[openssl/openssl] dd2b22: Add defaults api to openssl build
Neil Horman
noreply at github.com
Tue Jul 9 08:25:00 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: dd2b22d88c9c974f4ca6bce2550f89ac7fb76839
https://github.com/openssl/openssl/commit/dd2b22d88c9c974f4ca6bce2550f89ac7fb76839
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
M crypto/build.info
A crypto/defaults.c
M include/internal/common.h
Log Message:
-----------
Add defaults api to openssl build
Build time defaults aren't great for windows, in which various macros
(like OPENSSLDIR) are selected at build time, but may be selected
differently at install time. Add an internal defaults api to return the
build time constants on unix systems, but instead query registry keys
for the form:
HLKM\SOFTWARE\OpenSSL-{version}-{wininstallcontext}
Such that each built version of openssl may maintain its own set of
registry keys to identify these locations, and be set administratiely as
appropriate at install or run time
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: e6c77f26855661ec4bfe0a91fcf1c718ac48967f
https://github.com/openssl/openssl/commit/e6c77f26855661ec4bfe0a91fcf1c718ac48967f
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M apps/version.c
M crypto/cversion.c
M crypto/engine/eng_list.c
M crypto/info.c
M crypto/provider_core.c
M crypto/x509/x509_def.c
M doc/man1/openssl-version.pod.in
M include/openssl/crypto.h.in
Log Message:
-----------
convert users of build time defaults to use new defaults api
Now that we can query for install time registry keys on windows, convert
users of these macros to use the api instead
Add a unit test to validate the functionality of our reg key lookups
Add a test to check to make sure our registry key lookups work. note
this test only runs on windows (clearly), but also only if the registry
keys are set via an installer or some other manual process (to be done
in the CI workflow)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 17309181613ae99b9a3d5cfefe76fd09e32d341b
https://github.com/openssl/openssl/commit/17309181613ae99b9a3d5cfefe76fd09e32d341b
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
A test/recipes/02-test_windows_registry.t
Log Message:
-----------
Add a unit test to validate the functionality of our reg key lookups
Add a test to check to make sure our registry key lookups work. note
this test only runs on windows (clearly), but also only if the registry
keys are set via an installer or some other manual process (to be done
in the CI workflow)
Also add workflow steps to set registry keys for testing
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: c1c67561566d8d2ce0a378af110278778b9901d8
https://github.com/openssl/openssl/commit/c1c67561566d8d2ce0a378af110278778b9901d8
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
Log Message:
-----------
Correct use of workflow ENV vars on windows
On windows ci we're using powershell operations, need to follow those
rules
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: f4540c1b14cb6928daffc53f0db332cd741fe91d
https://github.com/openssl/openssl/commit/f4540c1b14cb6928daffc53f0db332cd741fe91d
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M crypto/defaults.c
Log Message:
-----------
dont fall back to build time defaults on windows
to prevent security issues, don't fall back to build time default
locations, instead return the string "UNDEFINED"
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 630e3a168446ab7e269176bad5b1bf79ea54301a
https://github.com/openssl/openssl/commit/630e3a168446ab7e269176bad5b1bf79ea54301a
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
M apps/version.c
M crypto/cversion.c
M crypto/defaults.c
M include/openssl/crypto.h.in
Log Message:
-----------
Change WININSTALLCONTEXT to OSSL_WINCTX
Make it more in line with other command line defines, and a bit shorter
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 525f2bf564b3d04680ab5722fff575ce690d7aee
https://github.com/openssl/openssl/commit/525f2bf564b3d04680ab5722fff575ce690d7aee
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
Log Message:
-----------
Fix windows ci to use proper OSSL_WINCTX define
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 4edcf0b450cd42d2037155d520b7e6323b624b6a
https://github.com/openssl/openssl/commit/4edcf0b450cd42d2037155d520b7e6323b624b6a
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M crypto/defaults.c
Log Message:
-----------
Don't fall back to pre-defined constants on windows
We don't want to allow windows systems on new installs to use
OPENSSLDIR/MODULESDIR/ENGINESDIR at all, as it makes no sense to define
paths at build time that have no meaning at install time.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 901e27982c6bcd5ac94e455d2ef87e80398cd474
https://github.com/openssl/openssl/commit/901e27982c6bcd5ac94e455d2ef87e80398cd474
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
Log Message:
-----------
Update NOTES-WINDOWS for typos/grammar
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 4fc9e5e0110e7199eaca43f54d604e36ce579567
https://github.com/openssl/openssl/commit/4fc9e5e0110e7199eaca43f54d604e36ce579567
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows_comp.yml
Log Message:
-----------
update windows_comp ci run to use new registry reads
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: c7dae9c263fe507adc59e9ba2f34d473de04bbe9
https://github.com/openssl/openssl/commit/c7dae9c263fe507adc59e9ba2f34d473de04bbe9
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M doc/man1/openssl-version.pod.in
Log Message:
-----------
Update docs
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 917f37195ac95252a4c90e86d7d7414c5569aed8
