kmx git

Commit	Date	Message
db974c34	2015-07-15T20:00:21	fixup how OPENSSLDIR is derived and expanded As per http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html we should not try to expand variables like sysconfdir in the configure script, but rather derive the correct value in the Makefiles instead. This fixes missing expansions as the preprocessor define.
bda20bd1	2015-07-11T14:23:44	Improve automatic handling of OPENSSLDIR Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which is derived by default from sysconfdir and the prefix setting.
ad2a38ab	2015-03-22T06:18:18	rework CFLAGS/CPPFLAGS settings during configuration Move define adjustments to CPPFLAGS. Adjust user CFLAGS directly, do not override during configuration. USER_CFLAGS is not necessary to build libcompat_noopt correctly.
148aebdb	2015-03-08T16:39:48	fix hangs reading stdin on Windows
28311d43	2015-02-14T18:51:44	conditionally build certhash into openssl(1) For now, look for openat and symlink. We may switch to just needing symlink later.
5e96c047	2015-02-11T20:50:10	add the new openssl(1) certhash command
9adc6d64	2014-12-27T16:52:25	Revert "do not double-link libcrypto" This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405. It wasn't as superfluous as I thought on all platforms.
c83d468c	2014-12-27T16:34:48	do not double-link libcrypto libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.
13035fa6	2014-12-06T11:20:56	simplify building the apps Makefile Remove extra machinery in favor of a plain-old Makefile.am. Tighten up what files are copied on build, package a simple openssl.cnf.
1bbde19a	2014-11-20T00:24:20	add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
58fcd3c3	2014-11-20T00:26:55	Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).
2103690c	2014-11-19T22:02:17	improve readability of generated Makefile.am files
0aeb93b9	2014-10-27T19:22:03	override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@
a4cc9539	2014-10-29T15:44:36	Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug
4335a49f	2014-07-21T05:40:28	use correct link order for app and tests ok beck@ guenther@
8b125f31	2014-07-11T04:47:03	build strtonum directly into apps/openssl it is not needed as a library export ok beck@
2b6dbc39	2014-07-10T06:21:51	initial top-level import of subdirectories

db974c34

2015-07-15T20:00:21

fixup how OPENSSLDIR is derived and expanded As per http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html we should not try to expand variables like sysconfdir in the configure script, but rather derive the correct value in the Makefiles instead. This fixes missing expansions as the preprocessor define.

bda20bd1

2015-07-11T14:23:44

Improve automatic handling of OPENSSLDIR Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which is derived by default from sysconfdir and the prefix setting.

ad2a38ab

2015-03-22T06:18:18

rework CFLAGS/CPPFLAGS settings during configuration Move define adjustments to CPPFLAGS. Adjust user CFLAGS directly, do not override during configuration. USER_CFLAGS is not necessary to build libcompat_noopt correctly.

148aebdb

2015-03-08T16:39:48

fix hangs reading stdin on Windows

28311d43

2015-02-14T18:51:44

conditionally build certhash into openssl(1) For now, look for openat and symlink. We may switch to just needing symlink later.

5e96c047

2015-02-11T20:50:10

add the new openssl(1) certhash command

9adc6d64

2014-12-27T16:52:25

Revert "do not double-link libcrypto" This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405. It wasn't as superfluous as I thought on all platforms.

c83d468c

2014-12-27T16:34:48

do not double-link libcrypto libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.

13035fa6

2014-12-06T11:20:56

simplify building the apps Makefile Remove extra machinery in favor of a plain-old Makefile.am. Tighten up what files are copied on build, package a simple openssl.cnf.

1bbde19a

2014-11-20T00:24:20

add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us

58fcd3c3

2014-11-20T00:26:55

Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).

2103690c

2014-11-19T22:02:17

improve readability of generated Makefile.am files

0aeb93b9

2014-10-27T19:22:03

override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@

a4cc9539

2014-10-29T15:44:36

Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug

4335a49f

2014-07-21T05:40:28

use correct link order for app and tests ok beck@ guenther@

8b125f31

2014-07-11T04:47:03

build strtonum directly into apps/openssl it is not needed as a library export ok beck@

2b6dbc39

2014-07-10T06:21:51

initial top-level import of subdirectories

kc3-lang/libressl/apps

apps

Log