The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed. This simplifies the source code and
does not really penalize anyone.
DES_PTR (always on)
DES_RISC1, DES_RISC2 (always off)
DES_INT (always 'unsigned int')
DES_UNROLL (always on)
BF_PTR (always on) BF_PTR2 (removed)
MD2_CHAR, MD2_LONG (always 'unsigned char')
IDEA_SHORT, IDEA_LONG (always 'unsigned int')
RC2_SHORT, RC2_LONG (always 'unsigned int')
RC4_LONG (only int and char (for assembler) are supported)
RC4_CHUNK (always long), RC_CHUNK_LL (removed)
RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)
This is done in consultation with Andy.
Reviewed-by: Andy Polyakov <appro@openssl.org>
- Small rearrangement of the TABLE and HASH printouts, and adding
printout of the "build_scheme" item
- Renamed "engines_obj" to "padlock_obj"
- Moved the runs of dofile down... it didn't quite make sense to have
that in the middle of a printout
Reviewed-by: Rich Salz <rsalz@openssl.org>
It is time for Makefile.org to fold into the new regime and have a run
through util/dofile.pl. This forces some information out of there and
into Configure, which isn't a bad thing, it makes Configure
increasingly the center of build information, which is as it should
be.
A few extra defaults were needed in the BASE template to get rid of
warnings about missing values.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Time to get rid of @MK1MF_Builds and introduce a more flexible
'build_scheme' configuration key. Its value may be a string or an
array of strings, meaning we need to teach resolve_config how to
handle ARRAY referenses.
The build scheme is a word that selects a function to create the
appropriate result files for a certain configuration. Currently valid
build schemes aer "mk1mf" and "unixmake", the plan is however to add
at least one other for a more universal build scheme.
Incidently, this also adds the functions 'add' and 'add_before', which
can be used in a configuration, so instead of having to repeatedly
write a sub like this:
key1 => sub { join(" ", @_, "myvalues"); },
key2 => sub { join(" ", "myvalues", @_); },
one could write this:
key1 => add(" ", "myvalues"),
key2 => add_before(" ", "myvalues"),
The good point with 'add' and 'add_before' is that they handle
inheritances where the values are a misture of scalars and ARRAYs. If
there are any ARRAY to be found, the resulting value will be an ARRAY,
otherwise it will be a scalar with all the incoming valued joined
together with the separator given as first argument to add/add_before.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Move the documentation of the target configuration form to
Configurations/README.
Move initial assembler object templates to
Configurations/00-BASE-templates.conf.
Furthermore, remove all variables containing the names of the
non-assembler object files and make a BASE template of them instead.
The values from this templates are used as defaults as is. The
remaining manipulation of data when assembler modules are used is done
only when $no_asm is false.
While doing this, clean out some other related variables that aren't
used anywhere.
Also, we had to move the resolution of the chosen target a bit, or the
function 'asm' would never catch a true $no_asm... this hasn't
mattered before we've moved it all to the BASE template, but now it
does.
At the same time, add the default for the 'unistd' key to the BASE
template.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Cygwin was used for x86 before, so let's keep it around for those who
still use it (it make Configure reconf possible).
Cygwin-i[3456]86 for those that might generate and pass a target name
directly to Configure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This patch allows to recognize the architectures supported by Cygwin
and to choose the right configuration from there. Drop -march to
use default architecture on 32 bit x86.
Drop pre-Cygwin-1.3 recognition since it's long gone and there's no
valid configuration for this anymore.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
(Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The forthcoming async code needs to use pthread thread local variables. This
updates the various Configurations to add the necessary flags. In many cases
this is an educated guess as I don't have access to most of these
environments! There is likely to be some tweaking needed.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
to ./Configure in mingw debug builds.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Otherwise the ./config script fails with errors like:
> Operating system: x86_64-whatever-linux2
> This system (linux-x86_64) is not supported. See file INSTALL for details.
The failure was introduced by a93d3e0.
RT#4062
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This provides support for building in the EDK II reference implementation
of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing
the core cryptographic functionality needed for Secure Boot.
This has always previously been handled with external patches to OpenSSL
but we are now making a concerted effort to eliminate those.
In this mode, we don't actually use the OpenSSL makefiles; we process
the MINFO file generated by 'make files' and incorporate it into the
EDK2 build system.
Since EDK II builds for various targets with varying word size and we
need to have a single prepackaged configuration, we deliberately don't
hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in
opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II
itself to set those, depending on the architecture.
For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the
64-bit type, even when building with GCC where 'long' is also 64-bit. We
do this because the Microsoft toolchain has 32-bit 'long'.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Move obviously personal configurations to personal files.
Note: those files should really not be in the main repo at all
Reviewed-by: Andy Polyakov <appro@openssl.org>
Configure would load the glob "Configurations*". The problem with
this is that it also loads all kinds of backups of those
configurations that some editors do, like emacs' classic
'Configurations~'. The solution is to give them an extension, such as
'.conf', and make sure to end the glob with that.
Also, because 'Configurations.conf' makes for a silly name, and
because a possibly large number of configurations will become clutter,
move them to a subdirectory 'Configurations/', and rename them to
something more expressive, as well as something that sets up some form
of sorting order. Thus:
Configurations -> Configurations/10-main.conf
Configurations.team -> Configurations/90-team.conf
Finally, make sure that Configure sorts the list of files that 'glob'
produces, and adapt Makefile.org.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Move the build configuration table into separate files. The Configurations
file is standard configs, and Configurations.team is for openssl-team
members. Any other file, Configurations*, found in the same directory
as the Configure script, is loaded.
To add another file, use --config=FILE flags (which should probably be
an absolute path).
Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz
<rsalz@openssl.org>, contributed by Akamai Technologies.
Reviewed-by: Richard Levitte <levitte@openssl.org>