Commit graph

16227 commits

Author SHA1 Message Date
Matt Caswell
85556b4dec Add documentation for BIO functions
Add the documentation for new BIO functions added as a result of
making BIO and BIO_METHOD opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
1737552558 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
f334461fac Add functions for creating BIO_METHODs
BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
FdaSilvaYY
1a50b8139a Fix a big leak when using stack-allocated BIO items.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-29 17:40:54 +01:00
Andy Polyakov
bbe9769ba6 poly1305/asm/poly1305-x86.pl: don't loose 59-th bit.
RT#4439

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-29 09:55:43 +02:00
Andy Polyakov
0f3ab9a34c crypto/seed: add small-footprint path.
The space saving is >5x on x86_64 at ~40% performance penalty.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 09:53:51 +02:00
Andy Polyakov
fdf6f73e5e Windows build system: fix 32-bit appveyor build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 09:51:40 +02:00
Andy Polyakov
6ddb62a575 Build system: VC-WIN64I fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 09:48:25 +02:00
Kurt Roeckx
c5c7700c9a When using no-dtls create OPENSSL_NO_DTLS
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-28 01:12:43 +02:00
Kurt Roeckx
b7dffce017 Add session reuse tests.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-27 23:59:04 +02:00
David Benjamin
1ed6587154 Resolve DTLS cookie and version before session resumption.
Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks
against 1.2.

Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

RT: #4392, MR: #2452
2016-03-27 23:59:00 +02:00
Kurt Roeckx
71ccf961af It's called SSL_session_reused(), not SSL_session_resumed()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-27 23:58:55 +02:00
Fedor Indutny
ccae4a1582 Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

GH: #852, MR: #2452
2016-03-27 23:58:50 +02:00
Richard Levitte
ce84456ddf Math::BigInt does floored divs, BN_div does truncated div, compensate
According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1.  OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.

We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.

Closes RT#4485

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-27 21:39:23 +02:00
Jeffrey Walton
c828cd7cd0 RT4476: Fix some cast-alignment warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-25 15:43:54 -04:00
Richard Levitte
7793e17440 VMS: add a note about DECC$* logical names
These logical names are used to make the C RTL change certain
behaviors, sometimes to make it act more like Unix.  While they can
make life easier in some cases, they can be disruptive as well.  When
building and testing OpenSSL, the latter is the case, so we ask people
to avoid using them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-25 09:05:46 +01:00
Rich Salz
9c1215a3c1 Revert part of applink/Borland commit
This allows developer to glue DLL built with VC into their application
compiled with Borland C.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-24 17:06:48 -04:00
Rich Salz
c3ddb26331 More Borland removal.
And thanks to Miod Vallat for the nudge about ERR_PACK :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-24 14:05:48 -04:00
Richard Levitte
a5bb160c8c VMS: $? might be huge enough to break line length limit, so don't print it
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
b6fe86cdea VMS: install openssl.conf in OPENSSLDIR, not INSTALLTOP
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
b3514b4772 VMS: have mms ignore creation of already existing dirs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
6bd1ef90b2 VMS: Rethink the staging directory
On Windows and Unix, the staging directory $(DESTDIR) can simply be
prepended to the installation directory.  An attempt was made to do
something similar on VMS, but that ended up being a half measure
solution.  Instead of that, simply use the staging directory as a
prefix under which [.OPENSSL-INSTALL] and [.OPENSSL-COMMON] will hold
the two directory trees that should end up in the directories
indicated by --prefix and --openssldir, and finish the installation
with appropriate instructions on what to do next.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
af854d05a3 Misc fixes in VMS/openssl_startup.com.in
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
667c6bfe18 Adjust some default installation directories
- on VMS, SYS$COMMON:[SSL] is already used as installation directory
  by HP SSL, so we make our default for --openssldir
  SYS$COMMON:[OPENSSL-COMMON] instead.
- Updated notes on default installation dirs fir Unix and Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
828d04afe4 VMS: update the properties of symbol search
In this OpenSSL version, we deliver engines with lower case symbol
names.  The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 19:58:12 +01:00
Richard Levitte
b54e35f6cd VMS: compensate for command line length limits with a logical name
Sometimes, you might end up with a rather long compile line due to
excessively long /INCLUDE directories.  Compensate for it by making
a temporary logical name with them and using said logical name as
/INCLUDE argument.

A note was added to NOTES.VMS regarding these limitations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 19:58:12 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Rich Salz
3d8b2ec42b Remove several unused undocumented functions.
Removed the following:
    DSO_bind_var, DSO_bind_var, DSO_get_default_method,
    DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
    DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
    DSO_set_name_converter, DSO_set_name_converter

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 08:34:33 -04:00
FdaSilvaYY
de70582410 Fix error code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 08:15:55 -04:00
Richard Levitte
ac722c9af0 Small fixups in DSO
- VMS configs had no dso_scheme
- Incorrect return of NULL method.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-23 08:40:56 +01:00
Rob Percival
7def9fae39 Removed unused fields of CT_POLICY_EVAL_CTX
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 21:58:04 -04:00
Alex Gaynor
b9b6a7e5dc Correct another batch of typos
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 21:57:26 -04:00
Kurt Roeckx
88a9614ba3 Check algo_strength using SSL_STRONG_MASK
algo_strength contains 2 parts that need to be checked by their own.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2082
2016-03-22 22:00:12 +01:00
Dr. Stephen Henson
d577a69a0f remove unused references field
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 19:42:19 +00:00
Rich Salz
38186bfd4e Have only one DSO_METHOD_openssl
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:35:03 -04:00
Rich Salz
73decf5975 Make DSO opaque.
This was really easy.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:16:54 -04:00
Dr. Stephen Henson
29fa0a1af4 Make X509_PUBKEY opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
Dr. Stephen Henson
91829e456c move x_pubkey.c to crypto/x509
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
Ben Laurie
b8ce6dda36 Fix enable-zlib no-comp.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:38 +00:00
Ben Laurie
9730043fac Fix no-rc4.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:24 +00:00
Ben Laurie
f100b0317e Move declaration of i into blocks where it is used.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:06 +00:00
Ben Laurie
3fd4d211ae sctp requires dgram.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:14:28 +00:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Richard Levitte
52d86d9b8d Downcase VMS config names
On VMS, we downcase option names, which means that config names are
downcased as well, so they need to be downcased in the target table to
be found.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21 20:20:15 +01:00
Richard Levitte
149bd5d6cb Just like bio_out, bio_err needs the linebuffer filter on VMS
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21 18:46:49 +01:00
Rob Percival
367071f121 Adds s2i function for ct_precert_poison X509 extension
Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-21 13:02:12 -04:00
Steven Linsell
55327ddfc1 Fix memory leak where fdlookup linked list is not freed during
ASYNC_WAIT_CTX_free

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-21 16:57:34 +00:00
Matt Caswell
7188f1f650 Fix no-ts with --strict-warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:35:58 +00:00
Matt Caswell
f9e5503412 Fix no-sock
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:33:59 +00:00