rand/randfile.c: treat empty string in RAND_file_name as error.
Suggested in GH#1589.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
ba8fa4e5 |
| 20-Sep-2016 |
Andy Polyakov |
rand/randfile.c: rationalize __OpenBSD__ code path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
799c1293 |
| 20-Sep-2016 |
Andy Polyakov |
rand/randfile.c: restore fallback to $HOME for non-setuid programs.
Reported in GH#1589, but solution is different from suggested.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
| #
fc6076ca |
| 21-Jun-2016 |
Andy Polyakov |
rand/randfile.c: make it non-ASCII-savvy.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
b73cfb13 |
| 20-Jun-2016 |
Andy Polyakov |
rand/randfile.c: remove obsolete commentary.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
b8f304f7 |
| 20-Jun-2016 |
Richard Levitte |
Change default directory for the .rnd file on Windows and VMS
The previous change for Windows wasn't quite right. Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that ord
Change default directory for the .rnd file on Windows and VMS
The previous change for Windows wasn't quite right. Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.
Also adding the default home for VMS, SYS$LOGIN:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
| #
13c03c8d |
| 15-Jun-2016 |
Matt Caswell |
Change default directory for storing the .rnd file on Windows
Previously we would try %RANDFILE%, then %HOME% and finally "C:".
Unfortunately this often ends up being "C:" which the user
Change default directory for storing the .rnd file on Windows
Previously we would try %RANDFILE%, then %HOME% and finally "C:".
Unfortunately this often ends up being "C:" which the user may not
have write permission for.
Now we try %RANDFILE% first, and then the same set of environment vars
as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and
%SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:".
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
06593767 |
| 20-May-2016 |
Richard Levitte |
Clean up the VMS hacks in crypto/rand/randfile.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| #
8ff889c2 |
| 20-May-2016 |
Richard Levitte |
VMS: setbuf() only takes 32-bit pointers
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is
passed by a 64-bit register anyway, so you only get a warning
(MAYLOSEDATA2
VMS: setbuf() only takes 32-bit pointers
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is
passed by a 64-bit register anyway, so you only get a warning
(MAYLOSEDATA2) pointing out that only the least significant 32 bits
will be used.
However, we know that a FILE* returned by fopen() and such really is a
32-bit pointer (a study of the system header files make that clear),
so we temporarly turn off that warning when calling setbuf().
Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
| #
2e6d7799 |
| 16-May-2016 |
Andy Polyakov |
rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
b1322259 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 09/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
| #
3012e650 |
| 11-Apr-2016 |
Matt Caswell |
Fix the no-posix-io option
Fix a compile failure with no-posix-io
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
040d43b3 |
| 13-Feb-2016 |
Rich Salz |
OpenSSLDie --> OPENSSL_die
Also removed a bunch of unused define's from e_os.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f |
|
| #
d8ca44ba |
| 27-Jan-2016 |
Emilia Kasper |
Always DPURIFY
The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.
Reviewed-by: Rich Salz <rsalz@op
Always DPURIFY
The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre2 |
|
| #
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
| #
7644a9ae |
| 16-Dec-2015 |
Rich Salz |
Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old nam
Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e, OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10, OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
| #
68b00c23 |
| 23-Jan-2015 |
Rich Salz |
ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.
Reviewed-by: Andy Polyakov <appro@ope
ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
27c7609c |
| 22-Jan-2015 |
Rich Salz |
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf(). This removes some
ifdef complexity because all of our platforms support setbuf.
Revi
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf(). This removes some
ifdef complexity because all of our platforms support setbuf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
