[openssl-commits] Build failed: openssl master.1480

2016-02-25 Thread AppVeyor 



Build openssl master.1480 failed


Commit 528d0df208 by J Mohan Rao Arisankala on 2/26/2016 6:07 AM:

remove unused macros in list -disabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_ssl.93

2016-02-25 Thread AppVeyor 



Build openssl ct_ssl.93 failed


Commit fff0fe5705 by Rob Percival on 2/25/2016 3:42 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.92

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.92 failed


Commit 028be740ef by Rob Percival on 2/25/2016 3:42 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2093 (master - 2cf28d6)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2093
Status: Errored

Duration: 1 hour, 32 minutes, and 29 seconds
Commit: 2cf28d6 (master)
Author: Dr. Stephen Henson
Message: Remove unused parameter in ssl_set_masks().

The ssl_set_masks() function no longer depends on the cipher. This
also means there is no need to set the masks for each cipher in
ssl3_choose_cipher.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/8c73aeb61e6d...2cf28d6127fd

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/111380757

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1479

2016-02-25 Thread AppVeyor 



Build openssl master.1479 failed


Commit 9666ffb333 by Rich Salz on 2/26/2016 2:48 AM:

Update test build/run for unified


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.90

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.90 failed


Commit 0fe99b6a3b by Rob Percival on 2/25/2016 2:59 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ctnextpatch.89

2016-02-25 Thread AppVeyor 



Build openssl ctnextpatch.89 failed


Commit 27b6b0a49d by Rob Percival on 2/25/2016 2:40 PM:

Addresses review comments from richsalz


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.89

2016-02-25 Thread AppVeyor 



Build openssl ct_verify.89 failed


Commit bd2ab2a3cb by Rob Percival on 2/25/2016 2:48 PM:

Fixes potential double free and memory leak in ct_b64.c


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.87

2016-02-25 Thread AppVeyor 



Build openssl ct_policy.87 failed


Commit 89c92fa5f3 by Rob Percival on 2/25/2016 2:48 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_api.86

2016-02-25 Thread AppVeyor 



Build openssl ct_api.86 failed


Commit 1cc402fe40 by Rob Percival on 2/25/2016 2:46 PM:

Fix for potential deferencing of null pointer in o2i_SCT_signature


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  9666ffb33321ea9a5ef166d3a297bb46e40e587e (commit)
  from  9cb177301fdab492e4cfef376b28339afe3ef663 (commit)


- Log -
commit 9666ffb33321ea9a5ef166d3a297bb46e40e587e
Author: Rich Salz 
Date:   Thu Feb 25 16:48:36 2016 -0500

Update test build/run for unified

Reviewed-by: Richard Levitte 

---

Summary of changes:
 test/build.info | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/build.info b/test/build.info
index 39b052f..f8ce69e 100644
--- a/test/build.info
+++ b/test/build.info
@@ -13,7 +13,7 @@ PROGRAMS=\
 danetest heartbeat_test p5_crpt2_test \
 constant_time_test verify_extra_test clienthellotest \
 packettest asynctest secmemtest srptest memleaktest \
-dtlsv1listentest
+dtlsv1listentest ct_test
 
 SOURCE[nptest]=nptest.c
 INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
@@ -202,3 +202,7 @@ DEPEND[memleaktest]=../libcrypto
 SOURCE[dtlsv1listentest]=dtlsv1listentest.c
 INCLUDE[dtlsv1listentest]={- rel2abs(catdir($builddir,"../include")) -} .. 
../include
 DEPEND[dtlsv1listentest]=../libssl
+
+SOURCE[ct_test]=ct_test.c
+INCLUDE[ct_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+DEPEND[ct_test]=../libcrypto
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.1474

2016-02-25 Thread AppVeyor 


Build openssl OpenSSL_1_0_2-stable.1474 completed



Commit 578b956fe7 by Matt Caswell on 2/25/2016 10:47 PM:

Fix memory issues in BIO_*printf functions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.85

2016-02-25 Thread AppVeyor 



Build openssl master.85 failed


Commit 37529928fa by Richard Levitte on 2/25/2016 1:50 PM:

Solaris DSOs were still named libFOO.so, fixed


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.84

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.84 failed


Commit ff1fb3a51e by Rob Percival on 2/25/2016 2:09 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#62 (OOB-fix - 317d12e)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #62
Status: Errored

Duration: 1 hour, 55 minutes, and 32 seconds
Commit: 317d12e (OOB-fix)
Author: FdaSilvaYY
Message: Fix pseudo-OOB in apps code

Seen in Travis logs
...
Client cipher list:
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-
 
GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA:
s_cb.c:1077:41:
runtime error: index 18446744073709551614 out of bounds for type 'const
unsigned char [3]'
SUMMARY: AddressSanitizer: undefined-behavior
s_cb.c:1077



View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3f8aa35bbe18...317d12e9383b

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111872561

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.83

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.83 failed


Commit faaba93914 by Rob Percival on 2/25/2016 2:08 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-02-25 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  578b956fe741bf8e84055547b1e83c28dd902c73 (commit)
  from  259b664f950c2ba66fbf4b0fe5281327904ead21 (commit)


- Log -
commit 578b956fe741bf8e84055547b1e83c28dd902c73
Author: Matt Caswell 
Date:   Thu Feb 25 13:09:46 2016 +

Fix memory issues in BIO_*printf functions

The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/bio/b_print.c | 187 ---
 1 file changed, 116 insertions(+), 71 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 7c81e25..90248fa 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -125,16 +125,16 @@
 # define LLONG long
 #endif
 
-static void fmtstr(char **, char **, size_t *, size_t *,
-   const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
-   LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
-  LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-  size_t *maxlen, size_t *retlen, int *truncated,
-  const char *format, va_list args);
+static int fmtstr(char **, char **, size_t *, size_t *,
+  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+  LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
 
 /* format read states */
 #define DP_S_DEFAULT0
@@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
 
-static void
+static int
 _dopr(char **sbuffer,
   char **buffer,
   size_t *maxlen,
@@ -196,7 +196,8 @@ _dopr(char **sbuffer,
 if (ch == '%')
 state = DP_S_FLAGS;
 else
-doapr_outch(sbuffer, buffer, , maxlen, ch);
+if(!doapr_outch(sbuffer, buffer, , maxlen, ch))
+return 0;
 ch = *format++;
 break;
 case DP_S_FLAGS:
@@ -302,8 +303,9 @@ _dopr(char **sbuffer,
 value = va_arg(args, int);
 break;
 }
-fmtint(sbuffer, buffer, , maxlen,
-   value, 10, min, max, flags);
+if (!fmtint(sbuffer, buffer, , maxlen, value, 10, min,
+max, flags))
+return 0;
 break;
 case 'X':
 flags |= DP_F_UP;
@@ -326,17 +328,19 @@ _dopr(char **sbuffer,
 value = (LLONG) va_arg(args, unsigned int);
 break;
 }

