Skip to content
GitLab
  1. 16 Mar, 2015 4 commits
    • Richard Levitte's avatar
      Add base template processing. · 7d46b942
      Richard Levitte authored 
      

Base templates are templates that are used to inherit from.  They can
loosely be compared with parent class inheritance in object orientation.
They can be used for the same purpose as the variables with multi-field
strings are used in old-style string configurations.

Base templates are declared with the base_templates configuration
attribute, like so:

	"example_target" => {
		base_templates => [ "x86_asm", ... ]
		...
	}

Note: The value of base_templates MUST be an array reference (an array
enclosed in square brackets).

Any configuration target can be used as a base template by another.  It
is also possible to have a target that's a pure template and not meant to
be used directly as a configuration target.  Such a target is marked with
the template configuration attribute, like so:

	"example_template" => {
		template => 1,
		cc => "mycc",
		...
	},

As part of this commit, all variables with multi-field strings have been
translated to pure templates.  The variables currently remain since we
can't expect people to shift to hash table configurations immediately.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      7d46b942
    • Richard Levitte's avatar
      Add template reference processing. · 09816a2e
      Richard Levitte authored 
      

Template references are words with double brackets, and refer to the
same field in the target pointed at the the double bracketed word.

For example, if a target's configuration has the following entry:

    'cflags' => '-DFOO {{x86_debug}}'

... then {{x86_debug}} will be replaced with the 'cflags' value from
target 'x86_debug'.

Note: template references are resolved recursively, and circular
references are not allowed

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      09816a2e
    • Richard Levitte's avatar
      Rewrite Configure to handle the target values as hash tables. · aaf878cc
      Richard Levitte authored 
      

The reasoning is that configuration strings are hard to read and error
prone, and that a better way would be for them to be key => value hashes.

Configure is made to be able to handle target configuration values as a
string as well as a hash.  It also does the best it can to combine a
"debug-foo" target with a "foo" target, given that they are similar
except for the cflags and lflags values.  The latter are spliced into
options that are common for "debug-foo" and "foo", options that exist
only with "debug-foo" and options that exist only with "foo", and make
them into combinable attributes that holds common cflags, extra cflags
for debuggin and extra cflags for non-debugging configurations.

The next step is to make it possible to have template configurations.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      aaf878cc
    • Dr. Stephen Henson's avatar
      Make X509_ATTRIBUTE opaque. · 9b0a4531
      Dr. Stephen Henson authored 
      

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      9b0a4531
  3. 15 Mar, 2015 4 commits
  5. 14 Mar, 2015 2 commits
  7. 13 Mar, 2015 2 commits
  9. 12 Mar, 2015 14 commits
  11. 11 Mar, 2015 4 commits
  13. 10 Mar, 2015 3 commits
    • Emilia Kasper's avatar
      Harmonize return values in dtls1_buffer_record · 06c6a2b4
      Emilia Kasper authored 
      

Ensure all malloc failures return -1.

Reported by Adam Langley (Google).

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      06c6a2b4
    • Richard Godbee's avatar
      BIO_debug_callback: Fix output on 64-bit machines · 460e920d
      Richard Godbee authored 
      

BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      460e920d
    • Matt Caswell's avatar
      Prevent handshake with unseeded PRNG · e1b568dd
      Matt Caswell authored 
      

Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      e1b568dd
  15. 09 Mar, 2015 4 commits
  17. 08 Mar, 2015 3 commits