[openssl-commits] Passed: FdaSilvaYY/openssl#660 (more-zalloc2 - 67bf9cf)

2016-04-29 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #660
Status: Passed

Duration: 28 minutes and 42 seconds
Commit: 67bf9cf (more-zalloc2)
Author: FdaSilvaYY
Message: Add more zalloc

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/3e2f7b45b919...67bf9cf8e336

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/126791136

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#3606 (master - 7cafbb4)

2016-04-29 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #3606
Status: Broken

Duration: 26 minutes and 32 seconds
Commit: 7cafbb4 (master)
Author: Matt Caswell
Message: Fix some X509_STORE macros

Some X509_STORE macros do not work since the type was made opaque.

Reviewed-by: Viktor Dukhovni 

View the changeset: 
https://github.com/openssl/openssl/compare/77076dc944f7...7cafbb4bd373

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/126782170

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2907

2016-04-29 Thread AppVeyor 



Build openssl master.2907 failed


Commit b8c51459aa by Matt Caswell on 4/29/2016 3:47 PM:

Remove some dead code from EC_GROUP_check()


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  7cafbb4bd373f024c4900dcaa71aaf626c2ddbae (commit)
  from  77076dc944f76e821e4eae3a6563b853ce00c0ed (commit)


- Log -
commit 7cafbb4bd373f024c4900dcaa71aaf626c2ddbae
Author: Matt Caswell 
Date:   Fri Apr 29 17:44:46 2016 +0100

Fix some X509_STORE macros

Some X509_STORE macros do not work since the type was made opaque.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 crypto/x509/x509_lu.c |  5 +
 doc/crypto/X509_STORE_CTX_new.pod | 24 
 include/openssl/x509_vfy.h| 13 +
 util/libcrypto.num|  1 +
 4 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b77a796..c4ca619 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -750,6 +750,11 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
 ctx->verify_cb = verify_cb;
 }
 
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify)
+{
+ctx->verify = verify;
+}
+
 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
   *ctx,
diff --git a/doc/crypto/X509_STORE_CTX_new.pod 
b/doc/crypto/X509_STORE_CTX_new.pod
index 17517b3..1ec99f1 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
  X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify 
verify);
 
+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
 
 =head1 DESCRIPTION
 
@@ -115,6 +116,23 @@ find an appropriate set of parameters from B.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 that were used in building the chain following a call to X509_verify_cert().
 
+X509_STORE_CTX_set_verify() provides the capability for overriding the default
+verify function. This function is responsible for verifying chain signatures 
and
+expiration times. X509_STORE_CTX_get_verify() obtains the current verify
+function being used.
+
+X509_STORE_set_verify() works in the same way as for 
X509_STORE_CTX_set_verify()
+but sets the default verify function to be used by all X509_STORE_CTX objects
+created for this X509_STORE.
+
+A verify function is defined as an X509_STORE_CTX_verify type which has the
+following signature:
+
+ int (*verify)(X509_STORE_CTX *); 
+
+This function should receive the current X509_STORE_CTX as a parameter and
+return 1 on success or 0 on failure.
+
 =head1 NOTES
 
 The certificates and CRLs in a store are used internally and should B
@@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if 
an error occurred.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 used.
 
+X509_STORE_CTX_get_verify() returns the current verify function in use for this
+X509_STORE_CTX.
+
 =head1 SEE ALSO
 
 L
@@ -156,5 +177,8 @@ L
 
 X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+available as a macro X509_STORE_set_verify_func(). This macro still exists but
+simply calls this function.
 
 =cut
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index fc6e389..1c86d31 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -104,8 +104,15 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 int X509_STORE_set_depth(X509_STORE *store, int depth);
 
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func)((ctx)->verify=(func))
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+X509_STORE_set_verify_cb((ctx),(func))
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+X509_STORE_set_verify((ctx),(func))
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 
@@ -314,8 +321,6 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-typedef int

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-04-29 Thread Dr . Stephen Henson 
The branch OpenSSL_1_0_2-stable has been updated
   via  64eaf6c928f4066d62aa86f805796ef05bd0b1cc (commit)
  from  9b08619cb45e75541809b1154c90e1a00450e537 (commit)


- Log -
commit 64eaf6c928f4066d62aa86f805796ef05bd0b1cc
Author: Dr. Stephen Henson 
Date:   Wed Apr 27 20:27:41 2016 +0100

Don't free ret->data if malloc fails.

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/asn1/a_bytes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 12715a7..385b539 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const 
unsigned char **pp,
 } else {
 if (len != 0) {
 if ((ret->length < len) || (ret->data == NULL)) {
-if (ret->data != NULL)
-OPENSSL_free(ret->data);
 s = (unsigned char *)OPENSSL_malloc((int)len + 1);
 if (s == NULL) {
 i = ERR_R_MALLOC_FAILURE;
 goto err;
 }
+if (ret->data != NULL)
+OPENSSL_free(ret->data);
 } else
 s = ret->data;
 memcpy(s, p, (int)len);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-04-29 Thread Dr . Stephen Henson 
The branch OpenSSL_1_0_1-stable has been updated
   via  66ce2861c172b2eb344906f424e593337fbd1af8 (commit)
  from  1c81a59503af23fa109e346c973e99c66222bf11 (commit)


- Log -
commit 66ce2861c172b2eb344906f424e593337fbd1af8
Author: Dr. Stephen Henson 
Date:   Wed Apr 27 20:27:41 2016 +0100

Don't free ret->data if malloc fails.

