Matt Caswell [Wed, 30 Mar 2016 09:59:32 +0000 (10:59 +0100)]
Fix build compilation failures
BIO_f_linebuffer() is now built by default instead of just on VMS, but
the prototype in the header was still only available on VMS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 14:48:02 +0000 (16:48 +0200)]
Break out DllMain from crypto/cryptlib.c and use it in shared libs only
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 14:45:03 +0000 (16:45 +0200)]
Make it possible to specify source files that will only be used for shared libs
There are rare cases when an object file will only be used when
building a shared library. To enable this, we introduce
SHARED_SOURCE:
SHARED_SOURCE[libfoo]=dllmain.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 19:36:06 +0000 (21:36 +0200)]
Adapt bf_lbuf for opaque BIO
Also, have it always be built, even though it's only (currently) used
on VMS. That will assure it will get the same changes as all others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 16:55:05 +0000 (18:55 +0200)]
'make test' depends of having util/shlib-wrap.sh symlinked in build dir
Reviewed-by: Andy Polyakov <appro@openssl.org>
Viktor Dukhovni [Tue, 29 Mar 2016 23:40:03 +0000 (19:40 -0400)]
Require intermediate CAs to have basicConstraints CA:true.
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing. That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 29 Mar 2016 22:20:32 +0000 (23:20 +0100)]
Fix the zlib config option
The zlib config option was broken by the BIO opacity changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Benjamin Kaduk [Tue, 29 Mar 2016 19:56:44 +0000 (14:56 -0500)]
Clarify the behavior of BIO_gets() a bit more
The API contract is more tight than was previously documented -- the returned
string must be NUL-terminated, and the supplied buffer includes space for
the trailing NUL, so the maximum length that can be read in is reduced.
Clarify that the NUL is not included in the returned length, and fix the
spelling of "NUL-terminated" in a nearby spot.
Adjust punctuation to make a modest improvement to the grammar.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Todd Short [Tue, 29 Mar 2016 17:40:48 +0000 (13:40 -0400)]
Fixup SSL EX_DATA index
The SSL, SSL_CTX, and SSL_SESSION indices were being referenced
incorrectly in the "_get_ex_new_index" functions.
Remove the STORE EX_DATA index; that functionality is gone.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 20:06:07 +0000 (22:06 +0200)]
Config: The cflags in vms-alpha and vms-ia64 have to be added
"vms-generic" already has some values, which were discarded.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 18:18:31 +0000 (20:18 +0200)]
VMS: Disable the warning MAYLOSEDATA3
The warning MAYLOSEDATA3 is one you will always get when compiling
source that calculates the difference between two pointers with
/POINTER_SIZE=64.
The reason is quite simple, ptrdiff_t is always a 32-bit integer
regardless of pointer size, so the result of 'ptr1 - ptr2' can
potentially be larger than a 32-bit integer. The compiler simply
warns you of that possibility.
However, we only use pointer difference within objects and strings,
all of them well within 2^32 bytes in size, so that operation is
harmless with our source, and we can therefore safely turn off that
warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 18:02:15 +0000 (20:02 +0200)]
VMS: Harmonize the paths in openssl_startup.com with what's really installed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Tue, 29 Mar 2016 18:01:33 +0000 (20:01 +0200)]
VMS: Display the correct path to openssl_startup.com and openssl-utils.com
Reviewed-by: Rich Salz <rsalz@openssl.org>
David Benjamin [Mon, 7 Mar 2016 14:57:58 +0000 (09:57 -0500)]
RT 4393: Call EC_GROUP_order_bits in priv2opt.
The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 29 Mar 2016 15:03:08 +0000 (16:03 +0100)]
Add a CHANGES entry for opaque BIOs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 29 Mar 2016 13:25:23 +0000 (14:25 +0100)]
Add documentation for BIO functions
Add the documentation for new BIO functions added as a result of
making BIO and BIO_METHOD opaque.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Mar 2016 15:05:27 +0000 (15:05 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 22 Mar 2016 09:21:29 +0000 (09:21 +0000)]
Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 22 Mar 2016 11:34:32 +0000 (11:34 +0000)]
Add functions for creating BIO_METHODs
BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
FdaSilvaYY [Fri, 18 Mar 2016 23:40:11 +0000 (00:40 +0100)]
Fix a big leak when using stack-allocated BIO items.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sun, 20 Mar 2016 20:52:54 +0000 (21:52 +0100)]
poly1305/asm/poly1305-x86.pl: don't loose 59-th bit.
RT#4439
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Mon, 21 Mar 2016 19:06:23 +0000 (20:06 +0100)]
crypto/seed: add small-footprint path.
