Commit Graph

1565 Commits

Author SHA1 Message Date
Rich Salz
99d63d4662 Move manpages to man[1357] structure.
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-26 13:59:52 -04:00
Matt Caswell
455cba54f8 Allow older versions in the *.num files
In 1.1.0 we only allowed a strictly increasing version number in the *.num
files, i.e. you could never introduce a symbol at the end of the *.num file
with a lower version number than the one preceding it. This made sense for
1.1.0. However in master we may be introducing symbols for backport to
1.1.0. Therefore it is ok in master to have a symbol for version 1.1.0c
coming after a symbol for version 1.1.1.

This commit fixes the check in mkdef.pl to be a bit looser to allow this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-17 11:39:50 +01:00
Richard Levitte
71d8ff1a89 Remove automatic RPATH - adapt shlib_wrap.sh
Looking for something starting with '-Wl,-rpath,' isn't good enough,
as someone might give something like '-Wl,--enable-new-dtags,-rpath,/PATH'.
Looking for ',-rpath,' should be safe enough.

We could remove the preloading stuff entirely, but just in case the
user has chosen to given RPATH setting arguments at configuration,
we'd better make sure testing will still work.  Fair warning, there
are some configuration options that do not work with preloaded OpenSSL
libraries, such as the sanity checking ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-13 02:21:51 +02:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
FdaSilvaYY
11542af65a Add some missing types to indent.pro
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 21:39:49 +01:00
Dr. Stephen Henson
b1b4f0a580 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:47 +01:00
David Benjamin
8523288e6d Test CBC mode padding.
This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.

This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
Matt Caswell
a671b3e64a Add OCSP_RESPID_match()
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a Add the ability to set OCSP_RESPID fields
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Richard Levitte
f3ff481f31 VMS: add [.util]shlib_wrap.exe and its build instructions
This is a program for VMS that corresponds to util/shlib_wrap.sh.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 02:40:46 +02:00
Richard Levitte
f6be8315cb util/dofile.pl: report if a template couldn't be loaded
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 01:49:04 +02:00
Richard Levitte
342a1a2379 Allow asan, msan and ubsan to be configured with shared libraries
The background story is that util/shlib_wrap.sh was setting LD_PRELOAD
or similar platform dependent variables, just in case the shared
libraries were built with -rpath.  Unfortunately, this doesn't work
too well with asan, msan or ubsan.

So, the solution is to forbid the combination of shared libraries,
-rpath and any of the sanity analyzers we can configure.

This changes util/shlib_wrap.sh so it only contains the code that sets
LD_PRELOAD when -rpath has been used when configuring.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 21:53:45 +02:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 20:30:45 +01:00
Rob Percival
63e27d4d0f Removes {i2o,o2i}_SCT_signature from the CT public API
They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
cdb2a60347 Internalizes SCT_verify and removes SCT_verify_v1
SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:12:25 +01:00
Kazuki Yamaguchi
9ba6f347fe Expose alloc functions for EC{PK,}PARAMETERS
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The
free functions are necessary because EC_GROUP_get_ec{pk,}parameters()
was made public by commit 60b350a3ef ("RT3676: Expose ECgroup i2d
functions").

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:02 +01:00
Andy Polyakov
9e6b2f54e4 crypto/pkcs12: add UTF8 support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:50:04 +02:00
Dr. Stephen Henson
6b1f413c3a update ordinals
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-21 18:25:23 +01:00
Rich Salz
8b8d963db5 Add BIO_get_new_index()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
bb1c5bbe6b make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00
Dr. Stephen Henson
2729f62794 rename ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00
Dr. Stephen Henson
d5d9636a91 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 15:46:19 +01:00
Dr. Stephen Henson
45dcb5cf3d make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Richard Levitte
a3a0b41057 Simplify indentation of DECLARE_ and IMPLEMENT_ lines
There's no reason we should enumerate every type of IMPLEMENT_ and
DECLARE_ line (and forget the ones we add a little now and then).
They all start with the same first word, let's just take'm all.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 14:40:37 +02:00
Emilia Kasper
a230b26e09 Indent ssl/
Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 14:02:29 +02:00
Dr. Stephen Henson
67a014bfda make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:44 +01:00
Remi Gacogne
fddfc0afc8 Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
 * SSL_SESSION_get0_id_context()
 * SSL_CTX_get_tlsext_status_cb()
 * SSL_CTX_get_tlsext_status_arg()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:38:20 +01:00
Dr. Stephen Henson
34d4d74575 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:36 +01:00
Richard Levitte
1940aa6e6b Remove duplicate ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 14:16:53 +02:00
Matt Caswell
a2a0c86bb0 Add some SSLv2 ClientHello tests
Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Rob Percival
c35d339d98 Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:57:00 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Dr. Stephen Henson
c06f2aaa08 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Rich Salz
e928132343 GH1446: Add SSL_SESSION_get0_cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
2016-08-12 15:23:48 -04:00
Rob Percival
a6f5d614c5 Mkae CT_log_new_from_base64 always return 0 on failure
In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)
2016-08-05 21:34:59 -04:00
Richard Levitte
850864d81c openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:35:32 +02:00
Richard Levitte
72c7658118 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00
Richard Levitte
74656a82e6 util/mkdef.pl: mark certain PEM function declarations with STDIO
The macros that produce PEM_write_FOO() andd PEM_read_FOO() only do so
unless 'no-stdio' has been configured.  mkdef.pl should mimic that by
marking those functions with the "STDIO" algo.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00
Rich Salz
684bc13e58 Make update, etc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-05 11:19:33 -04:00
Richard Levitte
10d2ec0cbe indent: add a couple of types we use in apps
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-05 12:19:08 +02:00
Richard Levitte
931b160a24 openssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments
We mark small comments with a dash immediately following the starting /*.
However, *INDENT-(ON|OFF)* comments shouldn't be treated that way, or
indent will ignore them if we do.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 12:19:08 +02:00
Rich Salz
412c8507ee Remove "lockit" from internal error-hash function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
2016-08-04 14:23:08 -04:00
Dr. Stephen Henson
10b0b817a0 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:37:42 +01:00
Matt Caswell
65e2d67254 Simplify and rename SSL_set_rbio() and SSL_set_wbio()
SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
FdaSilvaYY
9d7bfb14dd Discard BIO_set(BIO* bio) method
Simplify BIO init using OPENSSL_zalloc().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261)
2016-07-25 13:48:32 -04:00
Richard Levitte
fe0169b097 Make it possible for external code to set the certiciate proxy path length
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.

Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:36:39 +02:00
Richard Levitte
3067095e8a Add X509_STORE lock and unlock functions
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:33:41 +02:00
Richard Levitte
c1b4fa6ded make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:24:43 +02:00
Richard Levitte
1060a50b6d Add getters / setters for the X509_STORE_CTX and X509_STORE functions
We only add setters for X509_STORE function pointers except for the
verify callback function.  The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
Jakub Zelenka
c1054bb4d2 Add EVP_ENCODE_CTX_copy
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)
2016-07-24 19:23:00 +01:00
Jakub Zelenka
47d96bcc6b Add missing X509_set_proxy_flag num
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1343)
2016-07-24 13:04:03 +01:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Rich Salz
aebb9aac48 RT4593: Add space after comma (doc nits)
Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-19 09:29:53 -04:00
Dr. Stephen Henson
d701504dfe make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-13 14:41:58 +01:00
Viktor Dukhovni
3307000d98 Make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-12 11:10:29 -04:00
Dr. Stephen Henson
4b0907e349 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-11 23:30:04 +01:00
Rich Salz
7304e329bc Update ordinals
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-08 16:19:38 -04:00
Rich Salz
54478ac92a GH1278: Removed error code for alerts
Commit aea145e removed some error codes that are generated
algorithmically: mapping alerts to error texts.  Found by
Andreas Karlsson.  This restores them, and adds two missing ones.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 13:28:33 -04:00
Rich Salz
91da5e7710 Replace all #define's in pod pages.
Function-like macros are replaced with prototypes and a note
that they are implemented as macros.  Constants are just
referenced in-line in the text.

Tweak BIO_TYPE_... documentation.

Also fix RT4592.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 12:55:45 -04:00
Andy Polyakov
f1f5ee17b6 include/openssl: don't include <windows.h> in public headers.
If application uses any of Windows-specific interfaces, make it
application developer's respondibility to include <windows.h>.
Rationale is that <windows.h> is quite "toxic" and is sensitive
to inclusion order (most notably in relation to <winsock2.h>).
It's only natural to give complete control to the application developer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 11:49:44 +02:00
Richard Levitte
85cdc842c8 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-05 23:52:09 +02:00
Matt Caswell
c3fd55d4a6 Add a test for fragmented alerts
The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-27 14:51:03 +01:00
Rich Salz
6f4a6a5cd4 RT4586: Remove RSA_memory_lock; unused, not needed
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-06-27 07:39:53 -04:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-24 13:22:40 +01:00
Sebastian Andrzej Siewior
70a56b9147 utils/mkdir-p: check if dir exists also after mkdir failed
with "make install -j8" it happens very often that two or more make
instances are creating the same directory in parallel. As a result one
instace creates the directory and second mkdir fails because the
directory exists already (but it did not while testing for it earlier).

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1204)
2016-06-23 11:10:29 -04:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:20:37 +02:00
Rich Salz
c952780c25 More doc cleanup
Add missing entries to NAME section
Add SYNOPSIS lines, remove old NAME entries
Update find-doc-nits; better regexp's for parsing SYNOPSIS sections.
Rename a couple of files to have an API name.
Remove RSA_private_decrypt; it was duplicate content
Update for recent doc additions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-21 07:03:34 -04:00
Rich Salz
d3b64b89ed Fix GCC build; make update; fix number re-use
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 15:48:03 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
2016-06-16 13:33:47 -04:00
Matt Caswell
b02b574317 Skip the TLSProxy tests if environmental problems are an issue
On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). These aren't OpenSSL
problems so we shouldn't treat them as test failures. Just visibly
indicate that we are skipping the test.

We only skip the first time we attempt to start up the proxy. If that works
then everything else should do...if not we should probably investigate and
so report as a failure.

This also removes test_networking...there is a danger that this turns into
a test of user's environmental set up rather than OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 16:32:14 +01:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Matt Caswell
5ec84dd75f make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 00:16:04 +01:00
Rich Salz
6670d55a84 Make a2i_ipadd an internal function
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 17:15:42 -04:00
Rich Salz
8162f6f58a More API docs; small changes.
Also fix typo noted on GitHub.
Suppport typedef and #define to find-doc-nits

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 17:03:30 -04:00
Rich Salz
e417070c9f Add some accessor API's
GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 11:37:06 -04:00
Rich Salz
4692340e31 Unify d2i/i2d documentation.
Make d2i_X509 a generic d2i/i2d manpage.
Pull common stuff out of other d2i/i2d docs.
Update find-doc-nits to know about "generic" manpages.
Cleanup some overlap.
Fix up a bunch of other references.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 15:49:08 -04:00
Rich Salz
fbba5d113f Nit about pod filenames
The asdf.pod filename must have asdf in its NAME section.
also check for names existing as a different filename (via Levitte)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-06-07 14:46:33 -04:00
Rich Salz
35ea640a01 Add script to find undocumented API
Also tweaks to find-doc-nits, including name/synopsis checking.
Ironically, it also reports on duplicated doc names :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-07 10:05:06 -04:00
Rich Salz
bb9ad09e8e More doc nits
Update script to look for period or POD markup in NAME section, and
fix them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-06 10:09:39 -04:00
Rich Salz
843666ffdc More utils cleanup.
Remove some unused files.
Rename doc-nit-check to be consistent.
Add check for multiple #include in synopsis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 07:06:31 -04:00
Richard Levitte
ee2c1a253d perl: refactor .pod name section extractor into its own module
Adapt util/process_docs.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-02 15:38:16 +02:00
Rich Salz
ade82832cd Remove NOEXIST entries
checkpoint before release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 13:08:03 -04:00
Rich Salz
b8a9af6881 Remove/rename some old files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:29:57 -04:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Matt Caswell
befe31cd38 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 23:03:54 +01:00
Richard Levitte
23049aa52e perl: use the 'if' module to conditionally load File::Glob
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work.  Using the 'if' module to do so does work.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-30 11:55:46 +02:00
Joey Yandle
6378809b22 set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Andy Polyakov
9785555616 Configure,test/recipes: "pin" glob to File::Glob::glob.
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.

[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:35 +02:00
Richard Levitte
da32e04b5e make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00
Richard Levitte
04b7805a86 perl glob: make sure to put quotes around the pattern, in case of spaces
RT#4486

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 17:41:32 +02:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
Dr. Stephen Henson
60980390b1 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 16:41:35 +01:00
FdaSilvaYY
e5a5e3f3db Add checks on CRYPTO_set_ex_data return value
Fix possible leak in danetest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:43:31 +01:00
Richard Levitte
398c1b773a util/process_docs.pl: Add more debugging output
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 00:45:44 +02:00
Richard Levitte
c4d598939a Improve the checking of pod sections
(i.e. remove some bugs)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 00:45:44 +02:00
Richard Levitte
e4860d531d process_docs.pl: When starting to read a new head1 section, remove previous text
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 00:45:44 +02:00
Richard Levitte
169a8e391e Have doc-nit-check look for mandatory manual sections
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-22 01:26:45 +02:00
Rich Salz
6aa36e8e5a Add OpenSSL copyright to .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-21 08:23:39 -04:00
Rich Salz
05ea606a25 Doc nits cleanup, round 2
Fix some code examples, trailing whitespace
Fix TBA sections in verify, remove others.
Remove empty sections
Use Mixed Case not ALL CAPS in head2
Enhance doc-nits script.
Remove extra =cut line

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-20 20:54:00 -04:00
Rich Salz
739a1eb196 Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-20 10:48:29 -04:00
Rich Salz
1bc74519a2 Fix nits in pod files.
Add doc-nit-check to help find future issues.
Make podchecker be almost clean.
Remove trailing whitespace.
Tab expansion

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-20 08:11:46 -04:00
Richard Levitte
2bc57c88d8 Documentation processor in perl, for platforms that don't have sh
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-19 23:51:44 +02:00
Richard Levitte
291a4d91eb Small typo, a tab where there should have been a space
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:15:30 +02:00
Richard Levitte
97665e1c4f Fix util/mkerr.pl
- Adjust mkerr.pl to produce the line length we used for source
  reformating.

- Have mkerr.pl keep track of preprocessor directive indentation

  Among others, do not spuriously throw away a #endif at the end of
  header files.

