Commit graph

13282 commits

Author SHA1 Message Date
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 14:07:39 -04:00
Rich Salz
5adac91eab consistent test-start logging
Output a consistent "start" marker for each test.
Remove "2>/dev/null" from Makefile command lines.
Add OPENSSL_CONFIG=/dev/null for places where it's needed, in
order to suppress a warning message from the openssl CLI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 12:28:15 -04:00
Richard Levitte
37d92b1b2b Ignore the non-dll windows specific build directories
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-08 17:16:14 +02:00
Richard Levitte
2da2a4349c Appease clang -Wshadow
The macros BSWAP4 and BSWAP8 have statetemnt expressions
implementations that use local variable names that shadow variables
outside the macro call, generating warnings like this

e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable
      [-Wshadow]
    seqnum = BSWAP8(blocks[0].q[0]);
             ^
../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8'
                            ^
e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here
    size_t ret = 0;
           ^

Have clang be quiet by modifying the macro variable names slightly
(suffixing them with an underscore).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-04 17:07:03 +02:00
Richard Levitte
04958e84d8 Appease clang -Wgnu-statement-expression
We use GNU statement expressions in crypto/md32_common.h, surrounded
by checks that GNU C is indeed used to compile.  It seems that clang,
at least on Linux, pretends to be GNU C, therefore finds the statement
expressions and then warns about them.

The solution is to have clang be quiet about it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-04 17:06:35 +02:00
Richard Levitte
c25dea53e9 Appease clang -Wempty-translation-unit
ebcdic.c:284:7: warning: ISO C requires a translation unit to contain at least one
      declaration [-Wempty-translation-unit]
      ^
1 warning generated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-04 17:05:49 +02:00
Dr. Stephen Henson
40cf454566 update ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
19fcbc8949 make depend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
865b55ac8e remove asn1_mac.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
a469a6770a Remove old ASN.1 functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:30:09 +01:00
Dr. Stephen Henson
1880790e2e Remove unnecessary use of ASN1_const_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:29:48 +01:00
Dr. Stephen Henson
cc5b6a03a3 Rewrite ssl_asn1.c using new ASN.1 code.
Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using
new ASN.1 code and eliminating use of old ASN.1 macros.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 16:58:44 +01:00
Dr. Stephen Henson
4fb6b0def1 Add macro to implement static encode functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 16:58:44 +01:00
Rich Salz
22ebaae08c Fewer newlines in comp method output
Print "supported compression methods" all on one line.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-02 15:58:10 -04:00
Andy Polyakov
7eeeb49e11 modes/asm/ghashv8-armx.pl: up to 90% performance improvement.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-02 10:03:09 +02:00
Andy Polyakov
be5a87a1b0 sha/asm/sha*-armv8.pl: add Denver and X-Gene esults.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-02 09:50:06 +02:00
Andy Polyakov
94376cccb4 aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
ARM has optimized Cortex-A5x pipeline to favour pairs of complementary
AES instructions. While modified code improves performance of post-r0p0
Cortex-A53 performance by >40% (for CBC decrypt and CTR), it hurts
original r0p0. We favour later revisions, because one can't prevent
future from coming. Improvement on post-r0p0 Cortex-A57 exceeds 50%,
while new code is not slower on r0p0, or Apple A7 for that matter.

[Update even SHA results for latest Cortex-A53.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-02 09:47:56 +02:00
Andy Polyakov
7b644df899 perlasm/arm-xlate.pl update (fix end-less loop and prepare for 32-bit iOS).
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-02 09:37:28 +02:00
Andy Polyakov
449e3f2601 Configure: android-arm facelift.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-02 09:36:32 +02:00
Emilia Kasper
11305038e9 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-01 22:31:28 +02:00
Richard Levitte
0f2596ac54 Remove SSL_TASK, the DECnet Based SSL Engine - addendum
A bit of cleanup was forgotten.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-31 22:19:22 +02:00
Richard Levitte
5098c029ce Remove SSL_TASK, the DECnet Based SSL Engine
This engine is for VMS only, and isn't really part of the core OpenSSL
but rather a side project of its own that just happens to have tagged
along for a long time.  The reasons why it has remained within the
OpenSSL source are long lost in history, and there not being any real
reason for it to remain here, it's time for it to move out.

