Private hstrerror was introduced to address linking problem on HP-UX,
but truth be told conemporary systems, HP-UX included, wouldn't come
to that call, they would use getaddrinfo and gai_strerror, while
gethostbyname and h_errno are there to serve legacy systems. Since
legacy systems are naturally disappearing breed, we can as well just
let user interpret number.
GH#2816
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3e49ee23eab5c3fa57d14dc5f82f50cbea718322)
With VMS C, the second parameter takes a 32-bit pointer. When
building with 64-bit pointer size default, we must compensate.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2811)
(cherry picked from commit 48ce800aa5a2ccee204ad3960a20c4ca14acb3a1)
This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'. Files in there can be reached with the
new function data_file()
(Merged from https://github.com/openssl/openssl/pull/2027)
(cherry picked from commit 6c6a2ae6fc964795304bbe7687e42b2b0cdf81b3)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2802)
Cleanse instead, and free in the free routine.
Seems to have been introduced in commit
846ec07d904f9cc81d486db0db14fb84f61ff6e5 when EVP_CIPHER_CTX was made
opaque.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2798)
(cherry picked from commit 5c6c4c5c333c8ac469e53521cf747ff527b8813a)
AGL has a history of pointing out the idiosynchronies/laxness of the
openssl PEM parser in amusing ways. If we want this functionality to
stay present, we should test that it works.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2756)
(cherry picked from commit a00b9560f7ece1e51bd7a8dc6a7ffb7a3d20cf86)
Generate a fresh certificate and DSA private key in their respective PEM
files. Modify the resulting ASCII in various ways so as to produce input
files that might be generated by non-openssl programs (openssl always
generates "standard" PEM files, with base64 data in 64-character lines
except for a possible shorter last line).
Exercise various combinations of line lengths, leading/trailing
whitespace, non-base64 characters, comments, and padding, for both
unencrypted and encrypted files. (We do not have any other test coverage
that uses encrypted files, as far as I can see, and the parser enforces
different rules for the body of encrypted files.)
Add a recipe to parse these test files and verify that they contain the
expected string or are rejected, according to the expected status.
Some of the current behavior is perhaps suboptimal and could be revisited.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2756)
(cherry picked from commit e8cee55718bb9cb957f449fbe7145a77f252bb73)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2787)
(cherry picked from commit 629192c1b9f17965e0a6b73229b7b1e004bfbd98)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2788)
(cherry picked from commit 4d118fe007692de2dd8c5dd084254f8d3b308167)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2755)
(cherry picked from commit 6faa3456326afa56ea8c25a0b49239392074e192)
This reimplementation was necessary before VMS C V7.1. Since that's
the minimum version we support in this OpenSSL version, the
reimplementation is no longer needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2762)
(cherry picked from commit 9d70ac97d9d8720e6ed280609c844da403b80440)
...in the man page to reflect the actual default (2048 instead of 512)
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2754)
(cherry picked from commit 013bc448672cbc3c9cd154709400c676c2955229)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2721)
(cherry picked from commit 8fce04ee3540ba3039bb66df34ea3f076a599ab9)
Travis OS X utilization and backlog statistics suggest that it became
bottleneck for our integration builds with requests piling up for days
during working days of the week. Suggestion is to remove osx till
capacity is lesser issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e12e903e9ac675d08f9dd0db1f0c1a2049232c21)
If ret is allocated, it may be leaked on error.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2666)
(cherry picked from commit 4483e23444fa18034344874ffbe67919207e9e47)
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2709)
The library files are built with symbol names as is, while the
application is built with the default uppercase-all-symbols mode.
That's fine for public APIs, because we have __DECC_INCLUDE_PROLOGUE.H
and __DECC_INCLUDE_EPILOGUE.H automatically telling the compiler how
to treat the public header files. However, we don't have the same
setup for internal library APIs, since they are usually only used by
the libraries.
Because apps/rehash.c uses a library internal header file, we have to
surround that inclusion with the same kind of pragmas found in
__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, or we get
unresolved symbols when building no-shared.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2725)
(cherry picked from commit 2ac915f16218982f48dbc799b8308a07441d2e35)
The generation number is ';nnn' at the end of the file name fetched
with readdir(). Because rehash checks for specific extensions and
doesn't expect an additional generation number, the easiest is to
massage the received file name early by simply removing the generation
number.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2717)
(cherry picked from commit 39aceac320a1561d50c7d71ac2560aec7ab8eddb)
Also, don't exit with an error code
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2716)
(cherry picked from commit 341de5f1997d21b60cee69be656f1ae709bccdac)
Prevent that memory beyond the last element is accessed if every element
of group->poly[] is non-zero
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2689)
(cherry picked from commit 57f48f939ed5d3119e3c691ea0a8a3ac2f4a1a9e)
A spelling error prevented it from building correctly.
Furthermore, we need to be more careful when to add a / at the end
of the dirname and when not.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2706)
(cherry picked from commit 5c80e2af3a7d8aa5129a1668c286c1464983e1ac)
opendir(), readdir() and closedir() have been available on VMS since
version 7.0.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2707)
(cherry picked from commit d8eaaf15356e1559f0f669b430b0d22b3514f8f0)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2607)
(cherry picked from commit a0179d0afb621a0875ddcfd939719a9628ac4444)
Change size comparison from > (GT) to >= (GTE) to ensure an additional
byte of output buffer, to prevent OOB reads/writes later in the function
Reject input strings larger than 2GB
Detect invalid output buffer size and return early
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2672)
(cherry picked from commit ecca16632a73bb80ee27cdec8a97f6def0a4714d)
The sh_add_to_list function will overwrite subsequent slots in the free list
for small allocations. This causes a segmentation fault if the writes goes
off the end of the secure memory. I've not investigated if this problem
can overwrite memory without the segmentation fault, but it seems likely.
This fix limits the minsize to the sizeof of the SH_LIST structure (which
also has a side effect of properly aligning the pointers).
The alternative would be to return an error if minsize is too small.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2657)
(cherry picked from commit 70e14ffbaf6a67dab56c24cae01f1248cf3f1e77)
Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function
with the 'len' parameter being 0 would result in a memcpy where the source
and destination parameters are the same, which is undefined behavior.
Do same for AES_ige_encrypt.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2671)
(cherry picked from commit b1498c98f3fb5b8a340acc9ce20b0fd5346294e5)
On VMS, file names with more than one period get all but the last get
escaped with a ^, so 21-key-update.conf.in becomes 21-key-update^.conf.in
That means that %conf_dependent_tests and %skip become useless unless
we massage the file names that are used as indexes.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2678)
(cherry picked from commit d89f66412ba5168e7d6fd9dd88619d927d716f55)
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)
(cherry picked from commit 343a7467c270c54a8e1c85e88e807a1c2e0b6127)
Don't run this test unless 'openssl rehash' works properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2664)
(cherry picked from commit 73540f4729bb856ab066c6e7a57513a97e3ca36f)
Fortunately, "openssl verify" makes good use of that API
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2652)
(cherry picked from commit bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2650)
(cherry picked from commit d605fc3a0ce4103ca6660904795bf1209cdb55b7)
it also accepts 20 bytes, but states 'less than' in the error message
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2648)
(cherry picked from commit 0cb8c9d85e9d5690670d6f1f02e8ccc756520210)