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-02-25 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  a801bf263849a2ef773e5bc0c86438cbba720835 (commit)
  from  59a908f1e8380412a81392c468b83bf6071beb2a (commit)


- Log -
commit a801bf263849a2ef773e5bc0c86438cbba720835
Author: Matt Caswell 
Date:   Thu Feb 25 13:09:46 2016 +

Fix memory issues in BIO_*printf functions

The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov 
(cherry picked from commit 578b956fe741bf8e84055547b1e83c28dd902c73)

---

Summary of changes:
 crypto/bio/b_print.c | 187 ---
 1 file changed, 116 insertions(+), 71 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 7c81e25..90248fa 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -125,16 +125,16 @@
 # define LLONG long
 #endif
 
-static void fmtstr(char **, char **, size_t *, size_t *,
-   const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
-   LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
-  LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-  size_t *maxlen, size_t *retlen, int *truncated,
-  const char *format, va_list args);
+static int fmtstr(char **, char **, size_t *, size_t *,
+  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+  LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
 
 /* format read states */
 #define DP_S_DEFAULT0
@@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
 
-static void
+static int
 _dopr(char **sbuffer,
   char **buffer,
   size_t *maxlen,
@@ -196,7 +196,8 @@ _dopr(char **sbuffer,
 if (ch == '%')
 state = DP_S_FLAGS;
 else
-doapr_outch(sbuffer, buffer, , maxlen, ch);
+if(!doapr_outch(sbuffer, buffer, , maxlen, ch))
+return 0;
 ch = *format++;
 break;
 case DP_S_FLAGS:
@@ -302,8 +303,9 @@ _dopr(char **sbuffer,
 value = va_arg(args, int);
 break;
 }
-fmtint(sbuffer, buffer, , maxlen,
-   value, 10, min, max, flags);
+if (!fmtint(sbuffer, buffer, , maxlen, value, 10, min,
+max, flags))
+return 0;
 break;
 case 'X':
 flags |= DP_F_UP;
@@ -326,17 +328,19 @@ _dopr(char **sbuffer,
 value = (LLONG)

[openssl-commits] [openssl] master update

2016-02-25 Thread Matt Caswell 
The branch master has been updated
   via  9cb177301fdab492e4cfef376b28339afe3ef663 (commit)
  from  069c3c0908dfa8418753d0c25890a9d4fb67178d (commit)


- Log -
commit 9cb177301fdab492e4cfef376b28339afe3ef663
Author: Matt Caswell 
Date:   Thu Feb 25 13:09:46 2016 +

Fix memory issues in BIO_*printf functions

The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/bio/b_print.c | 187 ---
 1 file changed, 116 insertions(+), 71 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index f45fb10..17ea8af 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -124,16 +124,16 @@
 # define LLONG long
 #endif
 
-static void fmtstr(char **, char **, size_t *, size_t *,
-   const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
-   LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
-  LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-  size_t *maxlen, size_t *retlen, int *truncated,
-  const char *format, va_list args);
+static int fmtstr(char **, char **, size_t *, size_t *,
+  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+  LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
 
 /* format read states */
 #define DP_S_DEFAULT0
@@ -164,7 +164,7 @@ static void _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
 
-static void
+static int
 _dopr(char **sbuffer,
   char **buffer,
   size_t *maxlen,
@@ -195,7 +195,8 @@ _dopr(char **sbuffer,
 if (ch == '%')
 state = DP_S_FLAGS;
 else
-doapr_outch(sbuffer, buffer, , maxlen, ch);
+if(!doapr_outch(sbuffer, buffer, , maxlen, ch))
+return 0;
 ch = *format++;
 break;
 case DP_S_FLAGS:
@@ -301,8 +302,9 @@ _dopr(char **sbuffer,
 value = va_arg(args, int);
 break;
 }
-fmtint(sbuffer, buffer, , maxlen,
-   value, 10, min, max, flags);
+if (!fmtint(sbuffer, buffer, , maxlen, value, 10, min,
+max, flags))
+return 0;
 break;
 case 'X':
 flags |= DP_F_UP;
@@ -325,17 +327,19 @@ _dopr(char **sbuffer,
 value = (LLONG) va_arg(args, unsigned int);
 break;
 }
-

[openssl-commits] Build failed: openssl ct_ssl.82

2016-02-25 Thread AppVeyor 



Build openssl ct_ssl.82 failed


Commit fcd34603f4 by Rob Percival on 2/25/2016 2:08 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2088 (master - 8c73aeb)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2088
Status: Errored

Duration: 1 hour, 34 minutes, and 54 seconds
Commit: 8c73aeb (master)
Author: Viktor Dukhovni
Message: Update documentation of SSL METHODs and ciphers

Reviewed-by: Kurt Roeckx 

View the changeset: 
https://github.com/openssl/openssl/compare/1cb7757ee7fd...8c73aeb61e6d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/111348807

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#61 (OOB-fix - 3f8aa35)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #61
Status: Canceled

Duration: 5 minutes and 5 seconds
Commit: 3f8aa35 (OOB-fix)
Author: FdaSilvaYY
Message: Fix pseudo-OOB in apps code

Seen in Travis logs
...
Client cipher list:
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-
 
GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA:
s_cb.c:1077:41:
runtime error: index 18446744073709551614 out of bounds for type 'const
unsigned char [3]'
SUMMARY: AddressSanitizer: undefined-behavior
s_cb.c:1077



View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/50f16dfd5fc2...3f8aa35bbe18

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111844068

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1471

2016-02-25 Thread AppVeyor 



Build openssl master.1471 failed


Commit 069c3c0908 by FdaSilvaYY on 2/25/2016 8:23 PM:

fix "no-engine" build of test fixture


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.80

2016-02-25 Thread AppVeyor 



Build openssl ct_verify.80 failed


Commit feccd7e0ce by Rob Percival on 2/25/2016 1:33 PM:

Fixes potential double free and memory leak in ct_b64.c


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#60 (ENGINE_finish_upg - 5baa798)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #60
Status: Canceled

Duration: 10 minutes and 51 seconds
Commit: 5baa798 (ENGINE_finish_upg)
Author: FdaSilvaYY
Message: fix "no-engine" build of test fixture

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/431959d7d7af...5baa7986cbd5

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111843943

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#58 (no-engine-build - 3bd525d)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #58
Status: Canceled

Duration: ?
Commit: 3bd525d (no-engine-build)
Author: FdaSilvaYY
Message: fix "no-engine" build of test fixture

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3e607b67a51a^...3bd525d12885

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111838134

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#60 (ENGINE_finish_upg - 5baa798)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #60
Status: Canceled

Duration: 10 minutes and 47 seconds
Commit: 5baa798 (ENGINE_finish_upg)
Author: FdaSilvaYY
Message: fix "no-engine" build of test fixture

