Commit graph

1160 commits

Author SHA1 Message Date
Kurt Roeckx
26c79d5641 Properly check certificate in case of export ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
MR #588
2015-06-09 00:46:59 +02:00
Dr. Stephen Henson
97cacc537e make update.
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same
ordinal as 1.0.2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-03 15:39:29 +01:00
Matt Caswell
d9f1c639d5 Change return type of the new accessors
The new accessors SSL_get_client_random, SSL_get_server_random and
SSL_SESSION_get_master_key should return a size_t to match the type of the
|outlen| parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 16:55:15 +01:00
Dr. Stephen Henson
f2e19cb15e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:24:59 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Dr. Stephen Henson
3a752c85ee make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:03 +01:00
Dr. Stephen Henson
5a1d250906 make update
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-05-20 14:01:19 +01:00
StudioEtrange
3a114e6164 GitHub284: Fix typo in xx-32.pl scripts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-20 04:18:55 -04:00
Dr. Stephen Henson
978327bcad Add types to indent.pro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-17 18:35:21 +01:00
Matt Caswell
13c9bb3ece Client side version negotiation rewrite
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:31 +01:00
Matt Caswell
32ec41539b Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.

The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.

Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.

Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:19:56 +01:00
Rich Salz
9f5be870e8 Update mkdef for moved header file.
crypto/cryptlib.h moved to crypto/include/internal; update
the script.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-14 15:58:14 -04:00
Richard Levitte
7a05eaac5e Adjust unixly mk1mf after introduction of tkey
Added depencies on the public variants of some keys in test to Makefile.
Added the newly introduced key files from test/ in the list of files
to copy in util/pl/unix.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 15:55:59 +02:00
Richard Levitte
6857079791 Identify and move OpenSSL internal header files
There are header files in crypto/ that are used by the rest of
OpenSSL.  Move those to include/internal and adapt the affected source
code, Makefiles and scripts.

The header files that got moved are:

crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 15:13:49 +02:00
Andy Polyakov
bd576049a9 util/incore update.
Support cross-compile platforms that don't support FINGERPRINT_premain,
e.g. VxWorks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:23:48 +02:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:07:57 +01:00
Rich Salz
9a555706a3 Make COMP_CTX and COMP_METHOD opaque
Since COMP_METHOD is now defined in comp_lcl.h, it is no
longer possible to create new TLS compression methods without
using the OpenSSL source.  Only ZLIB is supported by default.
Also, since the types are opaque, #ifdef guards to use "char *"
instead of the real type aren't necessary.

The changes are actually minor.  Adding missing copyright to some
files makes the diff misleadingly big.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-12 10:24:48 -04:00
Dr. Stephen Henson
fae4772c24 Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.

Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-08 18:43:44 +01:00
Richard Levitte
2ed42bf639 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-05 21:49:51 +02:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
3e47caff48 ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).

Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock.  Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 10:50:54 -04:00
Richard Levitte
0223ca0987 Allow for types with leading underscore when checking error macros.
We have an increasing number of function declarations starting with
'__owur'.  Unfortunately, util/ck_errf.pl fails to detect them.  A
simple change fixes that issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-04-28 14:34:58 +02:00
Richard Levitte
9e842a5292 Fix the check of test apps in util/mk1mf.pl
The previous check assumed that the variables for each test app, ending
with TEST would be indication enough.  Experience showed that this isn't
the best way.  Instead, simply look for the EXE variable in test/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 15:55:53 +02:00
Richard Levitte
4c1408962a Small fixes after the Big apps cleanup
This fixes util/mk1mf.pl, which was looking for old variable names from
apps/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 11:02:36 +02:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Richard Levitte
2cfdfe0918 Have mkerr.pl treat already existing multiline string defs properly
Since source reformat, we ended up with some error reason string
definitions that spanned two lines.  That in itself is fine, but we
sometimes edited them to provide better strings than what could be
automatically determined from the reason macro, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "Peer haven't sent GOST certificate, required for selected ciphersuite"},

However, mkerr.pl didn't treat those two-line definitions right, and
they ended up being retranslated to whatever the macro name would
indicate, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "No gost certificate sent by peer"},

Clearly not what we wanted.  This change fixes this problem.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-08 21:44:43 +02:00
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 14:07:39 -04:00
Dr. Stephen Henson
40cf454566 update ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
865b55ac8e remove asn1_mac.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Richard Levitte
a72d89fda6 Now that we've removed the need for symlinks, we can safely remove util/mklinks.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
0190de80d5 Remove remaining variables for symlinked/copied headers and tests
GitConfigure:   no more 'no-symlinks'

util/bat.sh, util/mk1mf.pl, util/pl/VC-32.pl, util/pl/unix.pl:
- Remove all uses of EXHEADER.
  That includes removing the use if INC_D and INCO_D.
- Replace the check for TEST with a check for [A-Z0-9_]*TEST.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
8bf5b8ab22 Fix some faults in util/mk1mf.pl
When building on Unix, there are times when the 'EX_LIB' MINFO variable
contains valuable information.  Make sure to take care of it.

fixrules in util/pl/unix.pl was previously changed with a simpler fix of
rules, with a comment claiming that's compatible with -j.  Unfortunately,
this breaks multiline rules and doesn't change anything for single line
rules.  While at it, do not prefix pure echo lines with a 'cd $(TEST_D) &&',
as that's rather silly.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 15:21:18 +02:00
Dr. Stephen Henson
22f5bd3dd2 New ASN1_TYPE SEQUENCE functions.
Add new functions ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence:
these encode and decode ASN.1 SEQUENCE using an ASN1_TYPE structure.

Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Dr. Stephen Henson
b1f3442857 Remove d2i_X509_PKEY and i2d_X509_PKEY
Remove partially implemented d2i_X509_PKEY and i2d_X509_PKEY: nothing
uses them and they don't work properly. Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 15:39:18 +00:00
Dr. Stephen Henson
8e3f0c988f update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-26 00:44:22 +00:00
Dr. Stephen Henson
cb14aec713 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 15:48:16 +00:00
Dr. Stephen Henson
1300705a47 update ordinals
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-24 18:58:51 +00:00
Richard Levitte
e30a64fae7 Update ordinals
Thanks to the change of mkdef.pl, a few more deprecated functions were
properly defined in util/libeay.num.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 19:46:53 +01:00
Richard Levitte
fa327fafe2 Teach mkdef.pl to handle multiline declarations.
For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 19:46:53 +01:00
Dr. Stephen Henson
4fe67498b0 Remove deleted functions, update ordinals.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 13:47:57 +00:00
Dr. Stephen Henson
eef53ee50b Update ordinals, fix error message.
Update error messages to say "EC is disabled" these can then be picked up
by mkdef.pl.

Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-15 15:56:24 +00:00
Dr. Stephen Henson
b5f07d6a66 Remove obsolete declarations.
Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been
used internally in OpenSSL for some time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 14:12:17 +00:00
Dr. Stephen Henson
f9c850c734 Update mkstack.pl to match safestack.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 14:05:27 +00:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Dr. Stephen Henson
99e1ad3c4b update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 16:55:18 +00:00
Matt Caswell
65aaab2fa6 Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06 14:06:16 +00:00
Dr. Stephen Henson
d62bc5d30f update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 15:44:41 +00:00
Dr. Stephen Henson
437b14b533 Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-02 13:26:29 +00:00
Rich Salz
7cd6069c74 Remove ui_compat
This is the last of the old DES API.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 14:52:40 -05:00
Rich Salz
5b18d3025c util/mkstack.pl now generates entire safestack.h
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:47:53 -05:00
Rich Salz
1a53f1d68b Have mkdef.pl ignore APPLINK settings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:45:29 -05:00
Dr. Stephen Henson
a283d2a80a Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 12:16:58 +00:00
Rich Salz
1f7103b6eb Fix various build breaks
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
        - Various old code has been removed
        - Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-04 18:50:00 -05:00
Dr. Stephen Henson
f0983d3953 Updates to reformat script.
Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-04 19:03:44 +00:00
Rich Salz
c303d4d868 old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-02 22:40:36 -05:00
Matt Caswell
0c2837564c Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:11 +00:00
Matt Caswell
7317192c64 Fix various windows compilation issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 22:55:15 +00:00
Matt Caswell
dc0e9a35fa Fix no-ocb for Windows
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 10:39:15 +00:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
c73ad69017 OPENSSL_NO_xxx cleanup: RFC3779
Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up.  Sorry I ignored you, poor little VMS...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:19:14 -05:00
Rich Salz
c436e05bdc Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-24 16:27:03 -05:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Dr. Stephen Henson
f9be4da00e Delete trailing whitespace from output.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Dr. Stephen Henson
09f4d9c0f9 Add -d debug option to save preprocessed files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Dr. Stephen Henson
f8180c63ec Test option -nc
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
4664862013 Add ecp_nistz256.c to list of files skipped by openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
66186aeeb0 Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
51428a12e4 Amend openssl-format-source so that it give more repeatable output
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
9d51824b3b Manually reformat aes_core.c
Add aes_core.c to the list of files not processed by openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
572cee384d Add obj_dat.h to the list of files that will not be processed by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
24a5f17b6a Fix logic to check for indent.pro
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
2dc57eb5a7 Fix make errors
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
2f1ac20bb3 Make the script a little more location agnostic
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
acb82df4d3 Provide script for filtering data initialisers for structs/unions. indent just can't handle it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Dr. Stephen Henson
6f08264e2f Script fixes.
Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
ff7ca7a336 Run expand before perl, to make sure things are properly aligned
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
d09481a10f Force the use of our indent profile
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Tim Hudson
849c80bc5d Provide source reformating script. Requires GNU indent to be
available.

Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-22 09:20:07 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Matt Caswell
2d2671790e Make output from openssl version -f consistent with previous versions
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-13 11:27:36 +00:00
Matt Caswell
964012dc5a Ensure internal header files are used from mk1mf based builds
Reviewed-by: Richard Levitte: <levitte@openssl.org>
2015-01-13 09:26:38 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Matt Caswell
732192a079 Fix no-deprecated on Windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 12:06:39 +00:00
Matt Caswell
1211e29c16 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 12:06:06 +00:00
Matt Caswell
5c5e7e1a7e Fix build failure on Windows due to undefined cflags identifier
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-08 19:21:24 +00:00
Matt Caswell
b691154e18 Remove blank line from start of cflags character array in buildinf.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-06 15:32:01 +00:00
Dr. Stephen Henson
c05febfa4f update ordinals
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7bc0)
2015-01-05 16:51:54 +00:00
Rich Salz
e03b29871b RT3548: Remove outdated platforms
This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 21:11:09 -05:00
Matt Caswell
488f16e31b Fix a problem if CFLAGS is too long cversion.c fails to compile when config
is run with --strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 14:02:15 +00:00
Matt Caswell
07c4c14c47 Turn on OPENSSL_NO_DEPRECATED by default.
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:56:31 +00:00
Matt Caswell
fd0ba77717 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Rich Salz
a4a934119d Remove old private pod2man
Include Richard's point to remove the 'sh -c' wrapper

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:10:59 -05:00
Matt Caswell
02a62d1a4a Move bn internal functions into bn_int.h and bn_lcl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
1939187922 Make bn opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Dr. Stephen Henson
7bca0a1db5 Remove fips directories from mkfiles.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d Remove fips.h reference.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Guenter
333fad9f2d NetWare compilation fix.
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.

PR#3569
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-27 14:02:09 +00:00
Dr. Stephen Henson
3881d8106d New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-19 18:11:37 +00:00
Mike Bland
32bb5c3953 Add whrlpool and camellia .s files to perlasm list
Change-Id: I626d751f19f24df6b967c17498d6189cc0acb96c
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:45:11 -05:00
Mike Bland
8308411297 Improve variable parsing when generating MINFO
Before this change, variables for which a '=' appeared in the assignment would
be parsed as the entire string up until the final '='. For example:

  BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

would result in the variable name "BUILD_CMD=shlib_target". This doesn't
appear to harm the current generation of MINFO, but creates problems for other
Makefile-related work I'm attempting.

Change-Id: I1f3a606d67fd5464bb459e8f36c23b3e967b77e1
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:44 -05:00
Mike Bland
5444b11bef Emit PERLASM_SCHEME to fix GitMake on OS X
This fixes the errors when trying to assemble .s files using GitMake on OS X.

Change-Id: I2221f558619302d22e0c57d7203173d634155678
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:26 -05:00
Tim Hudson
c882abd522 no-ssl2 with no-ssl3 does not mean drop the ssl lib
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-10-20 15:12:17 +10:00
Matt Caswell
3dd814ac4d Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num
2014-10-15 08:56:16 -04:00
Ben Laurie
71614df485 Fix single makefile.
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
2014-10-06 18:07:55 +01:00
Emilia Kasper
51b7be8d5f make update
Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-23 18:37:23 +02:00
Emilia Kasper
2f32016bb9 make update
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:19:36 +02:00
Dr. Stephen Henson
b0bbe49360 sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-05 13:44:18 +01:00
Dr. Stephen Henson
e0fc7961c4 Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 19:41:29 +01:00
Dr. Stephen Henson
841072ef65 Add test header, sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 20:51:06 +01:00
Dr. Stephen Henson
03c075e572 Windows build fixes.
Add cmac.h to mkdef.pl
Remove ENGINE_load_rsax from engine.h: no longer built.
Update ordinals
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 22:57:37 +01:00
Dr. Stephen Henson
70857a4a00 Windows build fixes. 2014-07-01 14:11:28 +01:00
Viktor Dukhovni
66d884f067 Implement sk_deep_copy. 2014-06-22 20:24:18 -04:00
Dr. Stephen Henson
a50f71868e Fix Windows build.
(cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5)
2014-06-12 10:58:12 +01:00
Ben Laurie
894172f207 Only copy opensslconf.h at init time. 2014-05-24 15:42:18 +01:00
Geoff Thorpe
647f360e2e util/mkerr.pl: fix perl warning
Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-25 14:31:05 -04:00
Geoff Thorpe
c9011ec460 util/mkdef.pl: o_time.h doesn't exist any more
o_time.h was removed in commit ff49a94, which breaks "make update"
unless mkdir.pl is updated accordingly.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-25 01:01:17 -04:00
Dr. Stephen Henson
14c67a7004 Update ordinals.
Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8)
2014-03-12 14:42:08 +00:00
Andy Polyakov
779c51c644 BC-32.pl: refresh Borland C support.
PR: 3251
Suggested by: Thorsten Schning
2014-02-24 16:42:40 +01:00
Dr. Stephen Henson
f3a3903260 Don't use getcwd in non-copy builds. 2014-02-15 20:16:54 +00:00
Ben Laurie
6311681236 Build on MacOS. 2014-02-09 12:49:04 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly.
PR: 3165
2013-11-12 21:51:37 +01:00
Ben Laurie
99fb221280 Support new asm files. 2013-10-03 11:37:18 +01:00
Ben Laurie
c051cbc83f Clarify FIXME. 2013-07-12 15:03:43 +01:00
Ben Laurie
8bf0eee8d9 Note non-export of CC. 2013-07-12 14:48:13 +01:00
Ben Laurie
82fe001b8d Support new rsaz asm stuff. 2013-07-12 12:48:24 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Ben Laurie
6d84daa5d6 Add aesni-sha256-x86_64. 2013-06-12 14:18:33 +01:00
Ben Laurie
92584bd3d5 Tests pass! 2013-05-05 16:15:34 +01:00
Ben Laurie
342ec250c3 Ugly hack to avoid recompiling the same thing multiple times in parallel. 2013-05-05 15:06:33 +01:00
Dr. Stephen Henson
045b2809f8 Asm build portability.
Don't use Win32 specific options in mk1mf.pl to build assembly language
files.
2013-04-08 14:53:54 +01:00
Ben Laurie
29d422e2a0 Make sure all tests are actually run, plus some fixups for things that
turn out to be made somewhere by existing Makefiles.
2013-04-07 16:52:54 +01:00
Ben Laurie
a7f5cd7fd5 Use original alltests target for definitive test list. 2013-04-06 20:42:38 +01:00
Ben Laurie
afdf366921 Missing semicolon. 2013-04-06 16:17:14 +01:00
Dr. Stephen Henson
fed45e1879 Fix non-copy builds.
Only use -MMD and .sinclude in copy builds: other platforms don't
support them.
2013-04-06 16:05:23 +01:00
Ben Laurie
d07201a2bb Missing file. 2013-04-06 15:25:43 +01:00
Ben Laurie
1a70fe953a Merge, go back to copy-if-different. 2013-04-06 15:15:11 +01:00
Ben Laurie
ea4507ee1c Fix test_ss. 2013-04-06 15:13:12 +01:00
Ben Laurie
4b9af0a101 Add new asm target. 2013-04-06 15:13:12 +01:00
Ben Laurie
e92ce4e35b Show start/end of tests. 2013-04-06 15:13:12 +01:00
Ben Laurie
f5cd3db541 Make session ID test work. 2013-04-06 15:13:12 +01:00
Ben Laurie
15e5f592c1 Make S/MIME test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
509a83dd36 Make RSA test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
8c7f5f3bec Make PKCS#7 test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
188f6443ae Make OCSP test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
3675fb882c More progress towards working tests. 2013-04-06 15:13:11 +01:00
Ben Laurie
3b4d86bff5 Get closer to a working single Makefile with test support. 2013-04-06 15:11:11 +01:00
Dr. Stephen Henson
3fce3f6b2b Use $(PERL) when calling scripts in mk1mf.pl 2013-04-03 22:38:18 +01:00
Ben Laurie
897dfd4eaa Use CFLAG for LFLAGS instead of the nonexistent CFLAGS. 2013-03-05 05:55:19 +00:00
Ben Laurie
feb4c32786 Remove unused variable. 2013-03-04 22:48:38 +00:00
Ben Laurie
63d86d067a Actually comment out the cpuid asm! 2013-03-04 20:31:59 +00:00
Ben Laurie
35ced1f705 Merge branch 'master' of openssl.net:openssl
Conflicts:
	util/mk1mf.pl
2013-03-04 20:26:17 +00:00
Dr. Stephen Henson
71a16946dc Fix WIN32 build.
Make assembly language handling conditional on the "copy" platform
as Windows does its own thing here.
2013-03-04 19:21:32 +00:00
Ben Laurie
654d227a86 Only copy headers if they've changed. 2013-03-04 16:56:18 +00:00
Ben Laurie
2f297fce73 Don't make CPUID stuff twice. 2013-03-04 16:10:47 +00:00
Ben Laurie
656829b78f Handle assembler files. 2013-03-04 14:31:19 +00:00
Ben Laurie
7b0d591dc3 Allow variables to be overridden on the command line. 2013-03-04 14:31:18 +00:00
Ben Laurie
7bbb8c5620 Take the first definition of a variable. 2013-03-04 14:31:18 +00:00
Ben Laurie
d0aeeee176 Use "copy" instead of "auto". 2013-03-04 14:31:18 +00:00
Ben Laurie
afc1b1eab7 Remove pointless diagnostic. 2013-03-04 14:31:18 +00:00
Ben Laurie
5108690f19 Preserve the C compiler. 2013-03-04 14:31:18 +00:00
Ben Laurie
3c76bcded0 Inherit CFLAGS when plaform is "auto". 2013-03-04 14:31:18 +00:00
Ben Laurie
45ba475b81 Remove empty command. 2013-03-04 14:31:18 +00:00
Ben Laurie
7067cbc8b5 Spelling. 2013-03-04 14:31:18 +00:00
Ben Laurie
f990fae812 Add dependency on destination directory. 2013-03-04 14:31:18 +00:00
Ben Laurie
a32d9eaf07 Spelling. 2013-03-04 14:31:18 +00:00
Ben Laurie
f953c2d039 Add reallyclean target. 2013-03-04 14:31:18 +00:00
Dr. Stephen Henson
8109e8305b Add ordinal for CRYPTO_memcmp: since this will affect multiple
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14e7)
2013-02-06 14:19:08 +00:00
Dr. Stephen Henson
498e89fe9d fix domd 2013-01-23 00:43:09 +00:00
Andy Polyakov
a006fef78e Improve WINCE support.
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Andy Polyakov
fb0a520897 util/pl/VC-32.pl fix typo. 2012-12-18 18:07:20 +00:00
Andy Polyakov
668bcfd5ca util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).
2012-12-18 09:42:31 +00:00
Andy Polyakov
8774f78d1b VC-32.pl: fix typo.
Submitted by: Pierre Delaage
2012-12-16 19:39:24 +00:00
Andy Polyakov
1e98169086 mk1mf.pl: correct flags. 2012-10-29 22:23:58 +00:00
Andy Polyakov
536a16435b util/fipslink.pl: further adjustments. 2012-10-27 23:36:43 +00:00
Andy Polyakov
7f5bf370db util/fipslink.pl: fix typo. 2012-10-27 21:21:09 +00:00
Andy Polyakov
fe5772e9d0 util/fipslink.pl: allow for single-step link. 2012-10-27 21:16:45 +00:00
Andy Polyakov
8be18f3459 util/pl/VC-32.pl: make fipscanister.lib universally usable. 2012-10-27 21:16:00 +00:00
Dr. Stephen Henson
6a45ea4f88 use correct year automatically 2012-10-22 13:02:42 +00:00
Dr. Stephen Henson
9053c139fd update ordinals 2012-08-05 18:14:21 +00:00
Andy Polyakov
7bb98eee3c mk1mf.pl: replace chop to make it work in mixture of perls for Windows. 2012-07-15 13:40:04 +00:00
Dr. Stephen Henson
ea1d84358b PR: 2840
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
2012-07-03 20:30:40 +00:00
Dr. Stephen Henson
8fdb4f1af3 recognise OPENSSL_NO_SSL_TRACE 2012-07-01 22:12:03 +00:00
Dr. Stephen Henson
263c62467d Update ordinals. 2012-04-03 23:13:23 +00:00
Andy Polyakov
86963f40f8 util/cygwin.sh update.
PR: 2761
Submitted by: Corinna Vinschen
2012-03-31 11:06:46 +00:00
Dr. Stephen Henson
918fc30fa4 recognise HEARTBEATS in mkdef.pl script 2011-12-31 23:50:01 +00:00
Dr. Stephen Henson
816e243a87 fix deprecated statement 2011-12-27 14:39:13 +00:00
Dr. Stephen Henson
995a6b10e1 recognise no-sctp 2011-12-25 14:59:52 +00:00
Dr. Stephen Henson
9ef562bcc6 recognise SCTP in mkdef.pl script 2011-12-25 14:46:15 +00:00
Dr. Stephen Henson
e43bfb2906 recognise DECLARE_PEM_write_const, update ordinals 2011-12-23 14:58:30 +00:00
Dr. Stephen Henson
9c52c3e07c delete unimplemented function from header file, update ordinals 2011-12-23 14:09:30 +00:00