Commit graph

1500 commits

Author SHA1 Message Date
Ben Laurie
40abdf8e39 Support ccache.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-12 23:05:41 +00:00
Richard Levitte
ea11c6e920 make update, missed file
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-11 18:07:05 +01:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Matt Caswell
2fb5535e64 Fix mkfiles for new directories
Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-10 11:58:58 +00:00
Andy Polyakov
c7b5b9f4b1 make update.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:06:05 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Dr. Stephen Henson
59ff61f357 remove deleted directories from mkfiles.pl
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-09 23:57:19 +00:00
Dr. Stephen Henson
3c4e064e78 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
d2ad1c9617 remove ecdsa from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
cda302d94f remove ECDH from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
b3fce9c91e Add extms extension
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Dr. Stephen Henson
040c878350 TLSProxy update
Add function to delete extensions and fix ClientHello repacking.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Richard Levitte
b3bb779997 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
959ed5316c Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
Looking over names, it seems like we usually use names ending with
_new and _free as object constructors and destructors.  Also, since
EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be
named accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Kurt Roeckx
6f78b9e824 Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:22:31 +01:00
Dr. Stephen Henson
df04754be7 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 17:52:01 +00:00
Rich Salz
e6390acac9 ex_data part 2: doc fixes and CRYPTO_free_ex_index.
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-01 11:48:37 -05:00
Dr. Stephen Henson
9cc6fa1ce8 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Matt Caswell
22a34c2fab Implement windows async thread local variable support
Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:40:23 +00:00
Matt Caswell
68487a9b06 Convert __thread to pthreads for Thread Local Storage
In theory the pthreads approach for Thread Local Storage should be more
portable.

This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:39:30 +00:00
Matt Caswell
e8dfb5bf8e Add ASYNC_block_pause and ASYNC_unblock_pause
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
f4511d4897 Remove ASYNC NOEXIST functions from libeay.num
During development some functions got added and then later taken away.
Since these will never appear in a production version there is no reason
for them to appear in libeay.num flagged as "NOEXIST".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:36:29 +00:00
Matt Caswell
c742f56e94 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
4f70d04593 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
252d6d3aa6 Add ASYNC_JOB pools
It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
7070e5ca2f Use longjmp at setjmp where possible
Where we can we should use longjmp and setjmp in preference to swapcontext/
setcontext as they seem to be more performant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:05 +00:00
Matt Caswell
5010830495 Async port to windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
38148a234c Various windows build fixes to prepare for windows port
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a14e9ff713 Add the Dummy Async engine (dasync)
This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Dr. Stephen Henson
1786086b05 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 16:52:20 +00:00
Richard Levitte
a22c01244b make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-17 15:17:36 +01:00
Matt Caswell
a974e64aaa Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-10 23:02:44 +00:00
Dr. Stephen Henson
f4c38857d7 Read function names from C source files.
In mkerr.pl read parse functions names in C source files and use
them for translation and sanity checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-05 15:48:37 +00:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Matt Caswell
9b67c0d810 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:47 +00:00
Matt Caswell
82c1aa93c9 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Ben Laurie
84cf97af06 Improve make depend.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-24 17:34:21 +01:00
Richard Levitte
d865cb13ba Add crypto/include/internal to the directories to scan for stack declarations
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-18 20:35:22 +02:00
Emilia Kasper
58dd1ce91a make depend: prefer clang over makedepend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 17:10:20 +02:00
Andy Polyakov
82987e6119 Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:48:15 +02:00
Andy Polyakov
4ada8be2a6 Test suite: minimal required to get mingw 'make test' work under Linux.
(part by Alessandro Ghedini)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:46:50 +02:00
Matt Caswell
0f0cfbe24c Fix Windows build
Add the new ct directory to mkfiles.pl and fix the ct Makefile

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-09 12:10:16 +01:00
Matt Caswell
28dc5d1963 Fix no-ripemd on Windows
mkdef.pl was getting confused by:

 # ifdef OPENSSL_NO_RMD160
 #  error RIPEMD is disabled.
 # endif

Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-08 15:31:08 +01:00
Richard Levitte
46f4d2bef6 Fix make depend for things being built in subdirectories
Some makedepend mechanisms remove all directory information in the
target, so a dependency can looks like this:

ssl3_record.o: record/ssl3_record.c

However, that doesn't quite suit us, our Makefile has us build
record/ssl3_record.o rather than ssl3_record.o.

To clear this up, a change to util/clean-depend.pl takes care of this
case by looking up the original file in the dependencies and restoring
the directory information from it.

Reviewed-by: Ben Laurie <ben@openssl.org>
2015-10-05 11:08:18 +02:00
Matt Caswell
dd35486db6 Fix libeay.num
Removed duplicated ordinals from libeay.num

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 15:36:41 +01:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Emilia Kasper
cf7f85927c Empty NewSessionTicket: test session resumption
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 16:00:58 +02:00
Emilia Kasper
7f6d90ac75 Empty session ticket: add a test
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 16:00:47 +02:00
Andy Polyakov
51cbee3516 Update year in Windows builds.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 15:32:38 +02:00
Andy Polyakov
0589680ee6 Harmonize util/mkrc.pl with header move.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 15:32:15 +02:00
Matt Caswell
d84a7b20e3 Add ability to set default CA path and file locations individually
Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Dr. Stephen Henson
e15a18de96 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Matt Caswell
50db968aad Fix some test failures when Configured with zlib
TLSProxy was failing if we are Configured with compression because it
doesn't support it. This fix simply switches compression off for the
purposes of the test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-19 20:07:33 +01:00
Matt Caswell
8011f64efb make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16 12:40:55 +01:00
David Woodhouse
05d7bf6c5b RT3992: Make SCT #ifdeffable.
This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.

In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-09 18:28:13 -04:00
Richard Levitte
fd9ad2300b Adapt mk1mf.pl and helpers to the new testing framework.
With the new testing framework, building a test target with mk1mf.pl
becomes a very simple thing.  And especially, no more need to do the
amount of hackery in unix.pl we did.

Also, some tests need a working apps/CA.pl as well as rehashed certs
in certs/demo.  So, move the code creating those files so it gets done
regardless, not just in non-mk1mf environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-07 16:10:58 +02:00
Richard Levitte
8af6082e16 Fixup merge conflicts in util/libeay.num
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-06 14:13:00 +02:00
Dr. Stephen Henson
551a2f26aa make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 00:17:37 +01:00
Rich Salz
ca4a494cb7 Make TS structures opaque.
Most of the accessors existed and were already used so it was easy.
TS_VERIFY_CTX didn't have accessors/settors so I added the simple and
obvious ones, and changed the app to use them.  Also, within crypto/ts,
replaced the functions with direct access to the structure members
since we generally aren't opaque within a directory.

