| Age | Commit message (Collapse) | Author |
|---|
|
Fixes #3033
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)
|
|
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not. This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
|
|
If len == 0 in a call to ERR_error_string_n() then we can read beyond the
end of the buffer. Really applications should not be calling this function
with len == 0, but we shouldn't be letting it through either!
Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on
this issue is available here:
https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Certain functions are automatically called during auto-deinit in order
to deallocate resources. However, if we have never entered a function which
marks lib crypto as inited then they never get called. This can happen if
the user only ever makes use of a small sub-set of functions that don't hit
the auto-init code.
This commit ensures all such resources deallocated by these functions also
init libcrypto when they are initially allocated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
|
|
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Commit aea145e removed some error codes that are generated
algorithmically: mapping alerts to error texts. Found by
Andreas Karlsson. This restores them, and adds two missing ones.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
There are 3 OPENSSL_API_COMPAT values that are incorrect in the header
files, and one inconsistency between the header and the .c
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Files like dh.pod, etc., mostly duplicated the API-specific pod files.
Removed the duplicated content; that often mean the whole file could
be removed. Some of the content about internals got moved into README
files in the source tree. Some content (e.g., err.pod) got moved
into other pod pages.
Annotate generic pages, remove dup NAME
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The function strerror() is not thread safe. We should use strerror_r()
where possible, or strerror_s() on Windows.
RT#2267
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
STORE doesn't exist for now
HMAC doesn't have any error codes
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Document thread-safe lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more. ERR_remove_state() is also made into
a no-op. Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.
Documentation is changed to reflect this.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Running a "make update" wanted to add err_cleanup to libcrypto.num which
is wrong.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Some locks were not being properly cleaned up during close down.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Misc fixes for no-ocsp
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This takes us away from the idea that we know exactly how our static
libraries are going to get used. Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.
On the other hand, we also have greater control of when the shared
library cflags. They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.
With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was. Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Man, there were a lot of renamings :)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This builds on the previous commit to auto initialise/deinitialise
libcrypto.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Windows doesn't have h_error or hstrerror()
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1848
|
|
Added functions:
BIO_socket
BIO_connect
BIO_listen
BIO_accept_ex
BIO_closesocket
BIO_sock_info
These get deprecated:
BIO_gethostbyname
BIO_get_port
BIO_get_host_ip
BIO_get_accept_socket
BIO_accept
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files. They have been generated from the
Makefiles in the same directories. Things that are platform specific
will appear in later commits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
