Commit graph

1904 commits

Author SHA1 Message Date
Richard Levitte
d26d2cfe95 Remove all NOEXIST symbols from ordinals files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
3b39185880 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
bfc3b4ffd6 util/perl/OpenSSL/Ordinals.pm: introduce a base version
The idea is that a base version is the minimum version that must be
assigned to all symbols.  The practical result is that, for any new
major release, the version number for all symbols will automatically
be bumped to the new release's version number, if necessary.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
ad0b144b8a util/perl/OpenSSL/Ordinals.pm: use OpenSSL::Util::cmp_versions
OpenSSL::Util::cmp_versions() is introduced to be used everywhere
where versions are compared.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
257ab867d0 util/perl/OpenSSL/Ordinals.pm: shift to dotted versions internally
Any version from an ordinals file will have '_' changed to '.' on
input, and changed back on output.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Boris Pismenny
50ec750567 ssl: Linux TLS Tx Offload
This patch adds support for the Linux TLS Tx socket option.
If the socket option is successful, then the data-path of the TCP socket
is implemented by the kernel.
We choose to set this option at the earliest - just after CCS is complete.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Richard Levitte
9059ab425a Following the license change, modify the boilerplates in util/, tools/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)
2018-12-06 14:17:23 +01:00
Richard Levitte
fcd2d5a612 Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number.  This was "natural" in the pre-3.0.0 because the version was
this simple number.

With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.

Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:

    -D OPENSSL_API_COMPAT=0x10100000L
    -D OPENSSL_API_COMPAT=3

Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.

Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:

    OPENSSL_API_0_9_8
    OPENSSL_API_1_0_0
    OPENSSL_API_1_1_0
    OPENSSL_API_3

They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
0695b19342 util/find-doc-nits: allow #undef
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
672f943ad6 Switch future deprecation version from 1.2.0 to 3.0
This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
2284f64c87 util/mkdef.pl: prepare for DEPRECATEDIN_X
This is in preparation for new versioning scheme, where the
recommendation is to start deprecations at major version boundary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
be80b21d2a Docs: better deprecation text
Expand the text on deprecation to be more descriptive and to refer
back to openssl_user_macros(7).

Incidently, this required a small change in util/find-doc-nits, to
have it skip over any line that isn't part of a block (i.e. that
hasn't been indented with at least one space.  That makes it skip over
deprecation text.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7745)
2018-12-03 12:32:31 +01:00
Richard Levitte
b608fabfcc util/process_docs.pl: handle multiple source directories for .pod files
From now on, the default is to look in both the source directory and
the build directory.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
2018-12-03 10:00:14 +01:00
Richard Levitte
3be389435f Have util/mktar.sh display the absolute path to the tarball
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
2018-11-24 18:40:31 +01:00
Richard Levitte
b42922ea2f Document the removed 'dist' target
Also adds missing copyright boilerplate to util/mktar.sh

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
2018-11-24 18:40:30 +01:00
Richard Levitte
8c209eeef4 Change tarball making procedure
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.

The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball.  After all, the tarball
should now only contain source files that are present even without
configuring.

Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools.  Since we
have everything versioned with git, we might as well use the tool that
comes with it.

Added: util/mktar.sh, a simple script to produce OpenSSL tarballs.  It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.

This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)
2018-11-23 12:40:32 +01:00
Antoine Salon
ebfd055b29 Making SRP_user_pwd functions public
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
51f03f1227 Added SRP_VBASE_add0_user()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
d9720a5992 Add SSL_CTX_set_tmp_ecdh.pod
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:41:37 +00:00
Antoine Salon
dc703d6b46 SSL extra chain certificates doc
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:41:37 +00:00
Richard Levitte
2dc37bc2b4 Fix typo in util/perl/OpenSSL/Test.pm
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7633)
2018-11-14 00:52:06 +01:00
Richard Levitte
1828939974 Fix rpath-related Linux "test_shlibload" failure.
When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)
2018-11-14 00:41:57 +01:00
Viktor Dukhovni
a51c9f637c Added missing signature algorithm reflection functions
SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-12 16:55:38 -05:00
David Woodhouse
ecbb2fca93 Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
Richard Levitte
3866b2247f util/add-depends.pl: go through shared_sources too
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7545)
2018-11-07 14:38:20 +01:00
Richard Levitte
f842b6b2a4 Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl()
These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and
EVP_PKEY_CTX_hex2ctrl().  They will parse the value, and then pass the
parsed result and length to a callback that knows exactly how to pass
them on to a main _ctrl function, along with a context structure
pointer.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Richard Levitte
567db2c17d Add EVP_MAC API
We currently implement EVP MAC methods as EVP_PKEY methods.  This
change creates a separate EVP API for MACs, to replace the current
EVP_PKEY ones.

