We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
can cause compilation failures (even if the app does not otherwise need
to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
to include additional macro calls in the source code for all stacks that
they need to use - which is an API break. This changes avoids that
necessity.
- It is not possible to write code using stacks that works in both a
no-deprecated and a normal build of OpenSSL. See issue #12707.
Fixes#12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute. However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.
The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.
However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done. That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/macros.h>
Or simply add the following prior to any other openssl inclusion:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library. Internal test programs are excempt of this rule, though.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
The added benefit is that the result becomes much simple, and easier to
digest for those that still rely on the pre-3.0 opensslv.h contents.
Fixes#10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
For files GENERATEd from templates (.in files), any perl module (.pm
file) that the file depends on will automatically be used.
This means that these two lines:
GENERATE[foo]=foo.in
DEPEND[foo]=whatever.pm
will emit this command in a Makefile (or corresponding):
foo: foo.in whatever.pm configdata.pm
$(PERL) -I. -Ipathto -Mwhatever -Mconfigdata $(SRCDIR)/util/dofile.pl \\
foo.in > foo
Note that configdata.pm is automatically added, since util/dofile.pl
itself depends on it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10162)
Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:
While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.
To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:
#include "internal/file.h" # located in 'include/internal'
#include "internal/file_int.h" # located in 'crypto/include/internal'
This commit moves the private crypto headers from
'crypto/include/internal' to 'include/crypto'
As a result, the include directives become unambiguous
#include "internal/file.h" # located in 'include/internal'
#include "crypto/file.h" # located in 'include/crypto'
hence the superfluous '_int.h' suffixes can be stripped.
The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
Now that we have the names of libraries on different systems
established through platform modules, we can remove the old structure
to establish the same thing, i.e. $unified_info{sharednames} and
$unified_info{rename}. That means removing support for the RENAME and
SHARED_NAME keywords in build.info as well.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
This manual is a start to describe macros that users can use to affect
what symbols are exported by the public header files.
Because the macro OPENSSL_API_COMPAT has a default that's affected by
configuration choices, we must make it a generated manual.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
We kept a number of arrays of directory names to keep track of exactly
which directories to look for build.info. Some of these had the extra
function to hold the directories to actually build.
With the added SUBDIRS keyword, these arrays are no longer needed.
The logic for skipping certain directories needs to be kept, though.
That is now very much simplified, and is made opportunistic.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.
Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things. What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.
"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms. The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.
Note that this adds extra meaning to the value of the shared_target
attribute.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)
$(SHLIB_MAJOR).$(SHLIB_MINOR) is really a synonym for
$(SHLIB_VERSION_NUMBER), and is therefore an added complexity,
so better to use $(SHLIB_VERSION_NUMBER) directly. SHLIB_MAJOR and
SHLIB_MINOR are now unused, but are kept around purely as information
in case someone relies on their existence.
At the same time, add support for custom shared library extensions
with the three new Makefile variables SHLIB_EXT, SHLIB_EXT_SIMPLE and
SHLIB_EXT_IMPORT. By default, they hold the variants of shared
library extensions we support. On mingw and cygwin, SHLIB_EXT_IMPORT
is defined; on all other Unix platforms, it's empty.
An example to get shared libraries with a slightly different SOVER name:
$ make SHLIB_EXT='.$(SHLIB_VERSION_NUMBER).so'
Fixes#3902
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3964)
Now that INCLUDE considers both the source and build trees, no need
for the rel2abs perl fragment hacks any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
