[openssl-commits] Build failed: openssl master.1037
Build openssl master.1037 failed Commit 04b76df3f7 by Richard Levitte on 2/12/2016 3:42 AM: make generate Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 27f172d9a3f3ec9901439b4823c95788598fa367 (commit) from 143e5e50f22eaff58e90dd20bdb66eae6ab3b53e (commit) - Log - commit 27f172d9a3f3ec9901439b4823c95788598fa367 Author: Rich SalzDate: Thu Feb 11 09:33:51 2016 -0500 GH620: second diff from rt-2275, adds error code clean up and apply patches from RT-2275 Signed-off-by: Rich Salz Reviewed-by: Richard Levitte --- Summary of changes: crypto/bio/b_sock.c | 32 include/openssl/err.h | 1 + 2 files changed, 33 insertions(+) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 3e17bec..4ae08d2 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -379,8 +379,40 @@ int BIO_socket_nbio(int s, int mode) l = mode; # ifdef FIONBIO +l = mode; + ret = BIO_socket_ioctl(s, FIONBIO, ); +# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) +/* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ + +l = fcntl(s, F_GETFL, 0); +if (l == -1) { +SYSerr(SYS_F_FCNTL, get_last_rtl_error()); +ret = -1; +} else { +# if defined(O_NONBLOCK) +l &= ~O_NONBLOCK; +# else +l &= ~FNDELAY; /* BSD4.x */ +# endif +if (mode) { +# if defined(O_NONBLOCK) +l |= O_NONBLOCK; +# else +l |= FNDELAY; /* BSD4.x */ +# endif +} +ret = fcntl(s, F_SETFL, l); + +if (ret < 0) { +SYSerr(SYS_F_FCNTL, get_last_rtl_error()); +} +} +# else +/* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ +BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT); # endif + return (ret == 0); } diff --git a/include/openssl/err.h b/include/openssl/err.h index bdf8308..390ee74 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -310,6 +310,7 @@ typedef struct err_state_st { # define ERR_R_INTERNAL_ERROR(4|ERR_R_FATAL) # define ERR_R_DISABLED (5|ERR_R_FATAL) # define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) /* * 99 is the maximum possible ERR_R_... code, higher values are reserved for _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 17a723885e8a875fc19d5140f580f80a113ba78f (commit) from 27f172d9a3f3ec9901439b4823c95788598fa367 (commit) - Log - commit 17a723885e8a875fc19d5140f580f80a113ba78f Author: Viktor DukhovniDate: Wed Feb 10 23:53:54 2016 -0500 Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey Reviewed-by: Rich Salz --- Summary of changes: ssl/statem/statem_lib.c | 51 +++-- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 49b5e48..6d4a536 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -599,43 +599,32 @@ int tls_get_message_body(SSL *s, unsigned long *len) return 1; } -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) +int ssl_cert_type(X509 *x, EVP_PKEY *pk) { -EVP_PKEY *pk; -int ret = -1, i; - -if (pkey == NULL) -pk = X509_get_pubkey(x); -else -pk = pkey; -if (pk == NULL) -goto err; - -i = EVP_PKEY_id(pk); -if (i == EVP_PKEY_RSA) { -ret = SSL_PKEY_RSA_ENC; -} else if (i == EVP_PKEY_DSA) { -ret = SSL_PKEY_DSA_SIGN; -} +if (pk == NULL && +(pk = X509_get0_pubkey(x)) == NULL) +return -1; + +switch (EVP_PKEY_id(pk)) { +default: +return -1; +case EVP_PKEY_RSA: +return SSL_PKEY_RSA_ENC; +case EVP_PKEY_DSA: +return SSL_PKEY_DSA_SIGN; #ifndef OPENSSL_NO_EC -else if (i == EVP_PKEY_EC) { -ret = SSL_PKEY_ECC; -} +case EVP_PKEY_EC: +return SSL_PKEY_ECC; #endif #ifndef OPENSSL_NO_GOST -else if (i == NID_id_GostR3410_2001) { -ret = SSL_PKEY_GOST01; -} else if (i == NID_id_GostR3410_2012_256) { -ret = SSL_PKEY_GOST12_256; -} else if (i == NID_id_GostR3410_2012_512) { -ret = SSL_PKEY_GOST12_512; +case NID_id_GostR3410_2001: +return SSL_PKEY_GOST01; +case NID_id_GostR3410_2012_256: +return SSL_PKEY_GOST12_256; +case NID_id_GostR3410_2012_512: +return SSL_PKEY_GOST12_512; } #endif - - err: -if (!pkey) -EVP_PKEY_free(pk); -return (ret); } int ssl_verify_alarm_type(long type) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#1693 (master - 124cbe1)
Build Update for openssl/openssl - Build: #1693 Status: Still Failing Duration: 1 hour, 41 minutes, and 50 seconds Commit: 124cbe1 (master) Author: Richard Levitte Message: Make comment match reality Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/b1a99374aec1...124cbe188753 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108439417 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via efd801418710d1bb5c74aeab2cf3c9ac9ea094b1 (commit) from d9af9e693bbd976b1afa3a8719bcf096930361f0 (commit) - Log - commit efd801418710d1bb5c74aeab2cf3c9ac9ea094b1 Author: Richard LevitteDate: Thu Feb 11 16:19:40 2016 +0100 Update the support info in some OpenSSL versions --- Summary of changes: policies/releasestrat.html | 14 +- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 1df590a..9f7ffee 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -52,14 +52,11 @@ project has adopted the following policy: - Support for version 0.9.8 will cease on 2015-12-31. No - further releases of 0.9.8 will be made after that - date. Security fixes only will be applied to 0.9.8 until - then. - Support for version 1.0.0 will cease on 2015-12-31. No - further releases of 1.0.0 will be made after that - date. Security fixes only will be applied to 1.0.0 until - then. + Support for version 1.0.1 will cease on 2016-12-31. No + further releases of 1.0.1 will be made after that date. + Security fixes only will be applied to 1.0.1 until then. + Version 1.0.0 is no longer supported. + Version 0.9.8 is no longer supported. We may designate a release as a Long Term Support (LTS) @@ -73,7 +70,6 @@ as appropriate. - Version 1.0.1 will be supported until 2016-12-31. Version 1.0.2 will be supported until 2019-12-31. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit) from ce023e77d7b208016276157fa14a6e2636649e85 (commit) - Log - commit 221c7b55e35a952f517c3c2237feb3c1044b7dd9 Author: Dr. Stephen HensonDate: Thu Feb 11 15:25:11 2016 + Don't check self signed certificate signature security. Reviewed-by: Richard Levitte --- Summary of changes: ssl/t1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e0e0cb9..d7a6f95 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ int secbits = -1, md_nid = NID_undef, sig_nid; +/* Don't check signature if self signed */ +if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) +return 1; sig_nid = X509_get_signature_nid(x); if (sig_nid && OBJ_find_sigid_algs(sig_nid, _nid, NULL)) { const EVP_MD *md; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6bb2106e24a16e12ce03a244a56c7c5fc7eab96a (commit) from 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit) - Log - commit 6bb2106e24a16e12ce03a244a56c7c5fc7eab96a Author: Richard LevitteDate: Thu Feb 11 20:00:57 2016 +0100 Add the generate mechanism from unixmake to unix-Makefile.tmpl Reviewed-by: Rich Salz --- Summary of changes: Configurations/unix-Makefile.tmpl | 44 ++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 75516cc..2b495e9 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -474,7 +474,9 @@ uninstall_html_docs: # Developer targets (note: these are only available on Unix) # -update: errors ordinals tags test_ordinals +update: generate errors ordinals + +generate: generate_apps generate_crypto_bn generate_crypto_objects # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) @@ -487,6 +489,14 @@ update: errors ordinals tags test_ordinals lint: lint -DLINT $(INCLUDES) $(SRCS) +generate_apps: $(SRCDIR)/apps/openssl-vms.cnf + +generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h + +generate_crypto_objects: $(SRCDIR)/crypto/objects/obj_dat.h \ + $(SRCDIR)/include/openssl/obj_mac.h \ + $(SRCDIR)/crypto/objects/obj_xref.h + errors: ( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c ) ( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write ) @@ -569,6 +579,38 @@ copy-certs: FORCE cp -R "$(SRCDIR)/certs" "$(BLDDIR)/"; \ fi +$(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf + $(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \ +< $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf + +$(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl + $(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h + +$(SRCDIR)/crypto/objects/obj_dat.h: $(SRCDIR)/crypto/objects/obj_dat.pl \ +$(SRCDIR)/include/openssl/obj_mac.h + $(PERL) $(SRCDIR)/crypto/objects/obj_dat.pl \ +$(SRCDIR)/include/openssl/obj_mac.h \ +$(SRCDIR)/crypto/objects/obj_dat.h + +# objects.pl both reads and writes obj_mac.num +$(SRCDIR)/include/openssl/obj_mac.h: $(SRCDIR)/crypto/objects/objects.pl \ + $(SRCDIR)/crypto/objects/objects.txt \ + $(SRCDIR)/crypto/objects/obj_mac.num + $(PERL) $(SRCDIR)/crypto/objects/objects.pl \ +$(SRCDIR)/crypto/objects/objects.txt \ +$(SRCDIR)/crypto/objects/obj_mac.num \ +$(SRCDIR)/include/openssl/obj_mac.h + @sleep 1; touch $(SRCDIR)/include/openssl/obj_mac.h; sleep 1 + +$(SRCDIR)/crypto/objects/obj_xref.h: $(SRCDIR)/crypto/objects/objxref.pl \ + $(SRCDIR)/crypto/objects/obj_xref.txt \ + $(SRCDIR)/crypto/objects/obj_mac.num + $(PERL) $(SRCDIR)/crypto/objects/objxref.pl \ +$(SRCDIR)/crypto/objects/obj_mac.num \ +$(SRCDIR)/crypto/objects/obj_xref.txt \ +> $(SRCDIR)/crypto/objects/obj_xref.h + @sleep 1; touch $(SRCDIR)/crypto/objects/obj_xref.h; sleep 1 + FORCE : # Building targets ### _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 4ef29667abafae1726269fa1b4397443792d0326 (commit) via a85dbf115c34dfd0eaee7d73d7271f3673fd2286 (commit) from 6bb2106e24a16e12ce03a244a56c7c5fc7eab96a (commit) - Log - commit 4ef29667abafae1726269fa1b4397443792d0326 Author: Andy PolyakovDate: Thu Feb 11 09:39:37 2016 +0100 poly1305/asm/poly1305-x86_64.pl: MacOS X portability fix. Reviewed-by: Viktor Dukhovni commit a85dbf115c34dfd0eaee7d73d7271f3673fd2286 Author: Andy Polyakov Date: Thu Feb 11 00:36:48 2016 +0100 poly1305/asm/poly1305-x86_64.pl: fix mingw64 build. Reviewed-by: Tim Hudson --- Summary of changes: crypto/poly1305/asm/poly1305-x86_64.pl | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index d991365..b827d24 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -129,7 +129,9 @@ $code.=<<___; .externOPENSSL_ia32cap_P .globl poly1305_init -.type poly1305_init,\@function,2 +.globl poly1305_blocks +.globl poly1305_emit +.type poly1305_init,\@function,3 .align 32 poly1305_init: xor %rax,%rax @@ -172,10 +174,10 @@ $code.=<<___; ret .size poly1305_init,.-poly1305_init -.globl poly1305_blocks .type poly1305_blocks,\@function,4 .align 32 poly1305_blocks: +.Lblocks: sub \$16,$len # too short? jc .Lno_data @@ -231,10 +233,10 @@ $code.=<<___; ret .size poly1305_blocks,.-poly1305_blocks -.globl poly1305_emit .type poly1305_emit,\@function,3 .align 32 poly1305_emit: +.Lemit: mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 mov 16($ctx),%r10 @@ -453,7 +455,7 @@ poly1305_blocks_avx: cmp \$128,$len jae .Lblocks_avx test%r8d,%r8d - jz poly1305_blocks + jz .Lblocks .Lblocks_avx: and \$-16,$len @@ -1275,7 +1277,7 @@ $code.=<<___; .align 32 poly1305_emit_avx: cmpl\$0,20($ctx)# is_base2_26? - je poly1305_emit + je .Lemit mov 0($ctx),%eax# load hash value base 2^26 mov 4($ctx),%ecx @@ -1339,7 +1341,7 @@ poly1305_blocks_avx2: cmp \$128,$len jae .Lblocks_avx2 test%r8d,%r8d - jz poly1305_blocks + jz .Lblocks .Lblocks_avx2: and \$-16,$len _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via b0b9f693b422ddc643840859a0755b7b4fde92de (commit) from 9b6e183925bda28dde4a1efb8df4c8862e22e6d9 (commit) - Log - commit b0b9f693b422ddc643840859a0755b7b4fde92de Author: Andy PolyakovDate: Wed Feb 3 18:21:00 2016 +0100 util/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard Levitte (cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d) Resolved conflicts: util/pl/VC-32.pl (cherry picked from commit 0fffd522426c7fc022894c8dd079dc2625c04096) --- Summary of changes: util/mk1mf.pl | 2 +- util/pl/BC-32.pl | 4 ++-- util/pl/Mingw32.pl | 2 +- util/pl/OS2-EMX.pl | 4 ++-- util/pl/VC-32.pl | 10 +- util/pl/linux.pl | 2 +- util/pl/netware.pl | 8 util/pl/ultrix.pl | 2 +- util/pl/unix.pl| 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5b86aa7..5280780 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -459,7 +459,7 @@ EX_LIBS=$ex_libs # The OpenSSL directory SRC_D=$src_dir -LINK=$link +LINK_CMD=$link LFLAGS=$lflags RSC=$rsc diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index 6d03664..e124821 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -118,7 +118,7 @@ ___ { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' ws2_32.lib gdi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; } $ret.="\n"; return($ret); @@ -132,7 +132,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; + $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); } diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index fe3fb27..55c85f6 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -98,7 +98,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n"; return($ret); } 1; diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl index 28cd116..92a332e 100644 --- a/util/pl/OS2-EMX.pl +++ b/util/pl/OS2-EMX.pl @@ -99,7 +99,7 @@ sub do_lib_rule { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' -lsocket'; - $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; + $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n"; } @@ -113,7 +113,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; return($ret); } diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 88f0f7a..2f33ebc 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -314,7 +314,7 @@ sub do_lib_rule if ($fips && $target =~ /O_CRYPTO/) { $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; - $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; @@ -328,7 +328,7 @@ sub do_lib_rule else { $ret.="$target: $objs"; - $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n"; +
[openssl-commits] [openssl] master update
The branch master has been updated via d44bb1c31ca00f4359090daa15659c0dd1a08f0d (commit) from 4ef29667abafae1726269fa1b4397443792d0326 (commit) - Log - commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d Author: Andy PolyakovDate: Wed Feb 3 18:21:00 2016 +0100 util/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard Levitte --- Summary of changes: util/mk1mf.pl | 2 +- util/pl/BC-32.pl | 4 ++-- util/pl/Mingw32.pl | 2 +- util/pl/OS2-EMX.pl | 4 ++-- util/pl/VC-32.pl | 10 +- util/pl/linux.pl | 2 +- util/pl/netware.pl | 8 util/pl/ultrix.pl | 2 +- util/pl/unix.pl| 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 07968c4..4144130 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -670,7 +670,7 @@ EX_LIBS=$ex_libs # The OpenSSL directory SRC_D=$src_dir -LINK=$link +LINK_CMD=$link LFLAGS=$lflags RSC=$rsc FIPSLINK=\$(PERL) util${o}fipslink.pl diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index 98bd0ff..59a597d 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -143,7 +143,7 @@ ___ { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' ws2_32.lib gdi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; } $ret.="\n"; return($ret); @@ -157,7 +157,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; + $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); } diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index fe3fb27..55c85f6 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -98,7 +98,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n"; return($ret); } 1; diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl index 28cd116..92a332e 100644 --- a/util/pl/OS2-EMX.pl +++ b/util/pl/OS2-EMX.pl @@ -99,7 +99,7 @@ sub do_lib_rule { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' -lsocket'; - $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; + $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n"; } @@ -113,7 +113,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; return($ret); } diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index b9ae8a5..2c11184 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -362,7 +362,7 @@ sub do_lib_rule if ($fips && $target =~ /O_CRYPTO/) { $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; - $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; @@ -376,7 +376,7 @@ sub do_lib_rule else { $ret.="$target: $objs"; - $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n"; + $ret.="\n\t\$(LINK_CMD) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n"; } $ret.="\tIF EXIST \$@.manifest mt
