- 14 10月, 2020 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #13085
-
由 Yury Is 提交于
Several embedded toolchains may provide dummy implemented getentropy() function which always returns -1 and sets errno to the ENOSYS. As a result the function SSL_CTX_new() fails to create a new context. Fixes #13002 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13114)
-
由 Randall S. Becker 提交于
The default settings are now IEEE float. CLA: Permission is granted by the author to the ITUGLIB team to use these modifications. Fixes #12919 Signed-off-by: NRandall S. Becker <rsbecker@nexbridge.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13108)
-
- 13 10月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
The temporary copy that's made didn't have a lock, which could end up with a crash. We now handle locks a bit better, and take extra care to lock it and keep track of which lock is used where and which lock is thrown away. Fixes #12876 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12978)
-
由 Ikko Ashimine 提交于
orignal -> original CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13111)
-
- 12 10月, 2020 13 次提交
-
-
由 Rainer Jung 提交于
In OpenSSL 1.1.1 the script run_tests.pl has an effectiver workaround to fall back to Test::Harness, if TAP::Harness is not available. That code has substantially changed, but it seems it should still fall back but doesn't. Observed on SuSE Linux Enterprise Server 11 (SLES11). Error messages: Can't locate TAP/Parser.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 131. and Can't locate TAP/Harness.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 215. Concerning the fix: the docs for parent.pm show, that without the "-norequire" it puts the require statement in a BEGIN block which probably runs before the eval, to the loading is no longer encapsulated by the eval. Without the additional require line, the loading doesn't happen at all, so the availability testing fails. Combining the "-norequire" and an explicit "require" worked for me. Tested on the original problem platform SLES 11, but also on SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12500)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
This makes it possible to easily deprecated selections of PEM functions. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
This makes it possible to easily deprecated selections of ASN1 functions. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
The triggering macro that decides if a symbol is to be considered deprecated is OPENSSL_NO_DEPRECATEDIN_x_y[_z]. OpenSSL::ParseC renames any OPENSSL_NO_DEPRECATED_x_y[_z] by inserting "IN". Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
As opposed to DEPRECATEDIN_{major}_{minor}(), any use of these macros must be guarded with a corresponding OPENSSL_NO_DEPRECATED_{major}_{minor}: #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); #endif Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
It turns out that they have __declspec(deprecated) that correspond pretty much to GCC's __attribute__((deprecated)), including for messages. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
The macro value is changed to use deprecation messages where whose are supported. We also add the macro OSSL_DEPRECATED_FOR(), to be used whenever an additional message text is desirable, for example to tell the user what the deprecated is replaced with. Example: OSSL_DEPRECATED_FOR(3.0,"use EVP_PKEY and EVP_PKEY_size() instead") int RSA_size(const RSA *rsa); Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
The diverse DEPRECATEDIN_x_y_z macros are rewritten in terms of this macro. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Pauli 提交于
coverity 1403324 negative array index: check for finding an unknown value and error if so (since it shouldn't happen). Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13091)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13091)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13091)
-
- 11 10月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
The functions i2d_PrivateKey(), try_key_value() i store_result.c and X509_PUBKEY_set() were all essentially duplicating this functionality to some degree. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13094)
-
由 Richard Levitte 提交于
This adds OSSL_ENCODER_to_data() and OSSL_DECODER_from_data(). These functions allow fairly simple rewrites of type-specific i2d and d2i calls. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13094)
-
- 09 10月, 2020 6 次提交
-
-
由 Richard Levitte 提交于
There was a number of potential range conflicts between reason codes from different places. Library specific reason codes are allowed to start at 100, so it means that anything "global" is limited to the range 1..99. At the same time, we have the ERR_R_LIB_xxx reason codes, which have the same numbers as ERR_LIB_xxx, potential range 1..255. And then we have the common ERR_R_ reason codes, potential range in OpenSSL 1.1.1 is 1..99, where fatal reasons occupy 64..99. For OpenSSL 3.0-dev, the range for the common reason codes was pushed up to 64..99 in an attempt to reduce the conflicts with the ERR_R_LIB_xxx reason codes. Currently existing conflicts in OpenSSL 1.1.1: ERR_R_BUF_LIB and ERR_R_PASSED_INVALID_ARGUMENT have the same code. There are currently no existing conflicts in OpenSSL 3.0-dev, but considering that ERR_LIB_HTTP is 61, a few more modules and associated ERR_R_LIB_xxx are going to sniff awfully close to 64, where the common ERR_R_ codes currently start. To avoid these range conflicts, the strategy to recognise common reason codes is change to depend on a reason flag, ERR_RFLAG_COMMON, and the common error codes themselves have moved start at 256, giving them the potential range 256..2^18-1, and thus allowing ERR_R_LIB_xxx the full range of library codes, 1..255. The dual purpose ERR_R_FATAL is also handled in this change, by allowing the rflags and reason codes to overlap by 1 bit, and make both ERR_R_FATAL and ERR_RFLAG_FATAL have the same value, 2^18. With this change, there's no need to worry about reason code conflicts any more, every library specific range as well as the common range is 1..2^18-1. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13093)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13092)
-
由 Richard Levitte 提交于
This makes use of the writer filters in OpenSSL::Ordinals. Fixes #10395 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13092)
-
由 Richard Levitte 提交于
OpenSSL::Ordinals::rewrite() and OpenSSL::Ordinals::write() now take options, that are simply passed to OpenSSL::Ordinals::items(). The 'sort' option is forbidden, though, since write() already uses it, but that means it's possible to filter the output. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13092)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/13097)
-
由 Randall S. Becker 提交于
CLA: trivial Fixes #12996 Signed-off-by: NRandall S. Becker <rsbecker@nexbridge.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13036)
-
- 08 10月, 2020 14 次提交
-
-
由 Daniel Bevenius 提交于
This commit sets the error mark before calling old_priv_decode and if old_priv_decode returns false, and if EVP_PKCS82PKEY is successful, the errors are popped to the previously set mark. The motivation for this is an issue we found when linking Node.js against OpenSSL 3.0. Details can be found in the link below and the test case provided in this commit attempts cover this. Refs: https://github.com/danbev/learning-libcrypto#asn1-wrong-tag-issue Refs: https://github.com/nodejs/node/issues/29817Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13073)
-
由 Dmitry Belyavskiy 提交于
Fixes #13082 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13087)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13087)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13045)
-
由 André Klitzing 提交于
This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. The user callback can mask that error to retrieve additional error information. So the user application can decide to abort the connection instead to be forced by openssl. This change in behaviour is backward compatible as user callbacks who don't want to ignore UNABLE_TO_VERIFY_LEAF_SIGNATURE will still abort the connection by default. CLA: trivial Fixes #11297 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13083)
-
由 Matt Caswell 提交于
If an explicit decoder start type was provided then it wasn't being handled correctly in all cases. Specifically if a PEM start type was provided then the decoder would fail. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13050)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13050)
-
由 Matt Caswell 提交于
We were getting confused with DHX parameters and encoding them as PKCS3 DH parameters instead. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13050)
-
由 Jordan Montgomery 提交于
Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Fixes #11139 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13059)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032)
-
由 Richard Levitte 提交于
The build file templates have code to pick up the 'fips' attribute and thereby find out what module is the FIPS without having to resort to ugly hard coding. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032)
-
由 Richard Levitte 提交于
Fixes #12195 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032)
-