1. 04 9月, 2001 9 次提交
    • B
      567fef89
    • B
      CHANGES should list all API changes relevant for applications · 6ee2a136
      Bodo Möller 提交于
      (here: X509_STORE_CTX_init())
      6ee2a136
    • B
      OpenSSL copyright notices ... · 435037d4
      Bodo Möller 提交于
      435037d4
    • B
      delete redundant ERR_load_CRYPTO_strings() prototype · c5de8996
      Bodo Möller 提交于
      c5de8996
    • G
      This changes the existing hardware ENGINE implementations to dynamically · 2dc5383a
      Geoff Thorpe 提交于
      declare their own error strings so that they can be more easily compiled as
      external shared-libraries if desired. Also, each implementation has been
      given canonical "dynamic" support at the base of each file and is only
      built if the ENGINE_DYNAMIC_SUPPORT symbol is defined.
      
      Also, use "void" prototypes rather than empty prototypes in engine_int.h.
      
      This does not yet;
        (i) remove error strings when unloading,
       (ii) remove the redundant ENGINE_R_*** codes (though ENGINE_F_*** codes
            have gone), or
      (iii) provide any instructions on how to build shared-library ENGINEs or
            use them.
      
      All are on their way.
      2dc5383a
    • G
      This change adds a new ENGINE called "dynamic" that allows new ENGINE · 9391f977
      Geoff Thorpe 提交于
      implementations to be loaded from self-contained shared-libraries. It also
      provides (in engine.h) definitions and macros to help implement a
      self-contained ENGINE. Version control is handled in a way whereby the
      loader or loadee can veto the load depending on any objections it has with
      each other's declared interface level. The way this is currently
      implemented assumes a veto will only take place when one side notices the
      other's interface level is too *old*. If the other side is newer, it should
      be assumed the newer version knows better whether to veto the load or not.
      Version checking (like other "dynamic" settings) can be controlled using
      the "dynamic" ENGINE's control commands. Also, the semantics for the
      loading allow a shared-library ENGINE implementation to handle differing
      interface levels on the fly (eg. loading secondary shared-libraries
      depending on the versions required).
      
      Code will be added soon to the existing ENGINEs to illustrate how they can
      be built as external libraries rather than building statically into
      libcrypto.
      
      NB: Applications wanting to support "dynamic"-loadable ENGINEs will need to
      add support for ENGINE "control commands". See apps/engine.c for an example
      of this, and use "apps/openssl engine -vvvv" to test or experiment.
      9391f977
    • G
      Note the "ERR_unload_strings" function. · 5b166395
      Geoff Thorpe 提交于
      5b166395
    • G
      Add a new ERR function, "ERR_unload_strings", to complement the existing · 1738bb61
      Geoff Thorpe 提交于
      "ERR_load_strings" function.
      1738bb61
    • G
      Correct a typo. · 91b3f0e6
      Geoff Thorpe 提交于
      91b3f0e6
  2. 03 9月, 2001 5 次提交
  3. 02 9月, 2001 4 次提交
    • G
      Note the "ex_data" changes. · 36026dfc
      Geoff Thorpe 提交于
      36026dfc
    • G
      Make the necessary changes to work with the recent "ex_data" overhaul. · 79aa04ef
      Geoff Thorpe 提交于
      See the commit log message for that for more information.
      
      NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
      (initialisation by "memset" won't/can't/doesn't work). This fixes that but
      requires that X509_STORE_CTX_init() be able to handle errors - so its
      prototype has been changed to return 'int' rather than 'void'. All uses of
      that function throughout the source code have been tracked down and
      adjusted.
      79aa04ef
    • G
      First step in fixing "ex_data" support. Warning: big commit log ... · 3a079997
      Geoff Thorpe 提交于
      Currently, this change merely addresses where ex_data indexes are stored
      and managed, and thus fixes the thread-safety issues that existed at that
      level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS
      and per-class index counters - all such data is stored inside ex_data.c. So
      rather than passing both STACK+counter to index-management ex_data
      functions, a 'class_index' is instead passed to indicate the class (eg.
      CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly
      and this is also thread-safe inside ex_data.c (though whether the caller
      manages the return value in a thread-safe way is not addressed).
      
      This does not change the "get/set" functions on individual "ex_data"
      structures, and so thread-safety at that level isn't (yet) assured.
      Likewise, the method of getting and storing per-class indexes has not
      changed, so locking may still be required at the "caller" end but is
      nonetheless thread-safe inside "ex_data"'s internal implementation.
      Typically this occurs when code implements a new method of some kind and
      stores its own per-class index in a global variable without locking the
      setting and usage of that variable. If the code in question is likely to be
      used in multiple threads, locking the setting and use of that index is
      still up to the code in question. Possible fixes to this are being
      sketched, but definitely require more major changes to the API itself than
      this change undertakes.
      
      The underlying implementation in ex_data.c has also been modularised so
      that alternative "ex_data" implementations (that control all access to
      state) can be plugged in. Eg. a loaded module can have its implementation
      set to that of the application loaded it - the result being that
      thread-safety and consistency of "ex_data" classes and indexes can be
      maintained in the same place rather than the loaded module using its own
      copy of ex_data support code and state.
      
      Due to the centralisation of "state" with this change, cleanup of all
      "ex_data" state can now be performed properly. Previously all allocation of
      ex_data state was guaranteed to leak - and MemCheck_off() had been used to
      avoid it flagging up the memory debugging. A new function has been added to
      perfrom all this cleanup, CRYPTO_cleanup_all_ex_data(). The "openssl"
      command(s) have been changed to use this cleanup, as have the relevant test
      programs. External application code may want to do so too - failure to
      cleanup will not induce more memory leaking than was the case before, but
      the memory debugging is not tricked into hiding it any more so it may
      "appear" where it previously did not.
      3a079997
    • G
      Only OPENSSL_free() non-NULL pointers. · e19ea557
      Geoff Thorpe 提交于
      e19ea557
  4. 01 9月, 2001 5 次提交
  5. 29 8月, 2001 1 次提交
  6. 28 8月, 2001 3 次提交
  7. 27 8月, 2001 4 次提交
  8. 26 8月, 2001 6 次提交
  9. 25 8月, 2001 3 次提交