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 10c639a8a56c90bec9e332c7ca76ef552b3952ac (commit) via 0fffd522426c7fc022894c8dd079dc2625c04096 (commit) from 52464477be1d7af557479f55cf6b09838450a8fa (commit) - Log - commit 10c639a8a56c90bec9e332c7ca76ef552b3952ac Author: Andy PolyakovDate: Wed Feb 10 15:11:40 2016 +0100 perlasm/x86_64-xlate.pl: pass pure constants verbatim. RT#3885 Reviewed-by: Rich Salz (cherry picked from commit fd7dc201d3b9d43972de6a0e659f7ef6421c99cc) commit 0fffd522426c7fc022894c8dd079dc2625c04096 Author: Andy Polyakov Date: Wed Feb 3 18:21:00 2016 +0100 util/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard Levitte (cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d) Resolved conflicts: util/pl/VC-32.pl --- Summary of changes: crypto/perlasm/x86_64-xlate.pl | 7 +-- util/mk1mf.pl | 2 +- util/pl/BC-32.pl | 4 ++-- util/pl/Mingw32.pl | 2 +- util/pl/OS2-EMX.pl | 4 ++-- util/pl/VC-32.pl | 10 +- util/pl/linux.pl | 2 +- util/pl/netware.pl | 8 util/pl/ultrix.pl | 2 +- util/pl/unix.pl| 2 +- 10 files changed, 23 insertions(+), 20 deletions(-) diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 9c70b8c..ee04221 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -198,8 +198,11 @@ my %globals; if ($gas) { # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{value} - $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; + my $value = $self->{value}; + $value =~ s/(?{value} = $value; + } sprintf "\$%s",$self->{value}; } else { $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 99652af..973ad75 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -482,7 +482,7 @@ EX_LIBS=$ex_libs # The OpenSSL directory SRC_D=$src_dir -LINK=$link +LINK_CMD=$link LFLAGS=$lflags RSC=$rsc diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index f7161d7..375b0a7 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -118,7 +118,7 @@ ___ { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' ws2_32.lib gdi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; } $ret.="\n"; return($ret); @@ -132,7 +132,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; + $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); } diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index fe3fb27..55c85f6 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -98,7 +98,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n"; return($ret); } 1; diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl index 28cd116..92a332e 100644 --- a/util/pl/OS2-EMX.pl +++ b/util/pl/OS2-EMX.pl @@ -99,7 +99,7 @@ sub do_lib_rule { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' -lsocket'; - $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; + $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n"; $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n"; } @@
[openssl-commits] Build failed: openssl ct_api.28
Build openssl ct_api.28 failed Commit 4bfaa7c63f by Rob Percival on 2/11/2016 3:49 PM: WIP: Certificate Transparency Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce023e77d7b208016276157fa14a6e2636649e85 (commit) from 24f0b10462792c202a0fe1952974fcace1e2c563 (commit) - Log - commit ce023e77d7b208016276157fa14a6e2636649e85 Author: Viktor DukhovniDate: Thu Feb 11 13:44:53 2016 -0500 Fix MacOS/X build warnings Commit 7823d792d0cad3b44ad5389a8d3381becefe7f44 added DEFINE_LHASH_OF to a C source file. DEFINE_LHASH_OF() and DEFINE_STACK_OF() must be used only in header files to avoid clang warnings for unused static-inline functions. Reviewed-by: Rich Salz --- Summary of changes: ssl/ssl_cert.c | 2 -- ssl/ssl_locl.h | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index cc82fff..faa7a95 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -647,8 +647,6 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -DEFINE_LHASH_OF(X509_NAME); - /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d7a7d01..7fdb263 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -685,7 +685,8 @@ struct ssl_comp_st { }; DEFINE_LHASH_OF(SSL_SESSION); - +/* Needed in ssl_cert.c */ +DEFINE_LHASH_OF(X509_NAME); struct ssl_ctx_st { const SSL_METHOD *method; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via fd7dc201d3b9d43972de6a0e659f7ef6421c99cc (commit) from d44bb1c31ca00f4359090daa15659c0dd1a08f0d (commit) - Log - commit fd7dc201d3b9d43972de6a0e659f7ef6421c99cc Author: Andy PolyakovDate: Wed Feb 10 15:11:40 2016 +0100 perlasm/x86_64-xlate.pl: pass pure constants verbatim. RT#3885 Reviewed-by: Rich Salz --- Summary of changes: crypto/perlasm/x86_64-xlate.pl | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 87f6956..1f5bced 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -198,8 +198,11 @@ my %globals; if ($gas) { # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{value} - $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; + my $value = $self->{value}; + $value =~ s/(?{value} = $value; + } sprintf "\$%s",$self->{value}; } else { $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: openssl/openssl#1713 (master - 22e3dcb)
Build Update for openssl/openssl - Build: #1713 Status: Failed Duration: 1 hour, 2 minutes, and 1 second Commit: 22e3dcb (master) Author: Rich Salz Message: Remove TLS heartbeat, disable DTLS heartbeat To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/f3f1cf8444f4...22e3dcb7808b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108598896 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#1690 (master - e3e6a72)
Build Update for openssl/openssl - Build: #1690 Status: Still Failing Duration: 1 hour, 38 minutes, and 56 seconds Commit: e3e6a72 (master) Author: Richard Levitte Message: After auto init, check that the deprecated functions exist before using The functions that have been deprecated by the auto init changes are now guarded with deprecation checks, so it's fairly easy to see if they can be used. In test/dtlsv1listentest, we simply remove all init and cleanup code, as they are call automatically when needed. Reviewed-by: Matt CaswellView the changeset: https://github.com/openssl/openssl/compare/fe072ed77cd8...e3e6a72ec800 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108422791 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl ct_api.23
Build openssl ct_api.23 failed Commit 42b8f4be84 by Rob Percival on 2/11/2016 1:10 PM: WIP: Certificate Transparency Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7 (commit) via c72fb77ff2644cf7edc9821a431c2faf123d4daf (commit) from 210ac6824670b4d207f6ea7257d21adb44986ee4 (commit) - Log - commit d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7 Author: Richard LevitteDate: Wed Feb 10 22:36:02 2016 +0100 The protocol variable has lost its use, remove it Reviewed-by: Kurt Roeckx commit c72fb77ff2644cf7edc9821a431c2faf123d4daf Author: Richard Levitte Date: Wed Feb 10 22:33:44 2016 +0100 Rework BIO_ADDRINFO_protocol() to return correct values As noted already, some platforms don't fill in ai_protocol as expected. To circumvent that, we have BIO_ADDRINFO_protocol() to compute a sensible answer in that case. Reviewed-by: Kurt Roeckx --- Summary of changes: apps/s_socket.c | 14 ++ crypto/bio/b_addr.c | 20 ++-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/apps/s_socket.c b/apps/s_socket.c index 20c6626..6d781f4 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -167,11 +167,6 @@ int init_client(int *sock, const char *host, const char *port, ret = 0; for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { -int protocol = (type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP); -# ifdef AF_UNIX -if (BIO_ADDRINFO_family(ai) == AF_UNIX) -protocol = 0; -# endif /* Admitedly, these checks are quite paranoid, we should not get anything in the BIO_ADDRINFO chain that we haven't asked for */ @@ -179,7 +174,7 @@ int init_client(int *sock, const char *host, const char *port, && (type == 0 || type == BIO_ADDRINFO_socktype(res))); *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), - protocol, 0); + BIO_ADDRINFO_protocol(res), 0); if (*sock == INVALID_SOCKET) { /* Maybe the kernel doesn't support the socket family, even if * BIO_lookup() added it in the returned result... @@ -236,7 +231,6 @@ int do_server(int *accept_sock, const char *host, const char *port, int i; BIO_ADDRINFO *res = NULL; int ret = 0; -int protocol = (type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP); if (!BIO_sock_init()) return 0; @@ -246,10 +240,6 @@ int do_server(int *accept_sock, const char *host, const char *port, return 0; } -# ifdef AF_UNIX -if (BIO_ADDRINFO_family(res) == AF_UNIX) -protocol = 0; -# endif /* Admitedly, these checks are quite paranoid, we should not get anything in the BIO_ADDRINFO chain that we haven't asked for */ @@ -257,7 +247,7 @@ int do_server(int *accept_sock, const char *host, const char *port, && (type == 0 || type == BIO_ADDRINFO_socktype(res))); asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), - protocol, 0); + BIO_ADDRINFO_protocol(res), 0); if (asock == INVALID_SOCKET || !