Some configuration targets pretend to be for a specific compiler, but
are more widely usable, and should reflect that.
[work in progress]
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
These options were coded in util/perl/OpenSSL/config.pm, but that got
removed when the OpenSSL::config::main() function was removed. We're
not putting them back, but in 'Configure'.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
There's no reason to have two different tables, when we can simply
detect if the tuple elements are code or scalar. Furthermore, order
is important in some cases, and that order is harder not to say
impossible when maintaining two tables.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
The strings we expand contain other variable references than just
${MACHINE}. Instead of having to remember what to expand, we simply
evaluate the string as a, well, string.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
Now that Configure called config.pm's functions directly, the 'config'
script doesn't have much else to do than to pass arguments.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
map_guess() is now table driven, just like get_system().
Additionally, it now takes a config hash table and returns one of its
own. This way, 'Configure' can pass whatever it has already found to
OpenSSL::config::get_platform(), and easily merge the returned hash
table into its %config.
This also gets rid of variables that we no longer need. That includes
$PERL and all the $__CNF_ environment variables.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
Previously, ./config would check if "$target-$CC", then "$target"
exists and choose the one that does. This is now moved to Configure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
determine_compiler_settings() has been refactored to:
- find a compiler if none has been given by the user
- allow platform specific overrides, but only when the user didn't
already specify a desired compiler
- figure out the compiler vendor and version, making sure that the
version number is deterministic
- gather platform specific compiler information
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
POSIX::uname() has the advantage to work on non-POSIX systems as well,
such as the Windows command prompt and VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
This is much better handled in Configure.
[There's another PR moving this to Configure, so this commit should
eventually disappear because rebase]
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
- Use $^X; to find perl.
- Big re-ordering: Put all variables at the top, move most inline code into
functions. The heart of the script now basically just calls
functions to do its work.
- Unify warning text, add -w option
- Don't use needless (subshells)
- Ensure Windows gets a VC-xxx option
- Make config a perl module
- Top-level "config" command-line is a dummy that just calls the module.
Added module stuff so that it can be called from Configure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
Even if a fibre changes the default libctx - or the main application code
changes it, the "current" default libctx should remain consistent.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
Since the default libctx is now stored in a thread local variable
swapping in and out of fibres in the ASYNC code could mean that the
"current" default libctx can get confused. Therefore we ensure that
everytime we call async_fibre_swapcontext() we always restore the default
libctx to whatever it was the last time the fibre ran. Similarly when
async_fibre_swapcontext() returns we need to restore the current thread's
default libctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
Applications may want to set their own default library context,
possibly per-thread. OPENSSL_CTX_set0_default() does that.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
We have a notational convention in INSTALL.md, which says this among
others:
> Any line starting with a dollar sign is a command line.
>
> $ command
>
> The dollar sign indicates the shell prompt and is not to be entered as
> part of the command.
That notation exists to make it clear what is a command line and
what's output from that command line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12257)
BASE_unix sets ex_libs to `-lz` based the on zlib linking.
AIX platforms overwrote this instead of adding to it.
CLA: Trivial
Signed-off-by: Attila Szakacs <attila.szakacs@oneidentity.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12271)
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
There currently do not support 'ec_param_enc:explicit' with provider
side key generation. Reflect that by encoding the expected failure
with a Test::More TODO section for those particular tests.
Because the tests in this recipe are data driven, we implement this
mechanism with two functions, one for stuff that's supported and one
for stuff that isn't.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12080)
This commit adds a new recipe to test EC key generation with the
`genpkey` CLI app.
For each built-in curve, it tests key generation with text output, in
PEM and in DER format, using `explicit` and `named_curve` for parameters
encoding.
The list of built-in curves is static at the moment, as this allows to
differentiate between prime curves and binary curves to avoid failing
when ec2m is disabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12080)
HMAC() and HMAC_Update() take size_t for 'n' and 'len' respectively.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12264)
CID 1463570: (USE_AFTER_FREE)
CID 1463570: (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.
This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.
- OSSL_core_ -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_
For operations and their function dispatch tables, the following convention
is used:
Type | Name (evp_generic_fetch(3)) |
---------------------|-----------------------------------|
operation | OSSL_OP_FOO |
function id | OSSL_FUNC_FOO_FUNCTION_NAME |
function "name" | OSSL_FUNC_foo_function_name |
function typedef | OSSL_FUNC_foo_function_name_fn |
function ptr getter | OSSL_FUNC_foo_function_name |
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
NULL terminate the built in "help" argv array to avoid
reading beyond the end.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12258)
A few miscellaneous man page typos reported by Hal Murray on
openssl-users.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12185)
THe EVP_RAND wrapper works with the underlying RNG to produce the amount of
random data requested even if it is larger than the largest single generation
the source allows. This test verified that this works.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Move the three different DRBGs to the provider.
As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures. Only these smaller structures are
securely allocated. This saves quite a bit of secure memory:
+-------------------------------+
| DRBG | Bytes | Secure |
+--------------+-------+--------+
| HASH | 376 | 512 |
| HMAC | 168 | 256 |
| CTR | 176 | 256 |
| Common (new) | 320 | 0 |
| Common (old) | 592 | 1024 |
+--------------+-------+--------+
Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Also separate out the TSC and RDRAND based sources into their own file in the
seeding subdirectory.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
POSIX mandates that time_t is a signed integer but it doesn't specify the
lenght. Having wrappers lets uses ignore this.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
The test RNG can provide pre-canned entropy and nonces for testing other
algorithms.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
