[openssl-commits] Errored: openssl/openssl#4280 (master - a182e54)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4280
Status: Errored

Duration: 9 minutes and 34 seconds
Commit: a182e54 (master)
Author: Richard Levitte
Message: Testing symbol presence: also take note of small objects

The S symbol class wasn't checked.

Notified by Sebastian Andrzej Siewior

Reviewed-by: Tim Hudson 

View the changeset: 
https://github.com/openssl/openssl/compare/ade82832cd4b...a182e546c74a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134627032

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  a182e546c74aff8ce1a15c7b626fbb428bf0d0f4 (commit)
  from  ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a (commit)


- Log -
commit a182e546c74aff8ce1a15c7b626fbb428bf0d0f4
Author: Richard Levitte 
Date:   Thu Jun 2 02:06:25 2016 +0200

Testing symbol presence: also take note of small objects

The S symbol class wasn't checked.

Notified by Sebastian Andrzej Siewior

Reviewed-by: Tim Hudson 

---

Summary of changes:
 test/recipes/01-test_symbol_presence.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/recipes/01-test_symbol_presence.t 
b/test/recipes/01-test_symbol_presence.t
index 619519c..32827f5 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -57,7 +57,7 @@ foreach my $libname (@libnames) {
 note "Number of lines in \@def_lines before massaging: ", scalar 
@def_lines;
 
 # Massage the nm output to only contain defined symbols
-@nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDT] .*|, @nm_lines);
+@nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines);
 
 # Massage the mkdef.pl output to only contain global symbols
 # The output we got is in Unix .map format, which has a global
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1003 (const-app-options - ee85b83)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #1003
Status: Errored

Duration: 14 minutes and 28 seconds
Commit: ee85b83 (const-app-options)
Author: FdaSilvaYY
Message: Constify char* parameters in apps code

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/6618ba020360...ee85b83ccb31

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/134525251

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1002 (fix_set_dup_exdata - 4a03bca)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #1002
Status: Errored

Duration: 17 minutes and 1 second
Commit: 4a03bca (fix_set_dup_exdata)
Author: FdaSilvaYY
Message: Fix possible malloc failure inside CRYPTO_dup_ex_data()

Fix related docs.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/63d22cc9f625...4a03bcac98eb

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/134523568

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl 1.0.269

[AppVeyor]

Build openssl 1.0.269 completed



Commit 45361b1e0e by FdaSilvaYY on 6/1/2016 5:31 PM:

Disable Travis Notifications


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1000 (constify - 0b2ef16)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #1000
Status: Errored

Duration: 11 minutes and 47 seconds
Commit: 0b2ef16 (constify)
Author: FdaSilvaYY
Message: Constify X509V3_EXT_*_conf*

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/b1abdf041385...0b2ef16d8248

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/134523069

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4276 (master - 723412d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4276
Status: Errored

Duration: 11 minutes and 44 seconds
Commit: 723412d (master)
Author: Matt Caswell
Message: Don't leak memory on set_reasons() error path

The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE)
object on an error path.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/ff3bb913cfe4...723412d4d8c8

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134512771

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a (commit)
  from  723412d4d8c8466b1d90b8f348c2c8f24c692f59 (commit)


- Log -
commit ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a
Author: Rich Salz 
Date:   Wed Jun 1 11:49:36 2016 -0400

Remove NOEXIST entries

checkpoint before release.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 util/libcrypto.num | 67 --
 util/libssl.num|  1 -
 2 files changed, 68 deletions(-)

