oweals/openssl.git
8 years agoAdd support for minimum and maximum protocol version supported by a cipher
Kurt Roeckx [Sun, 7 Feb 2016 19:17:07 +0000 (20:17 +0100)]
Add support for minimum and maximum protocol version supported by a cipher

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoAdd ssl_get_client_min_max_version() function
Kurt Roeckx [Sun, 7 Feb 2016 19:07:21 +0000 (20:07 +0100)]
Add ssl_get_client_min_max_version() function

Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoMake SSL_CIPHER_get_version return a const char *
Kurt Roeckx [Sun, 7 Feb 2016 19:11:56 +0000 (20:11 +0100)]
Make SSL_CIPHER_get_version return a const char *

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoRemove unused code
Kurt Roeckx [Sun, 7 Feb 2016 16:52:22 +0000 (17:52 +0100)]
Remove unused code

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoMake function to convert version to string
Kurt Roeckx [Sun, 7 Feb 2016 19:56:40 +0000 (20:56 +0100)]
Make function to convert version to string

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoConstify security callbacks
Kurt Roeckx [Sun, 7 Feb 2016 19:44:27 +0000 (20:44 +0100)]
Constify security callbacks

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595

8 years agoDocumentation for ctx_set_ctlog_list_file()
Rob Percival [Wed, 9 Mar 2016 03:12:25 +0000 (03:12 +0000)]
Documentation for ctx_set_ctlog_list_file()

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMinor improvement to formatting of SCT output in s_client
Rob Percival [Fri, 4 Mar 2016 19:07:25 +0000 (19:07 +0000)]
Minor improvement to formatting of SCT output in s_client

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDo not display a CT log error message if CT validation is disabled
Rob Percival [Fri, 4 Mar 2016 19:06:43 +0000 (19:06 +0000)]
Do not display a CT log error message if CT validation is disabled

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRT3676: Expose ECgroup i2d functions
Rich Salz [Wed, 9 Mar 2016 16:56:42 +0000 (11:56 -0500)]
RT3676: Expose ECgroup i2d functions

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoComment away the extra checks in Configure
Richard Levitte [Wed, 9 Mar 2016 16:18:07 +0000 (17:18 +0100)]
Comment away the extra checks in Configure

The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoMake ct_dir and certs_dir static in test/ct_test.c
Richard Levitte [Wed, 9 Mar 2016 16:24:34 +0000 (17:24 +0100)]
Make ct_dir and certs_dir static in test/ct_test.c

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix ct_test to not assume it's in the source directory
Richard Levitte [Wed, 9 Mar 2016 13:10:05 +0000 (14:10 +0100)]
Fix ct_test to not assume it's in the source directory

ct_test assumed it's run in the source directory and failed when built
elsewhere.  It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.

Test recipe updated to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDocument importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
Rob Percival [Wed, 9 Mar 2016 15:23:58 +0000 (15:23 +0000)]
Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake SCT literals into const variables in ct_test.c
Rob Percival [Wed, 9 Mar 2016 02:46:15 +0000 (02:46 +0000)]
Make SCT literals into const variables in ct_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMakes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
Rob Percival [Tue, 8 Mar 2016 19:20:22 +0000 (19:20 +0000)]
Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemoves SCT_LIST_set_source and SCT_LIST_set0_logs
Rob Percival [Tue, 8 Mar 2016 19:09:06 +0000 (19:09 +0000)]
Removes SCT_LIST_set_source and SCT_LIST_set0_logs

Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMakes SCT_get0_log return const CTLOG*
Rob Percival [Tue, 8 Mar 2016 18:58:03 +0000 (18:58 +0000)]
Makes SCT_get0_log return const CTLOG*

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMakes CTLOG_STORE_get0_log_by_id return const CTLOG*
Rob Percival [Tue, 8 Mar 2016 18:55:55 +0000 (18:55 +0000)]
Makes CTLOG_STORE_get0_log_by_id return const CTLOG*

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoImproved documentation of SCT_CTX_* functions
Rob Percival [Tue, 8 Mar 2016 18:37:16 +0000 (18:37 +0000)]
Improved documentation of SCT_CTX_* functions

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUpdates ct_err.c
Rob Percival [Tue, 8 Mar 2016 18:07:10 +0000 (18:07 +0000)]
Updates ct_err.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
Rob Percival [Tue, 8 Mar 2016 17:38:41 +0000 (17:38 +0000)]
Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoReset SCT validation_status if the SCT is modified
Rob Percival [Tue, 8 Mar 2016 17:35:40 +0000 (17:35 +0000)]
Reset SCT validation_status if the SCT is modified

