- Nov 19, 2014
-
-
Dr. Stephen Henson authored
Don't send or parse any extensions other than RI (which is needed to handle secure renegotation) for SSLv3. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c) Conflicts: ssl/ssl.h ssl/ssl_err.c
-
- Nov 18, 2014
-
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Nov 17, 2014
-
-
Jan Hykel authored
Don't attempt to access msg structure if recvmsg returns an error. PR#3483 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 16, 2014
-
-
Mike Bland authored
Change-Id: I626d751f19f24df6b967c17498d6189cc0acb96c Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
This is the only Makefile without SRC defined. This change enables a standard Makefile include directive to cover crypto/jpake/*.d files. This was automatically applied by AddSrcVarIfNeeded() in: https://code.google.com/p/mike-bland/source/browse/openssl/update_makefiles.py Change-Id: I030204a1bc873b5de5b06c8ddc0b94bb224c6650 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
These correspond to targets of the same name in test/Makefile that clash when using the single-makefile build method using GitConfigure and GitMake. Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
Before this change, variables for which a '=' appeared in the assignment would be parsed as the entire string up until the final '='. For example: BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ would result in the variable name "BUILD_CMD=shlib_target". This doesn't appear to harm the current generation of MINFO, but creates problems for other Makefile-related work I'm attempting. Change-Id: I1f3a606d67fd5464bb459e8f36c23b3e967b77e1 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
These are based on debug-ben-debug-64-clang and is intended to produce consistent settings for folks involved in the unit testing effort detailed at: http://wiki.openssl.org/index.php/Unit_Testing -fsanitize has been removed from the set of clang flags for now. Apparently clang 3.1, which ships with FreeBSD 9.1, completely ignores -fsanitize. Clang 3.3, which ships with FreeBSD 9.2, compiles with it, but fails to link due to the absence of libasan: http://lists.freebsd.org/pipermail/freebsd-hackers/2013-December/043995.html https://www.mail-archive.com/cfe-commits@cs.uiuc.edu/msg92260.html http://reviews.llvm.org/D2644 We need -Wno-error=unused-const-variable because of this error: .../crypto/ec/ec_lib.c:74:19: error: unused variable 'EC_version' [-Werror,-Wunused-const-variable] static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; Change-Id: I2cba53537137186114c083049ea1233550a741f9 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
This fixes the errors when trying to assemble .s files using GitMake on OS X. Change-Id: I2221f558619302d22e0c57d7203173d634155678 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
cscope.out is generated by cscope as described in: http://wiki.openssl.org/index.php/Testing_and_Development_Tools_and_Tips .d files are compiler-generated Makefile dependency files (e.g. using 'gcc -MMD -MP foo.c'). Change-Id: I2338858a6b6ee0527837d10a8b55cff1689023fd Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 13, 2014
-
-
Dr. Stephen Henson authored
Print out more details of the conection in ssltest specifically: server certificate curve name for EC, server temporary key (if any) and peer signing digest. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Add command line support for SSL_CONF: server side arguments are prefixed by -s_ (e.g. -s_no_ssl3) and client side with -c_. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
If the hash or public key algorithm is "undef" the signature type will receive special handling and shouldn't be included in the cross reference table. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 12, 2014
-
-
Alok Menghrajani authored
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl is just an int*. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Michal Bozon authored
PR#3535 Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Nov 11, 2014
-
-
Kurt Roeckx authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 10, 2014
-
-
Russell Coker authored
This doesn't really fix the datarace but changes it so it can only happens once. This isn't really a problem since we always just set it to the same value. We now just stop writing it after the first time. PR3584, https://bugs.debian.org/534534 Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 30, 2014
-
-
Andy Polyakov authored
PR: 3474 Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Oct 29, 2014
-
-
Dr. Stephen Henson authored
The trial division and probable prime with coprime tests are disabled on WIN32 builds because they use internal functions not exported from the WIN32 DLLs. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Oct 28, 2014
-
-
Samuel Neves authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
- Oct 24, 2014
-
-
Dr. Stephen Henson authored
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the supported signature algorithms and raw cipherlist. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Oct 23, 2014
-
-
Andy Polyakov authored
Facilitate switch to custom scatter-gather routines. This modification does not change algorithms, only makes it possible to implement alternative. This is achieved by a) moving precompute table to assembly (perlasm parses ecp_nistz256_table.c and is free to rearrange data to match gathering algorithm); b) adhering to explicit scatter subroutine (which for now is simply a memcpy). First implementations that will use this option are 32-bit assembly implementations, ARMv4 and x86, where equivalent of current read-whole-table-select-single-value algorithm is too time-consuming. [On side note, switching to scatter-gather on x86_64 would allow to improve server-side ECDSA performance by ~5%]. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Steve Marquess <marquess@openssl.org>
-
- Oct 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 21, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bodo Moeller authored
listed after TLS_FALLBACK_SCSV. RT: 3575 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
Kurt Roeckx authored
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc2 . Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-