Commit Graph

38 Commits

Author SHA1 Message Date
Rich Salz
ff234c6804 Make conf_method_st and conf_st deprecated
So they can be made opaque in a future release.

Fixes #15101

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
2021-06-02 12:40:02 +10:00
Tanzinul Islam
f1ee757daa Resurrect and modernize C++Builder config
Similar configuration to what was deleted in 8e56a422, updated for the
unified build scheme. Use the [Clang-based `bcc32c.exe`][1] to avoid a
[bug][2] with the old one, and increase the `tlib.exe` page size to 256.
Also avoid MSVC-specific C runtime library functions.

[1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Win32_Clang-enhanced_Compilers
[2]: https://quality.embarcadero.com/browse/RSP-31630

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)
2021-04-19 11:05:54 +02:00
Matt Caswell
3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Shane Lontis
f148f7034c Add ossl_ conf symbols
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
2021-03-18 17:52:37 +10:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Shane Lontis
22e27978b2 Add support for passing the libctx to the config loader
The self tests for the fips module are triggered on startup and they need to know the
core's libctx in order to function correctly. As the provider can be autoloaded via configuration
it then needs to propagate the callers libctx down to the provider via the config load.

Note that OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ..) is still called, but will only load the default
configuration if the OPENSSL_CONF environment variable is set.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11240)
2020-03-20 20:25:39 +10:00
Richard Levitte
00db8c60aa Update source files for pre-3.0 deprecation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
2019-11-07 11:37:25 +01:00
Dr. Matthias St. Pierre
f4a96507fb crypto/conf: openssl_config_int() returns unitialized value
openssl_config_int() returns the uninitialized variable `ret`
when compiled with OPENSSL_SYS_UEFI.

Fixes #9026

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9029)
2019-05-29 10:41:47 +10:00
Richard Levitte
905c9a72a7 OPENSSL_config(): restore error agnosticism
Great effort has been made to make initialization more configurable.
However, the behavior of OPENSSL_config() was lost in the process,
having it suddenly generate errors it didn't previously, which is not
how it's documented to behave.

A simple setting of default flags fixes this problem.

Fixes #8528

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8533)
2019-03-20 14:24:46 +01:00
Viktor Dukhovni
df1f538f28 More configurable crypto and ssl library initialization
1.  In addition to overriding the default application name,
    one can now also override the configuration file name
    and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
    processing fails.  But, applications that want to be strict
    about initialization errors can now make explicit flag
    choices via non-null OPENSSL_INIT_SETTINGS that omit the
    CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
    both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
    if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with INIT_BASE_ONLY.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
2019-01-07 14:02:28 -05:00
Richard Levitte
2044d38232 Following the license change, modify the boilerplates in crypto/conf/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7785)
2018-12-06 14:43:29 +01:00
Richard Levitte
fcd2d5a612 Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number.  This was "natural" in the pre-3.0.0 because the version was
this simple number.

With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.

Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:

    -D OPENSSL_API_COMPAT=0x10100000L
    -D OPENSSL_API_COMPAT=3

Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.

Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:

    OPENSSL_API_0_9_8
    OPENSSL_API_1_0_0
    OPENSSL_API_1_1_0
    OPENSSL_API_3

They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Andy Polyakov
3a63c0edab Resolve warnings in VC-WIN32 build, which allows to add /WX.
It's argued that /WX allows to keep better focus on new code, which
motivates its comeback...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:58:57 +01:00
Rich Salz
176db6dc51 Use "" not <> for internal/ includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4217)
2017-08-22 09:54:20 -04:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Roumen Petrov
4015adf0a3 Fix OPENSSL_config with NULL parameter
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 10:25:23 -05:00
Viktor Dukhovni
31305cdf9f Fixes to make no-deprecated work again
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 16:16:08 -05:00
Rich Salz
7253fd550c Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:43:46 -05:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Rich Salz
dfbfd06771 Portability fix
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-09 16:41:25 -05:00
Matt Caswell
35d8fa563c Updates for auto init/deinit review comments
Fixes for the auto-init/deinit code based on review comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:12:02 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Marcus Meissner
434b58457c mark openssl configuration as loaded at end of OPENSSL_config
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #466
2015-11-24 22:01:35 +01:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Rich Salz
abdd677125 Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-01-25 21:07:20 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
14d3b76be8 RT3488: Update doc for OPENSSL_config
Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 13:40:03 -05:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
d318fb79d2 Don't ignore config_name parameter passed to OPENSSL_config(). Use
"openssl_conf" in config file if config_name variable is missing.
2007-04-09 11:45:54 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Dr. Stephen Henson
e84be9b495 New OPENSSL_LOAD_CONF define to load openssl.cnf
when OpenSSL_add_all_algorithms() is called.
2002-02-23 01:00:44 +00:00