This side project will appear as a project in its own right, the
location of which will be announced later on.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-31 21:59:43 +02:00
Dr. Stephen Henson
b9395187df Remove old ASN.1 code from evp_asn1.c
Rewrite ASN1_TYPE_set_int_octetstring and ASN1_TYPE_get_int_octetstring
to use the new ASN.1 code instead of the old macros.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 19:18:51 +01:00
Richard Levitte
a72d89fda6 Now that we've removed the need for symlinks, we can safely remove util/mklinks.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
0190de80d5 Remove remaining variables for symlinked/copied headers and tests
GitConfigure:   no more 'no-symlinks'

util/bat.sh, util/mk1mf.pl, util/pl/VC-32.pl, util/pl/unix.pl:
- Remove all uses of EXHEADER.
  That includes removing the use if INC_D and INCO_D.
- Replace the check for TEST with a check for [A-Z0-9_]*TEST.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Douglas E Engert
30cd4ff294 Ensure EC private keys retain leading zeros
RFC5915 requires the use of the I2OSP primitive as defined in RFC3447
for storing an EC Private Key. This converts the private key into an
OCTETSTRING and retains any leading zeros. This commit ensures that those
leading zeros are present if required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 16:33:29 +01:00
Matt Caswell
747e16398d Clean up record layer
Fix up various things that were missed during the record layer work. All
instances where we are breaking the encapsulation rules.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-31 14:39:31 +01:00
Matt Caswell
1b34e25c17 Fix record layer "make clean"
The "clean" target in libssl has been updated to handle the new record
layer sub-directory.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-31 14:39:14 +01:00
Richard Levitte
8bf5b8ab22 Fix some faults in util/mk1mf.pl
When building on Unix, there are times when the 'EX_LIB' MINFO variable
contains valuable information.  Make sure to take care of it.

fixrules in util/pl/unix.pl was previously changed with a simpler fix of
rules, with a comment claiming that's compatible with -j.  Unfortunately,
this breaks multiline rules and doesn't change anything for single line
rules.  While at it, do not prefix pure echo lines with a 'cd $(TEST_D) &&',
as that's rather silly.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 15:21:18 +02:00
Dr. Stephen Henson
e93c8748ab Remove duplicate code.
Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence
instead of performing the same operation manually.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Dr. Stephen Henson
22f5bd3dd2 New ASN1_TYPE SEQUENCE functions.
Add new functions ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence:
these encode and decode ASN.1 SEQUENCE using an ASN1_TYPE structure.

Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Dr. Stephen Henson
94f4b4b313 Rewrite X509_PKEY_new to avoid old ASN1. macros.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Dr. Stephen Henson
3a1f43023a Remove unnecessary asn1_mac.h includes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:30 +01:00
Richard Levitte
06affe3dac Initialised 'ok' and redo the logic.
The logic with how 'ok' was calculated didn't quite convey what's "ok",
so the logic is slightly redone to make it less confusing.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-30 05:31:58 +02:00
Andy Polyakov
b1a5d1c652 sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.
Follow-up to sha256-armv4.pl in cooperation with Ard Biesheuvel
(Linaro) and Sami Tolvanen (Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-29 15:24:20 +02:00
Andy Polyakov
51f8d09556 sha/asm/sha256-armv4.pl: fix compile issue in kernel
and eliminate little-endian dependency.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-29 15:22:03 +02:00
Richard Levitte
6a919b44f7 Have a shared library version thats reasonable with our version scheme
The FAQ says this:

    After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
    releases (e.g. 1.0.1a) can only contain bug and security fixes and no
    new features. Minor releases change the last number (e.g. 1.0.2) and
    can contain new features that retain binary compatibility. Changes to
    the middle number are considered major releases and neither source nor
    binary compatibility is guaranteed.

With such a scheme (and with the thinking that it's nice if the shared
library version stays on track with the OpenSSL version), it's rather
futile to keep the minor release number in the shared library version.
The deed already done with OpenSSL 1.0.x can't be changed, but with
1.x.y, x=1 and on, 1.x as shared library version is sufficient.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-29 09:42:58 +02:00
Dr. Stephen Henson
79a578b902 Add private/public key conversion tests
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-29 03:26:12 +01:00
Dr. Stephen Henson
b1f3442857 Remove d2i_X509_PKEY and i2d_X509_PKEY
Remove partially implemented d2i_X509_PKEY and i2d_X509_PKEY: nothing
uses them and they don't work properly. Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 15:39:18 +00:00
Andy Polyakov
f0e6871df2 ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:59:27 +01:00
Rich Salz
c5ba2d9904 free NULL cleanup
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Andy Polyakov
33b188a8e8 Engage vpaes-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:42:12 +01:00
Andy Polyakov
2779c08436 Add vpaes-amrv8.pl module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:41:50 +01:00
Andy Polyakov
1818572d83 Configure: remove unused variables.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:36:40 +01:00
Dr. Stephen Henson
23dc1706e8 Make asn1_ex_i2c, asn1_ex_c2i static.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 12:08:48 +00:00
Dr. Stephen Henson
ee9d76371a Remove combine option from ASN.1 code.
Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26 22:04:15 +00:00
Dr. Stephen Henson
ea6b07b54c Simplify DSA public key handling.
DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.

Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26 22:04:15 +00:00
Dr. Stephen Henson
dd14f91171 ASN1_TYPE documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26 21:59:17 +00:00