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 40d6e0d..8c659c5 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -18,7 +18,6 @@ PKCS12_it   161_1_0   
EXIST:EXPORT_VAR_AS_FUNCTION:FU
 i2d_ASN1_OCTET_STRING   17 1_1_0   EXIST::FUNCTION:
 EC_KEY_set_private_key  18 1_1_0   EXIST::FUNCTION:EC
 SRP_VBASE_get_by_user   19 1_1_0   
EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
-CONF_modules_free   20 1_1_0   NOEXIST::FUNCTION:
 Camellia_cfb128_encrypt 21 1_1_0   EXIST::FUNCTION:CAMELLIA
 DES_ncbc_encrypt22 1_1_0   EXIST::FUNCTION:DES
 TS_REQ_get_ext_count23 1_1_0   EXIST::FUNCTION:TS
@@ -45,7 +44,6 @@ PKCS7_ISSUER_AND_SERIAL_it  431_1_0   
EXIST:!EXPORT_VAR_AS_FUNCTION:V
 PKCS7_ISSUER_AND_SERIAL_it  43 1_1_0   
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 EC_GROUP_method_of  44 1_1_0   EXIST::FUNCTION:EC
 RSA_blinding_on 45 1_1_0   EXIST::FUNCTION:RSA
-CRYPTO_set_dynlock_lock_callback46 1_1_0   NOEXIST::FUNCTION:
 X509_get0_signature 47 1_1_0   EXIST::FUNCTION:
 X509_REVOKED_get0_extensions48 1_1_0   EXIST::FUNCTION:
 NETSCAPE_SPKI_verify49 1_1_0   EXIST::FUNCTION:
@@ -138,7 +136,6 @@ X509v3_add_ext  135 1_1_0   
EXIST::FUNCTION:
 X509v3_addr_subset  1361_1_0   EXIST::FUNCTION:RFC3779
 CRYPTO_strndup  1371_1_0   EXIST::FUNCTION:
 OCSP_REQ_CTX_free   1381_1_0   EXIST::FUNCTION:OCSP
-DSO_METHOD_dlfcn1391_1_0   NOEXIST::FUNCTION:
 X509_STORE_new  1401_1_0   EXIST::FUNCTION:
 ASN1_TYPE_free  1411_1_0   EXIST::FUNCTION:
 PKCS12_BAGS_new 1421_1_0   EXIST::FUNCTION:
@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free 165 1_1_0   
EXIST::FUNCTION:CT
 CMS_RecipientInfo_kari_get0_ctx 1661_1_0   EXIST::FUNCTION:CMS
 PKCS7_set_attributes1671_1_0   EXIST::FUNCTION:
 d2i_POLICYQUALINFO  1681_1_0   EXIST::FUNCTION:
-CRYPTO_add_lock 1691_1_0   NOEXIST::FUNCTION:
 EVP_MD_type 1701_1_0   EXIST::FUNCTION:
 EVP_PKCS82PKEY  1711_1_0   EXIST::FUNCTION:
 BN_generate_prime_ex1721_1_0   EXIST::FUNCTION:
@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers 254 1_1_0   
EXIST::FUNCTION:ENGINE
 SXNET_new   2551_1_0   EXIST::FUNCTION:
 EVP_camellia_256_ctr2561_1_0   EXIST::FUNCTION:CAMELLIA
 d2i_PKCS8_PRIV_KEY_INFO 2571_1_0   EXIST::FUNCTION:
-OPENSSL_strncasecmp 2581_1_0   NOEXIST::FUNCTION:
 EVP_md2 2591_1_0   EXIST::FUNCTION:MD2
 RC2_ecb_encrypt 2601_1_0   EXIST::FUNCTION:RC2
 ENGINE_register_DH  2611_1_0   EXIST::FUNCTION:ENGINE
@@ -354,7 +349,6 @@ ASN1_SEQUENCE_it348 1_1_0   
EXIST:!EXPORT_VAR_AS_FUNCTION:
 ASN1_SEQUENCE_it3481_1_0   
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 TS_RESP_CTX_get_tst_info3491_1_0   EXIST::FUNCTION:TS
 RC4 3501_1_0   EXIST::FUNCTION:RC4
-DSO_get_loaded_filename 3511_1_0   NOEXIST::FUNCTION:
 PKCS7_stream3521_1_0   EXIST::FUNCTION:
 i2t_ASN1_OBJECT 3531_1_0   EXIST::FUNCTION:
 EC_GROUP_get0_generator 3541_1_0   EXIST::FUNCTION:EC
@@ -390,7 +384,6 @@ X509_VERIFY_PARAM_get0_peername 382 1_1_0   
EXIST::FUNCTION:
 ASN1_PCTX_get_oid_flags 3831_1_0   EXIST::FUNCTION:
 CONF_free   3841_1_0   EXIST::FUNCTION:
 DSO_get_filename3851_1_0   EXIST::FUNCTION:
-CRYPTO_set_id_callback 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  723412d4d8c8466b1d90b8f348c2c8f24c692f59 (commit)
   via  137ebd3d1dc4486619bc524502c55682a6f4 (commit)
   via  423281001ce96d731361152f8f6c52a1fefc2660 (commit)
   via  69e2bd32efb756b59cea75af22d869679c448e91 (commit)
   via  fe71bb3ad97ed01ccf92812891cc2bc3ef3dce76 (commit)
   via  379a8ed1ffdbb0c8dbf89b2777b1b710f968db6e (commit)
   via  6eb311eea6fca45495b3a48c396f5aa8e8f7e714 (commit)
   via  97323d57cd6dbbd0c06383dea3cc1b90d11f2557 (commit)
   via  1c422164d8343688b8356fcb26f6b7e06921433b (commit)
   via  a855d1a155dd88aaf136bdc1deb88e68558b94fd (commit)
   via  b0cb22b07c71c13412c633c816afb5afccdb84b7 (commit)
   via  6e4ab54b93a161bed3d668315b13359b883caca4 (commit)
   via  0e9eb1a57bd2e12eda7939f053240499f6169d74 (commit)
  from  ff3bb913cfe47104293138a17014d3bde9db5e32 (commit)


- Log -
commit 723412d4d8c8466b1d90b8f348c2c8f24c692f59
Author: Matt Caswell 
Date:   Thu Apr 28 14:00:10 2016 +0100

Don't leak memory on set_reasons() error path

The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE)
object on an error path.

Reviewed-by: Richard Levitte 

commit 137ebd3d1dc4486619bc524502c55682a6f4
Author: Matt Caswell 
Date:   Thu Apr 28 13:53:52 2016 +0100

Don't leak memory on int X509_PURPOSE_add() error path

The int X509_PURPOSE_add() function was leaking an X509_PURPOSE object
on error.

Reviewed-by: Richard Levitte 

commit 423281001ce96d731361152f8f6c52a1fefc2660
Author: Matt Caswell 
Date:   Thu Apr 28 13:46:31 2016 +0100

Don't leak memory on X509_TRUST_add() error path

The X509_TRUST_add() function was leaking an X509_TRUST object on error.

Reviewed-by: Richard Levitte 

commit 69e2bd32efb756b59cea75af22d869679c448e91
Author: Matt Caswell 
Date:   Wed Apr 27 17:19:01 2016 +0100

Don't leak memory on ASN1_item_pack() error path

The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.

Reviewed-by: Richard Levitte 

commit fe71bb3ad97ed01ccf92812891cc2bc3ef3dce76
Author: Matt Caswell 
Date:   Wed Apr 27 16:59:49 2016 +0100

Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path

The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME
object on an error path.

Reviewed-by: Richard Levitte 

commit 379a8ed1ffdbb0c8dbf89b2777b1b710f968db6e
Author: Matt Caswell 
Date:   Wed Apr 27 16:50:14 2016 +0100

Don't leak memory in v2i_POLICY_MAPPINGS() on error path

The v2i_POLICY_MAPPINGS() function leaked ASN1_OBJECT pointers on error
paths.

Reviewed-by: Richard Levitte 

commit 6eb311eea6fca45495b3a48c396f5aa8e8f7e714
Author: Matt Caswell 
Date:   Wed Apr 27 16:41:43 2016 +0100

Don't leak memory from notice_section function on error path

The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.

Reviewed-by: Richard Levitte 

commit 97323d57cd6dbbd0c06383dea3cc1b90d11f2557
Author: Matt Caswell 
Date:   Wed Apr 27 15:03:26 2016 +0100

Don't leak memory in v2i_AUTHORITY_KEYID

The v2i_AUTHORITY_KEYID() function can leak memory under an error
condition.

Reviewed-by: Richard Levitte 

commit 1c422164d8343688b8356fcb26f6b7e06921433b
Author: Matt Caswell 
Date:   Wed Apr 27 14:59:35 2016 +0100

Fix memory leak in crl2pkcs7 app

The crl2pkcs7 app leaks a stack of OPENSSL_STRINGs in error paths.

Reviewed-by: Richard Levitte 

commit a855d1a155dd88aaf136bdc1deb88e68558b94fd
Author: Matt Caswell 
Date:   Wed Apr 27 14:54:58 2016 +0100

Free a temporary buffer used by dsaparam application

The dsaparam application allocates a temporary buffer but then doesn't
free it.

