aboutsummaryrefslogtreecommitdiffstats
path: root/include/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Add an SSL_SESSION accessor for obtaining the protocol version number, withTJ Saunders2016-05-311-0/+1
| | | | | | | accompanying documentation. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1135)
* add removed functions back as deprecatedJoey Yandle2016-05-291-0/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1079)
* get rid of now empty #ifJoey Yandle2016-05-291-4/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1079)
* cherry pick pr-512 changesJoey Yandle2016-05-291-2/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1079)
* cherry pick pr-512 changesJoey Yandle2016-05-291-1/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1079)
* include/openssl/e_os2.h: fix 'noreturn' pre-processor logic.Andy Polyakov2016-05-271-3/+3
| | | | | | | Newer gcc still recognizes e.g. -std=c9x in which case it wouldn't have used 'noreturn' at all with original logic. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add error return for OPENSSL_INIT_set_config_filename()Matt Caswell2016-05-231-2/+2
| | | | | | | | | The OPENSSL_INIT_set_config_filename() function can fail so ensure that it provides a suitable error code. GitHub Issue #920 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove unused error/function codes.Rich Salz2016-05-2329-442/+92
| | | | | | | | Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
* Support for traditional format private keys.Dr. Stephen Henson2016-05-231-0/+5
| | | | | | | | Add new function PEM_write_bio_PrivateKey_traditional() to enforce the use of legacy "traditional" private key format. Add -traditional option to pkcs8 and pkey utilities. Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify stack and lhash macros.Dr. Stephen Henson2016-05-213-9/+10
| | | | | | RT#4471 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix Windows 64 bit crashesMatt Caswell2016-05-201-6/+1
| | | | | | | | | | | | | | | | | | | | | | | The function InitOnceExceuteOnce is the best way to support the implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately WinXP doesn't have it. To get around that we had two different implementations: one for WinXP and one for later versions. Which one was used was based on the value of _WIN32_WINNT. This approach was starting to cause problems though because other parts of OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were occurring dependant on include file ordering. In addition a conditional based on _WIN32_WINNT had made its way into a public header file through commit 5c4328f. This is problematic because the value of this macro can vary between OpenSSL build time and application build time. The simplest solution to this mess is just to always use the WinXP version of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably not noticably. GitHub Issue #1086 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxxRich Salz2016-05-204-161/+150
| | | | | | | | | | | | Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* When strict SCT fails record verification failureViktor Dukhovni2016-05-191-1/+2
| | | | | | | | | | | | | | | Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by: Tim Hudson <tjh@openssl.org>
* make updateViktor Dukhovni2016-05-191-0/+3
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fixes non __GNUC__ compilationMat2016-05-181-1/+1
| | | | | | adds missing check for defined(__GNUC__) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1094)
* Ensure verify error is set when X509_verify_cert() failsViktor Dukhovni2016-05-181-0/+5
| | | | | | | | | | | Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make OPENSSL_die as noreturnhesiod2016-05-182-1/+9
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/526)
* Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()Richard Levitte2016-05-181-0/+5
| | | | | | | | Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org>
* OID code tidy up.Dr. Stephen Henson2016-05-181-0/+1
| | | | | | | | Tidy up and simplify OBJ_dup() and OBJ_create(). Sanity check added OIDs: don't allow duplicates. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add some error messages for malloc failsMatt Caswell2016-05-184-4/+14
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Manual fixes after copyright consolidationRich Salz2016-05-171-1/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* X509_STORE_CTX accessors.Rich Salz2016-05-172-10/+15
| | | | | | | Add some functions that were missing when a number of X509 objects became opaque (thanks, Roumen!) Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 03/10Rich Salz2016-05-1774-3797/+457
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* const correctness: make HMAC_size() take a const *Steffan Karger2016-05-161-1/+1
| | | | | | | | | CLA: none; trivial Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1070
* Fold threads.h into crypto.h making API publicViktor Dukhovni2016-05-161-0/+38
| | | | | | Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
* Do not access SSL struct directly in TLS1_get_version and ↵Alessandro Ghedini2016-05-161-2/+2
| | | | | | | | TLS1_get_client_version macros Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add SSL_client_version() getter functionAlessandro Ghedini2016-05-161-0/+1
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Propagate tlsext_status_type from SSL_CTX to SSLjfigus2016-05-161-0/+3
| | | | | | | | | To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Unify <TYPE>_up_ref methods signature and behaviour.FdaSilvaYY2016-05-164-6/+6
| | | | | | | | | Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix stack constification definitions.Dr. Stephen Henson2016-05-131-6/+6
| | | | | | RT#4471 Reviewed-by: Matt Caswell <matt@openssl.org>
* Appease ubsanEmilia Kasper2016-05-121-1/+1
| | | | | | | ERR_LIB_USER has value 128, and shifting into the sign bit upsets the shift sanitizer. Reviewed-by: Rich Salz <rsalz@openssl.org>
* crypto/des: remove obsolete functions.Andy Polyakov2016-05-101-12/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Restore the ERR_remove_thread_state() API and make it a no-opRichard Levitte2016-05-101-3/+2
| | | | | | | | | | | The ERR_remove_thread_state() API is restored to take a pointer argument, but does nothing more. ERR_remove_state() is also made into a no-op. Both functions are deprecated and users are recommended to use OPENSSL_thread_stop() instead. Documentation is changed to reflect this. Reviewed-by: Matt Caswell <matt@openssl.org>
* fix tab-space mixed indentationFdaSilvaYY2016-05-091-2/+2
| | | | | | | No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* few missing allocation failure checks and releases on error pathsJ Mohan Rao Arisankala2016-05-091-3/+4
| | | | | | | | - Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify PKCS12_newpass()Dr. Stephen Henson2016-05-061-1/+1
| | | | | | PR#4449 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Handle no async jobs in libsslMatt Caswell2016-05-051-0/+3
| | | | | | | | | | If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: Richard Levitte <levitte@openssl.org>
* DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.hMarek Klein2016-05-041-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1020)
* Secure memory fixesTodd Short2016-05-021-1/+1
| | | | | | | | | | | | | | | Fix some of the variables to be (s)size_t, so that more than 1GB of secure memory can be allocated. The arena has to be a power of 2, and 2GB fails because it ends up being a negative 32-bit signed number. The |too_late| flag is not strictly necessary; it is easy to figure out if something is secure memory by looking at the arena. As before, secure memory allocations will not fail, but now they can be freed correctly. Once initialized, secure memory can still be used, even if allocations occured before initialization. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix some X509_STORE macrosMatt Caswell2016-04-291-4/+9
| | | | | | Some X509_STORE macros do not work since the type was made opaque. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add checks to X509_NAME_oneline()Dr. Stephen Henson2016-04-291-0/+1
| | | | | | | | | Sanity check field lengths and sums to avoid potential overflows and reject excessively large X509_NAME structures. Issue reported by Guido Vranken. Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove BIO_dummy, it's old cruftRichard Levitte2016-04-291-3/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Change 'struct bio_st' in all public header where applicableRichard Levitte2016-04-291-5/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add asn1_macRich Salz2016-04-291-0/+10
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make header signature of CRYPTO_mem_leaks BIO instead of struct bio_stPaul Kehrer2016-04-291-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1012)
* VMS: It seems DEC C doesn't handle certain header files quite rightRichard Levitte2016-04-292-0/+0
| | | | | | | | | | | With DEC C on VMS, you can use __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H to include some DEC C specific features or pragmas without having to touch the other header files. It seems, however, that the current version of the compiler requires the file names to be upcased, or it doesn't handle them quite right. Reviewed-by: Andy Polyakov <appro@openssl.org>
* make updateRichard Levitte2016-04-291-0/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix an error code spelling.FdaSilvaYY2016-04-281-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* various spelling fixesFdaSilvaYY2016-04-288-17/+17
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* Add getters for X509_STORE and X509_OBJECT membersChristian Heimes2016-04-281-0/+3
| | | | | | | | | | | | | | | OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three new getters are added: int X509_OBJECT_get_type(X509_OBJECT *a); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-23 01:43:26 +0000