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) { BIO_ADDRINFO_free(res); diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 9131dcd..459443b 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -379,8 +379,24 @@ int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai) int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai) { -if (bai != NULL) -return bai->bai_protocol; +if (bai != NULL) { +if (bai->bai_protocol != 0) +return bai->bai_protocol; + +#ifdef AF_UNIX +if (bai->bai_family == AF_UNIX) +return 0; +#endif + +switch (bai->bai_socktype) { +case SOCK_STREAM: +return IPPROTO_TCP; +case SOCK_DGRAM: +return IPPROTO_UDP; +default: +break; +} +} return 0; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 5caef3b5028599958bfddbdb86ea4f47df9f315b (commit) from d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7 (commit) - Log - commit 5caef3b5028599958bfddbdb86ea4f47df9f315b Author: Richard LevitteDate: Thu Feb 11 12:28:26 2016 +0100 Add inclusion directory crypto/include for BN compilations Some files in crypto/bn depend on internal/bn_conf.h, and so does test/bntest. Therefore, we add another inclusion directory. Reviewed-by: Rich Salz --- Summary of changes: crypto/bn/build.info | 2 ++ test/build.info | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 66f62dc..bb410f2 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -1,3 +1,4 @@ +{- use File::Spec::Functions qw/catdir rel2abs/; -} LIBS=../../libcrypto SOURCE[../../libcrypto]=\ bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ @@ -6,6 +7,7 @@ SOURCE[../../libcrypto]=\ {- $target{bn_asm_src} -} \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c +INCLUDE[../../libcrypto]={- rel2abs(catdir($builddir,"..","..","crypto","include")) -} BEGINRAW[Makefile] # BN assembler implementations diff --git a/test/build.info b/test/build.info index bf9fead..a321692 100644 --- a/test/build.info +++ b/test/build.info @@ -20,7 +20,7 @@ INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} ../include DEPEND[nptest]=../libcrypto SOURCE[bntest]=bntest.c -INCLUDE[bntest]={- rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include +INCLUDE[bntest]={- rel2abs(catdir($builddir,"../crypto/include")) -} {- rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include DEPEND[bntest]=../libcrypto SOURCE[ectest]=ectest.c _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 (commit) from 5caef3b5028599958bfddbdb86ea4f47df9f315b (commit) - Log - commit 7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 Author: Rich SalzDate: Wed Feb 10 09:55:48 2016 -0500 Hide OPENSSL_INIT_SETTINGS. Make OPENSSL_INIT_SETTINGS an opaque structure. Reviewed-by: Richard Levitte --- Summary of changes: crypto/conf/conf_lib.c | 28 crypto/conf/conf_sap.c | 10 -- crypto/init.c | 25 ++--- doc/crypto/OPENSSL_init_crypto.pod | 29 - doc/ssl/OPENSSL_init_ssl.pod | 7 ++- include/internal/conf.h| 5 + include/openssl/conf.h | 1 + include/openssl/crypto.h | 28 ++-- include/openssl/ossl_typ.h | 1 + ssl/ssl_init.c | 1 + util/libeay.num| 3 +++ 11 files changed, 65 insertions(+), 73 deletions(-) diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 849b670..29357b2 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -57,6 +57,8 @@ */ #include +#include +#include #include #include #include @@ -370,3 +372,29 @@ int NCONF_dump_bio(const CONF *conf, BIO *out) return conf->meth->dump(conf, out); } + +/* + * These routines call the C malloc/free, to avoid intermixing with + * OpenSSL function pointers before the library is initialized. + */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) +{ +OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); + +memset(ret, 0, sizeof(*ret)); +return ret; +} + + +void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_file) +{ +free(settings->config_name); +settings->config_name = config_file == NULL ? NULL : strdup(config_file); +} + +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) +{ +free(settings->config_name); +free(settings); +} diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3b42993..45c08e6 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -77,13 +77,11 @@ static int openssl_configured = 0; void OPENSSL_config(const char *config_name) { -OPENSSL_INIT_SETTINGS settings[2]; +OPENSSL_INIT_SETTINGS settings; -settings[0].name = OPENSSL_INIT_SET_CONF_FILENAME; -settings[0].value.type_string = config_name; -settings[1].name = OPENSSL_INIT_SET_END; -settings[1].value.type_int = 0; -OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings); +memset(, 0, sizeof(settings)); +settings.config_name = strdup(config_name); +OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ); } void openssl_config_internal(const char *config_name) diff --git a/crypto/init.c b/crypto/init.c index e6dd084..e58b119 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -253,6 +253,7 @@ static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) #endif +typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; struct ossl_init_stop_st { void (*handler)(void); OPENSSL_INIT_STOP *next; @@ -606,21 +607,6 @@ void OPENSSL_cleanup(void) base_inited = 0; } -static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting( -const OPENSSL_INIT_SETTINGS *settings, int name) -{ -if (settings == NULL) -return NULL; - -while (settings->name != OPENSSL_INIT_SET_END) { -if (settings->name == name) -return settings; -settings++; -} - -return NULL; -} - /* * If this function is called with a non NULL settings value then it must be * called prior to any threads making calls to any OpenSSL functions, @@ -670,14 +656,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) if (opts & OPENSSL_INIT_LOAD_CONFIG) { CRYPTO_w_lock(CRYPTO_LOCK_INIT); -if (settings != NULL) { -const OPENSSL_INIT_SETTINGS *curr; -curr = ossl_init_get_setting(settings, - OPENSSL_INIT_SET_CONF_FILENAME); -config_filename = (curr == NULL) ? NULL : curr->value.type_string; -} else { -config_filename = NULL; -} +config_filename = (settings == NULL) ? NULL : settings->config_name; ossl_init_once_run(, ossl_init_config); CRYPTO_w_unlock(CRYPTO_LOCK_INIT); } diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod index 943f44c..4da6551 100644 --- a/doc/crypto/OPENSSL_init_crypto.pod +++ b/doc/crypto/OPENSSL_init_crypto.pod @@ -15,6 +15,10 @@ initialisation and deinitialisation functions int
[openssl-commits] [openssl] master update
The branch master has been updated via 3577398360ba38a7dbfbedd8db9ebdd8eadce062 (commit) from 7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 (commit) - Log - commit 3577398360ba38a7dbfbedd8db9ebdd8eadce062 Author: Rich SalzDate: Thu Feb 11 08:27:53 2016 -0500 Missing header include. Reviewed-by: Richard Levitte --- Summary of changes: crypto/bn/rsaz_exp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c index 7fb70e4..d85e612 100644 --- a/crypto/bn/rsaz_exp.c +++ b/crypto/bn/rsaz_exp.c @@ -40,6 +40,7 @@ * (2) University of Haifa, Israel* */ +#include #include "rsaz_exp.h" #ifndef RSAZ_ENABLED _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e737d7b197e153775735f700cd6c31cb55d803de (commit) from d20bb611d90df0dc3561a6972ba6bf0e3c65b3e5 (commit) - Log - commit e737d7b197e153775735f700cd6c31cb55d803de Author: Richard LevitteDate: Thu Feb 11 15:22:27 2016 +0100 Unified build: Keep track of generated header files If someone runs a mixed unixmake / unified environment (the unified build tree would obviously be out of the source tree), the unified build will pick up on the unixmake crypto/buildinf.h because of assumptions made around this sort of declaration (found in crypto/build.info): DEPENDS[cversion.o]=buildinf.h The assumption was that if such a header could be found in the source tree, that was the one to depend on, otherwise it would assume it should be in the build tree. This change makes sure that sort of mix-up won't happen again. Reviewed-by: Rich Salz --- Summary of changes: Configure | 33 ++--- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/Configure b/Configure index f74355c..f617df5 100755 --- a/Configure +++ b/Configure @@ -395,6 +395,15 @@ my @default_depdefines = # We will collect such requests in @experimental. # To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. +my @generated_headers = ( +"include/openssl/opensslconf.h", +"crypto/include/internal/bn_conf.h" +); + +my @generated_by_make_headers = ( +"crypto/buildinf.h" +); + my $no_sse2=0; @@ -1481,9 +1490,15 @@ EOF foreach (@{$depends{$dest}}) { my $d = cleanfile($sourced, $_, $blddir); -# If it isn't found in the source, let's assume it's generated -# and that the Makefile template has the lines -if (! -f $d) { +# If we know it's generated, or assume it is because we can't +# find it in the source tree, we set file we depend on to be +# in the build tree rather than the source tree, and assume +# and that there are lines to build it in a BEGINRAW..ENDRAW +# section or in the Makefile template. +if (! -f $d +|| !