* contrib/hbssl/evpmd.c
* contrib/hbssl/hbssl.h
* moved hb_EVP_MD_ptr_to_id() function from static to public area
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/hbssl.hbm
+ contrib/hbssl/d2i.c
* added new functions to extract asynchronous keys and certificates
from DER data:
D2I_PUBKEY( <cDER> ) -> <pEVPKey>
D2I_RSAPUBLICKEY( <cDER> ) -> <pRSAKey>
D2I_X509( <cDER> ) -> <pX509Cert>
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/evppkey.c
+ added new functions to get/set RSA asymmetric keys parameters
encapsulated in EVP_PKEY structures:
EVP_PKEY_CTX_get_RSA_padding()
EVP_PKEY_CTX_set_RSA_padding()
EVP_PKEY_CTX_get_RSA_OAEP_md()
EVP_PKEY_CTX_set_RSA_OAEP_md()
EVP_PKEY_CTX_get_RSA_MGF1_md()
EVP_PKEY_CTX_set_RSA_MGF1_md()
* src/common/hbdate.c
* accept up to 9 fractional digits (nanoseconds) in timestamp strings
though only first three ones (milliseconds) are significant.
Recently some tools begin to generate such timestamp values and
Harbour had problems with decoding them correctly.
* src/compiler/hbmain.c
+ allow to pass file name for source code compiled by hb_compileFromBuf()
It works like in all other versions of hb_compile*() functions - it's
enough to pass it as argument without option prefix (option prefix
is "-" on all platforms and also "/" on DOS, OS2, MS-Win).
Please remember that first parameter after control ones is used as
compiler name in generated output messages regardless of its option
prefix.
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/ssl.c
! HB_OPENSSL_HAS_APPLINK was never checked,
defining HB_OPENSSL_NO_APPLINK didn't do anything
* make current OpenSSL 3.6.0 build under fresh MSYS2
shell. MSYS2 does not distribute applink.c, claiming
MingGW C runtime is safe for operation without it.
Have to define HB_OPENSSL_NO_APPLINK and additional
workaround for lacking __int64 type when including
ssl.h. If you need similar workround outside of
MSYS2 shell, setenv: HB_USER_CFLAGS=-DHB_OPENSSL_MSYS
packages needed: openssl-devel (for headers)
mingw-w64-x86_64-openssl (for libs)
mingw-w64-aarch64-openssl
* contrib/hbssl/hbssl.hbc
* using Clang or Zig compiler on Windows, build will
now reference libssl and libcrypto instead of old
ssleay32/libeay32 pair when linking.
* config/win/zig.mk
% unnecessary check
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
* contrib/hbssl/rsa.c
* reenabled hb_RSA_par_remove() for old OpenSSL() versions (<=0.9.6) which
do not support RSA_up_ref()
* contrib/hbssl/ssl.c
! use
x509 = X509_dup( x509 );
X509_check_purpose( x509, -1, 0 );
instead of
X509_up_ref( x509 );
in OpenSSL versions prior 0x10100000L - they do not support X509_up_ref()
* contrib/hbssl/x509.c
* check passed parameters more strictly
* return NIL when X509 certificate cannot be allocated/accessed
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/bio.c
! fixed BIO_set_conn_int_port() to work with OpenSSL >= 1.1
(emulation with BIO_set_conn_port())
! fixed BIO_get_conn_ip() to work with OpenSSL >= 1.1
(emulation with BIO_get_conn_address() and BIO_ADDR_hostname_string())
+ added BIO_get_conn_address(), it returns HB_SOCKET compatible array
with address
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/sslctx.c
+ added new function SSL_CTX_use_RSAPrivateKey()
! respect OPENSSL_NO_RSA macro in other SSL_CTX_use_RSA*() functions
* contrib/hbssl/evp.c
! use EVP_CIPHER_key_length() and EVP_CIPHER_iv_length() in
EVP_BytesToKey() to detect the exact key and iv length.
