|
Revision tags: OpenSSL_1_1_1-pre4 |
|
| #
d8f031e8 |
| 30-Mar-2018 |
Matt Caswell |
Move the loading of the ssl_conf module to libcrypto
The GOST engine needs to be loaded before we initialise libssl. Otherwise
the GOST ciphersuites are not enabled. However the SSL conf
Move the loading of the ssl_conf module to libcrypto
The GOST engine needs to be loaded before we initialise libssl. Otherwise
the GOST ciphersuites are not enabled. However the SSL conf module must
be loaded before we initialise libcrypto. Otherwise we will fail to read
the SSL config from a config file properly.
Another problem is that an application may make use of both libcrypto and
libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto()
is called and loads a config file it will fail if that config file has
any libssl stuff in it.
This commit separates out the loading of the SSL conf module from the
interpretation of its contents. The loading piece doesn't know anything
about SSL so this can be moved to libcrypto. The interpretation of what it
means remains in libssl. This means we can load the SSL conf data before
libssl is there and interpret it when it later becomes available.
Fixes #5809
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5818)
show more ...
|
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n |
|
| #
0a90a683 |
| 25-Nov-2017 |
Richard Levitte |
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wr
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms). Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called. The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.
Fixes #4788
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4792)
show more ...
|
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
bc326738 |
| 21-Aug-2017 |
Jon Spillett |
Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:
https://tools.ietf.org/html/rfc5116
TLS GCM cipher suite
Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:
https://tools.ietf.org/html/rfc5116
TLS GCM cipher suites as specified in:
https://tools.ietf.org/html/rfc6209
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
| #
b77f3ed1 |
| 22-May-2017 |
Matt Caswell |
Convert existing usage of assert() to ossl_assert() in libssl
Provides consistent output and approach.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/
Convert existing usage of assert() to ossl_assert() in libssl
Provides consistent output and approach.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
show more ...
|
| #
380a522f |
| 19-May-2017 |
Matt Caswell |
Replace instances of OPENSSL_assert() with soft asserts in libssl
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
|
|
Revision tags: OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0 |
|
| #
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
| #
c2e4e5d2 |
| 19-Jul-2016 |
Richard Levitte |
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| #
5c4328f0 |
| 15-May-2016 |
Viktor Dukhovni |
Fold threads.h into crypto.h making API public
Document thread-safe lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
| #
d064e6ab |
| 13-Apr-2016 |
Matt Caswell |
Remove OPENSSL_NO_SHA guards
no-sha is no longer an option so remove OPENSSL_NO_SHA guards.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
5158c763 |
| 13-Apr-2016 |
Matt Caswell |
Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
b3599dbb |
| 12-Apr-2016 |
Matt Caswell |
Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
342c21cd |
| 06-Apr-2016 |
Matt Caswell |
Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
03b0e735 |
| 04-Apr-2016 |
Matt Caswell |
Deprecate SSL_COMP_free_compression_methods() and make it a no-op
SSL_COMP_free_compression_methods() should not be called expicitly - we
should leave auto-deinit to clean this up instea
Deprecate SSL_COMP_free_compression_methods() and make it a no-op
SSL_COMP_free_compression_methods() should not be called expicitly - we
should leave auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
6827cb36 |
| 04-Apr-2016 |
Matt Caswell |
Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudso
Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre4 |
|
| #
b1f1e7ae |
| 02-Mar-2016 |
Matt Caswell |
Swap the init code to use CRYPTO_ONCE
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.
Reviewed-by: Richard
Swap the init code to use CRYPTO_ONCE
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
7253fd55 |
| 10-Feb-2016 |
Rich Salz |
Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
a4625290 |
| 10-Feb-2016 |
Rich Salz |
After renaming init, update errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
302f7588 |
| 10-Feb-2016 |
Matt Caswell |
Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
0fc32b07 |
| 10-Feb-2016 |
Matt Caswell |
The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return va
The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
f672aee4 |
| 09-Feb-2016 |
Rich Salz |
Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
dd27f16e |
| 10-Feb-2016 |
Rich Salz |
Can't re-init after stop.
Remoce DYANMIC once-init stuff.
After the library is stopped, you can't restart it.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
35d8fa56 |
| 09-Feb-2016 |
Matt Caswell |
Updates for auto init/deinit review comments
Fixes for the auto-init/deinit code based on review comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
498abff0 |
| 09-Feb-2016 |
Matt Caswell |
Add an OPENSSL_NO_AUTOERRINIT option
This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down
Reviewed
Add an OPENSSL_NO_AUTOERRINIT option
This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
b184e3ef |
| 09-Feb-2016 |
Matt Caswell |
Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and
Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
