Commit graph

15422 commits

Author SHA1 Message Date
Richard Levitte
88297284ad Don't treat .d (depend) files separately from object files
.d (.MMS in the VMS world) files with just dependencies are built from
exactly the same conditions as the object files.  Therefore, the rules
for them can be built at the same time as the rules for the
corresponding object files.

This removes the requirement for a src2dep function in the build file
templates, and for common.tmpl to call it.  In the end, the existence
of depend files is entirely up to the build file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:42:09 +01:00
Richard Levitte
7d1037661a Fix the makedepend constructor in unix-Makefile.tmpl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:41:29 +01:00
Rich Salz
d1776fdecd Fix {TLS,CIPHER}_DEBUG compiles.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:19:32 -05:00
Roumen Petrov
6baa3b4305 documentation: RSA_new_method argument
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:16:42 -05:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Roumen Petrov
1bd8bc558d remove redundant opt* declarations
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-18 15:39:57 -05:00
Neel Goyal
37b6fd8371 Fix typo in SSL_CTX_set_msg_callback docs
Change `SSL_get_msg_callback_arg` to `SSL_set_msg_callback_arg`

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-18 14:12:19 -05:00
Rich Salz
9a13bb387d GH681: More command help cleanup
enc:
 - typo in -base64 option
 - missing help opt text
ocsp, req, rsautl, s_client:
 - missing help opt text

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-18 12:24:44 -05:00
Matt Caswell
6bc7bad011 Fix windows thread stop code
The windows thread stop code was erroneously not just deleting the thread
local variable on thread stop, but also deleting the thread local *key*
(thus removing thread local data for *all* threads in one go!).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 15:27:16 +00:00
Roumen Petrov
4015adf0a3 Fix OPENSSL_config with NULL parameter
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 10:25:23 -05:00
Matt Caswell
35b1a433ed Fix memory leaks in tls_decrypt_ticket
Certain code paths in tls_decrypt_ticket could return early without first
freeing the HMAC_CTX or the EVP_CIPHER_CTX.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 15:21:47 +00:00
Zhao Junwang
c4c32155f5 GH706: Use NULL for pointer compare.
As handshake_func is a function pointer, it should compare to NULL

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-18 09:56:02 -05:00
Dr. Stephen Henson
f6fb7f1856 typo
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 13:59:18 +00:00
Rich Salz
e4ef2e25f1 Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 21:12:30 -05:00
Richard Levitte
4418e0302f In the unified scheme, there is no $(TOP), use $(SRCDIR) instead
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:38:26 +01:00
Richard Levitte
29d0932721 Fix spelling
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:32:13 +01:00
Richard Levitte
6ba5dd341b Fix spelling
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:11:18 +01:00
Richard Levitte
d9dc3e1d28 Add -lresolv to the Solaris ex_libs
The reason is that we use hstrerror() and other resolver functions.

Reporter: Erik Forsberg <erik@efca.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:07:54 +01:00
David Woodhouse
3ba84717a0 Finish 02f7114a7f
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 17:04:47 -05:00
Richard Levitte
4277cf9091 Get conditional priorities right
"or" has lower priority than "||" and works better to have Perl less
confused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 22:23:09 +01:00
Richard Levitte
f9c693df45 Be more verbose when debugging is on
It's near impossible to figure out what goes wrong with the execution
of sub-commands otherwise.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 22:11:55 +01:00
David Woodhouse
02f7114a7f RT3628: Allow filenames to be eliminated from compiled library
Although I explicitly don't care about the tinfoil-hat reason given in
the initial opening of RT#3628, that "paths usually contain private
information", there *are* situations where it's useful to eliminate the
filenames from the compiled binary.

The two reasons we do care about in the context of firmware such as EDK2
are that it allows for a smaller footprint, and it is also a necessary
component of a binary-reproducible build.

To that end, introduce OPENSSL_FILE and OPENSSL_LINE macros, defining
them to __FILE__ and __LINE__ respectively in the normal case, but to
"" and 0 when OPENSSL_NO_FILENAMES is set.

This is mostly a naïve invocation of
 $ sed 's/__\([FL]I[NL]E\)__/OPENSSL_\1/g' -i `git grep -l __LINE__`
but with a few instances change to just print the function name instead
(although those probably need to die anyway) and test cases left untouched.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 14:19:46 -05:00
Richard Levitte
95b2ebdf99 When someone configures an out-of-source build, switch to unified
For example, this works instead of giving a big error message (note
the lack of '--unified'):

    mkdir ../_build
    (cd ../_build/; ../openssl-src/config; make)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:09:33 +01:00
Richard Levitte
d918f9cb2d Fix check of -DOPENSSL_USE_APPLINK in $config{cflags}
The previous fix wasn't right.

Also, change all (^|\s) and (\s|$) constructs to (?:^|\s) and (?:\s|$).
Perl seems to like that better.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:07:06 +01:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
Dr. Stephen Henson
c7c4625693 remove redundant code
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 16:16:13 +00:00
David Woodhouse
21b80f9a12 RT4318: Fix OSSL_SSIZE_MAX for UEFI build
Commit e634b448c ("Defines OSSL_SSIZE_MAX") introduced a definition of
OSSL_SSIZE_MAX which broke the UEFI build. Fix that by making UEFI take
the same definition as Ultrix (ssize_t == int).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 10:39:35 -05:00
David Woodhouse
c7b7938e75 RT4315: Fix UEFI build in crypto/init.c
We don't have atexit() in the EDK2 environment. Firmware never exits.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 10:07:30 -05:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
David Woodhouse
6a78ae2821 RT4313: Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()
Commit 05c7b1631 ("Implement the use of heap manipulator implementions")
added 'file' and 'line' arguments to CRYPTO_free() and friends, but neglected
to fix up the !IMPLEMENTED case within CRYPTO_secure_free(). Add the missing
arguments there too.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 09:16:01 -05:00
Richard Levitte
d6b55faca3 Fixup secmemtest for the change of CRYPTO_free() and friends
Switching it to use OPENSSL_free() et al when appropriate.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 12:27:53 +01:00
Dmitry-Me
9eaa5f9a32 Fix mismatched curly brace
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 11:06:47 +01:00
Richard Levitte
fa9bb6201e Update the documentation on heap allocators / deallocators
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 10:12:49 +01:00
Richard Levitte
05c7b1631b Implement the use of heap manipulator implementions
- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 10:12:49 +01:00
Viktor Szakats
e159fd1543 md_rand: FAQ URL to use https and follow a redirect
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 16:51:13 -05:00
Viktor Szakats
73b6924ed7 OPENSSL_init_ssl.pod: fix minor typo
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-16 22:49:23 +01:00
Richard Levitte
29620124ff On solaris, the variable name sun clashes, use s_un instead
For orthogonality, we change sin -> s_in and sin6 -> s_in6 as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 17:16:32 +01:00
Richard Levitte
432c7a50f2 Check for OPENSSL_USE_APPLINK in $config{cflags} as well
Macro definitions "should" be found in $config{defines}, but some
configs haven't transfered macro definitions from their 'cflags'
settings (which isn't mandatory anyway), so check both places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:49:29 +01:00
Richard Levitte
a583fc45fa Don't check for gcc or clang on VMS
This check is meaningless on VMS and only produce an error because the
underlying shell (DCL) doesn't understand sh syntax such as '2>&1'.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:23:47 +01:00
Richard Levitte
7c55e22c69 Lowercase configuration arguments on VMS
Depending on user preferences, Configure might get something like
--PREFIX=blah just as well as --prefix=blah, or "SHARED" just as well
as "shared".  On VMS, let's therefore lowercase at least the portion
of the argument before a possible equal sign.

For good measure, we lowercase the arguments to be checked in
config.com as well.  The original argument is sent on to Configure,
however.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:10:06 +01:00
Richard Levitte
4ad386412c Fix Solaris link_a and link_o
A long time ago, Solaris cc didn't seem to handle -Wl, linker options,
while gcc on Solaris required it.  Since then, Solaris cc has
developed to understand -Wl, options, and our little dance to figure
out how to pass linker options to the C compiler that's used isn't
needed any more.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 15:54:47 +01:00
Dr. Stephen Henson
2235b7f2dd Simplify tls1_set_ec_id.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Dr. Stephen Henson
2fa2d15ac8 Use nid_list table to lookup curve IDs.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Dr. Stephen Henson
2dc1aeed3b Add explanation and warning to TLS id table.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Richard Levitte
b0c93ee747 Fix use of add() and add_before() in Configurations/*.conf
These two functions take a separator to concatenat the strings with as
first argument.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-16 02:48:18 +01:00
Richard Levitte
c4fb3b3942 Prepare for 1.1.0-pre4-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-15 19:37:42 +01:00
Richard Levitte
c2bbf05873 Prepare for 1.1.0-pre3 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-15 19:37:20 +01:00
Richard Levitte
c35f5c3d3a Correct deprecation of OPENSSL_config
Reported in GH#684

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-15 16:25:10 +01:00
Rich Salz
77b8ad1840 Fix build-break
Combination of heartbeats and unit-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-15 10:17:12 -05:00
Richard Levitte
3544091ae0 MANSUFFIX should be left empty
That variable isn't for us, it's for any user, distributor or package
builder that wants one after the section number.  "ssl" seems to be
popular...

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-15 14:16:07 +01:00