Rich Salz [Sat, 5 Oct 2019 18:03:57 +0000 (14:03 -0400)]
Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
Tomas Mraz [Wed, 23 Oct 2019 10:48:18 +0000 (12:48 +0200)]
20-test_enc_more.t: Replace deprecated -ciphers option with -list
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)
Rich Salz [Fri, 18 Oct 2019 16:24:39 +0000 (12:24 -0400)]
Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.
When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.
This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Rich Salz [Thu, 10 Oct 2019 01:48:33 +0000 (21:48 -0400)]
Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
Rich Salz [Fri, 18 Oct 2019 13:52:17 +0000 (09:52 -0400)]
Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
Simo Sorce [Tue, 17 Sep 2019 20:35:23 +0000 (16:35 -0400)]
Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
Rich Salz [Sat, 19 Oct 2019 17:35:16 +0000 (13:35 -0400)]
Add/remove things from .gitignore
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10220)
Richard Levitte [Fri, 13 Sep 2019 09:43:18 +0000 (11:43 +0200)]
crypto/s390xcap.c: Add guards around the GETAUXVAL checks
HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we
add a guard that checks the present of that macro. While we're at it,
we do the same with HWCAP_S390_STFLE, for consistency.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9892)
raja-ashok [Wed, 16 Oct 2019 11:45:03 +0000 (17:15 +0530)]
Fix leak with no-ec config
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10194)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9912)
Richard Levitte [Thu, 17 Oct 2019 16:15:13 +0000 (18:15 +0200)]
Move the version function declarations to include/openssl/crypto.h
include/openssl/crypto.h is where older similar functions already
live, and since opensslv.h became a template, it's no longer useful
for parsing by util/mknum.pl.
Affected declarations:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Thu, 17 Oct 2019 14:12:37 +0000 (16:12 +0200)]
Remove the version number in README
It's cumbersome to have to edit it at release time, it can't be made a
README.in for display reasons (Github won't show it), and having the
version number here gives no special benefit.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Thu, 17 Oct 2019 14:03:06 +0000 (16:03 +0200)]
Configure: get version from the file 'VERSION' instead of 'opensslv.h'
'VERSION' is a very easy file to parse, as opposed to a header file.
We also have the benefit of holding the version information in one
very well known place and can then generate all other version texts
as we see fit, for example opensslv.h.
Fixes #10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Wed, 16 Oct 2019 22:32:20 +0000 (00:32 +0200)]
evp_keymgmt_export_to_provider(): adjust OSSL_PARAM array for transfer
It may be that the OSSL_PARAM array we used for getting parameter
values for a key had a few too many entries. These are detected by
their return_size == 0. Before making second export call, we prune
away these items so we only ask for parameters that exist.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Richard Levitte [Wed, 16 Oct 2019 22:26:44 +0000 (00:26 +0200)]
test/keymgmt_internal_test.c: New test of keymgmt internals
This tests diverse internal KEYMGMT features. The current existing
test checks that evp_keymgmt_export_to_provider() passes the key data
correctly through two instances of the default provider, and that the
resulting numbers at the end match the initial numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Richard Levitte [Tue, 15 Oct 2019 18:28:02 +0000 (20:28 +0200)]
Added internal functions for easy getting and setting all RSA parameters.
rsa_set0_all_params() is used to set all the primes, exponents and
coefficients. rsa_get0_all_params() is used to get all the primes,
exponents and coefficients.
"All" includes p, q, dP, dQ and qInv without making them separate.
All arrays of numbers are implemented as stacks to make dynamic use
easier.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
This commit adds testing and Known Answer Tests (KATs) to OpenSSL for
the `BN_gcd` function.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10122)
This commit replaces the current `BN_gcd` function with a constant-time
GCD implementation.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10122)
This commit aims at refactoring the `BN_rshift` by making it a wrapper
around `bn_rshift_fixed_top`, in order to match the current design of
`BN_lshift`, as suggested in the discussion at
https://github.com/openssl/openssl/pull/10122#discussion_r332474277 .