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/431959d7d7af...5baa7986cbd5

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111843943

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#60 (ENGINE_finish_upg - 5baa798)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #60
Status: Canceled

Duration: 10 minutes and 49 seconds
Commit: 5baa798 (ENGINE_finish_upg)
Author: FdaSilvaYY
Message: fix "no-engine" build of test fixture

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/431959d7d7af...5baa7986cbd5

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111843943

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 90

2016-02-25 Thread AppVeyor 



Build openssl 90 failed


Commit 2a96be3f3b by Alessandro Ghedini on 2/25/2016 6:09 PM:

Implement new multi-threading API


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  069c3c0908dfa8418753d0c25890a9d4fb67178d (commit)
   via  b6a8916102b9bf84b33ade2030079d76d9ba60f6 (commit)
  from  7c96dbcdab959fef74c4caae63cdebaa354ab252 (commit)


- Log -
commit 069c3c0908dfa8418753d0c25890a9d4fb67178d
Author: FdaSilvaYY 
Date:   Thu Feb 25 20:55:51 2016 +0100

fix "no-engine" build of test fixture

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit b6a8916102b9bf84b33ade2030079d76d9ba60f6
Author: FdaSilvaYY 
Date:   Thu Feb 25 20:54:40 2016 +0100

Add some 'no-engine' builds to travis, for test

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

---

Summary of changes:
 .travis.yml | 16 
 test/dtlsv1listentest.c |  4 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 49cf782..cf8c442 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -49,6 +49,15 @@ matrix:
 - os: linux
   compiler: gcc-5
   env: CONFIG_OPTS="no-asm --debug --strict-warnings 
-fno-sanitize-recover -fsanitize=address -fsanitize=undefined 
enable-crypto-mdebug enable-rc5 enable-md2"
+- os: linux
+  compiler: clang-3.6
+  env: CONFIG_OPTS="no-engine"
+- os: linux
+  compiler: gcc
+  env: CONFIG_OPTS="no-engine"
+- os: linux
+  compiler: gcc-5
+  env: CONFIG_OPTS="no-engine"
 exclude:
 - os: osx
   compiler: clang-3.6
@@ -85,6 +94,12 @@ matrix:
   env: CONFIG_OPTS="--unified --debug --strict-warnings 
enable-crypto-mdebug enable-rc5 enable-md2"
 - compiler: x86_64-w64-mingw32-gcc
   env: CONFIG_OPTS="--unified --debug --strict-warnings 
enable-crypto-mdebug enable-rc5 enable-md2"
+- compiler: clang-3.6
+  env: CONFIG_OPTS="no-engine"
+- compiler: gcc-5
+  env: CONFIG_OPTS="no-engine"
+- compiler: gcc
+  env: CONFIG_OPTS="no-engine"
 
 before_script:
 - sh .travis-create-release.sh $TRAVIS_OS_NAME
@@ -113,3 +128,4 @@ script:
 notifications:
 email:
 - openssl-commits@openssl.org
+
diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
index 78ac83a..6eef1b5 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -60,7 +60,9 @@
 #include 
 #include 
 #include 
-#include 
+#ifndef OPENSSL_NO_ENGINE
+ #include 
+#endif
 #include "e_os.h"
 
 /* Just a ClientHello without a cookie */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  7c96dbcdab959fef74c4caae63cdebaa354ab252 (commit)
  from  07b3ce8f8029f647c1babf0d8a03599885e7e284 (commit)


- Log -
commit 7c96dbcdab959fef74c4caae63cdebaa354ab252
Author: Rich Salz 
Date:   Thu Feb 25 12:09:06 2016 -0500

GH715: ENGINE_finish can take NULL

Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/genpkey.c   |  3 +--
 apps/req.c   |  6 ++
 crypto/asn1/d2i_pr.c |  6 ++
 crypto/dh/dh_lib.c   | 14 +-
 crypto/dsa/dsa_lib.c |  8 +++-
 crypto/ec/ec_key.c   |  5 ++---
 crypto/ec/ec_kmeth.c |  6 ++
 crypto/engine/eng_cnf.c  |  1 +
 crypto/engine/eng_init.c |  6 ++
 crypto/evp/digest.c  | 21 -
 crypto/evp/evp_enc.c |  7 +--
 crypto/evp/p_lib.c   | 19 +++
 crypto/evp/pmeth_lib.c   | 10 ++
 crypto/pem/pem_lib.c |  3 +--
 crypto/rand/rand_lib.c   | 10 --
 crypto/rsa/rsa_lib.c |  8 +++-
 ssl/ssl_ciph.c   |  3 +--
 ssl/ssl_lib.c|  3 +--
 18 files changed, 48 insertions(+), 91 deletions(-)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index 905eb19..ca5d848 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -317,8 +317,7 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
 
 EVP_PKEY_asn1_get0_info(_id, NULL, NULL, NULL, NULL, ameth);
 #ifndef OPENSSL_NO_ENGINE
-if (tmpeng)
-ENGINE_finish(tmpeng);
+ENGINE_finish(tmpeng);
 #endif
 ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
 
diff --git a/apps/req.c b/apps/req.c
index 28ed036..693acc2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1376,8 +1376,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 
 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
 #ifndef OPENSSL_NO_ENGINE
-if (tmpeng)
-ENGINE_finish(tmpeng);
+ENGINE_finish(tmpeng);
 #endif
 if (*pkey_type == EVP_PKEY_RSA) {
 if (p) {
@@ -1434,8 +1433,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, , ameth);
 *palgnam = OPENSSL_strdup(anam);
 #ifndef OPENSSL_NO_ENGINE
-if (tmpeng)
-ENGINE_finish(tmpeng);
+ENGINE_finish(tmpeng);
 #endif
 }
 
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index bfbe209..e405b83 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -82,10 +82,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const 
unsigned char **pp,
 } else {
 ret = *a;
 #ifndef OPENSSL_NO_ENGINE
-if (ret->engine) {
-ENGINE_finish(ret->engine);
-ret->engine = NULL;
-}
+ENGINE_finish(ret->engine);
+ret->engine = NULL;
 #endif
 }
 
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 9167d69..58280d8 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -88,10 +88,8 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
 if (mtmp->finish)
 mtmp->finish(dh);
 #ifndef OPENSSL_NO_ENGINE
-if (dh->engine) {
-ENGINE_finish(dh->engine);
-dh->engine = NULL;
-}
+ENGINE_finish(dh->engine);
+dh->engine = NULL;
 #endif
 dh->meth = meth;
 if (meth->init)
@@ -126,7 +124,7 @@ DH *DH_new_method(ENGINE *engine)
 ret->engine = ENGINE_get_default_DH();
 if (ret->engine) {
 ret->meth = ENGINE_get_DH(ret->engine);
-if (!ret->meth) {
+if (ret->meth == NULL) {
 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
 ENGINE_finish(ret->engine);
 OPENSSL_free(ret);
@@ -140,8 +138,7 @@ DH *DH_new_method(ENGINE *engine)
 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, >ex_data);
 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
 #ifndef OPENSSL_NO_ENGINE
-if (ret->engine)
-ENGINE_finish(ret->engine);
+ENGINE_finish(ret->engine);
 #endif
 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, >ex_data);
 OPENSSL_free(ret);
@@ -165,8 +162,7 @@ void DH_free(DH *r)
 if (r->meth->finish)
 r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-if (r->engine)
-ENGINE_finish(r->engine);
+ENGINE_finish(r->engine);
 #endif
 
 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, >ex_data);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 26a5d28..9f4ddfd 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -99,10 +99,8 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
 if (mtmp->finish)
 mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
-if (dsa->engine) {
-ENGINE_finish(dsa->engine);
-dsa->engine =

[openssl-commits] Build failed: openssl ct_ssl.79

2016-02-25 Thread AppVeyor 



Build openssl ct_ssl.79 failed


Commit 7c5cfb4f45 by Rob Percival on 2/25/2016 1:22 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#55 (OOB-fix - bf9476d)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #55
Status: Canceled

Duration: 2 minutes and 18 seconds
Commit: bf9476d (OOB-fix)
Author: FdaSilvaYY
Message: Fix OOB in apps code

Seen in Travis logs
...
Client cipher list:
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-
 
GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA:
s_cb.c:1077:41:
runtime error: index 18446744073709551614 out of bounds for type 'const
unsigned char [3]'
SUMMARY: AddressSanitizer: undefined-behavior
s_cb.c:1077

#   Failed test 'Missing CertificateStatus message'
#   at ../test/recipes/70-test_sslcertstatus.t line 84.


View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3f7ecf72c1e2...bf9476dbffbe

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111829505

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#55 (OOB-fix - bf9476d)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #55
Status: Canceled

Duration: 2 minutes and 17 seconds
Commit: bf9476d (OOB-fix)
Author: FdaSilvaYY
Message: Fix OOB in apps code

Seen in Travis logs
...
Client cipher list:
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-
 
GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA:
s_cb.c:1077:41:
runtime error: index 18446744073709551614 out of bounds for type 'const
unsigned char [3]'
SUMMARY: AddressSanitizer: undefined-behavior
s_cb.c:1077

#   Failed test 'Missing CertificateStatus message'
#   at ../test/recipes/70-test_sslcertstatus.t line 84.


View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3f7ecf72c1e2...bf9476dbffbe

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111829505

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#55 (OOB-fix - bf9476d)

2016-02-25 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #55
Status: Canceled

Duration: 2 minutes and 17 seconds
Commit: bf9476d (OOB-fix)
Author: FdaSilvaYY
Message: Fix OOB in apps code

Seen in Travis logs
...
Client cipher list:
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-
 
GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA:
s_cb.c:1077:41:
runtime error: index 18446744073709551614 out of bounds for type 'const
unsigned char [3]'
SUMMARY: AddressSanitizer: undefined-behavior
s_cb.c:1077

#   Failed test 'Missing CertificateStatus message'
#   at ../test/recipes/70-test_sslcertstatus.t line 84.


View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3f7ecf72c1e2...bf9476dbffbe

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/111829505

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  07b3ce8f8029f647c1babf0d8a03599885e7e284 (commit)
  from  5dc312215fa54b70cc8b4baec933bcc19525bc03 (commit)


- Log -
commit 07b3ce8f8029f647c1babf0d8a03599885e7e284
Author: Rich Salz 
Date:   Thu Feb 25 14:05:35 2016 -0500

Fix unified build after CT reorg

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/ct/build.info | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ct/build.info b/crypto/ct/build.info
index 6c59495..2007715 100644
--- a/crypto/ct/build.info
+++ b/crypto/ct/build.info
@@ -1,2 +1,2 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]= ct_lib.c ct_err.c
+SOURCE[../../libcrypto]= ct_lib.c ct_err.c ct_oct.c ct_prn.c
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  5dc312215fa54b70cc8b4baec933bcc19525bc03 (commit)
   via  5ad29c54082ae0e00f389b2373c7ca065d3860ad (commit)
  from  5d3222876e7cbd8bf87fb3b9c951cba3c9be08eb (commit)


- Log -
commit 5dc312215fa54b70cc8b4baec933bcc19525bc03
Author: Rob Percival 
Date:   Mon Feb 22 16:51:44 2016 +

Tests for parsing and printing certificates containing SCTs

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

commit 5ad29c54082ae0e00f389b2373c7ca065d3860ad
Author: Adam Eijdenberg 
Date:   Fri Dec 4 10:49:14 2015 -0800

Add more CT utility routines to be used as part of larger patch.

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/ct/Makefile.in|   4 +-
 crypto/ct/ct_err.c   |  19 +-
 crypto/ct/ct_lib.c   |  72 +++-
 crypto/ct/ct_oct.c   | 535 +++
 crypto/{asn1/tasn_scn.c => ct/ct_prn.c}  | 105 +++---
 crypto/include/internal/ct_int.h | 138 ++-
 crypto/x509v3/Makefile.in|   4 +-
 crypto/x509v3/build.info |   2 +-
 crypto/x509v3/v3_lib.c   |   1 +
 crypto/x509v3/v3_scts.c  | 299 ---
 test/Makefile.in |  10 +-
 test/certs/embeddedSCTs1.pem |  20 +
 test/certs/embeddedSCTs1.sct |  12 +
 test/certs/embeddedSCTs3.pem |  44 +++
 test/certs/embeddedSCTs3.sct |  36 ++
 test/ct/tls1.sct |  12 +
 test/ct_test.c   | 404 
 test/recipes/{90-test_ige.t => 80-test_ct.t} |   3 +-
 18 files changed, 1364 insertions(+), 356 deletions(-)
 create mode 100644 crypto/ct/ct_oct.c
 copy crypto/{asn1/tasn_scn.c => ct/ct_prn.c} (52%)
 delete mode 100644 crypto/x509v3/v3_scts.c
 create mode 100644 test/certs/embeddedSCTs1.pem
 create mode 100644 test/certs/embeddedSCTs1.sct
 create mode 100644 test/certs/embeddedSCTs3.pem
 create mode 100644 test/certs/embeddedSCTs3.sct
 create mode 100644 test/ct/tls1.sct
 create mode 100644 test/ct_test.c
 copy test/recipes/{90-test_ige.t => 80-test_ct.t} (56%)

diff --git a/crypto/ct/Makefile.in b/crypto/ct/Makefile.in
index 100179d..7e58c3b 100644
--- a/crypto/ct/Makefile.in
+++ b/crypto/ct/Makefile.in
@@ -15,8 +15,8 @@ CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
 GENERAL=Makefile
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= ct_lib.c ct_err.c
-LIBOBJ= ct_lib.o ct_err.o
+LIBSRC= ct_lib.c ct_err.c ct_oct.c ct_prn.c
+LIBOBJ= ct_lib.o ct_err.o ct_oct.o ct_prn.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c
index 1657764..b2ba432 100644
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
@@ -1,5 +1,6 @@
+/* ct_err.c */
 /* 
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -69,16 +70,32 @@
 # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CT,0,reason)
 
 static ERR_STRING_DATA CT_str_functs[] = {
+{ERR_FUNC(CT_F_D2I_SCT_LIST), "d2i_SCT_LIST"},
+{ERR_FUNC(CT_F_I2D_SCT_LIST), "i2d_SCT_LIST"},
+{ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},
+{ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"},
+{ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"},
+{ERR_FUNC(CT_F_O2I_SCT), "o2i_SCT"},
+{ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
+{ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
 {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
 {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
+{ERR_FUNC(CT_F_SCT_SET1_EXTENSIONS), "SCT_set1_extensions"},
+{ERR_FUNC(CT_F_SCT_SET1_LOG_ID), "SCT_set1_log_id"},
+{ERR_FUNC(CT_F_SCT_SET1_SIGNATURE), "SCT_set1_signature"},
 {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
 {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
 {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
+{ERR_FUNC(CT_F_SCT_SIGNATURE_IS_VALID), "SCT_signature_is_valid"},
 {0, NULL}
 };
 
 static ERR_STRING_DATA CT_str_reasons[] = {
 {ERR_REASON(CT_R_INVALID_LOG_ID_LENGTH), "invalid log id length"},
+{ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},
+{ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},
+{ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},
+{ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"},

[openssl-commits] Build failed: openssl ct_x509_log_names.77

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.77 failed


Commit 5b5cfe1a74 by Rob Percival on 2/25/2016 1:22 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.76

2016-02-25 Thread AppVeyor 



Build openssl ct_verify.76 failed


Commit 13c4f9a8a5 by Rob Percival on 2/25/2016 1:22 PM:

Fixes potential double free and memory leak in ct_b64.c


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.75

2016-02-25 Thread AppVeyor 



Build openssl ct_verify.75 failed


Commit dfa56c7dea by Rob Percival on 2/25/2016 12:25 PM:

Fixes potential double free and memory leak in ct_b64.c


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  5d3222876e7cbd8bf87fb3b9c951cba3c9be08eb (commit)
  from  f2adbd85ddb86e508efe84a85fb7a01aad4ea47a (commit)


- Log -
commit 5d3222876e7cbd8bf87fb3b9c951cba3c9be08eb
Author: Rich Salz 
Date:   Thu Feb 25 00:56:35 2016 -0500

GH463: Fix OPENSSL_NO_OCSP build

Fixes github issue 463.  Building the app without OPENSSL_NO_SOCK
isn't supported, so only do OPENSSL_NO_OCSP.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 apps/apps.c | 8 +++-
 apps/apps.h | 1 -
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 34fd391..5ad090a 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -627,7 +627,8 @@ static int load_pkcs12(BIO *in, const char *desc,
 return ret;
 }
 
-int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
+#ifndef OPENSSL_NO_OCSP
+static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
 {
 char *host = NULL, *port = NULL, *path = NULL;
 BIO *bio = NULL;
@@ -673,6 +674,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, 
X509_CRL **pcrl)
 }
 return rv;
 }
+#endif
 
 X509 *load_cert(const char *file, int format, const char *cert_descrip)
 {
@@ -680,7 +682,9 @@ X509 *load_cert(const char *file, int format, const char 
*cert_descrip)
 BIO *cert;
 
 if (format == FORMAT_HTTP) {
+#ifndef OPENSSL_NO_OCSP
 load_cert_crl_http(file, , NULL);
+#endif
 return x;
 }
 
@@ -719,7 +723,9 @@ X509_CRL *load_crl(const char *infile, int format)
 BIO *in = NULL;
 
 if (format == FORMAT_HTTP) {
+#ifndef OPENSSL_NO_OCSP
 load_cert_crl_http(infile, NULL, );
+#endif
 return x;
 }
 
diff --git a/apps/apps.h b/apps/apps.h
index 617c1f7..4540a63 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -477,7 +477,6 @@ int app_passwd(char *arg1, char *arg2, char **pass1, char 
**pass2);
 int add_oid_section(CONF *conf);
 X509 *load_cert(const char *file, int format, const char *cert_descrip);
 X509_CRL *load_crl(const char *infile, int format);
-int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
 EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
 EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  f2adbd85ddb86e508efe84a85fb7a01aad4ea47a (commit)
  from  6a99fde46b520637865a116e75f52514b39af16a (commit)


- Log -
commit f2adbd85ddb86e508efe84a85fb7a01aad4ea47a
Author: Rich Salz 
Date:   Thu Feb 25 00:12:57 2016 -0500

Fix indents

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 include/openssl/opensslconf.h.in | 26 +++---
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in
index 14ebe08..803cc16 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/opensslconf.h.in
@@ -23,19 +23,15 @@ extern "C" {
 }
 foreach (@{$config{openssl_api_defines}}) {
 (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/;
-$OUT .= "# define OPENSSL_MIN_API $value\n";
+$OUT .= "#define OPENSSL_MIN_API $value\n";
 }
 if (@{$config{openssl_algorithm_defines}}) {
   foreach (@{$config{openssl_algorithm_defines}}) {
-   $OUT .= "# ifndef $_\n";
-   $OUT .= "#  define $_\n";
-   $OUT .= "# endif\n";
+   $OUT .= "#ifndef $_\n";
+   $OUT .= "# define $_\n";
+   $OUT .= "#endif\n";
   }
 }
-"";
--}
-
-{-
 if (@{$config{openssl_thread_defines}}) {
   foreach (@{$config{openssl_thread_defines}}) {
$OUT .= "#ifndef $_\n";
@@ -74,13 +70,13 @@ extern "C" {
 #endif
 
 #ifndef OPENSSL_FILE
-#ifdef OPENSSL_NO_FILENAMES
-#define OPENSSL_FILE ""
-#define OPENSSL_LINE 0
-#else
-#define OPENSSL_FILE __FILE__
-#define OPENSSL_LINE __LINE__
-#endif
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
 #endif
 
 #ifndef OPENSSL_MIN_API
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 89

2016-02-25 Thread AppVeyor 



Build openssl 89 failed


Commit 6e6e17d404 by Alessandro Ghedini on 2/25/2016 1:30 PM:

Reimplement non-asm OPENSSL_cleanse()


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.75

2016-02-25 Thread AppVeyor 



Build openssl ct_x509_log_names.75 failed


Commit 80429ff053 by Rob Percival on 2/25/2016 12:30 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_mips_noasm #636

2016-02-25 Thread openssl . sanity 
See 

Changes:

[rsalz] GH235: Set error status on malloc failure

[rsalz] GH742: keep gost specific variable under macro

[Richard Levitte] Make it possible to build even if dependency files can't be 
generated

[Richard Levitte] Solaris DSOs were still named libFOO.so, fixed

[emilia] CVE-2016-0798: avoid memory leak in SRP

[rsalz] RT4116: Change cleanse to just memset

--
[...truncated 1318 lines...]
making all in crypto/ocsp...
make[2]: Entering directory 
`
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_asn.o ocsp_asn.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_ext.o ocsp_ext.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_ht.o ocsp_ht.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_lib.o ocsp_lib.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_cl.o ocsp_cl.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_srv.o ocsp_srv.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_prn.o ocsp_prn.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_vfy.o ocsp_vfy.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ocsp_err.o ocsp_err.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o v3_ocsp.o v3_ocsp.c
mips64-octeon-linux-gnu-ar  r ../../libcrypto.a ocsp_asn.o ocsp_ext.o ocsp_ht.o 
ocsp_lib.o ocsp_cl.o ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o v3_ocsp.o
/bin/ranlib ../../libcrypto.a || echo Never mind.
make[2]: Leaving directory 
`
making all in crypto/ui...
make[2]: Entering directory 
`
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3 -Wall 
-DBN_DIV3W -O3 -fPIC   -c -o ui_err.o ui_err.c
mips64-octeon-linux-gnu-gcc -I.. -I../.. -I../modes -I../include 
-I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines\""  -pthread -mabi=64 -O3

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  104ce8a9f02d250dd43c255eb7b8747e81b29422 (commit)
  from  380f18ed5f140e0ae1b68f3ab8f4f7c395658d9e (commit)


- Log -
commit 104ce8a9f02d250dd43c255eb7b8747e81b29422
Author: Rich Salz 
Date:   Thu Feb 25 08:29:52 2016 -0500

RT4116: Change cleanse to just memset

See also the discussion in https://github.com/openssl/openssl/pull/455

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/mem_clr.c | 25 +
 1 file changed, 9 insertions(+), 16 deletions(-)

diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
index e6450a1..3389919 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -59,23 +59,16 @@
 #include 
 #include 
 
-extern unsigned char cleanse_ctr;
-unsigned char cleanse_ctr = 0;
+/*
+ * Pointer to memset is volatile so that compiler must de-reference
+ * the pointer and can't assume that it points to any function in
+ * particular (such as memset, which it then might further "optimize")
+ */
+typedef void *(*memset_t)(void *,int,size_t);
+
+static volatile memset_t memset_func = memset;
 
 void OPENSSL_cleanse(void *ptr, size_t len)
 {
-unsigned char *p = ptr;
-size_t loop = len, ctr = cleanse_ctr;
-
-if (ptr == NULL)
-return;
-
-while (loop--) {
-*(p++) = (unsigned char)ctr;
-ctr += (17 + ((size_t)p & 0xF));
-}
-p = memchr(ptr, (unsigned char)ctr, len);
-if (p)
-ctr += (63 + (size_t)p);
-cleanse_ctr = (unsigned char)ctr;
+memset_func(ptr, 0, len);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-02-25 Thread Emilia Kasper 
The branch OpenSSL_1_0_1-stable has been updated
   via  59a908f1e8380412a81392c468b83bf6071beb2a (commit)
  from  3ee48ada8ce7a57b6ff185a0388aba1ae1a21684 (commit)


- Log -
commit 59a908f1e8380412a81392c468b83bf6071beb2a
Author: Emilia Kasper 
Date:   Wed Feb 24 12:59:59 2016 +0100

CVE-2016-0798: avoid memory leak in SRP

The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES  | 19 +-
 apps/s_server.c  | 39 ++-
 crypto/srp/srp.h | 10 +
 crypto/srp/srp_vfy.c | 57 +++-
 util/libeay.num  |  2 ++
 5 files changed, 107 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index cdc4e6f..b95a3ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,24 @@
 
  Changes between 1.0.1r and 1.0.1s [xx XXX ]
 
-  *)
+  *) Disable SRP fake user seed to address a server memory leak.
+
+ Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+ SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+ In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+ was changed to ignore the "fake user" SRP seed, even if the seed
+ is configured.
+
+ Users should use SRP_VBASE_get1_by_user instead. Note that in
+ SRP_VBASE_get1_by_user, caller must free the returned value. Note
+ also that even though configuring the SRP seed attempts to hide
+ invalid usernames by continuing the handshake with fake
+ credentials, this behaviour is not constant time and no strong
+ guarantees are made that the handshake is indistinguishable from
+ that of a valid user.
+ (CVE-2016-0798)
+ [Emilia Käsper]
 
  Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
 
diff --git a/apps/s_server.c b/apps/s_server.c
index a8aee77..a53cadd 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -416,6 +416,8 @@ typedef struct srpsrvparm_st {
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
 srpsrvparm *p = (srpsrvparm *) arg;
+int ret = SSL3_AL_FATAL;
+
 if (p->login == NULL && p->user == NULL) {
 p->login = SSL_get_srp_username(s);
 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@@ -424,21 +426,25 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, 
int *ad, void *arg)
 
 if (p->user == NULL) {
 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-return SSL3_AL_FATAL;
+goto err;
 }
+
 if (SSL_set_srp_server_param
 (s, p->user->N, p->user->g, p->user->s, p->user->v,
  p->user->info) < 0) {
 *ad = SSL_AD_INTERNAL_ERROR;
-return SSL3_AL_FATAL;
+goto err;
 }
 BIO_printf(bio_err,
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
p->login, p->user->info);
-/* need to check whether there are memory leaks */
+ret = SSL_ERROR_NONE;
+
+err:
+SRP_user_pwd_free(p->user);
 p->user = NULL;
 p->login = NULL;
-return SSL_ERROR_NONE;
+return ret;
 }
 
 #endif
@@ -2244,9 +2250,10 @@ static int sv_body(char *hostname, int s, unsigned char 
*context)
 #ifndef OPENSSL_NO_SRP
 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+SRP_user_pwd_free(srp_callback_parm.user);
 srp_callback_parm.user =
-SRP_VBASE_get_by_user(srp_callback_parm.vb,
-  srp_callback_parm.login);
+

[openssl-commits] [openssl] master update

2016-02-25 Thread Emilia Kasper 
The branch master has been updated
   via  380f18ed5f140e0ae1b68f3ab8f4f7c395658d9e (commit)
  from  37529928faa8456e85a9c5ad9255517da8dd0c61 (commit)


- Log -
commit 380f18ed5f140e0ae1b68f3ab8f4f7c395658d9e
Author: Emilia Kasper 
Date:   Wed Feb 24 12:59:59 2016 +0100

CVE-2016-0798: avoid memory leak in SRP

The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   | 15 +
 apps/s_server.c   | 44 --
 crypto/srp/srp_vfy.c  | 58 ++-
 include/openssl/srp.h | 12 ++-
 util/libeay.num   |  4 +++-
 5 files changed, 110 insertions(+), 23 deletions(-)

diff --git a/CHANGES b/CHANGES
index d849648..51e7b08 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,21 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX ]
 
+  *) Deprecate SRP_VBASE_get_by_user.
+ SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+ In order to fix an unavoidable memory leak (CVE-2016-0798),
+ SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP
+ seed, even if the seed is configured.
+
+ Users should use SRP_VBASE_get1_by_user instead. Note that in
+ SRP_VBASE_get1_by_user, caller must free the returned value. Note
+ also that even though configuring the SRP seed attempts to hide
+ invalid usernames by continuing the handshake with fake
+ credentials, this behaviour is not constant time and no strong
+ guarantees are made that the handshake is indistinguishable from
+ that of a valid user.
+ [Emilia Käsper]
+
   *) Configuration change; it's now possible to build dynamic engines
  without having to build shared libraries and vice versa.  This
  only applies to the engines in engines/, those in crypto/engine/
diff --git a/apps/s_server.c b/apps/s_server.c
index 1380628..6645dc8 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -352,6 +352,8 @@ typedef struct srpsrvparm_st {
 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
 srpsrvparm *p = (srpsrvparm *) arg;
+int ret = SSL3_AL_FATAL;
+
 if (p->login == NULL && p->user == NULL) {
 p->login = SSL_get_srp_username(s);
 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@@ -360,21 +362,25 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void 
*arg)
 
 if (p->user == NULL) {
 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-return SSL3_AL_FATAL;
+goto err;
 }
+
 if (SSL_set_srp_server_param
 (s, p->user->N, p->user->g, p->user->s, p->user->v,
  p->user->info) < 0) {
 *ad = SSL_AD_INTERNAL_ERROR;
-return SSL3_AL_FATAL;
+goto err;
 }
 BIO_printf(bio_err,
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
p->login, p->user->info);
-/* need to check whether there are memory leaks */
+ret = SSL_ERROR_NONE;
+
+err:
+SRP_user_pwd_free(p->user);
 p->user = NULL;
 p->login = NULL;
-return SSL_ERROR_NONE;
+return ret;
 }
 
 #endif
@@ -2325,9 +2331,10 @@ static int sv_body(int s, int stype, unsigned char 
*context)
 #ifndef OPENSSL_NO_SRP
 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+SRP_user_pwd_free(srp_callback_parm.user);
 srp_callback_parm.user =
-SRP_VBASE_get_by_user(srp_callback_parm.vb,
-  srp_callback_parm.login);
+

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-02-25 Thread Emilia Kasper 
The branch OpenSSL_1_0_2-stable has been updated
   via  259b664f950c2ba66fbf4b0fe5281327904ead21 (commit)
  from  64333004a41a9f4aa587b8e5401420fb70d00687 (commit)


- Log -
commit 259b664f950c2ba66fbf4b0fe5281327904ead21
Author: Emilia Kasper 
Date:   Wed Feb 24 12:59:59 2016 +0100

CVE-2016-0798: avoid memory leak in SRP

The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES  | 19 ++
 apps/s_server.c  | 49 +++-
 crypto/srp/srp.h | 10 +
 crypto/srp/srp_vfy.c | 57 +++-
 util/libeay.num  |  2 ++
 5 files changed, 114 insertions(+), 23 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8039184..26a0291 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,25 @@
 
  Changes between 1.0.2f and 1.0.2g [xx XXX ]
 
+  *) Disable SRP fake user seed to address a server memory leak.
+
+ Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+ SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+ In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+ was changed to ignore the "fake user" SRP seed, even if the seed
+ is configured.
+
+ Users should use SRP_VBASE_get1_by_user instead. Note that in
+ SRP_VBASE_get1_by_user, caller must free the returned value. Note
+ also that even though configuring the SRP seed attempts to hide
+ invalid usernames by continuing the handshake with fake
+ credentials, this behaviour is not constant time and no strong
+ guarantees are made that the handshake is indistinguishable from
+ that of a valid user.
+ (CVE-2016-0798)
+ [Emilia Käsper]
+
   *) Change the req app to generate a 2048-bit RSA/DSA key by default,
  if no keysize is specified with default_bits. This fixes an
  omission in an earlier change that changed all RSA/DSA key generation
diff --git a/apps/s_server.c b/apps/s_server.c
index 65cbaaf..09c755b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -429,6 +429,8 @@ typedef struct srpsrvparm_st {
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
 srpsrvparm *p = (srpsrvparm *) arg;
+int ret = SSL3_AL_FATAL;
+
 if (p->login == NULL && p->user == NULL) {
 p->login = SSL_get_srp_username(s);
 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@@ -437,21 +439,25 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, 
int *ad, void *arg)
 
 if (p->user == NULL) {
 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-return SSL3_AL_FATAL;
+goto err;
 }
+
 if (SSL_set_srp_server_param
 (s, p->user->N, p->user->g, p->user->s, p->user->v,
  p->user->info) < 0) {
 *ad = SSL_AD_INTERNAL_ERROR;
-return SSL3_AL_FATAL;
+goto err;
 }
 BIO_printf(bio_err,
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
p->login, p->user->info);
-/* need to check whether there are memory leaks */
+ret = SSL_ERROR_NONE;
+
+err:
+SRP_user_pwd_free(p->user);
 p->user = NULL;
 p->login = NULL;
-return SSL_ERROR_NONE;
+return ret;
 }
 
 #endif
@@ -2452,9 +2458,10 @@ static int sv_body(char *hostname, int s, int stype, 
unsigned char *context)
 #ifndef OPENSSL_NO_SRP
 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+SRP_user_pwd_free(srp_callback_parm.user);
 srp_callback_parm.user =
-

[openssl-commits] Errored: openssl/openssl#2083 (master - 1cb7757)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2083
Status: Errored

Duration: 1 hour, 28 minutes, and 57 seconds
Commit: 1cb7757 (master)
Author: Roumen Petrov
Message: correct name of GNU shared libraries

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/50e34aaba390...1cb7757ee7fd

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/111317145

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_api.73

2016-02-25 Thread AppVeyor 



Build openssl ct_api.73 failed


Commit 496fd3e73d by Rob Percival on 2/25/2016 12:23 PM:

Fix for potential deferencing of null pointer in o2i_SCT_signature


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Richard Levitte 
The branch master has been updated
   via  37529928faa8456e85a9c5ad9255517da8dd0c61 (commit)
  from  28a55a873d5a689912fb1c8cc5fdd2743fdbcdb8 (commit)


- Log -
commit 37529928faa8456e85a9c5ad9255517da8dd0c61
Author: Richard Levitte 
Date:   Wed Feb 24 01:45:25 2016 +0100

Solaris DSOs were still named libFOO.so, fixed

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 Makefile.shared | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.shared b/Makefile.shared
index 5100b5d..2e9f3f5 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -360,7 +360,7 @@ link_dso.solaris:
$(DO_GNU_DSO); \
else \
$(CALC_VERSIONS); \
-   SHLIB=lib$(LIBNAME).so; \
+   SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  5ca17d8c5c18141686e909e70bda7e8ef480ee40 (commit)
  from  72e9be3d083d8cc39ea5322409f14832b674364d (commit)


- Log -
commit 5ca17d8c5c18141686e909e70bda7e8ef480ee40
Author: J Mohan Rao Arisankala 
Date:   Thu Feb 25 08:31:50 2016 +0530

GH742: keep gost specific variable under macro

Signed-off-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/statem/statem_srvr.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7e63376..526b0c5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2651,7 +2651,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET 
*pkt)
 {
 EVP_PKEY *pkey = NULL;
 const unsigned char *sig, *data;
+#ifndef OPENSSL_NO_GOST
 unsigned char *gost_data = NULL;
+#endif
 int al, ret = MSG_PROCESS_ERROR;
 int type = 0, j;
 unsigned int len;
@@ -2796,7 +2798,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET 
*pkt)
 BIO_free(s->s3->handshake_buffer);
 s->s3->handshake_buffer = NULL;
 EVP_MD_CTX_free(mctx);
+#ifndef OPENSSL_NO_GOST
 OPENSSL_free(gost_data);
+#endif
 return ret;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-25 Thread Rich Salz 
The branch master has been updated
   via  72e9be3d083d8cc39ea5322409f14832b674364d (commit)
  from  b5292f7b40fd5da1feff4d5394f84c629c97eda4 (commit)


- Log -
commit 72e9be3d083d8cc39ea5322409f14832b674364d
Author: Rich Salz 
Date:   Thu Feb 25 00:45:08 2016 -0500

GH235: Set error status on malloc failure

Reviewed-by: Emilia Käsper 

---

Summary of changes:
 include/openssl/ssl.h | 2 ++
 ssl/ssl_err.c | 2 ++
 ssl/ssl_lib.c | 8 ++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9709103..daa58e8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2044,6 +2044,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY  168
 # define SSL_F_SSL_CTX_MAKE_PROFILES  309
 # define SSL_F_SSL_CTX_NEW169
+# define SSL_F_SSL_CTX_SET_ALPN_PROTOS343
 # define SSL_F_SSL_CTX_SET_CIPHER_LIST269
 # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
 # define SSL_F_SSL_CTX_SET_PURPOSE226
@@ -2091,6 +2092,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL_SESSION_NEW189
 # define SSL_F_SSL_SESSION_PRINT_FP   190
 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT312
+# define SSL_F_SSL_SET_ALPN_PROTOS344
 # define SSL_F_SSL_SET_CERT   191
 # define SSL_F_SSL_SET_CIPHER_LIST271
 # define SSL_F_SSL_SET_FD 192
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 46f483f..37ebbc8 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -171,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
 {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "ssl_ctx_make_profiles"},
 {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_ALPN_PROTOS), "SSL_CTX_set_alpn_protos"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
  "SSL_CTX_set_client_cert_engine"},
@@ -239,6 +240,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
 {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
  "SSL_SESSION_set1_id_context"},
+{ERR_FUNC(SSL_F_SSL_SET_ALPN_PROTOS), "SSL_set_alpn_protos"},
 {ERR_FUNC(SSL_F_SSL_SET_CERT), "ssl_set_cert"},
 {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
 {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7c62731..c0cb165 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2144,8 +2144,10 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned 
char *protos,
 {
 OPENSSL_free(ctx->alpn_client_proto_list);
 ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-if (ctx->alpn_client_proto_list == NULL)
+if (ctx->alpn_client_proto_list == NULL) {
+SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
 return 1;
+}
 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
 ctx->alpn_client_proto_list_len = protos_len;
 
@@ -2162,8 +2164,10 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char 
*protos,
 {
 OPENSSL_free(ssl->alpn_client_proto_list);
 ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-if (ssl->alpn_client_proto_list == NULL)
+if (ssl->alpn_client_proto_list == NULL) {
+SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
 return 1;
+}
 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
 ssl->alpn_client_proto_list_len = protos_len;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2081 (master - 50e34aa)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2081
Status: Errored

Duration: 1 hour, 32 minutes, and 56 seconds
Commit: 50e34aa (master)
Author: Andy Polyakov
Message: test/ectest.c: add regression test for RT#4284.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/e9fd82f624b1...50e34aaba390

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/111307379

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1429

2016-02-25 Thread AppVeyor 



Build openssl master.1429 failed


Commit f54aa70840 by Dmitry-Me on 2/25/2016 9:04 AM:

Rewrite "min" in natural way


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2080 (master - e9fd82f)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2080
Status: Errored

Duration: 1 hour, 36 minutes, and 17 seconds
Commit: e9fd82f (master)
Author: Andy Polyakov
Message: test/recipes/80-test_ca.t: remove_tree->rmtree to make it work with 
Perl 5.10.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/14577312211e...e9fd82f624b1

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/111305945

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2079 (master - 1457731)

2016-02-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #2079
Status: Errored

Duration: 52 minutes and 3 seconds
Commit: 1457731 (master)
Author: Andy Polyakov
Message: poly1305/asm/poly1305-armv4.pl: replace ambiguous instruction.

Different assembler versions disagree on how to interpret #-1 as
argument to vmov.i64, as 0x or 0x.
So replace it with something they can't disagree on.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/78c830785ca0...14577312211e

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/11130

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-02-25 Thread Mark J . Cox 
The branch master has been updated
   via  c141014db4abc964a8247f0314a368f494df5e23 (commit)
  from  d8ecdd9c2a6f9718d814483dd14bc845d61ad09c (commit)


- Log -
commit c141014db4abc964a8247f0314a368f494df5e23
Author: Mark J. Cox 
Date:   Thu Feb 25 09:33:20 2016 +

Add pointer to OpenSSL versions 1.0.2g, 1.0.1s march 01st release

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 0cf522e..3cdf185 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+25-Feb-2016: OpenSSL 1.0.2g and 1.0.1s https://mta.openssl.org/pipermail/openssl-announce/2016-February/63.html;>security
 releases due 1st Mar 2016
 15-Feb-2016: Alpha 3 of OpenSSL 1.1.0 is now available: please download and 
test it
 28-Jan-2016: Security Advisory: two 
security fixes
 28-Jan-2016: OpenSSL 1.0.2f is now available, including bug and security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits