Commit Graph

80 Commits

Author SHA1 Message Date
Brent Cook
03cd45e2c7 Enable optimized crypto operations for x86_64
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.

The build method is a little different than OpenSSL and OpenBSD.  All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.

Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
2014-12-07 16:26:28 -06:00
Brent Cook
976f64d932 read all library versions directly from files
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
2014-12-06 18:59:25 -06:00
Brent Cook
b3270494f0 add support for building libtls
Use './configure --enable-libtls' to build the library and install the
associated manpages. Note that the API and ABI of this library may
change still, though feedback is welcome.

ok deraadt@ jsing@ tedu@
2014-12-06 09:13:56 -06:00
Brent Cook
1bbde19a7c add minimal poll(2) implementation for Windows
This provides sufficient functionality to run openssl(1) from a Windows
console. This is based on the original select-based version from from
songdongsheng@live.cn. Changes:

 * use nfds_t directly for iterating the fds.
 * add WSAGetLastError -> errno mappings
 * handle POLLHUP and the OOB data cases for revents
 * handle sparse arrays of fds correctly
 * KNF style updates
 * teach poll how to handle file handles as well as sockets

This handles the socket/non-socket issue  by alternating a loop between
WaitForMultipleObjects for non-sockets and and select for sockets. One
would think this would be terrible for performance, but as of this
writing, poll consumes about 6% of the time doing a bulk transfer
between a Linux box and 'openssl.exe s_server'.

I tried to implement this all in terms of WaitForMultipleObjects with a
select 'poll' at the end to get extra specific socket status. However,
the cost of setting up an event handle for each socket, setting the
WSAEventSelect attributes, and cleaning them up reliably was pretty
high. Since the event handle associated with a socket is also global,
creating a new one cancels the previous one or can be disabled
externally.

In addition, the 'FD_WRITE' status of a socket event handle does not
behave in an expected fashion, being triggered by an edge on a write
event rather than being level triggered.

Another fun horror story is how stdin in windows might be a console, it
might be a pipe, it might be something else. If these all worked in the
same way, it would be great. But, since a console-stdin can also signal
on a mouse or window event, it means we can easily get stuck in a
blocking read (you can't make stdin non-blocking) if the non-character
events are not filtered out. So, poll does that too.

See here for various additional horror stories:

http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
2014-12-03 17:03:47 -06:00
Brent Cook
7f0646f612 Update win32 build defines 2014-12-03 17:02:29 -06:00
Brent Cook
d84aa5cbc1 Quiet clang warnings about unused arguments in general.
Check if we are using clang, rather than simply if we are on OS X.
Note: recent LLVM releases do not seem to need this anyway.
2014-11-03 21:06:40 -06:00
Brent Cook
94ec2b6b1c make 'autoreconf' work from dist tarball
We need to include VERSION for it to run.
2014-11-03 21:05:47 -06:00
Brent Cook
0aeb93b9fc override native arc4random_buf on FreeBSD
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@
2014-11-03 01:19:36 -06:00
Brent Cook
8abf8e1e15 override native arc4random_buf on OS X
While the native OS X implementation is fork-safe, it does not seed
safely, as of the latest released OS X libc sources, version 997.90.3.
It only uses weak sources of entropy if accessing /dev/urandom fails.

ok beck@ deraadt@
2014-11-03 01:19:36 -06:00
Brent Cook
a4cc953911 Improve and simplify function and header detection logic.
Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS.
Clarify some ambiguous dependencies around strnlen/strndup.
Unconditionally enable pidwraptest for all arc4random implementations.
Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf.

ok @doug
2014-10-30 19:15:11 -05:00
Brent Cook
727bccd093 use the correct HOST_OS for the Windows build
ok doug@
2014-10-30 10:55:30 -05:00
Brent Cook
8b695e534b set various glibc flags that also are useful with mingw
for example, asprintf/vasprintf are unmasked with _GNU_SOURCE in mingw
2014-10-22 19:12:18 -05:00
Brent Cook
54259e50a5 include a proper check for memmem when configuring unit tests
This allows the proper compatibility header definition to be exposed.
2014-10-22 12:37:06 -05:00
Brent Cook
e7edc4a76f ensure compatibility with posix shell
remove bash comparison, thanks kinichiro
2014-08-18 21:55:37 -05:00
Brent Cook
01726893f5 add --disable-asm flag for disabling inline asm
Surprisingly (or not), a lot of OpenSSL's inline assembly actually makes
things slower with a relatively modern compiler (read, gcc >= 4.x).
2014-08-17 07:58:32 -05:00
Brent Cook
2cef68f3ed allow inline asm
use default of -std=gnu99 for it to be recognized
2014-08-16 14:16:01 -05:00
Brent Cook
2d719eb3d7 set _DEFAULT_SOURCE on linux hosts
this is the replacement for _BSD_SOURCE on newer glibc's
2014-08-16 08:17:32 -05:00
Brent Cook
46b6df7cb0 remove configure.am.tpl, pull in VERSION directly
from wouter@
2014-08-12 21:17:41 -05:00
Brent Cook
596ef45803 source library version from a common place, speed man builds
grab library version from VERSION file
build manpages only on changes

ok beck@
2014-07-12 04:02:35 -06:00
Brent Cook
0137439f5d remove unconditional -Werror
Allow warnings to be reported without failing the entire build.

ok beck@
2014-07-11 07:30:05 -05:00
Brent Cook
1e71b73215 link -lrt on linux for glibc < 2.17 compatibility
ok beck@
2014-07-11 07:27:03 -05:00
Brent Cook
e1e636db22 prefer symlinks rather than hardlinks for manpages
ok beck@
2014-07-11 03:56:58 -05:00
Brent Cook
0e9857d448 put CPP defines in CPPFLAGS 2014-07-11 03:56:57 -05:00
Brent Cook
5acefa2f5a add manpages and links 2014-07-11 00:15:13 -05:00
Charlie Root
ab3d9838cd wording changes and initial stab at crypto man pages.
still need to get man links working and ssl and apps
man pages added.
2014-07-11 04:14:48 -06:00
Brent Cook
222a38f169 bump to version 2.0.0 2014-07-10 17:24:03 -05:00
Brent Cook
388a1655d4 better fix for __bounded removal 2014-07-10 16:02:49 -05:00
Charlie Root
d81b9bda51 fix CFLAGS line 2014-07-10 14:15:36 -06:00
Bob Beck
2981557a7f deal with bounded attribute 2014-07-10 14:11:44 -06:00
Brent Cook
e9eff5016a initial top-level import 2014-07-10 06:07:09 -05:00