- Mar 19, 2018
-
-
Jack Lloyd authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
Jack Lloyd authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
Andy Polyakov authored
Since they intend to omit gcc, it's more appropriate to simply detect if there is NDK's clang on PATH, as opposite to requiring to specify it with CC=clang (and looking for it on PATH). Also detect NDK version and default to armv7-a for NDK>16. Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Andy Polyakov authored
Current endianness detection is somewhat opportunistic and can fail in cross-compile scenario. Since we are more likely to cross-compile for little-endian now, adjust the default accordingly. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Andy Polyakov authored
Adjusting ARM default broke clang support, and x86[_64] needed path adjustment. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Andy Polyakov authored
Occasionally you have to pass -no-integrated-as to clang, but we consider any -no-option as no-option. Don't touch -no-integrated-as. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
-
Bernd Edlinger authored
Don't pass a pointer to uninitialized processed value for BIO_CB_READ and BIO_CB_WRITE Check the correct cmd code in BIO_callback_ctrl Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5516)
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5645)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5665)
-
Matt Caswell authored
Raw private/public key loading may fail for X25519/X448 if ec has been disabled. Also fixed a missing blank line in evppkey.txt resulting in a warning in the test output. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5664)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
Matt Caswell authored
If the server is configured to allow early data then we check if the PSK session presented by the client is available in the cache or not. If it isn't then this may be a replay and we disallow it. If it is then we allow it and remove the session from the cache. Note: the anti-replay protection is not used for externally established PSKs. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
Matt Caswell authored
We should only update the session cache when we issue a NewSessionTicket. These are issued automatically after processing a client certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
Matt Caswell authored
Conceptually in TLSv1.3 there can be multiple sessions associated with a single connection. Each NewSessionTicket issued can be considered a separate session. We can end up issuing multiple NewSessionTickets on a single connection at the moment (e.g. in a post-handshake auth scenario). Each of those issued tickets should have the new_session_cb called, it should go into the session cache separately and it should have a unique id associated with it (so that they can be found individually in the cache). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
-
JeffZhao authored
VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin, which is a fabless x86 CPU IC design company. ZhaoXin has issued ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5640)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5660)
-
Richard Levitte authored
When doing a regression test, it's obvious that the version test/shlibloadtest is built for will not be the same as the library version. So we change the test to check for assumed compatibility. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5619)
-
Richard Levitte authored
This is only useful when building shared libraries. This allows us to run our tests against newer libraries when the time comes. Simply do this: OPENSSL_REGRESSION=/other/OpenSSL/build/tree make test ($OPENSSL_REGRESSION *must* be an absolute path) Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5619)
-
- Mar 18, 2018
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5647)
-
- Mar 17, 2018
-
-
Dr. Matthias St. Pierre authored
- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey - bechmark -> benchmark - ciperhsuite -> ciphersuite - EncyptedPreMasterSecret -> EncryptedPreMasterSecret Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5570)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5653)
-
Kurt Roeckx authored
There is a requirements of having access to a live entropy source which we can't do with the default callbacks. If you need prediction resistance you need to set up your own callbacks that follow the requirements of NIST SP 800-90C. Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5402
-
Kurt Roeckx authored
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5402
-
Bernd Edlinger authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5650)
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5648)
-
Bernd Edlinger authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5646)
-
Bernd Edlinger authored
Fixes: #5567 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5624)
-
- Mar 16, 2018
-
-
Dr. Matthias St. Pierre authored
This commit adds a new api RAND_DRBG_set_defaults() which sets the default type and flags for new DRBG instances. See also #5576. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5632)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5641)
-
Richard Levitte authored
There were a few environment variables that we supported in earlier Configure versions which got transfered to the %user table. This change makes sure that we still support them, by simply pre-populating the corresponding %user entries with those environment values. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5641)
-
Richard Levitte authored
The original intent was that if someone had a "make variable" set in any kind of way, be it as an environment variable or as an argument to Configure, we wouldn't allow compiler or linker flags as arguments as well. That made both of these configurations equivalently impossible: ./Configure target CFLAGS=-foo -lextra CFLAGS=-foo ./Configure target -lextra While this makes things look nice and consistent, real world use makes this hard, as many projects where OpenSSL is a component also set these variables for other components that use GNU autotools. Therefore, we need to adapt our Configure accordingly. By consequence, the two Configure lines above will not be equivalent any more: ./Configure target CFLAGS=-foo -lextra This command line will still fail, because the "make variable" was given as a command line argument. This cannot be a mistake and is therefore not allowed. CFLAGS=-foo ./Configure target -lextra This command line will work, but because there is a linker flag as a command line argument, the environment (i.e. CFLAGS) is ignored. That isn't quite consistent with the previous command, but is the old Configure behavior, before the support for "make variables" was added, and is therefore the backward compatible behavior. Fixes google/oss-fuzz#1244 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5641)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
Richard Levitte authored
In the end, it's more efficient to only have one perl instance (that loads configdata.pm) dealing with dependency files than running one (that still loads configdata.pm) for each such file. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
- Mar 15, 2018
-
-
Richard Levitte authored
Affected symbol names: generate_stateless_cookie_callback verify_stateless_cookie_callback Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5633)
-