aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...FdaSilvaYY2016-07-252-4/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify i2s_ASN1_INTEGER, X509V3_get_d2iFdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify input parameters of methods :FdaSilvaYY2016-07-251-5/+5
| | | | | | | | - X509_NAME_entry_count, X509_ATTRIBUTE_count - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.FdaSilvaYY2016-07-251-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify ASN1_buf_printFdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ↵FdaSilvaYY2016-07-251-5/+5
| | | | | | | ASN1_TYPE_get_octetstring & co... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify SXNET_add_id_*FdaSilvaYY2016-07-251-4/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify EC_KEY_*_oct2priv() input bufferFdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify CMS_decrypt_set1_key input bufferFdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Add EVP_ENCODE_CTX_copyJakub Zelenka2016-07-241-0/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1344)
* Make it possible for external code to flag a certificate as a proxy one.Richard Levitte2016-07-231-0/+1
| | | | | | | This adds the function X509_set_proxy_flag(), which sets the internal flag EXFLAG_PROXY on a given X509 structure. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check for errors allocating the error strings.Kurt Roeckx2016-07-2031-34/+32
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* Don't allocate r/s in DSA_SIG and ECDSA_SIGDr. Stephen Henson2016-07-202-0/+2
| | | | | | | | | To avoid having to immediately free up r/s when setting them don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new(). RT#4590 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix a few if(, for(, while( inside code.FdaSilvaYY2016-07-201-7/+7
| | | | | | | Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
* Remove reduntant X509_STORE_CTX_set_verify_cb declarationHannes Magnusson2016-07-201-2/+0
| | | | | | | f0e0fd51fd8307f6eae64862ad9aaea113f1177a added X509_STORE_CTX_set_verify_cb with a typedef'd argument, making the original one redundant. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* make updateRichard Levitte2016-07-191-0/+3
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE insteadRichard Levitte2016-07-191-1/+1
| | | | | | | That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Define a few internal macros for easy use of run_once functionsRichard Levitte2016-07-191-0/+42
| | | | | | | | Because pthread_once() takes a function taking no argument and returning nothing, and we want to be able to check if they're successful, we define a few internal macros to get around the issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Update error codes following tls_process_key_exchange() refactorMatt Caswell2016-07-191-0/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* make updateRichard Levitte2016-07-191-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macrosRichard Levitte2016-07-191-6/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix up error codes after splitting up tls_construct_key_exchange()Matt Caswell2016-07-181-0/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Errors fix up following break up of CKE processingMatt Caswell2016-07-181-0/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* check return values for EVP_Digest*() APIsDr. Stephen Henson2016-07-151-7/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add OCSP accessors.Dr. Stephen Henson2016-07-131-0/+5
| | | | | | RT#4605 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Perform DANE-EE(3) name checks by defaultViktor Dukhovni2016-07-123-0/+10
| | | | | | | | | | In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add nameConstraints commonName checking.Dr. Stephen Henson2016-07-111-0/+1
| | | | | | | | | | | | | New hostname checking function asn1_valid_host() Check commonName entries against nameConstraints: any CN components in EE certificate which look like hostnames are checked against nameConstraints. Note that RFC5280 et al only require checking subject alt name against DNS name constraints. Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH1278: Removed error code for alertsRich Salz2016-07-081-0/+29
| | | | | | | | Commit aea145e removed some error codes that are generated algorithmically: mapping alerts to error texts. Found by Andreas Karlsson. This restores them, and adds two missing ones. Reviewed-by: Matt Caswell <matt@openssl.org>
* Replace all #define's in pod pages.Rich Salz2016-07-081-8/+5
| | | | | | | | | | | | Function-like macros are replaced with prototypes and a note that they are implemented as macros. Constants are just referenced in-line in the text. Tweak BIO_TYPE_... documentation. Also fix RT4592. Reviewed-by: Matt Caswell <matt@openssl.org>
* include/openssl: don't include <windows.h> in public headers.Andy Polyakov2016-07-089-46/+34
| | | | | | | | | | | If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h>. Rationale is that <windows.h> is quite "toxic" and is sensitive to inclusion order (most notably in relation to <winsock2.h>). It's only natural to give complete control to the application developer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Stop using and deprecate ENGINE_setup_bsd_cryptodevRichard Levitte2016-07-051-1/+1
| | | | | | | The calls we made to it were redundant, as the same initialization is done later in OPENSSL_init_crypto() anyway. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Improve some error management code in CTFdaSilvaYY2016-07-051-2/+3
| | | | | | | Separate invalid input case from any internal (malloc) failure Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix some memory error handling in CTFdaSilvaYY2016-07-051-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Reorganise asn1.h and add comments.Dr. Stephen Henson2016-07-051-4/+12
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add old locking constants backKurt Roeckx2016-07-011-0/+10
| | | | | | | | Fixes #1260 Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1266
* Make CRYPTO_num_locks() return 1Kurt Roeckx2016-07-011-1/+1
| | | | | | | | | malloc(0) might return NULL and code for the old callbacks might fail, instead just say they should allocate 1 entry. Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1266
* ssl.h: spelling in commentViktor Szakats2016-07-011-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1275)
* Constify a bit more OPENSSL_sk_ APIFdaSilvaYY2016-06-302-5/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1244)
* Add some compat macros for removed tmp RSA functions/macrosMatt Caswell2016-06-301-0/+13
| | | | | | | | Commit 361a119 removed all ciphersuites that could support temporary RSA keys, therefore the associated functions were removed. We should have "no-op" compatibility macros for these. Reviewed-by: Stephen Henson <steve@openssl.org>
* Whitespace cleanup in cryptoFdaSilvaYY2016-06-296-7/+7
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* SpellingFdaSilvaYY2016-06-291-1/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* rsa/rsa_lib.c: const-ify RSA_get0_engine().Andy Polyakov2016-06-271-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT4586: Remove RSA_memory_lock; unused, not neededRich Salz2016-06-271-4/+0
| | | | Reviewed-by: Ben Laurie <ben@openssl.org>
* Fix some OPENSSL_API_COMPAT valuesMatt Caswell2016-06-273-3/+3
| | | | | | | There are 3 OPENSSL_API_COMPAT values that are incorrect in the header files, and one inconsistency between the header and the .c Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deal with API changes.Ben Laurie2016-06-241-7/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a getter to obtain the HMAC_CTX mdMatt Caswell2016-06-241-0/+1
| | | | | | | | As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md. GitHub Issue #1152 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add checks on sk_TYPE_push() returned resultFdaSilvaYY2016-06-231-0/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Rework error handling from asn1_do_lock method.FdaSilvaYY2016-06-231-0/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().Andy Polyakov2016-06-221-2/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Spelling... and more spellingFdaSilvaYY2016-06-222-2/+2
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 21:49:14 +0000