Also fix RT3901.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 17:49:20 -04:00
Rich Salz
b0809bc8ff RT3998: Allow scrypt to be disabled
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available.  Mostly done by David Woodhouse.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-04 14:09:14 -04:00
David Woodhouse
47bbaa5b60 Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:31:09 -04:00
David Bar
e968561d5e RT3674: Make no-cms build work.
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 14:45:15 -04:00
Dr. Stephen Henson
231efb9365 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-03 18:37:27 +01:00
Richard Levitte
e56a79784c Two changes at ones lead to a confused libeay.num. Fix
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-03 10:16:59 +02:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Dr. Stephen Henson
66e87a9f09 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-02 21:26:17 +01:00
Dr. Stephen Henson
6c41ee7c65 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:37:45 +01:00
Dr. Stephen Henson
25a5d1b8c4 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 23:18:55 +01:00
Rich Salz
1f003251ff Fix 4c42ebd; forgot to inutil util/libeay.num
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-28 15:55:09 -04:00
Rich Salz
4c42ebd2f3 Remove _locked memory functions.
Undocumented, unused, unnecessary (replaced by secure arena).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-26 07:02:33 -04:00
Matt Caswell
ddcc5e5b60 Add NewSessionTicket test suite
Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-26 10:38:02 +01:00
Matt Caswell
8af538e5c5 Fix TLSProxy end of test detection
Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-26 10:38:02 +01:00
Richard Levitte
3da9505dc0 Add new types to indent.pro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-17 18:21:53 +02:00
Richard Levitte
00bf5001f7 for test_sslvertol, add a value to display SSL version < 3 in debug
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-13 22:05:25 +02:00
Richard Levitte
4deefd6567 Fixups in libssl test harness
- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-13 22:05:25 +02:00
Richard Levitte
c0cbb4c19b Use dynamic engine for libssl test harness
Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 20:27:46 +01:00
Matt Caswell
a1accbb1d7 Extend TLSProxy capabilities
Add ServerHello parsing to TLSProxy.
Also add some (very) limited ServerKeyExchange parsing.
Add the capability to set client and server cipher lists
Fix a bug with fragment lengths

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 20:27:46 +01:00
Matt Caswell
631c120633 Add a libssl test harness
This commit provides a set of perl modules that support the testing of
libssl. The test harness operates as a man-in-the-middle proxy between
s_server and s_client. Both s_server and s_client must be started using the
"-testmode" option which loads the new OSSLTEST engine.

The test harness enables scripts to be written that can examine the packets
sent during a handshake, as well as (potentially) modifying them so that
otherwise illegal handshake messages can be sent.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 20:27:46 +01:00
Ben Laurie
4b9cb35d85 Find the right indent on *BSD.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-10 13:28:26 +01:00
Dirk Wetter
e36ce2d986 GH336: Return an exit code if report fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-01 14:32:32 -04:00
Rich Salz
7e5363abe3 Rewrite crypto/ex_data
Removed ability to set ex_data impl at runtime.  This removed these
three functions:
    const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
    int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
    int CRYPTO_ex_data_new_class(void);
It is no longer possible to change the ex_data implementation at
runtime.  (Luckily those functions were never documented :)

Also removed the ability to add new exdata "classes."  We don't believe
this received much (if any) use, since you can't add it to OpenSSL objects,
and there are probably better (native) methods for developers to add
their own extensible data, if they really need that.

Replaced the internal hash table (of per-"class" stacks) with a simple
indexed array.  Reserved an index for "app" application.

Each API used to take the lock twice; now it only locks once.

Use local stack storage for function pointers, rather than malloc,
if possible (i.e., number of ex_data items is under a dozen).

Make CRYPTO_EX_DATA_FUNCS opaque/internal.

Also fixes RT3710; index zero is reserved.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-20 01:16:28 -04:00
Rich Salz
0bc2f36555 Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-16 01:06:48 -04:00
Ernie Hershey
ad282e638b GH322: Fix typo in generated comment.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-15 03:32:24 -04:00
Richard Levitte
053fa39af6 Conversion to UTF-8 where needed
This leaves behind files with names ending with '.iso-8859-1'.  These
should be safe to remove.  If something went wrong when re-encoding,
there will be some files with names ending with '.utf8' left behind.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-14 01:10:01 +02:00
Richard Levitte
f608b4064d Small script to re-encode files that need it to UTF-8
This requires 'iconv' and that 'file' can take the options '-b' and '-i'.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-14 01:10:01 +02:00
Dr. Stephen Henson
88f4f91260 Sort @sstacklst correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-09 16:04:09 +01:00
Matt Caswell
040b93353e Apply some missing updates from previous commits
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-07-09 09:45:22 +01:00
Dr. Stephen Henson
b34f691ddb make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-29 11:47:59 +01:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Kurt Roeckx
26c79d5641 Properly check certificate in case of export ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
MR #588
2015-06-09 00:46:59 +02:00
Dr. Stephen Henson
97cacc537e make update.
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same
ordinal as 1.0.2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-03 15:39:29 +01:00
Matt Caswell
d9f1c639d5 Change return type of the new accessors
The new accessors SSL_get_client_random, SSL_get_server_random and
SSL_SESSION_get_master_key should return a size_t to match the type of the
|outlen| parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 16:55:15 +01:00
Dr. Stephen Henson
f2e19cb15e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:24:59 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Dr. Stephen Henson
3a752c85ee make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:03 +01:00
Dr. Stephen Henson
5a1d250906 make update
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-05-20 14:01:19 +01:00
StudioEtrange
3a114e6164 GitHub284: Fix typo in xx-32.pl scripts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-20 04:18:55 -04:00
Dr. Stephen Henson
978327bcad Add types to indent.pro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-17 18:35:21 +01:00
Matt Caswell
13c9bb3ece Client side version negotiation rewrite
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:31 +01:00
Matt Caswell
32ec41539b Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.

The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.

Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.

Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:19:56 +01:00
Rich Salz
9f5be870e8 Update mkdef for moved header file.
crypto/cryptlib.h moved to crypto/include/internal; update
the script.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-14 15:58:14 -04:00
Richard Levitte
7a05eaac5e Adjust unixly mk1mf after introduction of tkey
Added depencies on the public variants of some keys in test to Makefile.
Added the newly introduced key files from test/ in the list of files
to copy in util/pl/unix.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 15:55:59 +02:00
Richard Levitte
6857079791 Identify and move OpenSSL internal header files
There are header files in crypto/ that are used by the rest of
OpenSSL.  Move those to include/internal and adapt the affected source
code, Makefiles and scripts.

The header files that got moved are:

crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 15:13:49 +02:00
Andy Polyakov
bd576049a9 util/incore update.
Support cross-compile platforms that don't support FINGERPRINT_premain,
e.g. VxWorks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:23:48 +02:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:07:57 +01:00
Rich Salz
9a555706a3 Make COMP_CTX and COMP_METHOD opaque
Since COMP_METHOD is now defined in comp_lcl.h, it is no
longer possible to create new TLS compression methods without
using the OpenSSL source.  Only ZLIB is supported by default.
Also, since the types are opaque, #ifdef guards to use "char *"
instead of the real type aren't necessary.

The changes are actually minor.  Adding missing copyright to some
files makes the diff misleadingly big.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-12 10:24:48 -04:00
Dr. Stephen Henson
fae4772c24 Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.

Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-08 18:43:44 +01:00
Richard Levitte
2ed42bf639 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-05 21:49:51 +02:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
3e47caff48 ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).

Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock.  Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 10:50:54 -04:00
Richard Levitte
0223ca0987 Allow for types with leading underscore when checking error macros.
We have an increasing number of function declarations starting with
'__owur'.  Unfortunately, util/ck_errf.pl fails to detect them.  A
simple change fixes that issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-04-28 14:34:58 +02:00
Richard Levitte
9e842a5292 Fix the check of test apps in util/mk1mf.pl
The previous check assumed that the variables for each test app, ending
with TEST would be indication enough.  Experience showed that this isn't
the best way.  Instead, simply look for the EXE variable in test/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 15:55:53 +02:00
Richard Levitte
4c1408962a Small fixes after the Big apps cleanup
This fixes util/mk1mf.pl, which was looking for old variable names from
apps/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 11:02:36 +02:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Richard Levitte
2cfdfe0918 Have mkerr.pl treat already existing multiline string defs properly
Since source reformat, we ended up with some error reason string
definitions that spanned two lines.  That in itself is fine, but we
sometimes edited them to provide better strings than what could be
automatically determined from the reason macro, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "Peer haven't sent GOST certificate, required for selected ciphersuite"},

However, mkerr.pl didn't treat those two-line definitions right, and
they ended up being retranslated to whatever the macro name would
indicate, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "No gost certificate sent by peer"},

Clearly not what we wanted.  This change fixes this problem.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-08 21:44:43 +02:00
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 14:07:39 -04:00
Dr. Stephen Henson
40cf454566 update ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
865b55ac8e remove asn1_mac.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Richard Levitte
a72d89fda6 Now that we've removed the need for symlinks, we can safely remove util/mklinks.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
0190de80d5 Remove remaining variables for symlinked/copied headers and tests
GitConfigure:   no more 'no-symlinks'

util/bat.sh, util/mk1mf.pl, util/pl/VC-32.pl, util/pl/unix.pl:
- Remove all uses of EXHEADER.
  That includes removing the use if INC_D and INCO_D.
- Replace the check for TEST with a check for [A-Z0-9_]*TEST.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
8bf5b8ab22 Fix some faults in util/mk1mf.pl
When building on Unix, there are times when the 'EX_LIB' MINFO variable
contains valuable information.  Make sure to take care of it.

fixrules in util/pl/unix.pl was previously changed with a simpler fix of
rules, with a comment claiming that's compatible with -j.  Unfortunately,
this breaks multiline rules and doesn't change anything for single line
rules.  While at it, do not prefix pure echo lines with a 'cd $(TEST_D) &&',
as that's rather silly.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 15:21:18 +02:00
Dr. Stephen Henson
22f5bd3dd2 New ASN1_TYPE SEQUENCE functions.
Add new functions ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence:
these encode and decode ASN.1 SEQUENCE using an ASN1_TYPE structure.

Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Dr. Stephen Henson
b1f3442857 Remove d2i_X509_PKEY and i2d_X509_PKEY
Remove partially implemented d2i_X509_PKEY and i2d_X509_PKEY: nothing
uses them and they don't work properly. Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 15:39:18 +00:00
Dr. Stephen Henson
8e3f0c988f update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-26 00:44:22 +00:00
Dr. Stephen Henson
cb14aec713 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 15:48:16 +00:00
Dr. Stephen Henson
1300705a47 update ordinals
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-24 18:58:51 +00:00
Richard Levitte
e30a64fae7 Update ordinals
Thanks to the change of mkdef.pl, a few more deprecated functions were
properly defined in util/libeay.num.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 19:46:53 +01:00
Richard Levitte
fa327fafe2 Teach mkdef.pl to handle multiline declarations.
For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 19:46:53 +01:00
Dr. Stephen Henson
4fe67498b0 Remove deleted functions, update ordinals.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 13:47:57 +00:00
Dr. Stephen Henson
eef53ee50b Update ordinals, fix error message.
Update error messages to say "EC is disabled" these can then be picked up
by mkdef.pl.

Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-15 15:56:24 +00:00
Dr. Stephen Henson
b5f07d6a66 Remove obsolete declarations.
Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been
used internally in OpenSSL for some time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 14:12:17 +00:00
Dr. Stephen Henson
f9c850c734 Update mkstack.pl to match safestack.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 14:05:27 +00:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Dr. Stephen Henson
99e1ad3c4b update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 16:55:18 +00:00
Matt Caswell
65aaab2fa6 Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06 14:06:16 +00:00
Dr. Stephen Henson
d62bc5d30f update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 15:44:41 +00:00
Dr. Stephen Henson
437b14b533 Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-02 13:26:29 +00:00
Rich Salz
7cd6069c74 Remove ui_compat
This is the last of the old DES API.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 14:52:40 -05:00
Rich Salz
5b18d3025c util/mkstack.pl now generates entire safestack.h
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:47:53 -05:00
Rich Salz
1a53f1d68b Have mkdef.pl ignore APPLINK settings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:45:29 -05:00
Dr. Stephen Henson
a283d2a80a Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 12:16:58 +00:00
Rich Salz
1f7103b6eb Fix various build breaks
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
        - Various old code has been removed
        - Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-04 18:50:00 -05:00
Dr. Stephen Henson
f0983d3953 Updates to reformat script.
Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-04 19:03:44 +00:00
Rich Salz
c303d4d868 old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-02 22:40:36 -05:00
Matt Caswell
0c2837564c Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:11 +00:00
Matt Caswell
7317192c64 Fix various windows compilation issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 22:55:15 +00:00
Matt Caswell
dc0e9a35fa Fix no-ocb for Windows
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 10:39:15 +00:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
c73ad69017 OPENSSL_NO_xxx cleanup: RFC3779
Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up.  Sorry I ignored you, poor little VMS...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:19:14 -05:00
Rich Salz
c436e05bdc Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-24 16:27:03 -05:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Dr. Stephen Henson
f9be4da00e Delete trailing whitespace from output.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Dr. Stephen Henson
09f4d9c0f9 Add -d debug option to save preprocessed files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Dr. Stephen Henson
f8180c63ec Test option -nc
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
4664862013 Add ecp_nistz256.c to list of files skipped by openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
66186aeeb0 Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
51428a12e4 Amend openssl-format-source so that it give more repeatable output
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
9d51824b3b Manually reformat aes_core.c
Add aes_core.c to the list of files not processed by openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
572cee384d Add obj_dat.h to the list of files that will not be processed by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
24a5f17b6a Fix logic to check for indent.pro
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
2dc57eb5a7 Fix make errors
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
2f1ac20bb3 Make the script a little more location agnostic
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
acb82df4d3 Provide script for filtering data initialisers for structs/unions. indent just can't handle it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Dr. Stephen Henson
6f08264e2f Script fixes.
Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
ff7ca7a336 Run expand before perl, to make sure things are properly aligned
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Richard Levitte
d09481a10f Force the use of our indent profile
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Tim Hudson
849c80bc5d Provide source reformating script. Requires GNU indent to be
available.

Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-22 09:20:07 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Matt Caswell
2d2671790e Make output from openssl version -f consistent with previous versions
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-13 11:27:36 +00:00
Matt Caswell
964012dc5a Ensure internal header files are used from mk1mf based builds
Reviewed-by: Richard Levitte: <levitte@openssl.org>
2015-01-13 09:26:38 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Matt Caswell
732192a079 Fix no-deprecated on Windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 12:06:39 +00:00
Matt Caswell
1211e29c16 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 12:06:06 +00:00
Matt Caswell
5c5e7e1a7e Fix build failure on Windows due to undefined cflags identifier
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-08 19:21:24 +00:00
Matt Caswell
b691154e18 Remove blank line from start of cflags character array in buildinf.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-06 15:32:01 +00:00
Dr. Stephen Henson
c05febfa4f update ordinals
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7bc0)
2015-01-05 16:51:54 +00:00
Rich Salz
e03b29871b RT3548: Remove outdated platforms
This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 21:11:09 -05:00
Matt Caswell
488f16e31b Fix a problem if CFLAGS is too long cversion.c fails to compile when config
is run with --strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 14:02:15 +00:00
Matt Caswell
07c4c14c47 Turn on OPENSSL_NO_DEPRECATED by default.
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:56:31 +00:00
Matt Caswell
fd0ba77717 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Rich Salz
a4a934119d Remove old private pod2man
Include Richard's point to remove the 'sh -c' wrapper

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:10:59 -05:00
Matt Caswell
02a62d1a4a Move bn internal functions into bn_int.h and bn_lcl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
1939187922 Make bn opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Dr. Stephen Henson
7bca0a1db5 Remove fips directories from mkfiles.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d Remove fips.h reference.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Guenter
333fad9f2d NetWare compilation fix.
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.

PR#3569
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-27 14:02:09 +00:00
Dr. Stephen Henson
3881d8106d New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-19 18:11:37 +00:00
Mike Bland
32bb5c3953 Add whrlpool and camellia .s files to perlasm list
Change-Id: I626d751f19f24df6b967c17498d6189cc0acb96c
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:45:11 -05:00
Mike Bland
8308411297 Improve variable parsing when generating MINFO
Before this change, variables for which a '=' appeared in the assignment would
be parsed as the entire string up until the final '='. For example:

  BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

would result in the variable name "BUILD_CMD=shlib_target". This doesn't
appear to harm the current generation of MINFO, but creates problems for other
Makefile-related work I'm attempting.

Change-Id: I1f3a606d67fd5464bb459e8f36c23b3e967b77e1
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:44 -05:00
Mike Bland
5444b11bef Emit PERLASM_SCHEME to fix GitMake on OS X
This fixes the errors when trying to assemble .s files using GitMake on OS X.

