- 13 10月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Currently the Configure command only supports passing UNIX style options (`-opt`) to the compiler. Passing Windows style options (`/opt`) yields an error. Fortunately, the compiler accepts both types of options, nevertheless this commit fixes that discrimination of Windows users. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9961)
-
- 12 10月, 2019 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 10月, 2019 10 次提交
-
-
由 Richard Levitte 提交于
Not needed any more, since the presence of the OSSL_FUNC_CIPHER_CIPHER function is enough to tell that there's a custom cipher function. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10137)
-
由 Richard Levitte 提交于
This involves gcm_cipher() (providers/common/ciphers/cipher_gcm.c), ccm_cipher() (providers/common/ciphers/cipher_ccm.c), and tdes_wrap_cipher() (providers/common/ciphers/cipher_tdes_wrap.c) These are generic implementations of the OSSL_FUNC_CIPHER_CIPHER function, which returned -1 on error when they should return 0. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10137)
-
由 Richard Levitte 提交于
EVP_Cipher() would return whatever ctx->cipher->ccipher() returned with no regard for historical semantics. We change this to first look if there is a ctx->cipher->ccipher(), and in that case we treat the implementation as one with a custom cipher, and "translate" it's return value like this: 0 => -1, 1 => outl, where |outl| is the output length. If there is no ctx->cipher->ccipher, we treat the implementation as one without a custom cipher, call ctx->cipher->cupdate or ctx->cipher->cfinal depending on input, and return whatever they return (0 or 1). Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the flags to be returned if there is a cipher->ccipher. That way, provided implementations never have to set that flag themselves, all they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10137)
-
由 Richard Levitte 提交于
OpenSSL uses some POD directives masquerading as 'comment' ('=for comment' etc). This is abusive and confusing. Instead, we use our own keyword. =for openssl whatever =begin openssl whatever =end openssl (we have never used the multiline form, but might start one day) Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10048)
-
由 Matt Caswell 提交于
If an EVP_MD_CTX is initialised with EVP_DigestSignInit_ex() or EVP_DigestVerifyInit_ex() it should work with an MD BIO to provide the "Updates". Test that this is the case. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10116)
-
由 Matt Caswell 提交于
Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for EVP_DigestUpdate. They are now separate functions. Unfortunately some code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with EVP_DigestUpdate. For example the dgst app uses an MD bio which always calls EVP_DigestUpdate(). However the dgst app supports signing instead of digesting and may initialise with EVP_DigestSignInit_ex() instead of just EVP_DigestInit(). We now detect these differences and redirect to the correct function where appropriate. Fixes #10114 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10116)
-
由 Matt Caswell 提交于
There is no need for us to be diving inside the EVP_MD_CTX in the implementation of an MD BIO. We can just use public APIs. By doing this certain calls (such as getting the MD out of the BIO were not working correctly) where providers are in use. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10116)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10148)
-
由 Richard Levitte 提交于
This is a flag that has lost its relevance. The new mechanism to do the same thing is to fetch the needed digest explicitly with "-fips" as property query, i.e. we remove any requirement for that property to be set when fetching, even if the default property query string requires its presence. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10138)
-
由 Viktor Szakats 提交于
On systems with undefined AI_ADDRCONFIG and AI_NUMERICHOST: x86_64-w64-mingw32-gcc -I. -Icrypto/include -Iinclude -m64 -Wall -O3 -fno-ident ... crypto/bio/b_addr.c: In function 'BIO_lookup_ex': crypto/bio/b_addr.c:699:7: warning: label 'retry' defined but not used [-Wunused-label] retry: ^~~~~ Regression from: 3f91ede9Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9856)
-
- 10 10月, 2019 16 次提交
-
-
由 Artiom Vaskov 提交于
ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds. Fixes #9869 CLA:trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9878) (cherry picked from commit d8e8ed0220f0656a6e7e384ef4d7e1757b48fd95)
-
由 Richard Levitte 提交于
providers/default/defltprov.c and providers/legacy/legacyprov.c are moved up to providers/ and providers/build.info is adjusted accordingly. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
The end up in providers/common/include/prov/. All inclusions are adjusted accordingly. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
New name is providers/implementations/include/prov/implementations.h All inclusions are adapted accordingly. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
From providers/{common,default}/ to providers/implementations/ Except for common code, which remains in providers/common/ciphers/. However, we do move providers/common/include/internal/ciphers/*.h to providers/common/include/prov/, and adjust all source including any of those header files. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
From providers/{common,default,legacy}/ to providers/implementations/ However, providers/common/digests/digest_common.c stays where it is, because it's support code rather than an implementation. To better support all kinds of implementations with common code, we add the library providers/libcommon.a. Code that ends up in this library must be FIPS agnostic. While we're moving things around, though, we move digestscommon.h from providers/common/include/internal to providers/common/include/prov, thereby starting on a provider specific include structure, which follows the line of thoughts of the recent header file reorganization. We modify the affected '#include "internal/something.h"' to '#include "prov/something.h"'. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