https://github.com/openssl/openssl/commit/917f37195ac95252a4c90e86d7d7414c5569aed8
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
M apps/info.c
M apps/version.c
M crypto/conf/conf_mod.c
M crypto/cversion.c
M crypto/defaults.c
M crypto/o_fopen.c
M crypto/x509/x509_def.c
M test/recipes/02-test_windows_registry.t
Log Message:
-----------
Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL
To prevent inadvertent use of insecure directories, we need to be able
to detect and react when our new registry keys aren't set, which implies
allowing the values for the dynamic representations of
OPENSSLDIR/ENGINESDIR/MODULESDIR to return NULL. This in turn requires
that we detect and handle NULL string in several call sites that
previously assumed they would never be NULL. This commit fixes those up
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 7c58769a036057f7a595c83db65e74175c116477
https://github.com/openssl/openssl/commit/7c58769a036057f7a595c83db65e74175c116477
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add Changes entry
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 62dd0f1762c9c5dd1df5f4220adec0fe5661c7c9
https://github.com/openssl/openssl/commit/62dd0f1762c9c5dd1df5f4220adec0fe5661c7c9
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
Log Message:
-----------
Update NOTES-WINDOWS.md
The behavior of windows with registry keys is somewhat confusing, and
based on both build time defines, and reg key availablility. Add a
table defining behavior in all cases
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 290452f2bd7ba220a4a38a68371bfcd39765b1e9
https://github.com/openssl/openssl/commit/290452f2bd7ba220a4a38a68371bfcd39765b1e9
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M apps/version.c
Log Message:
-----------
Augment version.c to not display -w options on non-windows
Don't need the -w option on non-windows builds
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: bf74cf35cf47bfa44a89a6f8c3e52a3ec76d828f
https://github.com/openssl/openssl/commit/bf74cf35cf47bfa44a89a6f8c3e52a3ec76d828f
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M NOTES-WINDOWS.md
M apps/version.c
M crypto/defaults.c
Log Message:
-----------
Fixes for defaults code
Fix up some indenting, and ensure that the run_once routines don't get
defined if OSSL_WINCTX isn't defined to avoid compiler errors
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: caaea8f343c63a828a5861650038b25de2d5983b
https://github.com/openssl/openssl/commit/caaea8f343c63a828a5861650038b25de2d5983b
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M crypto/defaults.c
M test/recipes/02-test_windows_registry.t
Log Message:
-----------
Update defaults to install keys against major.minor
we want patch level updates to use the same keys, so only create the key
against the major.minor version
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: aa4fc5ea4a0da5f5f2c1fedf1f2727047d3a6eff
https://github.com/openssl/openssl/commit/aa4fc5ea4a0da5f5f2c1fedf1f2727047d3a6eff
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
M .github/workflows/windows_comp.yml
Log Message:
-----------
Adjust ci to only use major.minor when setting reg keys
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: a8f99f98d601efdc212d958a79af78bbbb0f12e0
https://github.com/openssl/openssl/commit/a8f99f98d601efdc212d958a79af78bbbb0f12e0
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
M .github/workflows/windows_comp.yml
Log Message:
-----------
Avoid chicken and egg problem with reg setting
Because openssl with -DOSSL_WINCTX no longer falls back to build time
defines, we have a chicken and egg problem. CI needs to query openssl
for its version string so registry keys can be set properly, but openssl
version refuses to run because no configuration file can be found
So we work around it by, for the purposes of setting the registry keys,
we set OPENSSL_CONF to a know config file, so that openssl version runs
properly.
Once the version is extracted, we can set the registry keys, and openssl
will function properly without OPENSSL_CONF set
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: aa08335852a3714075c26690a6eeab456e813a54
https://github.com/openssl/openssl/commit/aa08335852a3714075c26690a6eeab456e813a54
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
M .github/workflows/windows_comp.yml
Log Message:
-----------
Fix sed/awk usage in windows ci jobs
The addition of sed and awk, while available in the windows vm's for CI
in powershell, don't behave as I would expect (though the same commands
work with a local installation on windows using GnuWin32). In trying to
figure out what was going on I found it was far more stable and
predictable to use the powershell -split and -replace commands instead
of sed and awk
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Commit: 97bfbb98b0f9f2a381a47a01ae4e20f511adae05
https://github.com/openssl/openssl/commit/97bfbb98b0f9f2a381a47a01ae4e20f511adae05
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-09 (Tue, 09 Jul 2024)
Changed paths:
M .github/workflows/windows.yml
M .github/workflows/windows_comp.yml
M crypto/conf/conf_mod.c
Log Message:
-----------
Allow openssl version to function in the absence of a config file
the openssl application attempts to load a config file on startup
always, calling x509_get_default_cert_area() to locate the file. On
Windows builds with -DOSSL_WINCTX set, this fails if the corresponding
registry keys are unset. allow openssl to continue to function properly
for applets that don't actually require a configuration file.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
Compare: https://github.com/openssl/openssl/compare/c215d75f94fc...97bfbb98b0f9
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list