Kurt Roeckx [Sun, 7 Feb 2016 19:20:01 +0000 (20:20 +0100)]
IDEA is not supported in TLS 1.2
This currently seems to be the only cipher we still support that should get
disabled.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 19:17:07 +0000 (20:17 +0100)]
Add support for minimum and maximum protocol version supported by a cipher
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 19:07:21 +0000 (20:07 +0100)]
Add ssl_get_client_min_max_version() function
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 19:11:56 +0000 (20:11 +0100)]
Make SSL_CIPHER_get_version return a const char *
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 16:52:22 +0000 (17:52 +0100)]
Remove unused code
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 19:56:40 +0000 (20:56 +0100)]
Make function to convert version to string
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Kurt Roeckx [Sun, 7 Feb 2016 19:44:27 +0000 (20:44 +0100)]
Constify security callbacks
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Rob Percival [Wed, 9 Mar 2016 03:12:25 +0000 (03:12 +0000)]
Documentation for ctx_set_ctlog_list_file()
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Fri, 4 Mar 2016 19:07:25 +0000 (19:07 +0000)]
Minor improvement to formatting of SCT output in s_client
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Fri, 4 Mar 2016 19:06:43 +0000 (19:06 +0000)]
Do not display a CT log error message if CT validation is disabled
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Wed, 9 Mar 2016 16:56:42 +0000 (11:56 -0500)]
RT3676: Expose ECgroup i2d functions
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 16:18:07 +0000 (17:18 +0100)]
Comment away the extra checks in Configure
The "extra checks" is a debugging tool to check the config resolving
mechanism. It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.
So, it gets commented away, but stays otherwise in place, as it may be
useful again.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 16:24:34 +0000 (17:24 +0100)]
Make ct_dir and certs_dir static in test/ct_test.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 13:10:05 +0000 (14:10 +0100)]
Fix ct_test to not assume it's in the source directory
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Wed, 9 Mar 2016 15:23:58 +0000 (15:23 +0000)]
Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Wed, 9 Mar 2016 02:46:15 +0000 (02:46 +0000)]
Make SCT literals into const variables in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 19:20:22 +0000 (19:20 +0000)]
Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 19:09:06 +0000 (19:09 +0000)]
Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 18:58:03 +0000 (18:58 +0000)]
Makes SCT_get0_log return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 18:55:55 +0000 (18:55 +0000)]
Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 18:37:16 +0000 (18:37 +0000)]
Improved documentation of SCT_CTX_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 18:07:10 +0000 (18:07 +0000)]
Updates ct_err.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 17:38:41 +0000 (17:38 +0000)]
Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Tue, 8 Mar 2016 17:35:40 +0000 (17:35 +0000)]
Reset SCT validation_status if the SCT is modified
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Mon, 7 Mar 2016 18:41:43 +0000 (18:41 +0000)]
Use SCT_VERSION_V1 in place of literal 0 in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Mon, 7 Mar 2016 18:38:17 +0000 (18:38 +0000)]
Fixes "usuable" typo in ct_locl.h
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Mon, 7 Mar 2016 18:38:06 +0000 (18:38 +0000)]
Treat boolean functions as booleans
Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Fri, 4 Mar 2016 19:52:45 +0000 (19:52 +0000)]
Make parameters of CTLOG_get* const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Fri, 4 Mar 2016 19:51:43 +0000 (19:51 +0000)]
Extensive application of __owur to CT functions that return a boolean
Also improves some documentation of those functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Percival [Fri, 4 Mar 2016 20:37:28 +0000 (20:37 +0000)]
Makes SCT_LIST_set_source return the number of successes
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Todd Short [Wed, 9 Mar 2016 15:01:43 +0000 (10:01 -0500)]
Fix locking in ssl_cert_dup()
Properly check the return value of CRYPTO_THREAD_lock_new()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 15:05:13 +0000 (16:05 +0100)]
Restore building out of source with the unified build scheme
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 15:35:48 +0000 (16:35 +0100)]
CT test can't run without EC, so skip it on that algo as well
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 13:10:05 +0000 (14:10 +0100)]
Fix ct_test to not assume it's in the source directory
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 13:00:37 +0000 (13:00 +0000)]
Update CHANGES and NEWS
Update the CHANGES and NEWS files with information about the recently added
AFALG engine and pipelining.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 14:58:42 +0000 (14:58 +0000)]
Fix classic build
The Thread API changes broke classic build. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 13:33:37 +0000 (14:33 +0100)]
In build.info, an IF within a clause that's skipped over shouldn't apply
If we find an IF within a clause that's skipped over, set it to be
skipped as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 12:33:26 +0000 (12:33 +0000)]
Add an entry in NEWS about the new threading API
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 11:20:15 +0000 (11:20 +0000)]
Update CHANGES for the new threading API
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 10:35:53 +0000 (10:35 +0000)]
Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 09:52:39 +0000 (09:52 +0000)]
Remove use of the old CRYPTO_LOCK_X5O9_STORE
The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 11:52:50 +0000 (12:52 +0100)]
Don't call ENGINE_cleanup when configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 08:05:43 +0000 (09:05 +0100)]
Don't add engines if configured "no-engine"
Similarly, don't add e_capi if configured "no-capieng"
Also, indent a little deeper, for clarity.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 08:05:03 +0000 (09:05 +0100)]
Don't add afalg engine if configured "no-engine"
Also, indent a little deeper, for clarity.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 08:04:01 +0000 (09:04 +0100)]
Don't check the conditions to build e_afalg if configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Fri, 4 Mar 2016 14:41:42 +0000 (15:41 +0100)]
Have Configure display the value of SHARED_CFLAG
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Fri, 4 Mar 2016 14:36:07 +0000 (15:36 +0100)]
Make sure the effect of "pic" / "no-pic" is used with assembler compilations
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.
Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).
However, ASFLAGS was forgotten. That's what's corrected with this
change.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 10:36:32 +0000 (11:36 +0100)]
Touch the correct variables for the system; shlib_wrap.sh on Solaris
If there is cause to think LD_LIBRARY_PATH_32 and LD_PRELOAD_32 are
appropriate variables to touch, do so. Otherwise, touch the usual
LD_LIBRARY_PATH and LD_PRELOAD. This covers for older installations
that don't have a mix of 32-bit and 64-bit libs.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Sun, 6 Mar 2016 21:36:57 +0000 (22:36 +0100)]
Recognise 32-bit Solaris in util/shlib_wrap.sh
Submitted by Erik Forsberg <erik@efca.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Tue, 8 Mar 2016 16:16:16 +0000 (17:16 +0100)]
Check gcc version to see if it supports -MM and friends
According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options. We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Tue, 8 Mar 2016 21:22:53 +0000 (22:22 +0100)]
Add extra include directory for includers of ppc_arch.h
crypto/evp/e_aes.c and crypto/modes/gcm128.c include ppc_arch.h, which
is located in crypto/, so add that as extra include directory for them.
Issue reported by Jeffrey Walton <noloader@gmail.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Tue, 8 Mar 2016 13:44:46 +0000 (14:44 +0100)]
Adapt INSTALL and related notes for Windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 18:18:42 +0000 (19:18 +0100)]
Adapt appveyor.yml for the new unified build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 13:12:45 +0000 (14:12 +0100)]
Adapt the Windows makefile template to source generation
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sat, 5 Mar 2016 18:59:30 +0000 (19:59 +0100)]
Don't run the TLSProxy based tests in native Windows
There are issues binding listening ports. This may be analyzed more
thoroughly later on.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sat, 5 Mar 2016 19:02:05 +0000 (20:02 +0100)]
Unified - name native Windows shared libraries like MingW builds do
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 2 Mar 2016 15:12:22 +0000 (16:12 +0100)]
Unified - extract settings from util/pl/VC-32.pl and make the config settings
This introduces the settings loutflag and aroutflag, because different
Windows tools that do the same thing have different ways to specify
the output file.
The Borland C++ config is commented away for the monent, perhaps
permanently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 2 Mar 2016 11:29:56 +0000 (12:29 +0100)]
Unified - a native Windows makefile template
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 7 Mar 2016 22:50:01 +0000 (23:50 +0100)]
ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
RT#4284
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 23:33:08 +0000 (00:33 +0100)]
Adapt mk1mf.pl and companions to changed perlasm script semantics
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:50:21 +0000 (15:50 +0100)]
Unified - adapt the generation of whirlpool assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/whrlpool/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:49:53 +0000 (15:49 +0100)]
Unified - adapt the generation of sha assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/sha/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:48:49 +0000 (15:48 +0100)]
Unified - adapt the generation of rc4 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc4/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:49:09 +0000 (15:49 +0100)]
Unified - adapt the generation of rc5 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc5/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:49:34 +0000 (15:49 +0100)]
Unified - adapt the generation of ripemd assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ripemd/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:47:35 +0000 (15:47 +0100)]
Unified - adapt the generation of md5 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/md5/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:47:57 +0000 (15:47 +0100)]
Unified - adapt the generation of modes assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/modes/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:48:25 +0000 (15:48 +0100)]
Unified - adapt the generation of poly1305 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/poly1305/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:46:42 +0000 (15:46 +0100)]
Unified - adapt the generation of des assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/des/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:47:09 +0000 (15:47 +0100)]
Unified - adapt the generation of ec assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ec/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:43:26 +0000 (15:43 +0100)]
Unified - adapt the generation of camellia assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/camellia/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:45:39 +0000 (15:45 +0100)]
Unified - adapt the generation of cast assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/cast/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:46:17 +0000 (15:46 +0100)]
Unified - adapt the generation of chacha assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/chacha/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 18:48:17 +0000 (19:48 +0100)]
Because crypto/build.info demands CFLAGS_Q, descrip.mms.tmpl must deliver
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:00:45 +0000 (15:00 +0100)]
Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:07:35 +0000 (15:07 +0100)]
Unified - adapt the generation of aes assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/aes/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Mon, 7 Mar 2016 14:13:01 +0000 (15:13 +0100)]
Unified - adapt the generation of blowfish assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bf/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 09:51:30 +0000 (10:51 +0100)]
Convert the dynlocks in e_chil to the new Thread API locks
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 01:07:26 +0000 (01:07 +0000)]
Remove another lock from e_chil
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 00:53:38 +0000 (00:53 +0000)]
Always call ENGINE_cleanup() in de-init
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 8 Mar 2016 21:50:46 +0000 (21:50 +0000)]
Move chil engine to the new thread api
Move the chil engine to use the new thread API. As I don't have access to
the hardware I can't test this :-(. I think its ok...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 8 Mar 2016 16:44:34 +0000 (16:44 +0000)]
Move engine library over to using the new thread API
Remove usage of CRYPTO_LOCK_ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 07:38:11 +0000 (08:38 +0100)]
err_lcl.h is gone, don't pretend it's there
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 07:32:20 +0000 (08:32 +0100)]
Add missing semi
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 07:18:54 +0000 (08:18 +0100)]
Counter mixed signedness with a cast
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Andrea Grandi [Tue, 8 Mar 2016 04:51:04 +0000 (04:51 +0000)]
Fix names of the #define used for platform specific code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andrea Grandi [Mon, 7 Mar 2016 11:20:01 +0000 (11:20 +0000)]
Add empty line after local variables
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andrea Grandi [Thu, 3 Mar 2016 07:09:00 +0000 (07:09 +0000)]
Fix error with wait set of fds for the select()
It also makes the call to select blocking to reduce CPU usage
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Alessandro Ghedini [Tue, 8 Mar 2016 23:12:53 +0000 (23:12 +0000)]
Use correct function ID in error path
This fixes "make update".
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Alessandro Ghedini [Tue, 8 Mar 2016 21:58:17 +0000 (21:58 +0000)]
Move variable declaration to the start of the function
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 9 Mar 2016 00:03:50 +0000 (00:03 +0000)]
Ensure CRYPTO_mem_leaks is the last thing we do
CRYPTO_mem_leaks de-inits the library, so we must not do anything
interesting after we've used it!
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 8 Mar 2016 20:59:50 +0000 (20:59 +0000)]
Fix memory leak in ssltest
The new Rand usage of Thread API exposed a bug in ssltest. ssltest "cheats"
and uses internal headers to directly call functions that normally you
wouldn't be able to do. This means that auto-init doesn't happen, and
therefore auto-deinit doesn't happen either, meaning that the new rand locks
don't get cleaned up properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 8 Mar 2016 11:40:05 +0000 (11:40 +0000)]
Convert rand code to new threading API
Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread
API style locks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 00:17:27 +0000 (01:17 +0100)]
Adapt unix Makefile template to 'no-makedepend'
This change is a bit more complex, as it involves several recipe
variants.
Also, remove the $(CROSS_COMPILE) prefix for the makedepend program.
When we use the program "makedepend", this doesn't serve anything,
and when we use the compiler, this value isn't even used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 00:16:10 +0000 (01:16 +0100)]
Adapt descrip.mms.tmpl to 'no-makedepend'
VMS doesn't have "makedepend" anyway, so this is just a matter of using
the right qualifiers when 'makedepend' is enabled.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 00:14:29 +0000 (01:14 +0100)]
Add the configure option 'no-makedepend'
If no makedepend program or equaly capable compiler is present,
'makedepend' gets disabled automatically.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Todd Short [Tue, 8 Mar 2016 19:27:23 +0000 (14:27 -0500)]
Fix SSL_CIPHER_get_auth_nid return
Copy/paste error between SSL_CIPHER_get_kx_nid() and
SSL_CIPHER_get_auth_nid(), wrong table was referenced
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Mar 2016 00:39:00 +0000 (01:39 +0100)]
Fix a typo in dynamic_load()
Reviewed-by: Matt Caswell <matt@openssl.org>
Alessandro Ghedini [Tue, 8 Mar 2016 22:37:01 +0000 (22:37 +0000)]
Convert RSA blinding to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Alessandro Ghedini [Mon, 29 Feb 2016 17:26:07 +0000 (17:26 +0000)]
Convert CRYPTO_LOCK_SSL_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>