VMS being a record oriented operating system, it's uncertain how the
'pipe' passes binary data from one process to another. Experience
shows that we get in trouble, and it's probably due to the pipe in
itself being opened in text mode (variable length records).
It's safer to pass data via an intermediary file instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS uses a variant of openssl.cnf named openssl-vms.cnf.
There's a Perl on VMS mystery where a open pipe will not SIGPIPE when
the child process exits, which means that a loop sending "y\n" to it
will never stop. Adding a counter helps fix this (set to 10, we know
that none of the CA.pl commands will require more).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Well, I'm not actually changing time_t, just changing how time_t
valued opt values are converted from string to time_t.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
They all stop including evp_locl.h, so we also take care of their
adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier
commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h. This will benefit our builtin EVP_CIPHERs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
EVP_CIPHER_CTX_flags was returning the flags of its associated
EVP_CIPHER. However, EVP_CIPHER_CTX has flags of its own, so this
function is quite confusing and therefore error prone.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h. They will be handled
in a separate commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
New functions:
- EVP_CIPHER_CTX_encrypting()
- EVP_CIPHER_CTX_iv()
- EVP_CIPHER_CTX_iv_noconst()
- EVP_CIPHER_CTX_original_iv()
- EVP_CIPHER_CTX_buf_noconst()
- EVP_CIPHER_CTX_num()
- EVP_CIPHER_CTX_set_num()
- EVP_CIPHER_CTX_cipher_data()
- EVP_CIPHER_CTX_new_cipher_data()
Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them (that would be the case when
they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Following the method used for EVP_MD_CTX and HMAC_CTX,
EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together
into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept
as an alias.
EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is
therefore removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Implement range-checking in all counts in apps. Turns out only a couple
of cases were missing. And make the range-checking code more strict.
Replace almost all opt_ulong() calls with opt_long()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
It was assumed that the syntax FOO/Foo=PROCEDURE would create both an
upper case and mixed case symbol in the GST. Not so, it requires
having both FOO/Foo=PROCEDURE (to create the upper case alias) and
Foo=PROCEDURE (to create the mixed case slot).
We make sure that any symbol always occupies two slots (even those
that don't exist) by filling up with SPARE when necessary. That will
assure that any changes will still have the same symbols in the same
slots no matter what (save a complete rewrite of the ordinals files).
Reviewed-by: Rich Salz <rsalz@openssl.org>
It was assumed that a dummy with the type PRIVATE_PROCEDURE would
simply occupy a slot but otherwise ignore the symbol. Not so, but
there is SPARE for that purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Make LHASH_OF use static inline functions.
Add new lh_get_down_load and lh_set_down_load functions and their
typesafe inline equivalents.
Make lh_error a function instead of a macro.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Since danetest is to test DANE rather than specific algorithms, it's
acceptable to require EC when testing it.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
These now take and return unsigned long, and get is constified.
Updated related documentation and util/ssleay.num
Reviewed-by: Matt Caswell <matt@openssl.org>
We use $default_depflags to check if a 'make depend' is needed after
configuring, so it needs to be kept up to date.
Reviewed-by: Matt Caswell <matt@openssl.org>
Commit 189ae368d9 (RT ticket 3352) provided the capability to output
session key data in NSS format. The big apps cleanup broke that capability.
This commit restores it.
RT#4201
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>