#
1c8787d5 |
| 29-Mar-2022 |
Dr. Matthias St. Pierre |
err: get rid of err_free_strings_int() Even though the function is not part of the public api, it is not entirely removed, in order to minimize the chance of breakage, because it is
err: get rid of err_free_strings_int() Even though the function is not part of the public api, it is not entirely removed, in order to minimize the chance of breakage, because it is exported from libcrypto. Instead, we keep a dummy implementation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17974)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
|
#
b93f6c2d |
| 25-May-2021 |
Pauli |
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@ope
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
f5a46ed7 |
| 12-Nov-2020 |
Richard Levitte |
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be removed when those functions are finally removed. This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h, moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h to include/openssl/cryptoerr_legacy.h, and finally removes the declaration of ERR_load_DSO_strings(), which was entirely internal anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
661595ca |
| 02-Jul-2020 |
Benjamin Kaduk |
Providerized libssl fallout: cleanup init Since libssl is entirely using fetched cipher/digest implementations from providers, we don't need to register the libcrypto cipher/digest i
Providerized libssl fallout: cleanup init Since libssl is entirely using fetched cipher/digest implementations from providers, we don't need to register the libcrypto cipher/digest implementations in ossl_init_ssl_base(). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12418)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
c8f6c28a |
| 16-Jan-2020 |
Matt Caswell |
Explicitly fetch ciphers and digests in libssl We modify libssl to use explicitly fetched ciphers, digests and other algorithms as required based on the configured library context and
Explicitly fetch ciphers and digests in libssl We modify libssl to use explicitly fetched ciphers, digests and other algorithms as required based on the configured library context and property query string for the SSL_CTX that is being used. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10854)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
e74bd290 |
| 07-May-2019 |
Richard Levitte |
Prepare EVP_MAC infrastructure for moving all MACs to providers Quite a few adaptations are needed, most prominently the added code to allow provider based MACs. As part of this
Prepare EVP_MAC infrastructure for moving all MACs to providers Quite a few adaptations are needed, most prominently the added code to allow provider based MACs. As part of this, all the old information functions are gone, except for EVP_MAC_name(). Some of them will reappear later, for example EVP_MAC_do_all() in some form. MACs by EVP_PKEY was particularly difficult to deal with, as they need to allocate and deallocate EVP_MAC_CTXs "under the hood", and thereby implicitly fetch the corresponding EVP_MAC. This means that EVP_MACs can't be constant in a EVP_MAC_CTX, as their reference count may need to be incremented and decremented as part of the allocation or deallocation of the EVP_MAC_CTX. It may be that other provider based EVP operation types may need to be handled in a similar manner. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
5c641735 |
| 12-Dec-2018 |
Richard Levitte |
Adapt OPENSSL_INIT_DEBUG to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merge
Adapt OPENSSL_INIT_DEBUG to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
show more ...
|
#
df1f538f |
| 01-Jan-2019 |
Viktor Dukhovni |
More configurable crypto and ssl library initialization 1. In addition to overriding the default application name, one can now also override the configuration file name and
More configurable crypto and ssl library initialization 1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with INIT_BASE_ONLY. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7986)
show more ...
|
#
660a1e04 |
| 20-Nov-2018 |
Matt Caswell |
Fix a RUN_ONCE bug We have a number of instances where there are multiple "init" functions for a single CRYPTO_ONCE variable, e.g. to load config automatically or to not load config
Fix a RUN_ONCE bug We have a number of instances where there are multiple "init" functions for a single CRYPTO_ONCE variable, e.g. to load config automatically or to not load config automatically. Unfortunately the RUN_ONCE mechanism was not correctly giving the right return value where an alternative init function was being used. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7647)
show more ...
|
#
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
0145dd32 |
| 24-Oct-2018 |
Richard Levitte |
Add automatic initializations support for EVP_MAC objects Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7393)
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
10281e83 |
| 07-Aug-2018 |
Rich Salz |
Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://gith
Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6875)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
#
dbabc862 |
| 15-Apr-2018 |
Bernd Edlinger |
Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5959)
show more ...
|
#
28428130 |
| 17-Apr-2018 |
Richard Levitte |
Update copyright year Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
|
Revision tags: OpenSSL_1_1_1-pre4 |
|
#
d8f031e8 |
| 30-Mar-2018 |
Matt Caswell |
Move the loading of the ssl_conf module to libcrypto The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf
Move the loading of the ssl_conf module to libcrypto The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf module must be loaded before we initialise libcrypto. Otherwise we will fail to read the SSL config from a config file properly. Another problem is that an application may make use of both libcrypto and libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto() is called and loads a config file it will fail if that config file has any libssl stuff in it. This commit separates out the loading of the SSL conf module from the interpretation of its contents. The loading piece doesn't know anything about SSL so this can be moved to libcrypto. The interpretation of what it means remains in libssl. This means we can load the SSL conf data before libssl is there and interpret it when it later becomes available. Fixes #5809 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818)
show more ...
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n |
|
#
0a90a683 |
| 25-Nov-2017 |
Richard Levitte |
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() IF OPENSSL_init_ssl() is called with the option flag OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wr
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() IF OPENSSL_init_ssl() is called with the option flag OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly (i.e. there will be an attempt to load libssl_conf.so or whatever corresponds to that on non-Unix platforms). Therefore, at least SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is called. The base ssl init does that, plus adds all kinds of ciphers and digests, which is harmless. Fixes #4788 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4792)
show more ...
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
bc326738 |
| 21-Aug-2017 |
Jon Spillett |
Implement Aria GCM/CCM Modes and TLS cipher suites AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suite
Implement Aria GCM/CCM Modes and TLS cipher suites AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4287)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
#
b77f3ed1 |
| 22-May-2017 |
Matt Caswell |
Convert existing usage of assert() to ossl_assert() in libssl Provides consistent output and approach. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/
Convert existing usage of assert() to ossl_assert() in libssl Provides consistent output and approach. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
show more ...
|