20d7295 | Matt Caswell | 05 November 2020, 14:03:50 UTC | Prepare for release of 3.0 alpha 8 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 05 November 2020, 14:03:50 UTC |
29d3af0 | Matt Caswell | 05 November 2020, 13:37:26 UTC | Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13324) | 05 November 2020, 13:37:26 UTC |
649bd87 | Pauli | 04 November 2020, 02:31:19 UTC | defltprov: remove duplicate algorithm names. Ed25519 and Ed448 contained aliases that were the same as the primary name. This removes the aliases leaving ED25519 and ED448 as the canonical names. Matching is case insensitive, so no functionality is lost. The FIPS provider didn't include the duplicates. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13308) | 05 November 2020, 08:54:20 UTC |
9750b4d | Randall S. Becker | 29 October 2020, 15:17:25 UTC | Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c. These methods should ultimately be deprecated. The move is to insulate non-UNIX platforms from these undefined symbols. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13273 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13276) | 04 November 2020, 16:02:38 UTC |
23fb366 | Hu Keping | 03 November 2020, 20:14:36 UTC | Do not export the submodules gost-engine Remove gost-engine from the distribution tarball. Signed-off-by: Hu Keping <hukeping@huawei.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13301) | 04 November 2020, 13:09:25 UTC |
3ee3c4d | Ichinose Shogo | 01 November 2020, 06:14:02 UTC | fix typo in README CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13289) | 03 November 2020, 16:58:12 UTC |
e7a8fec | Benjamin Kaduk | 26 October 2020, 19:20:31 UTC | Add more diagnostics to ossl_shim We had several cases where the connection failed but we did not have an error message to differentiate which failure condition had been triggered. Add some more messages to help clarify what is going wrong. [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13251) | 02 November 2020, 19:28:24 UTC |
467dc32 | Benjamin Kaduk | 26 October 2020, 19:35:55 UTC | Adjust error reason for ssl_get_min_max_version() failure Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR, to match what the BoringSSL tests expect for this case. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13251) | 02 November 2020, 19:28:24 UTC |
a92c964 | Benjamin Kaduk | 26 October 2020, 19:30:16 UTC | Clear error queue entries from bad DLTS records DTLS by design ignores records/packets with bad MAC or failed AEAD tag validation. However, recent changes to have provided cipher implementations caused tls1_enc() to leave an entry on the error queue for invalid GCM tags, e.g.: 800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306 The BoringSSL tests check for entries on the error queue with SSL_get_error() and so we were seeing spurious test failures due to the additional item on the error queue. To avoid leaving such spurious entries on the error queue, set a mark before calling the ssl3_enc 'enc' method, and pop to that mark before ignoring invalid packets. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13251) | 02 November 2020, 19:28:24 UTC |
3d7e7e7 | jwalch | 29 October 2020, 17:32:49 UTC | Prevent potential UAF in init_thread_deregister() I discovered the potential for use-after-free on glob_tevent_reg & its members in this function as a consequence of some static (de-)initialization fiasco in C++ client code. Long story short, an EVP_PKEY_free() was happening after OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't actually being used after cleanup, it was basically just an ordering issue. Obviously the application behavior here is somewhat suspect, but IMO is basically benign. Crashing (most typical outcome of a UAF) doesn't seem the optimal response. At any rate, the issue can be avoided (at least with regard to this function) by simply updating the pointer to NULL rather than leaving it pointing to the freed memory, as is the typical practice. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13267) | 02 November 2020, 17:03:22 UTC |
d1ca391 | Daniel Bevenius | 30 October 2020, 12:34:06 UTC | EVP: Fix typo in EVP_PKEY_gen comment Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13282) | 02 November 2020, 15:35:16 UTC |
3d4c81b | jwalch | 29 October 2020, 18:05:19 UTC | Initialize outl in evp_enc.c to 0, protect against NULL Fixes #12734 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13268) | 02 November 2020, 15:32:19 UTC |
8ea761b | Shane Lontis | 29 October 2020, 08:20:36 UTC | Add AES KW inverse ciphers to the EVP layer Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13272) | 01 November 2020, 23:22:14 UTC |
769302a | Randall S. Becker | 29 October 2020, 15:37:05 UTC | Remove FLOSS from all OSS builds on NonStop except for SPT threading. The Standard POSIX Threads (SPT) implementation hangs in some test cases if FLOSS is not used. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13277 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13279) | 01 November 2020, 05:27:09 UTC |