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse SCT_VERSION_V1 in place of literal 0 in ct_test.c
Rob Percival [Mon, 7 Mar 2016 18:41:43 +0000 (18:41 +0000)]
Use SCT_VERSION_V1 in place of literal 0 in ct_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFixes "usuable" typo in ct_locl.h
Rob Percival [Mon, 7 Mar 2016 18:38:17 +0000 (18:38 +0000)]
Fixes "usuable" typo in ct_locl.h

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoTreat boolean functions as booleans
Rob Percival [Mon, 7 Mar 2016 18:38:06 +0000 (18:38 +0000)]
Treat boolean functions as booleans

Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake parameters of CTLOG_get* const
Rob Percival [Fri, 4 Mar 2016 19:52:45 +0000 (19:52 +0000)]
Make parameters of CTLOG_get* const

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoExtensive application of __owur to CT functions that return a boolean
Rob Percival [Fri, 4 Mar 2016 19:51:43 +0000 (19:51 +0000)]
Extensive application of __owur to CT functions that return a boolean

Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMakes SCT_LIST_set_source return the number of successes
Rob Percival [Fri, 4 Mar 2016 20:37:28 +0000 (20:37 +0000)]
Makes SCT_LIST_set_source return the number of successes

No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix locking in ssl_cert_dup()
Todd Short [Wed, 9 Mar 2016 15:01:43 +0000 (10:01 -0500)]
Fix locking in ssl_cert_dup()

Properly check the return value of CRYPTO_THREAD_lock_new()

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoRestore building out of source with the unified build scheme
Richard Levitte [Wed, 9 Mar 2016 15:05:13 +0000 (16:05 +0100)]
Restore building out of source with the unified build scheme

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoCT test can't run without EC, so skip it on that algo as well
Richard Levitte [Wed, 9 Mar 2016 15:35:48 +0000 (16:35 +0100)]
CT test can't run without EC, so skip it on that algo as well

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix ct_test to not assume it's in the source directory
Richard Levitte [Wed, 9 Mar 2016 13:10:05 +0000 (14:10 +0100)]
Fix ct_test to not assume it's in the source directory

ct_test assumed it's run in the source directory and failed when built
elsewhere.  It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.

Test recipe updated to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoUpdate CHANGES and NEWS
Matt Caswell [Wed, 9 Mar 2016 13:00:37 +0000 (13:00 +0000)]
Update CHANGES and NEWS

Update the CHANGES and NEWS files with information about the recently added
AFALG engine and pipelining.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix classic build
Matt Caswell [Wed, 9 Mar 2016 14:58:42 +0000 (14:58 +0000)]
Fix classic build

The Thread API changes broke classic build. This fixes it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoIn build.info, an IF within a clause that's skipped over shouldn't apply
Richard Levitte [Wed, 9 Mar 2016 13:33:37 +0000 (14:33 +0100)]
In build.info, an IF within a clause that's skipped over shouldn't apply

If we find an IF within a clause that's skipped over, set it to be
skipped as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoAdd an entry in NEWS about the new threading API
Matt Caswell [Wed, 9 Mar 2016 12:33:26 +0000 (12:33 +0000)]
Add an entry in NEWS about the new threading API

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoUpdate CHANGES for the new threading API
Matt Caswell [Wed, 9 Mar 2016 11:20:15 +0000 (11:20 +0000)]
Update CHANGES for the new threading API

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoRemove the old threading API
Matt Caswell [Wed, 9 Mar 2016 10:35:53 +0000 (10:35 +0000)]
Remove the old threading API

All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoRemove use of the old CRYPTO_LOCK_X5O9_STORE
Matt Caswell [Wed, 9 Mar 2016 09:52:39 +0000 (09:52 +0000)]
Remove use of the old CRYPTO_LOCK_X5O9_STORE

The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoDon't call ENGINE_cleanup when configured "no-engine"
Richard Levitte [Wed, 9 Mar 2016 11:52:50 +0000 (12:52 +0100)]
Don't call ENGINE_cleanup when configured "no-engine"

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoDon't add engines if configured "no-engine"
Richard Levitte [Wed, 9 Mar 2016 08:05:43 +0000 (09:05 +0100)]
Don't add engines if configured "no-engine"

Similarly, don't add e_capi if configured "no-capieng"

Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoDon't add afalg engine if configured "no-engine"
Richard Levitte [Wed, 9 Mar 2016 08:05:03 +0000 (09:05 +0100)]
Don't add afalg engine if configured "no-engine"

Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoDon't check the conditions to build e_afalg if configured "no-engine"
Richard Levitte [Wed, 9 Mar 2016 08:04:01 +0000 (09:04 +0100)]
Don't check the conditions to build e_afalg if configured "no-engine"

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoHave Configure display the value of SHARED_CFLAG
Richard Levitte [Fri, 4 Mar 2016 14:41:42 +0000 (15:41 +0100)]
Have Configure display the value of SHARED_CFLAG

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoMake sure the effect of "pic" / "no-pic" is used with assembler compilations
Richard Levitte [Fri, 4 Mar 2016 14:36:07 +0000 (15:36 +0100)]
Make sure the effect of "pic" / "no-pic" is used with assembler compilations

Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.

Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).

However, ASFLAGS was forgotten.  That's what's corrected with this
change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoTouch the correct variables for the system; shlib_wrap.sh on Solaris
Richard Levitte [Wed, 9 Mar 2016 10:36:32 +0000 (11:36 +0100)]
Touch the correct variables for the system; shlib_wrap.sh on Solaris

If there is cause to think LD_LIBRARY_PATH_32 and LD_PRELOAD_32 are
appropriate variables to touch, do so.  Otherwise, touch the usual
LD_LIBRARY_PATH and LD_PRELOAD.  This covers for older installations
that don't have a mix of 32-bit and 64-bit libs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoRecognise 32-bit Solaris in util/shlib_wrap.sh
Richard Levitte [Sun, 6 Mar 2016 21:36:57 +0000 (22:36 +0100)]
Recognise 32-bit Solaris in util/shlib_wrap.sh

Submitted by Erik Forsberg <erik@efca.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoCheck gcc version to see if it supports -MM and friends
Richard Levitte [Tue, 8 Mar 2016 16:16:16 +0000 (17:16 +0100)]
Check gcc version to see if it supports -MM and friends

According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options.  We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoAdd extra include directory for includers of ppc_arch.h
Richard Levitte [Tue, 8 Mar 2016 21:22:53 +0000 (22:22 +0100)]
Add extra include directory for includers of ppc_arch.h

crypto/evp/e_aes.c and crypto/modes/gcm128.c include ppc_arch.h, which
is located in crypto/, so add that as extra include directory for them.

Issue reported by Jeffrey Walton <noloader@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoAdapt INSTALL and related notes for Windows
Richard Levitte [Tue, 8 Mar 2016 13:44:46 +0000 (14:44 +0100)]
Adapt INSTALL and related notes for Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt appveyor.yml for the new unified build
Richard Levitte [Mon, 7 Mar 2016 18:18:42 +0000 (19:18 +0100)]
Adapt appveyor.yml for the new unified build

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt the Windows makefile template to source generation
Richard Levitte [Mon, 7 Mar 2016 13:12:45 +0000 (14:12 +0100)]
Adapt the Windows makefile template to source generation

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDon't run the TLSProxy based tests in native Windows
Richard Levitte [Sat, 5 Mar 2016 18:59:30 +0000 (19:59 +0100)]
Don't run the TLSProxy based tests in native Windows

There are issues binding listening ports.  This may be analyzed more
thoroughly later on.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUnified - name native Windows shared libraries like MingW builds do
Richard Levitte [Sat, 5 Mar 2016 19:02:05 +0000 (20:02 +0100)]
Unified - name native Windows shared libraries like MingW builds do

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUnified - extract settings from util/pl/VC-32.pl and make the config settings
Richard Levitte [Wed, 2 Mar 2016 15:12:22 +0000 (16:12 +0100)]
Unified - extract settings from util/pl/VC-32.pl and make the config settings

This introduces the settings loutflag and aroutflag, because different
Windows tools that do the same thing have different ways to specify
the output file.

The Borland C++ config is commented away for the monent, perhaps
permanently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUnified - a native Windows makefile template
Richard Levitte [Wed, 2 Mar 2016 11:29:56 +0000 (12:29 +0100)]
Unified - a native Windows makefile template

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
Andy Polyakov [Mon, 7 Mar 2016 22:50:01 +0000 (23:50 +0100)]
ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.

