Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: libressl/portable
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b9a8c39f875ffcb5713d922c1bf74a61a7fc8a62
Choose a base ref
..
head repository: libressl/portable
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e9d9c93737626aa05bfaadbd5955ebd67d7135b9
Choose a head ref
1 change: 1 addition & 0 deletions .github/workflows/fedora-rawhide.yml
Original file line number Diff line number Diff line change
@@ -19,6 +19,7 @@ jobs:
cc: [ gcc, clang ]
name: ${{ matrix.cc }}
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
container:
image: fedora:rawhide
steps:
1 change: 1 addition & 0 deletions .github/workflows/linux.yml
Original file line number Diff line number Diff line change
@@ -16,6 +16,7 @@ jobs:
test:
name: "${{ matrix.os }}/${{ matrix.arch }} (${{ matrix.compiler }})"
runs-on: "${{ matrix.os }}"
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
permissions:
contents: read
strategy:
1 change: 1 addition & 0 deletions .github/workflows/macos.yml
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ jobs:
test:
name: "${{ matrix.os }}/${{ matrix.arch }}"
runs-on: "${{ matrix.os }}"
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
permissions:
contents: read
strategy:
1 change: 1 addition & 0 deletions .github/workflows/rust-openssl.yml
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ jobs:
test:
name: "Test"
runs-on: "ubuntu-latest"
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
permissions:
contents: read
steps:
1 change: 1 addition & 0 deletions .github/workflows/solaris.yml
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ jobs:
test:
name: "Solaris"
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
permissions:
contents: read
steps:
1 change: 1 addition & 0 deletions .github/workflows/windows.yml
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ jobs:
test:
name: "${{ matrix.os }}/${{ matrix.arch }} (${{ matrix.generator }})"
runs-on: "${{ matrix.os }}"
if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
permissions:
contents: read
strategy:
22 changes: 20 additions & 2 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -41,7 +41,11 @@ LibreSSL Portable Release Notes:
- Simplified and cleaned up the OBJ_ API.
- Cleaned up the EVP_Cipher{Init,Update,Final}() implementations.
- Removed unused function pointers from X.509 stores and contexts.
- A lot of cleanup and reaorganization in EVP.
- A lot of cleanup and reorganization in EVP.
- Removed all remaining ENGINE tentacles.
- Simplified internals of X509_TRUST handling.
- Made deletion from a lhash doall callback safe.
- Rewrote BIO_dump*(3) internals to be less bad.
* Documentation improvements
- ENGINE documentation was updated to reflect reality.
- Made EVP API documentation more accurate and less incoherent.
@@ -50,11 +54,20 @@ LibreSSL Portable Release Notes:
* Compatibility changes
- Added ChaCha20 and chacha20 aliases for ChaCha.
- SSL_library_init() now has the same effect as OPENSSL_init_ssl().
- EVP_add_{cipher,digest}() were removed. From the OBJ_NAME API,
only OBJ_NAME_do_all*() remain. In particular, it is no longer
possible to add aliases for ciphers and digests.
- The thread unsafe global tables are no longer supported. It is no
longer possible to add aliases for ciphers and digests, custom ASN.1
strings table entries, ASN.1 methods, PKEY methods, digest methods,
CRL methods, purpose and trust identifiers, or X.509 extensions.
- Removed the _cb() and _fp() versions of BIO_dump{,_indent}().
- Turn the long dysfunctional openssl(1) s_client -pause into a noop.
- openssl(1) x509 now supports -new -force_pubkey, -multivalue-rdn,
-set_issuer, -set_subject, and -utf8.
- Support ECDSA with SHA-3 signature algorithms.
- Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF.
- GOST and STREEBOG support was removed from libssl.
* Bug fixes
- Fixed aliasing issues in BN_mod_exp_simple() and BN_mod_exp_recp().
- Fixed numerous misuses of X509_ALGOR_set0() resulting in leaks and
@@ -68,7 +81,12 @@ LibreSSL Portable Release Notes:
- Avoid a NULL dereference after memory allocation failure during TLS
version downgrade.
- Fixed various bugs in CMAC internals.
- Removed all remaining ENGINE tentacles.
- Fixed 4-byte overreads in GHASH assembly on amd64 and i386.
- Fixed various NULL dereferences in PKCS #12 code due to mishandling
of OPTIONAL content in PKCS #7 ContentInfo.
- Aligned SSL_shutdown() behavior in TLSv1.3 with the legacy stack.
- Fixed the new X.509 verifier to find trust anchors in the trusted
stack.

