- 17 10月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
'git push --follow-tags' does a little too much, any spurious tag object that the releaser have in their local repository will come along, even though they have nothing to do with the commits being pushed. Therefore, we modify the instructions to show a separate and explicit push of the release tag. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13159)
-
由 Richard Levitte 提交于
In the interest of finding out what went wrong with a test by looking at its output, tconversion.pl is modified to take arguments in option form, and gets an additional -prefix option that callers can use to ensure output files are uniquely named. Test recipes are modified to use these new options. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13147)
-
- 16 10月, 2020 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136)
-
由 Matt Caswell 提交于
The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY in the "other" parameter: /* Temporary DH key */ # define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) In most places this is what is passed. All these places occur server side. However there is one client side call of this security operation and it passes a DH object instead. This is incorrect according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other locations. Our own default security callback, and the debug callback in the apps, never look at this value and therefore this issue was never noticed previously. In theory a client side application could be relying on this behaviour and could be broken by this change. This is probably fairly unlikely but can't be ruled out. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136)
-
由 Matt Caswell 提交于
We create a new file ssl/tls_depr.c to contain functions that need to call deprecated APIs in libssl. This enables us to remove OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files. The deprecated API usage is either related to ENGINEs and is needed to continue to support applications that use such ENGINEs. Or they are needed to support some deprecated public libssl APIs. One other file remains in libssl that still uses deprecated APIs: s3_cbc.c This is needed to support the deprecated SSLv3. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13135)
-
由 Randall S. Becker 提交于
This include is required for c99 on the NonStop TNS/X platform. CLA: trivial Fixes #13102 Signed-off-by: NRandall S. Becker <rsbecker@nexbridge.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13103)
-
由 Pauli 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13084)
-
由 Pauli 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13084)
-
- 15 10月, 2020 12 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
-
由 Matt Caswell 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
-
由 Matt Caswell 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13144)
-
由 Akshit Akhoury 提交于
CLA: trivial Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13062)
-
由 Dr. Matthias St. Pierre 提交于
This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
-
由 Dr. Matthias St. Pierre 提交于
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
-
由 Matt Caswell 提交于
These were previously added as an internal API. But since the CMS code needs them, other code might do too. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
由 Matt Caswell 提交于
Fixes #12983 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
由 Matt Caswell 提交于
Low level algorithm implementations have no business knowing about details of the higher level CMS concept. This knowledge is therefore moved into the CMS layer. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
由 Matt Caswell 提交于
There is a large amount of CMS sepcific code in the algorithms. This is in the wrong place and breaks layering. This code should be in the CMS layer. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
由 Matt Caswell 提交于
There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to break layering. Algorithms really have no business knowing anything about CMS. Really it should be the other way around. Where there is algorithm specific CMS code it is the CMS layer that should know how to handle different algorithms. Therefore we move this code into the CMS layer. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
由 Matt Caswell 提交于
We were downgrading a key in the CMS code. This is no longer necessary. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
-
- 14 10月, 2020 10 次提交
-
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Note that with this commit the optional parameter is introduced, but libssl still ignores it. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
-
由 Kurt Roeckx 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #13085
-
由 Yury Is 提交于
Several embedded toolchains may provide dummy implemented getentropy() function which always returns -1 and sets errno to the ENOSYS. As a result the function SSL_CTX_new() fails to create a new context. Fixes #13002 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13114)
-
由 Randall S. Becker 提交于
The default settings are now IEEE float. CLA: Permission is granted by the author to the ITUGLIB team to use these modifications. Fixes #12919 Signed-off-by: NRandall S. Becker <rsbecker@nexbridge.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13108)
-
- 13 10月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
The temporary copy that's made didn't have a lock, which could end up with a crash. We now handle locks a bit better, and take extra care to lock it and keep track of which lock is used where and which lock is thrown away. Fixes #12876 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12978)
-
由 Ikko Ashimine 提交于
orignal -> original CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13111)
-
- 12 10月, 2020 8 次提交
-
-
由 Rainer Jung 提交于
In OpenSSL 1.1.1 the script run_tests.pl has an effectiver workaround to fall back to Test::Harness, if TAP::Harness is not available. That code has substantially changed, but it seems it should still fall back but doesn't. Observed on SuSE Linux Enterprise Server 11 (SLES11). Error messages: Can't locate TAP/Parser.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 131. and Can't locate TAP/Harness.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 215. Concerning the fix: the docs for parent.pm show, that without the "-norequire" it puts the require statement in a BEGIN block which probably runs before the eval, to the loading is no longer encapsulated by the eval. Without the additional require line, the loading doesn't happen at all, so the availability testing fails. Combining the "-norequire" and an explicit "require" worked for me. Tested on the original problem platform SLES 11, but also on SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12500)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
This makes it possible to easily deprecated selections of PEM functions. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
This makes it possible to easily deprecated selections of ASN1 functions. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
The triggering macro that decides if a symbol is to be considered deprecated is OPENSSL_NO_DEPRECATEDIN_x_y[_z]. OpenSSL::ParseC renames any OPENSSL_NO_DEPRECATED_x_y[_z] by inserting "IN". Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
As opposed to DEPRECATEDIN_{major}_{minor}(), any use of these macros must be guarded with a corresponding OPENSSL_NO_DEPRECATED_{major}_{minor}: #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); #endif Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-
由 Richard Levitte 提交于
It turns out that they have __declspec(deprecated) that correspond pretty much to GCC's __attribute__((deprecated)), including for messages. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
-