- Sep 04, 2001
-
-
Bodo Möller authored
(here: X509_STORE_CTX_init())
-
Bodo Möller authored
-
Bodo Möller authored
-
- Sep 03, 2001
-
-
Geoff Thorpe authored
declare their own error strings so that they can be more easily compiled as external shared-libraries if desired. Also, each implementation has been given canonical "dynamic" support at the base of each file and is only built if the ENGINE_DYNAMIC_SUPPORT symbol is defined. Also, use "void" prototypes rather than empty prototypes in engine_int.h. This does not yet; (i) remove error strings when unloading, (ii) remove the redundant ENGINE_R_*** codes (though ENGINE_F_*** codes have gone), or (iii) provide any instructions on how to build shared-library ENGINEs or use them. All are on their way.
-
Geoff Thorpe authored
implementations to be loaded from self-contained shared-libraries. It also provides (in engine.h) definitions and macros to help implement a self-contained ENGINE. Version control is handled in a way whereby the loader or loadee can veto the load depending on any objections it has with each other's declared interface level. The way this is currently implemented assumes a veto will only take place when one side notices the other's interface level is too *old*. If the other side is newer, it should be assumed the newer version knows better whether to veto the load or not. Version checking (like other "dynamic" settings) can be controlled using the "dynamic" ENGINE's control commands. Also, the semantics for the loading allow a shared-library ENGINE implementation to handle differing interface levels on the fly (eg. loading secondary shared-libraries depending on the versions required). Code will be added soon to the existing ENGINEs to illustrate how they can be built as external libraries rather than building statically into libcrypto. NB: Applications wanting to support "dynamic"-loadable ENGINEs will need to add support for ENGINE "control commands". See apps/engine.c for an example of this, and use "apps/openssl engine -vvvv" to test or experiment.
-
Geoff Thorpe authored
-
Geoff Thorpe authored
"ERR_load_strings" function.
-
Geoff Thorpe authored
-
Bodo Möller authored
[DR]SA_up => [DR]SA_up_ref
-
Bodo Möller authored
(by using new BN_pseudo_rand_range function)
-
Bodo Möller authored
is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
-
- Sep 02, 2001
-
-
Geoff Thorpe authored
Henson). Also, reverse a previous change that used an implicit function pointer cast rather than an explicit data pointer cast in the STACK cleanup code.
-
Ben Laurie authored
-
- Sep 01, 2001
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-
Geoff Thorpe authored
Currently, this change merely addresses where ex_data indexes are stored and managed, and thus fixes the thread-safety issues that existed at that level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS and per-class index counters - all such data is stored inside ex_data.c. So rather than passing both STACK+counter to index-management ex_data functions, a 'class_index' is instead passed to indicate the class (eg. CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly and this is also thread-safe inside ex_data.c (though whether the caller manages the return value in a thread-safe way is not addressed). This does not change the "get/set" functions on individual "ex_data" structures, and so thread-safety at that level isn't (yet) assured. Likewise, the method of getting and storing per-class indexes has not changed, so locking may still be required at the "caller" end but is nonetheless thread-safe inside "ex_data"'s internal implementation. Typically this occurs when code implements a new method of some kind and stores its own per-class index in a global variable without locking the setting and usage of that variable. If the code in question is likely to be used in multiple threads, locking the setting and use of that index is still up to the code in question. Possible fixes to this are being sketched, but definitely require more major changes to the API itself than this change undertakes. The underlying implementation in ex_data.c has also been modularised so that alternative "ex_data" implementations (that control all access to state) can be plugged in. Eg. a loaded module can have its implementation set to that of the application loaded it - the result being that thread-safety and consistency of "ex_data" classes and indexes can be maintained in the same place rather than the loaded module using its own copy of ex_data support code and state. Due to the centralisation of "state" with this change, cleanup of all "ex_data" state can now be performed properly. Previously all allocation of ex_data state was guaranteed to leak - and MemCheck_off() had been used to avoid it flagging up the memory debugging. A new function has been added to perfrom all this cleanup, CRYPTO_cleanup_all_ex_data(). The "openssl" command(s) have been changed to use this cleanup, as have the relevant test programs. External application code may want to do so too - failure to cleanup will not induce more memory leaking than was the case before, but the memory debugging is not tricked into hiding it any more so it may "appear" where it previously did not.
-
Geoff Thorpe authored
-
Ulf Möller authored
-
Ulf Möller authored
-
Ulf Möller authored
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
-
Ulf Möller authored
-
Ulf Möller authored
-mcpu=i486 is new as of gcc 2.95, and if you have that, you wouldn't want to optimize for 486 anyway.
-
- Aug 28, 2001
-
-
Geoff Thorpe authored
this construct, and Ulf provided the following insight as to why; > ANSI C compliant compilers must substitute "??)" for "]" because your > terminal might not have a "]" key if you bought it in the early 1970s. So we escape the final '?' to avoid this pathological case.
-
Geoff Thorpe authored
leave memory debugging turned off. [Spotted by Götz Babin-Ebell]
-
Ben Laurie authored
-
- Aug 27, 2001
-
-
Geoff Thorpe authored
leak.
-
- Aug 26, 2001
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
-
Ben Laurie authored
-
Ben Laurie authored
-
- Aug 25, 2001
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
-
Geoff Thorpe authored
error strings and a hash table storing per-thread error state) go via an ERR_FNS function table. The first time an ERR operation occurs, the implementation that will be used (from then on) is set to the internal "defaults" implementation if it has not already been set. The actual LHASH tables are only accessed by this implementation. This is primarily for modules that can be loaded at run-time and bound into an application (or a shared-library version of OpenSSL). If the module has its own statically-linked copy of OpenSSL code - this mechanism allows it to *not* create and use ERR information in its own linked "ERR" code, but instead to use and interact with the state stored in the loader (application or shared library). The loader calls ERR_get_implementation() and the return value is what the module should use when calling its own copy of ERR_set_implementation().
-
Geoff Thorpe authored
-
Geoff Thorpe authored
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()" functions that handle this.
-
Geoff Thorpe authored
dependant code has to directly increment the "references" value of each such structure using the corresponding lock. Apart from code duplication, this provided no "REF_CHECK/REF_PRINT" checking and violated encapsulation.
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
- Aug 24, 2001
-
-
Lutz Jänicke authored
-