Reviewed-by: Richard Levitte 

commit b0cb22b07c71c13412c633c816afb5afccdb84b7
Author: Matt Caswell 
Date:   Wed Apr 27 14:50:32 2016 +0100

Free buffer on error in a2i_ASN1_INTEGER()

The function a2i_ASN1_INTEGER() allocates a buffer |s| but then fails
to free it on error paths.

Reviewed-by: Richard Levitte 

commit 6e4ab54b93a161bed3d668315b13359b883caca4
Author: Matt Caswell 
Date:   Wed Apr 27 14:46:09 2016 +0100

Free memory on error in cms app

The make_receipt_request() function in the cms app can leak memory on
an error condition.

[openssl-commits] Errored: openssl/openssl#4275 (master - ff3bb91)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4275
Status: Errored

Duration: 10 minutes and 57 seconds
Commit: ff3bb91 (master)
Author: Rich Salz
Message: Fix nits in crypto.pod,ssl.pod

After this merge, the only things left (from doc-nit-check) is
74 pages without a "RETURN VALUES" section.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/b8a9af68819f...ff3bb913cfe4

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134485974

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4274 (master - b8a9af6)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4274
Status: Errored

Duration: 16 minutes and 54 seconds
Commit: b8a9af6 (master)
Author: Rich Salz
Message: Remove/rename some old files.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/44c8a5e2b9af...b8a9af68819f

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134484258

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4273 (master - 44c8a5e)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4273
Status: Errored

Duration: 32 minutes and 3 seconds
Commit: 44c8a5e (master)
Author: Rich Salz
Message: Add final(?) set of copyrights.

Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/0f91e1dff4ab...44c8a5e2b9af

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134483627

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  ff3bb913cfe47104293138a17014d3bde9db5e32 (commit)
   via  0634424f7c65d76e342eee4e3359f48d3fe2fa9a (commit)
  from  b8a9af68819f1cc51155cdeabe8bbf8242e8b3ee (commit)


- Log -
commit ff3bb913cfe47104293138a17014d3bde9db5e32
Author: Rich Salz 
Date:   Tue May 31 12:20:08 2016 -0400

Fix nits in crypto.pod,ssl.pod

After this merge, the only things left (from doc-nit-check) is
74 pages without a "RETURN VALUES" section.

Reviewed-by: Richard Levitte 

commit 0634424f7c65d76e342eee4e3359f48d3fe2fa9a
Author: Rich Salz 
Date:   Wed May 25 14:29:57 2016 -0400

Fix various doc nits.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 doc/apps/ca.pod   |   2 +-
 doc/apps/errstr.pod   |   4 ++
 doc/apps/ocsp.pod |   9 +++-
 doc/apps/openssl.pod  |  17 ++-
 doc/apps/sess_id.pod  |   2 +
 doc/apps/verify.pod   | 126 +-
 doc/crypto/crypto.pod |  12 +++--
 doc/ssl/ssl.pod   |   8 
 8 files changed, 109 insertions(+), 71 deletions(-)

diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index cd7eda3..8dfac01 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -61,7 +61,7 @@ and their status.
 
 The options descriptions will be divided into each purpose.
 
-=head1 CA OPTIONS
+=head1 COMMAND OPTIONS
 
 =over 4
 
diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod
index 5c6ecd3..5ec7b2e 100644
--- a/doc/apps/errstr.pod
+++ b/doc/apps/errstr.pod
@@ -15,6 +15,10 @@ numerical forms will be available. The B utility can 
be used to
 display the meaning of the hex code. The hex code is the hex digits after the
 second colon.
 
+=head1 COMMAND OPTIONS
+
+None.
+
 =head1 EXAMPLE
 
 The error code:
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 50fb4fa..75273a9 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -95,7 +95,12 @@ The B command performs many common OCSP tasks. It can 
be used
 to print out requests and responses, create requests and send queries
 to an OCSP responder and behave like a mini OCSP server itself.
 
-=head1 OCSP CLIENT OPTIONS
+=head1 COMMAND OPTIONS
+
+This command operates as either a client or a server.
+The options are described below, divided into those two modes.
+
+=head2 OCSP Client Options
 
 =over 4
 
@@ -288,7 +293,7 @@ digest used by subsequent certificate identifiers.
 
 =back
 
-=head1 OCSP SERVER OPTIONS
+=head2 OCSP Server Options
 
 =over 4
 
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index b63754b..bc260e9 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -350,7 +350,22 @@ RC5 Cipher
 
 =back
 
-=head1 PASS PHRASE ARGUMENTS
+=head1 COMMAND OPTIONS
+
+Details of which options are available depend on the specific command.
+This section desribes some common options with common behavior.
+
+=head2 Common Options
+
+=over 10
+
+=item B<-help>
+
+Provides a terse summary of all options.
+
+=back
+
+=head2 Pass Phrase Options
 
 Several commands accept password arguments, typically using B<-passin>
 and B<-passout> for input and output passwords respectively. These allow
diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod
index b3b77b7..b098528 100644
--- a/doc/apps/sess_id.pod
+++ b/doc/apps/sess_id.pod
@@ -24,6 +24,8 @@ master key) in human readable format. Since this is a 
diagnostic tool that
 needs some knowledge of the SSL protocol to use properly, most users will
 not need to use it.
 
+=head1 COMMAND OPTIONS
+
 =over 4
 
 =item B<-help>
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index 5d3467e..2abc70e 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -395,147 +395,147 @@ as "unused".
 
 =over 4
 
-=item B<0 X509_V_OK: ok>
+=item B
 
-the operation was successful.
+The operation was successful.
 
-=item B<1 X509_V_ERR_UNSPECIFIED: unspecified certificate verification error>
+=item B
 
-unspecified error, should not happen.
+Unspecified error; should not happen.
 
-=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer 
certificate>
+=item B
 
-the issuer certificate of a looked up certificate could not be found. This
+The issuer certificate of a looked up certificate could not be found. This
 normally means the list of trusted certificates is not complete.
 
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+=item B
 
-the CRL of a certificate could not be found.
+The CRL of a certificate could not be found.
 
-=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt 
certificate's signature>
+=item B
 
-the certificate signature could not be decrypted. This means that the actual 
signature value
+The certificate signature could not be decrypted. This means that the actual 
signature value
 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  44c8a5e2b9af8909844cc002c53049311634b314 (commit)
  from  0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c (commit)


- Log -
commit 44c8a5e2b9af8909844cc002c53049311634b314
Author: Rich Salz 
Date:   Wed Jun 1 11:26:40 2016 -0400

Add final(?) set of copyrights.

Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configure  |  2 --
 apps/tsget.in  | 13 +
 config | 26 --
 config.com |  6 ++
 crypto/aes/asm/aes-ia64.S  |  7 +++
 crypto/bn/asm/bn-c64xplus.asm  |  7 +++
 crypto/bn/asm/ia64.S   |  7 +++
 crypto/bn/asm/pa-risc2.s   |  6 ++
 crypto/bn/asm/pa-risc2W.s  |  7 +++
 crypto/bn/asm/s390x.S  | 10 +-
 crypto/bn/asm/sparcv8.S| 10 +-
 crypto/bn/asm/sparcv8plus.S| 10 +-
 crypto/des/asm/des_enc.m4  | 27 +--
 crypto/ia64cpuid.S |  6 ++
 crypto/md5/asm/md5-ia64.S  | 10 ++
 crypto/s390xcpuid.S|  6 ++
 crypto/sparccpuid.S|  7 +++
 engines/vendor_defns/hwcryptohook.h| 11 +--
 fuzz/helper.py |  7 +++
 ms/applink.c   |  9 +
 ms/uplink.c|  9 +
 ms/uplink.h|  9 +
 test/danetest.in   |  8 
 test/evptests.txt  |  9 +
 test/recipes/80-test_cipherlist.t  |  8 
 test/smime-certs/mksmime-certs.sh  |  7 +++
 test/ssl-tests/01-simple.conf.in   |  7 +++
 test/ssl-tests/02-protocol-version.conf.in |  7 +++
 test/ssl-tests/03-custom_verify.conf.in|  7 +++
 tools/c_rehash.in  |  6 ++
 util/openssl-format-source |  8 
 31 files changed, 216 insertions(+), 63 deletions(-)

diff --git a/Configure b/Configure
index 020f2a1..e8fc933 100755
--- a/Configure
+++ b/Configure
@@ -1970,8 +1970,6 @@ my %builders = (
 unixmake => sub {
 build_Makefile();
 
-run_dofile("util/domd", "util/domd.in");
-chmod 0755, "util/domd";
 },
 );
 
diff --git a/apps/tsget.in b/apps/tsget.in
index fe029f3..7067111 100644
--- a/apps/tsget.in
+++ b/apps/tsget.in
@@ -1,7 +1,11 @@
 #!{- $config{perl} -}
-# Written by Zoltan Glozik .
-# Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
-$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
 
 use strict;
 use IO::Handle;
@@ -42,7 +46,8 @@ sub create_curl {
 # Error-handling related options.
 $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
 $curl->setopt(CURLOPT_FAILONERROR, 1);
-$curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, 
$::version)[2]);
+$curl->setopt(CURLOPT_USERAGENT,
+"OpenTSA tsget.pl/openssl-{- $config{version} -}");
 
 # Options for POST method.
 $curl->setopt(CURLOPT_UPLOAD, 1);
diff --git a/config b/config
index dfdca4d..2e02ae3 100755
--- a/config
+++ b/config
@@ -1,25 +1,15 @@
 #!/bin/sh
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
 #
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
 # OpenSSL config: determine the operating system and run ./Configure
+# Derived from minarch and GuessOS from Apache.
 #
-# "config -h" for usage information.
-#
-#  this is a merge of minarch and GuessOS from the Apache Group.
-#  Originally written by Tim Hudson .
-
-# Original Apache Group comments on GuessOS
-
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows 

[openssl-commits] Errored: openssl/openssl#4272 (master - 0f91e1d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4272
Status: Errored

Duration: 11 minutes and 13 seconds
Commit: 0f91e1d (master)
Author: Rich Salz
Message: Fix some RAND bugs

RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/f83b85fb0f46...0f91e1dff4ab

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134468695

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c (commit)
  from  f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650 (commit)


- Log -
commit 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c
Author: Rich Salz 
Date:   Sun May 29 14:11:44 2016 -0400

Fix some RAND bugs

RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 CHANGES   |  5 +
 apps/rand.c   | 16 ++--
 crypto/rand/md_rand.c |  6 +++---
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 541efc3..c64d677 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2h and 1.1.0  [xx XXX 2016]
 
+  *) Windows RAND implementation was simplified to only get entropy by
+ calling CryptGenRandom(). Various other RAND-related tickets
+ were also closed.
+ [Joseph Wylie Yandle, Rich Salz]
+
   *) The stack and lhash API's were renamed to start with OPENSSL_SK_
  and OPENSSL_LH_, respectively.  The old names are available
  with API compatibility.  They new names are now completely documented.
diff --git a/apps/rand.c b/apps/rand.c
index 89a23a2..d60f1ec 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -105,22 +105,26 @@ int rand_main(int argc, char **argv)
 r = RAND_bytes(buf, chunk);
 if (r <= 0)
 goto end;
-if (format != FORMAT_TEXT) /* hex */
-BIO_write(out, buf, chunk);
-else {
+if (format != FORMAT_TEXT) {
+if (BIO_write(out, buf, chunk) != chunk)
+goto end;
+} else {
 for (i = 0; i < chunk; i++)
-BIO_printf(out, "%02x", buf[i]);
+if (BIO_printf(out, "%02x", buf[i]) != 2)
+goto end;
 }
 num -= chunk;
 }
 if (format == FORMAT_TEXT)
 BIO_puts(out, "\n");
-(void)BIO_flush(out);
+if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
+goto end;
 
-app_RAND_write_file(NULL);
 ret = 0;
 
  end:
+if (ret != 0)
+ERR_print_errors(bio_err);
 BIO_free_all(out);
 return (ret);
 }
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 4b874e3..137851f 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -38,7 +38,7 @@
 /* #define PREDICT  1 */
 