As described in the code, by refactoring this function, `BN_rshift`
provides a constant-time behavior for sufficiently[!] zero-padded inputs
under the following assumptions: `|n < BN_BITS2|` or `|n / BN_BITS2|`
being non-secret.
Notice that `BN_rshift` returns a canonical representation of the
BIGNUM, if a `fixed_top` representation is required, the caller should
call `bn_rshift_fixed_top` instead.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10196)
Richard Levitte [Tue, 15 Oct 2019 09:35:09 +0000 (11:35 +0200)]
Don't abuse the API when that's not what is tested
test_EVP_PKEY_CTX_get_set_params() in test/evp_extra_test.c abused
previously sloppy checking in EVP_PKEY_sign_init_ex(), by passing a
"key to sign with" that was really just domain parameters.
Now that underlying provider import of key payload has become a bit
more strict, that leads to errors, so we need to provide at least a
public part (even though fake), and because this is a signing
operation, a private part as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)
Richard Levitte [Tue, 24 Sep 2019 01:42:18 +0000 (03:42 +0200)]
evp_generic_do_all(): fix passing of method data
Method data was passed down as provider to ossl_algorithm_do_all(),
which causes trouble as soon a it's non-NULL. Pass it via the data
structure instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
Richard Levitte [Mon, 23 Sep 2019 08:17:19 +0000 (10:17 +0200)]
Some docs cleanup
Clean up a few manual pages that we're about to touch, according to
conventions found in Linux' man-pages(7); function arguments in
descriptions should be in italics, and types, macros and similar
should be in bold, with the exception for NULL.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
Richard Levitte [Tue, 15 Oct 2019 14:45:12 +0000 (16:45 +0200)]
For provided ciphers, EVP_CIPHER_CTX_ctrl() with EVP_CTRL_INIT always returns 1
This control command should never be used with provided methods, but
since this is publically available, someone might still make the
mistake. We make sure it returns 1 so as not to be overly
disruptive.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10163)
Richard Levitte [Tue, 15 Oct 2019 11:08:17 +0000 (13:08 +0200)]
Add EVP_PKEY_CTX_new_provided()
This works as much as possible EVP_PKEY_CTX_new_id(), except it takes
data that's relevant for providers, algorithm name and property query
string instead of NID and engine.
Additionally, if EVP_PKEY_CTX_new() or EVP_PKEY_CTX_new_id() was
called, the algorithm name in the EVP_PKEY context will be set to the
short name of the given NID (explicit or the one of the given
EVP_PKEY), thereby giving an easier transition from legacy methods to
provided methods.
The intent is that operations will use this information to fetch
provider methods implicitly as needed.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10184)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9472)
Nicola Tuveri [Thu, 10 Oct 2019 17:30:58 +0000 (20:30 +0300)]
[ec_asn1.c] Avoid injecting seed when built-in matches
An unintended consequence of https://github.com/openssl/openssl/pull/9808
is that when an explicit parameters curve is matched against one of the
well-known builtin curves we automatically inherit also the associated
seed parameter, even if the input parameters excluded such
parameter.
This later affects the serialization of such parsed keys, causing their
input DER encoding and output DER encoding to differ due to the
additional optional field.
This does not cause problems internally but could affect external
applications, as reported in
https://github.com/openssl/openssl/pull/9811#issuecomment-536153288
This commit fixes the issue by conditionally clearing the seed field if
the original input parameters did not include it.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10140)
Rich Salz [Fri, 4 Oct 2019 02:28:40 +0000 (22:28 -0400)]
Refactor many common flags into openssl.pod
Options moved: -rand, -writerand, -CApath, -CAfile, -no-CApath, -no-CAfile
Added rand to dgst and srp manpages (they were missing them).
New sections in openssl.pod: Random State Options, Trusted Certificate
Options.
Cleanup and add comments to find-doc-nits
Remove ".in" file support; unless giving specific arguments, this
only runs after configuration
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10118)
Rich Salz [Fri, 11 Oct 2019 13:46:59 +0000 (09:46 -0400)]
Remove duplicated line in 'openssl list' output
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10150)
Kurt Roeckx [Sun, 6 Oct 2019 11:48:10 +0000 (13:48 +0200)]
Use fewer primes for the trial division
When using Miller-Rabin to test for primes, it's can be faster to first
do trial divisions, but when doing too many trial divisions it gets
slower again. We reduce the number of trial divisions to a point that
gives better performance.
Based on research by Jake Massimo and Kenneth Paterson
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272
Rich Salz [Fri, 11 Oct 2019 15:52:12 +0000 (11:52 -0400)]
Replace '=for comment ifdef' with '=for openssl'
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10151)
Currently the Configure command only supports passing UNIX style
options (`-opt`) to the compiler. Passing Windows style options
(`/opt`) yields an error. Fortunately, the compiler accepts both
types of options, nevertheless this commit fixes that discrimination
of Windows users.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9961)
Richard Levitte [Thu, 10 Oct 2019 16:14:33 +0000 (18:14 +0200)]
Providers: fix OSSL_FUNC_CIPHER_CIPHER functions
This involves gcm_cipher() (providers/common/ciphers/cipher_gcm.c),
ccm_cipher() (providers/common/ciphers/cipher_ccm.c), and
tdes_wrap_cipher() (providers/common/ciphers/cipher_tdes_wrap.c)
These are generic implementations of the OSSL_FUNC_CIPHER_CIPHER
function, which returned -1 on error when they should return 0.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
Richard Levitte [Thu, 10 Oct 2019 16:04:06 +0000 (18:04 +0200)]
Fix EVP_Cipher() for provided cipher implementations
EVP_Cipher() would return whatever ctx->cipher->ccipher() returned
with no regard for historical semantics.
We change this to first look if there is a ctx->cipher->ccipher(), and
in that case we treat the implementation as one with a custom cipher,
and "translate" it's return value like this: 0 => -1, 1 => outl, where
|outl| is the output length.
If there is no ctx->cipher->ccipher, we treat the implementation as
one without a custom cipher, call ctx->cipher->cupdate or
ctx->cipher->cfinal depending on input, and return whatever they
return (0 or 1).
Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the
cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the
flags to be returned if there is a cipher->ccipher. That way,
provided implementations never have to set that flag themselves, all
they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
Matt Caswell [Mon, 7 Oct 2019 17:21:39 +0000 (18:21 +0100)]
Add a test for EVP_Digest[Sign|Verify]* with a BIO MD
If an EVP_MD_CTX is initialised with EVP_DigestSignInit_ex() or
EVP_DigestVerifyInit_ex() it should work with an MD BIO to provide
the "Updates". Test that this is the case.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)
Matt Caswell [Mon, 7 Oct 2019 16:47:04 +0000 (17:47 +0100)]
Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update
Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for
EVP_DigestUpdate. They are now separate functions. Unfortunately some
code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with
EVP_DigestUpdate. For example the dgst app uses an MD bio which always
calls EVP_DigestUpdate(). However the dgst app supports signing instead
of digesting and may initialise with EVP_DigestSignInit_ex() instead of
just EVP_DigestInit().
We now detect these differences and redirect to the correct function
where appropriate.
Fixes #10114
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)
Matt Caswell [Mon, 7 Oct 2019 16:45:25 +0000 (17:45 +0100)]
Don't use internal knowledge about EVP_MD_CTX in and MD BIO
There is no need for us to be diving inside the EVP_MD_CTX in the
implementation of an MD BIO. We can just use public APIs. By doing this
certain calls (such as getting the MD out of the BIO were not working
correctly) where providers are in use.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)
Richard Levitte [Thu, 10 Oct 2019 16:49:28 +0000 (18:49 +0200)]
Stop using EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
This is a flag that has lost its relevance. The new mechanism to do
the same thing is to fetch the needed digest explicitly with "-fips"
as property query, i.e. we remove any requirement for that property to
be set when fetching, even if the default property query string
requires its presence.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10138)
Viktor Szakats [Tue, 10 Sep 2019 22:47:57 +0000 (22:47 +0000)]
Fix unused goto label gcc warning
On systems with undefined AI_ADDRCONFIG and AI_NUMERICHOST:
x86_64-w64-mingw32-gcc -I. -Icrypto/include -Iinclude -m64 -Wall -O3 -fno-ident ...
crypto/bio/b_addr.c: In function 'BIO_lookup_ex':
crypto/bio/b_addr.c:699:7: warning: label 'retry' defined but not used [-Wunused-label]
retry:
^~~~~
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9856)
ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds.