0831271 | Richard Levitte | 30 October 2020, 12:16:46 UTC | test/recipes/90-test_shlibload.t: Skip when address sanitizer enabled Because this test loads the shared libraries dynamically, there are cases where that results in errors because the ASAN library wasn't loaded first. That makes this test unsuitable in an ASAN build. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13281) | 01 November 2020, 05:01:09 UTC |
3b1bfd2 | Richard Levitte | 26 October 2020, 17:38:35 UTC | util/find-doc-nits: ignore OSSL_DEPRECATED*, alongside other reserved symbols Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13240) | 01 November 2020, 04:57:42 UTC |
d14e7df | Richard Levitte | 25 October 2020, 11:20:13 UTC | Simplify and clarify doc/internal/man7/deprecation.pod doc/internal/man7/deprecation.pod was unclear in some areas, and included general documentation that has no place there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13240) | 01 November 2020, 04:57:42 UTC |
908cf7c | jwalch | 29 October 2020, 14:52:52 UTC | Patch leak in EVP_PKEY2PKCS8() error path Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13278) | 30 October 2020, 19:38:25 UTC |
62a3614 | Matt Caswell | 23 October 2020, 13:26:48 UTC | Allow empty deprecation macros to be passed as macro arguments The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to be passed as a parameter to the various PEM declaration macros. However, in some cases OSSL_DEPRECATEDIN_3_0 is defined to be empty, and it is not allowed to pass empty macro arguments in C90. Therefore we ensure these macros are always defined. In the case where they were empty previously we use a no-op value instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13227) | 30 October 2020, 14:56:29 UTC |
e82f459 | Matt Caswell | 29 October 2020, 12:46:28 UTC | Fix some missed usage of DEFINE_LHASH_OF() PR#12860 fixed issues with the Lhash code. It replaced usage of DEFINE_LHASH_OF() in the public headers. Unfortunately it missed a couple of instances. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13274) | 30 October 2020, 14:24:30 UTC |
140eee2 | Richard Levitte | 09 October 2020, 11:02:58 UTC | Add easy to digest selector macros for EVP_PKEYs These are meant to be used with functions like OSSL_ENCODER_CTX_new_by_EVP_PKEY() The OSSL_ENCODER_CTX_new_by_EVP_PKEY() manual is also expanded on the topics of output types and selections. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13189) | 30 October 2020, 12:09:52 UTC |
f792893 | Richard Levitte | 28 October 2020, 18:15:40 UTC | test/recipes/15-test_gendh.t: don't try DER params There is no option to output DH params in DER form. -outform doesn't apply to -genparam with 'openssl genpkey', and it shouldn't. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13266) | 30 October 2020, 12:07:38 UTC |
231849b | Benjamin Kaduk | 27 September 2020, 22:01:12 UTC | Unify ssl3_get_cipher_by_std_name() implementation The handling for the SCSVs was the same as for regular ciphers; just merge them into the same table-driven handler. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13010) | 29 October 2020, 20:10:51 UTC |
fcf6e9d | Ard Biesheuvel | 27 October 2020, 17:02:40 UTC | crypto/poly1305/asm: fix armv8 pointer authentication PAC pointer authentication signs the return address against the value of the stack pointer, to prevent stack overrun exploits from corrupting the control flow. However, this requires that the AUTIASP is issued with SP holding the same value as it held when the PAC value was generated. The Poly1305 armv8 code got this wrong, resulting in crashes on PAC capable hardware. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13256) | 29 October 2020, 16:17:21 UTC |
728d03b | Pauli | 28 October 2020, 09:35:38 UTC | afalg: add a NULL pointer check Fixes #13260 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13261) | 29 October 2020, 13:38:03 UTC |
648cf92 | Randall S. Becker | 24 October 2020, 21:58:27 UTC | Rewrite the HPE NonStop Notes file in Markdown with more explanations. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13237 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13238) | 28 October 2020, 16:18:26 UTC |
28e1d58 | Richard Levitte | 15 October 2020, 05:14:16 UTC | DH: stop setting the private key length arbitrarily The private key length is supposed to be a user settable parameter. We do check if it's set or not, and if not, we do apply defaults. Fixes #12071 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13140) | 27 October 2020, 14:13:54 UTC |
09803e9 | Richard Levitte | 23 October 2020, 01:05:49 UTC | configdata.pm.in, util/dofile.pl: Make a HERE document stricter. Fixes #13221 Fixes #12743 Fixes #12078 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13225) | 27 October 2020, 09:17:19 UTC |
