| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
| |
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
|
|
|
|
| |
A couple of '$(PERLASM_SCHEM' had sneaked in.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
| |
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.
Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.
Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
They are not numbers in the machine byte order.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Some of these scripts would recognise an output parameter if it looks
like a file path. That works both in both the classic and new build
schemes. Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component). Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
|
|
|
|
|
|
| |
A few were missed in the previous commit.
Closes RT#4412
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
| |
Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG
SCT_print now looks up the correct CT log for you.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
Closes RT#4406
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
|
| |
A line from cryptlib.h was missed during the old Thread API removal. This
breaks no-deprecated builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
The function SRP_VBASE_get_by_user() is declared as deprecated but the
implementation was not.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301fdab492e4cfef376b28339afe3ef663). Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.
It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
| |
Some of the ASN.1 routines for the GeneralizedTime type can return
errors; check for these and do not continue past failure, so as
to appease coverity.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
| |
set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
| |
return type should be int and not void
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
| |
Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Also improves some documentation of those functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
| |
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
The Thread API changes broke classic build. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
| |
The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|