The space saving is >5x on x86_64 at ~40% performance penalty.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Wed, 23 Mar 2016 20:04:22 +0000 (21:04 +0100)]
Windows build system: fix 32-bit appveyor build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 23 Mar 2016 19:33:29 +0000 (20:33 +0100)]
Build system: VC-WIN64I fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Kurt Roeckx [Sun, 27 Mar 2016 22:31:23 +0000 (00:31 +0200)]
When using no-dtls create OPENSSL_NO_DTLS
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452
Kurt Roeckx [Sun, 27 Mar 2016 18:53:01 +0000 (20:53 +0200)]
Add session reuse tests.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452
David Benjamin [Sun, 6 Mar 2016 05:19:59 +0000 (00:19 -0500)]
Resolve DTLS cookie and version before session resumption.
Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks
against 1.2.
Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
RT: #4392, MR: #2452
Kurt Roeckx [Sun, 27 Mar 2016 18:52:03 +0000 (20:52 +0200)]
It's called SSL_session_reused(), not SSL_session_resumed()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452
Fedor Indutny [Fri, 11 Mar 2016 14:44:01 +0000 (17:44 +0300)]
Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.
This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
stuck trying to reuse the old version while both sides support a newer
version
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
GH: #852, MR: #2452
Richard Levitte [Fri, 25 Mar 2016 23:07:50 +0000 (00:07 +0100)]
Math::BigInt does floored divs, BN_div does truncated div, compensate
According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1. OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.
We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.
Closes RT#4485
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Jeffrey Walton [Fri, 25 Mar 2016 13:06:47 +0000 (09:06 -0400)]
RT4476: Fix some cast-alignment warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Fri, 25 Mar 2016 07:27:35 +0000 (08:27 +0100)]
VMS: add a note about DECC$* logical names
These logical names are used to make the C RTL change certain
behaviors, sometimes to make it act more like Unix. While they can
make life easier in some cases, they can be disruptive as well. When
building and testing OpenSSL, the latter is the case, so we ask people
to avoid using them.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Thu, 24 Mar 2016 20:43:19 +0000 (16:43 -0400)]
Revert part of applink/Borland commit
This allows developer to glue DLL built with VC into their application
compiled with Borland C.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Thu, 24 Mar 2016 17:36:23 +0000 (13:36 -0400)]
More Borland removal.
And thanks to Miod Vallat for the nudge about ERR_PACK :)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 23:29:31 +0000 (00:29 +0100)]
VMS: $? might be huge enough to break line length limit, so don't print it
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 23:29:17 +0000 (00:29 +0100)]
VMS: install openssl.conf in OPENSSLDIR, not INSTALLTOP
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 23:28:38 +0000 (00:28 +0100)]
VMS: have mms ignore creation of already existing dirs
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 22:08:18 +0000 (23:08 +0100)]
VMS: Rethink the staging directory
On Windows and Unix, the staging directory $(DESTDIR) can simply be
prepended to the installation directory. An attempt was made to do
something similar on VMS, but that ended up being a half measure
solution. Instead of that, simply use the staging directory as a
prefix under which [.OPENSSL-INSTALL] and [.OPENSSL-COMMON] will hold
the two directory trees that should end up in the directories
indicated by --prefix and --openssldir, and finish the installation
with appropriate instructions on what to do next.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 22:07:56 +0000 (23:07 +0100)]
Misc fixes in VMS/openssl_startup.com.in
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 22:04:32 +0000 (23:04 +0100)]
Adjust some default installation directories
- on VMS, SYS$COMMON:[SSL] is already used as installation directory
by HP SSL, so we make our default for --openssldir
SYS$COMMON:[OPENSSL-COMMON] instead.
- Updated notes on default installation dirs fir Unix and Windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 18:30:31 +0000 (19:30 +0100)]
VMS: update the properties of symbol search
In this OpenSSL version, we deliver engines with lower case symbol
names. The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 18:27:08 +0000 (19:27 +0100)]
VMS: compensate for command line length limits with a logical name
Sometimes, you might end up with a rather long compile line due to
excessively long /INCLUDE directories. Compensate for it by making
a temporary logical name with them and using said logical name as
/INCLUDE argument.
A note was added to NOTES.VMS regarding these limitations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Wed, 23 Mar 2016 12:54:52 +0000 (08:54 -0400)]
Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 22 Mar 2016 18:33:00 +0000 (14:33 -0400)]
Remove several unused undocumented functions.