From providers/default/ to providers/implementations/ Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
From providers/common/ to providers/implementations/ Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
We put almost everything in these internal static libraries: libcommon Block building code that can be used by all our implementations, legacy and non-legacy alike. libimplementations All non-legacy algorithm implementations and only them. All the code that ends up here is agnostic to the definitions of FIPS_MODE. liblegacy All legacy implementations. libnonfips Support code for the algorithm implementations. Built with FIPS_MODE undefined. Any code that checks that FIPS_MODE isn't defined must end up in this library. libfips Support code for the algorithm implementations. Built with FIPS_MODE defined. Any code that checks that FIPS_MODE is defined must end up in this library. The FIPS provider module is built from providers/fips/*.c and linked with libimplementations, libcommon and libfips. The Legacy provider module is built from providers/legacy/*.c and linked with liblegacy, libcommon and libcrypto. If module building is disabled, the object files from liblegacy and libcommon are added to libcrypto and the Legacy provider becomes a built-in provider. The Default provider module is built-in, so it ends up being linked with libimplementations, libcommon and libnonfips. For libcrypto in form of static library, the object files from those other libraries are simply being added to libcrypto. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
Added functionality to use static libraries as source for other libraries. When done this way, the target library will use the object files from the sourced static libraries, making the sourced libraries work as "containers" for object files. We also need to make sure that the Unix Makefile template knows how to deal with shared libraries and modules that depend on static libraries. That's new situation we haven't had before. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
The dependency resolution is made uniquely to resolve proper library order when linking a program, a module or a shared library. resolvedepends() did a little too much at once, so it's now reduced to only collect dependencies (and is renamed to collectdepends()), while a new function, expanddepends(), expands a list of dependency to insure that dependent libraries are present after depending libraries, and finally there is reducedepends() which removes unnecessary duplicates, leaving only the last one. resolvedepends() is now a simple utility routine that calls the three mentioned above in correct order. As part of this, we implement weak dependencies through the 'weak' build.info attribute. This is meant to cause a specific order between libraries without requiring that they are all present. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
We want to attach attributes on dependencies. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Richard Levitte 提交于
The build.info grammar's regular expressions were a horrible read. By assigning certain sub-expressions to variables, we hope to make it a little more readable. Also, the handling of build.info attributes is reworked to use a common function instead of having copies of the same code. Finally, the attributes are reorganized to specify if they belong with programs, libraries, modules or scripts. This will enable more intricate attribute assignment in changes to come. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
-
由 Rich Salz 提交于
Also added blanks lines after declarations in a couple of places. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
-
由 Rich Salz 提交于
Always refer to openssl.pod instead of repeating the same description everywhere. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10126)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10121)
-
- 09 10月, 2019 12 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10101)
-
由 Richard Levitte 提交于
It's a separate script, not an openssl sub-command Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Normalise on L<openssl-cmd(1)> over L<cmd(1)> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Make replacables italic, change '-rand' to '-r', fix links. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Better synopsis for 'openssl dgst' and 'openssl enc', correct names for 'openssl rehash' ('c_rehash' is mentioned there too), correct option end marker for 'openssl verify', and finally, refer to sub-commands as sub-commands. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
"gost" was called "ccgost". "rsax" was treated like literal input rather than an engine name. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure they are refered to like that and not just as the sub-command. Self-references are avoided as much as is possible, and replaced with "this command". In some cases, we even avoid that with a slight rewrite of the sentence or paragrah they were in. However, in the few cases where a self-reference is still admissible, they are done in bold, i.e. openssl-speed.pod references itself like this: B<openssl speed> References to other commands are done as manual links, i.e. CA.pl.pod references 'openssl req' like this: L<openssl-req(1)> Some commands are examples rather than references; we enclose those in C<>. While we are it, we abolish "utility", replacing it with "command", or remove it entirely in some cases. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Quite a lot of replacables were still bold, and some options were mentioned without a beginning dash. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-
由 Richard Levitte 提交于
Ellipses were used to express that the '-rand' value can specify multiple files, like this: B<-rand> I<file...> Because there are conventions around ellipses, this becomes confusing, because '-rand file...' is normally intepreted to mean that '-rand file1 file2 file3' would be processed as three randomness files, which makes no sense. Rather than making things complicated with more elaborate syntax, we change it to: B<-rand> I<files> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065)
-