| Age | Commit message (Collapse) | Author |
|---|
|
Thanks to orbea for the report
|
|
This tells gcc that OPENSSL_assert() will not return and thus avoids a
silly warning that triggers scary gentoo QA warnings.
From claudio
|
|
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
|
ok jsing
|
|
OPENSSL_cleanup() cleans up and deallocates memory in use by the library.
There are a couple of use cases for this, primarily related to memory
leak testing. This will not be called automatically in LibreSSL, which
means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to
clean up then they need to explicitly call this themselves.
ok tb@
|
|
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
ok inoguchi jsing
|
|
are unused in the end anyway and occupies needless space, especially in ftp(1)
shipped with the ramdisk.
ok tb@
|
|
no longer needed.
ok jsing
|
|
Symbols.list changes to follow with tb's upcoming bump
ok jsing@
|
|
This commit adds init/free, support for signing, setting and
getting the method, engine support as well as extra data.
from markus
|
|
ok beck@
|
|
This implements automatic thread support initialization in libcrypto.
This does not remove any functions from the ABI, but does turn them into
no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are
provided for ramdisks.
This does not implement the new OpenSSL 1.1 thread API internally,
keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library
locking. For -portable, crypto_lock.c can be reimplemented with
OS-specific primitives as needed.
ok beck@, tb@, looks sane guenther@
|
|
These functions are no-ops. Their signature was changed by OpenSSL
to allow error checking. This way we return an error and do not
indicate the (non-)existence of memory leaks.
tested in a bulk by sthen
ok jsing
|
|
Also place all of the OPENSSL_* memory related prototypes under #ifndef
LIBRESSL_INTERNAL.
ok beck@ tb@
|
|
This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as
OpenSSL. As a result, by default the openssl.conf file is not loaded during
autoinit, which makes autoinit safe for pledge(stdio).
ok jsing@
|
|
Found via port build failures reported by sthen.
ok jsing
|
|
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well
thread safety modifications for the existing LibreSSL init
functions. The initialization routines are called automatically
by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
|
This will ease the burden on ports and others trying to make software
work with LibreSSL, while avoiding #ifdef mazes. Note that we are not
removing 1.0.1 API or making things opaque, hence software written to
use the older APIs will continue to work, as will software written to
use the 1.1 API (as more functionality become available).
Discussed at length with deraadt@ and others.
|
|
it under #ifndef LIBRESSL_INTERNAL.
ok beck@
|
|
noted by Bernard Spil
|
|
OPENSSL_ia32cap_loc; nothing in ports uses them besides embedded copies of
OpenSSL. This opens the `all hell gets loose' window.
|
|
cpu's specific hardware capabilities users of libcrypto might be interested
in, as an integer value. This deprecates the existing OPENSSL_ia32cap()
macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so
that you can mess with stuff you shouldn't mess with).
Interpreting the value returned by OPENSSL_cpu_caps() is, of course,
machine-dependent.
Minor version bump for libcrypto.
ok beck@ jsing@
|
|
|
|
noops, so neuter the CRYPTO_malloc_init and CRYPTO_malloc_debug_init
macros.
With input from miod@
ok beck@ bcook@ miod@
|
|
ok doug@ deraadt@
|
|
The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment". Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places. However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False
safety. Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.
Can you believe the OpenSSL team?
This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL. Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming
ok jsing
|
|
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
|
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
|
of CRYPTO_EX_DATA; riding upon the libcrypto major bump.
|
|
|
|
ok deraadt@
|
|
ok to firebomb from tedu@
|
|
ok beck
|
|
including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@
|
|
|
|
happen on their use.
ok miod@
|
|
OpenSSL FIPS module to prevent forbidden digests to be allowed.
No functional change but readability.
ok deraadt@
|
|
|
|
|
|
free software project. ok beck deraadt
Ports calling FIPS_mode_set(1): mongodb
|
|
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
|
with the bearded ones...
some API's that nobody should be using will dissapear with this commit.
|
|
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
|
|
|
|
|
|
|
|
|
|
|
|