5723a8e | Shane Lontis | 22 October 2020, 01:07:58 UTC | Fix sparc t4 build error 'undefined symbol: cipher_hw_generic_cbc' cipher_hw_generic_##mode has been renamed to ossl_cipher_hw_generic_##mode. There were a few missing renames for t4 in .inc files. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13213) | 27 October 2020, 05:32:59 UTC |
47b422c | Matt Caswell | 22 October 2020, 12:53:27 UTC | Ensure we raise SSLfatal on error We were missing a call to SSLfatal. A comment claimed that we had already called it - but that is incorrect. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13229) | 26 October 2020, 16:07:20 UTC |
22dddfb | Richard Levitte | 24 October 2020, 14:31:57 UTC | APPS: Remove the format argument where it's not used Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13236) | 26 October 2020, 08:43:39 UTC |
b6120b5 | Kan | 20 September 2020, 16:27:29 UTC | Add parentheses to fix PCLINT Info:773 Fixes #7930 CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12927) | 26 October 2020, 05:23:55 UTC |
d1fb6b4 | Nicola Tuveri | 20 October 2020, 22:38:44 UTC | Constify OSSL_FUNC_keymgmt_validate() The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13201) | 23 October 2020, 14:54:40 UTC |
85209c0 | Pauli | 20 October 2020, 12:15:10 UTC | Remove EVP_aes_(128|192|256)_siv functions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13195) | 22 October 2020, 12:35:26 UTC |
fc1ccdf | Pauli | 21 October 2020, 04:30:31 UTC | enc: change the text to reference `-list` instead of the deprecated `-ciphers` Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13204) | 22 October 2020, 12:27:10 UTC |
a49d0a4 | Shane Lontis | 13 October 2020, 04:33:01 UTC | Rename EVP_KDF_reset() to EVP_KDF_CTX_reset(). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13116) | 22 October 2020, 10:47:02 UTC |
1ba2123 | Shane Lontis | 13 October 2020, 04:30:12 UTC | Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size(). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13116) | 22 October 2020, 10:47:02 UTC |
90a2576 | Shane Lontis | 13 October 2020, 04:22:17 UTC | Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size(). Fixes #11320 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13116) | 22 October 2020, 10:47:02 UTC |
4244504 | Shane Lontis | 21 October 2020, 00:57:52 UTC | Remove ossl_prov_util_nid_to_name() This removes a TODO. This function is not needed since any place that needs to do the conversion normally has a special case name2nid table. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13202) | 22 October 2020, 10:42:42 UTC |
3d91418 | Nicola Tuveri | 20 October 2020, 22:02:04 UTC | Constify OSSL_FUNC_keymgmt_has() The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13200) | 22 October 2020, 02:27:39 UTC |
a135948 | Romain Geissler | 02 October 2020, 00:07:32 UTC | Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464) This tries to fix the following link errors on aarch64 when using OpenSSL 3.0.0 alpha 6, compiling it with "no-shared" and -fPIC in CFLAGS, then trying to use the resulting OpenSSL static libraries in the build of elfutils, which embed libcrypto.a into libdebuginfo.so, which hides all symbols (except the libdebuginfod ones) by default: /opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): in function `sha1_block_data_order': (.text+0x0): dangerous relocation: unsupported relocation /opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): in function `ChaCha20_ctr32': (.text+0x6c): dangerous relocation: unsupported relocation /opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): in function `sha256_block_data_order': (.text+0x0): dangerous relocation: unsupported relocation /opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): in function `sha512_block_data_order': (.text+0x0): dangerous relocation: unsupported relocation /opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_init': (.text+0x14): dangerous relocation: unsupported relocation /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_emit_neon': (.text+0x8e4): relocation truncated to fit: R_AARCH64_CONDBR19 against symbol `poly1305_emit' defined in .text section in /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o) In poly1305-armv8.pl, hide symbols the same way they are hidden in poly1305-x86_64.pl. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13056) | 22 October 2020, 02:16:49 UTC |
b78c777 | Richard Levitte | 20 October 2020, 09:56:22 UTC | APPS: Implement load_keyparams() to load key parameters 'openssl dsaparam' is affected as an obvious usage example. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13191) | 22 October 2020, 02:14:32 UTC |
f31ac32 | Jeremiah Gowdy | 18 October 2020, 21:12:35 UTC | Implement OpenSSL secure memory for Windows Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13172) | 22 October 2020, 02:11:35 UTC |
