- Nov 11, 2016
-
-
Andy Polyakov authored
In order to minimize dependency on assembler version a number of post-SSE2 instructions are encoded manually. But in order to simplify the procedure only register operands are considered. Non-register operands are passed down to assembler. Module in question uses pshufb with memory operands, and old [GNU] assembler can't handle it. Fortunately in this case it's possible skip just the problematic segment without skipping SSSE3 support altogether. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The links weren't properly terminated with a " Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1901)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
-
Richard Levitte authored
When configured no-dso, there are no DSO_{whatever} macros defined. Therefore, before checking those, you have to check if OPENSSL_NO_DSO is defined. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1902)
-
- Nov 10, 2016
-
-
Richard Levitte authored
- the pod path hadn't been changed with the directory layout change - apparently, pod2html doesn't add ".html" at the end of links, making them useless, so we need to fix that With thanks for the report to Michel <michel.sales@free.fr> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1896)
-
Matt Caswell authored
The test loops through all the ciphers, attempting to test each one in turn. However version negotiation happens before cipher selection, so with TLSv1.3 switched on if we use a non-TLSv1.3 compatible cipher suite we get "no share cipher". Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Now that we can link specifically with static libraries, the immediate need to split ppccap.c (and eventually other *cap.c files) is no more. This reverts commit e3fb4d3d . Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
-
Richard Levitte authored
Very simply, support having the .a extension to denote depending on static libraries. Note that this is not supported on native Windows when building shared libraries, as there is not static library then, just an import library with the same name. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1890)
-
Richard Levitte authored
Instead of enumerating exactly those files in test/ that include ../ssl/ssl_locl.h, assume they all do. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1891)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
This is done by taking one vector, "corrupting" last bit of the tag value and verifying that decrypt fails. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Some of stone-age assembler can't cope with r0 in address. It's actually sensible thing to do, because r0 is shunted to 0 in address arithmetic and by refusing r0 assembler effectively makes you understand that. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Skip the test if the value after ":" is a disabled algorithm, rather than failing it Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 09, 2016
-
-
Matt Caswell authored
Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13() macro. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
No need to have a supported versions table and a versions table. They should be the same. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Send a TLS1.4 ClientHello with supported_versions and get TLS1.3 Send a TLS1.3 ClientHello without supported_versions and get TLS1.2 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Replace a bare ";" with "continue;" for the body of a for loop. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
If supported_versions is present it takes precedence. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
We can end up with a NULL SSL_METHOD function if a method has been disabled. If that happens then we shouldn't call vent->smeth(). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-