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell 
(cherry picked from commit 64eaf6c928f4066d62aa86f805796ef05bd0b1cc)

---

Summary of changes:
 crypto/asn1/a_bytes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 12715a7..385b539 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const 
unsigned char **pp,
 } else {
 if (len != 0) {
 if ((ret->length < len) || (ret->data == NULL)) {
-if (ret->data != NULL)
-OPENSSL_free(ret->data);
 s = (unsigned char *)OPENSSL_malloc((int)len + 1);
 if (s == NULL) {
 i = ERR_R_MALLOC_FAILURE;
 goto err;
 }
+if (ret->data != NULL)
+OPENSSL_free(ret->data);
 } else
 s = ret->data;
 memcpy(s, p, (int)len);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#656 (more-zalloc2 - 3e2f7b4)

2016-04-29 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #656
Status: Errored

Duration: 36 minutes and 52 seconds
Commit: 3e2f7b4 (more-zalloc2)
Author: FdaSilvaYY
Message: Add more zalloc

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/6b9617c7639e...3e2f7b45b919

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/126707142

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#653 (X509_REQ_to_X509 - c271842)

2016-04-29 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #653
Status: Passed

Duration: 28 minutes and 56 seconds
Commit: c271842 (X509_REQ_to_X509)
Author: FdaSilvaYY
Message: Use more X509_REQ_get0_pubkey & X509_get0_pubkey

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/89259e9b8b2d...c2718421095f

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/126706449

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Dr . Stephen Henson 
The branch master has been updated
   via  77076dc944f76e821e4eae3a6563b853ce00c0ed (commit)
   via  b33d1141b6dcce947708b984c5e9e91dad3d675d (commit)
   via  295f3a24919157e2f9021d0b1709353710ad63db (commit)
  from  3cd3f0024bd432f5396979757a5cf075cc0955d2 (commit)


- Log -
commit 77076dc944f76e821e4eae3a6563b853ce00c0ed
Author: Dr. Stephen Henson 
Date:   Thu Apr 28 19:45:44 2016 +0100

Add checks to X509_NAME_oneline()

Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell 

commit b33d1141b6dcce947708b984c5e9e91dad3d675d
Author: Dr. Stephen Henson 
Date:   Thu Apr 28 13:09:27 2016 +0100

Sanity check buffer length.

Reject zero length buffers passed to X509_NAME_onelne().

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell 

commit 295f3a24919157e2f9021d0b1709353710ad63db
Author: Dr. Stephen Henson 
Date:   Thu Apr 28 12:55:29 2016 +0100

Add size limit to X509_NAME structure.

This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/x509/x509_err.c | 60 +++---
 crypto/x509/x509_obj.c | 18 +++
 crypto/x509/x_name.c   | 11 +
 include/openssl/x509.h |  1 +
 4 files changed, 38 insertions(+), 52 deletions(-)

diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index d140d52..3f5f63d 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,56 +1,11 @@
-/* 
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *notice, this list of conditions and the following disclaimer in
- *the documentation and/or other materials provided with the
- *distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *software must display the following acknowledgment:
- *"This product includes software developed by the OpenSSL Project
- *for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *endorse or promote products derived from this software without
- *prior written permission. For written permission, please contact
- *openssl-c...@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *nor may "OpenSSL" appear in their names without prior written
- *permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *acknowledgment:
- *"This product includes software developed by the OpenSSL Project
- *for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * 
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com).  This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- */
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ *

[openssl-commits] Fixed: FdaSilvaYY/openssl#648 (MFL-rebase-test - b838fdb)

2016-04-29 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #648
Status: Fixed

Duration: 23 minutes and 46 seconds
Commit: b838fdb (MFL-rebase-test)
Author: FdaSilvaYY
Message: Implement Maximum Fragment Length TLS extension.

based on https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY
adapted to the new Packet API.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/5635606bb277...b838fdbe24f3

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/126705643

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Richard Levitte 
The branch master has been updated
   via  3cd3f0024bd432f5396979757a5cf075cc0955d2 (commit)
   via  83f2695c318613cb22e11e8c5e5a7c9d89ceff56 (commit)
  from  be4ba1b06c9532996f57246d5f46bc7c8711732d (commit)


- Log -
commit 3cd3f0024bd432f5396979757a5cf075cc0955d2
Author: Richard Levitte 
Date:   Fri Apr 29 18:59:20 2016 +0200

Remove BIO_dummy, it's old cruft

Reviewed-by: Rich Salz 

commit 83f2695c318613cb22e11e8c5e5a7c9d89ceff56
Author: Richard Levitte 
Date:   Fri Apr 29 18:57:58 2016 +0200

Change 'struct bio_st' in all public header where applicable

Reviewed-by: Rich Salz 

---

Summary of changes:
 include/openssl/bio.h| 9 -
 include/openssl/crypto.h | 3 ---
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 42468b0..03a6f04 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -284,10 +284,10 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_cb_pre(a)   (!((a)_CB_RETURN))
 # define BIO_cb_post(a)  ((a)_CB_RETURN)
 
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+long (*BIO_get_callback(const BIO *b)) (BIO *, int, const char *,
 int, long, long);
 void BIO_set_callback(BIO *b,
-  long (*callback) (struct bio_st *, int, const char *,
+  long (*callback) (BIO *, int, const char *,
 int, long, long));
 char *BIO_get_callback_arg(const BIO *b);
 void BIO_set_callback_arg(BIO *b, char *arg);
@@ -297,7 +297,7 @@ typedef struct bio_method_st BIO_METHOD;
 const char *BIO_method_name(const BIO *b);
 int BIO_method_type(const BIO *b);
 
-typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
+typedef void bio_info_cb (BIO *, int, const char *, int, long,
   long);
 