 #define STATE_SIZE  1023
-static int state_num = 0, state_index = 0;
+static size_t state_num = 0, state_index = 0;
 static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
 static long md_count[2] = { 0, 0 };
@@ -268,8 +268,8 @@ static int rand_seed(const void *buf, int num)
 static int rand_bytes(unsigned char *buf, int num, int pseudo)
 {
 static volatile int stirred_pool = 0;
-int i, j, k, st_num, st_idx;
-int num_ceil;
+int i, j, k;
+size_t num_ceil, st_idx, st_num;
 int ok;
 long md_c[2];
 unsigned char local_md[MD_DIGEST_LENGTH];
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4270 (master - f83b85f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4270
Status: Errored

Duration: 10 minutes and 29 seconds
Commit: f83b85f (master)
Author: Matt Caswell
Message: Ensure an ASN1_OBJECT is freed in error paths

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/6493e4801e9e...f83b85fb0f46

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134455961

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4269 (master - 6493e48)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4269
Status: Errored

Duration: 12 minutes and 32 seconds
Commit: 6493e48 (master)
Author: Rich Salz
Message: RT4337: Crash in DES

Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/1d54ef340864...6493e4801e9e

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134447477

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650 (commit)
   via  7b0ee1353d0e3ece7986e12c6684f1aac7483cea (commit)
   via  a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd (commit)
   via  5bf7c7725b9cb44813dc78cf143c5c1d5aada02c (commit)
   via  fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9 (commit)
   via  0461b7ea7bd1112c4fa357545fc8a456138ed3af (commit)
  from  6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (commit)


- Log -
commit f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650
Author: Matt Caswell 
Date:   Tue Apr 26 18:45:46 2016 +0100

Ensure an ASN1_OBJECT is freed in error paths

Reviewed-by: Richard Levitte 

commit 7b0ee1353d0e3ece7986e12c6684f1aac7483cea
Author: Matt Caswell 
Date:   Tue Apr 26 18:37:58 2016 +0100

Free allocated password strings on exit

Reviewed-by: Richard Levitte 

commit a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd
Author: Matt Caswell 
Date:   Tue Apr 26 18:33:03 2016 +0100

Free a BIO_ADDR if DTLSv1_listen return <=0

Reviewed-by: Richard Levitte 

commit 5bf7c7725b9cb44813dc78cf143c5c1d5aada02c
Author: Matt Caswell 
Date:   Tue Apr 26 18:29:49 2016 +0100

Ensure BIGNUM is freed in an error path

Reviewed-by: Richard Levitte 

commit fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9
Author: Matt Caswell 
Date:   Tue Apr 26 18:28:03 2016 +0100

Free an X509_CRL in an error path

Reviewed-by: Richard Levitte 

commit 0461b7ea7bd1112c4fa357545fc8a456138ed3af
Author: Matt Caswell 
Date:   Tue Apr 26 18:25:39 2016 +0100

Don't leak X509_OBJECT in an error path

Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/apps.c | 4 +++-
 apps/prime.c| 3 +--
 apps/s_server.c | 8 +---
 apps/srp.c  | 2 ++
 apps/x509.c | 7 ++-
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index a3e1794..fca3775 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1984,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX 
*ctx, X509_NAME *nm)
 crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
 crl = load_crl_crldp(crldp);
 sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
-if (!crl)
+if (!crl) {
+sk_X509_CRL_free(crls);
 return NULL;
+}
 sk_X509_CRL_push(crls, crl);
 /* Try to download delta CRL */
 crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
diff --git a/apps/prime.c b/apps/prime.c
index 940fd45..b0f5969 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -119,9 +119,8 @@ int prime_main(int argc, char **argv)
 }
 }
 
-BN_free(bn);
-
 ret = 0;
  end:
+BN_free(bn);
 return ret;
 }
diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c3..dce02f0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
 BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
 goto done;
 }
-req = OCSP_REQUEST_new();
-if (req == NULL)
-goto err;
 id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
 X509_OBJECT_free(obj);
 if (!id)
 goto err;
+req = OCSP_REQUEST_new();
+if (req == NULL)
+goto err;
 if (!OCSP_request_add0_id(req, id))
 goto err;
 id = NULL;
@@ -2481,6 +2481,8 @@ static int init_ssl_connection(SSL *con)
 BIO_ADDR_free(client);
 dtlslisten = 0;
 i = SSL_accept(con);
+} else {
+BIO_ADDR_free(client);
 }
 } else
 #endif
diff --git a/apps/srp.c b/apps/srp.c
index d81346d..5ba9375 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -597,6 +597,8 @@ int srp_main(int argc, char **argv)
 if (verbose)
 BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
 
+OPENSSL_free(passin);
+OPENSSL_free(passout);
 if (ret)
 ERR_print_errors(bio_err);
 if (randfile)
diff --git a/apps/x509.c b/apps/x509.c
index 56c6fcc..6419766 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -145,7 +145,7 @@ OPTIONS x509_options[] = {
 int x509_main(int argc, char **argv)
 {
 ASN1_INTEGER *sno = NULL;
-ASN1_OBJECT *objtmp;
+ASN1_OBJECT *objtmp = NULL;
 BIO *out = NULL;
 CONF *extconf = NULL;
 EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
@@ -277,6 +277,7 @@ int x509_main(int argc, char **argv)
 if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
 goto end;
 

[openssl-commits] Failed: openssl/openssl#4267 (OpenSSL_1_0_2-stable - a004e72)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4267
Status: Failed

Duration: 14 minutes and 7 seconds
Commit: a004e72 (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Avoid some undefined pointer arithmetic

A common idiom in the codebase is:

if (p + len > limit)
{
return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/f792c663048f...a004e72b9583

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134447006

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (commit)
  from  1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)


- Log -
commit 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242
Author: Rich Salz 
Date:   Tue May 31 23:05:48 2016 -0400

RT4337: Crash in DES

Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/des/fcrypt.c | 51 ++-
 doc/crypto/des.pod  | 17 +++--
 test/destest.c  | 21 +
 3 files changed, 46 insertions(+), 43 deletions(-)

diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index b52f486..5215ad3 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -66,27 +66,23 @@ char *DES_crypt(const char *buf, const char *salt)
 char e_buf[32 + 1]; /* replace 32 by 8 ? */
 char *ret;
 
-/* Copy at most 2 chars of salt */
-if ((e_salt[0] = salt[0]) != '\0')
-e_salt[1] = salt[1];
+if (salt[0] == '\0' || salt[1] == '\0')
+return NULL;
 
