- 08 12月, 2017 5 次提交
-
-
由 Richard Levitte 提交于
This is, even when they contain spaces or all kinds of funny quotes Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
由 Richard Levitte 提交于
This way, any of the relevant environment variables for the platform being configured are preserved and don't have to be recalled manually when reconfiguring. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
由 Richard Levitte 提交于
In other words, make the following possible: ./config CC=clang or ./Configure CC=clang linux-x86_64 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
由 Richard Levitte 提交于
There are cases when we overwrite %ENV values, and while this is perfectly fine on some platforms, it isn't on others, because the Configure script isn't necessarely run in a separate process, and thus, changing %ENV may very well change the environment of the calling shell. VMS is such a platform. Furthermore, saving away values that we use also allow us to save them in configdata.pm in an effective way, and recall those values just as effectively when reconfiguring. Also, this makes sure that we do use the saved away values when reconfiguring, when the actual environment variables might otherwise affect us. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
- 07 12月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4867)
-
- 06 12月, 2017 7 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Test reading/writing to an SSL object after a fatal error has been detected. This CVE only affected 1.0.2, but we should add it to other branches for completeness. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Credit to OSS-Fuzz for finding this. CVE-2017-3738 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The check_fatal macro is supposed to only be called if we are already expecting to be in the fatal state. The macro asserts that we are and puts us into the fatal state if not. This issue combined with the problem fixed in the previous commit meant that the fuzzer detected a crash at a point in the processing when we should have already been in the fatal state. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)
-
由 Matt Caswell 提交于
The recent SSL error overhaul left a case where an error occurs but SSLfatal() is not called. Credit to OSSfuzz for finding this issue. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4846)
-
- 05 12月, 2017 7 次提交
-
-
由 Rich Salz 提交于
Thanks to Michel Sales for the suggestion. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4849)
-
由 Daniel Bevenius 提交于
CLA: trivial Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4845)
-
由 MerQGh 提交于
This line will allow use private keys, which created by Crypto Pro, to sign with OpenSSL. CLA: trivial Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4836)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4830)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4830)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4830)
-
由 Andy Polyakov 提交于
This initial commit is unoptimized reference version that handles input lengths divisible by 4 blocks. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4830)
-
- 04 12月, 2017 18 次提交
-
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4837)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4834)
-
由 Patrick Steuer 提交于
Add speed tool options to run cipher, digest and rand benchmarks for a single buffer size specified by -bytes over a time interval specified by -seconds. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4834)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
The most likely explanation for us ending up at this point in the code is that we were called by the user application incorrectly - so use an appropriate error code. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
An error reason code has changed for one of the boring tests, so ossl_config.json needed an update to take account of it. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Follow up from the conversion to use SSLfatal() in the state machine to clean things up a bit more. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
We shouldn't call SSLfatal() multiple times for the same error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Sometimes at the top level of the state machine code we know we are supposed to be in a fatal error condition. This commit adds some sanity checks to ensure that SSLfatal() has been called. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
This is an initial step towards using SSLfatal() everywhere. Initially in this commit and in subsequent commits we focus on the state machine code. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Typically if a fatal error occurs three things need to happen: - Put an error on the error queue - Send an alert - Put the state machine into the error state Although all 3 of these things need to be done every time we hit a fatal error the responsibilities for doing this are distributed throughout the code. The place where the error goes on the queue, where the alert gets sent and where the state machine goes into the error state are almost invariably different. It has been a common pattern to pass alert codes up and down the stack to get the alert information from the point in the code where the error is detected to the point in the code where the alert gets sent. This commit provides an SSLfatal() macro (backed by an ossl_statem_fatal function) that does all 3 of the above error tasks. This is largely a drop in replacement for SSLerr, but takes a couple of extra parameters (the SSL object, and an alert code). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
- 03 12月, 2017 1 次提交
-
-
由 Markus Sauermann 提交于
CLA: trivial Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4835)
-
- 01 12月, 2017 1 次提交
-
-
由 Viktor Dukhovni 提交于
This small change in the Unix template and shared library build scripts enables building "variant" shared libraries. A "variant" shared library has a non-default SONAME, and non default symbol versions. This makes it possible to build (say) an OpenSSL 1.1.0 library that can coexist without conflict in the same process address space as the system's default OpenSSL library which may be OpenSSL 1.0.2. Such "variant" shared libraries make it possible to link applications against a custom OpenSSL library installed in /opt/openssl/1.1 or similar location, and not risk conflict with an indirectly loaded OpenSSL runtime that is required by some other dependency. Variant shared libraries have been fully tested under Linux, and build successfully on MacOS/X producing variant DYLD names. MacOS/X Darwin has no symbol versioning, but has a non-flat library namespace. Variant libraries may therefore support multiple OpenSSL libraries in the same address space also with MacOS/X, despite lack of symbol versions, but this has not been verified. Variant shared libraries are optional and off by default. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-