(grep { $d eq $_ } + map { cleanfile($srcdir, $_, $blddir) } + (@generated_headers, @generated_by_make_headers))) { $d = cleanfile($buildd, $_, $blddir); } # Take note if the file to depend on is being renamed @@ -1697,14 +1712,10 @@ print "THIRTY_TWO_BIT mode\n" if $config{b32}; print "BN_LLONG mode\n" if $config{bn_ll}; print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} != $def_int; -mkpath(catdir($blddir, "include/openssl")); -run_dofile(catfile($blddir, "include/openssl/opensslconf.h"), - catfile($srcdir, "include/openssl/opensslconf.h.in")); - -mkpath(catdir($blddir, "crypto/include/internal")); -foreach my $alg ( 'bn' ) { -run_dofile(catfile($blddir, "crypto/include/internal/${alg}_conf.h"), - catfile($srcdir, "crypto/include/internal/${alg}_conf.h.in")); +for (@generated_headers) { +mkpath(catdir($blddir, dirname($_))); +run_dofile(catfile($blddir, $_), + catfile($srcdir, $_.".in")); } ### _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1407f856ab790f8028db1ecfb354d64bfb8ca054 (commit) via cedbb1462a1732bf255c4b7767d8a0e4e0d20e30 (commit) from 43db7aa2de68e04c5b5894e7af5dba54ee1fa363 (commit) - Log - commit 1407f856ab790f8028db1ecfb354d64bfb8ca054 Author: Richard LevitteDate: Thu Feb 11 12:59:33 2016 +0100 Make util/mkrc.pl location agnostic and adapt Makefile.shared With this, Cygwin and Mingw builds stand a much better chance to be able to build outside of the source tree with the unified build. Reviewed-by: Rich Salz commit cedbb1462a1732bf255c4b7767d8a0e4e0d20e30 Author: Richard Levitte Date: Thu Feb 11 13:10:11 2016 +0100 Make shared library targets more consistent On Windows POSIX layers, two files are produced for a shared library, there's {shlibname}.dll and there's the import library {libname}.dll.a On some/most Unix platforms, a {shlibname}.{sover}.so and a symlink {shlibname}.so are produced. For each of them, unix-Makefile.tmpl was entirely consistent on which to have as a target when building a shared library or which to use as dependency. This change clears this up and makes it consistent, we use the simplest form possible, {lib}.dll.a on Windows POSIX layers and {shlibname}.so on Unix platforms. No exception. Reviewed-by: Rich Salz --- Summary of changes: Configurations/unix-Makefile.tmpl | 101 -- Makefile.shared | 2 +- util/mkrc.pl | 9 +++- 3 files changed, 72 insertions(+), 40 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 65f179d..75516cc 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -630,6 +630,26 @@ Makefile: {- $config{build_file_template} -} $(SRCDIR)/Configure $(SRCDIR)/confi {- use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; + + # Helper function to figure out dependencies on libraries + # It takes a list of library names and outputs a list of dependencies + sub compute_lib_depends { + if ($config{no_shared}) { + return map { $_."\$(LIB_EXT)" } @_; + } + + # Depending on shared libraries: + # On Windows POSIX layers, we depend on {libname}.dll.a + # On Unix platforms, we depend on {shlibname}.so + return map { if (windowsdll()) { + "$_\$(SHLIB_EXT_SIMPLE).a" + } else { + my $libname = + $unified_info{sharednames}->{$_} || $_; + "$libname\$(SHLIB_EXT_SIMPLE)" + } } @_; + } + sub src2dep { my %args = @_; my $dep = $args{obj}.'$(DEP_EXT)'; @@ -674,28 +694,35 @@ EOF my $libd = dirname($lib); my $libn = basename($lib); (my $libname = $libn) =~ s/^lib//; - my $shlibdeps = join("", map { my $d = dirname($_); - my $f = basename($_); - (my $l = $f) =~ s/^lib//; - " -L$d -l$l" } @{$args{deps}}); - my $deps = join(" ",map { $_."\$(SHLIB_EXT_SIMPLE)" } @{$args{deps}}); + my $linklibs = join("", map { my $d = dirname($_); +my $f = basename($_); +(my $l = $f) =~ s/^lib//; +" -L$d -l$l" } @{$args{deps}}); + my $deps = join(" ",compute_lib_depends(@{$args{deps}})); my $shlib_target = $target{shared_target}; my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; - my $targets = - "$shlib".shlib_ext() . - (shlib_ext() ne shlib_ext_simple() - ? " $shlib".shlib_ext_simple() : ""); + my $shlibtarget = windowsdll() ? + "$lib\$(SHLIB_EXT_SIMPLE).a" : "$shlib\$(SHLIB_EXT_SIMPLE)"; return <<"EOF" -$targets : $lib\$(LIB_EXT) $deps $ordinalsfile +# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact +# that two files get produced, {shlibname}.dll and {libname}.dll.a. +# With all other Unix platforms, we often build a shared library with the +# SO version built into the file name and a symlink without the SO version +# It's not necessary to have both as targets. The choice falls on the +# simplest, {libname}\$(SHLIB_EXT_SIMPLE).a for Windows POSIX layers and +# {libname}\$(SHLIB_EXT_SIMPLE) for the Unix platforms. +$shlibtarget : $lib\$(LIB_EXT) $deps $ordinalsfile \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ + PLATFORM=\$(PLATFORM) \\ PERL=\$(PERL) SRCDIR="\$(SRCDIR)"
[openssl-commits] [openssl] master update
The branch master has been updated via 7b548d3f11adccc67123e1f6f5c118aef857a8d2 (commit) from 64c443e3f0057946ddd8f37a36821a7f9c0e0493 (commit) - Log - commit 7b548d3f11adccc67123e1f6f5c118aef857a8d2 Author: Dr Stephen HensonDate: Tue Feb 9 14:33:51 2016 + Test for and use AES CSP for RSA if present. Some keys are attached to the full RSA CSP which doesn't support SHA2 algorithms: uses the AES CSP if present. Reviewed-by: Tim Hudson --- Summary of changes: engines/e_capi.c | 24 ++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/engines/e_capi.c b/engines/e_capi.c index 62c4ad3..8e78354 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -133,6 +133,10 @@ # define CALG_SHA_512(ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) # endif +# ifndef PROV_RSA_AES +# define PROV_RSA_AES 24 +# endif + # include # include # include @@ -458,11 +462,14 @@ static DSA_METHOD capi_dsa_method = { 0 /* dsa_keygen */ }; +static int use_aes_csp = 0; + static int capi_init(ENGINE *e) { CAPI_CTX *ctx; const RSA_METHOD *ossl_rsa_meth; const DSA_METHOD *ossl_dsa_meth; +HCRYPTPROV hprov; if (capi_idx < 0) { capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); @@ -509,6 +516,14 @@ static int capi_init(ENGINE *e) } # endif +/* See if we support AES CSP */ + +if (CryptAcquireContext(, NULL, NULL, PROV_RSA_AES, +CRYPT_VERIFYCONTEXT)) { +use_aes_csp = 1; +CryptReleaseContext(hprov, 0); +} + return 1; memerr: @@ -1454,10 +1469,15 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname, if (key == NULL) return NULL; -if (sizeof(TCHAR) == sizeof(char)) +/* If PROV_RSA_AES supported use it instead */ +if (ptype == PROV_RSA_FULL && use_aes_csp) { +provname = NULL; +ptype = PROV_RSA_AES; +CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname); +} else if (sizeof(TCHAR) == sizeof(char)) { CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", contname, provname, ptype); -else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { +} else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { /* above 'if' is optimization to minimize malloc-ations */ char *_contname = wide_to_asc((WCHAR *)contname); char *_provname = wide_to_asc((WCHAR *)provname); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 43db7aa2de68e04c5b5894e7af5dba54ee1fa363 (commit) from 7b548d3f11adccc67123e1f6f5c118aef857a8d2 (commit) - Log - commit 43db7aa2de68e04c5b5894e7af5dba54ee1fa363 Author: Dr. Stephen HensonDate: Thu Feb 11 15:51:31 2016 + Fix engine key support in cms and req utilities. PR#4246 and PR#4266 Reviewed-by: Rich Salz --- Summary of changes: apps/cms.c | 2 +- apps/req.c | 8 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index bcfcd54..e732757 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -206,7 +206,7 @@ OPTIONS cms_options[] = { {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"}, {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, {"md", OPT_MD, 's'}, -{"inkey", OPT_INKEY, '<', +{"inkey", OPT_INKEY, 's', "Input private key (if not signer or recipient)"}, {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, diff --git a/apps/req.c b/apps/req.c index d6d46a9..3ced170 100644 --- a/apps/req.c +++ b/apps/req.c @@ -136,8 +136,8 @@ OPTIONS req_options[] = { {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, -{"key", OPT_KEY, '<', "Use the private key contained in file"}, -{"keyform", OPT_KEYFORM, 'F', "Key file format"}, +{"key", OPT_KEY, 's', "Private key to use"}, +{"keyform", OPT_KEYFORM, 'f', "Key file format"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"new", OPT_NEW, '-', "New request"}, {"config", OPT_CONFIG, '<', "Request template file"}, @@ -235,7 +235,7 @@ int req_main(int argc, char **argv) goto opthelp; break; case OPT_ENGINE: -(void)setup_engine(opt_arg(), 0); +e = setup_engine(opt_arg(), 0); break; case OPT_KEYGEN_ENGINE: #ifndef OPENSSL_NO_ENGINE @@ -259,7 +259,7 @@ int req_main(int argc, char **argv) template = opt_arg(); break; case OPT_KEYFORM: -if (!opt_format(opt_arg(), OPT_FMT_PEMDER, )) +if (!opt_format(opt_arg(), OPT_FMT_ANY, )) goto opthelp; break; case OPT_IN: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6 (commit) via ce0c1f2bb2fd296f10a2847844205df0ed95fb8e (commit) from fd7dc201d3b9d43972de6a0e659f7ef6421c99cc (commit) - Log - commit c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6 Author: Dr. Stephen HensonDate: Thu Feb 11 18:41:11 2016 + update ciphers manual page Reviewed-by: Viktor Dukhovni commit ce0c1f2bb2fd296f10a2847844205df0ed95fb8e Author: Dr. Stephen Henson Date: Thu Feb 11 18:19:27 2016 + Remove static ECDH support. Remove support for static ECDH ciphersuites. They require ECDH keys in certificates and don't support forward secrecy. Reviewed-by: Viktor Dukhovni --- Summary of changes: doc/apps/ciphers.pod | 39 +- ssl/s3_lib.c | 341 --- ssl/ssl_ciph.c | 37 + ssl/ssl_lib.c| 54 +--- ssl/ssl_locl.h | 30 ++--- ssl/statem/statem_clnt.c | 18 +-- ssl/statem/statem_srvr.c | 16 +-- ssl/t1_lib.c | 18 +-- 8 files changed, 31 insertions(+), 522 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index e3fa4c0..02fc57a 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -207,11 +207,6 @@ Curve DH (ECDH) cipher suites. cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH. -=item B, B, B - -cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA -keys or either respectively. - =item B, B cipher suites using ephemeral ECDH key agreement, including anonymous @@ -227,8 +222,7 @@ anonymous Elliptic Curve Diffie Hellman cipher suites. =item B -cipher suites using ECDH key exchange, including anonymous, ephemeral and -fixed ECDH. +cipher suites using ECDH key exchange, including anonymous and ephemeral. =item B, B @@ -239,11 +233,6 @@ cipher suites using DSS authentication, i.e. the certificates carry DSS keys. cipher suites effectively using DH authentication, i.e. the certificates carry DH keys. -=item B - -cipher suites effectively using ECDH authentication, i.e. the certificates -carry ECDH keys. - =item B, B cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA @@ -479,18 +468,6 @@ Note: these ciphers can also be used in SSL v3. =head2 Elliptic curve cipher suites. - TLS_ECDH_RSA_WITH_NULL_SHA ECDH-RSA-NULL-SHA - TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA - - TLS_ECDH_ECDSA_WITH_NULL_SHAECDH-ECDSA-NULL-SHA - TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHAECDH-ECDSA-DES-CBC3-SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA - TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA @@ -538,16 +515,6 @@ Note: these ciphers can also be used in SSL v3. TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 - - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256ECDH-ECDSA-AES128-SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384ECDH-ECDSA-AES256-SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256ECDH-ECDSA-AES128-GCM-SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384ECDH-ECDSA-AES256-GCM-SHA384 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 @@ -580,12 +547,8 @@ Note: these ciphers can also be used in SSL v3. TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 -
[openssl-commits] [openssl] master update
The branch master has been updated via de8128203a5340db397dadaee91bc504c2a539bc (commit) via 9ba96fbb2523cb12747c559c704c58bd8f9e7982 (commit) from c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6 (commit) - Log - commit de8128203a5340db397dadaee91bc504c2a539bc Author: Richard LevitteDate: Thu Feb 11 22:06:17 2016 +0100 State the minimum Perl version that our scripts will work with Reviewed-by: Rich Salz commit 9ba96fbb2523cb12747c559c704c58bd8f9e7982 Author: Richard Levitte Date: Thu Feb 11 21:47:30 2016 +0100 Perl's chop / chomp considered bad, use a regexp instead Once upon a time, there was chop, which somply chopped off the last character of $_ or a given variable, and it was used to take off the EOL character (\n) of strings. ... but then, you had to check for the presence of such character. So came chomp, the better chop which checks for \n before chopping it off. And this worked well, as long as Perl made internally sure that all EOLs were converted to \n. These days, though, there seems to be a mixture of perls, so lines from files in the "wrong" environment might have \r\n as EOL, or just \r (Mac OS, unless I'm misinformed). So it's time we went for the more generic variant and use s|\R$||, the better chomp which recognises all kinds of known EOLs and chops them off. A few chops were left alone, as they are use as surgical tools to remove one last slash or one last comma. NOTE: \R came with perl 5.10.0. It means that from now on, our scripts will fail with any older version. Reviewed-by: Rich Salz --- Summary of changes: README.PERL| 5 +++-- VMS/VMSify-conf.pl | 2 +- VMS/translatesyms.pl | 2 +- apps/CA.pl.in | 2 +- crypto/lhash/num.pl| 2 +- crypto/objects/obj_dat.pl | 2 +- crypto/objects/objects.pl | 4 ++-- crypto/objects/objxref.pl | 6 +++--- crypto/perlasm/x86_64-xlate.pl | 4 ++-- util/check-buildinfo.pl| 2 +- util/extract-names.pl | 2 +- util/files.pl | 10 +- util/fipslink.pl | 6 +++--- util/mk1mf.pl | 4 ++-- util/mkdef.pl | 12 +--- util/mkerr.pl | 2 +- util/mkfiles.pl| 6 +++--- util/selftest.pl | 2 +- util/sp-diff.pl| 2 +- 19 files changed, 38 insertions(+), 39 deletions(-) diff --git a/README.PERL b/README.PERL index c2db019..184b377 100644 --- a/README.PERL +++ b/README.PERL @@ -23,8 +23,9 @@ - on Linux distributions based on RPMs, you will need to install 'perl-core' rather than just 'perl'. - It is highly recommended that you have at least Perl version 5.10 - installed. + You MUST have at least Perl version 5.10.0 installed. This minimum + requirement is due to our use of regexp backslash sequence \R among + other features that didn't exist in core Perl before that version. Notes on Perl on Windows diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl index d3be6a2..9890362 100644 --- a/VMS/VMSify-conf.pl +++ b/VMS/VMSify-conf.pl @@ -7,7 +7,7 @@ my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" ); my @file_vars = ( "database", "certificate", "serial", "crlnumber", "crl", "private_key", "RANDFILE" ); while() { -chomp; +s|\R$||; foreach my $d (@directory_vars) { if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) { $_ = "$1sys\\\$disk:\[.$2$3"; diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl index 8ffdbd8..de3db6c 100644 --- a/VMS/translatesyms.pl +++ b/VMS/translatesyms.pl @@ -28,7 +28,7 @@ my %translations = (); open DEMANGLER_DATA, $ARGV[0] or die "Couldn't open $ARGV[0]: $!\n"; while() { -chomp; +s|\R$||; (my $translated, my $original) = split /\$/; $translations{$original} = $translated.'$'; } diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 52a97d7..fbba457 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -121,7 +121,7 @@ if ($WHAT eq '-newcert' ) { # ask user for existing CA certificate print "CA certificate filename (or enter to create)\n"; $FILE = ; -chop $FILE if $FILE; +$FILE = s|\R$|| if $FILE; if ($FILE) { copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl index 30fedf9..4440a99 100644 --- a/crypto/lhash/num.pl +++ b/crypto/lhash/num.pl @@ -5,7 +5,7 @@ while (<>) { next unless /^node/; - chop; +
[openssl-commits] Failed: openssl/openssl#1725 (master - de81282)
Build Update for openssl/openssl - Build: #1725 Status: Failed Duration: 1 hour, 20 minutes, and 27 seconds Commit: de81282 (master) Author: Richard Levitte Message: State the minimum Perl version that our scripts will work with Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/c15e95a61dac...de8128203a53 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108641512 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b3ca51559b1a6cd80dc179ee54613f00190d1cb4 (commit) from de8128203a5340db397dadaee91bc504c2a539bc (commit) - Log - commit b3ca51559b1a6cd80dc179ee54613f00190d1cb4 Author: Dr. Stephen HensonDate: Thu Feb 11 22:46:01 2016 + Typo: only return error if unrecognise bag type. Reviewed-by: Viktor Dukhovni --- Summary of changes: crypto/pkcs12/p12_sbag.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 62703b4..57e2bf4 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -107,7 +107,7 @@ int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag) { int btype = PKCS12_SAFEBAG_get_nid(bag); -if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag) +if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag) return -1; return OBJ_obj2nid(bag->value.bag->type); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#1720 (master - d44bb1c)
Build Update for openssl/openssl - Build: #1720 Status: Passed Duration: 4 minutes and 9 seconds Commit: d44bb1c (master) Author: Andy Polyakov Message: util/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/4ef29667abaf...d44bb1c31ca0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108625419 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl ctnextpatch.29
Build openssl ctnextpatch.29 failed Commit 564b55d003 by Rob Percival on 2/11/2016 3:04 PM: Addresses review comments from richsalz, bar comments about testing Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: openssl/openssl#1720 (master - d44bb1c)
Build Update for openssl/openssl - Build: #1720 Status: Failed Duration: 1 hour, 41 minutes, and 39 seconds Commit: d44bb1c (master) Author: Andy Polyakov Message: util/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/4ef29667abaf...d44bb1c31ca0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108625419 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#1726 (master - b3ca515)
Build Update for openssl/openssl - Build: #1726 Status: Passed Duration: 1 hour, 27 minutes, and 36 seconds Commit: b3ca515 (master) Author: Dr. Stephen Henson Message: Typo: only return error if unrecognise bag type. Reviewed-by: Viktor DukhovniView the changeset: https://github.com/openssl/openssl/compare/de8128203a53...b3ca51559b1a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108671136 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.1035
Build openssl master.1035 failed Commit b3ca51559b by Dr. Stephen Henson on 2/11/2016 11:27 PM: Typo: only return error if unrecognise bag type. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 04b76df3f72de65625c84eac2a00b4e3596c1102 (commit) via fb3e2a88eed124b1a74ebed89c20283780ee2bc6 (commit) from b3ca51559b1a6cd80dc179ee54613f00190d1cb4 (commit) - Log - commit 04b76df3f72de65625c84eac2a00b4e3596c1102 Author: Richard LevitteDate: Fri Feb 12 00:38:53 2016 +0100 make generate Reviewed-by: Rich Salz commit fb3e2a88eed124b1a74ebed89c20283780ee2bc6 Author: Richard Levitte Date: Fri Feb 12 00:34:40 2016 +0100 Generate progs.h from a bunch of files instead of internal knowledge apps/progs.pl counted on the caller to provide the exact command files. The unified build doesn't have that knowledge, and the easier and more flexible thing to do is to feed it all the apps/*.c files and let it figure out the command names by looking inside (looking for /int ([a-z0-9][a-z0-9_]*)_main\(int argc,/). Also, add it to the generate command, since it's a versioned file. Reviewed-by: Rich Salz --- Summary of changes: Configurations/unix-Makefile.tmpl | 13 - apps/Makefile.in | 11 +-- apps/build.info | 6 -- apps/progs.h | 24 apps/progs.pl | 33 ++--- 5 files changed, 51 insertions(+), 36 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 2b495e9..c94a3a1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -489,7 +489,7 @@ generate: generate_apps generate_crypto_bn generate_crypto_objects lint: lint -DLINT $(INCLUDES) $(SRCS) -generate_apps: $(SRCDIR)/apps/openssl-vms.cnf +generate_apps: $(SRCDIR)/apps/openssl-vms.cnf $(SRCDIR)/apps/progs.h generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h @@ -583,6 +583,17 @@ $(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf $(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \ < $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf +{- # because the program apps/openssl has object files as sources, and + # they then have the corresponding C files as source, we need to chain + # the lookups in %unified_info + my $apps_openssl = catfile("apps","openssl"); + our @openssl_source = map { @{$unified_info{sources}->{$_}} } + @{$unified_info{sources}->{$apps_openssl}}; + ""; -} +$(SRCDIR)/apps/progs.h: + $(RM) $@ + $(PERL) $(SRCDIR)/apps/progs.pl {- join(" ", @openssl_source) -} > $@ + $(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl $(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h diff --git a/apps/Makefile.in b/apps/Makefile.in index 9668684..e3f485d 100644 --- a/apps/Makefile.in +++ b/apps/Makefile.in @@ -50,7 +50,7 @@ SRC = \ genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \ pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \ s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \ - srp.c ts.c verify.c version.c x509.c + srp.c ts.c verify.c version.c x509.c rehash.c EXE_OBJ= openssl.o $(OBJ) $(EXTRA_OBJ) $(RAND_OBJ) EXE_SRC = openssl.c $(SRC) $(EXTRA_SRC) $(RAND_SRC) @@ -108,7 +108,7 @@ uninstall: done $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf -generate: openssl-vms.cnf +generate: openssl-vms.cnf progs.h depend: $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC) @@ -123,7 +123,7 @@ $(DLIBSSL): $(DLIBCRYPTO): (cd ..; $(MAKE) build_libcrypto) -$(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL) +$(EXE): $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ @@ -135,10 +135,9 @@ $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL) LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \ link_app.$${shlib_target} -progs.h: progs.pl Makefile +progs.h: progs.pl Makefile.in $(RM) progs.h - $(PERL) progs.pl $(COMMANDS) >progs.h - $(RM) openssl.o + $(PERL) progs.pl $(EXE_SRC) > progs.h CA.pl: CA.pl.in $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile CA.pl.in > CA.pl.new diff --git a/apps/build.info b/apps/build.info index 173f1bc..a7dcee6 100644 --- a/apps/build.info +++ b/apps/build.info @@ -16,9 +16,3 @@ DEPEND[openssl]=../libssl SCRIPTS=CA.pl SOURCE[CA.pl]=CA.pl.in - -BEGINRAW[Makefile] -{- $builddir -}/progs.h: {- $sourcedir -}/progs.pl {- $builddir -}/../Makefile - $(RM) {- $builddir -}/progs.h - $(PERL) {-
[openssl-commits] [openssl] master update
The branch master has been updated via 84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 (commit) from 1407f856ab790f8028db1ecfb354d64bfb8ca054 (commit) - Log - commit 84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 Author: Rich SalzDate: Thu Jan 21 14:53:18 2016 -0500 Fix GH 327. Valgrind complains about using unitialized memory. So call OPENSSL_zalloc, not malloc. Reviewed-by: Richard Levitte --- Summary of changes: crypto/evp/digest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 1fc58bd..f7e82db 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -229,7 +229,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; -ctx->md_data = OPENSSL_malloc(type->ctx_size); +ctx->md_data = OPENSSL_zalloc(type->ctx_size); if (ctx->md_data == NULL) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); return 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl ct_api.26
Build openssl ct_api.26 failed Commit c22641d9ec by Rob Percival on 2/11/2016 2:12 PM: WIP: Certificate Transparency Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7823d792d0cad3b44ad5389a8d3381becefe7f44 (commit) from 84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 (commit) - Log - commit 7823d792d0cad3b44ad5389a8d3381becefe7f44 Author: Toshikuni FukayaDate: Wed Feb 3 13:08:45 2016 -0500 RT3495: Add a hash for faster dup detection. Updated for 1.1 by Rich Salz Reviewed-by: Richard Levitte --- Summary of changes: ssl/ssl_cert.c | 42 +- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 68c8924..dc58e25 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,6 +1,3 @@ -/* - * ! \file ssl/ssl_cert.c - */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * @@ -124,7 +121,7 @@ #endif #include "internal/o_dir.h" -#include +#include #include #include #include @@ -642,11 +639,23 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return (add_client_CA(&(ctx->client_CA), x)); } -static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b) +static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b) { return (X509_NAME_cmp(*a, *b)); } +static int xname_cmp(const X509_NAME *a, const X509_NAME *b) +{ +return X509_NAME_cmp(a, b); +} + +static unsigned long xname_hash(const X509_NAME *a) +{ +return X509_NAME_hash((X509_NAME *)a); +} + +DEFINE_LHASH_OF(X509_NAME); + /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use @@ -657,16 +666,14 @@ static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b) */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) { -BIO *in; +BIO *in = BIO_new(BIO_s_file()); X509 *x = NULL; X509_NAME *xn = NULL; -STACK_OF(X509_NAME) *ret = NULL, *sk; - -sk = sk_X509_NAME_new(xname_cmp); +STACK_OF(X509_NAME) *ret = NULL; +LHASH_OF(X509_NAME) *name_hash = +lh_X509_NAME_new(xname_hash, xname_cmp); -in = BIO_new(BIO_s_file()); - -if ((sk == NULL) || (in == NULL)) { +if ((name_hash == NULL) || (in == NULL)) { SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); goto err; } @@ -690,10 +697,11 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) xn = X509_NAME_dup(xn); if (xn == NULL) goto err; -if (sk_X509_NAME_find(sk, xn) >= 0) +if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) { +/* Duplicate. */ X509_NAME_free(xn); -else { -sk_X509_NAME_push(sk, xn); +} else { +lh_X509_NAME_insert(name_hash, xn); sk_X509_NAME_push(ret, xn); } } @@ -703,9 +711,9 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; done: -sk_X509_NAME_free(sk); BIO_free(in); X509_free(x); +lh_X509_NAME_free(name_hash); if (ret != NULL) ERR_clear_error(); return (ret); @@ -729,7 +737,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, int ret = 1; int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); -oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); +oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); in = BIO_new(BIO_s_file()); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 22e3dcb7808bb06cd18c3231e34a5930e796cc48 (commit) from f3f1cf8444f439c0be9de04bf3821a20d00fd956 (commit) - Log - commit 22e3dcb7808bb06cd18c3231e34a5930e796cc48 Author: Rich SalzDate: Mon Jan 25 13:30:37 2016 -0500 Remove TLS heartbeat, disable DTLS heartbeat To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: Richard Levitte --- Summary of changes: CHANGES | 5 + Configure| 1 + apps/openssl.c | 3 + include/openssl/ssl.h| 10 +- include/openssl/ssl3.h | 2 +- include/openssl/tls1.h | 34 -- ssl/d1_lib.c | 14 +-- ssl/record/rec_layer_d1.c| 2 +- ssl/record/rec_layer_s3.c| 16 --- ssl/s3_lib.c | 23 +++-- ssl/ssl_err.c| 2 - ssl/ssl_locl.h | 5 - ssl/ssl_utst.c | 1 - ssl/t1_lib.c | 216 ++- ssl/t1_trce.c| 4 +- test/heartbeat_test.c| 95 - test/recipes/90-test_heartbeat.t | 2 +- 17 files changed, 95 insertions(+), 340 deletions(-) diff --git a/CHANGES b/CHANGES index cb71a13..29a00bc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.2f and 1.1.0 [xx XXX ] + *) Heartbeat for TLS has been removed and is disabled by default + for DTLS; configure with enable-heartbeats. Code that uses the + old #define's might need to be updated. + [Emilia Käsper, Rich Salz] + *) Rename REF_CHECK to REF_DEBUG. [Rich Salz] diff --git a/Configure b/Configure index 4198ff7..3dc6a42 100755 --- a/Configure +++ b/Configure @@ -318,6 +318,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "unit-test" => "default", "zlib" => "default", "crypto-mdebug" => "default", +"heartbeats" => "default", ); my @experimental = (); diff --git a/apps/openssl.c b/apps/openssl.c index e9c24d0..732cdf1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -748,6 +748,9 @@ static void list_disabled(void) #ifdef OPENSSL_NO_GOST BIO_puts(bio_out, "GOST\n"); #endif +#ifdef OPENSSL_NO_HEARTBEATS +BIO_puts(bio_out, "HEARTBEATS\n"); +#endif #ifdef OPENSSL_NO_HMAC BIO_puts(bio_out, "HMAC\n"); #endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c4b9826..d51c2d4 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -601,7 +601,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op); # ifndef OPENSSL_NO_HEARTBEATS # define SSL_heartbeat(ssl) \ -SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) +SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) # endif # define SSL_CTX_set_cert_flags(ctx,op) \ @@ -1177,9 +1177,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 # ifndef OPENSSL_NO_HEARTBEATS -# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS87 # endif # define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_HANDLE_TIMEOUT74 @@ -2125,11 +2125,9 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL314 # define SSL_F_TLS1_GET_CURVELIST 338 -# define SSL_F_TLS1_HEARTBEAT 315 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT275 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT276 # define SSL_F_TLS1_PRF 284 -# define SSL_F_TLS1_PROCESS_HEARTBEAT 341 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 # define SSL_F_TLS1_SET_SERVER_SIGALGS335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 325fa94..ecbe247 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -306,7 +306,7 @@ extern "C" { # define SSL3_RT_ALERT 21 # define SSL3_RT_HANDSHAKE 22 #
[openssl-commits] [openssl] master update
The branch master has been updated via f3f1cf8444f439c0be9de04bf3821a20d00fd956 (commit) from 7823d792d0cad3b44ad5389a8d3381becefe7f44 (commit) - Log - commit f3f1cf8444f439c0be9de04bf3821a20d00fd956 Author: Rich SalzDate: Sat Jan 30 12:04:25 2016 -0500 Move to REF_DEBUG, for consistency. Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: Richard Levitte --- Summary of changes: CHANGES | 3 +++ Configurations/10-main.conf | 12 ++-- Configurations/90-team.conf | 8 Configurations/99-personal-ben.conf | 8 Configure | 2 +- Makefile.in | 2 +- crypto/asn1/tasn_utl.c | 7 ++- crypto/asn1/x_info.c| 11 ++- crypto/asn1/x_pkey.c| 11 ++- crypto/bio/bio_err.c| 2 ++ crypto/bio/bio_lib.c| 11 ++- crypto/dh/dh_lib.c | 23 +-- crypto/dsa/dsa_lib.c| 23 +-- crypto/dso/dso_lib.c| 11 ++- crypto/ec/ec_key.c | 23 +-- crypto/engine/eng_init.c| 7 +-- crypto/engine/eng_lib.c | 7 +-- crypto/err/err.c| 25 +++-- crypto/evp/p_lib.c | 11 ++- crypto/lock.c | 2 +- crypto/rsa/rsa_lib.c| 23 +-- crypto/x509/x509_lu.c | 11 ++- e_os.h | 25 ++--- include/openssl/bio.h | 1 + ssl/ssl_cert.c | 11 ++- ssl/ssl_conf.c | 3 --- ssl/ssl_lib.c | 31 ++- ssl/ssl_sess.c | 11 ++- util/pl/linux.pl| 2 +- util/pl/ultrix.pl | 2 +- 30 files changed, 104 insertions(+), 225 deletions(-) diff --git a/CHANGES b/CHANGES index eb6ee3f..cb71a13 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 1.0.2f and 1.1.0 [xx XXX ] + *) Rename REF_CHECK to REF_DEBUG. + [Rich Salz] + *) New "unified" build system The "unified" build system is aimed to be a common system for all diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 07e1d6a..cda7e21 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -26,7 +26,7 @@ "vos-gcc" => { cc => "gcc", cflags => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN", -debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG", +debug_cflags => "-O0 -g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG", release_cflags => "-O3", thread_cflag => "(unknown)", sys_id => "VOS", @@ -134,7 +134,7 @@ # -mcpu=ultrasparc inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ], cflags => add_before(" ", "-m32 -mcpu=ultrasparc"), -debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__", +debug_cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__", }, "solaris64-sparcv9-gcc" => { inherit_from => [ "solaris-sparcv9-gcc" ], @@ -152,7 +152,7 @@ inherit_from => [ "solaris-common" ], cc => "cc", cflags => add_before("-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W"), -debug_cflags => "-g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG", +debug_cflags => "-g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG", release_cflags => "-xO5 -xdepend", thread_cflag => "-D_REENTRANT", lflags => add("-mt"), @@ -496,7 +496,7 @@ "linux-generic32" => { cc => "gcc", cflags => "-Wall", -debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG", +debug_cflags => "-O0 -g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG", release_cflags => "-O3", thread_cflag => "-pthread", ex_libs => "-ldl", @@ -607,7 +607,7 @@ inherit_from => [ "linux-generic32", asm("x86_elf_asm") ], cc => "gcc", cflags => "-march=i486 -DL_ENDIAN -Wall", -debug_cflags => "-O0 -g -DBN_DEBUG
[openssl-commits] Build failed: openssl ct_api.27
Build openssl ct_api.27 failed Commit b43c347141 by Rob Percival on 2/11/2016 2:44 PM: WIP: Certificate Transparency Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#1696 (master - 210ac68)
Build Update for openssl/openssl - Build: #1696 Status: Still Failing Duration: 1 hour, 22 minutes, and 52 seconds Commit: 210ac68 (master) Author: Matt Caswell Message: Fix errstr error code parsing Error codes are printed in hex, and previous OpenSSL versions expected the error codes to be provided to errstr in hex. In 1.1.0, for some reason, it was expecting them to be decimal. Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/124cbe188753...210ac6824670 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/108486158 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 24f0b10462792c202a0fe1952974fcace1e2c563 (commit) from 22e3dcb7808bb06cd18c3231e34a5930e796cc48 (commit) - Log - commit 24f0b10462792c202a0fe1952974fcace1e2c563 Author: Rich SalzDate: Thu Feb 11 13:16:14 2016 -0500 Don't add filename comment. Reviewed-by: Richard Levitte --- Summary of changes: util/mkerr.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index 7e84de9..13c9974 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -602,7 +602,6 @@ EOF open (OUT,">$cfile") || die "Can't open $cfile for writing"; print OUT <<"EOF"; -/* $cfile */ /* * Copyright (c) 1999-$year The OpenSSL Project. All rights reserved. * _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits