This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.
In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available. Mostly done by David Woodhouse.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.
In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
There are header files in crypto/ that are used by the rest of
OpenSSL. Move those to include/internal and adapt the affected source
code, Makefiles and scripts.
The header files that got moved are:
crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h
Reviewed-by: Matt Caswell <matt@openssl.org>
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
- Various old code has been removed
- Varous old #ifdef tests were removed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove OPENSSL_NO_RFCF3779.
Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.
When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.
We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.
By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
o_time.h was removed in commit ff49a94, which breaks "make update"
unless mkdir.pl is updated accordingly.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
disabled by default. If we don't do it this way, it screws up
libeay.num.
* util/libeay.num: make update
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
we need to have them among the symbols that should appear in the
transfer table, at least on VMS (and it wouldn't surprise me if
Windows would whine as well).
PR: 732
Submitted by: Ilya Zakharevich <nospam-abuse@ilyaz.org>
Submitter's comment:
This patch:
a) Introduces a new file os2/backwardify.pl.
b) Introduces a new mk1mf.pl variable $preamble. As you can see, it may
be used also to move some OS-specific code to VC-CE too (the the
first chunk of the patch);
c) The DESCRIPTION specifier of the .def file is made more informative:
now it contains the version number too. On OS/2 it is made conformant
to OS/2 conventions; in particular, when one runs the standard command
BLDLEVEL this.DLL
one can see:
Vendor: www.openssl.org/
Revision: 0.9.7c
Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto. Build for EMX -Zmtd
[I did not make Win32 descriptions as informative as this - I'm afraid to
break something. Be welcome to fix this.]
d) On OS/2 the generated DLL was hardly usable (it had a shared initialized
data segment).
e) On OS/2 the generated DLLs had names like ssl.dll. However, DLL names on
OS/2 are "global data". It is hard to have several DLLs with the same
name on the system. Thus this precluded coexistence of OpenSSL with DLLs
for other SLL implementations - or other name clashes. I transparently
changed the names of the DLLs to open_ssl.dll and cryptssl.dll.
f) The file added in (a) is used to create "forwarder" DLLs, so the
applications expecting the "old" DLL names may use the new DLLs
transparently. (A presence of these DLLs on the system nullifies (e),
but makes old applications work. This is a stopgap measure until the
old applications are relinked. Systems with no old applications do not
need these DLLs, so may enjoy all the benefits of (e).)
The new DLLs are placed in os2/ and os2/noname subdirectories.
g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious
meaningless failures). The change to util/pl/OS2-EMX.pl uses the
variable introduced in (b) to switch the Makefiles to SHELL=sh syntax.
All these backslashes are removed, and the generated Makefiles started to
work.
h) Running os2/OS2-EMX.cmd now prints out what to do next.
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
1. if there are several symbols with the same entry number, sort those
symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
found, since mkerr.pl will add a function declaration after that
comment. Instead, trigger on "Error codes for the \w+ function",
which is the actual start of the error code macros.
Additionally, a few more debugging printouts that helped.
like des_read_password and friends (backward compatibility functions
using this new API are provided). The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
functions on platform were that's the best way to handle exporting
global variables in shared libraries. To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).
To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:
OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
OPENSSL_IMPLEMENT_GLOBAL(double,bar);
To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
OPENSSL_DECLARE_GLOBAL(int,foo);
#define foo OPENSSL_GLOBAL_REF(foo)
OPENSSL_DECLARE_GLOBAL(double,bar);
#define bar OPENSSL_GLOBAL_REF(bar)
The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.
The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.
The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'. This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
* detect "unknown" algorithms (any C macro starting with NO_ that is
not explicitely mentioned in mkdef.pl as a known algorithm) and
report.
* add a number of algorithms that can be deselected.
* look in ssl/kssl.h as well.
* accept multiple whitespace (not just one SPC) in preprocessor lines.
Win32 but it is getting there...
Update mkdef.pl to handle ASN1_ANY and fix headers.
Stop various VC++ warnings.
Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>
Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
process when some symbols are missing. Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.
This was needed for the work I'm doing with shared libraries under
VMS.
existing functions, but really all functions that exist in libeay.num
and ssleay.num. This is a good check on how much we should actually
clean up the number files.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.
The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.
A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
variety of platforms. A few are missing, and they will be added in
eventually, but as this is new stuff, it was better to not break lots of
platforms in one go that we can't easily test. The changes to "Configure"
should illustrate how to add support to other systems if you feel like
having a go.
NB: I'll add something shortly to allow you to add "dlfcn.h" support on
those platforms that don't have (or need) a dlfcn.h header file. (The
symbol for Configure will probably by "dlfcn_no_h").
Thanks to Richard Levitte, who is responsible for the dso_dl.c support,
understanding the trickier aspects of the build process, and giving great
feedback on everything else.
[Don't use this stuff if you're easily offended by changes to the
interface or behaviour - it's still work in progress.]
PR:
