| Age | Commit message (Collapse) | Author |
|---|
|
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Rename it to be an internal function bn_init.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Following on from the previous commit this adds some documentation for the
BN_with_flags function which is easy to misuse.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
For all functions, consistently use asdf() not B<asdf()>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
In theory the pthreads approach for Thread Local Storage should be more
portable.
This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Clarify that you must only call this after all async jobs have
completed - otherwise you could get memory leaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add some clarifications to the async documentation. Also changed
ASYNC_pause_job() so that it returns success if you are not within the
context of a job. This is so that engines can be used either asynchronously
or synchronously and can treat an error from ASYNC_pause_job() as a real
error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@akamai.com>
RT #4100, MR #1264
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
EVP_SignInit_ex was missing from the NAME section of its man page so
typing "man EVP_SignInit_ex" failed to load the page.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
No dummy arguments.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it. Documentation history now starts with OpenSSL.
Remove mention of all history before OpenSSL 0.9.8, inclusive.
Remove all AUTHOR sections.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Old API for use with OpenSSL-0.9.6. Remove it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Previous language was unclear. New language isn't pretty but I believe
it is more accurate.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Make all mention of digest algorithm use "any supported algorithm"
RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
X509_LOOKUP_hash_dir.pod
X509_check_ca.pod
X509_check_issued.pod
RT 1600:
Remove references to non-existant objects(3)
Add RETURN VALUES to BIO_do_accept page.
RT1818:
RSA_sign Can return values other than 0 on failure.
RT3634:
Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)
RT3678:
Some clarifications to BIO_new_pair
(Devchandra L Meetei <dlmeetei@gmail.com>)
RT3787:
Fix some EVP_ function return values
(Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Came up on the mailing list, from Ken Goldman.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Thanks folks:
348 Benjamin Kaduk
317 Christian Brueffer
254 Erik Tews
253 Erik Tews
219 Carl Mehner
155 (ghost)
95 mancha
51 DominikNeubauer
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This reverts commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.
With regards to the second of these, we should discount this - it should
not be supported to allow this.
With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.
Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