A note about this EVP API and how it interfaces with underlying MAC
implementations:

Other EVP APIs pass the EVP API context down to implementations, and
it can be observed that the implementations use the pointer to their
own private data almost exclusively.  The EVP_MAC API deviates from
that pattern by passing the pointer to the implementation's private
data directly, and thereby deny the implementations access to the
EVP_MAC context structure.  This change is made to provide a clearer
separation between the EVP library itself and the implementations of
its supported algorithm classes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Patrick Steuer
d68af00685 s390x assembly pack: add OPENSSL_s390xcap man page.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
2018-10-17 14:03:59 +02:00
Antoine Salon
9453b19634 Deprecate ECDH_KDF_X9_62()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Antoine Salon
ffd89124bd EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
FdaSilvaYY
c2e33a05b1 crypto/rand: fix some style nit's
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7378)
2018-10-10 14:00:43 +02:00
Benjamin Kaduk
a5fcce6b95 mkdef: bsd-gcc uses solaris symbol version scripts
As for linux, make bsd-gcc an alias to the solaris semantics for
shared library symbol version handling.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7376)
2018-10-09 10:55:41 -05:00
Richard Levitte
36d3acb91d util/mkdef.pl: for VMS, allow generation of case insensitive symbol vector
Some modules are built with case insensitive (uppercase) symbols on
VMS.  This needs to be reflected in the export symbol vector.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Richard Levitte
ed57d89bd1 Change the build of engines to use ordinal files for symbol export
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Richard Levitte
97624638b0 util/mkdef.pl: Produce version scripts from unversioned symbols
This allows setting up export maps for DSOs as well in a uniform way.
This also means that util/mkdef.pl no longer picks up the target
version from configdata.pm, and it has to be given on the command line
instead.  This may be used to give modules separate versions as well,
if desirable.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Richard Levitte
30699aa194 Refactor util/mknum.pl for clearer separation of functionality
Rewrite util/mknum.pl to become cleaner, and to use the separate
generic C header parsing module, as well as the separate ordinals
manipulation module.
Adapt the build files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
15ba109631 Add code to manipulate the items in OpenSSL::Ordinals
This means adding the capability to add new items, to invalidate and
revalidate all the items, and to update the file it came from, as well
as the possibility to create new items from other data than a line
from said file.

While we're at it, we throw in a couple of useful filters.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
d73c44404d A perl module to parse through C headers
OpenSSL::ParseC is a module that parses through a C header file and
returns a list with information on what it found.  Currently, the
information it returns covers function and variable declarations,
macro definitions, struct declarations/definitions and typedef
definitions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
ab1e5495e4 Move ZLIB from 'platforms' to 'features'
Having it as a 'platform' was conceptually wrong from from the
beginning, and makes decoding more complicated than necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
8effd8fa67 Refactor util/mkdef.pl for clearer separation of functionality
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
91a99748d3 Add a perl module that deals with ordinals files
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
ef2dfc9902 Refactor linker script generation
The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.

Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things.  What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.

"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms.  The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.

Note that this adds extra meaning to the value of the shared_target
attribute.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)
2018-10-01 09:49:16 +02:00
Richard Levitte
7e09c5eaa5 Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Daniel Bevenius
7c69495712 Document OPENSSL_VERSION_TEXT macro
This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)
2018-09-24 12:00:22 +02:00
Richard Levitte
d3c72e392a util/mkdef.pl, util/add-depends.pl: don't lowercase file names
It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).

Fixes #7172

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)
2018-09-20 13:43:22 +02:00
Viktor Szakats
af7d8d3446 minor fixes for Windows
- fix to use secure URL in generated Windows resources
- fix a potentially uninitialized variable
- fix an unused variable warning

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7189)
2018-09-12 09:16:07 +02:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Paul Yang
4803717f5e Support setting SM2 ID
zero-length ID is allowed, but it's not allowed to skip the ID.

Fixes: #6534

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
0a8fdef752 Support pmeth->digest_custom
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00