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
* contrib/hbssl/rsa.c
* removed hb_RSA_par_remove() function, use RSA_up_ref() instead
* contrib/hbssl/hbssl.h
* contrib/hbssl/x509.c
* contrib/hbssl/pem.c
* contrib/hbssl/ssl.c
* removed 2-nd parameter ( HB_BOOL fRelease ) from hb_X509_ret(),
use X509_up_ref() instead
* contrib/hbssl/pem.c
* respect OPENSSL_NO_DSA, OPENSSL_NO_DH and OPENSSL_NO_RSA macros
* contrib/hbssl/ssl_sock.c
* added casting to pacify SSL_set_fd() warning and updated link with
description of the problem
* contrib/hbssl/bio.c
! added missing BIO_free() call in HB_BIO destructor
! fixed BIO_free() function to properly operate on HB_BIO structure
* contrib/hbssl/evpciph.c
! accept EVP_KEY Harbour pointer items in EVP_SealInit()
* contrib/hbssl/hbssl.h
* contrib/hbssl/rsa.c
* contrib/hbssl/evppkey.c
! accept EVP_KEY Harbour pointer items in EVP_PKEY_assign_RSA()
; above are only few fixes for chosen problems and still there are many others
; most of HBSSL code should be rewritten to work with OpenSSL 3.0 API
* contrib/hbcurl/core.c
* contrib/hbcurl/hbcurl.ch
+ added HB_CURLOPT_XFERINFODATA and HB_CURLOPT_XFERINFOFUNCTION
! use CURLOPT_XFERINFO* instead of depreciated CURLOPT_PROGRESS*
to implement HB_CURLOPT_PROGRESSBLOCK
! do not use depreciated CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET,
they serve no purpose anymore
+ added macros for new protocols
+ added HB_CURLOPT_PROTOCOLS_STR and HB_CURLOPT_REDIR_PROTOCOLS_STR
! use CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR instead
of depreciated CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS
* emulate CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS using
CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR in new curl
versions
+ added support for HB_CURLOPT_MIMEPOST
! use CURLOPT_MIMEPOST to emulate depreciated in new curl versions
CURLOPT_HTTPPOST
+ added support for HB_CURLOPT_PROXY_SERVICE_NAME
! use CURLOPT_PROXY_SERVICE_NAME to emulate depreciated in new curl
versions CURLOPT_SOCKS5_GSSAPI_SERVICE
+ added HB_CURLINFO_ACTIVESOCKET
! use CURLINFO_ACTIVESOCKET instead of depreciated CURLINFO_LASTSOCKET
+ added HB_CURLINFO_SIZE_UPLOAD_T, HB_CURLINFO_SIZE_DOWNLOAD_T,
HB_CURLINFO_SPEED_DOWNLOAD_T, HB_CURLINFO_SPEED_UPLOAD_T,
HB_CURLINFO_CONTENT_LENGTH_DOWNLOAD_T and
HB_CURLINFO_CONTENT_LENGTH_UPLOAD_T
! use CURLINFO_*_T actions instead of depreciated ones which operate
double as file offset and emulate old actions using new ones in
new curl versions
* contrib/hbssl/evp.c
! Do no use EVP_cleanup() in OpenSSL 1.1.0 and newer.
It no longer has any effect.
* contrib/hbssl/hbssl.h
* set OPENSSL_API_COMPAT to 1.2.0 to pacify OpenSSL 3.0 API.
It hides OpenSSL 3.0 warnings but we should update the code to use
new suggested API.
* contrib/hbwin/olecore.c
! invoke assign methods with DISPATCH_PROPERTYPUTREF instead of
DISPATCH_PROPERTYPUT if assigned value is OLE object. If such
functionality is not implemented by the object (some OLE
implementations do not support it and returns DISP_E_MEMBERNOTFOUND)
then call it again but in previous form with DISPATCH_PROPERTYPUT
* include/hbapirdd.h
* src/rdd/dbcmd.c
! fixed error codes set by DbSetRelations() to be Cl*pper compatible
* src/rdd/dbcmd.c
+ accept symbol items in Select() and DbSelectArea() just like in
( <alias> ) -> <exp>
* include/hbcompdf.h
* include/hbexprb.c
* src/common/funcid.c
+ added compile time optimization for Select() function without parameters
+ added compile time optimization DbSelectArea( <nNum> | <sSym> )
+ added support for hb_PIsByRef( @localVarName ) -> <lPassedByRef>
When the parameter is passed by reference Harbour verifies if it's
existing local variable and change it to its index in parameter list
so effectively it works like hb_IsByRef( @localVarName ) in xHarbour
* contrib/xhb/hbcompat.ch
+ added translations for
hb_PIsByRef( @<localVar> ) <=> hb_IsByRef( @<localVar> )
* contrib/hbfimage/core.c
* use FreeImage_Rotate() instead of FreeImage_RotateClassic() in new
FreeImage versions which do not support this function
* contrib/hbsqlit3/core.c
* added missing casting reported as bug in C++ mode
* contrib/hbssl/hbssl.h
* contrib/hbssl/rsa.c
* added HB_SSL_CONST_BYTE() macro to pacify unconst warnings
in old SSL versions
* src/rdd/wacore.c
* inlined macro to pacify still returning false warning
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
+ added new C function
void hb_EVP_PKEY_ret( EVP_PKEY * pkey );
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
+ added new PRG functions:
PEM_READ_PRIVATEKEY()
PEM_READ_PUBKEY()
* contrib/hbssl/ssl_sock.c
! added missing HB_SOCKET_ERR_TIMEOUT setting in hb_ssl_socketRead()
! fixed cleared to early SSL error code in hb_ssl_socketWrite()
* contrib/hbssl/tests/inetssl.prg
! interrupt test program if server thread stops
* load server certificates before listen socket is created
* src/rdd/dbfnsx/dbfnsx1.c
! code cleanup to pacify warnings in new GCC versions
* src/rtl/filesys.c
! check if child's fork() was executed successfully
* src/rtl/hbproces.c
! use hb_fsCloseRaw() instead of close() in hb_fsProcessExec() to avoid
lost handles when close() operation is interrupted by signal.
! repeat waitpid() calls interrupted by signal
* contrib/hbssl/hbssl.h
* contrib/hbssl/ssl_sock.c
* contrib/hbssl/ssl_inet.c
+ added new 'PHB_ITEM pSSL' parameter to hb_sockexNewSSL() and
hb_ssl_socketNew() C functions - it allows to bind harbour item
with SSL pointer which should not be released before connection
is closed. In new OpenSSL version such tricks can be replaced
by SSL_up_ref()
This modification also fixes possible GPF trap when SSL filter
socket was create dynamically from C code without SSL pointer
item on HVM stack in 2-nd parameter and removes old hack which
saved internally 2-nd HVM stack parameter.
+ allow to pass SSL_CTX instead of SSL in "ssl", "ctx" or "key" items
of hash array used to initialize SSL socket filter. Using SSL_CTX
allows to use the same hash array to set SSL socket filter for
different connections
+ allow to use codeblocks or function pointers as "ssl", "ctx" or
"key" items of hash array used to initialize SSL socket filter
* contrib/hbssl/hbssl.h
* contrib/hbssl/sslctx.c
+ added new C function:
SSL_CTX * hb_SSL_CTX_itemGet( PHB_ITEM pItem )
* contrib/hbssl/ssl_sock.c
* src/rtl/hbcom.c
* src/rtl/hbsocket.c
! fixed timeout checking in select()/poll()
* src/rtl/hbsockhb.c
! fixed possible GPF trap when socket filter refuse to create new
socket wrapper
* include/hbinit.h
* in GCC C++ builds for startup code use GCC constructor function
attribute instead of static variable initialization to avoid
warnings in new GCC versions
* src/rtl/hbntos.c
! fixed missing '-' in result of negative integer numbers - thanks
to Luigi Ferraris
* src/common/hbstr.c
+ added code to round integer part when the size of number is greater
then double precision (~16 digits).
* *
% remove brandings and homepage [1] from copyright header. Pass 1 - using script.
[1] nobody has access to it anymore AFAIK - and it's also just
a redirect since long
! update url in copyright header
; this should make the diff between 3.4 and 3.2 easier to manage
* include/hbsocket.h
* src/rtl/hbsockhb.c
+ added socket filters to standard socket API.