0934cf4 | Richard Levitte | 20 October 2020, 16:11:30 UTC | Unexport internal MSBLOB and PVK functions The following internal functions are affected: ossl_do_blob_header ossl_do_PVK_header ossl_b2i ossl_b2i_bio This is reflected by moving include/internal/pem.h to include/crypto/pem.h engines/e_loader_attic gets the source code added to it to have continued access to those functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13195) | 21 October 2020, 19:10:48 UTC |
8300a87 | Richard Levitte | 20 October 2020, 04:48:10 UTC | Work around Windows ftell() bug as per Microsoft engineering's suggestion See https://developercommunity.visualstudio.com/content/problem/425878/fseek-ftell-fail-in-text-mode-for-unix-style-text.html Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13190) | 21 October 2020, 06:02:55 UTC |
0a737e1 | Matt Caswell | 09 October 2020, 15:24:07 UTC | Deprecate EVP_PKEY_set1_tls_encodedpoint() Also deprecate EVP_PKEY_get1_tls_encodedpoint(). The preferred alternative is EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key(). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105) | 20 October 2020, 15:39:41 UTC |
3795b2a | Matt Caswell | 09 October 2020, 14:43:24 UTC | Document EVP_PKEY_set1_encoded_public_key() Also documented EVP_PKEY_get1_encoded_public_key Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105) | 20 October 2020, 15:39:41 UTC |
5ac8fb5 | Matt Caswell | 09 October 2020, 13:19:42 UTC | Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key We do the same thing for the "get1" version. In reality this has broader use than just TLS (it can also be used in CMS), and "encodedpoint" only makes sense when you are talking about EC based algorithms. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105) | 20 October 2020, 15:39:41 UTC |
6a13c9c | xuyunjia | 18 October 2020, 15:33:54 UTC | resolve defects: reverse_inull; row[DB_exp_date] referenced before checking Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13170) | 20 October 2020, 13:15:44 UTC |
ec5059c | XiaokangQian | 13 October 2020, 09:53:58 UTC | Fix Aes-xts potential failure on aarch64 Add return value for aarch64 in the init key function. This will avoid overwriting the stream pointers of aarch64. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13133) | 20 October 2020, 11:45:01 UTC |
6be235a | Jacob Hoffman-Andrews | 13 July 2020, 22:04:04 UTC | Prefix crlNumber output with 0x. When the crlNumber field contains only 0-9 digits, the output is ambiguous as to what base it's in, which can be confusing. Adding this prefix makes it explicit that it's in hex. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12434) | 20 October 2020, 07:27:42 UTC |
1dc5128 | Matt Caswell | 16 October 2020, 16:16:30 UTC | Fix no-dh One of the x509 tests checks to make sure spurious errors don't appear on the stack. The x509 app uses the OSSL_STORE code to load things. The OSSL_STORE code will try various different formats - which results in lots of failures. However those failures are typically suppressed by OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what kind of errors are uninteresting (ASN.1 errors) but gets confused if upper levels of code add additional errors to the stack. This was happening in the DSA code which confused OSSL_STORE and meant the errors were not being suppressed properly - and hence the x509 test failed. Interestingly this only impacts a no-dh build, because in a no-dh build the DSA param decoder suddenly becomes the last to be tried. If it happens earlier in the list the errors end up getting suppressed anyway. The simplest solution is to just to remove the error from the DSA param decoder code. It's not adding any useful information anyway. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13162) | 19 October 2020, 15:11:40 UTC |
ea7277f | Richard Levitte | 15 October 2020, 06:30:49 UTC | TEST: fix the DH tests to reproduce the priv_len settings Some DH tests are done against files generated with '-pkeyopt priv_len:224' This parameter must of course be reproduced when creating the key with EVP_PKEY_fromdata(), or there will be a default that's guaranteed to differ from the key parameters on file. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13166) | 19 October 2020, 10:14:11 UTC |
ee55a20 | Richard Levitte | 15 October 2020, 05:14:16 UTC | DH: have DH_set_length() increment the dirty count. The recommended private key length is a key parameter among other key parameters, and is included in the key data transferred in an import or export between legacy implementations and provider implementations. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13166) | 19 October 2020, 10:14:11 UTC |
0ba71d6 | Richard Levitte | 15 October 2020, 05:10:29 UTC | DH: make the private key length importable / exportable The DH private key length, which is an optional parameter, wasn't properly imported / exported between legacy and provider side implementations. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13166) | 19 October 2020, 10:14:11 UTC |
6c8149d | Dr. Matthias St. Pierre | 17 October 2020, 08:45:49 UTC | Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING Replace [collapsed reference links][] by [shortcut reference links], in order to to improve the readability of the raw markdown text, see also commit d8dc853825 (Change CVE link style in CHANGES and NEWS). [collapsed reference links]: https://github.github.com/gfm/#collapsed-reference-link [shortcut reference links]: https://github.github.com/gfm/#shortcut-reference-link Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13165) | 18 October 2020, 11:28:08 UTC |
84dd002 | Dr. Matthias St. Pierre | 17 October 2020, 08:40:25 UTC | README: make the link to the OpenSSL 3.0 Wiki page more prominent Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13164) | 18 October 2020, 11:24:26 UTC |
9096809 | Richard Levitte | 16 October 2020, 05:58:33 UTC | ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally OSSL_DECODER_CTX_set_params() and OSSL_ENCODER_CTX_set_params() would stop as soon as a decoder / encoder instance failed, which leaves the rest of them with a possibly previous and different value. Instead, these functions will now call them all, but will return 0 if any of the instance calls failed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13156) | 17 October 2020, 09:56:37 UTC |
a1fc464 | Richard Levitte | 16 October 2020, 08:24:18 UTC | dev/release.sh: improve instruction for pushing the tag 'git push --follow-tags' does a little too much, any spurious tag object that the releaser have in their local repository will come along, even though they have nothing to do with the commits being pushed. Therefore, we modify the instructions to show a separate and explicit push of the release tag. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13159) | 17 October 2020, 09:54:34 UTC |
b40498c | Richard Levitte | 15 October 2020, 14:53:29 UTC | TEST: modify tconversion.pl for forensics In the interest of finding out what went wrong with a test by looking at its output, tconversion.pl is modified to take arguments in option form, and gets an additional -prefix option that callers can use to ensure output files are uniquely named. Test recipes are modified to use these new options. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13147) | 16 October 2020, 17:07:20 UTC |
372e72b | Matt Caswell | 15 October 2020, 10:37:38 UTC | Add a CHANGES entry for the SSL_SECOP_TMP_DH change Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136) | 16 October 2020, 13:58:44 UTC |
47e81a1 | Matt Caswell | 14 October 2020, 14:13:28 UTC | Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY in the "other" parameter: /* Temporary DH key */ # define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) In most places this is what is passed. All these places occur server side. However there is one client side call of this security operation and it passes a DH object instead. This is incorrect according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other locations. Our own default security callback, and the debug callback in the apps, never look at this value and therefore this issue was never noticed previously. In theory a client side application could be relying on this behaviour and could be broken by this change. This is probably fairly unlikely but can't be ruled out. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136) | 16 October 2020, 13:58:44 UTC |
301fcb2 | Matt Caswell | 14 October 2020, 09:45:21 UTC | Concentrate deprecated libssl API usage in one file We create a new file ssl/tls_depr.c to contain functions that need to call deprecated APIs in libssl. This enables us to remove OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files. The deprecated API usage is either related to ENGINEs and is needed to continue to support applications that use such ENGINEs. Or they are needed to support some deprecated public libssl APIs. One other file remains in libssl that still uses deprecated APIs: s3_cbc.c This is needed to support the deprecated SSLv3. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13135) | 16 October 2020, 13:47:21 UTC |
192d4b9 | Randall S. Becker | 09 October 2020, 15:27:20 UTC | Fix missing include of string.h in apps/lib/engine.c for strcmp. This include is required for c99 on the NonStop TNS/X platform. CLA: trivial Fixes #13102 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13103) | 16 October 2020, 07:23:35 UTC |
f4bd510 | Pauli | 07 October 2020, 02:19:04 UTC | list: add a -provider-info option. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13084) | 16 October 2020, 00:33:38 UTC |
994a924 | Pauli | 07 October 2020, 02:18:36 UTC | null prov: fix gettable param array type. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13084) | 16 October 2020, 00:33:38 UTC |
e8dca21 | Matt Caswell | 15 October 2020, 13:16:19 UTC | Prepare for 3.0 alpha 8 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> | 15 October 2020, 13:16:19 UTC |
f9a5682 | Matt Caswell | 15 October 2020, 13:15:55 UTC | Prepare for release of 3.0 alpha 7 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> | 15 October 2020, 13:15:55 UTC |
eec0ad1 | Matt Caswell | 15 October 2020, 13:10:06 UTC | Update copyright year Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13144) | 15 October 2020, 13:10:06 UTC |
796948c | Akshit Akhoury | 02 October 2020, 16:58:36 UTC | Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13062) | 15 October 2020, 12:54:21 UTC |
a829b73 | Dr. Matthias St. Pierre | 15 October 2020, 09:55:50 UTC | Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621) | 15 October 2020, 11:00:21 UTC |
b425001 | Dr. Matthias St. Pierre | 15 October 2020, 09:55:50 UTC | Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621) | 15 October 2020, 10:59:53 UTC |
29000e4 | Matt Caswell | 12 October 2020, 16:12:03 UTC | Make evp_pkey_ctx_get0_libctx/propq public API These were previously added as an internal API. But since the CMS code needs them, other code might do too. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:28 UTC |
0d30e15 | Matt Caswell | 06 October 2020, 16:02:45 UTC | Remove some more CMS key downgrades Fixes #12983 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:28 UTC |
7022d9b | Matt Caswell | 07 October 2020, 14:59:28 UTC | Remove CMS recipient info information out of the algorithm implementations Low level algorithm implementations have no business knowing about details of the higher level CMS concept. This knowledge is therefore moved into the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:28 UTC |
9ab7fe4 | Matt Caswell | 07 October 2020, 13:45:22 UTC | Move CMS signing code out of the algorithms and into CMS There is a large amount of CMS sepcific code in the algorithms. This is in the wrong place and breaks layering. This code should be in the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:28 UTC |
0b3a4ef | Matt Caswell | 06 October 2020, 15:02:43 UTC | Move CMS enveloping code out of the algorithms and into CMS There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to break layering. Algorithms really have no business knowing anything about CMS. Really it should be the other way around. Where there is algorithm specific CMS code it is the CMS layer that should know how to handle different algorithms. Therefore we move this code into the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:19 UTC |
99b3b76 | Matt Caswell | 02 October 2020, 10:25:25 UTC | Remove a CMS key downgrade We were downgrading a key in the CMS code. This is no longer necessary. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088) | 15 October 2020, 09:00:19 UTC |
5b70206 | Nicola Tuveri | 28 September 2020, 05:37:13 UTC | [test][tls-provider] Implement KEM algorithm Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:59 UTC |
8b17fba | Nicola Tuveri | 28 September 2020, 01:32:03 UTC | [ssl] Support ssl_encapsulate on server side Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:59 UTC |
a011b58 | Nicola Tuveri | 28 September 2020, 00:45:30 UTC | [ssl] Support ssl_decapsulate on client side Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:59 UTC |
c1a74f5 | Nicola Tuveri | 27 September 2020, 23:16:29 UTC | Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM Note that with this commit the optional parameter is introduced, but libssl still ignores it. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:59 UTC |
ecff43e | Nicola Tuveri | 27 September 2020, 22:58:24 UTC | [test][tls-provider] Add 2nd pluggable tls group for KEM Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:58 UTC |
c8e3a4c | Nicola Tuveri | 27 September 2020, 22:26:41 UTC | [test][sslapitest] Add test for pluggable KEM group Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:58 UTC |
32fea07 | Nicola Tuveri | 27 September 2020, 22:05:27 UTC | [test][tls-provider] Group xor_group properties in a struct Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018) | 14 October 2020, 15:42:58 UTC |
47690cd | Kurt Roeckx | 11 July 2020, 15:17:09 UTC | Use __BYTE_ORDER__ to test the endianness when available Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #13085 | 14 October 2020, 07:51:56 UTC |
8e596a9 | Yury Is | 12 October 2020, 23:24:52 UTC | syscall_random(): don't fail if the getentropy() function is a dummy Several embedded toolchains may provide dummy implemented getentropy() function which always returns -1 and sets errno to the ENOSYS. As a result the function SSL_CTX_new() fails to create a new context. Fixes #13002 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13114) | 14 October 2020, 05:52:39 UTC |