 DEFINE_STACK_OF(BIO)
@@ -601,8 +601,7 @@ int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
 long BIO_callback_ctrl(BIO *b, int cmd,
-   void (*fp) (struct bio_st *, int, const char *, int,
-   long, long));
+   void (*fp) (BIO *, int, const char *, int, long, long));
 void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
 long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
 BIO *BIO_push(BIO *b, BIO *append);
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 2cee894..0eaf6b1 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -188,9 +188,6 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, 
CRYPTO_RWLOCK *lock);
 # define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
 # define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
 
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
 struct crypto_ex_data_st {
 STACK_OF(void) *sk;
 };
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Rich Salz 
The branch master has been updated
   via  be4ba1b06c9532996f57246d5f46bc7c8711732d (commit)
  from  b8c51459aa5b5b6b78cce56a7b898944f5314550 (commit)


- Log -
commit be4ba1b06c9532996f57246d5f46bc7c8711732d
Author: Rich Salz 
Date:   Fri Apr 29 12:42:22 2016 -0400

Add asn1_mac

Reviewed-by: Richard Levitte 

---

Summary of changes:
 .../include/internal/dso_conf.h.in => include/openssl/asn1_mac.h   | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)
 copy crypto/include/internal/dso_conf.h.in => include/openssl/asn1_mac.h (66%)

diff --git a/crypto/include/internal/dso_conf.h.in b/include/openssl/asn1_mac.h
similarity index 66%
copy from crypto/include/internal/dso_conf.h.in
copy to include/openssl/asn1_mac.h
index daa5e24..9221917 100644
--- a/crypto/include/internal/dso_conf.h.in
+++ b/include/openssl/asn1_mac.h
@@ -1,4 +1,3 @@
-{- join("\n",map { "/* $_ */" } @autowarntext) -}
 /*
  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
@@ -8,8 +7,4 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DSO_CONF_H
-# define HEADER_DSO_CONF_H
-
-# define DSO_EXTENSION "{- $target{dso_extension} -}"
-#endif
+#error "This file is obsolete; please update your software."
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  b8c51459aa5b5b6b78cce56a7b898944f5314550 (commit)
   via  9d7ec8090ec1f131825c1bd087969c2e88750385 (commit)
   via  40a8643a37ea50781872acd740020ac5b6c8f699 (commit)
   via  7001571330ce2e31234660c10ef26089a07b17c1 (commit)
   via  138388fe33707529683e1a41b0fe47d60313e7c1 (commit)
   via  ed3eb5e0cca0ac88908e5d718ac0137d0150ddb3 (commit)
  from  3b7a71b2f026702877d8cf4240996f71ae2ff55a (commit)


- Log -
commit b8c51459aa5b5b6b78cce56a7b898944f5314550
Author: Matt Caswell 
Date:   Fri Apr 29 15:22:18 2016 +0100

Remove some dead code from EC_GROUP_check()

EC_GROUP_check() was obtaining a temporary BIGNUM from the BN_CTX, but
then not using it.

Reviewed-by: Rich Salz 

commit 9d7ec8090ec1f131825c1bd087969c2e88750385
Author: Matt Caswell 
Date:   Fri Apr 29 12:17:15 2016 +0100

Don't use an uninitialised variable in srp application

The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).

Reviewed-by: Rich Salz 

commit 40a8643a37ea50781872acd740020ac5b6c8f699
Author: Matt Caswell 
Date:   Fri Apr 29 11:44:39 2016 +0100

Avoid a NULL ptr deref if group is not set

We should only copy parameters and keys if the group is set. Otherwise
they don't really make any sense. Previously we copied the private key
regardless of whether the group was set...but if it wasn't a NULL ptr
deref could occur. It's unclear whether we could ever get into that
situation, but since we were already checking it for the public key we
should be consistent.

Reviewed-by: Rich Salz 

commit 7001571330ce2e31234660c10ef26089a07b17c1
Author: Matt Caswell 
Date:   Fri Apr 29 11:29:50 2016 +0100

Check for a NULL return value from a call to X509_STORE_CTX_new()

Reviewed-by: Rich Salz 

commit 138388fe33707529683e1a41b0fe47d60313e7c1
Author: Matt Caswell 
Date:   Fri Apr 29 11:27:09 2016 +0100

Check for failed malloc in BIO_ADDR_new

BIO_ADDR_new() calls OPENSSL_zalloc() which can fail - but the return
value is not checked.

Reviewed-by: Rich Salz 

commit ed3eb5e0cca0ac88908e5d718ac0137d0150ddb3
Author: Matt Caswell 
Date:   Thu Apr 28 17:05:21 2016 +0100

The x509_name_canon function doesn't check for an error return

i2d_name_canon can return a negative number on error. We should check it
before continuing.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/crl.c   |  2 +-
 apps/srp.c   |  3 +--
 crypto/bio/b_addr.c  |  3 +++
 crypto/ec/ec_check.c |  5 -
 crypto/ec/ec_key.c   | 41 +
 crypto/x509/x_name.c |  7 +--
 6 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/apps/crl.c b/apps/crl.c
index 915c9ac..d3fd416 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -244,7 +244,7 @@ int crl_main(int argc, char **argv)
 if (lookup == NULL)
 goto end;
 ctx = X509_STORE_CTX_new();
-if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
+if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
 BIO_printf(bio_err, "Error initialising X509 store\n");
 goto end;
 }
diff --git a/apps/srp.c b/apps/srp.c
index 1bf2ee2..48ef85d 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -256,7 +256,6 @@ OPTIONS srp_options[] = {
 int srp_main(int argc, char **argv)
 {
 CA_DB *db = NULL;
-DB_ATTR db_attr;
 CONF *conf = NULL;
 int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
 int doupdatedb = 0, mode = OPT_ERR;
@@ -401,7 +400,7 @@ int srp_main(int argc, char **argv)
 BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
srpvfile);
 