3.8.2 - Stable release

7 changes: 1 addition & 6 deletions crypto/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -487,7 +487,6 @@ set(
evp/bio_b64.c
evp/bio_enc.c
evp/bio_md.c
evp/c_all.c
evp/e_aes.c
evp/e_aes_cbc_hmac_sha1.c
evp/e_bf.c
@@ -511,6 +510,7 @@ set(
evp/evp_encode.c
evp/evp_err.c
evp/evp_key.c
evp/evp_names.c
evp/evp_pbe.c
evp/evp_pkey.c
evp/m_gost2814789.c
@@ -526,9 +526,6 @@ set(
evp/m_streebog.c
evp/m_sm3.c
evp/m_wp.c
evp/names.c
evp/p5_crpt.c
evp/p5_crpt2.c
evp/p_legacy.c
evp/p_lib.c
evp/p_sign.c
@@ -572,7 +569,6 @@ set(
modes/gcm128.c
modes/ofb128.c
modes/xts128.c
objects/o_names.c
objects/obj_dat.c
objects/obj_err.c
objects/obj_lib.c
@@ -600,7 +596,6 @@ set(
pkcs12/p12_add.c
pkcs12/p12_asn.c
pkcs12/p12_attr.c
pkcs12/p12_crpt.c
pkcs12/p12_crt.c
pkcs12/p12_decr.c
pkcs12/p12_init.c
7 changes: 1 addition & 6 deletions crypto/Makefile.am
Original file line number Diff line number Diff line change
@@ -600,7 +600,6 @@ libcrypto_la_SOURCES += err/err_prn.c
libcrypto_la_SOURCES += evp/bio_b64.c
libcrypto_la_SOURCES += evp/bio_enc.c
libcrypto_la_SOURCES += evp/bio_md.c
libcrypto_la_SOURCES += evp/c_all.c
libcrypto_la_SOURCES += evp/e_aes.c
libcrypto_la_SOURCES += evp/e_aes_cbc_hmac_sha1.c
libcrypto_la_SOURCES += evp/e_bf.c
@@ -624,6 +623,7 @@ libcrypto_la_SOURCES += evp/evp_digest.c
libcrypto_la_SOURCES += evp/evp_encode.c
libcrypto_la_SOURCES += evp/evp_err.c
libcrypto_la_SOURCES += evp/evp_key.c
libcrypto_la_SOURCES += evp/evp_names.c
libcrypto_la_SOURCES += evp/evp_pbe.c
libcrypto_la_SOURCES += evp/evp_pkey.c
libcrypto_la_SOURCES += evp/m_gost2814789.c
@@ -639,9 +639,6 @@ libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c
libcrypto_la_SOURCES += evp/m_sm3.c
libcrypto_la_SOURCES += evp/m_wp.c
libcrypto_la_SOURCES += evp/names.c
libcrypto_la_SOURCES += evp/p5_crpt.c
libcrypto_la_SOURCES += evp/p5_crpt2.c
libcrypto_la_SOURCES += evp/p_legacy.c
libcrypto_la_SOURCES += evp/p_lib.c
libcrypto_la_SOURCES += evp/p_sign.c
@@ -758,7 +755,6 @@ libcrypto_la_SOURCES += modes/xts128.c
noinst_HEADERS += modes/modes_local.h

