Commit graph

16010 commits

Author SHA1 Message Date
Andy Polyakov
6bfb7db35a build.info/Makefile.in: Itanium fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:50:43 +01:00
Andy Polyakov
d43a8fdcd4 engines/Makefile.in: some [older] shell complain about 'for i ;',
but not if there is reference to empty variable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:50:43 +01:00
Matt Caswell
58a8fc25d7 Fix the init cleanup order
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Matt Caswell
b10cdcce00 Add some missing cleanup calls to de-init
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Richard Levitte
a87c159f19 Fix freeze in config's interrupt trap with some shells
With bash and zsh, the trap on the 5 second read does respond, but
doesn't break out of the read.  What's worse is that it takes away the
5 second timer, and therefore has the read hang indefinitely and
(almost) unbreakable.

Having the trap do 'exit 0' after reseting the tty params has it break
out of read and continue with the configuration.

Other shells do not appear to have the issue described here, but
neither does the extra 'exit 0' appear to harm them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:24:55 +01:00
Richard Levitte
9f519addc0 Enforce the demand for Perl 5.10.0 as a minimum.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Richard Levitte
01d9997659 Fix a few Configure errors
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Dr. Stephen Henson
bae26b582e Document X509_get_serialNumber and X509_set_serialNumber.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-14 00:23:13 +00:00
Dr. Stephen Henson
b36a2efd55 Add EVP_PKEY documentation.
Document EVP_PKEY_id() and EVP_PKEY_base_id().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-13 19:01:42 +00:00
Richard Levitte
e7c8cafab8 Change an function macro for ERR match the function it's used in.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-13 14:54:51 +01:00
Richard Levitte
6d505f2842 Complete incomplete makefile variable referenses
A couple of '$(PERLASM_SCHEM' had sneaked in.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-13 11:07:12 +01:00
Richard Levitte
4c1cf7e440 Collect the names of generated files and clean them away at target clean:
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:03:48 +01:00
Richard Levitte
f425f9dcff Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Richard Levitte
8a0a3d293c Use single quotes rather than double quotes when needed
When passing down values to Makefile.shared, do so with single quotes
as much as possible to avoid having the shell create a mess of quotes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Richard Levitte
bbd9a50fa8 Harmonize Unix Makefile template with Windows dito
The variable SHARED_CFLAGS and SHARD_LDFLAGS were used in the Unix
template because they normally contain options used when building
"shared".  The Windows template, on the other hand, uses LIB_CFLAGS,
to express the intended use of those flags rather than their content.
The Windows template still used SHARED_LDFLAGS, which seems
inconsistent.

To harmonize the two, any SHARED_CFLAGS gets renamed to LIB_CFLAGS and
SHARED_LDFLAGS to LIB_LDFLAGS.  That makes the intent consistent along
with BIN_{C,LD}FLAGS and DSO_{C,LD}FLAGS.

Finally, make sure to pass down $(LIB_CFLAGS) or $(DSO_CFLAGS) along
with $(CFLAGS) when using Makefile.shared.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Emilia Kasper
8cab4e9bc7 Fix memory leak in library deinit
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.

Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 21:47:01 +01:00
Rich Salz
36cc1390f2 Add doc on when to use SCT callback.
With help from Viktor.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-12 13:02:34 -05:00
Emilia Kasper
4b8574461b Workaround for false -Warray-bounds in Travis
ccache + clang produces a false strcmp warning, see
https://llvm.org/bugs/show_bug.cgi?id=20144

Since this only happens with ccache and --strict-warnings, and
only with certain versions of glibc / clang, disabling
ccache is a reasonable short-term workaround.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-12 17:57:01 +01:00
Emilia Kasper
e4ad0763e8 Fix no-comp build
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-12 16:21:33 +01:00
Rich Salz
6f58da8811 Fix build break; add function declaration
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 20:36:33 -05:00
Richard Levitte
0a705cef0c When creating directory specs, use srctop_dir rather than srctop_file.
While insignificant on Unix like systems, this is significant on
systems like VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-12 02:09:05 +01:00
Richard Levitte
ef75444d08 Avoid sed for dependency post-processing
It turns out that different sed implementations treat -i differently
to cause issues.  make it simpler by avoiding it entirely and give
perl the trust to be consistent enough.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 01:15:12 +01:00
Richard Levitte
239b84e592 Because bn_expand2 is declared non-static, it must not be static
That doesn't change even to make a dummy to hide its unavailability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 01:13:18 +01:00
Matt Caswell
c3caf76035 Remove some dead code from 1999
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Matt Caswell
81161070f8 Don't clobber the last error
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.

Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Mat
642befa16e removed extra define
verified that build succeeds without the extra define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:34:26 -05:00
Mat
0a0365256c Fix no-blake2 for Windows classic build
Fix no-blake2 for Windows classic build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:34:26 -05:00
Dr. Stephen Henson
bf8bdbc678 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:41:24 +00:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:40:47 +00:00
Richard Levitte
bb26842d1c Some sed implementations are not greedy enough, use perl instead
The issue is demonstrated as follows:

  On Linux:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | sed -e 's/ \/\(\\.\|[^ ]\)*//g'
    : foo.h bar.h

  On MacOS X:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | sed -e 's/ \/\(\\.\|[^ ]\)*//g'
    : foo.husr/include/stddef.h bar.h

Perl is more consistent:

  On Linux:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | perl -pe 's/ \/(\\.|[^ ])*//g;'
    : foo.h bar.h

  On MacOS X:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | perl -pe 's/ \/(\\.|[^ ])*//g;'
    : foo.h bar.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 17:41:43 +01:00
Rich Salz
178da24425 Make update to catch function renames.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-11 11:24:56 -05:00
Kurt Roeckx
53a5167458 Use unsigned int instead of just unsigned.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Kurt Roeckx
a57410899a Save leaf_node and node_offset as character array
They are not numbers in the machine byte order.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Dr. Stephen Henson
40f43f8a2e move DSA_SIG definition into C source file
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:53:50 +00:00
Andy Polyakov
ee619197db crypto/*/build.info: make it work on ARM platforms.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:30:57 +01:00
Andy Polyakov
12940f08f4 crypto/*/build.info: SPARC-specific fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:29:55 +01:00
Andy Polyakov
0218fc3778 Configurations/unix-Makefile.tmpl: don't leave empty .s files behind.
If pre-processor failed, an empty .s file could be left behind,
which could get successfully compiled if one simply re-ran make
and cause linking failures. Not anymore. Remove even intermediate .S
in case of pre-processor failure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:29:49 +01:00
Andy Polyakov
d0db7ee0b1 Configure: remove dependency on 'head'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:26:55 +01:00
Rob Percival
680ddc996b constify CT_POLICY_EVAL_CTX getters
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 09:06:04 -05:00
Rob Percival
b536958205 Surround ctx_set_ctlog_list_file() with #ifndef OPENSSL_NO_CT
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 09:05:46 -05:00
Matt Caswell
ad87a3dc2c Suppress CT warnings in test_ssl
Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 13:52:26 +00:00
Richard Levitte
39dbb990a0 Avoid getting unresolved referense to bn_expand2 in test/bntest.c
Issue identified on Solaris by Erik Forsberg <erik@efca.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:48:26 +01:00
Matt Caswell
773fd0bad4 Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 13:36:57 +00:00
Mat
71627423e5 Fix no-rmd160 classic Windows build
no-ripemd was unified a while ago but the change was not done in mk1mf.pl. This commit changes the no-ripemd string to no-rmd160 which fixes the no-rmd160 classic build.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 14:27:15 +01:00
Richard Levitte
0069806128 Don't build dynamic engines unless configured "shared"
Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-11 12:58:15 +01:00
Richard Levitte
987dbc7fbf Harmonise the two methods to generate dependency files
One of them didn't clean away .d.tmp files properly.
The other would overwrite the .d files unconditionally, thereby
causing a possibly unnecessary dependency rebuild, which touches the
date of Makefile, which causes a possibly unnecessary rebuild of
buildinf.h and everything that depends on that.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 11:19:50 +01:00
Matt Caswell
d5957691f2 More tweaks to the installation instructions
A few things were out of date and a few things were missing. Also some
formatting updates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 10:00:39 +00:00
Richard Levitte
a5aa63a456 Fix some assembler generating scripts for better unification
Some of these scripts would recognise an output parameter if it looks
like a file path.  That works both in both the classic and new build
schemes.  Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component).  Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 00:54:31 +01:00