The previous 'Relax the requirements for a debug build' commit had
an extra line of code that shouldn't have been there. This fixes it.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
We required that a target be named 'debug-something' or to have at
least one of the configuration items debug_cflags and debug_lflags for
--debug to be accepted.
However, there are targets with no such markings but that will still
have debugging capabilities. This is particularly true for mk1mf
builds, where the extra flags for debugging are figured out later on
by util/mk1mf.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
For some strange reason opensslconf.h was only defining DES_LONG
when included via des.h, but that's exceedingly fragile (as a
result of include guards the include via des.h might not actually
process the content again).
Ripped out the nesting constraint, now always define OSSL_DES_LONG
if not already defined. Note, this could just be DES_LONG, but
trying to avoid exposing DES_LONG in places where it has never been
seen before, so it is up to des.h to actually define DES_LONG as
OSSL_DES_LONG.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
We use $default_depflags to check if a 'make depend' is needed after
configuring, so it needs to be kept up to date.
Reviewed-by: Matt Caswell <matt@openssl.org>
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
(Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
'./Configure reconf' hasn't been working for a while, because a perl
lable needs to be immediately followed by a block.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The contents of this variable ($memleak_devteam_backtrace) is added to
$cflags unless we build for a platform we know doesn't support gcc's
-rdynamic och backtrace() and friends.
Reviewed-by: Andy Polyakov <appro@openssl.org>
./Configure [target] --strict-warnings -Wno-pedantic-ms-format
would not add '-pedantic' because it matches '-Wno-pedantic-ms-format',
which was added first.
Reviewed-by: Matt Caswell <matt@openssl.org>
Configure has, so far, had no control at all of which 'no-' options it
can be given. This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust... or file a bug report.
This introduces some sanity into the possible choices.
The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
With the new testing framework, building a test target with mk1mf.pl
becomes a very simple thing. And especially, no more need to do the
amount of hackery in unix.pl we did.
Also, some tests need a working apps/CA.pl as well as rehashed certs
in certs/demo. So, move the code creating those files so it gets done
regardless, not just in non-mk1mf environments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.
In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We use GNU statement expressions in crypto/md32_common.h, surrounded
by checks that GNU C is indeed used to compile. It seems that clang,
at least on Linux, pretends to be GNU C, therefore finds the statement
expressions and then warns about them.
The solution is to have clang be quiet about it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte
Benjamin Kaduk
Viktor Dukhovni
Rich Salz
Rich Salz
Mat
Andy Polyakov
Ben Laurie
Kurt Roeckx
Jacob Bandes-Storch
Emilia Kasper
Alessandro Ghedini
David Woodhouse
Matt Caswell
Dr. Stephen Henson