Rich Salz [Fri, 6 Feb 2015 21:49:17 +0000 (16:49 -0500)]
ui_compat cleanup; makefiles and vms
Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Fri, 6 Feb 2015 19:52:40 +0000 (14:52 -0500)]
Remove ui_compat
This is the last of the old DES API.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 6 Feb 2015 15:55:31 +0000 (10:55 -0500)]
Remove X509_PAIR
Unused type; a pair X509 certificates. Intended for LDAP support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 6 Feb 2015 15:54:20 +0000 (10:54 -0500)]
Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Fri, 6 Feb 2015 15:52:12 +0000 (10:52 -0500)]
dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Fri, 6 Feb 2015 15:47:53 +0000 (10:47 -0500)]
util/mkstack.pl now generates entire safestack.h
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Fri, 6 Feb 2015 15:45:29 +0000 (10:45 -0500)]
Have mkdef.pl ignore APPLINK settings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 6 Feb 2015 12:16:58 +0000 (12:16 +0000)]
Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 5 Feb 2015 15:57:54 +0000 (15:57 +0000)]
Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 5 Feb 2015 20:07:40 +0000 (15:07 -0500)]
Use memset in bn_mont
Use memset() not inline code. Compilers are smarter now.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 5 Feb 2015 16:47:02 +0000 (11:47 -0500)]
Live code cleanup; #if 1 removal
A few minor cleanups to remove pre-processor "#if 1" stuff.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Wed, 4 Feb 2015 23:50:00 +0000 (18:50 -0500)]
Fix various build breaks
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
- Various old code has been removed
- Varous old #ifdef tests were removed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 4 Feb 2015 22:51:01 +0000 (22:51 +0000)]
fix windows build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 1 Feb 2015 14:51:46 +0000 (14:51 +0000)]
Updates to reformat script.
Don't change files if they're unmodified.
Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 3 Feb 2015 22:53:15 +0000 (22:53 +0000)]
More unused FIPS module code.
Remove fips_algvs.c
Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 4 Feb 2015 03:31:34 +0000 (03:31 +0000)]
Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 3 Feb 2015 01:31:33 +0000 (01:31 +0000)]
Preliminary ASN1_TIME documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 3 Feb 2015 14:53:15 +0000 (14:53 +0000)]
Remove unused variables.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Tue, 3 Feb 2015 16:20:56 +0000 (11:20 -0500)]
Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp
And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 24 Jan 2015 17:09:55 +0000 (17:09 +0000)]
Add SSL_get_extms_support documentation.
Document SSL_get_extms_support().
Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 14:03:48 +0000 (14:03 +0000)]
Add CHANGES entry.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:52:20 +0000 (02:52 +0000)]
Ctrl to retrieve extms support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:49:16 +0000 (02:49 +0000)]
Add extms support to master key generation.
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:45:13 +0000 (02:45 +0000)]
Extended master secret extension support.
Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.
Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:41:09 +0000 (02:41 +0000)]
Rewrite ssl3_send_client_key_exchange to support extms.
Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.
This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:37:27 +0000 (02:37 +0000)]
Utility function to retrieve handshake hashes.
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 23 Jan 2015 02:29:50 +0000 (02:29 +0000)]
Add flags field to SSL_SESSION.
Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Tue, 3 Feb 2015 03:40:36 +0000 (22:40 -0500)]
old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Mon, 2 Feb 2015 23:46:01 +0000 (18:46 -0500)]
Remove old DES API
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 2 Feb 2015 21:53:54 +0000 (16:53 -0500)]
Dead code: if 0 removal from crypto/evp and an unused file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 2 Feb 2015 17:43:17 +0000 (12:43 -0500)]
Dead code removal; #if 0 from crypto/des
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 2 Feb 2015 16:56:47 +0000 (11:56 -0500)]
Dead code cleanup: crypto/ec,ecdh,ecdsa
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 2 Feb 2015 16:40:36 +0000 (11:40 -0500)]
Dead code cleanup; remove #if 0 from crypto/engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 2 Feb 2015 16:11:34 +0000 (11:11 -0500)]
Dead code cleanup: #if 0 dropped from tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 2 Feb 2015 16:08:16 +0000 (11:08 -0500)]
Dead code cleanup: crypto/*.c, x509v3, demos
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Andy Polyakov [Fri, 30 Jan 2015 15:15:46 +0000 (16:15 +0100)]
cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 30 Jan 2015 23:06:06 +0000 (23:06 +0000)]
Make the libssl opaque changes compile on VMS
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 28 Jan 2015 11:44:34 +0000 (11:44 +0000)]
Add changes entry for opaquifying of libssl structures
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 28 Jan 2015 11:40:54 +0000 (11:40 +0000)]
Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 27 Jan 2015 20:11:24 +0000 (20:11 +0000)]
Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Fri, 30 Jan 2015 18:59:32 +0000 (18:59 +0000)]
Build correctly for me on FreeBSD 10.
