| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
| |
|
|
|
|
|
|
| |
Somewhere in the past 25 years, the circular dependency between err and pem
went away. Stop pulling in pem2.h and just use pem.h directly (pem2.h can
probably be removed at some point, but that remains for another day).
ok joshua@ tb@
|
| |
|
|
| |
ok beck
|
| | |
|
| |
|
|
|
|
|
|
| |
With ERR_STATE out of the way, we can make CRYPTO_THREADID opaque.
The type is still accessed by used public API, but some of the public
API can also go away.
ok jsing
|
| |
|
|
|
|
| |
This aligns the prototypes with OpenSSL 1.1.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The ERR_STATE struct is an unused implementation detail of the horrific
error stack code. It is the last public consumer of CRYPTO_THREAD
internals. Make this and its accessor internal so we can make the
CRYPTO_THREAD struct opaque.
ok jsing
|
| |
|
|
|
|
|
| |
These don't do anything but return 0 and will be garbage collected in the
upcoming bump.
ok jsing
|
| | |
|
| |
|
|
| |
from jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The callback-based printing needs to die. But first BIO_set() will die.
We have a FILE *. We have fprintf(). No need to use a static BIO to dump
error codes to said stream.
This basically undoes an unrelated change of "Move crpytlib.h prior bio.h"
from 19 years ago (OpenSSL 25a66ee3). Except we don't cast and check len.
ok jsing (who had a nearly identical diff)
|
| |
|
|
|
|
|
| |
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
| |
|
|
|
|
|
| |
Ever wondered how many entries populate the various err hashes?
Me neither. Remove this garbage.
ok jsing
|
| |
|
|
|
|
|
| |
Much like ex_data, applications can make the library use their own error
stack implementation. Well, except as of right now they no longer can.
ok jsing
|
| |
|
|
|
|
|
|
| |
DSO and in particular dlopen() was used for dynamic engines, which we
removed a long time ago and for dynamic conf modules, which we removed
only very recently. Now remove this dangerous interface.
ok jsing
|
| |
|
|
|
|
|
| |
Much like the ECDSA errors, the ECDH errors have been unused for a
while. Garbage collect them.
ok jsing
|
| |
|
|
|
|
|
| |
These error codes have been unused for a while, so the public API loading
them is pointless.
ok jsing
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
|
|
| |
(part 2 of commit)
ok jsing@
|
| |
|
|
|
|
|
| |
This has long been unused code and compilation with -DZLIB was broken
for a long time after BIO was made opaque.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.
ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.
Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.
Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.
ok beck jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
| |
Needed for an upcoming change.
ok tb@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok beck
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
that will need it in the upcoming bump.
discussed with jsing
|
| |
|
|
|
|
| |
Do not expose it yet, this will wait for an upcoming bump
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
the top of the error stack in constant time.
This will be used by upcoming RSA changes.
From OpenSSL 1.1.1d.
ok inoguchi@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well
thread safety modifications for the existing LibreSSL init
functions. The initialization routines are called automatically
by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
| |
|
|
|
| |
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
| |
|
|
|
| |
provided error code matches the error that is currently on the top of the
error stack.
|
| |
|
|
|
|
|
| |
1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have
can now be counted on to achieve this level of sophistication nearly
everywhere.
ok jsing@
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
|
| |
using it anymore
ok jsing@
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
jajaja miod@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.
|
| | |
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
|
| |
There is no intention to modify the string returned by strerror and
doing so is forbidden by the standard.
from Jonas 'Sortie' Termansen
ok tedu@ deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