At C level hb_sockex*() function with PHB_SOCKEX handler can be
used to operate on socket filters. At PRG level standard hb_socket*()
functions can be used.
The following things has been changed in PRG hb_socket*() functions:
hb_socketErorrString() can accept <pSocket> as 1-st or 2-nd parameter
and redirect call to socket filter errorStr() method.
hb_socketClose() executes automatically shutdown() for connected
sockets - it is important in windows only where without explicit
call to shutdown() before close transmitted data can be lost.
hb_socketSend() and hb_socketRecv() can be redirected to filter
streams if filter set such redirection. If filter does not redirect
them then they operate on raw sockets. If hb_socketSend() is
redirected then sent data is flushed automatically.
The following new PRG functions has been added:
Add/replace socket filter:
hb_socketSetFilter( <pSocket>, [<cFilterName>], [<hParams>] )
-> <pSocket> | NIL
<cFilterName> is filter name, It's possible to set many filters
in single hb_socketSetFilter() call separating filter names
with "|" character, i.e.:
pSock := hb_socketSetFilter( pSock, "ZSOCK|BFSOCK", hParams )
<hParams> is hash array with initialization parameters used by
given socket filter. The core implementation recognize the
following settings:
"readahead" - numeric value with size of read ahead buffer
"flush" - numeric value with auto flush parameter (for more
information look at hb_socketAutoFlush() below)
"redir" - logical value which can be use to enable/disable
hb_socketSend() and hb_socketRecv() redirection
to filter stream.
Return filter name used by socket:
hb_socketGetFilter( <pSocket> ) -> <cFilterName>
Read from socket stream:
hb_socketRead( <pSocket>, @<cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nRead>
this function is similar to hb_socketRecv() but is always
redirected to socket stream filters.
Write to socket stream:
hb_socketWrite( <pSocket>, <cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nWritten>
this function is similar to hb_socketSend() but it is always
redirected to socket stream filters. Written data is not flushed
by default and it should be flushed explicitly by hb_socketFlush().
Automatic flushing can be enabled by hb_socketAutoFlush() function.
Flush data written to socket:
hb_socketFlush( <pSocket>, [<nTimeout> = FOREVER], [<lSync>] )
-> <nNotFlushed>
<lSync> parameter is logical value which can be used to force
special synchronization method in some filters. Usually users
do not have to use it in normal code.
Enable/disable automatic flushing of written data.
hb_socketAutoFlush( <pSocket>, [ <nTimeout> ] ) -> <nTimeout>
<nTimeout> is timeout for automatic flush operation on written
data in milliseconds. <nTimeout> = -1 means wait forever and
<nTimeout> = 0 disables auto flush.
automatic flushing can help in adopting existing code anyhow it
may strongly reduce the performance in some filters, i.e.
compression filters like ZSOCK have to add special data to the
stream after each flush operation so it's suggested to call
flush explicitly when we want to force delivering written data
to the peer.
* include/hbznet.h
* src/rtl/hbznet.c
+ added ZNET socket filter - compressed and encrypted streams are
compatible with hb_znet*() streams. The old hb_znet*() interface
is obsolete for pure socket communication and if not used as
hb_inet*() filter then should be replaced by hb_sockex*() in
user programs.
ZNET socket filter can be created by new PRG functions:
hb_socketNewZNet( <pSocket>, [<cPass>], [<nCompressionLevel>], ;
[<nStrategy>] ) -> <pSocket> | NIL
or by standard socket API with "ZNET" as filter name.
ZNET filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
ZNET filter always disables any other filters and operates on raw
socket.
Please remember that it's optional module. If programmer does not
use hb_socketNewZNet() explicitly and prefers using hb_socketNew()
then he should force linking this module by REQUEST hb_socketNewZNet
+ added fSync parameter to hb_znetFlush()
[INCOMPATIBLE]
* src/rtl/hbinet.c
* call flush filter function before socket is closed
* src/rtl/Makefile
+ src/rtl/hbzsock.c
+ added ZSOCK socket filter - ZLIB and GZIP compression for socket
streams.
ZSOCK socket filter can be created by new PRG functions:
hb_socketNewZSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "ZSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewZSock
ZSOCK filter can be used with other filters.
ZSOCK filter recognize the following settings in initialization
hash array:
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
"zin" - logical value which allow to enable/disable ZLIB
decompression on input stream (default)
"gzin" - logical value which allow to enable/disable GZIP
decompression on input stream - it's possible to
enable both ZLIB and GZIP decompression together
so both streams can be decompress
"zout" - logical value which allow to enable/disable ZLIB
compression on output stream (default)
"gzout" - logical value which allow to enable/disable GZIP
compression on output stream - if both "zout" and
"gzout" are enabled GZIP compression is used.
* src/rtl/Makefile
+ src/rtl/hbbfsock.c
+ added BFSOCK socket filter - BlowFish input and output stream
encryption in CTR mode.
BFSOCK socket filter can be created by new PRG functions:
hb_socketNewBFSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "BFSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewBFSock
BFSOCK filter can be used with other filters, i.e. with ZSOCK.
Please only remember that good encryption algorithms have to
generate data which cannot be compressed so using "BFSOCK|ZSOCK"
only wastes resources and correct filter order is "ZSOCK|BFSOCK".
BFSOCK filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"iv" - string with initialization vector for CTR mode
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_inet.c
+ contrib/hbssl/ssl_sock.c
+ added SSL socket filter
SSL socket filter can be created by new PRG functions:
hb_socketNewSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
hb_socketNewSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
or by standard socket API with "SSL" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewSSL_connect
or
REQUEST hb_socketNewSSL_accept
SSL filter always disables any other filters and operates on raw
socket.
SSL filter recognize the following settings in initialization hash
array:
"ctx" or "key" - pointer SSL item <pSSL>
"timeout" - timeout (numeric)
"client" - logical value indicating client mode (SSL_connect())
"server" - logical value indicating server mode (SSL_accept())
* contrib/hbssl/tests/inetssl.prg
! cleaned typo in local function name
* contrib/hbnetio/netiocli.c
* contrib/hbnetio/netiosrv.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets and hb_znet*()
* contrib/hbtcpio/tcpio.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets
+ implemented hb_fileFlush()
* contrib/hbssl/hbssl.h
* added HB_SSL_CONST macro which can be used instead of 'const'
qualifier to pacify "discards qualifier 'const'" warnings in
OpenSSL versions prior 0.9.8
* contrib/hbssl/evp.c
* contrib/hbssl/evpciph.c
* contrib/hbssl/evpenc.c
* contrib/hbssl/evpmd.c
* contrib/hbssl/ssl.c
* contrib/hbssl/sslctx.c
* use HB_SSL_CONST macro to pacify warnings in 0.9.6 and 0.9.7
OpenSSL versions
; Now HBSSL compiles cleanly without any warnings with different
OpenSSL final versions starting with 0.9.6
* contrib/hbssl/evpciph.c
* contrib/hbssl/hbssl.h
! added missing protection for EVP_rc5_32_12_16_cfb64()
* cleaned version macro usage to not force final versions until beta
ones is not confirmed to be broken
* contrib/hbssl/bio.c
* contrib/hbssl/err.c
* contrib/hbssl/evpciph.c
* contrib/hbssl/evpmd.c
* contrib/hbssl/hbssl.h
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_inet.c
! fixed compilation with older OpenSSL versions.
Now minimum supported version of OpenSSL is 0.9.6.
I tested current code only with finals releases (such releases
have 'f' as last hex digit in OPENSSL_VERSION_NUMBER) so it's
possible that some beta release may need additional tunes but now
adopting the code should be quite easy job for anyone who need
to use such OpenSSL version and has same very basic C knowledge.
When older OpenSSL versions are used then warnings:
"passing arg X discards qualifier 'const' from pointer target type"
can appear. I didn't pacified them to not hide some possible bugs
in the future though it breaks C++ compilation so maybe I'll add
such casting using macro redefined only for older versions.
; [TODO] check if HB_OPENSSL_OLD_OSX_ macro is still required and
if not then remove it. Maybe also other DARWIN macros can
be removed.
* (all files)
* stripped svn header
* minor cleanups
; use following command to find out the history of files:
git log
git log --follow
git blame
git annotate
