| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
is no longer public. Even though ASN1_add_oid_module() still exists
as an internal function, this file contains more misleading (DSO,
OPENSSL_load_builtin_modules) than useful information, so delete it.
OK tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
NCONF_get_section() isn't any clearer by using this indirection.
ok jsing
|
| |
|
|
|
|
|
| |
Don't leak v if its insertion into the hash failed and properly free it
instead.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
Despite the claim in this comment, the "new" conf code did replace
the "old" conf code (which no longer exists in the public API).
|
| |
|
|
|
|
|
| |
This used to be a trivial wrapper of the ASN1_add_oid_module() horror.
It's no longer exported, so it can go away. It moves from the terribly
named file conf_mall.c to the equally terribly named file conf_sap.c.
I have no idea what mall and sap are supposed to mean in this context.
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
This became obsolete with the automatic library initialization. Now it
is time for it to become an internal API.
ok beck jsing
|
| |
|
|
|
|
|
| |
This translation device from old to new conf guts will need to stay
for a while. However, it's only needed internally.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
This is the next layer of unused cruft that can now go. The code lovingly
called it 'the "CONF classic" functions'. No tear was shed. Don't worry,
we still have the "New CONF" functions!
ok beck jsing
|
| |
|
|
|
|
|
| |
This permits another single-use-no-longer-public API to join the party
in the bit bucket.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
The only project I'm aware of that ever used this was rust-openssl
and they did so for no good reason. So remove this API, the crate's
code is already adjusted accordingly.
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
While not all of this is strictly needed, it was simply incorrect. This
way another global which was modifiable for no good reason becomes const.
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
Now that we no longer need to hang a poor man's ctype substitute off
the conf structure, we can get rid of the otherwise unused meth_data
member. This allows us to const correct CONF_type_default. Hopefully
we can remove it soon.
ok beck jsing
|
| |
|
|
|
|
|
| |
Undocumented and entirely unused. Gets rid of a big, modifiable, global
table.
ok beck jsing
|
| |
|
|
|
|
|
| |
This makes the _CONF_* layer of the conf module internal and gets rid
of the entirely unused conf_api.h.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
| |
|
|
|
|
|
| |
Much of conf is designed in such a way that you really have to reach into
its structs. This one piece can be hidden. It might even be removed soon.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
It's time to start removing some horrors from the conf/ garbage. If the
current top layer wasn't terrible enough, you could always slap another
one on top of it and it would then be truly marvellous.
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
Reduces upcoming diffs and avoids annoying prototypes.
|
| |
|
|
|
|
|
|
|
| |
lhash_local.h was previously needed since conf/conf_api.c and
objects/obj_dat.c were fiddling with lhash internals when deleting via a
callback. Since we no longer need to do that, inline the structs in
lhash.c and remove the header.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
| |
|
|
| |
feedback and ok tb@
|
| |
|
|
|
|
| |
This guentherizes the public symbols from conf.h
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Immediately error out when no name or value is passed instead of hiding
this in a a combination of ternary operator and strdup error check.
Use calloc(). Unindent some stupid, don't pretend this function can return
anything but -1 and 1, turn the whole thing into single exit and call the
now existing imodule_free() instead of handrolling it.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Hungarian notation occasionally helps, but only if it is done consistently.
Steve and consistency... cf e.g the last few commits. Accordingly,
Hensonian Hungarian notation is a complete disaster. Start cleaning this
mess up.
|
| |
|
|
| |
requested by jsing
|
| |
|
|
|
| |
A CONF_IMODULE is neither an EVP_MD nor a CONF_MODULE, so call it imod
instead of md or mod.
|
| |
|
|
| |
A CONF_MODULE is no EVP_MD, so call it mod instead of md.
|
| |
|
|
|
|
|
| |
There is one caller of this function which returns module_add() != NULL.
Make the function return an int instead.
suggested by and ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This removes internals of these two special snowflakes and will allow
further simplifications. Unfortunately, there are some pieces of
software that actually use LHASH_OF() (looking at you, pound, Ruby, and
openssl(1)), so we get to keep exposing this garbage, at least for now.
Expose lh_error() as a symbol to replace a macro reaching into _LHASH.
lh_down_load() is no longer available. _LHASH and _STACK are now opaque,
LHASH_NODE becomes internal-only.
from jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
It is now safe to call delete from an lhash doall callback - stop fiddling
wit hash table internals from lhash doall callers that previously has to
workaround this themselves.
ok tb@
|
| |
|
|
|
|
|
| |
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is currently possible to extend libcrypto by having it load a shared
object via dlopen() either from a config file on library initialization
or when an application calls the relevant API. Recent and not so recent
events showed how dangerous an idea dlopen() is. Independently of such
concerns, this should not be handled in the characteristically convoluted
way of this toolkit. DSO will go away in the upcoming bump. This commit
clears the road for a plain cvs rm of the dso code.
ok jsing
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
|
| |
There was no limitation for the length of openssl conf value.
This brings possibility of out-of-memory problem as oss-fuzz had detected.
This diff restricts the length of conf value up to 64k.
ok jsing@
|
| |
|
|
|
| |
here, just the normal version.
ok jsing@
|
| |
|
|
|
|
|
|
| |
This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as
OpenSSL. As a result, by default the openssl.conf file is not loaded during
autoinit, which makes autoinit safe for pledge(stdio).
ok jsing@
|
