- 21 3月, 2018 8 次提交
-
-
由 Peter Wu 提交于
Fixes regression from #5667. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5701)
-
由 Andy Polyakov 提交于
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c and randfile.c which are not OS-neutral, and contain some Win32-specific code. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5676)
-
由 Matthias Kraft 提交于
Although it deviates from the actual prototype of DSO_dsobyaddr(), this is now ISO C compliant and gcc -Wpedantic accepts the code. Added DATA segment checking to catch ptrgl virtual addresses. Avoid memleaks with every AIX/dladdr() call. Removed debug-fprintf()s. Added test case for DSO_dsobyaddr(), which will eventually call dladdr(). Removed unecessary AIX ifdefs again. The implementation can only lookup function symbols, no data symbols. Added PIC-flag to aix*-cc build targets. As AIX is missing a dladdr() implementation it is currently uncertain our exit()-handlers can still be called when the application exits. After dlclose() the whole library might have been unloaded already. Signed-off-by: NMatthias Kraft <makr@gmx.eu> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5668)
-
由 Benjamin Kaduk 提交于
The sid_ctx is something of a "certificate request context" or a "session ID context" -- something from the application that gives extra indication of what sort of thing this session is/was for/from. Without a sid_ctx, we only know that there is a session that we issued, but it could have come from a number of things, especially with an external (shared) session cache. Accordingly, when resuming, we will hard-error the handshake when presented with a session with zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no information about the peer to verify, so the verification must fail. In order to prevent these future handshake failures, proactively decline to add the problematic sessions to the session cache. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5175)
-
由 Pauli 提交于
The comment in EVP_DigestInit.pod is: > Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. I.e. there is no link anymore. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5682)
-
由 Eric Covener 提交于
WCOREDUMP and vsyslog are not portable Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5657)
-
由 Johannes Bauer 提交于
Give meaningful error messages when the user incorrectly uses pkeyutl. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3987)
-
由 Matt Caswell 提交于
The travis logs are going above 4Mb causing the builds to fail. One test creates excessive output. This change reduces that output by approx 180k. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5694)
-
- 20 3月, 2018 16 次提交
-
-
由 Matt Caswell 提交于
Broken by commit 3e3c7c36. Fixes #5681 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5688)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
-
由 Richard Levitte 提交于
Without it, the RAND_POOL typedef is missing Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5685)
-
由 Dr. Matthias St. Pierre 提交于
[extended tests] The test_rand_reseed assumed that the global DRBGs were not used previously. This assumption is false when the tests are executed in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate them first and add a test for the first instantiation. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5680)
-
由 Richard Levitte 提交于
We did the SSL_CONF_cmd() pass last of all things that could affect the SSL ctx. However, the results of this, for example: -max_protocol TLSv1.3 -tls1_2 ... would mean that the protocol min got set to TLSv1.2 and the protocol max to TLSv1.3, when they should clearly both be TLSv1.2. However, if we see the SSL_CONF_cmd() switches as generic and those internal to s_client and s_server as specialisations, we get something that makes a little more sense. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5679)
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5677)
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5677)
-
由 Richard Levitte 提交于
The error string header files aren't supposed to be included directly, so there's no point testing that they can. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5678)
-
由 Richard Levitte 提交于
Have all test programs using that function specify those versions. Additionally, have the remaining test programs that use SSL_CTX_new directly specify at least the maximum protocol version. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Richard Levitte 提交于
If for nothing else, they are needed when doing a regression test Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
-
由 Matt Caswell 提交于
The fix in conf_include_test.c seems to be required because some compilers give an error if you give an empty string for the second argument to strpbrk(). It doesn't really make sense to send an empty string for this argument anyway, so make sure it has at least one character in it. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5666)
-
- 19 3月, 2018 16 次提交
-
-
由 Todd Short 提交于
Place the session ticket AES and HMAC keys into secure memory. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2351)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5667)
-
由 Rich Salz 提交于
Use shorter names for some defines, so also had to change the .c file that used them. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5669)
-
由 Tomas Mraz 提交于
When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4848)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Kurt Roeckx 提交于
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Kurt Roeckx 提交于
This avoids lock contention. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Jack Lloyd 提交于
Without actually using EVP_PKEY_FLAG_AUTOARGLEN Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Jack Lloyd 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Jack Lloyd 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Andy Polyakov 提交于
Since they intend to omit gcc, it's more appropriate to simply detect if there is NDK's clang on PATH, as opposite to requiring to specify it with CC=clang (and looking for it on PATH). Also detect NDK version and default to armv7-a for NDK>16. Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Current endianness detection is somewhat opportunistic and can fail in cross-compile scenario. Since we are more likely to cross-compile for little-endian now, adjust the default accordingly. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Adjusting ARM default broke clang support, and x86[_64] needed path adjustment. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Occasionally you have to pass -no-integrated-as to clang, but we consider any -no-option as no-option. Don't touch -no-integrated-as. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-