| Age | Commit message (Collapse) | Author |
|---|
|
The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops,
but it is missing from mips64*-linux-*abin32 (which OpenSSL calls
"linux-mips64"). This causes heap corruption when verifying TLS certificates
(which tend to be RSA-signed) with openssl 1.1.1q:
```
nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer
Aborted
```
and a slightly different failure with current HEAD:
```
nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443
Connecting to 142.250.180.4
CONNECTED(00000003)
Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)
Aborted
```
Applying this patch and recompiling produces the expected output instead of a
crash.
Note that Gentoo (and to my knowledge all other other distributions which
support mips64n32) use the `linux-generic32` configuration, which uses only
32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler
implementations for the SHA hash functions:
https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102
For support in nixpkgs we would like to use the full 64-bit integer registers
and perlasm routines, so I'm submitting this upstream as well.
Fixes #19319
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19320)
(cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908)
|
|
Build failed on djgpp due to missing config vars 'AR' and 'ARFLAGS'.
Additionally, '-lz' was not added to 'lflags' when zlib support was
enabled. Inheriting configuration variables from BASE_unix solves both
these issues.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)
(cherry picked from commit 29d82bd95b6ef3428c7e776221612a083994219d)
|
|
Directories and file names with spaces require quoting... again
Fixes #18880
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18881)
(cherry picked from commit 709651c9022e7be7e69cf8a2f6edf2c8722a6a1e)
|
|
Some of the VC-common attributes have values that use `$(CC)`, wrapped with
quotes. However, `Configurations/windows-makefile.tmpl` already quotes the
`CC` value, like this:
CC="{- $config{CC} -}"
The interaction between that makefile variable and the attributes using
`$(CC)` wrapped with quotes is a command line with the quotes doubled. For
example, the value of `$(CPP)` becomes `""cl""`.
Strangely enough, this appears to be tolerated, at least on some versions of
Windows. However, this has been reported not to be the case.
This is fixed by removing the quotes in `Configurations/10-main.conf`,
making `Configurations/windows-makefile.tmpl` responsible for proper
quoting.
Fixes #18823
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18861)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18807)
|
|
This resolves the faulty LIBRARY value that contained the directory
of the product (.dll) in the build tree. This applies to engines and
other modules alike.
Fixes #18726
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18732)
(cherry picked from commit 5cc9ab5cf51137daf6d2d57718f56316dcb62744)
|
|
Affected file: Configurations/unix-Makefile.tmpl
Fixes #18516
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18520)
|
|
A generator in a `GENERATE[generated]=generator` build.info statement may
itself be generated. That needs to be taken into account.
This was always meant to be, but we missed the spot, for lack of use cases.
Now we have one.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18263)
(cherry picked from commit 42b4a8ab961e3d3be4abffe3aea458448b2e47b4)
|
|
Since this file is generated by configdata.pm, there's no need to include it
among the mandatory dependencies (which end up in the `GENERATE_MANDATORY`
Makefile variable). In fact, it shouldn't be there any more, as that would
also cause it to be removed by `make clean`.
To compensate, we add an explicit removal of that file in the `distclean`
target on all platform families.
Fixes #18396
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18398)
(cherry picked from commit ef8040bce02758de86fc55412ee4ac9102f9ffab)
|
|
The FIPS module checksum needs to know that configuration.h is
generated from configuration.h.in, so that information is conserved.
To make this possible, it's now possible to have attributes with the
GENERATE keyword, and the attribute "skip" is added to make a keyword
a no-op, which makes it informative only.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)
(cherry picked from commit 4d02d500aac80c136e3d6582b908e0fab77bbf42)
|
|
Fixes openssl#16984.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18284)
(cherry picked from commit e5f831a065df1d6e4640ef389f8594a5f10c9c8e)
|
|
Otherwise, it seems nmake doesn't invoke perl properly.
Signed-off-by: Keith W. Campbell <keithc@ca.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18215)
(cherry picked from commit 3b85d9de443c31e49a0215c1fe3c80828d609062)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17084)
(cherry picked from commit 8e22f9d6d956ad583afe10b986519731c113ac80)
|
|
AIX shared libs are also .a files so the AIX platform staticname()
appends a '_a' to the name to avoid a collision. However, this
must not be done when no-shared is passed to Configure or the
binaries that link with -lcrypto and -lssl be unable to link as
those libraries won't exist without the '_a' suffix.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18006)
(cherry picked from commit b83c0a900f9303e0c9fd084829b791386d7c57ce)
|
|
Fixes https://github.com/openssl/openssl/issues/14083 again after being
broken by https://github.com/openssl/openssl/pull/15640.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17833)
(cherry picked from commit b420e249370c4a85c4edd65fb445d20f9c19c44d)
|
|
Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.
However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.
This change is therefore a completion of what was forgotten in #15310.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)
(cherry picked from commit 468d15179d6b0d0c2f5674bcbef66743925f2133)
|
|
This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included header files reside.
The issue only comes up when linking with the static libraries, since
the shared libraries have upper case aliases of all symbols.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17755)
(cherry picked from commit 98b7b74122e66f63c4ec67a74e345c64a55c68db)
|
|
Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)
(cherry picked from commit 9d987de3aabe54e65a55649a61953966f33b070b)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(Merged from https://github.com/openssl/openssl/pull/17333)
|
|
This was part of 0cbb6f6a9ac5aa3ff813ef2e5afe6e443708ee20, but was
incomplete in that commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
|
|
Also, the modules installation directory is version agnostic on other
platforms, there's no real reason why it shouldn't be on VMS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
|
|
The program name version info is supposed to be the major release
version number. This was forgotten when the versioning scheme was
changed for 3.0, so the minor release version number slipped in as
well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
|
|
The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:
perl Configure VC-WIN64A
nmake clean
nmake
nmake install
Fixes #17114
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)
(cherry picked from commit bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46)
|
|
When remaking how programs were linked, the variable `$ress` was forgotten.
Unfortunately, perl treats this with silence.
Fixes #16870
Fixes #16667
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16875)
(cherry picked from commit 01451721afebabd0b7bdcd4cb3a183c9b590d266)
|
|
CLA: trivial
I assume this has been an error in the initial ios conf file. In order to build for ios the shared engine library, needs to be disabled because iOS doesn't have the concept of shared libraries. But instead of only disabling `dynamic-engine` (or like in this commit disabled the `shared`) option the previous config did disable `engine` and with that the `static-engine` compilation as well. This restores the `static-engine` option being enabled by default, but keeping compilation going on iOS.
Cheers!
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16659)
(cherry picked from commit aa58071e4b8b245db1564f476731c978738e7e98)
|
|
OpenSSL 1.1.1 links the simple libcrypto.so to libcrypto_variant.so,
this was inadvertently dropped.
Fixes #16605
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16608)
(cherry picked from commit bfbb62c3b0a8f8d223f84ebf7507594cee99f135)
|
|
We changed the manner in which a build needing applink is detected,
but forgot to change the installation targets accordingly.
Fixes #16570
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16577)
|
|
Fixes #16572
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16578)
(cherry picked from commit 7ea01f521d08d6585a62c7cfd9358c0f191bd903)
|
|
Fixes #16564
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16569)
(cherry picked from commit 85efdaab4d068f7de354b0a18f70f1737941dc7f)
|
|
away the use of $(DEFINES), which does get populated with defines
given through configuration. This makes it impossible to configure
with extra defines on VMS. Uncommenting and moving $(DEFINES) to a
more proper spot gives the users back that ability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16561)
|
|
This function tried to shave off the pre-release and build metadata
text from the the version number it gets, but didn't do that quite
right. Since this isn't even a documented behaviour, the easier, and
arguably more correct path is for that function not to try to shave
off anything, and for the callers to feed it the short version number,
"{MAJOR}.{MINOR}.{PATCH}", nothing more.
The build file templates are adjusted accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16556)
(cherry picked from commit 435981cbadad2c58c35bacd30ca5d8b4c9bea72f)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16534)
|
|
OpenVMS for x86_64 is currently out on a field test. Building
programs for it is currently done with cross compilation on Itanium.
The cross compilation tools are made available by running a script,
which makes cross-compilation variants of most commands available, and
adds the cross-compilation C compiler XCC.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16498)
(cherry picked from commit 6929c8fb5b46c9c2a383a7c212ee052e0dcef021)
|
|
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.
Fix some trailing whitespace and spelling mistakes as well.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
(cherry picked from commit 473664aafdff1f60db99929bdd43c2a9b26d14cd)
|
|
In current Configure script, libdir can be specified either an absolute
path or relative, while in Configurations/shared-info.pl, on darwin
system "-install_name" only accepts relative libdir path, and the
program fails when receiving absolute libdir path. This PR is to fix
this and match requirements of scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16393)
|
|
Fixes: #16373
Co-authored-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16398)
|
|
$(SRCDIR)/doc doesn't work right on VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16395)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
|
|
Also fix some inconsistencies and minor bugs related to the
install_fips target on Windows and VMS.
Fixes #16194
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
|
|
unix-Makefile.tmpl checks if the target LIBDIR exists on the build
machine or not and based on the result modify the final LIBDIR.
This should be avoided, build results should not depend on the build
machine root filesystem layout. It makes the build results unstable.
The fix simply removes the dir existence test from the unix-Makefile.tmpl.
Fixes: openssl#16121
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16122)
|
|
nmake is tolerant of those empty lines, but jom isn't. That tolerance
isn't standard make behaviour, so we lean towards avoiding them.
We simply use '@rem' instead.
Fixes #16014
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16048)
|
|
If platform->sharedlib_simple() and platform->sharedlib_import()
return undefined, try platform->sharedlib() as a fallback before
platform->staticlib().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)
|
|
On some Unix-like platforms, there is no such thing as versioned shared
libraries. In this case, platform->sharedlib_simple() should simply
return undef. Among others, this avoids the shared libraries to be
installed as symlinks on themselves.
Fixes #16012
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)
|
|
We introduce a new makefile target "make release-update" that forces
ordinal file renumbering, and also does the fips checksum updates. We
then call that from the release script.
Fixes #15806
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15901)
|
|
Fixes #15639
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15903)
|
|
Perl's system() on VMS needs to have the command line properly fixed
up, even with arguments passed in list form. We arrange that by
having util/wrap.pl use the same command line fixups as OpenSSL::Test.
As a consequence, util/wrap.pl needs to be generated, to easily pick
up data from configdata.pm. This also removes yet another file
copying hack from the build file templates.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
|
|
The in2script functions generates the build file rules for generating
scripts from .in files. A dependency on configdata.pm is needed,
since it's being used for this.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15792)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
|
