- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
__FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
is slightly changed, the implementation for free() now takes a couple
of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
has been enabled or not. The reason is that if someone swaps out the
malloc(), realloc() and free() implementations, we can't know if they
will use them or not.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Macro definitions "should" be found in $config{defines}, but some
configs haven't transfered macro definitions from their 'cflags'
settings (which isn't mandatory anyway), so check both places.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This check is meaningless on VMS and only produce an error because the
underlying shell (DCL) doesn't understand sh syntax such as '2>&1'.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Depending on user preferences, Configure might get something like
--PREFIX=blah just as well as --prefix=blah, or "SHARED" just as well
as "shared". On VMS, let's therefore lowercase at least the portion
of the argument before a possible equal sign.
For good measure, we lowercase the arguments to be checked in
config.com as well. The original argument is sent on to Configure,
however.
Reviewed-by: Andy Polyakov <appro@openssl.org>
A long time ago, Solaris cc didn't seem to handle -Wl, linker options,
while gcc on Solaris required it. Since then, Solaris cc has
developed to understand -Wl, options, and our little dance to figure
out how to pass linker options to the C compiler that's used isn't
needed any more.
Reviewed-by: Andy Polyakov <appro@openssl.org>
That variable isn't for us, it's for any user, distributor or package
builder that wants one after the section number. "ssl" seems to be
popular...
Reviewed-by: Matt Caswell <matt@openssl.org>
mk1mf was wondering about the options no-heartbeats and
no-crypto-mdebug-backtrace, so we add option hooks them. They only
need to become OPENSSL_NO_ macros in opensslconf.h, so nothing
additional needs to be done.
Also, add "-DOPENSSL_PIC" when shared libraries are produced.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Three header files from crypto/include/internal were used by
util/mkdef.pl. This should never be needed. Some test program used
these, which made it a valid reason at the time to make the some
internal symbols public in the shared libraries, but that's not the
case any more.
However, to be able to link libssl.so, some symbols found in
include/internal headers still need to be made public.
Reviewed-by: Andy Polyakov <appro@openssl.org>
On some platforms, the implementation is such that a signed char
triggers a warning when used with is*() functions. On others, the
behavior is outright buggy when presented with a char that happens
to get promoted to a negative integer.
The safest thing is to cast the char that's used to an unsigned char.
Reviewed-by: Andy Polyakov <appro@openssl.org>
To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.
Use with care!
Reviewed-by: Andy Polyakov <appro@openssl.org>
DllMain is a symbol that needs to be global, but no one needs to know.
However, some compilers will warn if there isn't a declaration before
the function is defined. Just add a declaration before the function
definition.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Most of the times, it seems that socklen_t is unsigned.
Unfortunately, this isn't always the case, and it doesn't compare with
a size_t without warning.
A cast resolves the issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
While IO::Socket::IP is a core perl module (since Perl v5.19.8, or so
says corelist), IO::Socket::INET6 has been around longer, is said to
be more widely deployed, and most importantly, seems to have less bugs
hitting us. We therefore prefer IO::Socket::INET6, and only fall back
to IO::Socket::IP if the former doesn't exist on the local system.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks. These scripts need the environment
variable CC to have the C compiler command.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The installation of man files and html files alike didn't properly
check that file names with different casing could be the same on
case-insensitive file systems. This change fixes that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The ocsp utility is something of a jack-of-all-trades; most anything
related to the OCSP can be done with it. In particular, the manual
page calls out that it can be used as either a client or a server
of the protocol, but there are also a few things that it can do
which do not quite fit into either role, such as encoding an OCSP
request but not sending it, printing out a text form of an OCSP
response (or request) from a file akin to the asn1parse utility,
or performing a lookup into the server-side revocation database
without actually sending a request or response. All three of these
are documented as examples in the manual page, but the documentation
prior to this commit is somewhat misleading, in that when printing
the text form of an OCSP response, the code also attempts to
verify the response, displaying an error message and returning
failure if the response does not verify. (It is possible that
the response would be able to verify with the given example, since
the default trust roots are used for that verification, but OCSP
responses frequently have alternate certification authorities
that would require passing -CAfile or -CApath for verification.)
Tidy up the documentation by passing -noverify for the case of
converting from binary to textual representation, and also
change a few instances of -respin to -reqin as appropriate, note
that the -url option provides the same functionality as the -host
and -path options, clarify that the example that saves an OCSP
response to a file will also perform verification on that response,
and fix a couple grammar nits in the manual page.
Also remove an always-true conditional for rdb != NULL -- there
are no codepaths in which it could be initialized at the time of
this check.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