Fixes #9869
CLA:trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9878)
Richard Levitte [Fri, 4 Oct 2019 12:44:42 +0000 (14:44 +0200)]
Providers: move all ciphers
From providers/{common,default}/ to providers/implementations/
Except for common code, which remains in providers/common/ciphers/.
However, we do move providers/common/include/internal/ciphers/*.h
to providers/common/include/prov/, and adjust all source including
any of those header files.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Richard Levitte [Fri, 4 Oct 2019 10:30:33 +0000 (12:30 +0200)]
Providers: move all digests
From providers/{common,default,legacy}/ to providers/implementations/
However, providers/common/digests/digest_common.c stays where it is,
because it's support code rather than an implementation.
To better support all kinds of implementations with common code, we
add the library providers/libcommon.a. Code that ends up in this
library must be FIPS agnostic.
While we're moving things around, though, we move digestscommon.h
from providers/common/include/internal to providers/common/include/prov,
thereby starting on a provider specific include structure, which
follows the line of thoughts of the recent header file reorganization.
We modify the affected '#include "internal/something.h"' to
'#include "prov/something.h"'.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Richard Levitte [Thu, 3 Oct 2019 23:38:17 +0000 (01:38 +0200)]
Rework how our providers are built
We put almost everything in these internal static libraries:
libcommon Block building code that can be used by all
our implementations, legacy and non-legacy
alike.
libimplementations All non-legacy algorithm implementations and
only them. All the code that ends up here is
agnostic to the definitions of FIPS_MODE.
liblegacy All legacy implementations.
libnonfips Support code for the algorithm implementations.
Built with FIPS_MODE undefined. Any code that
checks that FIPS_MODE isn't defined must end
up in this library.
libfips Support code for the algorithm implementations.
Built with FIPS_MODE defined. Any code that
checks that FIPS_MODE is defined must end up
in this library.
The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.
The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.
The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips. For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Richard Levitte [Thu, 3 Oct 2019 22:08:01 +0000 (00:08 +0200)]
Build files: Make it possible to source libraries into other libraries
Added functionality to use static libraries as source for other
libraries. When done this way, the target library will use the object
files from the sourced static libraries, making the sourced libraries
work as "containers" for object files.
We also need to make sure that the Unix Makefile template knows how to
deal with shared libraries and modules that depend on static libraries.
That's new situation we haven't had before.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
The dependency resolution is made uniquely to resolve proper library
order when linking a program, a module or a shared library.
resolvedepends() did a little too much at once, so it's now reduced to
only collect dependencies (and is renamed to collectdepends()), while
a new function, expanddepends(), expands a list of dependency to
insure that dependent libraries are present after depending libraries,
and finally there is reducedepends() which removes unnecessary
duplicates, leaving only the last one.
resolvedepends() is now a simple utility routine that calls the three
mentioned above in correct order.
As part of this, we implement weak dependencies through the 'weak'
build.info attribute. This is meant to cause a specific order between
libraries without requiring that they are all present.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Richard Levitte [Thu, 3 Oct 2019 21:30:58 +0000 (23:30 +0200)]
Configure: rework build.info grammar and attributes
The build.info grammar's regular expressions were a horrible read.
By assigning certain sub-expressions to variables, we hope to make
it a little more readable.
Also, the handling of build.info attributes is reworked to use a
common function instead of having copies of the same code.
Finally, the attributes are reorganized to specify if they belong with
programs, libraries, modules or scripts. This will enable more
intricate attribute assignment in changes to come.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Explicitly test against NULL; do not use !p or similar
Also added blanks lines after declarations in a couple of places.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9916)
Rich Salz [Tue, 8 Oct 2019 17:10:04 +0000 (13:10 -0400)]
Refactor -passin/-passout documentation
Always refer to openssl.pod instead of repeating the same description
everywhere.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10126)