aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Restore OCSP_basic_verify() error return semanticsRichard Levitte2016-04-171-0/+1
| | | | | | | | Recently, OCSP_basic_verify() was changed to always return 0 on error, when it would previously return 0 on error and < 0 on fatal error. This restores the previous semantics back. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove declaration of function that isn't implementedRichard Levitte2016-04-171-1/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add X509_STORE_CTX_set0_untrusted function.Dr. Stephen Henson2016-04-161-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make many X509_xxx types opaque.Rich Salz2016-04-153-163/+25
| | | | | | | | | Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fix ex_data locks issueMatt Caswell2016-04-141-0/+1
| | | | | | | | | | | Travis identified a problem with freeing the ex_data locks which wasn't quite right in ff2344052. Trying to fix it identified a further problem: the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data lock already freed. Reviewed-by: Tim Hudson <tjh@openssl.org>
* The err_cleanup() funtion is internal so shouldn't be exportedMatt Caswell2016-04-141-1/+0
| | | | | | | Running a "make update" wanted to add err_cleanup to libcrypto.num which is wrong. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add SSL_SESSION_get0_hostname()Lyon Chen2016-04-141-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Ensure all locks are properly cleaned upMatt Caswell2016-04-142-1/+2
| | | | | | Some locks were not being properly cleaned up during close down. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove OPENSSL_NO_AES guardsMatt Caswell2016-04-132-13/+9
| | | | | | | no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES guards can be removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove check_defer()Dr. Stephen Henson2016-04-131-3/+0
| | | | | | | | | | | The check_defer() function was used to ensure that EVP_cleanup() was always called before OBJ_cleanup(). The new cleanup code ensures this so it is no longer needed. Remove obj_cleanup() call in OID config module: it is not needed any more either. Reviewed-by: Matt Caswell <matt@openssl.org>
* Move a declaration that's private to libcryptoRichard Levitte2016-04-131-1/+0
| | | | | | Don't expose purely libcrypto internal symbols, even to libssl. Reviewed-by: Matt Caswell <matt@openssl.org>
* Rename int_*() functions to *_int()Matt Caswell2016-04-134-7/+7
| | | | | | | | | | There is a preference for suffixes to indicate that a function is internal rather than prefixes. Note: the suffix is only required to disambiguate internal functions and public symbols with the same name (but different case) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix explicit de-init macrosMatt Caswell2016-04-1310-10/+10
| | | | | | | | The no-op de-init macros may fail because of extraneous ";", so we use a slightly different construct instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix symbols missing from shared buildMatt Caswell2016-04-131-0/+5
| | | | | | | libssl needs to have access to some internal libcrypto symbols. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename lots of *_intern or *_internal function to int_*Matt Caswell2016-04-134-7/+7
| | | | | | | | There was a lot of naming inconsistency, so we try and standardise on one form. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate CONF_modules_free() and make it a no-opMatt Caswell2016-04-132-1/+4
| | | | | | | | CONF_modules_free() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate ENGINE_cleanup() and make it a no-opMatt Caswell2016-04-131-7/+6
| | | | | | | | ENGINE_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate OBJ_cleanup() and make it a no-opMatt Caswell2016-04-131-1/+3
| | | | | | | | OBJ_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate EVP_cleanup() and make it a no-opMatt Caswell2016-04-131-5/+6
| | | | | | | | EVP_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate BIO_sock_cleanup() and make it a no-opMatt Caswell2016-04-132-3/+4
| | | | | | | | BIO_sock_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate CRYPTO_cleanup_all_ex_data() and make it a no-opMatt Caswell2016-04-131-2/+3
| | | | | | | | CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate RAND_cleanup() and make it a no-opMatt Caswell2016-04-131-1/+3
| | | | | | | | RAND_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate SSL_COMP_free_compression_methods() and make it a no-opMatt Caswell2016-04-131-1/+3
| | | | | | | | SSL_COMP_free_compression_methods() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate ERR_free_strings() and make it a no-opMatt Caswell2016-04-132-2/+60
| | | | | | | | ERR_free_strings() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate COMP_zlib_cleanup() and make it a no-opMatt Caswell2016-04-132-1/+15
| | | | | | | | COMP_zlib_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add SSL_CTX_get_ciphers()Kazuki Yamaguchi2016-04-111-0/+1
| | | | | | | | | | | Add an accessor for SSL_CTX. Since libssl was made opaque, there is no way for users to access the cipher_list, while users can set the cipher_list by SSL_CTX_set_cipher_list(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make DH_METHOD opaqueMatt Caswell2016-04-091-18/+30
| | | | | | | Move the dh_method structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make DH opaqueMatt Caswell2016-04-091-27/+12
| | | | | | | Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add SSL_DANE typedef for consistency.Rich Salz2016-04-084-4/+5
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* make updateViktor Dukhovni2016-04-072-4/+5
| | | | | Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Suppress CT callback as appropriateViktor Dukhovni2016-04-072-25/+48
| | | | | | | | | | | | | | | | | | | | | | Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* always use field namesDr. Stephen Henson2016-04-061-4/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make the RSA_METHOD structure opaqueRichard Levitte2016-04-061-45/+82
| | | | | | | | | Move rsa_meth_st away from public headers. Add RSA_METHOD creator/destructor functions. Add RSA_METHOD accessor/writer functions. Adapt all other source to use the creator, destructor, accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
* Make the RSA structure opaqueRichard Levitte2016-04-061-36/+13
| | | | | | | | Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix no-ocspMatt Caswell2016-04-061-0/+4
| | | | | | Misc fixes for no-ocsp Reviewed-by: Rich Salz <rsalz@openssl.org>
* Revert "various spelling fixes"Rich Salz2016-04-048-17/+17
| | | | | | | This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Revert "Fix an error code spelling."Rich Salz2016-04-041-1/+1
| | | | | | | This reverts commit 2b0bcfaf834e2fb7cd52888d7330b247e3878115. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix an error code spelling.FdaSilvaYY2016-04-041-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-048-17/+17
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add X509_REQ_get0_pubkey methodFdaSilvaYY2016-04-041-0/+1
| | | | | Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Removed no-ops for the old locking APIMichał Trojnara2016-04-031-24/+8
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Move peer chain security checks into x509_vfy.cViktor Dukhovni2016-04-031-1/+6
| | | | | | | | | | | | | | | | | | | A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Rename get/set_app_data to get0/set0_app_dataMatt Caswell2016-04-031-2/+2
| | | | | | | Also fixed a style issue Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Various DSA opacity fixupsMatt Caswell2016-04-031-3/+3
| | | | | | | Numerous fixups based on feedback of the DSA opacity changes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make DSA_METHOD opaqueMatt Caswell2016-04-031-32/+50
| | | | | | | | Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make the DSA structure opaqueMatt Caswell2016-04-031-23/+12
| | | | | | | | | Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* moved structure bio_buf_mem_st from headers to bss_mem.cKirill Marinushkin2016-04-021-1/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Optimized BIO mem read - without reallocationKirill Marinushkin2016-04-022-2/+5
| | | | | | | | | | | | Currently on every BIO mem read operation the remaining data is reallocated. This commit solves the issue. BIO mem structure includes additional pointer to the read position. On every read the pointer moves instead of reallocating the memory for the remaining data. Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer. Also the flag is added to rewind the read pointer without losing the data. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix X509_PUBKEY cached key handling.Dr. Stephen Henson2016-04-021-0/+1
| | | | | | | Don't decode a public key in X509_PUBKEY_get0(): that is handled when the key is parsed using x509_pubkey_decode() instead. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Make it legal C.Ben Laurie2016-03-301-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 12:55:17 +0000