Commit Graph

282 Commits

Author SHA1 Message Date
Richard Levitte
b646179229 Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
2024-04-09 13:43:26 +02:00
John Kohl
b332dbb3ed AIX: Implement shared_target = "aix-solib" support
This builds shared libraries as libxxx.so, libxxx.so.ver and static
libraries as libxxx.a.  For shlib_variant builds, it builds libxxx.so,
libxxxvariant.so.ver, and libxxxx.a.  libxxx.so is a linker import
library that directs the linker to embed a run-time dependency
reference to libxxxvariant.so.ver.  Only libxxxvariant.so.ver is needed
at runtime.

Fixes #21518

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21540)
2024-02-05 10:10:25 +01:00
FdaSilvaYY
d7f3a2cc86 Fix various typos, repeated words, align some spelling to LDP.
Partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12 16:55:28 +11:00
Daniel Fiala
e5f831a065 mkdef.pl: Add cmd-line flag to differentiate shared libs and DSO.
Fixes openssl#16984.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18284)
2022-05-13 10:39:16 +02:00
Matt Caswell
f5afac4bda Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)
2021-04-22 14:38:44 +01:00
Tanzinul Islam
491a1e3363 Link with .def files
MSVC's `link.exe` automatically finds `__cdecl` C functions (which are
decorated with a leading underscore by the compiler) when they are
mentioned in a `.def` file without the leading underscore.  This is an
[under-documented feature][1] of MSVC's `link.exe`.  C++Builder's
`ilink32.exe` doesn't do this, and thus needs the name-translation in
the `.def` file.  Then `implib.exe` needs to be told to re-add it.

(The Clang-based `bcc32c.exe` doesn't implement the [`-vu` or `-u-`][2]
options to skip adding the leading underscore to `__cdecl` C function
names, so this is the only way to have things work with non-underscored
export names in the DLLs.)

[1]: https://github.com/MicrosoftDocs/cpp-docs/issues/2653
[2]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Options_Not_Supported_by_Clang-enhanced_C%2B%2B_Compilers#BCC32_Options_that_Are_Not_Supported_by_Clang-enhanced_C.2B.2B_Compilers

Also silence linker warnings on duplicate symbols and ensure that error-
case cleanup in link rules work in C++Builder's `make.exe`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)
2021-04-19 11:05:55 +02:00
Richard Levitte
7a032be7f2 Build: Make NonStop shared libraries only export selected symbols
We can now re-enable test/recipes/01-test_symbol_presence.t for NonStop.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12962)
2020-09-25 12:05:47 +02:00
Richard Levitte
3a19f1a9dd Configuration and build: Fix solaris tags
The shared_target attrribute for Solaris built with gcc wasn't right
and shared libraries couldn't be properly built.

Fixes #12356

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12360)
2020-07-04 10:38:46 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Rich Salz
0eb1546634 Add $debug variable and use it
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10852)
2020-02-17 12:15:12 +10:00
Richard Levitte
a6a4d0acd2 Change the logic and behaviour surrounding '--api' and 'no-deprecated'
At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.

At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis.  In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.

At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level.  BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.

This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.

If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.

Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired.  For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().

Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value.  If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
2019-11-07 11:37:25 +01:00
Richard Levitte
e4f2d539f6 util/mkdef.pl: writer_VMS(): handle symbols with no assigned number
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Rich Salz
211da00b79 Remove EXPORT_VAR_AS_FUNC
We only export functions, not global, so remove the config option
and some of the #ifdef stuff.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9285)
2019-07-01 20:13:03 -04:00
Richard Levitte
9afc2b92fe Rework building: adapt some scripts
The platform module collection is made in such a way that any Perl
script that wants to take part of the available information can use
them just as well as the build system.

This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl,
and util/shlib_wrap.sh.in

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
72818ef005 util/mkdef.pl: Remove a ';' that snuck in
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7868)
2018-12-11 11:30:15 +01:00
Richard Levitte
d1c87578a2 VMS: fix library compatibility settings in util/mkdef.pl
The regexp to parse the incoming version number was flawed, and since
we allow ourselves to add missing APIs in PATCH releases, the
compatibility settings still need to include the PATCH part of the
version number.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7858)
2018-12-10 13:42:41 +01:00
Richard Levitte
9059ab425a Following the license change, modify the boilerplates in util/, tools/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)
2018-12-06 14:17:23 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
2284f64c87 util/mkdef.pl: prepare for DEPRECATEDIN_X
This is in preparation for new versioning scheme, where the
recommendation is to start deprecations at major version boundary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Benjamin Kaduk
a5fcce6b95 mkdef: bsd-gcc uses solaris symbol version scripts
As for linux, make bsd-gcc an alias to the solaris semantics for
shared library symbol version handling.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7376)
2018-10-09 10:55:41 -05:00
Richard Levitte
36d3acb91d util/mkdef.pl: for VMS, allow generation of case insensitive symbol vector
Some modules are built with case insensitive (uppercase) symbols on
VMS.  This needs to be reflected in the export symbol vector.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Richard Levitte
97624638b0 util/mkdef.pl: Produce version scripts from unversioned symbols
This allows setting up export maps for DSOs as well in a uniform way.
This also means that util/mkdef.pl no longer picks up the target
version from configdata.pm, and it has to be given on the command line
instead.  This may be used to give modules separate versions as well,
if desirable.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Richard Levitte
ab1e5495e4 Move ZLIB from 'platforms' to 'features'
Having it as a 'platform' was conceptually wrong from from the
beginning, and makes decoding more complicated than necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
8effd8fa67 Refactor util/mkdef.pl for clearer separation of functionality
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
ef2dfc9902 Refactor linker script generation
The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.

Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things.  What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.

"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms.  The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.

Note that this adds extra meaning to the value of the shared_target
attribute.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)
2018-10-01 09:49:16 +02:00
Richard Levitte
7e09c5eaa5 Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Richard Levitte
d3c72e392a util/mkdef.pl, util/add-depends.pl: don't lowercase file names
It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).

Fixes #7172

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)
2018-09-20 13:43:22 +02:00
Andy Polyakov
d3273ef6c5 Configurations/10-main.conf: replace -bexpall with explicit list on AIX.
[omit even -b:SRE, as it's implied by -G flag.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6453)
2018-06-13 10:48:27 +02:00
Richard Levitte
2285c0f624 VMS: have mkdef.pl parse lettered versions properly
Fixes #6449

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6450)

(cherry picked from commit 9a236d5a71)
2018-06-11 16:45:50 +02:00
Matt Caswell
d8f031e890 Move the loading of the ssl_conf module to libcrypto
The GOST engine needs to be loaded before we initialise libssl. Otherwise
the GOST ciphersuites are not enabled. However the SSL conf module must
be loaded before we initialise libcrypto. Otherwise we will fail to read
the SSL config from a config file properly.

Another problem is that an application may make use of both libcrypto and
libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto()
is called and loads a config file it will fail if that config file has
any libssl stuff in it.

This commit separates out the loading of the SSL conf module from the
interpretation of its contents. The loading piece doesn't know anything
about SSL so this can be moved to libcrypto. The interpretation of what it
means remains in libssl. This means we can load the SSL conf data before
libssl is there and interpret it when it later becomes available.

Fixes #5809

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5818)
2018-04-05 15:30:12 +01:00
Dr. Matthias St. Pierre
6decf9436f Publish the RAND_DRBG API
Fixes #4403

This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.

Documentation for the new API is work in progress on GitHub #5461.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)
2018-03-15 18:58:38 +01:00
Richard Levitte
b53fdad0e4 util/mkdef.pl: use better array in search of 'DEPRECATEDIN_'
%disabled_algorithms isn't necessarily initialised with the "algos"
'DEPRECATEDIN_1_1_0' etc.  However, we know that @known_algorithms has
them all, so use that to find them instead.

Fixes #5157
(where this was reported)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5282)
2018-02-08 12:33:08 +01:00
Richard Levitte
54f3b7d2f5 util/mkdef.pl: Trust configdata.pm
This script kept its own database of disablable algorithms, which is a
maintenance problem, as it's not always perfectly in sync with what
Configure does.  However, we do have all the data in configdata.pm,
produced by Configure, so let's use that instead.

Also, make sure to parse the *err.h header files, as they contain
function declarations that might not be present elsewhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5157)
2018-02-06 13:31:35 +01:00
Richard Levitte
3c7d0945b6 Update copyright years on all files merged since Jan 1st 2018
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5038)
2018-01-09 05:49:01 +01:00
David von Oheimb
ab307dc645 Various small build improvements on mkdef.pl, progs.pl, crypto/init.c, crypto/mem.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4994)
2018-01-09 04:02:34 +01:00
Richard Levitte
8118368079 Build file templates: Replace the use of Makefile.shared
Because this also includes handling all sorts of non-object files when
linking a program, shared library or DSO, this also includes allowing
general recognition of files such as .res files (compiled from .rc
files), or .def / .map / .opt files (for export and possibly
versioning of public symbols only).

This does mean that there's a tangible change for all build file
templates: they must now recognise and handle the `.o` extension,
which is used internally to recognise object files internally.  This
extension was removed by common.tmpl before this change, but would
mean that the platform specific templates wouldn't know if "foo.map"
was originally "foo.map.o" (i.e. an object file in its own right) or
"foo.map" (an export definition file that should be treated as such,
not as an object file).

For the sake of simplifying things, we also modify util/mkdef.pl to
produce .def (Windows) and .opt (VMS) files that don't need additional
hackery.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
2017-12-12 17:18:07 +01:00
Viktor Dukhovni
822b5e2645 Make possible variant SONAMEs and symbol versions
This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries.  A "variant"
shared library has a non-default SONAME, and non default symbol
versions.  This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.

Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.

Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names.  MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.

Variant shared libraries are optional and off by default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-11-30 18:33:58 -05:00
Josh Soref
46f4e1bec5 Many spelling fixes/typo's corrected.
Around 138 distinct errors found and fixed; thanks!

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
2017-11-11 19:03:10 -05:00
Jack Lloyd
a0c3e4fa90 SM3: Add SM3 hash function
SM3 is a secure hash function which is part of the Chinese
"Commercial Cryptography" suite of algorithms which use is
required for certain commercial applications in China.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:11 +08:00
Ronald Tse
f19a5ff9ab SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-31 15:19:14 +10:00
Richard Levitte
e66b62b86e util/mkdef.pl: handle line terminators correctly
When parsing the header files, mkdef.pl didn't clear the line
terminator properly.  In most cases, this didn't matter, but there
were moments when this caused parsing errors (such as CRLFs in certain
cases).

Fixes #4267

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4304)
2017-08-31 19:20:30 +02:00
FdaSilvaYY
a303e9a6a8 fix some typos
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-16 10:36:34 -04:00
Richard Levitte
8d2214c0a4 File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:31:18 +02:00
Richard Levitte
102c9e1296 Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
File::Glob::glob is deprecated, it's use generates this kind of
message:

    File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277.

So instead, use a construction that makes the caller glob() use
File::Glob::bsd_glob().

Note that we're still excluding VMS, as it's directory specs use '['
and ']', which have a different meaning with bsd_glob and would need
some extra quoting.  This might change, but later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-28 14:45:17 +02:00
Rich Salz
12fb8c3d2d Add DRBG random method
Ported from the last FIPS release, with DUAL_EC and SHA1 and the
self-tests removed.  Since only AES-CTR is supported, other code
simplifications were done.  Removed the "entropy blocklen" concept.

Moved internal functions to new include/internal/rand.h.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3789)
2017-07-19 03:25:16 -04:00
Richard Levitte
48feaceb53 Remove the possibility to disable the UI module entirely
Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)
2017-07-03 07:51:04 +02:00
Richard Levitte
0e288c2af2 util/mkdef.pl: Make symbol version processing Linux only
For Windows, we care which way it is, the resulting file is just a pile
of symbols.  For VMS, we really need to care about the numeric ordering,
and getting the symbols sorted by symbol version too didn't agree with
that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29 21:19:53 +02:00
Richard Levitte
9c06cf04ee util/mkdef.pl: Add UNIX as a platform
This allows us to guard Unix specific functions with
#ifndef / #ifdef OPENSSL_SYS_UNIX

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29 21:19:53 +02:00
Rich Salz
52df25cf2e make error tables const and separate header file
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
2017-06-07 15:12:03 -04:00
Richard Levitte
f120fa1efe Fix util/mkdef.pl
The deprecation checking code here didn't work the same way as in
Configure, and used $config{options} to find an --api= option that
was never there.  This is replaced with checking $config{api}, which
is the controlling variable for deprecation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00