Commit Graph

16234 Commits

Author SHA1 Message Date
Todd Short
b6ca88ab9d Fixup SSL EX_DATA index
The SSL, SSL_CTX, and SSL_SESSION indices were being referenced
incorrectly in the "_get_ex_new_index" functions.

Remove the STORE EX_DATA index; that functionality is gone.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 16:22:08 -04:00
Richard Levitte
0a2629b38e Config: The cflags in vms-alpha and vms-ia64 have to be added
"vms-generic" already has some values, which were discarded.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 22:06:07 +02:00
Richard Levitte
5fe5bc3094 VMS: Disable the warning MAYLOSEDATA3
The warning MAYLOSEDATA3 is one you will always get when compiling
source that calculates the difference between two pointers with
/POINTER_SIZE=64.

The reason is quite simple, ptrdiff_t is always a 32-bit integer
regardless of pointer size, so the result of 'ptr1 - ptr2' can
potentially be larger than a 32-bit integer.  The compiler simply
warns you of that possibility.

However, we only use pointer difference within objects and strings,
all of them well within 2^32 bytes in size, so that operation is
harmless with our source, and we can therefore safely turn off that
warning.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 20:27:22 +02:00
Richard Levitte
85112d53c5 VMS: Harmonize the paths in openssl_startup.com with what's really installed
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 20:26:43 +02:00
Richard Levitte
40ea24b081 VMS: Display the correct path to openssl_startup.com and openssl-utils.com
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 20:26:43 +02:00
David Benjamin
fe56d8e8a3 RT 4393: Call EC_GROUP_order_bits in priv2opt.
The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-29 20:03:48 +02:00
Matt Caswell
eb47aae5d3 Add a CHANGES entry for opaque BIOs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
85556b4dec Add documentation for BIO functions
Add the documentation for new BIO functions added as a result of
making BIO and BIO_METHOD opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
1737552558 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
f334461fac Add functions for creating BIO_METHODs
BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
FdaSilvaYY
1a50b8139a Fix a big leak when using stack-allocated BIO items.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-29 17:40:54 +01:00
Andy Polyakov
bbe9769ba6 poly1305/asm/poly1305-x86.pl: don't loose 59-th bit.
RT#4439

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-29 09:55:43 +02:00
Andy Polyakov
0f3ab9a34c crypto/seed: add small-footprint path.
The space saving is >5x on x86_64 at ~40% performance penalty.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 09:53:51 +02:00
Andy Polyakov
fdf6f73e5e Windows build system: fix 32-bit appveyor build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 09:51:40 +02:00
Andy Polyakov
6ddb62a575 Build system: VC-WIN64I fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 09:48:25 +02:00
Kurt Roeckx
c5c7700c9a When using no-dtls create OPENSSL_NO_DTLS
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-28 01:12:43 +02:00
Kurt Roeckx
b7dffce017 Add session reuse tests.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-27 23:59:04 +02:00
David Benjamin
1ed6587154 Resolve DTLS cookie and version before session resumption.
Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks
against 1.2.

Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

RT: #4392, MR: #2452
2016-03-27 23:59:00 +02:00
Kurt Roeckx
71ccf961af It's called SSL_session_reused(), not SSL_session_resumed()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-27 23:58:55 +02:00
Fedor Indutny
ccae4a1582 Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

GH: #852, MR: #2452
2016-03-27 23:58:50 +02:00
Richard Levitte
ce84456ddf Math::BigInt does floored divs, BN_div does truncated div, compensate
According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1.  OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.

We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.

Closes RT#4485

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-27 21:39:23 +02:00
Jeffrey Walton
c828cd7cd0 RT4476: Fix some cast-alignment warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-25 15:43:54 -04:00
Richard Levitte
7793e17440 VMS: add a note about DECC$* logical names
These logical names are used to make the C RTL change certain
behaviors, sometimes to make it act more like Unix.  While they can
make life easier in some cases, they can be disruptive as well.  When
building and testing OpenSSL, the latter is the case, so we ask people
to avoid using them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-25 09:05:46 +01:00
Rich Salz
9c1215a3c1 Revert part of applink/Borland commit
This allows developer to glue DLL built with VC into their application
compiled with Borland C.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-24 17:06:48 -04:00
Rich Salz
c3ddb26331 More Borland removal.
And thanks to Miod Vallat for the nudge about ERR_PACK :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-24 14:05:48 -04:00
Richard Levitte
a5bb160c8c VMS: $? might be huge enough to break line length limit, so don't print it
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
b6fe86cdea VMS: install openssl.conf in OPENSSLDIR, not INSTALLTOP
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
b3514b4772 VMS: have mms ignore creation of already existing dirs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
6bd1ef90b2 VMS: Rethink the staging directory
On Windows and Unix, the staging directory $(DESTDIR) can simply be
prepended to the installation directory.  An attempt was made to do
something similar on VMS, but that ended up being a half measure
solution.  Instead of that, simply use the staging directory as a
prefix under which [.OPENSSL-INSTALL] and [.OPENSSL-COMMON] will hold
the two directory trees that should end up in the directories
indicated by --prefix and --openssldir, and finish the installation
with appropriate instructions on what to do next.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
af854d05a3 Misc fixes in VMS/openssl_startup.com.in
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
667c6bfe18 Adjust some default installation directories
- on VMS, SYS$COMMON:[SSL] is already used as installation directory
  by HP SSL, so we make our default for --openssldir
  SYS$COMMON:[OPENSSL-COMMON] instead.
- Updated notes on default installation dirs fir Unix and Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-24 00:36:03 +01:00
Richard Levitte
828d04afe4 VMS: update the properties of symbol search
In this OpenSSL version, we deliver engines with lower case symbol
names.  The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 19:58:12 +01:00
Richard Levitte
b54e35f6cd VMS: compensate for command line length limits with a logical name
Sometimes, you might end up with a rather long compile line due to
excessively long /INCLUDE directories.  Compensate for it by making
a temporary logical name with them and using said logical name as
/INCLUDE argument.

A note was added to NOTES.VMS regarding these limitations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 19:58:12 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Rich Salz
3d8b2ec42b Remove several unused undocumented functions.
Removed the following:
    DSO_bind_var, DSO_bind_var, DSO_get_default_method,
    DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
    DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
    DSO_set_name_converter, DSO_set_name_converter

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 08:34:33 -04:00
FdaSilvaYY
de70582410 Fix error code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 08:15:55 -04:00
Richard Levitte
ac722c9af0 Small fixups in DSO
- VMS configs had no dso_scheme
- Incorrect return of NULL method.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-23 08:40:56 +01:00
Rob Percival
7def9fae39 Removed unused fields of CT_POLICY_EVAL_CTX
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 21:58:04 -04:00
Alex Gaynor
b9b6a7e5dc Correct another batch of typos
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 21:57:26 -04:00
Kurt Roeckx
88a9614ba3 Check algo_strength using SSL_STRONG_MASK
algo_strength contains 2 parts that need to be checked by their own.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2082
2016-03-22 22:00:12 +01:00
Dr. Stephen Henson
d577a69a0f remove unused references field
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 19:42:19 +00:00
Rich Salz
38186bfd4e Have only one DSO_METHOD_openssl
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:35:03 -04:00
Rich Salz
73decf5975 Make DSO opaque.
This was really easy.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:16:54 -04:00
Dr. Stephen Henson
29fa0a1af4 Make X509_PUBKEY opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
Dr. Stephen Henson
91829e456c move x_pubkey.c to crypto/x509
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
Ben Laurie
b8ce6dda36 Fix enable-zlib no-comp.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:38 +00:00
Ben Laurie
9730043fac Fix no-rc4.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:24 +00:00
Ben Laurie
f100b0317e Move declaration of i into blocks where it is used.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:06 +00:00
Ben Laurie
3fd4d211ae sctp requires dgram.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:14:28 +00:00