# objects
libcrypto_la_SOURCES += objects/o_names.c
libcrypto_la_SOURCES += objects/obj_dat.c
libcrypto_la_SOURCES += objects/obj_err.c
libcrypto_la_SOURCES += objects/obj_lib.c
@@ -794,7 +790,6 @@ libcrypto_la_SOURCES += pem/pvkfmt.c
libcrypto_la_SOURCES += pkcs12/p12_add.c
libcrypto_la_SOURCES += pkcs12/p12_asn.c
libcrypto_la_SOURCES += pkcs12/p12_attr.c
libcrypto_la_SOURCES += pkcs12/p12_crpt.c
libcrypto_la_SOURCES += pkcs12/p12_crt.c
libcrypto_la_SOURCES += pkcs12/p12_decr.c
libcrypto_la_SOURCES += pkcs12/p12_init.c
23 changes: 19 additions & 4 deletions man/links
Original file line number Diff line number Diff line change
@@ -494,6 +494,25 @@ CMS_get0_type.3,CMS_set1_eContentType.3
CMS_get1_ReceiptRequest.3,CMS_ReceiptRequest_create0.3
CMS_get1_ReceiptRequest.3,CMS_ReceiptRequest_get0_values.3
CMS_get1_ReceiptRequest.3,CMS_add1_ReceiptRequest.3
CMS_signed_add1_attr.3,CMS_signed_add1_attr_by_NID.3
CMS_signed_add1_attr.3,CMS_signed_add1_attr_by_OBJ.3
CMS_signed_add1_attr.3,CMS_signed_add1_attr_by_txt.3
CMS_signed_add1_attr.3,CMS_signed_delete_attr.3
CMS_signed_add1_attr.3,CMS_signed_get0_data_by_OBJ.3
CMS_signed_add1_attr.3,CMS_signed_get_attr.3
CMS_signed_add1_attr.3,CMS_signed_get_attr_by_NID.3
CMS_signed_add1_attr.3,CMS_signed_get_attr_by_OBJ.3
CMS_signed_add1_attr.3,CMS_signed_get_attr_count.3
CMS_signed_add1_attr.3,CMS_unsigned_add1_attr.3
CMS_signed_add1_attr.3,CMS_unsigned_add1_attr_by_NID.3
CMS_signed_add1_attr.3,CMS_unsigned_add1_attr_by_OBJ.3
CMS_signed_add1_attr.3,CMS_unsigned_add1_attr_by_txt.3
CMS_signed_add1_attr.3,CMS_unsigned_delete_attr.3
CMS_signed_add1_attr.3,CMS_unsigned_get0_data_by_OBJ.3
CMS_signed_add1_attr.3,CMS_unsigned_get_attr.3
CMS_signed_add1_attr.3,CMS_unsigned_get_attr_by_NID.3
CMS_signed_add1_attr.3,CMS_unsigned_get_attr_by_OBJ.3
CMS_signed_add1_attr.3,CMS_unsigned_get_attr_count.3
CMS_verify.3,CMS_get0_signers.3
CONF_modules_free.3,CONF_modules_finish.3
CONF_modules_free.3,CONF_modules_unload.3
@@ -594,7 +613,6 @@ DSA_SIG_new.3,DSA_SIG_free.3
DSA_SIG_new.3,DSA_SIG_get0.3
DSA_SIG_new.3,DSA_SIG_set0.3
DSA_do_sign.3,DSA_do_verify.3
DSA_generate_parameters.3,DSA_generate_parameters_ex.3
DSA_get0_pqg.3,DSA_clear_flags.3
DSA_get0_pqg.3,DSA_get0_engine.3
DSA_get0_pqg.3,DSA_get0_g.3
@@ -1257,8 +1275,6 @@ OBJ_create.3,OBJ_add_object.3
OBJ_create.3,OBJ_cleanup.3
OBJ_create.3,OBJ_create_objects.3
OBJ_create.3,OBJ_new_nid.3
OBJ_create.3,check_defer.3
OBJ_create.3,obj_cleanup_defer.3
OBJ_find_sigid_algs.3,OBJ_find_sigid_by_algs.3
OBJ_nid2obj.3,OBJ_cmp.3
OBJ_nid2obj.3,OBJ_dup.3
@@ -2206,7 +2222,6 @@ X509_STORE_CTX_new.3,X509_STORE_CTX_set_cert.3
X509_STORE_CTX_new.3,X509_STORE_CTX_set_chain.3
X509_STORE_CTX_new.3,X509_STORE_CTX_trusted_stack.3
X509_STORE_CTX_set_flags.3,X509_STORE_CTX_get0_param.3
X509_STORE_CTX_set_flags.3,X509_STORE_CTX_purpose_inherit.3
X509_STORE_CTX_set_flags.3,X509_STORE_CTX_set0_param.3
X509_STORE_CTX_set_flags.3,X509_STORE_CTX_set_default.3
X509_STORE_CTX_set_flags.3,X509_STORE_CTX_set_depth.3
18 changes: 12 additions & 6 deletions patches/asm/masm-align-64.patch
Original file line number Diff line number Diff line change
@@ -1,22 +1,28 @@
commit f51fe0c900b1a3adf281da6ea7ea45421f6ab424
commit b493cd50343b0cfed8010654769f156626ac7832
Author: Brent Cook <busterb@gmail.com>
Date: Mon Jan 8 21:54:21 2024 -0600
Date: Sun Feb 4 22:53:59 2024 -0600

align sections on masm/windows to 64 bytes
align read-only sections on masm/windows to 64 bytes