-db = load_index(srpvfile, _attr);
+db = load_index(srpvfile, NULL);
 if (db == NULL)
 goto end;
 
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index bfc745b..86c6c7e 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -83,6 +83,9 @@ BIO_ADDR *BIO_ADDR_new(void)
 {
 BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
 
+if (ret == NULL)
+return NULL;
+
 ret->sa.sa_family = AF_UNSPEC;
 return ret;
 }
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  3b7a71b2f026702877d8cf4240996f71ae2ff55a (commit)
  from  87a8405b66e94cbfc40c44104c3b52f342a623d5 (commit)


- Log -
commit 3b7a71b2f026702877d8cf4240996f71ae2ff55a
Author: Paul Kehrer 
Date:   Fri Apr 29 08:52:55 2016 -0500

Make header signature of CRYPTO_mem_leaks BIO instead of struct bio_st

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/1012)

---

Summary of changes:
 include/openssl/crypto.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 968b1b3..2cee894 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -409,7 +409,7 @@ void CRYPTO_mem_debug_free(void *addr, int flag,
 #  ifndef OPENSSL_NO_STDIO
 int CRYPTO_mem_leaks_fp(FILE *);
 #  endif
-int CRYPTO_mem_leaks(struct bio_st *bio);
+int CRYPTO_mem_leaks(BIO *bio);
 # endif
 
 /* die if we have to */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1593

2016-04-29 Thread openssl . sanity 
See 

Changes:

[rsalz] Fixed scripts order for generate_crypto_objects target

[rsalz] Add aliases for des-ede-ecb and des-ede3-ecb ciphers.

[Richard Levitte] VMS: It seems DEC C doesn't handle certain header files quite 
right

[Richard Levitte] VMS: only explicitely translate names in library C files.

[Matt Caswell] Fix building with -DCHARSET_EBCDIC

[Matt Caswell] Add the ability to test EBCDIC builds

[Matt Caswell] Fix a build error with strict-warnings and CHARSET_EBCDIC

[Matt Caswell] Fix the tests to work with EBCDIC

[Matt Caswell] Fix EBCDIC problem in conf_def.h

[Matt Caswell] Misc tweaks for EBCDIC based on feedback received

[Richard Levitte] Avoid overflow issues in X509_cmp.

--
Started by upstream project "master_basic" build number 1857
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 87a8405b66e94cbfc40c44104c3b52f342a623d5 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 87a8405b66e94cbfc40c44104c3b52f342a623d5
 > git rev-list 53385e1fee6e53043ba36d9c414b0387a4f87cd7 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson5366010481171587841.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson3168458760728633162.bat

call> "c:\program 
files

[openssl-commits] [openssl] master update

2016-04-29 Thread Richard Levitte 
The branch master has been updated
   via  87a8405b66e94cbfc40c44104c3b52f342a623d5 (commit)
  from  a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267 (commit)


- Log -
commit 87a8405b66e94cbfc40c44104c3b52f342a623d5
Author: David Benjamin 
Date:   Wed Apr 27 20:02:35 2016 -0400

Avoid overflow issues in X509_cmp.

The length is a long, so returning the difference does not quite work.

Thanks to Torbjörn Granlund for noticing.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/x509/x509_cmp.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index d3b2c19..831cfb7 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b)
 return rv;
 /* Check for match against stored encoding too */
 if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
-rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len);
-if (rv)
-return rv;
+if (a->cert_info.enc.len < b->cert_info.enc.len)
+return -1;
+if (a->cert_info.enc.len > b->cert_info.enc.len)
+return 1;
 return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
   a->cert_info.enc.len);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267 (commit)
   via  a1f82f06399f6c3cbee2009a498f4e7e620b2330 (commit)
   via  97a982e2eee2e04e8e41ae12665af417315a0f23 (commit)
   via  4cd5c3f4eef81c791a5041dc17ec27aa08540e42 (commit)
   via  e31066f7e9894c9cdaef80404da854f89e9e365f (commit)
   via  5fd1478df34be8d17c8507f17ec4298635c72814 (commit)
  from  e590afdcf41c63255d6393a3299c71fdb4813d66 (commit)


- Log -
commit a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267
Author: Matt Caswell 
Date:   Fri Apr 29 14:46:07 2016 +0100

Misc tweaks for EBCDIC based on feedback received

Reviewed-by: Andy Polyakov 

commit a1f82f06399f6c3cbee2009a498f4e7e620b2330
Author: Matt Caswell 
Date:   Fri Apr 29 11:03:00 2016 +0100

Fix EBCDIC problem in conf_def.h

The non-ascii version of this set of macros ensures that the "a" variable
is inside the expected range. This logic wasn't quite right for the
EBCDIC version.

Reviewed-by: Andy Polyakov 

commit 97a982e2eee2e04e8e41ae12665af417315a0f23
Author: Matt Caswell 
Date:   Fri Apr 29 10:56:20 2016 +0100

Fix the tests to work with EBCDIC

Most of the tests already pass with EBCIDC but a few were trying to
write into read only memory.

Reviewed-by: Andy Polyakov 

commit 4cd5c3f4eef81c791a5041dc17ec27aa08540e42
Author: Matt Caswell 
Date:   Fri Apr 29 10:30:05 2016 +0100

Fix a build error with strict-warnings and CHARSET_EBCDIC

Reviewed-by: Andy Polyakov 

commit e31066f7e9894c9cdaef80404da854f89e9e365f
Author: Matt Caswell 
Date:   Fri Apr 29 10:19:27 2016 +0100

Add the ability to test EBCDIC builds

This adds the define CHARSET_EBCDIC_TEST which enables testing of EBCDIC
code on an ASCII system.