Reviewed-by: Rich Salz
Don't debug.
Rich Salz [Fri, 30 Jan 2015 20:35:49 +0000 (15:35 -0500)]
Dead code removal: #if 0 asn1, pkcs7
Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Fri, 30 Jan 2015 19:52:57 +0000 (14:52 -0500)]
Dead code clean: #if 0 removal in apps
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Fri, 30 Jan 2015 18:24:35 +0000 (13:24 -0500)]
Dead code removal #if 0 engines
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 30 Jan 2015 17:46:49 +0000 (12:46 -0500)]
Dead code removal: #if 0 conf, dso, pqueue, threads
Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 25 Jan 2015 14:48:42 +0000 (15:48 +0100)]
modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sun, 25 Jan 2015 13:51:43 +0000 (14:51 +0100)]
modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).
For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 30 Jan 2015 14:14:48 +0000 (15:14 +0100)]
Since SHA0 was completely removed, also remove the related test
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Fri, 30 Jan 2015 13:30:25 +0000 (14:30 +0100)]
Update on the use of logical names for OpenSSL configuration
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Fri, 30 Jan 2015 11:36:13 +0000 (12:36 +0100)]
VMS exit codes weren't handled well enough and were unclear
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 13:36:27 +0000 (14:36 +0100)]
VMS adjustments:
Add missing crypto modules and files to copy to crypto/install-crypto.com
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 13:35:46 +0000 (14:35 +0100)]
VMS adjustments:
test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 13:27:21 +0000 (14:27 +0100)]
VMS build changes
crypto/crypto-lib.com:
Remove all APPS building, as they are gone.
Depend on the variable SDIRS that's defined by makevms.com.
Remake the whole partial module list mechanism to check for variables with a counter.
Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.
makevms.com:
Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
Allow for experimental modules.
Update the allowed things to disable.
Update the things disabled by default to match Configure.
Update headers to be copied.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 12:13:28 +0000 (13:13 +0100)]
VMS adjustments:
catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 12:07:53 +0000 (13:07 +0100)]
VMS adjustments:
Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Fri, 30 Jan 2015 03:44:17 +0000 (04:44 +0100)]
dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Fri, 30 Jan 2015 02:38:57 +0000 (21:38 -0500)]
Dead code removal: #if 0 bio, comp, rand
The start of removing dead code.
A remaining #if 0 in bss_conn.c needs more thought.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 29 Jan 2015 17:09:14 +0000 (12:09 -0500)]
Make output consistency: remove blank line
When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set. This is a debug echo that
isn't needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 29 Jan 2015 00:54:09 +0000 (01:54 +0100)]
clang on Linux x86_64 complains about unreachable code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 28 Jan 2015 13:01:44 +0000 (13:01 +0000)]
Fix various windows compilation issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Wed, 28 Jan 2015 20:41:14 +0000 (15:41 -0500)]
Fix int/unsigned compiler complaint
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 28 Jan 2015 19:53:04 +0000 (14:53 -0500)]
Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Wed, 28 Jan 2015 17:27:23 +0000 (12:27 -0500)]
Add missing declaration for lh_node_usage_stats
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 28 Jan 2015 17:23:01 +0000 (12:23 -0500)]
Rename index to idx to avoid symbol conflicts.
Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 28 Jan 2015 17:21:55 +0000 (12:21 -0500)]
Finish removal of DSS
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 27 Jan 2015 16:39:13 +0000 (16:39 +0000)]
Fix warning on some compilers where variable index shadows a global
declaration
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 8 Dec 2014 14:19:26 +0000 (14:19 +0000)]
Fix no-ocb for Windows
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Tue, 27 Jan 2015 14:10:16 +0000 (14:10 +0000)]
Rationalise testing of AEAD modes
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Tue, 27 Jan 2015 14:05:07 +0000 (14:05 +0000)]
Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Tue, 27 Jan 2015 14:00:50 +0000 (14:00 +0000)]
Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency with
CCM
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Wed, 28 Jan 2015 02:00:03 +0000 (21:00 -0500)]
Dead code removal: Fortezza identifiers
Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 27 Jan 2015 22:44:12 +0000 (17:44 -0500)]
"#if 0" removal: header files
Remove all "#if 0" blocks from header files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Tue, 27 Jan 2015 21:43:53 +0000 (16:43 -0500)]
OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS
Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default,
so the work here is removing the 'maintain our own freelist' code.
Also removed a minor old Windows-multibyte/widechar conversion flag.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Tue, 27 Jan 2015 20:14:12 +0000 (15:14 -0500)]
OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1
TLS and TLS1 are no longer optional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 27 Jan 2015 17:34:45 +0000 (12:34 -0500)]
OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 27 Jan 2015 15:19:14 +0000 (10:19 -0500)]
OPENSSL_NO_xxx cleanup: RFC3779
Remove OPENSSL_NO_RFCF3779.
Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 27 Jan 2015 15:06:22 +0000 (10:06 -0500)]
OPENSSL_NO_xxx cleanup: many removals
The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
This diff is big because of updating the indents on preprocessor lines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 27 Jan 2015 15:02:39 +0000 (10:02 -0500)]
OPENSSL_NO_xxx cleanup: DEC-CBCM removed
A DES algorithm mode, known attacks, no EVP support.
Flushed.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 26 Jan 2015 23:28:31 +0000 (23:28 +0000)]
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 26 Jan 2015 16:46:49 +0000 (16:46 +0000)]
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 26 Jan 2015 16:47:36 +0000 (16:47 +0000)]
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro@openssl.org>
Andy Polyakov [Sat, 24 Jan 2015 15:46:54 +0000 (16:46 +0100)]
Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Fri, 23 Jan 2015 17:02:44 +0000 (18:02 +0100)]
des/asm/des_enc.m4: strip #ifdef OPENSSL_SYS_ULTRASPARC as part of
pre-processor controls cleanup. It doesn't mean that it no longer
works on UltraSPARC, only that it doesn't utilize sparcv9-specific
features like branch prediction hints and load in little-endian byte
order anymore. This "costs" ~3% in EDE3 performance regression on
UltraSPARC.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Mon, 26 Jan 2015 16:04:26 +0000 (11:04 -0500)]
Remove obsolete support for old code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 26 Jan 2015 02:07:20 +0000 (21:07 -0500)]
Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored. Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rich Salz [Sat, 24 Jan 2015 21:35:07 +0000 (16:35 -0500)]
undef cleanup: use memmove
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Sat, 24 Jan 2015 21:27:03 +0000 (16:27 -0500)]
Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Sat, 24 Jan 2015 15:57:19 +0000 (10:57 -0500)]
ifdef cleanup, part 4a: '#ifdef undef'
This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c That needs further review.
Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.
Reviewed-by: Matt Caswell <matt@openssl.org>
Kurt Roeckx [Sat, 24 Jan 2015 13:46:50 +0000 (14:46 +0100)]
Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Viktor Dkhovni [Fri, 23 Jan 2015 20:39:40 +0000 (15:39 -0500)]
Replace exit() with error return.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Fri, 23 Jan 2015 13:48:11 +0000 (14:48 +0100)]
Keep disclaiming 16-bit support.
If you examine changes, you are likely to wonder "but what about ILP64,
elusive as they are, don't they fall victim to 16-bit rationalization?"
No, the case was modeled and verified to work.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Fri, 23 Jan 2015 16:58:26 +0000 (11:58 -0500)]
ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Mon, 5 Jan 2015 10:25:10 +0000 (11:25 +0100)]
Add assembly support to ios64-cross.
Fix typos in ios64-cross config line.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Thu, 22 Jan 2015 17:57:29 +0000 (12:57 -0500)]
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf(). This removes some
ifdef complexity because all of our platforms support setbuf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 22 Jan 2015 17:43:26 +0000 (12:43 -0500)]
Remove obsolete uncomiled dsagen semi-test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 22 Jan 2015 17:38:57 +0000 (12:38 -0500)]
Cleanup old doc/*; remove CHANGES.SSLeay
Removed CHANGES.SSLeay
Udpate README to be current.
Updated fignerprints.txt to list only current release signers and
to explain that is what it's used for.
Removed the following:
c-indentation.el -- doesn't go with our coding style
openssl-shared.txt -- old info about shared library aides
openssl.txt -- old info about X509v3 extension support/syntax
ssleay.txt -- old info about OpenSSL's predecessor, back when
programmers coded on COBOL sheets by candlelight
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 11:04:47 +0000 (11:04 +0000)]
Fix post-reformat errors preventing windows compilation
Reviewed-by: Tim Hudson <tjh@openssl.org>