58608c7 | Randall S. Becker | 09 October 2020, 21:17:34 UTC | Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. The default settings are now IEEE float. CLA: Permission is granted by the author to the ITUGLIB team to use these modifications. Fixes #12919 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13108) | 14 October 2020, 02:16:59 UTC |
a815445 | Richard Levitte | 25 September 2020, 07:28:14 UTC | EVP: Take care of locks when downgrading an EVP_PKEY The temporary copy that's made didn't have a lock, which could end up with a crash. We now handle locks a bit better, and take extra care to lock it and keep track of which lock is used where and which lock is thrown away. Fixes #12876 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12978) | 13 October 2020, 04:45:58 UTC |
9f7505a | Ikko Ashimine | 12 October 2020, 15:30:07 UTC | Fixed typo in ssl_lib.c orignal -> original CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13111) | 13 October 2020, 00:06:22 UTC |
c804f29 | Rainer Jung | 21 July 2020, 09:32:02 UTC | Make TAP::Harness and TAP::Parser optional. In OpenSSL 1.1.1 the script run_tests.pl has an effectiver workaround to fall back to Test::Harness, if TAP::Harness is not available. That code has substantially changed, but it seems it should still fall back but doesn't. Observed on SuSE Linux Enterprise Server 11 (SLES11). Error messages: Can't locate TAP/Parser.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 131. and Can't locate TAP/Harness.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20. BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 215. Concerning the fix: the docs for parent.pm show, that without the "-norequire" it puts the require statement in a BEGIN block which probably runs before the eval, to the loading is no longer encapsulated by the eval. Without the additional require line, the loading doesn't happen at all, so the availability testing fails. Combining the "-norequire" and an explicit "require" worked for me. Tested on the original problem platform SLES 11, but also on SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12500) | 12 October 2020, 09:39:06 UTC |
8ebd889 | Richard Levitte | 06 October 2020, 14:11:17 UTC | Document how deprecation should be done Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:31 UTC |
d406f0f | Richard Levitte | 05 October 2020, 05:55:14 UTC | OpenSSL::ParseC: handle OSSL_CORE_MAKE_FUNC Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:31 UTC |
3ad9c47 | Richard Levitte | 04 October 2020, 10:51:42 UTC | Add PEM declaration macros that take attributes This makes it possible to easily deprecated selections of PEM functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:31 UTC |
895419b | Richard Levitte | 04 October 2020, 10:20:17 UTC | Add ASN1 declaration macros that take attributes This makes it possible to easily deprecated selections of ASN1 functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |
053730c | Richard Levitte | 04 October 2020, 09:51:20 UTC | Make OpenSSL::ParseC and OpenSSL::Ordinals treat deprecation consistently The triggering macro that decides if a symbol is to be considered deprecated is OPENSSL_NO_DEPRECATEDIN_x_y[_z]. OpenSSL::ParseC renames any OPENSSL_NO_DEPRECATED_x_y[_z] by inserting "IN". Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |
77c3075 | Richard Levitte | 04 October 2020, 09:13:28 UTC | Add convenience macros OSSL_DEPRECATEDIN_{major}_{minor} As opposed to DEPRECATEDIN_{major}_{minor}(), any use of these macros must be guarded with a corresponding OPENSSL_NO_DEPRECATED_{major}_{minor}: #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); #endif Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |
f044964 | Richard Levitte | 03 October 2020, 07:45:24 UTC | Add definitions of OSSL_DEPRECATED[_FOR] for Microsoft VC It turns out that they have __declspec(deprecated) that correspond pretty much to GCC's __attribute__((deprecated)), including for messages. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |
6fbb89f | Richard Levitte | 03 October 2020, 07:33:32 UTC | Change OSSL_DEPRECATED to take a version argument The macro value is changed to use deprecation messages where whose are supported. We also add the macro OSSL_DEPRECATED_FOR(), to be used whenever an additional message text is desirable, for example to tell the user what the deprecated is replaced with. Example: OSSL_DEPRECATED_FOR(3.0,"use EVP_PKEY and EVP_PKEY_size() instead") int RSA_size(const RSA *rsa); Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |
abd9d03 | Richard Levitte | 03 October 2020, 07:26:36 UTC | Add a macro OSSL_DEPRECATED for compiler dependent deprecation attributes The diverse DEPRECATEDIN_x_y_z macros are rewritten in terms of this macro. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074) | 12 October 2020, 06:29:30 UTC |