Commit Graph

1262 Commits

Author SHA1 Message Date
Richard Levitte
e84193e43d unified build scheme: add a "unified" template for VMS descrip.mms
As part of this, change util/mkdef.pl to stop adding libraries to
depend on in its output.  mkdef.pl should ONLY output a symbol
vector.

Because symbol names can't be longer than 31 characters, we use the
compiler to shorten those that are longer down to 23 characters plus
an 8 character CRC.  To make sure users of our header files will pick
up on that automatically, add the DEC C supported extra headers files
__decc_include_prologue.h and __decc_include_epilogue.h.

Furthermore, we add a config.com, so VMS people can configure just as
comfortably as any Unix folks, thusly:

    @config

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00
Richard Levitte
deb02194d2 unified build scheme: give util/dofile.pl the possibility to output selectively
Under certain conditions, one might not want to output certain
sections of a template file.  This adds the functions output_off() and
output_on(), reachable inside the templates.  And example usage in a
Makefile template could be this:

	@ : {- output_off() if $config{no_shared}; "" -}
	... lines dealing with shared libraries
	@ : {- output_on() -}

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:04 +01:00
Rich Salz
7984f082d5 Remove store.
Rebased and merged by me, with Ben's approval.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-10 07:56:26 -05:00
Matt Caswell
35d8fa563c Updates for auto init/deinit review comments
Fixes for the auto-init/deinit code based on review comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:12:02 +00:00
Matt Caswell
498abff0ae Add an OPENSSL_NO_AUTOERRINIT option
This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7fa792d14d Auto init/de-init libssl
Building on the pervious commit to auto initialise and de-initialise libssl

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
b184e3ef73 Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Richard Levitte
d746591886 unified build scheme: adjust some scripts
util/mkdef.pl and Makefile.shared needs to know about the source and
the build directories.

Additionally, Makefile.shared needs to know how to build shared
libraries in a directory other than the current one.

Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-09 11:43:19 +01:00
Dr. Stephen Henson
584bdebc3f make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:49 +00:00
Dr. Stephen Henson
70c7778db1 rename old functions names in libeay.num
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:49 +00:00
Dr. Stephen Henson
b577fd0b81 Deprecate undocumented SSL_cache_hit().
Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a
real function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 16:57:07 +00:00
Rob Percival
b00387a0a3 Make TESTS= work with "nmake -f ms/ntdll.mak tests"
This works on Linux with Make already, and allows running only specified
tests.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 13:57:29 +01:00
Dr. Stephen Henson
8a07e27cd8 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 18:18:28 +00:00
Kurt Roeckx
e6f601cef5 Add BIO_ADDR_clear to libeay.num
Reviewed-by: Matt Caswell <matt@openssl.org>

MR: #1874
2016-02-06 15:27:19 +01:00
Ellinger, Wesley M
2b52de9a37 RT4070: Improve struct/union regexp
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-05 14:26:50 -05:00
Matt Caswell
3edeb622ba Make DTLSv1_listen a first class function and change its type
The DTLSv1_listen function exposed details of the underlying BIO
abstraction and did not properly allow for IPv6. This commit changes the
"peer" argument to be a BIO_ADDR and makes it a first class function
(rather than a ctrl) to ensure proper type checking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05 19:12:18 +00:00
Viktor Dukhovni
cc5a9ba485 Restore -no_comp switch for backwards compatible behaviour
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-05 11:00:53 -05:00
Dr. Stephen Henson
141c6095f2 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:34 +00:00
Todd Short
52739e40cc Add option to disable async
Add no-async option to Configure that forces ASYNC_NULL.
Related to RT1979
An embedded system or replacement C library (e.g. musl or uClibc)
may not support the *context APIs that are needed for async operation.

Compiles with musl. Ran unit tests, async tests skipped as expected.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 12:07:50 -05:00
Viktor Dukhovni
4c35c93661 Handle localhost being either 127.0.0.1 or ::1
When connecting to "localhost" the Proxy's choice of client address
family may not match the server's choice address family.  Without
MultiHomed => 1, the proxy may try the wrong address family first,
and give up without trying the other.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-03 21:18:24 -05:00
Richard Levitte
ef2499298b Use matching quotes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04 01:44:51 +01:00
Richard Levitte
db73bd2208 Make the mk1mf 'mv' command variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04 01:41:14 +01:00
Richard Levitte
b7d53d411e Refactoring BIO: small test correction
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 22:15:45 +01:00
Richard Levitte
72b65aa4cb Refactoring BIO: add a simple networking test of s_client and s_server
This makes use of TLSProxy, which was expanded to use IO::Socket::IP
(which is a core perl module) or IO::Socket::INET6 (which is said to
be more popular) instead IO::Socket::INET if one of them is installed.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 20:36:59 +01:00
Richard Levitte
2fcff74c87 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
83be2778fe Refactoring BIO: add error macros & text, and make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Emilia Kasper
dc5744cb78 RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:

SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.

SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).

The command-line switch has changed from -no_comp to -comp.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-03 18:08:16 +01:00
Dr. Stephen Henson
01a35a5da7 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-02 17:17:38 +00:00
Rich Salz
f1f07a2367 Better check for gcc/clang
Iteratively improved with Richard and Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-01 09:42:10 -05:00
Dr. Stephen Henson
be2e334fce Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 22:18:30 +00:00
Dr. Stephen Henson
7ab507495b Add function to return internal enoding of X509_NAME.
PR#4280

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-30 16:02:48 +00:00
Rich Salz
ced2c2c598 Templatize util/domd
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 16:56:07 -05:00
Rich Salz
723acb1445 Merge error, wrong domd submitted.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 11:36:21 -05:00
Rich Salz
96d608beb0 Remove clean-depend
Remove depend hacks from demos/engines.
Remove clean-depend; just call makedepend (or $CC -M) and use that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 11:15:20 -05:00
Rich Salz
cc373a37a1 Remove extraneous output from util/mk scripts
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 15:52:56 -05:00
Rich Salz
3538c7da3d Add CRYPTO_secure_zalloc
Also turn B<foo> into foo() in the pod page.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-27 23:34:13 -05:00
Matt Caswell
a18a31e49d Add SSL_up_ref() and SSL_CTX_up_ref()
The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-26 13:19:10 +00:00
Matt Caswell
1bca5888da Remove dirs from mkfiles.pl
Recent changes have removed some directories which is causing mkfiles.pl
to fail.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26 10:29:48 +00:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Richard Levitte
107b5792b2 Refactor file writing - Remake Makefile.org into a template
It is time for Makefile.org to fold into the new regime and have a run
through util/dofile.pl.  This forces some information out of there and
into Configure, which isn't a bad thing, it makes Configure
increasingly the center of build information, which is as it should
be.

A few extra defaults were needed in the BASE template to get rid of
warnings about missing values.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:07:11 +01:00
Richard Levitte
e8cdcd52b3 Now that Configure doesn't produce tools/c_rehash, mk1mf has to do it
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 18:36:08 +01:00
Rich Salz
cf2cede4a7 Move pqueue into ssl
This is an internal facility, never documented, not for
public consumption.  Move it into ssl (where it's only used
for DTLS).

I also made the typedef's for pqueue and pitem follow our style: they
name structures, not pointers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-24 18:25:04 -05:00
Richard Levitte
bcfa685ecc Remove extra unused variable in util/dofile.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-23 21:20:30 +01:00
Richard Levitte
3fa04f0d72 Refactor file writing - Adapt util/mkdef.pl to use configdata.pm
For this adaptation, the variables $options and $version needed to
move to %config in Configure, and why not move all other variables
holding diverse version numbers at the same time?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-22 23:21:30 +01:00
Richard Levitte
632b309280 Refactor file writing - adapt util/dofile.pl to use with_fallback
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-22 23:12:22 +01:00
Richard Levitte
35c3a562c7 Refactor file writing - arrange for use of bundled Perl modules as fallback
For our own convenience, we need a mechanism to be able to fall back
on bundled Perl modules.  It's a minimal package that's called like
this:

    use with_fallback qw(Module1 Module2 ...);

For each module, it will try to require them from the system
installation, and failing that, it will temporarly add external/perl
and try to require transfer::{ModuleName}.  It requires that each
bundled Perl modules is accompanied by a small transfer module
(external/perl/transfer/ModuleName.pm in our example) that knows
exactly what to load.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-22 23:12:22 +01:00
Richard Levitte
291e94df90 Refactor file writing - introduce template driven file writing
apps/CA.pl and tools/c_rehash are built from template files.  So far,
this was done by Configure, which created its own problems as it
forced everyone to reconfigure just because one of the template files
had changed.
Instead, have those files created as part of the normal build in apps/
and in tools/.

Furthermore, this prepares for a future where Configure may produce
entirely other build files than Makefile, and the latter can't be
guaranteed to be the holder of all information for other scripts.
Instead, configdata.pm (described below) becomes the center of
configuration information.

This introduces a few new things:

%config         a hash table to hold all kinds of configuration data
                that can be used by any other script.
configdata.pm   a perl module that Configure writes.  It currently
                holds the hash tables %config and %target.
util/dofile.pl  a script that takes a template on STDIN and outputs
                the result after applying configuration data on it.
                It's supposed to be called like this:

                        perl -I$(TOP) -Mconfigdata < template > result

                or

                        perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result

                Note: util/dofile.pl requires Text::Template.

As part of this changed, remove a number of variables that are really
just copies of entries in %target, and use %target directly.  The
exceptions are $target{cflags} and $target{lflags}, they do get copied
to $cflags and $lflags.  The reason for this is that those variable
potentially go through a lot of changes and would rather deserve a
place in %config.  That, however, is for another commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-22 23:12:22 +01:00
Richard Levitte
d74dfafd8b Refresh the thinking of --prefix and --openssldir
--prefix is now exclusively used for software and manual installation.
--openssldir is not exclusively used as a default location for certs,
keys and the default openssl.cnf.

This change is made to bring clarity, to have the two less
intertwined, and to be more compatible with the usual ways of software
installation.

Please change your habits and scripts to use --prefix rather than
--openssldir for installation location now.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-22 00:52:31 +01:00
Matt Caswell
a8eda4312d Remove the GOST engine
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.

See:
https://wiki.openssl.org/index.php/Binaries

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 22:29:32 +00:00
Dr. Stephen Henson
aa291c62a7 prf redirection build fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-19 15:33:45 +00:00
Kristian Amlie
86334b6a61 Don't use "grep -q", "-q" is not POSIX, and fails on Solaris.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-18 16:16:20 +01:00
Rich Salz
213f60bf17 Accessor update; fix API, document one.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-17 16:58:36 -05:00
Rich Salz
9e5cd4bac7 Add some accessors.
Author: Remi Gacogne <rgacogne-github@coredump.fr>
GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of
a OCSP_SINGLERESP. It is possible to do it the other way around using
OCSP_resp_find(), but this is more efficient when you have a tree indexed
by OCSP_CERTID, like haproxy does. (This is also RT4251)

Author: Marek Klein <kleinmrk@gmail.com>
GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a
OCSP_BASICRESP
GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and
TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 10:38:03 -05:00
Dr. Stephen Henson
8e237299b0 fix no-engine build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-16 22:29:48 +00:00
Richard Levitte
56afc18714 Avoid the r modifier for s/// (perl)
It seems that the r modifier for s/// is fairly new.  It's reported
not to exist in perl 5.10.1, so it's better to avoid it when
possible.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-14 20:51:47 +01:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Rich Salz
47153c7253 Make SSL_set_debug deprecated in 1.1
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-14 12:30:32 -05:00
Rich Salz
3a4e9367d8 RT4232: Extra space in help message.
It turns out that -pause calls the undocumented function SSL_set_debug.
That just sets flag inside the SSL structure.  That flag, despite
the command is never used.  So remove the flag, the field, and the
function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-14 11:32:18 -05:00
Viktor Dukhovni
d9e309a675 Fix verify(1) to report failure when verification fails
Regenerated expired test certificates, good for the next 100 years.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 17:55:17 -05:00
Richard Levitte
b7cb764614 Reorder the ordinals in libeay.num
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 21:34:28 +01:00
Richard Levitte
a33b13128f Quick fix of debugging option for mk1mf.pl.
util/mk1mf.pl was relying on the platform having the 'debug-' prefix
for doing a debug build.  Since the setup of targets has changed, this
is no longer true.  However, it can look for '--debug' in the command
line options.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 20:54:17 +01:00
Rich Salz
3aef36ffef Add CRYPTO_EX_DATA; remove EC_EXTRA_DATA
Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov.
Had to add various exdata calls to init/copy/free the exdata.
Had to remove const from some EC functions because exdata isn't
const-correct. :(
Also remove EC_EXTRA_DATA and use a union to hold the possible
pre-computed values and an enum to tell which value is in the
union. (Rich Salz)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 14:32:59 -05:00
Dr. Stephen Henson
7de1f0721f recognise no-crypto-mdebug
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 18:08:19 +00:00
Richard Levitte
ff4b7fafb3 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
d9aad55a50 Make sure to have both upper and mixed case symbols in SYMBOL_VECTOR
It was assumed that the syntax FOO/Foo=PROCEDURE would create both an
upper case and mixed case symbol in the GST.  Not so, it requires
having both FOO/Foo=PROCEDURE (to create the upper case alias) and
Foo=PROCEDURE (to create the mixed case slot).

We make sure that any symbol always occupies two slots (even those
that don't exist) by filling up with SPARE when necessary.  That will
assure that any changes will still have the same symbols in the same
slots no matter what (save a complete rewrite of the ordinals files).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 04:44:24 +01:00
Richard Levitte
d4b009d5f8 Use SPARE instead of PRIVATE_PROCEDURE to reserve unused SYMBOL_VECTOR slots
It was assumed that a dummy with the type PRIVATE_PROCEDURE would
simply occupy a slot but otherwise ignore the symbol.  Not so, but
there is SPARE for that purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 04:44:24 +01:00
Richard Levitte
fd40db9ecd The limit per SYMBOL_VECTOR isn't the amount of symbols, it's the line length
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 04:44:24 +01:00
Richard Levitte
6bd3e10b64 VMS INDENTIFICATION should only have the version number
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 04:44:24 +01:00
Richard Levitte
855eff54ec Have mkdef.pl use case sensitive symbols for shareable symbol vector
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 22:41:14 +01:00
Dr. Stephen Henson
abf81f1f2e update ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:42 +00:00
Dr. Stephen Henson
26a884c217 Remove mkstack.pl: it is no longer needed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:42 +00:00
Dr. Stephen Henson
2a056de832 Add lh_doall_arg inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
63c75cd688 Add lh_doall inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
62d0577e0d Add lh_new() inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
e6b5c341b9 Inline LHASH_OF
Make LHASH_OF use static inline functions.

Add new lh_get_down_load and lh_set_down_load functions and their
typesafe inline equivalents.

Make lh_error a function instead of a macro.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Alessandro Ghedini
8e423bde25 GH540: add casts to safestack.h
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-11 12:34:34 -05:00
Viktor Dukhovni
8106cb8b6d Make SSL{_CTX,}_{get,set,clear}_options functions
These now take and return unsigned long, and get is constified.
Updated related documentation and util/ssleay.num

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-11 10:51:02 -05:00
Viktor Dukhovni
c2e27310c7 Enable/disable crypto-mdebug just like other features
Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-11 02:41:16 +00:00
Dr. Stephen Henson
3af45d9978 Disable some algorithms by default
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-11 02:41:15 +00:00
Viktor Dukhovni
ca0004e561 Future-proof deprecated declartion parsing
Support two-digest major/minor/micro numbers and die when the input
fails to parse

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-09 22:30:59 -05:00
Rich Salz
d594199bb4 RT41897: Add an CRYPTO_secure_actual_size
This is already documented, I just forgot to include the code :)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 19:13:15 -05:00
Dr. Stephen Henson
7ba4f9dda5 update ordinals
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 21:55:46 +00:00
Dr. Stephen Henson
7a556fb6f8 Add DEPRECATEDIN support.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 21:52:03 +00:00
Dr. Stephen Henson
a9988d54f6 remove hard coded algorithms
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 21:52:03 +00:00
Dr. Stephen Henson
2854c7989d Recognise disabled algorithms automatically.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 21:52:03 +00:00
Rich Salz
6ac11bd0b9 Fix no CRYPTO_MDEBUG build (windows)
In order for mkdep to find #ifdef'd functions, they must be
wrapped (in the header file) with
        #ifndef OPENSSL_NO_...
So do that for various CRYPTO_mem_debug... things.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 14:35:04 -05:00
Richard Levitte
0c1badc8af Remove all remaining traces if PEM_Seal
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 01:18:55 +01:00
Rich Salz
bbd86bf542 mem functions cleanup
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:14:18 -05:00
Richard Levitte
a388633da5 Enhance util/mkdef.pl to provide a VMS linker option file for shlibs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-07 21:09:43 +01:00
Dr. Stephen Henson
a8eba56ef6 use more descriptive name DEFINE_STACK_OF_CONST
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
8588571572 Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
c5e0c54047 remove unused PREDECLARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
411abf2dd3 Change STACK_OF to use inline functions.
Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Viktor Dukhovni
249d9719a6 DANE make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-06 18:53:15 -05:00
Rich Salz
700b4a4ae7 Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-06 12:07:26 -05:00
Rich Salz
0b0443af64 Remove some unused perl scripts
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-06 11:26:36 -05:00
Richard Levitte
0d0769a4db Prefer ReuseAddr over Reuse, with IO::Socket::INET
Reuse is deprecated and ReuseAddr is prefered, according to documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-29 17:36:08 +01:00
Matt Caswell
ef96e4a28f Add test for missing CertificateStatus message
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Roumen Petrov
3eabad02d6 remove duplicates in util/libeay.num
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521
2015-12-23 20:40:54 +01:00