Removed the following:
DSO_bind_var, DSO_bind_var, DSO_get_default_method,
DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
DSO_set_name_converter, DSO_set_name_converter
Reviewed-by: Richard Levitte <levitte@openssl.org>
FdaSilvaYY [Mon, 14 Mar 2016 20:46:54 +0000 (21:46 +0100)]
Fix error code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 23 Mar 2016 07:40:56 +0000 (08:40 +0100)]
Small fixups in DSO
- VMS configs had no dso_scheme
- Incorrect return of NULL method.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rob Percival [Thu, 17 Mar 2016 20:57:24 +0000 (20:57 +0000)]
Removed unused fields of CT_POLICY_EVAL_CTX
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Alex Gaynor [Sun, 20 Mar 2016 15:51:06 +0000 (11:51 -0400)]
Correct another batch of typos
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kurt Roeckx [Sun, 21 Feb 2016 17:02:36 +0000 (18:02 +0100)]
Check algo_strength using SSL_STRONG_MASK
algo_strength contains 2 parts that need to be checked by their own.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2082
Dr. Stephen Henson [Tue, 22 Mar 2016 15:26:36 +0000 (15:26 +0000)]
remove unused references field
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Tue, 22 Mar 2016 17:35:03 +0000 (13:35 -0400)]
Have only one DSO_METHOD_openssl
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Tue, 22 Mar 2016 17:16:54 +0000 (13:16 -0400)]
Make DSO opaque.
This was really easy.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 22 Mar 2016 13:16:42 +0000 (13:16 +0000)]
Make X509_PUBKEY opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 22 Mar 2016 12:45:58 +0000 (12:45 +0000)]
move x_pubkey.c to crypto/x509
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Tue, 22 Mar 2016 10:40:13 +0000 (10:40 +0000)]
Fix enable-zlib no-comp.
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Tue, 22 Mar 2016 02:39:36 +0000 (02:39 +0000)]
Fix no-rc4.
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Thu, 17 Mar 2016 18:17:27 +0000 (18:17 +0000)]
Move declaration of i into blocks where it is used.
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Thu, 17 Mar 2016 18:17:03 +0000 (18:17 +0000)]
sctp requires dgram.
Reviewed-by: Matt Caswell <matt@openssl.org>
David Benjamin [Sat, 19 Mar 2016 16:32:14 +0000 (12:32 -0400)]
RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Mon, 21 Mar 2016 19:20:15 +0000 (20:20 +0100)]
Downcase VMS config names
On VMS, we downcase option names, which means that config names are
downcased as well, so they need to be downcased in the target table to
be found.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 21 Mar 2016 17:30:30 +0000 (18:30 +0100)]
Just like bio_out, bio_err needs the linebuffer filter on VMS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Mon, 21 Mar 2016 15:29:52 +0000 (15:29 +0000)]
Adds s2i function for ct_precert_poison X509 extension
Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Steven Linsell [Sun, 20 Mar 2016 23:00:13 +0000 (23:00 +0000)]
Fix memory leak where fdlookup linked list is not freed during
ASYNC_WAIT_CTX_free
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 16:24:30 +0000 (16:24 +0000)]
Fix no-ts with --strict-warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 15:32:40 +0000 (15:32 +0000)]
Fix no-sock
Misc fixes for no-sock
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 15:04:08 +0000 (15:04 +0000)]
Fix no-gost
Configure had the wrong name for the no-gost option.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 21 Mar 2016 14:49:11 +0000 (14:49 +0000)]
Don't use hardcoded values for types
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 21 Mar 2016 07:11:14 +0000 (08:11 +0100)]
In for loop values, introduce a dummy to protect against empty list
In constructions such as 'for x in $(MAKEVAR); do ...', there's the
possibility that $(MAKEVAR) is en empty value. Some shells don't like
that, so introduce a dummy value that gets discarded:
for x in dummy $(MAKEVAR); do
if [ "$$x" = "dummy" ]; then continue; fi
Closes RT#4459
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 12:00:41 +0000 (12:00 +0000)]
Fix no-seed
Fix compilation with --strict-warnings and no-seed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 11:51:16 +0000 (11:51 +0000)]
Remove the no-rijndael option
Rijndael is an old name for AES.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 11:23:08 +0000 (11:23 +0000)]
Fix no-scrypt
Fix the evp tests when no-scrypt is used.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 11:07:14 +0000 (11:07 +0000)]
Skip the CMS tests if CMS is disabled
This fixes the no-cms compile time option.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Fri, 18 Mar 2016 17:43:58 +0000 (17:43 +0000)]
Fix no-dsa
Misc fixes for no-dsa.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Fri, 18 Mar 2016 14:45:52 +0000 (15:45 +0100)]
Build system: VC-WIN64I fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Fri, 18 Mar 2016 23:05:25 +0000 (00:05 +0100)]
Configurations/windows-makefile.tmpl: respect no-makedepend.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Fri, 18 Mar 2016 22:31:17 +0000 (23:31 +0100)]
Windows build system: get uplink right.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 16 Mar 2016 13:29:16 +0000 (14:29 +0100)]
config: fix off-by-centimeter-to-the-right typo.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Andy Polyakov [Mon, 14 Mar 2016 19:56:44 +0000 (20:56 +0100)]
Configurations/10-main.conf: freeze -std option in darwin*-ppc-cc.
