- Apr 24, 2019
-
-
Shane Lontis authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8762)
-
Richard Levitte authored
Because we depend on knowing if clang's address, memory or undefinedbehavior sanitizers are enabled, we make an extra effort to detect them among the C flags, and adjust the %disabled values accordingly. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8778)
-
- Apr 23, 2019
-
-
Richard Levitte authored
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8709)
-
Richard Levitte authored
This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the flag '-m' for 'openssl version'. Reviewed-by:
-
Richard Levitte authored
Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812)
-
Richard Levitte authored
Fixes #8787 Reviewed-by:
-
Richard Levitte authored
This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by:
-
Matt Caswell authored
[extended tests] Reviewed-by:
-
Matt Caswell authored
Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key(). Now that ciphers may come from providers we need to make sure we ask the provider for the value if appropriate. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/8792)
-
- Apr 20, 2019
-
-
Pauli authored
This only impacts FIPS mode or someone who has enabled the FIPS 140.2 4.9.2 Conditional Tests. i.e. nobody currently. Fix a significant issue in the entropy gathering for the continuous RNG testing. The impact is using an uninitialised buffer instead of the gathered entropy. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8789)
-
- Apr 19, 2019
-
-
dyrock authored
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We also lay the ground work for various of other the basic AES ciphers. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Richard Levitte authored
The comparator further down the call stack doesn't tolerate NULL, so if we got that as input, use the empty string. Reviewed-by:
-
Richard Levitte authored
OPENSSL_LH_flush() frees the linked lists for each slot, but didn't set the list head to NULL after doing so, with the result that an operation that affects these lists is likely to cause a crash. Reviewed-by:
-
Richard Levitte authored
ossl_method_store_cache_get() and ossl_method_store_cache_set() were called with a NULL argument for store, which means no caching is done. Give them a real store instead. Also, increment the refcount when we do get a method out of the cache. Reviewed-by:
-
- Apr 18, 2019
-
-
Richard Levitte authored
|str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8753)
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com> Reviewed-by:
-
- Apr 17, 2019
-
-
Andy Polyakov authored
The change is triggered by ThunderX2 where 3+1 was slower than scalar code path, but it helps all processors [to handle <512 inputs]. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- Apr 16, 2019
-
-
Tomas Mraz authored
Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