Reviewed-by: Andy Polyakov 

commit 5fd1478df34be8d17c8507f17ec4298635c72814
Author: Matt Caswell 
Date:   Thu Apr 28 11:34:54 2016 +0100

Fix building with -DCHARSET_EBCDIC

Building with -DCHARSET_EBCDIC and using --strict-warnings resulted in
lots of miscellaneous errors. This fixes it.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 apps/s_server.c| 93 +-
 crypto/asn1/a_print.c  |  1 +
 crypto/asn1/f_int.c|  1 +
 crypto/asn1/f_string.c |  1 +
 crypto/conf/conf_def.h | 22 ++--
 crypto/ebcdic.c| 82 ++--
 crypto/x509/x509_obj.c |  6 ++--
 ssl/ssl_ciph.c |  1 +
 test/bftest.c  |  2 +-
 test/mdc2test.c|  2 +-
 test/rmdtest.c | 38 +
 test/sha1test.c| 32 +++--
 12 files changed, 184 insertions(+), 97 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 6c8541e..f0b28fd 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -181,6 +181,9 @@ typedef unsigned int u_int;
 #endif
 #include "s_apps.h"
 #include "timeouts.h"
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
 
 static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
 static int sv_body(int s, int stype, unsigned char *context);
@@ -420,17 +423,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size);
 static int ebcdic_puts(BIO *bp, const char *str);
 
 # define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
-static const BIO_METHOD methods_ebcdic = {
-BIO_TYPE_EBCDIC_FILTER,
-"EBCDIC/ASCII filter",
-ebcdic_write,
-ebcdic_read,
-ebcdic_puts,
-ebcdic_gets,
-ebcdic_ctrl,
-ebcdic_new,
-ebcdic_free,
-};
+static BIO_METHOD *methods_ebcdic = NULL;
 
 /* This struct is "unwarranted chumminess with the compiler." */
 typedef struct {
@@ -438,9 +431,22 @@ typedef struct {
 char buff[1];
 } EBCDIC_OUTBUFF;
 
-const BIO_METHOD *BIO_f_ebcdic_filter()
+static const BIO_METHOD *BIO_f_ebcdic_filter()
 {
-return (_ebcdic);
+if (methods_ebcdic == NULL) {
+methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
+"EBCDIC/ASCII filter");
+if (   methods_ebcdic == NULL
+|| !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
+|| !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
+|| !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
+|| !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
+|| !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
+|| !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
+|| !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
+return NULL;
+}
+return methods_ebcdic;
 }
 
 static int ebcdic_new(BIO *bi)
@@ -451,68 +457,71 @@ static int

[openssl-commits] [openssl] master update

2016-04-29 Thread Richard Levitte 
The branch master has been updated
   via  e590afdcf41c63255d6393a3299c71fdb4813d66 (commit)
  from  1bfe73d500f6127e61fcf2ffcf9b60c41cd6484e (commit)


- Log -
commit e590afdcf41c63255d6393a3299c71fdb4813d66
Author: Richard Levitte 
Date:   Thu Apr 28 18:18:04 2016 +0200

VMS: only explicitely translate names in library C files.

When compiling all other C files, rely on the compiler to
automatically pick up the name translation information from the header
files __DECC_INCLUDE_{PRO,EPI}LOGUE.H.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 Configurations/10-main.conf | 4 +++-
 Configurations/descrip.mms.tmpl | 8 +++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index ad80c70..9d3f3ff 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1799,12 +1799,14 @@ sub vms_info {
 inherit_from => [ "BASE_VMS" ],
 template => 1,
 cc   => "CC/DECC",
-cflags   => picker(default => 
"/STANDARD=RELAXED/NOLIST/PREFIX=ALL/NAMES=(AS_IS,SHORTENED)",
+cflags   => picker(default => 
"/STANDARD=RELAXED/NOLIST/PREFIX=ALL",
debug   => "/NOOPTIMIZE/DEBUG",
release => "/OPTIMIZE/NODEBUG"),
 lflags   => picker(default => "/MAP",
debug   => "/DEBUG/TRACEBACK",
release => "/NODEBUG/NOTRACEBACK"),
+lib_cflags   => add("/NAMES=(AS_IS,SHORTENED)"),
+dso_cflags   => add("/NAMES=(AS_IS,SHORTENED)"),
 shared_target=> "vms-shared",
 dso_scheme   => "vms",
 thread_scheme=> "pthreads",
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 416f0ed..df2c9e1 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -137,6 +137,9 @@ CFLAGS_Q=$(CFLAGS)
 DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
 LDFLAGS= {- $target{lflags} -}
 EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} 
? ",".$config{ex_libs} : "" -}
+LIB_CFLAGS={- $target{lib_cflags} || "" -}
+DSO_CFLAGS={- $target{dso_cflags} || "" -}
+BIN_CFLAGS={- $target{bin_cflags} || "" -}
 
 PERL={- $config{perl} -}
 
@@ -472,6 +475,9 @@ EOF
   my $srcs =
   join(", ",
map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
+  my $ecflags = { lib => '$(LIB_CFLAGS)',
+  dso => '$(DSO_CFLAGS)',
+  bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
   my $incs_on = "\@ !";
   my $incs_off = "\@ !";
   my $incs = "";
@@ -502,7 +508,7 @@ $obj.OBJ : $deps
 ${before}
 SET DEFAULT $forward
 $incs_on
-\$(CC) \$(CFLAGS)${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ 
/REPOSITORY=$backward $srcs
+\$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} 
/OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
 $incs_off
 SET DEFAULT $backward
 ${after}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Rich Salz 
The branch master has been updated
   via  842dc98705e32789bbfef230dc02ab43885d429f (commit)
   via  e6f2bb66042f329fbb6a4ab810abce7c295b08dc (commit)
  from  53385e1fee6e53043ba36d9c414b0387a4f87cd7 (commit)


- Log -
commit 842dc98705e32789bbfef230dc02ab43885d429f
Author: Kirill Marinushkin 
Date:   Sun Apr 24 11:30:08 2016 +0200

Add aliases for des-ede-ecb and des-ede3-ecb ciphers.

Currently we can get all block ciphers with
EVP_get_cipherbyname("-")
for example, by names "aes-128-ecb" or "des-ede-cbc".
I found a problem with des-ede-ecb and des-ede3-ecb ciphers as
they can be accessed only with names:
EVP_get_cipherbyname("des-ede")
EVP_get_cipherbyname("des-ede3")
It breaks the general concept.

In this patch I add aliases which allow to use names:
EVP_get_cipherbyname("des-ede-ecb")
EVP_get_cipherbyname("des-ede3-ecb")
in addition to the currently used names.

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit e6f2bb66042f329fbb6a4ab810abce7c295b08dc
Author: Kirill Marinushkin 
Date:   Sun Apr 24 02:01:25 2016 +0200

Fixed scripts order for generate_crypto_objects target

Script obj_dat.pl depends on file obj_mac.h generated by script objects.pl

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 6 +++---
 crypto/evp/c_allc.c   | 4 
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 900c09f..23014f7 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -653,13 +653,13 @@ generate_crypto_bn:
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
 
 generate_crypto_objects:
-   ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
-   include/openssl/obj_mac.h \
-   crypto/objects/obj_dat.h )
( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \
crypto/objects/objects.txt \
crypto/objects/obj_mac.num \
include/openssl/obj_mac.h )
+   ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
+   include/openssl/obj_mac.h \
+   crypto/objects/obj_dat.h )
( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \
crypto/objects/obj_mac.num \
crypto/objects/obj_xref.txt \
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index ac172e8..0482f78 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -92,7 +92,11 @@ void openssl_add_all_ciphers_int(void)
 
 EVP_add_cipher(EVP_des_ecb());
 EVP_add_cipher(EVP_des_ede());
+EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
 EVP_add_cipher(EVP_des_ede3());
+EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
 EVP_add_cipher(EVP_des_ede3_wrap());
 EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1592

2016-04-29 Thread openssl . sanity 
See 

Changes:

[appro] crypto/ppccap.c: permit build with no-chacha and no-poly1305.

[appro] crypto/ppccap.c: fix missing declaration warning.

--
Started by upstream project "master_basic" build number 1856
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 53385e1fee6e53043ba36d9c414b0387a4f87cd7 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 53385e1fee6e53043ba36d9c414b0387a4f87cd7
 > git rev-list 10a57adc606b86949007c076336e74970c2f336f # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson5264949115671520730.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson3025698614638476198.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1
Copyright (C) Microsoft Corporation.  All rights reserved.

C:\Perl64\bin\perl.exe util\mkbuildinf.pl "cl " "VC-WIN32" > 
crypto\buildinf.h
cl -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC

[openssl-commits] Fixed: openssl/openssl#3576 (master - 10a57ad)

2016-04-29 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #3576
Status: Fixed

Duration: 22 minutes and 38 seconds
Commit: 10a57ad (master)
Author: Matt Caswell
Message: Remove some dead code

Commit e1d9f1ab39eea left some dead code behind. This removes it.

Reviewed-by: Stephen Henson 

View the changeset: 
https://github.com/openssl/openssl/compare/b375f08145d7...10a57adc606b

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/126592583

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Andy Polyakov 
The branch master has been updated
   via  53385e1fee6e53043ba36d9c414b0387a4f87cd7 (commit)
   via  fa79c543d28c3543b3fcaa8adf5fe3d43cdba1c8 (commit)
  from  10a57adc606b86949007c076336e74970c2f336f (commit)


- Log -
commit 53385e1fee6e53043ba36d9c414b0387a4f87cd7
Author: Andy Polyakov 
Date:   Wed Apr 27 15:46:05 2016 +0200

crypto/ppccap.c: fix missing declaration warning.

Reviewed-by: Richard Levitte 

commit fa79c543d28c3543b3fcaa8adf5fe3d43cdba1c8
Author: Andy Polyakov 
Date:   Wed Apr 27 15:42:36 2016 +0200

crypto/ppccap.c: permit build with no-chacha and no-poly1305.

RT#4508

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/ppccap.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 2c98daf..50c111a 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -79,6 +79,7 @@ void sha512_block_data_order(void *ctx, const void *inp, 
size_t len)
 sha512_block_ppc(ctx, inp, len);
 }
 
+#ifndef OPENSSL_NO_CHACHA
 void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
 size_t len, const unsigned int key[8],
 const unsigned int counter[4]);
@@ -93,7 +94,9 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char 
*inp,
 ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
 : ChaCha20_ctr32_int(out, inp, len, key, counter);
 }
+#endif
 
+#ifndef OPENSSL_NO_POLY1305
 void poly1305_init_int(void *ctx, const unsigned char key[16]);
 void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
  unsigned int padbit);
@@ -117,6 +120,7 @@ int poly1305_init(void *ctx, const unsigned char key[16], 
void *func[2])
 }
 return 1;
 }
+#endif
 
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
@@ -128,6 +132,7 @@ void OPENSSL_fpu_probe(void);
 void OPENSSL_ppc64_probe(void);
 void OPENSSL_altivec_probe(void);
 void OPENSSL_crypto207_probe(void);
+void OPENSSL_madd300_probe(void);
 
 /*
  * Use a weak reference to getauxval() so we can use it if it is available
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#3574 (master - 6f13737)

2016-04-29 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #3574
Status: Fixed

Duration: 23 minutes and 48 seconds
Commit: 6f13737 (master)
Author: Matt Caswell
Message: Client side CKE processing can double free on error

The tls_client_key_exchange_post_work() frees the pms on error. It also
calls ssl_generate_master_secret() which also free the pms. If an error
occurs after ssl_generate_master_secret() has been called then a double
free can occur.

Reviewed-by: Andy Polyakov 

View the changeset: 
https://github.com/openssl/openssl/compare/b8f1c116a357...6f137370dd52

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/126591522

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1591

2016-04-29 Thread openssl . sanity 
See 

Changes:

[Richard Levitte] Fix BIO_set_nbio_accept()

[rsalz] Implement X509_STORE_CTX_set_current_cert() accessor

[rsalz] make update

[Richard Levitte] Add getters for X509_STORE and X509_OBJECT members

[rsalz] various spelling fixes

[rsalz] Fix an error code spelling.

[rsalz] Add checks on CRYPTO_new_ex_data return value

[rsalz] Add checks on CRYPTO_new_ex_data return value...

[fdasilvayy] BIO_free should call method->destroy before free'ing member fields

[Richard Levitte] apps/progs.pl: don't make digests disablable by default

[Richard Levitte] make update

[Matt Caswell] Fix a leak in i2b_PVK

[Matt Caswell] Don't free the BIGNUM passed to BN_mpi2bn

[Matt Caswell] Client side CKE processing can double free on error

[Matt Caswell] A call to RSA_set0_key had the arguments in the wrong order

[Matt Caswell] Remove some dead code

--
Started by upstream project "master_basic" build number 1855
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 10a57adc606b86949007c076336e74970c2f336f 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 10a57adc606b86949007c076336e74970c2f336f
 > git rev-list b3bd3d5af8ed31f438db4367ce3a4bd43067e764 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson1093637016108898500.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call

[openssl-commits] Fixed: openssl/openssl#3573 (master - b8f1c11)

2016-04-29 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #3573
Status: Fixed

Duration: 26 minutes and 2 seconds
Commit: b8f1c11 (master)
Author: Matt Caswell
Message: Don't free the BIGNUM passed to BN_mpi2bn

Commit 91fb42dd fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/1f644005ac5f...b8f1c116a357

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/126589294

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#3572 (master - 1f64400)

2016-04-29 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #3572
Status: Fixed

Duration: 27 minutes and 12 seconds
Commit: 1f64400 (master)
Author: Richard Levitte
Message: make update

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/a14a740dbecf...1f644005ac5f

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/126588943

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.2890

2016-04-29 Thread AppVeyor 


Build openssl master.2890 completed



Commit 1f644005ac by Richard Levitte on 4/29/2016 7:09 AM:

make update


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  10a57adc606b86949007c076336e74970c2f336f (commit)
  from  b375f08145d78479674580042614c9e770b011dd (commit)


- Log -
commit 10a57adc606b86949007c076336e74970c2f336f
Author: Matt Caswell 
Date:   Thu Apr 28 16:47:36 2016 +0100

Remove some dead code

Commit e1d9f1ab39eea left some dead code behind. This removes it.

Reviewed-by: Stephen Henson 

---

Summary of changes:
 crypto/dsa/dsa_ossl.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 9285553..2e4b3a7 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -140,7 +140,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int 
dlen, DSA *dsa)
 BN_CTX *ctx = NULL;
 int reason = ERR_R_BN_LIB;
 DSA_SIG *ret = NULL;
-int noredo = 0;
 int rv = 0;
 
 m = BN_new();
@@ -191,13 +190,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int 
dlen, DSA *dsa)
  * Redo if r or s is zero as required by FIPS 186-3: this is very
  * unlikely.
  */
-if (BN_is_zero(r) || BN_is_zero(s)) {
-if (noredo) {
-reason = DSA_R_NEED_NEW_SETUP_VALUES;
-goto err;
-}
+if (BN_is_zero(r) || BN_is_zero(s))
 goto redo;
-}
 
 rv = 1;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  b375f08145d78479674580042614c9e770b011dd (commit)
  from  6f137370dd52c11ecfd73a2dd7a07a52b8435891 (commit)


- Log -
commit b375f08145d78479674580042614c9e770b011dd
Author: Matt Caswell 
Date:   Thu Apr 28 15:20:52 2016 +0100

A call to RSA_set0_key had the arguments in the wrong order

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/pem/pvkfmt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index dc90088..86d5921 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -388,7 +388,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
 RSA_set0_factors(rsa, p, q);
 RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
 }
-RSA_set0_key(rsa, e, n, d);
+RSA_set0_key(rsa, n, e, d);
 
 EVP_PKEY_set1_RSA(ret, rsa);
 RSA_free(rsa);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  6f137370dd52c11ecfd73a2dd7a07a52b8435891 (commit)
  from  b8f1c116a357285ccb4905cd88c83f5076bafb52 (commit)


- Log -
commit 6f137370dd52c11ecfd73a2dd7a07a52b8435891
Author: Matt Caswell 
Date:   Thu Apr 28 15:12:37 2016 +0100

Client side CKE processing can double free on error

The tls_client_key_exchange_post_work() frees the pms on error. It also
calls ssl_generate_master_secret() which also free the pms. If an error
occurs after ssl_generate_master_secret() has been called then a double
free can occur.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 ssl/statem/statem_clnt.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a63d4d0..4ede88e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2547,6 +2547,9 @@ int tls_client_key_exchange_post_work(SSL *s)
 unsigned char *pms = NULL;
 size_t pmslen = 0;
 
+pms = s->s3->tmp.pms;
+pmslen = s->s3->tmp.pmslen;
+
 #ifndef OPENSSL_NO_SRP
 /* Check for SRP */
 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
@@ -2558,8 +2561,6 @@ int tls_client_key_exchange_post_work(SSL *s)
 return 1;
 }
 #endif
-pms = s->s3->tmp.pms;
-pmslen = s->s3->tmp.pmslen;
 
 if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -2569,8 +2570,13 @@ int tls_client_key_exchange_post_work(SSL *s)
 if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
 SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
+/* ssl_generate_master_secret frees the pms even on error */
+pms = NULL;
+pmslen = 0;
 goto err;
 }
+pms = NULL;
+pmslen = 0;
 
 #ifndef OPENSSL_NO_SCTP
 if (SSL_IS_DTLS(s)) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Matt Caswell 
The branch master has been updated
   via  b8f1c116a357285ccb4905cd88c83f5076bafb52 (commit)
   via  098c1e3d1425ffdad15e6001b4fc9f2a606f3d83 (commit)
  from  1f644005ac5f84536c2a80480bf6fdbdf1239f39 (commit)


- Log -
commit b8f1c116a357285ccb4905cd88c83f5076bafb52
Author: Matt Caswell 
Date:   Thu Apr 28 19:53:08 2016 +0100

Don't free the BIGNUM passed to BN_mpi2bn

Commit 91fb42dd fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 

commit 098c1e3d1425ffdad15e6001b4fc9f2a606f3d83
Author: Matt Caswell 
Date:   Thu Apr 28 19:49:17 2016 +0100

Fix a leak in i2b_PVK

Commit 8e588e28 fixed a leak but introduced a new one.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/bn/bn_mpi.c  | 11 ---
 crypto/pem/pvkfmt.c |  6 --
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
index 86d9675..cb8f0b8 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -87,10 +87,11 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 return (num + 4 + ext);
 }
 
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
 {
 long len;
 int neg = 0;
+BIGNUM *a = NULL;
 
 if (n < 4) {
 BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
@@ -103,8 +104,11 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
 return NULL;
 }
 
-if (a == NULL)
+if (ain == NULL)
 a = BN_new();
+else
+a = ain;
+
 if (a == NULL)
 return NULL;
 
@@ -117,7 +121,8 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
 if ((*d) & 0x80)
 neg = 1;
 if (BN_bin2bn(d, (int)len, a) == NULL) {
-BN_free(a);
+if (ain == NULL)
+BN_free(a);
 return NULL;
 }
 a->neg = neg;
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index e7ee6dd..dc90088 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -806,7 +806,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int 
enclevel,
pem_password_cb *cb, void *u)
 {
 int outlen = 24, pklen;
-unsigned char *p, *salt = NULL;
+unsigned char *p = NULL, *salt = NULL;
 EVP_CIPHER_CTX *cctx = NULL;
 if (enclevel)
 outlen += PVK_SALTLEN;
@@ -828,7 +828,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int 
enclevel,
 
 cctx = EVP_CIPHER_CTX_new();
 if (cctx == NULL)
-return -1;
+goto error;
 
 write_ledword(, MS_PVKMAGIC);
 write_ledword(, 0);
@@ -882,6 +882,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int 
enclevel,
 
  error:
 EVP_CIPHER_CTX_free(cctx);
+if (*out == NULL)
+OPENSSL_free(p);
 return -1;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-29 Thread Richard Levitte 
The branch master has been updated
   via  1f644005ac5f84536c2a80480bf6fdbdf1239f39 (commit)
   via  08590a8647fe2586142451c2a9108388da629eb0 (commit)
  from  a14a740dbecf112ed9de53fb90f34f2af871cda9 (commit)


- Log -
commit 1f644005ac5f84536c2a80480bf6fdbdf1239f39
Author: Richard Levitte 
Date:   Fri Apr 29 09:09:46 2016 +0200

make update

Reviewed-by: Matt Caswell 

commit 08590a8647fe2586142451c2a9108388da629eb0
Author: Richard Levitte 
Date:   Fri Apr 29 09:08:06 2016 +0200

apps/progs.pl: don't make digests disablable by default

Some digest algorithms can't be disabled, don't pretend they can.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/progs.h  |  2 --
 apps/progs.pl |  2 +-
 crypto/bio/bio_err.c  | 61 +++
 include/openssl/bio.h |  1 +
 4 files changed, 10 insertions(+), 56 deletions(-)

diff --git a/apps/progs.h b/apps/progs.h
index 9cc2f2b..ac9d208 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -214,9 +214,7 @@ static FUNCTION functions[] = {
 #ifndef OPENSSL_NO_MD4
 { FT_md, "md4", dgst_main},
 #endif
-#ifndef OPENSSL_NO_MD5
 { FT_md, "md5", dgst_main},
-#endif
 #ifndef OPENSSL_NO_GOST
 { FT_md, "gost", dgst_main},
 #endif
diff --git a/apps/progs.pl b/apps/progs.pl
index e43d436..3ec16d5 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -108,7 +108,7 @@ foreach my $cmd (
 } elsif (my $disabler = $md_disabler{$cmd}) {
 print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
 } else {
-print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
+print $str;
 }
 }
 
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index 36b9dfe..6bf1df6 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -1,57 +1,11 @@
-/* crypto/bio/bio_err.c */
-/* 
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *notice, this list of conditions and the following disclaimer in
- *the documentation and/or other materials provided with the
- *distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *software must display the following acknowledgment:
- *"This product includes software developed by the OpenSSL Project
- *for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *endorse or promote products derived from this software without
- *prior written permission. For written permission, please contact
- *openssl-c...@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *nor may "OpenSSL" appear in their names without prior written
- *permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *acknowledgment:
- *"This product includes software developed by the OpenSSL Project
- *for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * 
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com).  This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- */
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the