- Make sure mkerr.pl specifies any header inclusion correctly

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:03:11 +02:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
6ddbb4cd92 X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 16:06:09 -04:00
Matt Caswell
6ae5452481 Workaround an IO::Socket::IP bug
Workaround an apparent IO:Socket::IP bug where a seemingly valid
server socket is being returned even though a valid connection does not
exist. This causes the tests to intermittently hang. We additionally check
that the peerport looks ok to verify that the returned socket looks usable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 17:19:55 +01:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Alessandro Ghedini
6546e9b221 Add SSL_client_version() getter function
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 15:58:52 +01:00
Viktor Dukhovni
7ad5fb6267 Fix TLSProxy race by adding missing eval
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-11 18:43:07 -04:00
Richard Levitte
19252eef3e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-11 22:12:57 +02:00
Andy Polyakov
bfcdd4d098 crypto/des: remove obsolete functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-10 20:32:20 +02:00
Andy Polyakov
6d8b3dce7c util/mkdef.pl: omit ordinals from Windows DLLs.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-10 20:20:21 +02:00
Rich Salz
e8b7c0c472 Tweak generated warning lines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-05 11:06:04 -04:00
Richard Levitte
1697a81baf Allow spaces in filenames when using perl's glob
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-04 09:35:00 +02:00
Rich Salz
d244dd559d Handle multi-line "written by/for" comments.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 08:27:39 -04:00
Richard Levitte
e428f59514 Skip blank lines if old copyright comment was removed, and only then
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-01 14:16:32 +02:00
Matt Caswell
7cafbb4bd3 Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-29 23:13:58 +01:00
Christian Heimes
f0c58c3212 Add getters for X509_STORE and X509_OBJECT members
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:

int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-28 20:02:27 +02:00
Viktor Dukhovni
d5553b4cb5 make update
Recycling an unused slot.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-28 13:50:13 -04:00
Kazuki Yamaguchi
8b12d59bf7 Add ex_data functions for X509_STORE
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.

X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-26 14:16:12 -04:00
Viktor Dukhovni
5a6694e303 make update
And recycle some disused slots.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-25 15:26:43 -04:00
Matt Caswell
54c010ab80 Fix no-dsa on Windows/VMS
The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
b04e5c12c2 Fix no-cmac on Windows/VMS
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:39:30 +01:00
Matt Caswell
5951e840d9 Fix no-ocsp on Windows (and probably VMS)
The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 17:03:02 +01:00
Rich Salz
c2f312f5c2 Copyright consolidation script
With Richard Levitte.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 14:47:18 -04:00
Matt Caswell
00deac3ef6 Fix no-ui on Windows
Ensure public functions have appropriate guards in header files.

GH Issue 899

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 16:49:27 +01:00
Rich Salz
ac3d0e1377 Copyright consolidation; .pm and Configure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:40:05 -04:00
Matt Caswell
f863ad0c59 Fix no-sock on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
9fb80e3ceb Fix no-dgram on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_DGRAM

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:45 +01:00
Rich Salz
e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:45:40 -04:00
Rich Salz
14f051a0ae Make string_to_hex/hex_to_string public
Give the API new names, document it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 09:02:11 -04:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Richard Levitte
4e727a8d87 Remove declaration of function that isn't implemented
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-17 23:22:29 +02:00
Dr. Stephen Henson
4dba585f79 Add X509_STORE_CTX_set0_untrusted function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-16 18:26:19 +01:00
Rich Salz
f0e0fd51fd Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-15 13:21:43 -04:00
Lyon Chen
4b6b848785 Add SSL_SESSION_get0_hostname()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-14 08:41:29 -04:00
Matt Caswell
a50ad1daaa make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:28:17 +01:00
Dr. Stephen Henson
37d0764d5b make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:08:27 +01:00
Richard Levitte
72d3bcd144 Cleanup libcrypto.num and make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:23:47 +02:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
20c56358e6 Fix symbols missing from shared build
libssl needs to have access to some internal libcrypto symbols.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:58:59 +01:00
Matt Caswell
e6216feb4c make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Kazuki Yamaguchi
9d5ac9532c Add SSL_CTX_get_ciphers()
Add an accessor for SSL_CTX.

Since libssl was made opaque, there is no way for users to access the
cipher_list, while users can set the cipher_list by
SSL_CTX_set_cipher_list().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-11 09:59:04 -04:00
Matt Caswell
cf430d0593 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
32bf92f9c8 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Rich Salz
506e28b3e3 Add OCSP to mkdef
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-08 08:02:41 -04:00
Viktor Dukhovni
a4ccf06808 make update
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
Richard Levitte
c014a7cb82 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:21 +02:00
FdaSilvaYY
97458daade Add X509_REQ_get0_pubkey method
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 20:38:11 +02:00