Avoid conflicts where alignment is specified later in the underlying
assembly.

diff --git a/src/lib/libcrypto/perlasm/x86_64-xlate.pl b/src/lib/libcrypto/perlasm/x86_64-xlate.pl
index 5dbed2a8c..37dfcdbc9 100755
index 5dbed2a8c..d62780c2c 100755
--- a/src/lib/libcrypto/perlasm/x86_64-xlate.pl
+++ b/src/lib/libcrypto/perlasm/x86_64-xlate.pl
@@ -567,7 +567,7 @@ my %globals;
@@ -567,7 +567,13 @@ my %globals;
$v.="$line\tSEGMENT";
if ($line=~/\.([prx])data/) {
$v.=" READONLY";
- $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+ $v.=" ALIGN(64)";
+ if ($masm>=$masmref) {
+ if ($line=~/\.rdata/) {
+ $v.=" ALIGN(64)";
+ } else {
+ $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")";
+ }
+ }
} elsif ($line=~/\.CRT\$/i) {
$v.=" READONLY ";
$v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
16 changes: 16 additions & 0 deletions tests/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -131,6 +131,11 @@ add_executable(bio_chain bio_chain.c)
target_link_libraries(bio_chain ${OPENSSL_TEST_LIBS})
add_test(bio_chain bio_chain)

# bio_dump
add_executable(bio_dump bio_dump.c)
target_link_libraries(bio_dump ${OPENSSL_TEST_LIBS})
add_test(bio_dump bio_dump)

# bio_host
# this test relies on resolver results that are OS and environment-specific
if(ENABLE_EXTRATESTS)
@@ -601,6 +606,17 @@ add_executable(sha_test sha_test.c)
target_link_libraries(sha_test ${OPENSSL_TEST_LIBS})
add_test(sha_test sha_test)

# shutdowntest
set(SHUTDOWNTEST_SRC shutdowntest.c)
add_executable(shutdowntest ${SHUTDOWNTEST_SRC})
target_link_libraries(shutdowntest ${OPENSSL_TEST_LIBS})
if(NOT MSVC)
add_test(NAME shutdowntest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/shutdowntest.sh)
else()
add_test(NAME shutdowntest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/shutdowntest.bat $<TARGET_FILE:shutdowntest>)
endif()
set_tests_properties(shutdowntest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")

# signertest
if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore")
set(SIGNERTEST_SRC signertest.c)
11 changes: 11 additions & 0 deletions tests/Makefile.am
Original file line number Diff line number Diff line change
@@ -147,6 +147,11 @@ TESTS += bio_chain
check_PROGRAMS += bio_chain
bio_chain_SOURCES = bio_chain.c

# bio_dump
TESTS += bio_dump
check_PROGRAMS += bio_dump
bio_dump_SOURCES = bio_dump.c

# bio_host
# this test relies on resolver results that are OS and environment-specific
if ENABLE_EXTRATESTS
@@ -631,6 +636,12 @@ TESTS += sha_test
check_PROGRAMS += sha_test
sha_test_SOURCES = sha_test.c

# shutdowntest
TESTS += shutdowntest.sh
check_PROGRAMS += shutdowntest
shutdowntest_SOURCES = shutdowntest.c
EXTRA_DIST += shutdowntest.sh shutdowntest.bat

# signertest
TESTS += signertest
check_PROGRAMS += signertest
14 changes: 14 additions & 0 deletions tests/shutdowntest.bat
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
@echo off
setlocal enabledelayedexpansion
REM shutdowntest.bat

set shutdowntest_bin=%1
set shutdowntest_bin=%shutdowntest_bin:/=\%
if not exist %shutdowntest_bin% exit /b 1

%shutdowntest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
if !errorlevel! neq 0 (
exit /b 1
)

endlocal
13 changes: 13 additions & 0 deletions tests/shutdowntest.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/sh
set -e

shutdowntest_bin=./shutdowntest
if [ -e ./shutdowntest.exe ]; then
shutdowntest_bin=./shutdowntest.exe
fi

if [ -z $srcdir ]; then
srcdir=.
fi

$shutdowntest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem