| Commit message (Collapse) | Author | Files | Lines |
|---|
|
thanks to gschutijser from github for pointing it out
|
|
|
|
Avoid spurious rebuilds running update.sh by generating a temp file and
comparing the result to the existing one.
|
|
|
|
Add pidwraptest.txt to DISTCLEANFILES to let it be removed on distclean.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
Add additional code to remove linked manpages on uninstall. Since we do
linking manually, automake will not remove them for us.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
Add a do_mv()/$MV wrappers to be called instead of just mv. This
function will preserve the target file if it does not differ from the
source file. This helps to remove unnecessary compilator calls after
calling update.sh w/o source changes.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
In several additional places call $CP instead of just cp to ease and
speed up rebuilds after update.sh execution.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
Add gost test suite and camellia cipher dir to .gitignore.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
There are issues building with inline assembly on Windows 64-bit.
|
|
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.
The build method is a little different than OpenSSL and OpenBSD. All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.
Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
|
|
I really need write something to automate this.
|
|
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
|
|
|
|
Remove a lot of complex shell code. Upstream churn has slowed down, so
it is now easier to maintain this directly as automake files. This is
also needed to start integrating CPU-specific acceleration support.
Since we are deriving the copy list from the Makefile.am files, we can
now get rid of copy_src/copy_crypto.
|
|
|
|
Follow libtls and derive the file list from the Makefile.am
template itself.
|
|
Remove extra machinery in favor of a plain-old Makefile.am.
Tighten up what files are copied on build, package a simple openssl.cnf.
|
|
Derive the file list from the Makefile.am template itself (DRY), ensure
manpage is packaged with the final tarball.
|
|
|
|
Use './configure --enable-libtls' to build the library and install the
associated manpages. Note that the API and ABI of this library may
change still, though feedback is welcome.
ok deraadt@ jsing@ tedu@
|
|
|
|
|
|
Windows sockets functions look on the outside like they behave similarly
to POSIX functions, but there are many subtle and glaring differences,
including errors reported via WSAGetLastError, read, write, and close do
not work on sockets, setsockopt takes a (char *) rather than (void *),
etc.
This header implements wrappers that coerce more POSIX-like behavior
from these functions, making portable code easier to develop.
BENEFITS:
One does not necessarily need to sprinkle #ifdefs around code to handle
the Windows and non-Windows behavior when porting code.
CAVEATS:
There may be performance implications with the 'mother-may-I'
approach to determining if a descriptor is a socket or a file.
The errno mappings are not 100% what one might expect compared to POSIX
since there were not always good 1:1 equivalents from the WSA errors.
|
|
also add license header to existing shims
|
|
This provides sufficient functionality to run openssl(1) from a Windows
console. This is based on the original select-based version from from
songdongsheng@live.cn. Changes:
* use nfds_t directly for iterating the fds.
* add WSAGetLastError -> errno mappings
* handle POLLHUP and the OOB data cases for revents
* handle sparse arrays of fds correctly
* KNF style updates
* teach poll how to handle file handles as well as sockets
This handles the socket/non-socket issue by alternating a loop between
WaitForMultipleObjects for non-sockets and and select for sockets. One
would think this would be terrible for performance, but as of this
writing, poll consumes about 6% of the time doing a bulk transfer
between a Linux box and 'openssl.exe s_server'.
I tried to implement this all in terms of WaitForMultipleObjects with a
select 'poll' at the end to get extra specific socket status. However,
the cost of setting up an event handle for each socket, setting the
WSAEventSelect attributes, and cleaning them up reliably was pretty
high. Since the event handle associated with a socket is also global,
creating a new one cancels the previous one or can be disabled
externally.
In addition, the 'FD_WRITE' status of a socket event handle does not
behave in an expected fashion, being triggered by an edge on a write
event rather than being level triggered.
Another fun horror story is how stdin in windows might be a console, it
might be a pipe, it might be something else. If these all worked in the
same way, it would be great. But, since a console-stdin can also signal
on a mouse or window event, it means we can easily get stuck in a
blocking read (you can't make stdin non-blocking) if the non-character
events are not filtered out. So, poll does that too.
See here for various additional horror stories:
http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
|
|
Update pq_test to ignore changes in whitespace.
Update for new testssl params, specify absolute paths to test binaries.
Fork-based tests do not make sense on Windows.
Disable building biotest, since it is too specific to OpenBSD's behavior
to be useful on other platforms.
|
|
This adds a Windows-specific versions of several symbols from libcrypto
and openssl(1).
|
|
|
|
|
|
|
|
|
|
Ensure the public camellia.h header is installed along with gost.h
|
|
ok bcook@
|
|
from miod@:
There used to be a strong reluctance to provide this cipher in LibreSSL in the
past, because the licence terms under which Cammelia was released by NTT were
free-but-not-in-the-corners, by restricting the right to modify the source
code, as well retaining the right to enforce their patents against anyone
in the future.
However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html ,
NTT changed its mind and made this code truly free. We only wish there had
been more visibility of this, for we could have had enabled Cammelia
earlier (-:
Licence change noticed by deraadt@. General agreement from the usual LibreSSL
suspects.
Crank libcrypto.so minor version due to the added symbols.
|
|
Check if we are using clang, rather than simply if we are on OS X.
Note: recent LLVM releases do not seem to need this anyway.
|
|
We need to include VERSION for it to run.
|
|
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
|
|
While the native OS X implementation is fork-safe, it does not seed
safely, as of the latest released OS X libc sources, version 997.90.3.
It only uses weak sources of entropy if accessing /dev/urandom fails.
ok beck@ deraadt@
|
|
ok beck@ deraadt@
|
