| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some of the variables to be (s)size_t, so that more than 1GB of
secure memory can be allocated. The arena has to be a power of 2, and
2GB fails because it ends up being a negative 32-bit signed number.
The |too_late| flag is not strictly necessary; it is easy to figure
out if something is secure memory by looking at the arena. As before,
secure memory allocations will not fail, but now they can be freed
correctly. Once initialized, secure memory can still be used, even if
allocations occured before initialization.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Some X509_STORE macros do not work since the type was made opaque.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.
Issue reported by Guido Vranken.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1012)
|
| |
|
|
|
|
|
|
|
|
|
| |
With DEC C on VMS, you can use __DECC_INCLUDE_PROLOGUE.H and
__DECC_INCLUDE_EPILOGUE.H to include some DEC C specific features or
pragmas without having to touch the other header files.
It seems, however, that the current version of the compiler requires
the file names to be upcased, or it doesn't handle them quite right.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:
int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.
X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is up to the caller of SSL_dane_tlsa_add() to take appropriate
action when no records are added successfully or adding some records
triggers an internal error (negative return value).
With this change the caller can continue with PKIX if desired when
none of the TLSA records are usable, or take some appropriate action
if DANE is required.
Also fixed the internal ssl_dane_dup() function to properly initialize
the TLSA RR stack in the target SSL handle. Errors in ssl_dane_dup()
are no longer ignored.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
| |
The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
Some pre-processor macros were incorrectly indented
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
The ocsp.h file did not have appropriate guards causing link failures on
Windows.
GH Issue 900
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
Ensure public functions have appropriate guards in header files.
GH Issue 899
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_DGRAM
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Give the API new names, document it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
Recently, OCSP_basic_verify() was changed to always return 0 on error,
when it would previously return 0 on error and < 0 on fatal error.
This restores the previous semantics back.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff2344052. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
|
|
| |
Running a "make update" wanted to add err_cleanup to libcrypto.num which
is wrong.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Some locks were not being properly cleaned up during close down.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.
Remove obj_cleanup() call in OID config module: it is not needed
any more either.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
| |
Don't expose purely libcrypto internal symbols, even to libssl.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
|
|
| |
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
The no-op de-init macros may fail because of extraneous ";", so we use
a slightly different construct instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
libssl needs to have access to some internal libcrypto symbols.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
