Move some OpenSSL perl utility functions to OpenSSL::Util

quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.

configdata.pm.in's out_item() i

Move some OpenSSL perl utility functions to OpenSSL::Util

quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.

configdata.pm.in's out_item() is also more widely useful and is
therefore moved to OpenSSL::Util as well, and renamed to dump_data().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)

show more ...

Configure/Makefile: fix the `-macopt` argument of the fipsinstall command

The FIPS hmac key is provided as a hexadezimal string, which needs to
be be prefixed with `hexkey:`, not `key:`.

Configure/Makefile: fix the `-macopt` argument of the fipsinstall command

The FIPS hmac key is provided as a hexadezimal string, which needs to
be be prefixed with `hexkey:`, not `key:`.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

show more ...

Configuration: rework how dependency making is handled

Previously, we had dependency making pretty much hard coded in the
build file templates, with a bit of an exception for Unix family

Configuration: rework how dependency making is handled

Previously, we had dependency making pretty much hard coded in the
build file templates, with a bit of an exception for Unix family
platforms, where we had different cases depending on what dependency
making program was found.

With the Embarcadero C++ builder, a separate scheme appeared, with a
different logic.

This change merges the two, and introduces two config target
attributes:

makedepcmd The program to use, where this is relevant.
This replaces the earlier configuration
attribute 'makedepprog'.
makedep_scheme This is a keyword that can be used by build
files templates to produce different sorts of
commands, but most importantly, to pass as
argument to util/add-depend.pl, which uses
this keyword as a "producer" for the
dependency lines.

If the config target doesn't define the 'makedep_scheme' attribute,
Configure tries to figure it out by looking for GCC compatible
compilers or for the 'makedepend' command.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15006)

show more ...

nits: fix a few typo in template code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(

nits: fix a few typo in template code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14806)

show more ...

Fix the perl code to get FIPSMODULENAME

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)

build.info: Make it possible to use compiled programs as generators

Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program tha

build.info: Make it possible to use compiled programs as generators

Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program that we build.

This refactors the generatesrc code in all the build file templates to
replace $generator and $generator_incs with $gen0, $gen_args and $gen_incs,
which makes it easier and more consistent to manipulate different bits
of the generator command, and also keeps the variable names consistent
while not overly long.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)

show more ...

build.info: Add the possibility to add dependencies on raw targets

We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:

build.info: Add the possibility to add dependencies on raw targets

We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:

DEPEND[|tests|]=fipsmodule.cnf

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)

show more ...

VMS documentation fixes

This mostly clarifies details.

Fixes #13789

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/138

VMS documentation fixes

This mostly clarifies details.

Fixes #13789

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)

show more ...

Configurations/descrip.mms.tmpl: avoid enormous PIPE commands

DCL has a total command line limitation that's too easily broken by
them.

We solve them by creating separate messag

Configurations/descrip.mms.tmpl: avoid enormous PIPE commands

DCL has a total command line limitation that's too easily broken by
them.

We solve them by creating separate message scripts and using them.

Fixes #13789

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)

show more ...

descrip.mms.tmpl: Add a target to install the FIPS module config

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://g

descrip.mms.tmpl: Add a target to install the FIPS module config

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)

show more ...

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)

show more ...

Build files: add module installation targets

We only installed engines, now we also install other modules.

Fixes #11559

Reviewed-by: Matt Caswell <matt@openssl.org>
(Me

Build files: add module installation targets

We only installed engines, now we also install other modules.

Fixes #11559

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11566)

show more ...

Build: Generate apps/progs.c and apps/progs.h in build time

util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why

Build: Generate apps/progs.c and apps/progs.h in build time

util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why
stop there? We might as well generate apps/progs.c and apps/progs.h
when building.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)

show more ...

Build file templates: don't set OPENSSL_{ENGINES,MODULES}

Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment var

Build file templates: don't set OPENSSL_{ENGINES,MODULES}

Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)

show more ...

Use a wrapper for pod2html

Remove unused util/process_docs.pl

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Use a wrapper for pod2html

Remove unused util/process_docs.pl

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)

show more ...

TEST: Create test specific output directories

We had all tests run with test/test-runs/ as working directory, and
tests cleaned up after themselves... which is well and good, until

TEST: Create test specific output directories

We had all tests run with test/test-runs/ as working directory, and
tests cleaned up after themselves... which is well and good, until
you want to have a look at what went wrong when a complex test fails,
and you have to recreate everything it does manually.

To remedy this, we have OpenSSL::Test create the result directory
dynamically (and cleaning it up first if it's already there) and let
the test recipe have that as working directory.

Test recipes are now encouraged to name their diverse output files
uniquely, and not to clean them up, to allow a developer to have a
look at the files that were produced.

With continuous integration that allows this, the result directories
could also be archived and be left as a build artifact.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)

show more ...

Build file templates: Use explicit files instead of $< or $? for pods

When generating html or manpages from POD files, we used $< or $? to
get the file name to process. It turns out, th

Build file templates: Use explicit files instead of $< or $? for pods

When generating html or manpages from POD files, we used $< or $? to
get the file name to process. It turns out, though, that some make
implementations only define $< with implicit rules, so its expansion
remains empty in explicit rules. $? is a fine replacement, but only
as long as we have one dependency, so it may cause problems in the
future.

The final solution seems to be to use explicit POD file names
instead. That leaves no doubts.

Fixes #10817

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10849)

show more ...

Deprecate most of debug-memory

Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neu

Deprecate most of debug-memory

Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains. OpenSSL recommends using
the compiler's leak-detection instead.

The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the
above are now deprecated.

Merge (now really small) mem_dbg.c into mem.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)

show more ...

Adapt *.tmpl to generate docs at build time

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)

Building: Add modules with DEPENDs to GENERATEd files

For files GENERATEd from templates (.in files), any perl module (.pm
file) that the file depends on will automatically be used.

Building: Add modules with DEPENDs to GENERATEd files

For files GENERATEd from templates (.in files), any perl module (.pm
file) that the file depends on will automatically be used.

This means that these two lines:

GENERATE[foo]=foo.in
DEPEND[foo]=whatever.pm

will emit this command in a Makefile (or corresponding):

foo: foo.in whatever.pm configdata.pm
$(PERL) -I. -Ipathto -Mwhatever -Mconfigdata $(SRCDIR)/util/dofile.pl \\
foo.in > foo

Note that configdata.pm is automatically added, since util/dofile.pl
itself depends on it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10162)

show more ...

Configure: rework build.info grammar and attributes

The build.info grammar's regular expressions were a horrible read.
By assigning certain sub-expressions to variables, we hope to make

Configure: rework build.info grammar and attributes

The build.info grammar's regular expressions were a horrible read.
By assigning certain sub-expressions to variables, we hope to make
it a little more readable.

Also, the handling of build.info attributes is reworked to use a
common function instead of having copies of the same code.

Finally, the attributes are reorganized to specify if they belong with
programs, libraries, modules or scripts. This will enable more
intricate attribute assignment in changes to come.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)

show more ...

Build files: Unify standard arguments for assembler generating scrips

- Make the last argument always be the output file.
- Make the first argument always be the flavour, even if there i

Build files: Unify standard arguments for assembler generating scrips

- Make the last argument always be the output file.
- Make the first argument always be the flavour, even if there is no
flavour (i.e. it might become the empty string).
- Make the next to last argument to be $(PROCESSOR) if that one has a
value.
- Remaining arguments are C prepropressor arguments.

Perl scripts that should handle this may use the following code:

$output = pop;
$flavour = shift;
if ($ARGV[$#ARGV] eq '386') {
# Do 386 specific things
} else {
# Do whatever else, with the knowledge the @ARGV contains
# C preprocessor arguments
}

Some scripts don't care about anything than $output, and that's ok.
Some scripts do care, but handle it a little differently, and that's
ok too (notably, the x86 scripts call asm_init() with the first and
the last argument after having popped $output).
As long as they handle the argument order right, they are going to
be fine.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9884)

show more ...

Rework test/run_tests.pl to support selective verbosity and TAP copy

This includes a complete rework of how we use TAP::Harness, by adding
a TAP::Parser subclass that allows additional c

Rework test/run_tests.pl to support selective verbosity and TAP copy

This includes a complete rework of how we use TAP::Harness, by adding
a TAP::Parser subclass that allows additional callbacks to be passed
to perform what we need. The TAP::Parser callbacks we add are:

ALL to print all the TAP output to a file (conditionally)
to collect all the TAP output to an array (conditionally)
EOF to print all the collected TAP output (if there is any)
if any subtest failed

To get TAP output to file, the environment variable HARNESS_TAP_COPY
must be defined, with a file name as value. That file will be
overwritten unconditionally.

To get TAP output displayed on failure, the make variable VERBOSE_FAILURE
or VF must be defined with a non-emoty value.

Additionally, the output of test recipe names has been changed to only
display its basename.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9862)

show more ...

testing: set OPENSSL_MODULES to the providers directory by default

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9618)

Windows, VMS: build fixes

The naming of generated assembler wasn't done quite right. There are
assembler files that are generated from a perl script, and there are
those who are not

Windows, VMS: build fixes

The naming of generated assembler wasn't done quite right. There are
assembler files that are generated from a perl script, and there are
those who are not. Only the former must be renamed to the platform
specific asm extension.

Furthermore, we need to make sure that 'OSSL_provider_init' isn't case
sensitive on VMS, to allow for the least surprise for provider
builders.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8529)

show more ...