Age | Commit message (Collapse) | Author |
|
Fixes travis build errors due to clang
error: unknown warning option '-Wno-extended-offsetof'
It seems like '-Wextended-offsetof' was removed from clang in version 6.0.0,
(see [1], [2]). While gcc ignores unknown options of the type '-Wno-xxx',
clang by default issues a warning [-Wunknown-warning-option] (see [3]), which
together with '-Werror' causes the build to fail.
This commit adds the '-Wno-unknown-warning-option' option to make clang
behave more relaxed like gcc.
[1] https://reviews.llvm.org/D40267
[2] https://github.com/llvm/llvm-project/commit/52a3ca9e2909
[3] https://clang.llvm.org/docs/DiagnosticsReference.html#wunknown-warning-option
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9446)
|
|
Fixes #2490
Fixes #8711
In commit 6db8e3bdc9e, support for Android Arm 64-bit was added to
the OpenSSL FIPS Object Module. For some reason, the corresponding
target 'android64-aarch64' was missing OpenSSL 1.0.2, whence it
could not be built with FIPS support on Android Arm 64-bit.
This commit adds the missing target.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8713)
|
|
Fixes #6241
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6248)
|
|
Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't
support dependency generation and one still has to use makedepend. It's
unclear when it was fixed, but all clang-based Apple compilers seem to
support -M options.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6073)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5566)
|
|
Looking for 'gcc' and 'clang' in the output from the C compiler is
uncertain. Some versions report argv[0], which might be /usr/bin/cc
(for example), and others might mention gcc without being gcc or a
derivate.
Better then to fetch predefined macros and checking if __GNUC__ and
__clang__ are defined.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4755)
|
|
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At
some point it was somehow omitted. It's argued that it allows to
keep better focus on new code, which motivates the comeback...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4718)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2714)
|
|
If someone tries this:
MAKE='make -j8' ./config
then Configure ends up doing this:
make -j8 links depend gentests
Doing those three in parallell leads to a race condition that may very well
cause issue such as tests not being run (because they all get linked to a
dummy that does nothing instead of the real test).
To mitigate this, execute the three targets in one make call each.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2332)
|
|
This is 1.0.2-specific reformat of 5ae5dc96610f0a598dac9d2f267b5c0ddd77b2e4.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
When Makefile/opensslconf.h is unchanged, don't write it at all.
Currently every time Configure is executed, these files are overwritten.
Makefile leads to regeneration of buildinf.h, and opensslconf.h is itself
a central header.
As a result, Configure triggers full rebuild, even if nothing is changed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1370)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM. However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented. Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.
For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.
(partly cherry picked from commit 216e8d91033d237880cff7da0d02d46d47bae41b)
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not
possible to do no-tls1_1 or no-tls1_2 in 1.0.2).
Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows
that disabling TLS1.0 should force the disabling of tlsext.
Also a few missing ifdef guards.
GitHub Iusse#935
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
RT#2558
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
SSLv2 is by default disabled at build-time. Builds that are not
configured with "enable-ssl2" will not support SSLv2. Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed. Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
Mitigation for CVE-2016-0800
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
For BSD systems, Configure adds a shared_ldflags including a reference
to the Makefile variable LIBRPATH, but since it must be passed down to
Makefile.shared, care must be taken so the value of LIBRPATH doesn't
get expanded too early, or it ends up giving an empty string.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit c64879d3f3cc4c7f1c436a9fe3bd109847a23629)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 2e31ef0366d368ac8cf7f5ecc9052bff27337799)
|
|
./Configure [target] --strict-warnings -Wno-pedantic-ms-format
would not add '-pedantic' because it matches '-Wno-pedantic-ms-format',
which was added first.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6703c4ea87b30554283deaa5df1f8d68725d3ee4)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Disable -Wshadow error when building with GCC
Add support for linu-x86_64-clang debug; this is needed for Travis CI.
Disable linux-clang and mingw debug builds on Travis CI; not supported.
Fix Travis email notifications config
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
flags needed to keep it happy.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#3860
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
We use GNU statement expressions in crypto/md32_common.h, surrounded
by checks that GNU C is indeed used to compile. It seems that clang,
at least on Linux, pretends to be GNU C, therefore finds the statement
expressions and then warns about them.
The solution is to have clang be quiet about it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 04958e84d8079fa57a782db70f003c38b5b156fd)
|
|
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)
Conflicts:
Configure
|
|
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911)
Conflicts:
Configure
crypto/ui/ui_openssl.c
|
|
Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN.
Drop outdated Cygwin targets.
RT#3605
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 732c5a6b928f10de4d6ca0394f49e9938a47a93b)
Resolved conflicts:
Configure
TABLE
|
|
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1669e1c205dc8e695fb0c10a655f434e758b9f7)
|
|
This change documents the world as-is, by turning all warnings on,
and then turning warnings that trigger off again.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.
When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.
We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 3881d8106df732fc433d30446625dfa2396da42d)
|
|
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 847147908bc7596195debb48a554a8cade2075f7)
Resolved conflicts:
Configure
TABLE
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327526beb25a4c31c1ef63e72f5f8a4b0)
Resolved conflicts:
Configure
Makefile.org
TABLE
|
|
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Cherry-pick of commit 17e80c6bd05de7406a65116f34ed59665607d8d5
|
|
|
|
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.
By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4fbd27577fb519d9aea2dc788742715)
Conflicts:
ssl/heartbeat_test.c
ssl/ssl.h
util/mkdef.pl
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
(cherry picked from commit 77a27a5066e8c0975d78be635ed356749a6f16db)
|
|
(cherry picked from commit 82741e9c8980f96e4b3bba9e54e5904bc3e385bd)
|
|
|
|
(cherry picked from commit f8aab6174c217fe4764652dab926e434e7838ce8)
|
|
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.
Submitted by: Ard Biesheuvel.
(cherry picked from commit e8d93e342b4b7d43c73e955e81e227c514d389d9)
|
|
Remove experimental DANE/dnssec code: not ready for use in an
official release yet.
|
|
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
|
|
(cherry picked from commit 4ca026560a211ef2143199e4531aae377878e17a)
|
|
(cherry picked from commit 7bb9d84e35dce137c4479915ab0cbdb10ad0cf1d)
|
|
|
|
(and remove duplicates).
|