| Age | Commit message (Collapse) | Author |
|---|
|
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
|
|
|
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
|
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
|
Also be more consistent with variable naming.
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
Remove a comment that tells you not to call a function that internally
calls free, with a stack allocated pointer...
ok tb@
|
|
Nothing can be actually using these as the symbols are not exported from
libcrypto... hopefully ui_compat.h can also go away entirely.
ok tb@
|
|
xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl,
only warns and since nothing uses this library in ports, this wasn't
noticed for a long time.
Reported by Thomas Mitterfellner
ok jsing
|
|
Not all of them, only those that didn't leak into a public header...
Yes.
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
|
ok jsing@
|
|
|
|
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
|
|
|
|
Use calloc() instead of malloc() and setting all members manually to 0.
Avoid unnecessary else branch.
|
|
a pointless local scope.
suggested by jsing
|
|
local scope of a case branch. Move it into the proper location.
No binary change on amd64.
"sure" jsing
|
|
There is no reason for print_error()'s third argument to be a UI *.
It may just as well be a void * to match what ERR_print_errors_cb()
expects. This avoids casting the function pointer. Also, there's no
need for a (void *) cast.
ok jsing
|
|
It is a bit silly to push an error on the stack without erroring out,
so error out if the ok_chars and cancel_chars overlap.
ok jsing
|
|
If any of general_allocate_{prompt,string,boolean}() fail, the
UI_dup_* functions may leak the strings they strduped beforehand.
Instead, use strdup inside these functions, so we can free as
necessary. This makes the UI_add_* and UI_dup_* simple wrappers
around general_allocate_{string,boolean}() that differ only in
passing a Boolean that indicates whether or not to use strdup.
Make a general cleanup pass over these functions, simplify the
logic and make it overall a bit easier to follow. While there,
use strcspn() instead of a handrolled variant.
The only changes in behavior are that ERR_R_MALLOC_FAILURE is now
pushed onto the stack a bit more often and that UI_dup_input_string()
now returns -1 on failure to dup prompt like all the other UI_dup_*
functions. This is not a problem since the manual already documents
that errors are signaled with <= 0. The only consumer of this function
according to Debian's codesearch is libp11, I sent them a PR to fix
their (already broken) error handling.
Addresses about 10 errors thrown by the LLVM static analyzer in ui/.
ok jsing
|
|
If sk_UI_STRING_new_null() fails, this must be due to a memory error,
so signal this to the user.
ok jsing
|
|
ok jsing
|
|
|
|
UI_method_get_flusher(), UI_method_get_opener(),
UI_method_get_prompt_constructor(), UI_method_get_reader(), and
UI_method_get_writer().
tested in a bulk build by sthen
ok jsing
|
|
^^^^^
tested in a bulk build by sthen
ok jsing
|
|
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
|
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
|
as reading passwords. allow ^C to break.
the pain was mine, the fix is miod's.
|
|
ok miod@
|
|
its original state instead of blindly turning echo on.
problem reported on the openssl-dev list by William Freeman
ok miod@ beck@
|
|
15 years.
|
|
ok tedu@, miod@
|
|
NULL before an intrinsic strdup.
ok miod@
|
|
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
|
|
|
|
|
|
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
|
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
|
|
|
|
|
ok miod
|
|
|
|
including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@
|
|
eyeballed before applying. Contributed by Cyril Roelandt on tech@
|
|
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
|
ok miod@
|
|
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
