add kdf.h to mkdef.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>

Workaround for VisualStudio 2015 bug

VisualStudio 2015 has a bug where an internal compiler error was occurring.
By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COM

Workaround for VisualStudio 2015 bug

VisualStudio 2015 has a bug where an internal compiler error was occurring.
By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COMP
until after the ssl3.h include everything seems ok again.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

show more ...

Public API for Certificate Transparency

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix a mkdef.pl warning

mkdef.pl was issuing the following error:

Use of uninitialized value within %tag in numeric eq (==) at
util/mkdef.pl line 560, <IN> line 92

Thi

Fix a mkdef.pl warning

mkdef.pl was issuing the following error:

Use of uninitialized value within %tag in numeric eq (==) at
util/mkdef.pl line 560, <IN> line 92

This was because it was treating a __cplusplus "#ifdef" check as a "tag"
but then skipping over the corresponding "#endif". Therefore after
processing a file it still had "left over" tags from processing the
previous file. It was also getting confused by "#if" checks that didn't
match is pre-defined styles.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Implement new multi-threading API

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Remove outdated DEBUG flags.

Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem use

Remove outdated DEBUG flags.

Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Remove JPAKE

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Don't use libcrypto private headers with mkdef.pl

Three header files from crypto/include/internal were used by
util/mkdef.pl. This should never be needed. Some test program used
th

Don't use libcrypto private headers with mkdef.pl

Three header files from crypto/include/internal were used by
util/mkdef.pl. This should never be needed. Some test program used
these, which made it a valid reason at the time to make the some
internal symbols public in the shared libraries, but that's not the
case any more.

However, to be able to link libssl.so, some symbols found in
include/internal headers still need to be made public.

Reviewed-by: Andy Polyakov <appro@openssl.org>

show more ...

Perl's chop / chomp considered bad, use a regexp instead

Once upon a time, there was chop, which somply chopped off the last
character of $_ or a given variable, and it was used to take

Perl's chop / chomp considered bad, use a regexp instead

Once upon a time, there was chop, which somply chopped off the last
character of $_ or a given variable, and it was used to take off the
EOL character (\n) of strings.

... but then, you had to check for the presence of such character.

So came chomp, the better chop which checks for \n before chopping it
off. And this worked well, as long as Perl made internally sure that
all EOLs were converted to \n.

These days, though, there seems to be a mixture of perls, so lines
from files in the "wrong" environment might have \r\n as EOL, or just
\r (Mac OS, unless I'm misinformed).

So it's time we went for the more generic variant and use s|\R$||, the
better chomp which recognises all kinds of known EOLs and chops them
off.

A few chops were left alone, as they are use as surgical tools to
remove one last slash or one last comma.

NOTE: \R came with perl 5.10.0. It means that from now on, our
scripts will fail with any older version.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

unified build scheme: add a "unified" template for VMS descrip.mms

As part of this, change util/mkdef.pl to stop adding libraries to
depend on in its output. mkdef.pl should ONLY output

unified build scheme: add a "unified" template for VMS descrip.mms

As part of this, change util/mkdef.pl to stop adding libraries to
depend on in its output. mkdef.pl should ONLY output a symbol
vector.

Because symbol names can't be longer than 31 characters, we use the
compiler to shorten those that are longer down to 23 characters plus
an 8 character CRC. To make sure users of our header files will pick
up on that automatically, add the DEC C supported extra headers files
__decc_include_prologue.h and __decc_include_epilogue.h.

Furthermore, we add a config.com, so VMS people can configure just as
comfortably as any Unix folks, thusly:

@config

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

unified build scheme: adjust some scripts

util/mkdef.pl and Makefile.shared needs to know about the source and
the build directories.

Additionally, Makefile.shared needs to know

unified build scheme: adjust some scripts

util/mkdef.pl and Makefile.shared needs to know about the source and
the build directories.

Additionally, Makefile.shared needs to know how to build shared
libraries in a directory other than the current one.

Reviewed-by: Ben Laurie <ben@openssl.org>

show more ...

Remove extraneous output from util/mk scripts

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move pqueue into ssl

This is an internal facility, never documented, not for
public consumption. Move it into ssl (where it's only used
for DTLS).

I also made the typedef's

Move pqueue into ssl

This is an internal facility, never documented, not for
public consumption. Move it into ssl (where it's only used
for DTLS).

I also made the typedef's for pqueue and pitem follow our style: they
name structures, not pointers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Refactor file writing - Adapt util/mkdef.pl to use configdata.pm

For this adaptation, the variables $options and $version needed to
move to %config in Configure, and why not move all oth

Refactor file writing - Adapt util/mkdef.pl to use configdata.pm

For this adaptation, the variables $options and $version needed to
move to %config in Configure, and why not move all other variables
holding diverse version numbers at the same time?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Avoid the r modifier for s/// (perl)

It seems that the r modifier for s/// is fairly new. It's reported
not to exist in perl 5.10.1, so it's better to avoid it when
possible.

Avoid the r modifier for s/// (perl)

It seems that the r modifier for s/// is fairly new. It's reported
not to exist in perl 5.10.1, so it's better to avoid it when
possible.

Reviewed-by: Tim Hudson <tjh@openssl.org>

show more ...

Add a no-egd option to disable EGD-related code

The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by d

Add a no-egd option to disable EGD-related code

The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

show more ...

Make sure to have both upper and mixed case symbols in SYMBOL_VECTOR

It was assumed that the syntax FOO/Foo=PROCEDURE would create both an
upper case and mixed case symbol in the GST. N

Make sure to have both upper and mixed case symbols in SYMBOL_VECTOR

It was assumed that the syntax FOO/Foo=PROCEDURE would create both an
upper case and mixed case symbol in the GST. Not so, it requires
having both FOO/Foo=PROCEDURE (to create the upper case alias) and
Foo=PROCEDURE (to create the mixed case slot).

We make sure that any symbol always occupies two slots (even those
that don't exist) by filling up with SPARE when necessary. That will
assure that any changes will still have the same symbols in the same
slots no matter what (save a complete rewrite of the ordinals files).

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Use SPARE instead of PRIVATE_PROCEDURE to reserve unused SYMBOL_VECTOR slots

It was assumed that a dummy with the type PRIVATE_PROCEDURE would
simply occupy a slot but otherwise ignore t

Use SPARE instead of PRIVATE_PROCEDURE to reserve unused SYMBOL_VECTOR slots

It was assumed that a dummy with the type PRIVATE_PROCEDURE would
simply occupy a slot but otherwise ignore the symbol. Not so, but
there is SPARE for that purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

The limit per SYMBOL_VECTOR isn't the amount of symbols, it's the line length

Reviewed-by: Rich Salz <rsalz@openssl.org>

VMS INDENTIFICATION should only have the version number

Reviewed-by: Rich Salz <rsalz@openssl.org>

Have mkdef.pl use case sensitive symbols for shareable symbol vector

Reviewed-by: Rich Salz <rsalz@openssl.org>

Enable/disable crypto-mdebug just like other features

Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>

Disable some algorithms by default

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Future-proof deprecated declartion parsing

Support two-digest major/minor/micro numbers and die when the input
fails to parse

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Add DEPRECATEDIN support.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>