Change-Id: I2221f558619302d22e0c57d7203173d634155678
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:26 -05:00
Tim Hudson
c882abd522 no-ssl2 with no-ssl3 does not mean drop the ssl lib
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-10-20 15:12:17 +10:00
Matt Caswell
3dd814ac4d Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num
2014-10-15 08:56:16 -04:00
Ben Laurie
71614df485 Fix single makefile.
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
2014-10-06 18:07:55 +01:00
Emilia Kasper
51b7be8d5f make update
Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-23 18:37:23 +02:00
Emilia Kasper
2f32016bb9 make update
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:19:36 +02:00
Dr. Stephen Henson
b0bbe49360 sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-05 13:44:18 +01:00
Dr. Stephen Henson
e0fc7961c4 Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 19:41:29 +01:00
Dr. Stephen Henson
841072ef65 Add test header, sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 20:51:06 +01:00
Dr. Stephen Henson
03c075e572 Windows build fixes.
Add cmac.h to mkdef.pl
Remove ENGINE_load_rsax from engine.h: no longer built.
Update ordinals
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 22:57:37 +01:00
Dr. Stephen Henson
70857a4a00 Windows build fixes. 2014-07-01 14:11:28 +01:00
Viktor Dukhovni
66d884f067 Implement sk_deep_copy. 2014-06-22 20:24:18 -04:00
Dr. Stephen Henson
a50f71868e Fix Windows build.
(cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5)
2014-06-12 10:58:12 +01:00
Ben Laurie
894172f207 Only copy opensslconf.h at init time. 2014-05-24 15:42:18 +01:00
Geoff Thorpe
647f360e2e util/mkerr.pl: fix perl warning
Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-25 14:31:05 -04:00
Geoff Thorpe
c9011ec460 util/mkdef.pl: o_time.h doesn't exist any more
o_time.h was removed in commit ff49a94, which breaks "make update"
unless mkdir.pl is updated accordingly.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-25 01:01:17 -04:00
Dr. Stephen Henson
14c67a7004 Update ordinals.
Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8)
2014-03-12 14:42:08 +00:00
Andy Polyakov
779c51c644 BC-32.pl: refresh Borland C support.
PR: 3251
Suggested by: Thorsten Schning
2014-02-24 16:42:40 +01:00
Dr. Stephen Henson
f3a3903260 Don't use getcwd in non-copy builds. 2014-02-15 20:16:54 +00:00
Ben Laurie
6311681236 Build on MacOS. 2014-02-09 12:49:04 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly.
PR: 3165
2013-11-12 21:51:37 +01:00
Ben Laurie
99fb221280 Support new asm files. 2013-10-03 11:37:18 +01:00
Ben Laurie
c051cbc83f Clarify FIXME. 2013-07-12 15:03:43 +01:00
Ben Laurie
8bf0eee8d9 Note non-export of CC. 2013-07-12 14:48:13 +01:00
Ben Laurie
82fe001b8d Support new rsaz asm stuff. 2013-07-12 12:48:24 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Ben Laurie
6d84daa5d6 Add aesni-sha256-x86_64. 2013-06-12 14:18:33 +01:00
Ben Laurie
92584bd3d5 Tests pass! 2013-05-05 16:15:34 +01:00
Ben Laurie
342ec250c3 Ugly hack to avoid recompiling the same thing multiple times in parallel. 2013-05-05 15:06:33 +01:00
Dr. Stephen Henson
045b2809f8 Asm build portability.
Don't use Win32 specific options in mk1mf.pl to build assembly language
files.
2013-04-08 14:53:54 +01:00
Ben Laurie
29d422e2a0 Make sure all tests are actually run, plus some fixups for things that
turn out to be made somewhere by existing Makefiles.
2013-04-07 16:52:54 +01:00
Ben Laurie
a7f5cd7fd5 Use original alltests target for definitive test list. 2013-04-06 20:42:38 +01:00
Ben Laurie
afdf366921 Missing semicolon. 2013-04-06 16:17:14 +01:00
Dr. Stephen Henson
fed45e1879 Fix non-copy builds.
Only use -MMD and .sinclude in copy builds: other platforms don't
support them.
2013-04-06 16:05:23 +01:00
Ben Laurie
d07201a2bb Missing file. 2013-04-06 15:25:43 +01:00
Ben Laurie
1a70fe953a Merge, go back to copy-if-different. 2013-04-06 15:15:11 +01:00
Ben Laurie
ea4507ee1c Fix test_ss. 2013-04-06 15:13:12 +01:00
Ben Laurie
4b9af0a101 Add new asm target. 2013-04-06 15:13:12 +01:00
Ben Laurie
e92ce4e35b Show start/end of tests. 2013-04-06 15:13:12 +01:00
Ben Laurie
f5cd3db541 Make session ID test work. 2013-04-06 15:13:12 +01:00
Ben Laurie
15e5f592c1 Make S/MIME test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
509a83dd36 Make RSA test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
8c7f5f3bec Make PKCS#7 test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
188f6443ae Make OCSP test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
3675fb882c More progress towards working tests. 2013-04-06 15:13:11 +01:00
Ben Laurie
3b4d86bff5 Get closer to a working single Makefile with test support. 2013-04-06 15:11:11 +01:00
Dr. Stephen Henson
3fce3f6b2b Use $(PERL) when calling scripts in mk1mf.pl 2013-04-03 22:38:18 +01:00
Ben Laurie
897dfd4eaa Use CFLAG for LFLAGS instead of the nonexistent CFLAGS. 2013-03-05 05:55:19 +00:00
Ben Laurie
feb4c32786 Remove unused variable. 2013-03-04 22:48:38 +00:00
Ben Laurie
63d86d067a Actually comment out the cpuid asm! 2013-03-04 20:31:59 +00:00
Ben Laurie
35ced1f705 Merge branch 'master' of openssl.net:openssl
Conflicts:
	util/mk1mf.pl
2013-03-04 20:26:17 +00:00
Dr. Stephen Henson
71a16946dc Fix WIN32 build.
Make assembly language handling conditional on the "copy" platform
as Windows does its own thing here.
2013-03-04 19:21:32 +00:00
Ben Laurie
654d227a86 Only copy headers if they've changed. 2013-03-04 16:56:18 +00:00
Ben Laurie
2f297fce73 Don't make CPUID stuff twice. 2013-03-04 16:10:47 +00:00
Ben Laurie
656829b78f Handle assembler files. 2013-03-04 14:31:19 +00:00
Ben Laurie
7b0d591dc3 Allow variables to be overridden on the command line. 2013-03-04 14:31:18 +00:00
Ben Laurie
7bbb8c5620 Take the first definition of a variable. 2013-03-04 14:31:18 +00:00
Ben Laurie
d0aeeee176 Use "copy" instead of "auto". 2013-03-04 14:31:18 +00:00
Ben Laurie
afc1b1eab7 Remove pointless diagnostic. 2013-03-04 14:31:18 +00:00
Ben Laurie
5108690f19 Preserve the C compiler. 2013-03-04 14:31:18 +00:00
Ben Laurie
3c76bcded0 Inherit CFLAGS when plaform is "auto". 2013-03-04 14:31:18 +00:00
Ben Laurie
45ba475b81 Remove empty command. 2013-03-04 14:31:18 +00:00
Ben Laurie
7067cbc8b5 Spelling. 2013-03-04 14:31:18 +00:00
Ben Laurie
f990fae812 Add dependency on destination directory. 2013-03-04 14:31:18 +00:00
Ben Laurie
a32d9eaf07 Spelling. 2013-03-04 14:31:18 +00:00
Ben Laurie
f953c2d039 Add reallyclean target. 2013-03-04 14:31:18 +00:00
Dr. Stephen Henson
8109e8305b Add ordinal for CRYPTO_memcmp: since this will affect multiple
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14e7)
2013-02-06 14:19:08 +00:00
Dr. Stephen Henson
498e89fe9d fix domd 2013-01-23 00:43:09 +00:00
Andy Polyakov
a006fef78e Improve WINCE support.
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Andy Polyakov
fb0a520897 util/pl/VC-32.pl fix typo. 2012-12-18 18:07:20 +00:00
Andy Polyakov
668bcfd5ca util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).
2012-12-18 09:42:31 +00:00
Andy Polyakov
8774f78d1b VC-32.pl: fix typo.
Submitted by: Pierre Delaage
2012-12-16 19:39:24 +00:00
Andy Polyakov
1e98169086 mk1mf.pl: correct flags. 2012-10-29 22:23:58 +00:00
Andy Polyakov
536a16435b util/fipslink.pl: further adjustments. 2012-10-27 23:36:43 +00:00
Andy Polyakov
7f5bf370db util/fipslink.pl: fix typo. 2012-10-27 21:21:09 +00:00
Andy Polyakov
fe5772e9d0 util/fipslink.pl: allow for single-step link. 2012-10-27 21:16:45 +00:00
Andy Polyakov
8be18f3459 util/pl/VC-32.pl: make fipscanister.lib universally usable. 2012-10-27 21:16:00 +00:00
Dr. Stephen Henson
6a45ea4f88 use correct year automatically 2012-10-22 13:02:42 +00:00
Dr. Stephen Henson
9053c139fd update ordinals 2012-08-05 18:14:21 +00:00
Andy Polyakov
7bb98eee3c mk1mf.pl: replace chop to make it work in mixture of perls for Windows. 2012-07-15 13:40:04 +00:00
Dr. Stephen Henson
ea1d84358b PR: 2840
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
2012-07-03 20:30:40 +00:00
Dr. Stephen Henson
8fdb4f1af3 recognise OPENSSL_NO_SSL_TRACE 2012-07-01 22:12:03 +00:00
Dr. Stephen Henson
263c62467d Update ordinals. 2012-04-03 23:13:23 +00:00
Andy Polyakov
86963f40f8 util/cygwin.sh update.
PR: 2761
Submitted by: Corinna Vinschen
2012-03-31 11:06:46 +00:00
Dr. Stephen Henson
918fc30fa4 recognise HEARTBEATS in mkdef.pl script 2011-12-31 23:50:01 +00:00
Dr. Stephen Henson
816e243a87 fix deprecated statement 2011-12-27 14:39:13 +00:00
Dr. Stephen Henson
995a6b10e1 recognise no-sctp 2011-12-25 14:59:52 +00:00
Dr. Stephen Henson
9ef562bcc6 recognise SCTP in mkdef.pl script 2011-12-25 14:46:15 +00:00
Dr. Stephen Henson
e43bfb2906 recognise DECLARE_PEM_write_const, update ordinals 2011-12-23 14:58:30 +00:00
Dr. Stephen Henson
9c52c3e07c delete unimplemented function from header file, update ordinals 2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
1394b29120 sync and update ordinals 2011-12-22 16:11:47 +00:00
Dr. Stephen Henson
67ef4f63f1 use different names for asm temp files to avoid problems on some platforms 2011-12-10 13:29:38 +00:00
Dr. Stephen Henson
4521eda739 sync and update ordinals 2011-11-22 14:46:09 +00:00
Dr. Stephen Henson
5b6aaac9e6 add cryptlib.h to mkdef.pl 2011-11-22 14:44:58 +00:00
Dr. Stephen Henson
8ce6421803 sync and update ordinals 2011-11-21 22:57:41 +00:00
Dr. Stephen Henson
2c3ee8ad80 add strp.h to mkdef.pl headers 2011-11-21 22:55:23 +00:00
Andy Polyakov
6a0ea5d239 fipsld, incore: switch to new cross-compile support. 2011-11-06 23:22:58 +00:00
Andy Polyakov
16190a71ff mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I. 2011-10-21 19:34:48 +00:00
Bodo Möller
f391750205 "make update" (partial) 2011-10-19 15:29:14 +00:00
Dr. Stephen Henson
6b0ac883d0 Recognise new option. 2011-10-19 11:44:25 +00:00
Bodo Möller
e0d6132b8c Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Dr. Stephen Henson
0feb83e222 Synv ordinals with 1.0.1-stable. 2011-10-09 23:16:20 +00:00
Dr. Stephen Henson
7bd4095b12 Sync ordinals with 1.0.1-stable. 2011-10-09 15:29:43 +00:00
Dr. Stephen Henson
549cd657fd Add fips/ecdh directory. 2011-10-07 18:18:50 +00:00
Andy Polyakov
2b1f17f83f Make latest assembler additions (vpaes and e_padlock) work in Windows build. 2011-09-18 15:40:11 +00:00
Dr. Stephen Henson
b63698b70d Don't use vpaes in fips builds and exclude from restricted tarball. 2011-09-15 21:06:37 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
e4588dc486 Add /fixed option to linker with fips builds. 2011-09-08 13:55:47 +00:00
Dr. Stephen Henson
c41b505459 Sync ordinals with 1.0.1-stable. 2011-09-01 17:12:35 +00:00
Andy Polyakov
f7eb0ab9ac util/incore: fix typo. 2011-08-27 19:37:25 +00:00
Dr. Stephen Henson
513e28c0a4 Include armcap.c in fips tarball. 2011-08-11 17:30:07 +00:00
Andy Polyakov
057037e719 util/incore: fix brown-bag bug. 2011-07-22 10:24:40 +00:00
Andy Polyakov
b7724f6f55 util/incore: make transition smoother. 2011-07-22 10:13:52 +00:00
Andy Polyakov
167cb62537 fips_canister.c: add support for embedded ppc linux. 2011-07-22 09:42:11 +00:00
Dr. Stephen Henson
eca7358be3 Additional error checking. 2011-07-02 15:57:35 +00:00
Dr. Stephen Henson
01f06617b1 Recognise fipscheck option and call fipsas for WIN64 builds. 2011-06-30 19:18:41 +00:00
Dr. Stephen Henson
dbfa236977 get the filename right 2011-06-24 13:48:18 +00:00
Dr. Stephen Henson
419989d2ec Add sparcv9cap.c to restricted tarball. 2011-06-24 13:45:44 +00:00
Dr. Stephen Henson
cb551bfab7 typo 2011-06-22 12:59:53 +00:00
Dr. Stephen Henson
ce02589259 Now the FIPS capable OpenSSL is available simplify the various FIPS test
build options.

All fispcanisterbuild builds only build fipscanister.o and include symbol
renaming.

Move all renamed symbols to fipssyms.h

Update README.FIPS
2011-06-22 12:30:18 +00:00
Dr. Stephen Henson
0b41fcc2cb Strip CRs when installing fips_premain.c Correct compat library rule
in FIPS mode.
2011-06-18 17:18:25 +00:00
Dr. Stephen Henson
c3de647e7d Update to mk1mf.pl and ms\do_fips.bat to install relevant files for
WIN32 FIPS builds.
2011-06-15 21:04:09 +00:00
Dr. Stephen Henson
38f90d06d7 sync and update ordinals 2011-06-12 15:40:06 +00:00
Dr. Stephen Henson
19cd2049f7 Don't export functions marked as FIPSCAPABLE. 2011-06-12 15:38:36 +00:00
Dr. Stephen Henson
05b4fc6c22 oops 2011-05-19 17:55:15 +00:00
Dr. Stephen Henson
0fba7a8fa8 update date 2011-05-19 17:53:04 +00:00
Dr. Stephen Henson
ff636340f5 Typo. 2011-05-13 12:43:41 +00:00
Dr. Stephen Henson
3ece592886 typo 2011-05-13 12:37:40 +00:00
Dr. Stephen Henson
a75829deef Recognise NO_NISTP224-64-GCC-128 2011-05-13 12:35:05 +00:00
Dr. Stephen Henson
b1d00b9611 Add SSL_INTERN definition. 2011-05-12 13:13:07 +00:00
Dr. Stephen Henson
c76e024dde Sync ordinals. 2011-05-11 23:04:10 +00:00
Dr. Stephen Henson
5024b79f5c Inlcude README.ECC in FIPS restricted tarball. 2011-05-11 12:52:51 +00:00
Dr. Stephen Henson
ed1afd327d Omit GF2m properly this time ;-) 2011-05-07 22:36:03 +00:00
Dr. Stephen Henson
dacdd5203d Don't include GF2m source files is NOEC2M set. 2011-05-07 22:22:37 +00:00
Dr. Stephen Henson
524289baa5 Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S
files in fipsdist.
2011-05-06 21:42:34 +00:00
Dr. Stephen Henson
1c6807c9d6 Add ppc_cap.c to restricted tarball. 2011-05-01 16:46:28 +00:00
Dr. Stephen Henson
95c9e774f9 Reconise no-ec-nistp224-64-gcc-128 option. 2011-04-21 20:55:35 +00:00
Dr. Stephen Henson
e161120eff Make fipscanisteronly auto detect work on WIN32. 2011-04-21 16:58:51 +00:00
Dr. Stephen Henson
065d050e7a Update ordinals. 2011-04-21 14:54:13 +00:00
Dr. Stephen Henson
befcced53e Add fips/cmac directory to WIN32 build. 2011-04-18 23:30:59 +00:00
Dr. Stephen Henson
1ccc003b82 Add mem_clr.c explicity for no-asm builds. 2011-04-11 14:53:40 +00:00
Dr. Stephen Henson
4582626544 Auto detect no-ec2m add option to make no-ec2m tarball. 2011-04-10 18:30:13 +00:00
Dr. Stephen Henson
c105c96bac Auto configure for fips is from restricted tarball.
Remove more unnecessary files form fips tarball.
2011-04-10 16:18:19 +00:00
Dr. Stephen Henson
3b5c1dc565 Make WIN32 static builds work again. 2011-04-02 16:51:04 +00:00
Dr. Stephen Henson
dad7851485 Allow setting of get_entropy and get_nonce callbacks outside test mode.
Test mode is now set when a DRBG context is initialised.
2011-03-25 14:38:37 +00:00
Richard Levitte
30fafdebf3 * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
  disabled by default.  If we don't do it this way, it screws up
  libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Richard Levitte
486ec55503 * util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
more need to be added...
2011-03-22 23:54:18 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
548b4763e1 Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.
2011-02-23 15:03:43 +00:00
Dr. Stephen Henson
227d6a9347 Make mkfiles.pl work with fipscanisteronly. 2011-02-22 17:02:14 +00:00
Dr. Stephen Henson
f6e76a67f0 Include ms directory for fips distribution. 2011-02-22 16:48:30 +00:00
Dr. Stephen Henson
d989e4f8c2 Make fipscanisteronly work with WIN32 build system. 2011-02-22 16:36:20 +00:00
Dr. Stephen Henson
558ddad34f Add fips/ecdsa directory to mkfiles.pl 2011-02-22 14:52:23 +00:00
Dr. Stephen Henson
f8c39f3cd0 Remove duplicate test rule. 2011-02-22 14:50:05 +00:00
Dr. Stephen Henson
6d7f706d08 Removing debugging print. 2011-02-22 12:46:17 +00:00
Dr. Stephen Henson
147e6f4465 typo 2011-02-21 19:58:54 +00:00
Dr. Stephen Henson
94a0a96cd8 Initial perl script to filter out unneeded files for a fips tarball. 2011-02-21 19:36:55 +00:00
Dr. Stephen Henson
e3496215a2 *** empty log message *** 2011-02-21 15:15:58 +00:00
Dr. Stephen Henson
eead69f5ed Make fipscanisteronly build only required files. 2011-02-21 14:07:15 +00:00
Dr. Stephen Henson
5d439d6955 Make -DOPENSSL_FIPSSYMS work for assembly language builds. 2011-02-17 19:03:52 +00:00
Dr. Stephen Henson
38bae7baa5 Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.

This makes OPENSSL_FIPSSYMS work for assembly language builds.
2011-02-17 18:08:59 +00:00
Dr. Stephen Henson
c876a4b7b1 Include support for an add_lock callback to tiny FIPS locking API. 2011-02-14 17:05:42 +00:00
Dr. Stephen Henson
36246be915 Make no-ec2m work on Win32 build. Add nexprotoneg support too. 2011-02-12 17:38:40 +00:00
Dr. Stephen Henson
dc527a62a1 Make Windows build work with GCM. 2011-02-11 16:49:01 +00:00
Bodo Möller
9770924f9b OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:57 +00:00
Dr. Stephen Henson
06b433acad Add FIPS support to the WIN32 build system. 2011-02-03 23:12:04 +00:00
Dr. Stephen Henson
7dbbd4b357 add -stripcr option to copy.pl from 0.9.8 2011-02-03 14:57:51 +00:00
Dr. Stephen Henson
544c84b720 Add Windows FIPS build utilities. 2011-02-03 14:20:59 +00:00
Dr. Stephen Henson
53f7633739 Add FIPS support to mkdef.pl script, update ordinals. 2011-02-03 12:59:01 +00:00
Bodo Möller
e2b798c8b3 Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:51 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
3d6a8954f8 update mkerr.pl for use fips directory, add arx.pl script 2011-01-26 01:35:07 +00:00
Dr. Stephen Henson
ef3026a325 ignore leading null fields 2010-12-03 19:31:34 +00:00
Andy Polyakov
bc9092f726 VC-32.pl: default to nasm if neither nasm or nasmw is is found at the moment.
PR: 2338
2010-09-13 16:15:17 +00:00
Dr. Stephen Henson
4ed7b78b56 make no-gost work on Windows 2010-09-02 17:45:23 +00:00
Dr. Stephen Henson
d3bb63fc68 sync and update ordinals 2010-08-26 14:27:17 +00:00
Andy Polyakov
1e024f05b2 util/cygwin.sh: maintainer's update.
Submitted by: Corinna Vinschen
2010-08-24 21:51:08 +00:00
Dr. Stephen Henson
75a96dd059 Sync ordinals and update. 2010-07-25 19:13:30 +00:00
Dr. Stephen Henson
18f3385dea Add modes.h and cmac to WIN32 build system. 2010-07-25 18:12:44 +00:00
Dr. Stephen Henson
223c59eae5 Fix WIN32 build system to correctly link ENGINE DLLs contained in a
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:52:43 +00:00
Andy Polyakov
57ae37a003 VC-32.pl: fix /Fd name generation.
PR: 2284
2010-06-09 15:48:25 +00:00
Andy Polyakov
2d060267b1 VC-32.pl: unconditionally generate symbols.pdb. 2010-06-01 06:02:47 +00:00
Dr. Stephen Henson
00a37b5a9b PR: 2220
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:59 +00:00
Dr. Stephen Henson
14021cb821 sync ordinals with 1.0.0 2010-03-27 19:32:11 +00:00
Dr. Stephen Henson
05566760da update year 2010-02-09 14:12:49 +00:00
Dr. Stephen Henson
cc0661374f make update 2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
e92f9f45e8 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
8c02119e39 OPENSSL_isservice is now defined on all platforms not just WIN32 2010-01-26 13:59:32 +00:00
Dr. Stephen Henson
ca9f55f710 export OPENSSL_isservice and make update 2010-01-26 13:52:36 +00:00
Dr. Stephen Henson
a70e377fd8 Support -L options in VC++ link. 2010-01-20 14:04:44 +00:00
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
97438f38df update and sync ordinals 2010-01-12 17:34:39 +00:00
Dr. Stephen Henson
3ddf85033d PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
2010-01-05 17:32:54 +00:00
Andy Polyakov
7766bc1a19 util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and
eliminate duplicate code.
PR: 2086
2009-11-19 22:29:03 +00:00
Dr. Stephen Henson
320d3fd6af PR: 2101 (additional)
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org

Another mingw fix.
2009-11-15 19:05:13 +00:00
Dr. Stephen Henson
ff094bc2d1 PR: 2098
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org

For Cygwin enable zlib and mdc2 by default.
2009-11-11 19:05:20 +00:00
Dr. Stephen Henson
f423c63bb0 make udpate 2009-11-09 14:56:33 +00:00
Dr. Stephen Henson
19a9d0fcea make update 2009-10-18 14:53:00 +00:00
Dr. Stephen Henson
6fb3233778 Update ordinals. 2009-10-15 18:08:05 +00:00
Dr. Stephen Henson
1d42dbaf1e Ooops, missing close quote 2009-09-20 12:46:55 +00:00
Dr. Stephen Henson
23129dec6f add version info for VC-WIN64I too 2009-09-20 11:40:13 +00:00
Dr. Stephen Henson
0287ead9aa PR: 2048
Submitted by: john blair <mailtome200420032002@yahoo.com>
Approved by: steve@openssl.org

Add version info in VC-WIN64A too.
2009-09-19 23:00:55 +00:00
Dr. Stephen Henson
e0d4e97c1a Make update, deleting bogus DTLS error code 2009-09-06 15:58:19 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
e5b2b0f91f Updates from 1.0.0-stable 2009-06-30 15:28:16 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
4f33534c8a PR: 1958
Submitted by: Sean Boudreau <seanb@qnx.com>
Approved by: steve@openssl.org

qnx6 support.
2009-06-17 11:37:44 +00:00
Dr. Stephen Henson
b1b9530165 Sync ordinals from 1.0.0-stable 2009-05-28 21:41:08 +00:00
Richard Levitte
af55c09d9f Have mkdef.pl also handle VAX and Non-VAX differences for VMS 2009-05-15 16:01:39 +00:00
Dr. Stephen Henson
71b7858b1d Update from 1.0.0-stable branch. 2009-05-06 16:55:55 +00:00
Andy Polyakov
8b6fe84404 libeay.num: add ENGINE_load_aesni. 2009-05-03 14:23:16 +00:00
Andy Polyakov
2ff2710ccf Engage nasm optimizations in Win64 build. 2009-04-26 18:05:19 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
220bd84911 Updates from 1.0.0-stable 2009-04-06 15:22:01 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
d6e460d44c Update from 1.0.0-stable 2009-03-31 22:05:04 +00:00
Dr. Stephen Henson
c836f8ef73 Update from stable branch. 2009-03-09 12:30:10 +00:00
Dr. Stephen Henson
b2cf7c6452 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve

Recognise "enable-zlib" in mkdef.pl to handle "zlib" option when passed
to Configure.
2009-02-25 11:55:15 +00:00
Andy Polyakov
0f76640fba Windows-specific addenum to "engage crypto/modes" commit #17716. 2008-12-23 15:15:44 +00:00
Andy Polyakov
75bbf6e14c make depend to work with cross-gcc, compensate for msys glitch.
PR: 1753
Submitted by: Alon Bar-Lev
2008-12-19 13:35:09 +00:00
Bodo Möller
48114ec952 experimental-foo support for mk1mf.pl. 2008-12-02 23:50:22 +00:00
Dr. Stephen Henson
fd252de312 Update libeay.num 2008-11-24 17:46:29 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
4e50072d56 mk1mf.pl update from stable branch. 2008-11-12 18:52:58 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
ab7e09f59b Win32 fixes... add new directory to build system. Fix warnings. 2008-10-27 12:31:13 +00:00
Ben Laurie
2b7b1cad10 Ignoring errors in makedepend can hide problems. 2008-09-09 19:08:40 +00:00
Dr. Stephen Henson
869eb9e767 Update ordinals. 2008-06-22 01:09:14 +00:00
Dr. Stephen Henson
ce04f91951 Sync ordinals. 2008-06-06 15:57:16 +00:00
Dr. Stephen Henson
ec0bfca7e7 Remove uidlg library from VC-32.pl, it is now bound at runtime. 2008-06-05 23:42:04 +00:00
Dr. Stephen Henson
9ab89286a2 Sync ordinals with stable branch. 2008-06-05 11:10:49 +00:00
Dr. Stephen Henson
5329130333 Link in extra CryptoAPI related libraries if needed. 2008-06-05 10:51:48 +00:00
Dr. Stephen Henson
09a6e19431 Update ordinals. 2008-06-04 11:52:36 +00:00
Dr. Stephen Henson
863d447e0b Remove store from Windows build. 2008-06-04 11:45:15 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
4f7f411719 Update year. 2008-06-02 23:41:38 +00:00
Dr. Stephen Henson
d8bd55a364 Update from stable branch. 2008-06-01 11:07:34 +00:00
Dr. Stephen Henson
841c91d6e4 Update from stable branch. 2008-05-31 23:48:02 +00:00
Dr. Stephen Henson
a4792168ec Update VC-32.pl and load CryptoAPI engine in the right place. 2008-05-31 23:21:40 +00:00
Dr. Stephen Henson
174c86a216 Recognize LHASH_OF(). 2008-05-31 21:20:53 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
65fd877515 Update ordinals. 2008-05-20 12:23:38 +00:00
Dr. Stephen Henson
64ddafc6b6 Update from stable branch. 2008-05-20 11:52:57 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
6819050722 Delete nonexistant function from pkcs7.h header file. WIN32 build fix from
stable branch. Sync and update ordinals.
2008-04-04 00:06:43 +00:00