libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
DES's keyschedules.
I know these two should be separate, and I'll back out the DES changes if they
are deemed to be an error.
Note that there is a memory leak lurking in SSL somewhere in this version.
like des_read_password and friends (backward compatibility functions
using this new API are provided). The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
functions on platform were that's the best way to handle exporting
global variables in shared libraries. To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).
To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:
OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
OPENSSL_IMPLEMENT_GLOBAL(double,bar);
To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
OPENSSL_DECLARE_GLOBAL(int,foo);
#define foo OPENSSL_GLOBAL_REF(foo)
OPENSSL_DECLARE_GLOBAL(double,bar);
#define bar OPENSSL_GLOBAL_REF(bar)
The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.
The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.
The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
Win32 but it is getting there...
Update mkdef.pl to handle ASN1_ANY and fix headers.
Stop various VC++ warnings.
Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>
Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order. Thusly fixed.
See http://www.pdc.kth.se/kth-krb/
Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
typedef struct {
unsigned int a:32;
unsigned int b:32;
} XXX;
#else
typedef DES_LONG XXX;
#endif
This was meant for building individual ciphers separately;
but nothing of this is maintained, it does not work
because we rely on central configuration by the Configure
utility with <openssl/opensslconf.h> etc., so the files
are only wasting space and time.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
duplicated in cbc_enc.c (without IV updating) and in des_enc.c
As pointed out by others on the openssl-dev list, des_cbc_encrypt (without
IV updating; defined in cbc_enc.c) exists only for historical reasons:
des_ncbc_encrypt should be used instead (and the caller does not have
to manually update the IV).
If des_cbc_enrypt is not needed for backwards compatibility, the
definition of des_ncbc_encrypt should be put back into des_enc.c, and
both cbc_enc.c and ncbc_enc.c can be deleted.
If des_cbc_encrypt *is* needed for backwards compatibility, its behaviour
obviously should not change (i.e., don't add IV updating).
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
(meaning pointer to char) to des_cblock * (meaning pointer to
array with 8 char elements), which allows the compiler to
do more typechecking. (The changed argument types were of type
des_cblock * back in SSLeay, and a lot of ugly casts were
used then to turn them into pointers to elements; but it can be
done without those casts.)
Introduce new type const_des_cblock -- before, the pointers rather
than the elements pointed to were declared const, and for
some reason gcc did not complain about this (but some other
compilers did).
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