RT#4422
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 17 Mar 2016 22:15:12 +0000 (23:15 +0100)]
Remove mk1mf documentation
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 17 Mar 2016 22:01:21 +0000 (23:01 +0100)]
Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 17 Mar 2016 21:29:20 +0000 (22:29 +0100)]
Remove generation of ms/version32.rc from Configure, use util/mkrc.pl
utils/mkrc.pl was added a while ago as a better generator for the
Windows DLL resource file. Finalize the change by removing the
ms/version32.rc generator from Configure and adding resource file
support using mkrc.pl in Configurations/windows-makefile.pl
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 17 Mar 2016 20:31:44 +0000 (21:31 +0100)]
Remove the mk1mf VC-WIN* builds and its supporting scripts
The mk1mf build for the VC-WIN* targets is broken and the unified
scheme works well enough, so we clean out the old.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Todd Short [Sat, 12 Mar 2016 14:14:05 +0000 (09:14 -0500)]
Fix ALPN - more fixes
* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Mon, 21 Mar 2016 00:40:13 +0000 (20:40 -0400)]
Add a comment on dane_verify() logic
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Fri, 18 Mar 2016 18:30:20 +0000 (14:30 -0400)]
Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 19 Mar 2016 16:40:02 +0000 (12:40 -0400)]
GH886: CONNECT should use HTTP/1.1
By default you get 0.9 which isn't widely available.
But we use HTTP/1.0 for now.
Courtesy beusink@users.github.com
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Sun, 20 Mar 2016 01:13:40 +0000 (02:13 +0100)]
Have makedepend output to stdout and redirect it
This gives us better control of what files are produced.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Sun, 20 Mar 2016 14:14:13 +0000 (10:14 -0400)]
ct_int.h only needed by crypto/ct
Merge ct_int.h into ct_locl.h
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Sun, 20 Mar 2016 18:58:19 +0000 (18:58 +0000)]
constify DSA_SIG_get0()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Sun, 20 Mar 2016 14:10:18 +0000 (10:10 -0400)]
Move blake2_loclh to blake2 directory
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Alex Gaynor [Sat, 19 Mar 2016 16:43:48 +0000 (12:43 -0400)]
Fixed language
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Alex Gaynor [Sat, 19 Mar 2016 16:28:58 +0000 (12:28 -0400)]
Fixed a bunch of typos in the docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Thu, 17 Mar 2016 14:18:23 +0000 (14:18 +0000)]
constify ECDSA_SIG_get0()
PR#4436
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Sat, 19 Mar 2016 17:59:48 +0000 (18:59 +0100)]
If the asm file to be compiled isn't generated, leave the ext alone
Closes RT#4447
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Sat, 19 Mar 2016 19:12:26 +0000 (20:12 +0100)]
make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Sat, 19 Mar 2016 19:04:51 +0000 (20:04 +0100)]
Don't let 'generate' target depend on generated files, act directly instead
One of the 'generate' targets depended on $(SRCDIR)/apps/progs.h,
which depended on... nothing. This meant it never got regenerated
once it existed, regardless of need. Of course, we could have it
depend on all the files checked to generate it, but they also depend
on progs.h, so we'd end up getting cricular dependencies, which makes
make unhappy.
Furthermore, and this applies for the other generated files, having
them as targets means that they may be regenerated on the fly in some
cases, and since they get written to the source tree, this isn't such
a good idea if that tree is read-only (which is a possible situation
in an out-of-tree build).
So, we move all the actions to the 'generate' targets themselves, thus
making sure they get regenerated in a controlled manner and regardless
of dependencies.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Sat, 19 Mar 2016 19:03:56 +0000 (20:03 +0100)]
apps/progs.pl: add back the INCLUDE_FUNCTION_TABLE wrapper
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Viktor Dukhovni [Sat, 19 Mar 2016 02:10:40 +0000 (22:10 -0400)]
Revert "Ignore the generated apps/progs.h"
This reverts commit
91056e72693b4ee8cb5339d9091871ffc3b6f776.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Sat, 19 Mar 2016 02:10:39 +0000 (22:10 -0400)]
Revert "Generate apps/progs.h on the fly"
This reverts commit
04e2a527379ad12ca512aef4e838f94af22d7f79.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Sat, 19 Mar 2016 02:10:33 +0000 (22:10 -0400)]
Revert "Include progs.h directly in openssl.c instead of via apps.h"
This reverts commit
a45d7d5388c6774a484cff4af13f188240d3d50b.
Reviewed-by: Rich Salz <rsalz@openssl.org>