- Feb 25, 2016
-
-
FdaSilvaYY authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rob Percival authored
Reviewed-by:
Ben Laurie <ben@openssl.org> Reviewed-by:
-
Adam Eijdenberg authored
Reviewed-by:
-
Rich Salz authored
Fixes github issue 463. Building the app without OPENSSL_NO_SOCK isn't supported, so only do OPENSSL_NO_OCSP. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
See also the discussion in https://github.com/openssl/openssl/pull/455 Reviewed-by:
-
Emilia Kasper authored
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
If the local system doesn't have GNU C or clang, and not even makedepend, the build will stop because the call of 'makedepend' fails. This changes so the build won't stop because of such failure. The result will be empty .d files, and that's ok. Reviewed-by: -
J Mohan Rao Arisankala authored
Signed-off-by:
Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
- Feb 24, 2016
-
-
Flavio Medeiros authored
This is also RT 4137 Signed-off-by:
Rich Salz <rsalz@akamai.com> Reviewed-by:
-
Rich Salz authored
Reviewed-by: -
Dr. Stephen Henson authored
The ssl_set_masks() function no longer depends on the cipher. This also means there is no need to set the masks for each cipher in ssl3_choose_cipher. Reviewed-by:
-
- Feb 23, 2016
-
-
Viktor Dukhovni authored
Reviewed-by:Kurt Roeckx <kurt@openssl.org>
-
Roumen Petrov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
RT#4284 Reviewed-by: -
Andy Polyakov authored
RT#4284 Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Different assembler versions disagree on how to interpret #-1 as argument to vmov.i64, as 0xffffffffffffffff or 0x00000000ffffffff. So replace it with something they can't disagree on. Reviewed-by: -
David Woodhouse authored
The entire contents of <internal/bn_conf.h> are unwanted in the UEFI build because we have to do it differently there. To support building for both 32-bit and 64-bit platforms without re-running the OpenSSL Configure script, the EDK2 environment defines THIRTY_TWO_BIT or SIXTY_FOUR_BIT for itself according to the target platform. The current setup is broken, though. It checks for OPENSSL_SYS_UEFI but before it's actually defined, since opensslconf.h hasn't yet been included. Let's fix that by including opensslconf.h. And also let's move the bn_conf.h doesn't even need to *exist* in the UEFI build environment. This is also GH PR736. Signed-off-by:
Tim Hudson <tjh@openssl.org>
-
J Mohan Rao Arisankala authored
Removing code, where memory was getting allocated for an unused variable Signed-off-by:
-
Rich Salz authored
Signed-off-by:
-
- Feb 22, 2016
-
-
Richard Levitte authored
These flags are limitting needlessly, are often patched by packagers, and should be specified on the configuration command line by anyone who desires for it to be specific rather than forced by us. This work was already done with mingw when those configs were worked on, now it gets applied to the remaining configs. Reviewed-by: -
Richard Levitte authored
In the earlier change, where static libraries get built with position independent code, OPENSSL_PIC was removed by mistake. This adds it back. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Emilia Kasper authored
Explicitly unpoison the result of FD_ZERO Tests now pass, using -fsanitize=memory Reviewed-by: -
FdaSilvaYY authored
Remove some duplicated NULL/zero init. Signed-off-by:
-
David Woodhouse authored
Adding -nostdinc to the EDK2 showed that we were including <inttypes.h> for some UEFI builds, because the check for __STDC_VERSION__ happens before the check for OPENSSL_SYS_UEFI. Fix that. Signed-off-by:
-
Matt Caswell authored
The commit 1288f26f says that it fixes no-async, but instead seems to break it. Therefore revert that change and fix no-async. Reviewed-by:
-
David Woodhouse authored
Provide an appropriate definition of PRIu64 for the EDK2 build, since we don't have <inttypes.h> there. Signed-off-by:
-
Rich Salz authored
Also removing confusing pointer-alias variable. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