RT#4284

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt mk1mf.pl and companions to changed perlasm script semantics
Richard Levitte [Mon, 7 Mar 2016 23:33:08 +0000 (00:33 +0100)]
Adapt mk1mf.pl and companions to changed perlasm script semantics

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoUnified - adapt the generation of whirlpool assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:50:21 +0000 (15:50 +0100)]
Unified - adapt the generation of whirlpool assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/whrlpool/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of sha assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:49:53 +0000 (15:49 +0100)]
Unified - adapt the generation of sha assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/sha/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of rc4 assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:48:49 +0000 (15:48 +0100)]
Unified - adapt the generation of rc4 assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc4/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of rc5 assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:49:09 +0000 (15:49 +0100)]
Unified - adapt the generation of rc5 assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc5/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of ripemd assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:49:34 +0000 (15:49 +0100)]
Unified - adapt the generation of ripemd assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/ripemd/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of md5 assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:47:35 +0000 (15:47 +0100)]
Unified - adapt the generation of md5 assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/md5/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of modes assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:47:57 +0000 (15:47 +0100)]
Unified - adapt the generation of modes assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/modes/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of poly1305 assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:48:25 +0000 (15:48 +0100)]
Unified - adapt the generation of poly1305 assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/poly1305/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of des assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:46:42 +0000 (15:46 +0100)]
Unified - adapt the generation of des assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/des/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of ec assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:47:09 +0000 (15:47 +0100)]
Unified - adapt the generation of ec assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/ec/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of camellia assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:43:26 +0000 (15:43 +0100)]
Unified - adapt the generation of camellia assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/camellia/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of cast assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:45:39 +0000 (15:45 +0100)]
Unified - adapt the generation of cast assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/cast/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of chacha assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:46:17 +0000 (15:46 +0100)]
Unified - adapt the generation of chacha assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/chacha/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoBecause crypto/build.info demands CFLAGS_Q, descrip.mms.tmpl must deliver
Richard Levitte [Mon, 7 Mar 2016 18:48:17 +0000 (19:48 +0100)]
Because crypto/build.info demands CFLAGS_Q, descrip.mms.tmpl must deliver

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of cpuid, uplink and buildinf to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:00:45 +0000 (15:00 +0100)]
Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of aes assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:07:35 +0000 (15:07 +0100)]
Unified - adapt the generation of aes assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/aes/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUnified - adapt the generation of blowfish assembler to use GENERATE
Richard Levitte [Mon, 7 Mar 2016 14:13:01 +0000 (15:13 +0100)]
Unified - adapt the generation of blowfish assembler to use GENERATE

This gets rid of the BEGINRAW..ENDRAW sections in crypto/bf/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoConvert the dynlocks in e_chil to the new Thread API locks
Richard Levitte [Wed, 9 Mar 2016 09:51:30 +0000 (10:51 +0100)]
Convert the dynlocks in e_chil to the new Thread API locks

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoRemove another lock from e_chil
Matt Caswell [Wed, 9 Mar 2016 01:07:26 +0000 (01:07 +0000)]
Remove another lock from e_chil

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAlways call ENGINE_cleanup() in de-init
Matt Caswell [Wed, 9 Mar 2016 00:53:38 +0000 (00:53 +0000)]
Always call ENGINE_cleanup() in de-init

Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoMove chil engine to the new thread api
Matt Caswell [Tue, 8 Mar 2016 21:50:46 +0000 (21:50 +0000)]
Move chil engine to the new thread api

Move the chil engine to use the new thread API. As I don't have access to
the hardware I can't test this :-(. I think its ok...

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoMove engine library over to using the new thread API
Matt Caswell [Tue, 8 Mar 2016 16:44:34 +0000 (16:44 +0000)]
Move engine library over to using the new thread API

Remove usage of CRYPTO_LOCK_ENGINE

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoerr_lcl.h is gone, don't pretend it's there
Richard Levitte [Wed, 9 Mar 2016 07:38:11 +0000 (08:38 +0100)]
err_lcl.h is gone, don't pretend it's there

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoAdd missing semi
Richard Levitte [Wed, 9 Mar 2016 07:32:20 +0000 (08:32 +0100)]
Add missing semi

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoCounter mixed signedness with a cast
Richard Levitte [Wed, 9 Mar 2016 07:18:54 +0000 (08:18 +0100)]
Counter mixed signedness with a cast

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoFix names of the #define used for platform specific code
Andrea Grandi [Tue, 8 Mar 2016 04:51:04 +0000 (04:51 +0000)]
Fix names of the #define used for platform specific code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd empty line after local variables
Andrea Grandi [Mon, 7 Mar 2016 11:20:01 +0000 (11:20 +0000)]
Add empty line after local variables

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix error with wait set of fds for the select()
Andrea Grandi [Thu, 3 Mar 2016 07:09:00 +0000 (07:09 +0000)]
Fix error with wait set of fds for the select()

It also makes the call to select blocking to reduce CPU usage

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse correct function ID in error path
Alessandro Ghedini [Tue, 8 Mar 2016 23:12:53 +0000 (23:12 +0000)]
Use correct function ID in error path

This fixes "make update".

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoMove variable declaration to the start of the function
Alessandro Ghedini [Tue, 8 Mar 2016 21:58:17 +0000 (21:58 +0000)]
Move variable declaration to the start of the function

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoEnsure CRYPTO_mem_leaks is the last thing we do
Matt Caswell [Wed, 9 Mar 2016 00:03:50 +0000 (00:03 +0000)]
Ensure CRYPTO_mem_leaks is the last thing we do

CRYPTO_mem_leaks de-inits the library, so we must not do anything
interesting after we've used it!

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix memory leak in ssltest
Matt Caswell [Tue, 8 Mar 2016 20:59:50 +0000 (20:59 +0000)]
Fix memory leak in ssltest

The new Rand usage of Thread API exposed a bug in ssltest. ssltest "cheats"
and uses internal headers to directly call functions that normally you
wouldn't be able to do. This means that auto-init doesn't happen, and
therefore auto-deinit doesn't happen either, meaning that the new rand locks
don't get cleaned up properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoConvert rand code to new threading API
Matt Caswell [Tue, 8 Mar 2016 11:40:05 +0000 (11:40 +0000)]
Convert rand code to new threading API

Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread
API style locks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt unix Makefile template to 'no-makedepend'
Richard Levitte [Wed, 9 Mar 2016 00:17:27 +0000 (01:17 +0100)]
Adapt unix Makefile template to 'no-makedepend'

This change is a bit more complex, as it involves several recipe
variants.

Also, remove the $(CROSS_COMPILE) prefix for the makedepend program.
When we use the program "makedepend", this doesn't serve anything,
and when we use the compiler, this value isn't even used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt descrip.mms.tmpl to 'no-makedepend'
Richard Levitte [Wed, 9 Mar 2016 00:16:10 +0000 (01:16 +0100)]
Adapt descrip.mms.tmpl to 'no-makedepend'

VMS doesn't have "makedepend" anyway, so this is just a matter of using
the right qualifiers when 'makedepend' is enabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd the configure option 'no-makedepend'
Richard Levitte [Wed, 9 Mar 2016 00:14:29 +0000 (01:14 +0100)]
Add the configure option 'no-makedepend'

If no makedepend program or equaly capable compiler is present,
'makedepend' gets disabled automatically.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix SSL_CIPHER_get_auth_nid return
Todd Short [Tue, 8 Mar 2016 19:27:23 +0000 (14:27 -0500)]
Fix SSL_CIPHER_get_auth_nid return

Copy/paste error between SSL_CIPHER_get_kx_nid() and
SSL_CIPHER_get_auth_nid(), wrong table was referenced

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix a typo in dynamic_load()
Richard Levitte [Wed, 9 Mar 2016 00:39:00 +0000 (01:39 +0100)]
Fix a typo in dynamic_load()

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoConvert RSA blinding to new multi-threading API
Alessandro Ghedini [Tue, 8 Mar 2016 22:37:01 +0000 (22:37 +0000)]
Convert RSA blinding to new multi-threading API

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoConvert CRYPTO_LOCK_SSL_* to new multi-threading API
Alessandro Ghedini [Mon, 29 Feb 2016 17:26:07 +0000 (17:26 +0000)]
Convert CRYPTO_LOCK_SSL_* to new multi-threading API

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove the transfer of lock hooks from bind_engine
Richard Levitte [Tue, 8 Mar 2016 23:07:10 +0000 (00:07 +0100)]
Remove the transfer of lock hooks from bind_engine

With the new threads API, this is no longer needed.

Reviewed-by: Matt Caswell <matt@openssl.org>