#
b4780134 |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in asn1.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in asn1.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
24c4ea95 |
| 03-Sep-2020 |
Matt Caswell |
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
e144fd36 |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509v3.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull
Fix safestack issues in x509v3.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
e6623cfb |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
6ac1cd10 |
| 02-Sep-2020 |
Matt Caswell |
Fix safestack issues in ssl.h We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app
Fix safestack issues in ssl.h We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app does not otherwise need to link against libcrypto). See issue #8102 - Recent changes means that applications in no-deprecated builds will need to include additional macro calls in the source code for all stacks that they need to use - which is an API break. This changes avoids that necessity. - It is not possible to write code using stacks that works in both a no-deprecated and a normal build of OpenSSL. See issue #12707. Fixes #12707 Contains a partial fix for #8102. A similar PR will be needed for hash to fully fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
77ae4f6f |
| 22-Apr-2020 |
Pauli |
engines: fixed to work with EVP_*_meth calls deprecated Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082)
|
#
31214258 |
| 29-Jun-2020 |
Rich Salz |
Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in
Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12235)
show more ...
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
46994f71 |
| 11-Dec-2019 |
Richard Levitte |
Add better support for using deprecated symbols internally OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the deprecation macros not to add the warning attribute. Howeve
Add better support for using deprecated symbols internally OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the deprecation macros not to add the warning attribute. However, with 'no-deprecated', the symbols are still removed entirely, while we might still want to use them internally. The solution is to permit <openssl/opensslconf.h> macros to be modified internally, such as undefining OPENSSL_NO_DEPRECATED in this case. However, with the way <openssl/opensslconf.h> includes <openssl/macros.h>, that's easier said than done. That's solved by generating <openssl/configuration.h> instead, and add a new <openssl/opensslconf.h> that includes <openssl/configuration.h> as well as <openssl/macros.h>, thus allowing to replace an inclusion of <openssl/opensslconf.h> with this: #include <openssl/configuration.h> #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED #include <openssl/macros.h> Or simply add the following prior to any other openssl inclusion: #include <openssl/configuration.h> #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED Note that undefining OPENSSL_NO_DEPRECATED must never be done by applications, since the symbols must still be exported by the library. Internal test programs are excempt of this rule, though. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10608)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
df8f116e |
| 31-Aug-2016 |
Richard Levitte |
Add doc/build.info to build the documentation This build.info is entirely generated when configuring Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
Add doc/build.info to build the documentation This build.info is entirely generated when configuring Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6236)
show more ...
|
#
9fcb9702 |
| 12-Oct-2019 |
Rich Salz |
Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca
Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159)
show more ...
|
#
f3866324 |
| 17-Oct-2019 |
Richard Levitte |
Generate include/openssl/opensslv.h The added benefit is that the result becomes much simple, and easier to digest for those that still rely on the pre-3.0 opensslv.h contents.
Generate include/openssl/opensslv.h The added benefit is that the result becomes much simple, and easier to digest for those that still rely on the pre-3.0 opensslv.h contents. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
show more ...
|
#
70d96753 |
| 13-Oct-2019 |
Richard Levitte |
Building: Add modules with DEPENDs to GENERATEd files For files GENERATEd from templates (.in files), any perl module (.pm file) that the file depends on will automatically be used.
Building: Add modules with DEPENDs to GENERATEd files For files GENERATEd from templates (.in files), any perl module (.pm file) that the file depends on will automatically be used. This means that these two lines: GENERATE[foo]=foo.in DEPEND[foo]=whatever.pm will emit this command in a Makefile (or corresponding): foo: foo.in whatever.pm configdata.pm $(PERL) -I. -Ipathto -Mwhatever -Mconfigdata $(SRCDIR)/util/dofile.pl \\ foo.in > foo Note that configdata.pm is automatically added, since util/dofile.pl itself depends on it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10162)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
16da72a8 |
| 19-Apr-2019 |
Matt Caswell |
Move where include path for providers/common/include gets specified Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
|
#
861b8f87 |
| 03-Apr-2019 |
Matt Caswell |
Add the provider_algs.h internal header file Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8700)
|
#
8a73348b |
| 13-Mar-2019 |
Matt Caswell |
Add a skeleton default provider Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
|
#
f5fb6f05 |
| 23-Oct-2018 |
Richard Levitte |
Rework building: Get rid of old %unified_info structures Now that we have the names of libraries on different systems established through platform modules, we can remove the old structur
Rework building: Get rid of old %unified_info structures Now that we have the names of libraries on different systems established through platform modules, we can remove the old structure to establish the same thing, i.e. $unified_info{sharednames} and $unified_info{rename}. That means removing support for the RENAME and SHARED_NAME keywords in build.info as well. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7473)
show more ...
|
#
3a63dbef |
| 27-Sep-2018 |
Richard Levitte |
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev We're strictly use version numbers of the form MAJOR.MINOR.PATCH. Letter releases are things of days past. The most
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev We're strictly use version numbers of the form MAJOR.MINOR.PATCH. Letter releases are things of days past. The most central change is that we now express the version number with three macros, one for each part of the version number: OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR OPENSSL_VERSION_PATCH We also provide two additional macros to express pre-release and build metadata information (also specified in semantic versioning): OPENSSL_VERSION_PRE_RELEASE OPENSSL_VERSION_BUILD_METADATA To get the library's idea of all those values, we introduce the following functions: unsigned int OPENSSL_version_major(void); unsigned int OPENSSL_version_minor(void); unsigned int OPENSSL_version_patch(void); const char *OPENSSL_version_pre_release(void); const char *OPENSSL_version_build_metadata(void); Additionally, for shared library versioning (which is out of scope in semantic versioning, but that we still need): OPENSSL_SHLIB_VERSION We also provide a macro that contains the release date. This is not part of the version number, but is extra information that we want to be able to display: OPENSSL_RELEASE_DATE Finally, also provide the following convenience functions: const char *OPENSSL_version_text(void); const char *OPENSSL_version_text_full(void); The following macros and functions are deprecated, and while currently existing for backward compatibility, they are expected to disappear: OPENSSL_VERSION_NUMBER OPENSSL_VERSION_TEXT OPENSSL_VERSION OpenSSL_version_num() OpenSSL_version() Also, this function is introduced to replace OpenSSL_version() for all indexes except for OPENSSL_VERSION: OPENSSL_info() For configuration, the option 'newversion-only' is added to disable all the macros and functions that are mentioned as deprecated above. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7724)
show more ...
|
#
547a3320 |
| 02-Dec-2018 |
Richard Levitte |
Doc: add doc/man7/openssl_user_macros.pod.in This manual is a start to describe macros that users can use to affect what symbols are exported by the public header files. Because
Doc: add doc/man7/openssl_user_macros.pod.in This manual is a start to describe macros that users can use to affect what symbols are exported by the public header files. Because the macro OPENSSL_API_COMPAT has a default that's affected by configuration choices, we must make it a generated manual. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7742)
show more ...
|
#
75d47db4 |
| 03-Nov-2018 |
Richard Levitte |
Simplify the processing of skipped source directories We kept a number of arrays of directory names to keep track of exactly which directories to look for build.info. Some of these had
Simplify the processing of skipped source directories We kept a number of arrays of directory names to keep track of exactly which directories to look for build.info. Some of these had the extra function to hold the directories to actually build. With the added SUBDIRS keyword, these arrays are no longer needed. The logic for skipping certain directories needs to be kept, though. That is now very much simplified, and is made opportunistic. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7558)
show more ...
|
#
9654924f |
| 03-Nov-2018 |
Richard Levitte |
Add SUBDIRS settings in relevant build.info files Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7558)
|
#
8effd8fa |
| 14-Sep-2018 |
Richard Levitte |
Refactor util/mkdef.pl for clearer separation of functionality Move the .num updating functionality to util/mknum.pl. Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively
Refactor util/mkdef.pl for clearer separation of functionality Move the .num updating functionality to util/mknum.pl. Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively, using the separate ordinals reading module. Adapt the build files. Adapt the symbol presence test. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
show more ...
|
#
ef2dfc99 |
| 30-Sep-2018 |
Richard Levitte |
Refactor linker script generation The generation of linker scripts was badly balanced, as all sorts of platform dependent stuff went into the top build.info, when that part should re
Refactor linker script generation The generation of linker scripts was badly balanced, as all sorts of platform dependent stuff went into the top build.info, when that part should really be made as simply and generic as possible. Therefore, we move a lot of the "magic" to the build files templates, since they are the place for platform dependent things. What remains is to parametrize just enough in the build.info file to generate the linker scripts correctly for each associated library. "linker script" is a term usually reserved for certain Unix linkers. However, we only use them to say what symbols should be exported, so we use the term loosely for all platforms. The internal extension is '.ld', and is changed by the build file templates as appropriate for each target platform. Note that this adds extra meaning to the value of the shared_target attribute. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7333)
show more ...
|
#
d3273ef6 |
| 11-Jun-2018 |
Andy Polyakov |
Configurations/10-main.conf: replace -bexpall with explicit list on AIX. [omit even -b:SRE, as it's implied by -G flag.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from
Configurations/10-main.conf: replace -bexpall with explicit list on AIX. [omit even -b:SRE, as it's implied by -G flag.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6453)
show more ...
|
#
a7956a2c |
| 17-Dec-2017 |
Richard Levitte |
VMS build.info: uppercase args to perl modules must be quoted This is because VMS perl will otherwise lowercase them Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from http
VMS build.info: uppercase args to perl modules must be quoted This is because VMS perl will otherwise lowercase them Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4946)
show more ...
|