- 20 3月, 2018 12 次提交
-
-
由 Richard Levitte 提交于
Without it, the RAND_POOL typedef is missing Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5685)
-
由 Dr. Matthias St. Pierre 提交于
[extended tests] The test_rand_reseed assumed that the global DRBGs were not used previously. This assumption is false when the tests are executed in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate them first and add a test for the first instantiation. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5680)
-
由 Richard Levitte 提交于
We did the SSL_CONF_cmd() pass last of all things that could affect the SSL ctx. However, the results of this, for example: -max_protocol TLSv1.3 -tls1_2 ... would mean that the protocol min got set to TLSv1.2 and the protocol max to TLSv1.3, when they should clearly both be TLSv1.2. However, if we see the SSL_CONF_cmd() switches as generic and those internal to s_client and s_server as specialisations, we get something that makes a little more sense. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5679)
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5677)
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5677)
-
由 Richard Levitte 提交于
The error string header files aren't supposed to be included directly, so there's no point testing that they can. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5678)
-
由 Richard Levitte 提交于
Have all test programs using that function specify those versions. Additionally, have the remaining test programs that use SSL_CTX_new directly specify at least the maximum protocol version. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Richard Levitte 提交于
If for nothing else, they are needed when doing a regression test Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
-
由 Matt Caswell 提交于
The fix in conf_include_test.c seems to be required because some compilers give an error if you give an empty string for the second argument to strpbrk(). It doesn't really make sense to send an empty string for this argument anyway, so make sure it has at least one character in it. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5666)
-
- 19 3月, 2018 28 次提交
-
-
由 Todd Short 提交于
Place the session ticket AES and HMAC keys into secure memory. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2351)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5667)
-
由 Rich Salz 提交于
Use shorter names for some defines, so also had to change the .c file that used them. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5669)
-
由 Tomas Mraz 提交于
When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4848)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Kurt Roeckx 提交于
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Kurt Roeckx 提交于
This avoids lock contention. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
由 Jack Lloyd 提交于
Without actually using EVP_PKEY_FLAG_AUTOARGLEN Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Jack Lloyd 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Jack Lloyd 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Andy Polyakov 提交于
Since they intend to omit gcc, it's more appropriate to simply detect if there is NDK's clang on PATH, as opposite to requiring to specify it with CC=clang (and looking for it on PATH). Also detect NDK version and default to armv7-a for NDK>16. Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Current endianness detection is somewhat opportunistic and can fail in cross-compile scenario. Since we are more likely to cross-compile for little-endian now, adjust the default accordingly. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Adjusting ARM default broke clang support, and x86[_64] needed path adjustment. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Andy Polyakov 提交于
Occasionally you have to pass -no-integrated-as to clang, but we consider any -no-option as no-option. Don't touch -no-integrated-as. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
由 Bernd Edlinger 提交于
Don't pass a pointer to uninitialized processed value for BIO_CB_READ and BIO_CB_WRITE Check the correct cmd code in BIO_callback_ctrl Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5516)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5645)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5665)
-
由 Matt Caswell 提交于
Raw private/public key loading may fail for X25519/X448 if ec has been disabled. Also fixed a missing blank line in evppkey.txt resulting in a warning in the test output. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5664)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 Matt Caswell 提交于
If the server is configured to allow early data then we check if the PSK session presented by the client is available in the cache or not. If it isn't then this may be a replay and we disallow it. If it is then we allow it and remove the session from the cache. Note: the anti-replay protection is not used for externally established PSKs. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 Matt Caswell 提交于
We should only update the session cache when we issue a NewSessionTicket. These are issued automatically after processing a client certificate. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 Matt Caswell 提交于
Conceptually in TLSv1.3 there can be multiple sessions associated with a single connection. Each NewSessionTicket issued can be considered a separate session. We can end up issuing multiple NewSessionTickets on a single connection at the moment (e.g. in a post-handshake auth scenario). Each of those issued tickets should have the new_session_cb called, it should go into the session cache separately and it should have a unique id associated with it (so that they can be found individually in the cache). Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
由 JeffZhao 提交于
VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin, which is a fabless x86 CPU IC design company. ZhaoXin has issued ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5640)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5660)
-