-/* Copy at most 32 chars of password */
-strncpy(e_buf, buf, sizeof(e_buf));
+/* Copy salt, convert to ASCII. */
+e_salt[0] = salt[0];
+e_salt[1] = salt[1];
+e_salt[2] = '\0';
+ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
 
-/* Make sure we have a delimiter */
-e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
-
-/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
-ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
-/* Convert the cleartext password to ASCII */
+/* Convert password to ASCII. */
+OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
 ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
 
-/* Encrypt it (from/to ASCII) */
+/* Encrypt it (from/to ASCII); if it worked, convert back. */
 ret = DES_fcrypt(e_buf, e_salt, buff);
-
-/* Convert the result back to EBCDIC */
-ascii2ebcdic(ret, ret, strlen(ret));
+if (ret != NULL)
+ascii2ebcdic(ret, ret, strlen(ret));
 
 return ret;
 #endif
@@ -103,25 +99,14 @@ char *DES_fcrypt(const char *buf, const char *salt, char 
*ret)
 unsigned char *b = bb;
 unsigned char c, u;
 
-/*
- * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
- * have * as the pwd field in /etc/passwd, the function returns
- * *\0X The \0 makes the string look like * so the pwd "*" would
- * crypt to "*".  This was found when replacing the crypt in our shared
- * libraries.  People found that the disabled accounts effectively had no
- * passwd :-(.
- */
-#ifndef CHARSET_EBCDIC
-x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+x = ret[0] = salt[0];
+if (x == 0 || x >= sizeof(con_salt))
+return NULL;
 Eswap0 = con_salt[x] << 2;
-x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+x = ret[1] = salt[1];
+if (x == 0 || x >= sizeof(con_salt))
+return NULL;
 Eswap1 = con_salt[x] << 6;
-#else
-x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
-Eswap0 = con_salt[x] << 2;
-x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
-Eswap1 = con_salt[x] << 6;
-#endif
 
 /*
  * EAY r=strlen(buf); r=(r+7)/8;
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 7ccadbc..0131093 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -240,8 +240,9 @@ is thread safe, unlike the normal crypt.
 
 DES_crypt() is a faster replacement for the normal system crypt().
 This function calls DES_fcrypt() with a static array passed as the
-third parameter.  This emulates the normal non-thread safe semantics
+third parameter.  This mostly emulates the normal non-thread-safe semantics
 of crypt(3).
+The B must be two ASCII characters.
 
 DES_enc_write() writes I bytes to file descriptor I from
 buffer I. The data is encrypted via I (default)
@@ -272,15 +273,11 @@ DES_string_to_key() is available for backward 
compatibility with the
 MIT library.  New applications should use a cryptographic hash function.
 The same applies for DES_string_to_2key().
 
-=head1 CONFORMING TO
-
-ANSI X3.106
+=head1 NOTES
 
 The B library was written to be source code compatible with
 the MIT Kerberos library.
 
-=head1 NOTES
-
 Applications should use the higher level functions
 L etc. instead of calling these
 functions directly.
@@ -288,6 +285,14 @@ functions directly.
 Single-key DES is insecure due to its short key size.  ECB mode is
 not suitable for most applications; see L.
 
+=head1 HISTORY
+
+The requirement that the B parameter to DES_crypt() and DES_fcrypt()
+be two ASCII characters was first enforced in
+OpenSSL 1.1.0.  

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  a004e72b95835136d3f1ea90517f706c24c03da7 (commit)
  from  f792c663048f19347a1bb72125e535e4fb2ecf39 (commit)


- Log -
commit a004e72b95835136d3f1ea90517f706c24c03da7
Author: Matt Caswell 
Date:   Thu May 5 11:10:26 2016 +0100

Avoid some undefined pointer arithmetic

A common idiom in the codebase is:

if (p + len > limit)
{
return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/s3_srvr.c  | 14 +++---
 ssl/ssl_sess.c |  2 +-
 ssl/t1_lib.c   | 56 ++--
 3 files changed, 38 insertions(+), 34 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ab28702..ab7f690 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
 
 session_length = *(p + SSL3_RANDOM_SIZE);
 
-if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
 /* get the session-id */
 j = *(p++);
 
-if (p + j > d + n) {
+if ((d + n) - p < j) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
 
 if (SSL_IS_DTLS(s)) {
 /* cookie stuff */
-if (p + 1 > d + n) {
+if ((d + n) - p < 1) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
 }
 cookie_len = *(p++);
 
-if (p + cookie_len > d + n) {
+if ((d + n ) - p < cookie_len) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
 }
 }
 
-if (p + 2 > d + n) {
+if ((d + n ) - p < 2) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
 }
 
 /* i bytes of cipher data + 1 byte for compression length later */
-if ((p + i + 1) > (d + n)) {
+if ((d + n) - p < i + 1) {
 /* not enough data */
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
 
 /* compression */
 i = *(p++);
-if ((p + i) > (d + n)) {
+if ((d + n) - p < i) {
 /* not enough data */
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index b182998..54ee783 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, 
int len,
 int r;
 #endif
 
-if (session_id + len > limit) {
+if (limit - session_id < len) {
 fatal = 1;
 goto err;
 }
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fb64607..cdac011 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 0x02, 0x03, /* SHA-1/ECDSA */
 };
 
-if (data >= (limit - 2))
+if (limit - data <= 2)
 return;
 data += 2;
 
-if (data > (limit - 4))
+if (limit - data < 4)
 return;
 n2s(data, type);
 n2s(data, size);
@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 if (type != TLSEXT_TYPE_server_name)
 return;
 
-if (data + size > limit)
+if (limit - data < size)
 return;
 data += size;
 
@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 const size_t len1 = sizeof(kSafariExtensionsBlock);
 const 

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated
   via  6f35f6deb5ca7daebe289f86477e061ce3ee5f46 (commit)
  from  3d4f83a5c4c0278ae136e70cdf0799d25f01cde3 (commit)


- Log -
commit 6f35f6deb5ca7daebe289f86477e061ce3ee5f46
Author: Matt Caswell 
Date:   Thu May 5 11:10:26 2016 +0100

Avoid some undefined pointer arithmetic

A common idiom in the codebase is:

if (p + len > limit)
{
return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/s3_srvr.c  | 14 +++---
 ssl/ssl_sess.c |  2 +-
 ssl/t1_lib.c   | 48 ++--
 3 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 04cf93a..6c74caa 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1040,7 +1040,7 @@ int ssl3_get_client_hello(SSL *s)
 
 session_length = *(p + SSL3_RANDOM_SIZE);
 
-if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1058,7 +1058,7 @@ int ssl3_get_client_hello(SSL *s)
 /* get the session-id */
 j = *(p++);
 
-if (p + j > d + n) {
+if ((d + n) - p < j) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1114,14 +1114,14 @@ int ssl3_get_client_hello(SSL *s)
 
 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
 /* cookie stuff */
-if (p + 1 > d + n) {
+if ((d + n) - p < 1) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
 }
 cookie_len = *(p++);
 
-if (p + cookie_len > d + n) {
+if ((d + n ) - p < cookie_len) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1166,7 +1166,7 @@ int ssl3_get_client_hello(SSL *s)
 p += cookie_len;
 }
 
-if (p + 2 > d + n) {
+if ((d + n ) - p < 2) {
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
 goto f_err;
@@ -1180,7 +1180,7 @@ int ssl3_get_client_hello(SSL *s)
 }
 
 /* i bytes of cipher data + 1 byte for compression length later */
-if ((p + i + 1) > (d + n)) {
+if ((d + n) - p < i + 1) {
 /* not enough data */
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
@@ -1246,7 +1246,7 @@ int ssl3_get_client_hello(SSL *s)
 
 /* compression */
 i = *(p++);
-if ((p + i) > (d + n)) {
+if ((d + n) - p < i) {
 /* not enough data */
 al = SSL_AD_DECODE_ERROR;
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 48fc451..a97d060 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -602,7 +602,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, 
int len,
 int r;
 #endif
 
-if (session_id + len > limit) {
+if (limit - session_id < len) {
 fatal = 1;
 goto err;
 }
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0bdb77d..8ed1793 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -942,11 +942,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 0x02, 0x03, /* SHA-1/ECDSA */
 };
 
-if (data >= (limit - 2))
+if (limit - data <= 2)
 return;
 data += 2;
 
-if (data > (limit - 4))
+if (limit - data < 4)
 return;
 n2s(data, type);
 n2s(data, size);
@@ -954,7 +954,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 if (type != TLSEXT_TYPE_server_name)
 return;
 
-if (data + size > limit)
+if (limit - data < size)
 return;
 data += size;
 
@@ -962,7 +962,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned 
char *data,
 const size_t len1 = 

[openssl-commits] Errored: openssl/openssl#4265 (master - 1d54ef3)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4265
Status: Errored

Duration: 10 minutes and 46 seconds
Commit: 1d54ef3 (master)
Author: Matt Caswell
Message: Fix printing of DH Parameters

The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/b2b361f6afb5...1d54ef340864

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134430862

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4264 (master - b2b361f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4264
Status: Errored

Duration: 14 minutes and 31 seconds
Commit: b2b361f (master)
Author: FdaSilvaYY
Message: Raise an Err when CRYPTO_THREAD_lock_new fails

Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/57358a83a401...b2b361f6afb5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134430323

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4263 (master - 57358a8)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4263
Status: Errored

Duration: 13 minutes and 41 seconds
Commit: 57358a8 (master)
Author: Matt Caswell
Message: req command incorrectly displays the bits for an EC key

When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:

 Generating a 2048 bit EC private key

This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.

GitHub Issue #1068

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/e51329d3815d...57358a83a401

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134428988

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)
   via  eeb21772effdd385e44eed547d717f171487987e (commit)
  from  b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)


- Log -
commit 1d54ef340864507c1b6e86238183ab4cbc7423aa
Author: Matt Caswell 
Date:   Fri May 27 13:55:47 2016 +0100

Fix printing of DH Parameters

The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.

Reviewed-by: Richard Levitte 

commit eeb21772effdd385e44eed547d717f171487987e
Author: Matt Caswell 
Date:   Fri May 27 13:26:03 2016 +0100

Add dhparam sanity check and update DH_check documentation

The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.

Also updates the documentation for the -check argument, and the DH_check()
function.

RT#4244

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/dhparam.c| 25 +++
 crypto/dh/dh_ameth.c  |  3 ++-
 doc/apps/dhparam.pod  |  3 ++-
 doc/crypto/DH_generate_parameters.pod | 46 ++-
 4 files changed, 59 insertions(+), 18 deletions(-)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 350dd28..f86e315 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -270,15 +270,30 @@ int dhparam_main(int argc, char **argv)
 goto end;
 }
 if (i & DH_CHECK_P_NOT_PRIME)
-printf("p value is not prime\n");
+BIO_printf(bio_err, "WARNING: p value is not prime\n");
 if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-printf("p value is not a safe prime\n");
+BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+if (i & DH_CHECK_Q_NOT_PRIME)
+BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+if (i & DH_CHECK_INVALID_Q_VALUE)
+BIO_printf(bio_err, "WARNING: q value is invalid\n");
+if (i & DH_CHECK_INVALID_J_VALUE)
+BIO_printf(bio_err, "WARNING: j value is invalid\n");
 if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-printf("unable to check the generator value\n");
+BIO_printf(bio_err,
+   "WARNING: unable to check the generator value\n");
 if (i & DH_NOT_SUITABLE_GENERATOR)
-printf("the g value is not a generator\n");
+BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
 if (i == 0)
-printf("DH parameters appear to be ok.\n");
+BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+if (num != 0 && i != 0) {
+/*
+ * We have generated parameters but DH_check() indicates they are
+ * invalid! This should never happen!
+ */
+BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+goto end;
+}
 }
 if (C) {
 unsigned char *data;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index b7b3717..78aea36 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -280,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, 
int ptype)
 else
 pub_key = NULL;
 
-if (priv_key == NULL && pub_key == NULL) {
+if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+|| (ptype > 0 && pub_key == NULL)) {
 reason = ERR_R_PASSED_NULL_PARAMETER;
 goto err;
 }
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
index 63cc0d3..addd88a 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
 
 =item B<-check>
 
-check if the parameters are valid primes and generator.
+Performs numerous checks to see if the supplied parameters are valid and
+displays a warning if not.
 
 =item B<-2>, B<-5>
 
diff --git a/doc/crypto/DH_generate_parameters.pod 
b/doc/crypto/DH_generate_parameters.pod
index 71fa436..8970aae 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -37,12 +37,41 @@ number is generated, and when a prime has been found, 
B
 is called. See L for information on
 the BN_GENCB_call() function.
 
-DH_check() validates Diffie-Hellman parameters. It checks that B is
-a safe prime, and that B is a suitable generator. In the case of an
-error, the bit flags 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)
  from  57358a83a401ef469353b7ebdae0cf3b870a4d5e (commit)


- Log -
commit b2b361f6afb55c501bedef664c1fdc0d71a91d4b
Author: FdaSilvaYY 
Date:   Sat Apr 30 16:23:33 2016 +0200

Raise an Err when CRYPTO_THREAD_lock_new fails

Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/asn1/tasn_utl.c | 5 -
 crypto/dh/dh_lib.c | 1 +
 crypto/dsa/dsa_lib.c   | 1 +
 crypto/dso/dso_lib.c   | 1 +
 engines/e_chil.c   | 8 ++--
 engines/e_chil_err.h   | 2 ++
 6 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index cb24593..f03f9e9 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -50,6 +50,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
  * then the count is incremented. If op is 0 count is set to 1. If op is -1
  * count is decremented and the return value is the current reference count
  * or 0 if no reference count exists.
+ * FIXME: return and manage any error from inside this method
  */
 
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
@@ -68,8 +69,10 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM 
*it)
 if (op == 0) {
 *lck = 1;
 *lock = CRYPTO_THREAD_lock_new();
-if (*lock == NULL)
+if (*lock == NULL) {
+/* FIXME: should report an error (-1) at this point */
 return 0;
+}
 return 1;
 }
 CRYPTO_atomic_add(lck, op, , *lock);
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 8645b67..6a59f7f 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -64,6 +64,7 @@ DH *DH_new_method(ENGINE *engine)
 ret->references = 1;
 ret->lock = CRYPTO_THREAD_lock_new();
 if (ret->lock == NULL) {
+DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 OPENSSL_free(ret);
 return NULL;
 }
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9294594..14cb35f 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -73,6 +73,7 @@ DSA *DSA_new_method(ENGINE *engine)
 ret->references = 1;
 ret->lock = CRYPTO_THREAD_lock_new();
 if (ret->lock == NULL) {
+DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 OPENSSL_free(ret);
 return NULL;
 }
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 6bb9f5f..bea8776 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -39,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
 ret->references = 1;
 ret->lock = CRYPTO_THREAD_lock_new();
 if (ret->lock == NULL) {
+DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 sk_void_free(ret->meth_data);
 OPENSSL_free(ret);
 return NULL;
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 0fb7aa4..c660aa9 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -309,8 +309,10 @@ static int bind_helper(ENGINE *e)
 #  endif
 
 chil_lock = CRYPTO_THREAD_lock_new();
-if (chil_lock == NULL)
+if (chil_lock == NULL) {
+HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
 return 0;
+}
 
 if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
 !ENGINE_set_name(e, engine_hwcrhk_name) ||
@@ -1092,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
  HWCryptoHook_CallerContext * cactx)
 {
 mt->lock = CRYPTO_THREAD_lock_new();
-if (mt->lock == NULL)
+if (mt->lock == NULL) {
+HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
 return 1;   /* failure */
+}
 return 0;   /* success */
 }
 
diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
index 42fdd19..b0f0dd9 100644
--- a/engines/e_chil_err.h
+++ b/engines/e_chil_err.h
@@ -39,6 +39,8 @@ static void ERR_HWCRHK_error(int function, int reason, char 
*file, int line);
 # define HWCRHK_F_HWCRHK_MOD_EXP  107
 # define HWCRHK_F_HWCRHK_RAND_BYTES   108
 # define HWCRHK_F_HWCRHK_RSA_MOD_EXP  109
+# define HWCRHK_F_BIND_HELPER 110
+# define HWCRHK_F_HWCRHK_MUTEX_INIT   111
 
 /* Reason codes. */
 # define HWCRHK_R_ALREADY_LOADED  100
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  57358a83a401ef469353b7ebdae0cf3b870a4d5e (commit)
  from  e51329d3815df95bf0ff66925c3961794f4c66d1 (commit)


- Log -
commit 57358a83a401ef469353b7ebdae0cf3b870a4d5e
Author: Matt Caswell 
Date:   Wed Jun 1 10:48:36 2016 +0100

req command incorrectly displays the bits for an EC key

When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:

 Generating a 2048 bit EC private key

This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.

GitHub Issue #1068

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/req.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index aaca43a..ca8a9af 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -499,8 +499,12 @@ int req_main(int argc, char **argv)
 }
 }
 
-BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
-   newkey, keyalgstr);
+if (pkey_type == EVP_PKEY_EC) {
+BIO_printf(bio_err, "Generating an EC private key\n");
+} else {
+BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+   newkey, keyalgstr);
+}
 
 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
 EVP_PKEY_CTX_set_app_data(genctx, bio_err);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4262 (master - e51329d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #4262
Status: Errored

Duration: 10 minutes and 24 seconds
Commit: e51329d (master)
Author: Matt Caswell
Message: OpenBSD doesn't have ucontext.h so don't try and include it

On OpenBSD we turn off async capabilities due to no ucontext.h.

RT#4379

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/befe31cd3839...e51329d3815d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134403682

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.3580

[AppVeyor]

Build openssl master.3580 completed



Commit 85bbce1c44 by Agarwal Nikhil-B38457 on 6/1/2016 12:19 PM:

Speed.c: Adding support for poll Async engine.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.3579

[AppVeyor]

Build openssl master.3579 failed


Commit 2dfa4c1bae by Agarwal Nikhil-B38457 on 6/1/2016 12:19 PM:

Speed.c: Adding support for poll Async engine.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: 1_0_2_noec #503

[openssl . sanity]

See 

--
Started by upstream project "1_0_2_basic" build number 511
originally caused by:
 Started by timer
Building on master in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from 
https://github.com/openssl/openssl.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:810)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1066)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1097)
at hudson.scm.SCM.checkout(SCM.java:488)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1253)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:622)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:528)
at hudson.model.Run.execute(Run.java:1745)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:89)
at hudson.model.Executor.run(Executor.java:240)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true 
fetch --tags --progress https://github.com/openssl/openssl.git 
+refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://github.com/openssl/openssl.git/': 
Could not resolve host: github.com; Name or service not known

at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1719)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1463)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:808)
... 11 more
ERROR: null

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits