date:20160603

[openssl-commits] Build completed: openssl 1.0.284

2016-06-03 Thread AppVeyor



Build openssl 1.0.284 completed



Commit 398abffab2 by FdaSilvaYY on 6/3/2016 9:27 PM:

Rework error handling from asn1_do_lock method.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.283

2016-06-03 Thread AppVeyor




Build openssl 1.0.283 failed


Commit db7e2bc8a6 by FdaSilvaYY on 6/3/2016 9:21 PM:

Add checks on sk__push return value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4317 (master - f6ce429)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4317
Status: Errored

Duration: 10 minutes and 3 seconds
Commit: f6ce429 (master)
Author: Richard Levitte
Message: Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h

Needed to get size_t on Windows

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/39a470088af6...f6ce42908415

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135166242

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4315 (master - 39a4700)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4315
Status: Errored

Duration: 11 minutes and 11 seconds
Commit: 39a4700 (master)
Author: Matt Caswell
Message: Fix documentation error in x509 app certopt flag

According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/416a5b6c92f9...39a470088af6

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135156588

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1017 (fix_set_dup_exdata - 97bf87a)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1017
Status: Errored

Duration: 10 minutes and 26 seconds
Commit: 97bf87a (fix_set_dup_exdata)
Author: FdaSilvaYY
Message: Fix possible malloc failure inside CRYPTO_dup_ex_data()

Fix related docs.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/4a03bcac98eb...97bf87aeb51b

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135155848

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1016 (crypto-add-checks-on-sk_type_push - 82ba805)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1016
Status: Errored

Duration: 10 minutes and 6 seconds
Commit: 82ba805 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push return value.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/db7e2bc8a670...82ba805db739

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135154400

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Matt Caswell

The branch master has been updated
   via  39a470088af6f833bd1a912908c44bf4a9f48b0c (commit)
  from  416a5b6c92f9f7a664c34a96e63f50c38b7e3291 (commit)


- Log -
commit 39a470088af6f833bd1a912908c44bf4a9f48b0c
Author: Matt Caswell 
Date:   Fri Jun 3 21:49:01 2016 +0100

Fix documentation error in x509 app certopt flag

According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz 

---

Summary of changes:
 doc/apps/x509.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 72ed6cf..4eb1a22 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -655,8 +655,8 @@ hex dump unsupported extensions.
 
 =item B
 
-the value used by the B utility, equivalent to B, B, 
B,
-B, B and B.
+the value used by the B utility, equivalent to B, B,
+B, and B.
 
 =back
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-06-03 Thread Matt Caswell

The branch OpenSSL_1_0_2-stable has been updated
   via  46bad91986eb56f2beb9059e14fb4ee94c3f952a (commit)
  from  96f1de5bf40af27db3df91c106d799fa86165eb9 (commit)


- Log -
commit 46bad91986eb56f2beb9059e14fb4ee94c3f952a
Author: Matt Caswell 
Date:   Fri Jun 3 21:49:01 2016 +0100

Fix documentation error in x509 app certopt flag

According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz 
(cherry picked from commit 39a470088af6f833bd1a912908c44bf4a9f48b0c)

---

Summary of changes:
 doc/apps/x509.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 26f71c8..1479a74 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -642,8 +642,8 @@ hex dump unsupported extensions.
 
 =item B
 
-the value used by the B utility, equivalent to B, B, 
B,
-B, B and B.
+the value used by the B utility, equivalent to B, B,
+B, and B.
 
 =back
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1015 (various-fixes - a104502)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1015
Status: Errored

Duration: 26 minutes and 42 seconds
Commit: a104502 (various-fixes)
Author: FdaSilvaYY
Message: Use directly zalloc in OPENSSL_sk_dup

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/e0c2b7d5f536^...a1045023d21c

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135144317

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1014 (constify - 937a65d)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1014
Status: Errored

Duration: 20 minutes and 5 seconds
Commit: 937a65d (constify)
Author: FdaSilvaYY
Message: Constify X509V3_EXT_*_conf*

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/0b2ef16d8248...937a65d1c4a3

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135143907

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1013 (fix_asn1_do_lock - 398abff)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1013
Status: Errored

Duration: 11 minutes and 33 seconds
Commit: 398abff (fix_asn1_do_lock)
Author: FdaSilvaYY
Message: Rework error handling from asn1_do_lock method.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/76eabf2ac21d...398abffab22b

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135143706

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.278

2016-06-03 Thread AppVeyor




Build openssl 1.0.278 failed


Commit 809d443b63 by FdaSilvaYY on 6/3/2016 8:49 PM:

Add checks on sk__push() returned result


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1012 (crypto-add-checks-on-sk_type_push - db7e2bc)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1012
Status: Errored

Duration: 6 minutes and 34 seconds
Commit: db7e2bc (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/21d0f655a85e...db7e2bc8a670

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135142840

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1011 (ssl-add-checks-on-sk_type_push - 914f62c)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1011
Status: Errored

Duration: 9 minutes and 49 seconds
Commit: 914f62c (ssl-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push() returned result

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/809d443b63cc...914f62cbdd2b

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135142769

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1010 (master - 416a5b6)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1010
Status: Errored

Duration: 10 minutes and 47 seconds
Commit: 416a5b6 (master)
Author: Matt Caswell
Message: BIO_printf() can fail to print the last character

If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/ade82832cd4b...416a5b6c92f9

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135135571

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1009 (master - ade8283)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1009
Status: Errored

Duration: 11 minutes and 0 seconds
Commit: ade8283 (master)
Author: Rich Salz
Message: Remove NOEXIST entries

checkpoint before release.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/45361b1e0eb6...ade82832cd4b

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135135421

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.277

2016-06-03 Thread AppVeyor




Build openssl 1.0.277 failed


Commit 809d443b63 by FdaSilvaYY on 6/3/2016 8:49 PM:

Add checks on sk__push() returned result


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1008 (crypto-add-checks-on-sk_type_push - 21d0f65)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1008
Status: Errored

Duration: 4 minutes and 49 seconds
Commit: 21d0f65 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/crypto-add-checks-on-sk_type_push

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135135082

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1007 (ssl-add-checks-on-sk_type_push - 809d443)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1007
Status: Errored

Duration: 5 minutes and 26 seconds
Commit: 809d443 (ssl-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push() returned result

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/ssl-add-checks-on-sk_type_push

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135134854

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.276

2016-06-03 Thread AppVeyor




Build openssl 1.0.276 failed


Commit 21d0f655a8 by FdaSilvaYY on 6/3/2016 8:37 PM:

Add checks on sk__push return value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1006 (add_sk_push_fixes - 809d443)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1006
Status: Errored

Duration: 5 minutes and 19 seconds
Commit: 809d443 (add_sk_push_fixes)
Author: FdaSilvaYY
Message: Add checks on sk__push() returned result

View the changeset: https://github.com/FdaSilvaYY/openssl/commit/809d443b63cc

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135134272

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1005 (add--check-crypto-sk_type_push - 21d0f65)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1005
Status: Errored

Duration: 4 minutes and 57 seconds
Commit: 21d0f65 (add--check-crypto-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/e46c2dc85a7f...21d0f655a85e

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135131495

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.275

2016-06-03 Thread AppVeyor




Build openssl 1.0.275 failed


Commit e46c2dc85a by FdaSilvaYY on 6/3/2016 7:24 PM:

Add checks on sk__push return value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4312 (master - 416a5b6)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4312
Status: Errored

Duration: 15 minutes and 16 seconds
Commit: 416a5b6 (master)
Author: Matt Caswell
Message: BIO_printf() can fail to print the last character

If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/fa28bfd66fc2...416a5b6c92f9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135116124

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-06-03 Thread Matt Caswell

The branch OpenSSL_1_0_2-stable has been updated
   via  96f1de5bf40af27db3df91c106d799fa86165eb9 (commit)
   via  f3cab0b11ffd1e1816f34a2880493ff1a3313f49 (commit)
  from  782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit)


- Log -
commit 96f1de5bf40af27db3df91c106d799fa86165eb9
Author: Matt Caswell 
Date:   Fri Jun 3 15:53:54 2016 +0100

BIO_printf() can fail to print the last character

If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz 

commit f3cab0b11ffd1e1816f34a2880493ff1a3313f49
Author: Jonas Maebe 
Date:   Sun Dec 8 17:24:18 2013 +0100

cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors

zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/bio/b_print.c  | 12 +---
 crypto/engine/eng_cryptodev.c | 23 ---
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 90248fa..987fe06 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -423,9 +423,15 @@ _dopr(char **sbuffer,
 break;
 }
 }
-*truncated = (currlen > *maxlen - 1);
-if (*truncated)
-currlen = *maxlen - 1;
+/*
+ * We have to truncate if there is no dynamic buffer and we have filled the
+ * static buffer.
+ */
+if (buffer == NULL) {
+*truncated = (currlen > *maxlen - 1);
+if (*truncated)
+currlen = *maxlen - 1;
+}
 if(!doapr_outch(sbuffer, buffer, , maxlen, '\0'))
 return 0;
 *retlen = currlen - 1;
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 8fb9c33..5a2ca6d 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -26,6 +26,7 @@
  *
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -1064,8 +1065,7 @@ static void zapparams(struct crypt_kop *kop)
 int i;
 
 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-if (kop->crk_param[i].crp_p)
-free(kop->crk_param[i].crp_p);
+OPENSSL_free(kop->crk_param[i].crp_p);
 kop->crk_param[i].crp_p = NULL;
 kop->crk_param[i].crp_nbits = 0;
 }
@@ -1078,16 +1078,25 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM 
*r, int slen,
 int fd, ret = -1;
 
 if ((fd = get_asym_dev_crypto()) < 0)
-return (ret);
+return ret;
 
 if (r) {
-kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen);
+if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
+return ret;
+memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen);
 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
 kop->crk_oparams++;
 }
 if (s) {
-kop->crk_param[kop->crk_iparams + 1].crp_p =
-calloc(slen, sizeof(char));
+kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen);
+/* No need to free the kop->crk_iparams parameter if it was allocated,
+ * callers of this routine have to free allocated parameters through
+ * zapparams both in case of success and failure
+ */
+if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
+return ret;
+memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen);
 kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
 kop->crk_oparams++;
 }
@@ -1100,7 +1109,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM 
*r, int slen,
 ret = 0;
 }
 
-return (ret);
+return ret;
 }
 
 static int
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Matt Caswell

The branch master has been updated
   via  416a5b6c92f9f7a664c34a96e63f50c38b7e3291 (commit)
   via  93879f8eedc38b45a30bbd0e7f5863ebfc6d3b86 (commit)
   via  2c4a056f59a6819b8a0d40e3a7e11cf6d35b3e88 (commit)
  from  fa28bfd66fc221e18ee57134e42b54b4012e66db (commit)


- Log -
commit 416a5b6c92f9f7a664c34a96e63f50c38b7e3291
Author: Matt Caswell 
Date:   Fri Jun 3 15:53:54 2016 +0100

BIO_printf() can fail to print the last character

If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz 

commit 93879f8eedc38b45a30bbd0e7f5863ebfc6d3b86
Author: Jonas Maebe 
Date:   Sun Dec 8 17:24:18 2013 +0100

cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors

zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

commit 2c4a056f59a6819b8a0d40e3a7e11cf6d35b3e88
Author: Matt Caswell 
Date:   Fri Jun 3 11:59:19 2016 +0100

Handle a memory allocation failure in ssl3_init_finished_mac()

The ssl3_init_finished_mac() function can fail, in which case we need to
propagate the error up through the stack.

RT#3198

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/bio/b_print.c  | 12 +---
 crypto/engine/eng_cryptodev.c | 19 +--
 include/openssl/ssl.h |  1 +
 ssl/s3_enc.c  | 11 +--
 ssl/ssl_err.c |  1 +
 ssl/ssl_locl.h|  2 +-
 ssl/statem/statem.c   |  8 ++--
 ssl/statem/statem_clnt.c  |  5 -
 ssl/statem/statem_srvr.c  | 11 ---
 9 files changed, 52 insertions(+), 18 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 1b70bac..6808cdc 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -363,9 +363,15 @@ _dopr(char **sbuffer,
 break;
 }
 }
-*truncated = (currlen > *maxlen - 1);
-if (*truncated)
-currlen = *maxlen - 1;
+/*
+ * We have to truncate if there is no dynamic buffer and we have filled the
+ * static buffer.
+ */
+if (buffer == NULL) {
+*truncated = (currlen > *maxlen - 1);
+if (*truncated)
+currlen = *maxlen - 1;
+}
 if(!doapr_outch(sbuffer, buffer, , maxlen, '\0'))
 return 0;
 *retlen = currlen - 1;
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 79a0641..a2acabe 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -1257,8 +1257,7 @@ static void zapparams(struct crypt_kop *kop)
 int i;
 
 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-if (kop->crk_param[i].crp_p)
-free(kop->crk_param[i].crp_p);
+OPENSSL_free(kop->crk_param[i].crp_p);
 kop->crk_param[i].crp_p = NULL;
 kop->crk_param[i].crp_nbits = 0;
 }
@@ -1271,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM 
*r, int slen,
 int fd, ret = -1;
 
 if ((fd = get_asym_dev_crypto()) < 0)
-return (ret);
+return ret;
 
 if (r) {
-kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
+if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
+return ret;
 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
 kop->crk_oparams++;
 }
 if (s) {
 kop->crk_param[kop->crk_iparams + 1].crp_p =
-calloc(slen, sizeof(char));
+OPENSSL_zalloc(slen);
+/* No need to free the kop->crk_iparams parameter if it was allocated,
+ * callers of this routine have to free allocated parameters through
+ * zapparams both in case of success and failure
+ */
+if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
+return ret;
 kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
 kop->crk_oparams++;
 }
@@ -1293,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM 
*r, int slen,
 ret = 0;
 }
 
-return (ret);
+return ret;
 }
 
 static int
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c6c3576..2779fff 100644
---

[openssl-commits] Errored: FdaSilvaYY/openssl#1004 (add--check-crypto-sk_type_push - e46c2dc)

2016-06-03 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1004
Status: Errored

Duration: 4 minutes and 47 seconds
Commit: e46c2dc (add--check-crypto-sk_type_push)
Author: FdaSilvaYY
Message: Add checks on sk__push return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/a182e546c74a^...e46c2dc85a7f

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/135114851

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#4311 (OpenSSL_1_0_2-stable - 782a2be)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4311
Status: Still Failing

Duration: 19 minutes and 43 seconds
Commit: 782a2be (OpenSSL_1_0_2-stable)
Author: Dirk Feytons
Message: Fix build with no-cmac

Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9f9280aa7e69a343f5c824e68466d90

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1155)

View the changeset: 
https://github.com/openssl/openssl/compare/733f72f182f4...782a2be2ed5f

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135083297

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4310 (master - fa28bfd)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4310
Status: Errored

Duration: 23 minutes and 16 seconds
Commit: fa28bfd (master)
Author: Matt Caswell
Message: Update INSTALL instructions

Fill out the INSTALL instructions with more information on Configure
arguments, environment variables and Makefile targets.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/6191fc8634eb...fa28bfd66fc2

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135072842

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4309 (master - 6191fc8)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4309
Status: Errored

Duration: 11 minutes and 31 seconds
Commit: 6191fc8 (master)
Author: Mat
Message: Added define for STATUS_SUCCESS

Use STATUS_SUCCESS instead of 0.
Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with 
other defines.
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1142)

View the changeset: 
https://github.com/openssl/openssl/compare/49c2a00d1427...6191fc8634eb

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135071193

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-06-03 Thread Rich Salz

The branch OpenSSL_1_0_2-stable has been updated
   via  782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit)
  from  733f72f182f420282bc248441cbf34a0f3721e7f (commit)


- Log -
commit 782a2be2ed5f4781d6c90d56ccf4a608b875f325
Author: Dirk Feytons 
Date:   Thu Jun 2 15:31:57 2016 +0200

Fix build with no-cmac

Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9f9280aa7e69a343f5c824e68466d90

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1155)

---

Summary of changes:
 crypto/asn1/ameth_lib.c | 2 ++
 crypto/evp/pmeth_lib.c  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 5389c04..43ddebb 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 _asn1_meth,
 #endif
 _asn1_meth,
+#ifndef OPENSSL_NO_CMAC
 _asn1_meth,
+#endif
 #ifndef OPENSSL_NO_DH
 _asn1_meth
 #endif
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9f81d10..9668b3a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 _pkey_meth,
 #endif
 _pkey_meth,
+#ifndef OPENSSL_NO_CMAC
 _pkey_meth,
+#endif
 #ifndef OPENSSL_NO_DH
 _pkey_meth
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#4307 (OpenSSL_1_0_2-stable - 733f72f)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4307
Status: Still Failing

Duration: 19 minutes and 32 seconds
Commit: 733f72f (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Update CONTRIBUTING

Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/a004e72b9583...733f72f182f4

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135070721

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4306 (master - 49c2a00)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4306
Status: Errored

Duration: 15 minutes and 23 seconds
Commit: 49c2a00 (master)
Author: Matt Caswell
Message: Add a paragraph on documentation to CONTRIBUTING

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/7d6df9e9150a...49c2a00d1427

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135070112

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4305 (master - 7d6df9e)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4305
Status: Errored

Duration: 10 minutes and 54 seconds
Commit: 7d6df9e (master)
Author: Pauli
Message: Fix threading issue that at best will leak memory

The problem is the checking in policy_cache_set, there is a race
condition between the null check and obtaining the lock.  The fix is in
policy_cache_new to detect if the creation has happened already.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/b38c43f7bc47...7d6df9e9150a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135068737

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Matt Caswell

The branch master has been updated
   via  fa28bfd66fc221e18ee57134e42b54b4012e66db (commit)
  from  6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit)


- Log -
commit fa28bfd66fc221e18ee57134e42b54b4012e66db
Author: Matt Caswell 
Date:   Thu Jun 2 20:18:33 2016 +0100

Update INSTALL instructions

Fill out the INSTALL instructions with more information on Configure
arguments, environment variables and Makefile targets.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 INSTALL | 214 +---
 1 file changed, 191 insertions(+), 23 deletions(-)

diff --git a/INSTALL b/INSTALL
index ff134f2..b5cfa71 100644
--- a/INSTALL
+++ b/INSTALL
@@ -77,13 +77,28 @@
  --openssldir depend in what configuration is used and what Windows
  implementation OpenSSL is built on.  More notes on this in NOTES.WIN):
 
-  --prefix=DIR
-   The top of the installation directory tree.  Defaults are:
+  --api=x.y.z
+   Don't build with support for deprecated APIs below the
+   specified version number. For example "--api=1.1.0" will
+   remove support for all APIS that were deprecated in OpenSSL
+   version 1.1.0 or below.
 
-   Unix:   /usr/local
-   Windows:C:\Program Files\OpenSSL
-or C:\Program Files (x86)\OpenSSL
-   OpenVMS:SYS$COMMON:[OPENSSL-'version']
+  --cross-compile-prefix=PREFIX
+   The PREFIX to include in front of commands for your
+   toolchain. For example to build the mingw64 target on Linux
+   you might use "--cross-compile-prefix=x86_64-w64-mingw32-".
+   If the compiler is gcc, then this will attempt to run
+   x86_64-w64-mingw32-gcc when compiling.
+
+  --debug
+   Build OpenSSL with debugging symbols.
+
+  --libdir=DIR
+   The name of the directory under the top of the installation
+   directory tree (see the --prefix option) where libraries 
will
+   be installed. By default this is "lib". Note that on Windows
+   only ".lib" files will be stored in this location. dll files
+   will always be installed to the "bin" directory.
 
   --openssldir=DIR
Directory for OpenSSL configuration files, and also the
@@ -94,16 +109,54 @@
 or C:\Program Files (x86)\Common Files\SSL
OpenVMS:SYS$COMMON:[OPENSSL-COMMON]
 
-  --api=x.y.z
-   Don't build with support for deprecated APIs below the
-   specified version number. For example "--api=1.1.0" will
-   remove support for all APIS that were deprecated in OpenSSL
-   version 1.1.0 or below.
+  --prefix=DIR
+   The top of the installation directory tree.  Defaults are:
+
+   Unix:   /usr/local
+   Windows:C:\Program Files\OpenSSL
+or C:\Program Files (x86)\OpenSSL
+   OpenVMS:SYS$COMMON:[OPENSSL-'version']
+
+  --release
+   Build OpenSSL without debugging symbols. This is the 
default.
+
+  --strict-warnings
+   This is a developer flag that switches on various compiler
+   options recommended for OpenSSL development. It only works
+   when using gcc or clang as the compiler. If you are
+   developing a patch for OpenSSL then it is recommended that
+   you use this option where possible.
+
+  --with-zlib-include=DIR
+   The directory for the location of the zlib include file. 
This
+   option is only necessary if enable-zlib (see below) is used
+   and the include file is not already on the system include
+   path.
+
+  --with-zlib-lib=LIB
+   On Unix: this is the directory containing the zlib library.
+   If not provided the system library path will be used.
+   On Windows: this is the filename of the zlib library (with 
or
+   without a path). This flag must be provided if the
+   zlib-dynamic option is not also used. If zlib-dynamic is 
used
+   then this flag is optional and a default value ("ZLIB1") is
+   used if not provided. 
+   On VMS: this is the filename of the zlib library (with or
+   without a path). This flag is optional and if not provided
+   then "GNV$LIBZSHR",

[openssl-commits] [openssl] master update

2016-06-03 Thread Rich Salz

The branch master has been updated
   via  6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit)
   via  e56f956ef1347b8eb9024471f4fa16691cf8e3ea (commit)
   via  0814afcfa46039c8f27739dbe6a355b731f34608 (commit)
   via  fa64e63373fbc845a39907407ad990a6bbb84174 (commit)
  from  49c2a00d1427b84bd851125740f493d1822e6fbc (commit)


- Log -
commit 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981
Author: Mat 
Date:   Thu Jun 2 23:38:56 2016 +0200

Added define for STATUS_SUCCESS

Use STATUS_SUCCESS instead of 0.
Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions 
with other defines.
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1142)

commit e56f956ef1347b8eb9024471f4fa16691cf8e3ea
Author: Mat 
Date:   Sun May 29 20:44:27 2016 +0200

Adds casts for 64-bit

Adds missing casts for 64-bit.
Removed zero initialization of hProvider. hProvider is an "out" parameter 
of CryptAcquireContextW.
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1142)

commit 0814afcfa46039c8f27739dbe6a355b731f34608
Author: Mat 
Date:   Sun May 29 20:38:37 2016 +0200

Define USE_BCRYPT

Define USE_BCRYPT
Removed _WIN32_WINNT define
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1142)

commit fa64e63373fbc845a39907407ad990a6bbb84174
Author: Mat 
Date:   Sun May 29 20:23:22 2016 +0200

Use BCryptGenRandom on Windows 7 or higher

When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), 
BCryptGenRandom is used instead of the legacy CryptoAPI.

This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically 
loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl 
(CryptGenRandom is not available for Windows store apps)
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1142)

---

Summary of changes:
 crypto/rand/rand_win.c | 33 +
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 46cbe14..c5d0aa1 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -13,31 +13,47 @@
 
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include 
-# ifndef _WIN32_WINNT
-#  define _WIN32_WINNT 0x0400
+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+#  define RAND_WINDOWS_USE_BCRYPT
 # endif
-# include 
 
+# ifdef RAND_WINDOWS_USE_BCRYPT
+#  include 
+#  pragma comment(lib, "bcrypt.lib")
+#  ifndef STATUS_SUCCESS
+#   define STATUS_SUCCESS ((NTSTATUS)0xL)
+#  endif
+# else
+#  include 
 /*
  * Intel hardware RNG CSP -- available from
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
-# define PROV_INTEL_SEC 22
-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
 
 static void readtimer(void);
 
 int RAND_poll(void)
 {
 MEMORYSTATUS mst;
-HCRYPTPROV hProvider = 0;
+# ifndef RAND_WINDOWS_USE_BCRYPT
+HCRYPTPROV hProvider;
+# endif
 DWORD w;
 BYTE buf[64];
 
+# ifdef RAND_WINDOWS_USE_BCRYPT
+if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), 
BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
+RAND_add(buf, sizeof(buf), sizeof(buf));
+}
+# else
 /* poll the CryptoAPI PRNG */
 /* The CryptoAPI returns sizeof(buf) bytes of randomness */
 if (CryptAcquireContextW(, NULL, NULL, PROV_RSA_FULL, 
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
 RAND_add(buf, sizeof(buf), sizeof(buf));
 }
 CryptReleaseContext(hProvider, 0);
@@ -45,11 +61,12 @@ int RAND_poll(void)
 
 /* poll the Pentium PRG with CryptoAPI */
 if (CryptAcquireContextW(, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, 
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
 RAND_add(buf, sizeof(buf),

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-06-03 Thread Matt Caswell

The branch OpenSSL_1_0_1-stable has been updated
   via  ac29a0fed67ea1aeba71bad91f48593b644db4fd (commit)
  from  6f35f6deb5ca7daebe289f86477e061ce3ee5f46 (commit)


- Log -
commit ac29a0fed67ea1aeba71bad91f48593b644db4fd
Author: Matt Caswell 
Date:   Fri Jun 3 17:12:08 2016 +0100

Update CONTRIBUTING

Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CONTRIBUTING | 25 -
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 1bfbc1b..07115e5 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,11 +1,11 @@
 HOW TO CONTRIBUTE TO PATCHES OpenSSL
 
 
-(Please visit https://openssl.org/community/getting-started.html for
+(Please visit https://www.openssl.org/community/getting-started.html for
 other ideas about how to contribute.)
 
 Development is coordinated on the openssl-dev mailing list (see the
-above link or http://mta.openssl.org for information on subscribing).
+above link or https://mta.openssl.org for information on subscribing).
 If you are unsure as to whether a feature will be useful for the general
 OpenSSL community you might want to discuss it on the openssl-dev mailing
 list first.  Someone may be already working on the same thing or there
@@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on 
GitHub.
 If you think the patch could use feedback from the community, please
 start a thread on openssl-dev.
 
-You can also submit patches by sending it as mail to rt@opensslorg.
+You can also submit patches by sending it as mail to r...@openssl.org.
 Please include the word "PATCH" and an explanation of what the patch
 does in the subject line.  If you do this, our preferred format is "git
 format-patch" output. For example to provide a patch file containing the
@@ -42,7 +42,7 @@ the acceptance and review process faster:
 
 1. Anything other than trivial contributions will require a contributor
 licensing agreement, giving us permission to use your code. See
-https://openssl.org/policies/cla.html for details.
+https://www.openssl.org/policies/cla.html for details.
 
 2.  All source files should start with the following text (with
 appropriate comment characters at the start of each line and the
@@ -56,13 +56,20 @@ the acceptance and review process faster:
 https://www.openssl.org/source/license.html
 
 3.  Patches should be as current as possible.  When using GitHub, please
-expect to have to rebase and update often.
+expect to have to rebase and update often. Note that we do not accept merge
+commits. You will be asked to remove them before a patch is considered
+acceptable.
 
-3.  Patches should follow our coding style (see
+4.  Patches should follow our coding style (see
 https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many
-varied platforms: try to ensure you only use portable features.
+warnings. Where gcc or clang is availble you should use the
+--strict-warnings Configure option.  OpenSSL compiles on many varied
+platforms: try to ensure you only use portable features.
 
-4.  When at all possible, patches should include tests. These can either be
+5.  When at all possible, patches should include tests. These can either be
 added to an existing test, or completely new.  Please see test/README
 for information on the test framework.
+
+6.  New features or changed functionality must include documentation. 
Please
+look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+our style.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-06-03 Thread Matt Caswell

The branch OpenSSL_1_0_2-stable has been updated
   via  733f72f182f420282bc248441cbf34a0f3721e7f (commit)
  from  a004e72b95835136d3f1ea90517f706c24c03da7 (commit)


- Log -
commit 733f72f182f420282bc248441cbf34a0f3721e7f
Author: Matt Caswell 
Date:   Fri Jun 3 17:12:08 2016 +0100

Update CONTRIBUTING

Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CONTRIBUTING | 25 -
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 1bfbc1b..07115e5 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,11 +1,11 @@
 HOW TO CONTRIBUTE TO PATCHES OpenSSL
 
 
-(Please visit https://openssl.org/community/getting-started.html for
+(Please visit https://www.openssl.org/community/getting-started.html for
 other ideas about how to contribute.)
 
 Development is coordinated on the openssl-dev mailing list (see the
-above link or http://mta.openssl.org for information on subscribing).
+above link or https://mta.openssl.org for information on subscribing).
 If you are unsure as to whether a feature will be useful for the general
 OpenSSL community you might want to discuss it on the openssl-dev mailing
 list first.  Someone may be already working on the same thing or there
@@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on 
GitHub.
 If you think the patch could use feedback from the community, please
 start a thread on openssl-dev.
 
-You can also submit patches by sending it as mail to rt@opensslorg.
+You can also submit patches by sending it as mail to r...@openssl.org.
 Please include the word "PATCH" and an explanation of what the patch
 does in the subject line.  If you do this, our preferred format is "git
 format-patch" output. For example to provide a patch file containing the
@@ -42,7 +42,7 @@ the acceptance and review process faster:
 
 1. Anything other than trivial contributions will require a contributor
 licensing agreement, giving us permission to use your code. See
-https://openssl.org/policies/cla.html for details.
+https://www.openssl.org/policies/cla.html for details.
 
 2.  All source files should start with the following text (with
 appropriate comment characters at the start of each line and the
@@ -56,13 +56,20 @@ the acceptance and review process faster:
 https://www.openssl.org/source/license.html
 
 3.  Patches should be as current as possible.  When using GitHub, please
-expect to have to rebase and update often.
+expect to have to rebase and update often. Note that we do not accept merge
+commits. You will be asked to remove them before a patch is considered
+acceptable.
 
-3.  Patches should follow our coding style (see
+4.  Patches should follow our coding style (see
 https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many
-varied platforms: try to ensure you only use portable features.
+warnings. Where gcc or clang is availble you should use the
+--strict-warnings Configure option.  OpenSSL compiles on many varied
+platforms: try to ensure you only use portable features.
 
-4.  When at all possible, patches should include tests. These can either be
+5.  When at all possible, patches should include tests. These can either be
 added to an existing test, or completely new.  Please see test/README
 for information on the test framework.
+
+6.  New features or changed functionality must include documentation. 
Please
+look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+our style.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Matt Caswell

The branch master has been updated
   via  49c2a00d1427b84bd851125740f493d1822e6fbc (commit)
   via  4d6013c762dcd8d1eb7d481b7d6df6b5433818fe (commit)
   via  073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2 (commit)
   via  8c4f8039df25c930f9120eca4ccd9cfd225ad7ef (commit)
   via  75737d4fcd19974dc7b21fa790836435dafb294c (commit)
   via  26dee42d6ac6770d6ccdff59500f1619eb486cf0 (commit)
  from  7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit)


- Log -
commit 49c2a00d1427b84bd851125740f493d1822e6fbc
Author: Matt Caswell 
Date:   Fri Jun 3 10:51:13 2016 +0100

Add a paragraph on documentation to CONTRIBUTING

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 4d6013c762dcd8d1eb7d481b7d6df6b5433818fe
Author: Matt Caswell 
Date:   Fri Jun 3 10:42:20 2016 +0100

Further update CONTRIBUTING

Tweak to the wording on merge commits.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2
Author: Matt Caswell 
Date:   Thu Jun 2 11:09:13 2016 +0100

Tweaks to NOTES.PERL

Fix some typos and other minor amendments to NOTES.PERL.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 8c4f8039df25c930f9120eca4ccd9cfd225ad7ef
Author: Matt Caswell 
Date:   Thu Jun 2 11:03:45 2016 +0100

Update NOTES.WIN

Make the recommendation for MSYS perl in an MSYS environment more forceful.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 75737d4fcd19974dc7b21fa790836435dafb294c
Author: Matt Caswell 
Date:   Thu Jun 2 11:03:10 2016 +0100

Update CONTRIBUTING

Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 26dee42d6ac6770d6ccdff59500f1619eb486cf0
Author: Matt Caswell 
Date:   Thu Jun 2 11:01:32 2016 +0100

Bring the README file up to date

The README file was a little out of date so needed a refresh

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 CONTRIBUTING | 25 -
 NOTES.PERL   |  9 +
 NOTES.WIN|  2 +-
 README   | 34 --
 4 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 1bfbc1b..07115e5 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,11 +1,11 @@
 HOW TO CONTRIBUTE TO PATCHES OpenSSL
 
 
-(Please visit https://openssl.org/community/getting-started.html for
+(Please visit https://www.openssl.org/community/getting-started.html for
 other ideas about how to contribute.)
 
 Development is coordinated on the openssl-dev mailing list (see the
-above link or http://mta.openssl.org for information on subscribing).
+above link or https://mta.openssl.org for information on subscribing).
 If you are unsure as to whether a feature will be useful for the general
 OpenSSL community you might want to discuss it on the openssl-dev mailing
 list first.  Someone may be already working on the same thing or there
@@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on 
GitHub.
 If you think the patch could use feedback from the community, please
 start a thread on openssl-dev.
 
-You can also submit patches by sending it as mail to rt@opensslorg.
+You can also submit patches by sending it as mail to r...@openssl.org.
 Please include the word "PATCH" and an explanation of what the patch
 does in the subject line.  If you do this, our preferred format is "git
 format-patch" output. For example to provide a patch file containing the
@@ -42,7 +42,7 @@ the acceptance and review process faster:
 
 1. Anything other than trivial contributions will require a contributor
 licensing agreement, giving us permission to use your code. See
-https://openssl.org/policies/cla.html for details.
+https://www.openssl.org/policies/cla.html for details.
 
 2.  All source files should start with the following text (with
 appropriate comment characters at the start of each line and the
@@ -56,13 +56,20 @@ the acceptance and review process faster:
 https://www.openssl.org/source/license.html
 
 3.  Patches should be as current as possible.  When using GitHub, please
-expect to have to rebase and update often.
+expect to have to rebase and update often. Note that we do not accept merge
+commits. You will be asked to remove them before a

[openssl-commits] [openssl] master update

2016-06-03 Thread Rich Salz

The branch master has been updated
   via  7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit)
  from  b38c43f7bc474c369ed652b19360ec90458be516 (commit)


- Log -
commit 7d6df9e9150abc8e0d8f88b02159261e37eea167
Author: Pauli 
Date:   Fri Jun 3 10:52:32 2016 -0400

Fix threading issue that at best will leak memory

The problem is the checking in policy_cache_set, there is a race
condition between the null check and obtaining the lock.  The fix is in
policy_cache_new to detect if the creation has happened already.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/x509v3/pcy_cache.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index e254142..a9ee30a 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -78,6 +78,9 @@ static int policy_cache_new(X509 *x)
 CERTIFICATEPOLICIES *ext_cpols = NULL;
 POLICY_MAPPINGS *ext_pmaps = NULL;
 int i;
+
+if (x->policy_cache != NULL)
+return 1;
 cache = OPENSSL_malloc(sizeof(*cache));
 if (cache == NULL)
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.3616

2016-06-03 Thread AppVeyor




Build openssl master.3616 failed


Commit e1a7a5e9c7 by Alfred E. Heggestad on 6/3/2016 12:58 PM:

dtls: add callback for setting timeout value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4298 (master - b38c43f)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4298
Status: Errored

Duration: 11 minutes and 50 seconds
Commit: b38c43f (master)
Author: Richard Levitte
Message: tests: clean up temporary SSL session files.

RT#4557

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/4a2c4c1ab81b...b38c43f7bc47

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/135025978

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Richard Levitte

The branch master has been updated
   via  b38c43f7bc474c369ed652b19360ec90458be516 (commit)
  from  4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit)


- Log -
commit b38c43f7bc474c369ed652b19360ec90458be516
Author: Richard Levitte 
Date:   Fri Jun 3 13:56:20 2016 +0200

tests: clean up temporary SSL session files.

RT#4557

Reviewed-by: Rich Salz 

---

Summary of changes:
 test/recipes/70-test_sslsessiontick.t |  9 ++---
 test/recipes/70-test_tlsextms.t   | 15 ++-
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/test/recipes/70-test_sslsessiontick.t 
b/test/recipes/70-test_sslsessiontick.t
index c30ac44..aeed99c 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -75,7 +75,7 @@ checkmessages(3, "No client support session ticket test", 0, 
0, 0, 1);
 #Expected result: ClientHello extension seen; ServerHello extension not seen
 # NewSessionTicket message not seen; Abbreviated handshake
 clearall();
-(my $fh, my $session) = tempfile();
+(undef, my $session) = tempfile();
 $proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session);
 $proxy->start();
@@ -83,12 +83,13 @@ $proxy->clearClient();
 $proxy->clientflags("-sess_in ".$session);
 $proxy->clientstart();
 checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
+unlink $session;
 
 #Test 5: Test session resumption with ticket capable client without a ticket
 #Expected result: ClientHello extension seen; ServerHello extension seen
 # NewSessionTicket message seen; Abbreviated handshake
 clearall();
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
 $proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session." -no_ticket");
 $proxy->start();
@@ -97,6 +98,7 @@ $proxy->clientflags("-sess_in ".$session);
 $proxy->clientstart();
 checkmessages(5, "Session resumption with ticket capable client without a "
  ."ticket", 1, 1, 1, 0);
+unlink $session;
 
 #Test 6: Client accepts empty ticket.
 #Expected result: ClientHello extension seen; ServerHello extension seen;
@@ -108,7 +110,7 @@ checkmessages(6, "Empty ticket test",  1, 1, 1, 1);
 
 #Test 7-8: Client keeps existing ticket on empty ticket.
 clearall();
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
 $proxy->serverconnects(3);
 $proxy->filter(undef);
 $proxy->clientflags("-sess_out ".$session);
@@ -127,6 +129,7 @@ $proxy->clientstart();
 #Expected result: ClientHello extension seen; ServerHello extension not seen;
 # NewSessionTicket message not seen; Abbreviated handshake.
 checkmessages(8, "Empty ticket resumption test",  1, 0, 0, 0);
+unlink $session;
 
 #Test 9: Bad server sends the ServerHello extension but does not send a
 #NewSessionTicket
diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
index 6cc04ff..25cc627 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -91,7 +91,7 @@ checkmessages(2, "No ticket, no client extension extended 
master secret test", 0
 
 clearall();
 setrmextms(0, 0);
-(my $fh, my $session) = tempfile();
+(undef, my $session) = tempfile();
 $proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session);
 $proxy->start();
@@ -99,6 +99,7 @@ $proxy->clearClient();
 $proxy->clientflags("-sess_in ".$session);
 $proxy->clientstart();
 checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
+unlink $session;
 
 #Test 6: Session resumption extended master secret test original session
 # omits extension. Server must not resume session.
@@ -107,7 +108,7 @@ checkmessages(5, "Session resumption extended master secret 
test", 1, 1, 0);
 
 clearall();
 setrmextms(1, 0);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
 $proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session);
 $proxy->start();
@@ -116,6 +117,7 @@ $proxy->clientflags("-sess_in ".$session);
 setrmextms(0, 0);
 $proxy->clientstart();
 checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
+unlink $session;
 
 #Test 7: Session resumption extended master secret test resumed session
 # omits client extension. Server must abort connection.
@@ -123,7 +125,7 @@ checkmessages(6, "Session resumption extended master secret 
test", 1, 1, 1);
 
 clearall();
 setrmextms(0, 0);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
 $proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session);
 $proxy->start();
@@ -132,6 +134,7 @@ $proxy->clientflags("-sess_in ".$session);
 setrmextms(1, 0);
 $proxy->clientstart();
 ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
+unlink $session;
 
 #Test 8: Session resumption extended master secret test resumed

[openssl-commits] [openssl] master update

2016-06-03 Thread Ben Laurie

The branch master has been updated
   via  4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit)
   via  75a112295d615ec6baa9e4da6eb4e82a4ce8b40b (commit)
   via  e298cb10feab3115b6da189a0f569e24b4f6c2a9 (commit)
   via  e78fadede267e3627ac85b3707a773b3b51e8f46 (commit)
  from  63936115e8e70ac36fc865ea32830dc93a7a5157 (commit)


- Log -
commit 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a
Author: Ben Laurie 
Date:   Fri Jun 3 11:07:42 2016 +0100

Add ct fuzzer.

Reviewed-by: Rich Salz 

commit 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b
Author: Ben Laurie 
Date:   Thu May 12 10:39:43 2016 +0100

Linkify libfuzzer.

Reviewed-by: Rich Salz 

commit e298cb10feab3115b6da189a0f569e24b4f6c2a9
Author: Ben Laurie 
Date:   Wed May 11 16:07:14 2016 +0100

Fuzz everything with every input.

Reviewed-by: Rich Salz 

commit e78fadede267e3627ac85b3707a773b3b51e8f46
Author: Ben Laurie 
Date:   Sat May 7 18:58:44 2016 +0100

Sort.

Reviewed-by: Rich Salz 

---

Summary of changes:
 .gitignore   |  2 ++
 fuzz/README.md   |  2 +-
 fuzz/asn1.c  | 92 ++--
 fuzz/build.info  | 26 ---
 fuzz/{cms.c => ct.c} | 14 
 5 files changed, 62 insertions(+), 74 deletions(-)
 copy fuzz/{cms.c => ct.c} (63%)

diff --git a/.gitignore b/.gitignore
index 2f99952..508fe0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,6 +63,7 @@ Makefile
 /fuzz/bndiv
 /fuzz/conf
 /fuzz/cms
+/fuzz/ct
 /fuzz/server
 /fuzz/x509
 /test/sha256t
@@ -85,6 +86,7 @@ Makefile
 *.dylib*
 *.dll*
 *.exe
+*.pyc
 # Exceptions
 !/test/bctest
 !/crypto/des/times/486-50.sol
diff --git a/fuzz/README.md b/fuzz/README.md
index 948590d..9b6d7d7 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -1,6 +1,6 @@
 # I Can Haz Fuzz?
 
-Or, how to fuzz OpenSSL with libfuzzer.
+Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
 
 Starting from a vanilla+OpenSSH server Ubuntu install.
 
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index fc129a8..fdf4c5e 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -26,61 +26,45 @@
 #include 
 #include "fuzzer.h"
 
-static const ASN1_ITEM *item_type;
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-const char *cmd;
-OPENSSL_assert(*argc > 1);
-
-cmd = (*argv)[1];
-(*argv)[1] = (*argv)[0];
-++*argv;
---*argc;
-
-// TODO: make this work like d2i_test.c does, once its decided what the
-// common scheme is!
-#define Y(t)  if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t)
-#define X(t)  else Y(t)
-
-Y(ASN1_SEQUENCE);
-X(AUTHORITY_INFO_ACCESS);
-X(BIGNUM);
-X(ECPARAMETERS);
-X(ECPKPARAMETERS);
-X(GENERAL_NAME);
-X(GENERAL_SUBTREE);
-X(NAME_CONSTRAINTS);
-X(OCSP_BASICRESP);
-X(OCSP_RESPONSE);
-X(PKCS12);
-X(PKCS12_AUTHSAFES);
-X(PKCS12_SAFEBAGS);
-X(PKCS7);
-X(PKCS7_ATTR_SIGN);
-X(PKCS7_ATTR_VERIFY);
-X(PKCS7_DIGEST);
-X(PKCS7_ENC_CONTENT);
-X(PKCS7_ENCRYPT);
-X(PKCS7_ENVELOPE);
-X(PKCS7_RECIP_INFO);
-X(PKCS7_SIGN_ENVELOPE);
-X(PKCS7_SIGNED);
-X(PKCS7_SIGNER_INFO);
-X(POLICY_CONSTRAINTS);
-X(POLICY_MAPPINGS);
-X(SXNET);
-//X(TS_RESP);  want to do this, but type is hidden, however d2i exists...
-X(X509);
-X(X509_CRL);
-else
-OPENSSL_assert(!"Bad type");
-
-return 0;
-}
+static const ASN1_ITEM *item_type[] = {
+ASN1_ITEM_rptr(ASN1_SEQUENCE),
+ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),
+ASN1_ITEM_rptr(BIGNUM),
+ASN1_ITEM_rptr(ECPARAMETERS),
+ASN1_ITEM_rptr(ECPKPARAMETERS),
+ASN1_ITEM_rptr(GENERAL_NAME),
+ASN1_ITEM_rptr(GENERAL_SUBTREE),
+ASN1_ITEM_rptr(NAME_CONSTRAINTS),
+ASN1_ITEM_rptr(OCSP_BASICRESP),
+ASN1_ITEM_rptr(OCSP_RESPONSE),
+ASN1_ITEM_rptr(PKCS12),
+ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+ASN1_ITEM_rptr(PKCS7),
+ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),
+ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),
+ASN1_ITEM_rptr(PKCS7_DIGEST),
+ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),
+ASN1_ITEM_rptr(PKCS7_ENCRYPT),
+ASN1_ITEM_rptr(PKCS7_ENVELOPE),
+ASN1_ITEM_rptr(PKCS7_RECIP_INFO),
+ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),
+ASN1_ITEM_rptr(PKCS7_SIGNED),
+ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),
+ASN1_ITEM_rptr(POLICY_CONSTRAINTS),
+ASN1_ITEM_rptr(POLICY_MAPPINGS),
+ASN1_ITEM_rptr(SXNET),
+//ASN1_ITEM_rptr(TS_RESP),  want to do this, but type is hidden, however 
d2i exists...
+ASN1_ITEM_rptr(X509),
+ASN1_ITEM_rptr(X509_CRL),
+NULL
+};
 
 int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
-const uint8_t *b = buf;
-ASN1_VALUE *o =

[openssl-commits] Errored: openssl/openssl#4294 (master - 6393611)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4294
Status: Errored

Duration: 10 minutes and 25 seconds
Commit: 6393611 (master)
Author: Emilia Kasper
Message: Update client authentication tests

Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/66bceb5f19d8...63936115e8e7

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134985151

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Emilia Kasper

The branch master has been updated
   via  63936115e8e70ac36fc865ea32830dc93a7a5157 (commit)
  from  66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit)


- Log -
commit 63936115e8e70ac36fc865ea32830dc93a7a5157
Author: Emilia Kasper 
Date:   Tue May 31 16:42:58 2016 +0200

Update client authentication tests

Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.

Reviewed-by: Rich Salz 

---

Summary of changes:
 test/certs/{ee-client.pem => ee-client-chain.pem} |  18 +
 test/recipes/80-test_ssl_new.t|   2 +-
 test/recipes/80-test_ssl_old.t|  89 ++--
 test/ssl-tests/04-client_auth.conf| 602 ++
 test/ssl-tests/04-client_auth.conf.in | 109 
 5 files changed, 759 insertions(+), 61 deletions(-)
 copy test/certs/{ee-client.pem => ee-client-chain.pem} (51%)
 create mode 100644 test/ssl-tests/04-client_auth.conf
 create mode 100644 test/ssl-tests/04-client_auth.conf.in

diff --git a/test/certs/ee-client.pem b/test/certs/ee-client-chain.pem
similarity index 51%
copy from test/certs/ee-client.pem
copy to test/certs/ee-client-chain.pem
index a6105b2..27652fa 100644
--- a/test/certs/ee-client.pem
+++ b/test/certs/ee-client-chain.pem
@@ -17,3 +17,21 @@ 
A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
 VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
 n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
 -END CERTIFICATE-
+-BEGIN CERTIFICATE-
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
+-END CERTIFICATE-
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 2bce02a..d432d1a 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -42,7 +42,7 @@ foreach my $conf (@conf_files) {
 
 # We hard-code the number of tests to double-check that the globbing above
 # finds all files as expected.
-plan tests => 3;  # = scalar @conf_srcs
+plan tests => 4;  # = scalar @conf_srcs
 
 sub test_conf {
 plan tests => 3;
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index b41e67a..74d4360 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -311,11 +311,8 @@ sub testss {
 }
 
 sub testssl {
-my $key = shift || bldtop_file("apps","server.pem");
-my $cert = shift || bldtop_file("apps","server.pem");
-my $CAtmp = shift;
+my ($key, $cert, $CAtmp) = @_;
 my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
-my @extra = @_;
 
 my @ssltest = ("ssltest_old",
   "-s_key", $key, "-s_cert", $cert,
@@ -334,47 +331,19 @@ sub testssl {
 
 subtest 'standard SSL tests' => sub {
##
-   plan tests => 29;
+plan tests => 21;
 
   SKIP: {
  skip "SSLv3 is not supported by this OpenSSL build", 4
  if disabled("ssl3");
 
- ok(run(test([@ssltest, "-ssl3", @extra])),
-'test sslv3');
- ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])),
-'test sslv3 with server authentication');
- ok(run(test([@ssltest, "-ssl3", "-client_auth", @CA, @extra])),
-'test sslv3 with client authentication');
- ok(run(test([@ssltest, "-ssl3", "-server_auth", "-client_auth", @CA, 
@extra])),
-'test sslv3 with both server and client authentication');
-   }
-
-  SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL 
build", 4
- if $no_anytls;
-
- ok(run(test([@ssltest, @extra])),

[openssl-commits] Build completed: openssl master.3612

2016-06-03 Thread AppVeyor



Build openssl master.3612 completed



Commit 66bceb5f19 by Andy Polyakov on 6/3/2016 8:23 AM:

chacha/chacha_enc.c: harmonize counter width with subroutine name.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#4293 (master - 66bceb5)

2016-06-03 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4293
Status: Errored

Duration: 14 minutes and 6 seconds
Commit: 66bceb5 (master)
Author: Andy Polyakov
Message: chacha/chacha_enc.c: harmonize counter width with subroutine name.

_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.

RT#4512

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/b1ffe8dbeef2...66bceb5f19d8

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/134966188

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-03 Thread Andy Polyakov

The branch master has been updated
   via  66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit)
  from  b1ffe8dbeef2e233707a78847494769cbe305821 (commit)


- Log -
commit 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4
Author: Andy Polyakov 
Date:   Wed Apr 27 15:07:32 2016 +0200

chacha/chacha_enc.c: harmonize counter width with subroutine name.

_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.

RT#4512

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/chacha/chacha_enc.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
index 13720d0..239f68a 100644
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -110,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned 
char *inp,
 inp += todo;
 len -= todo;
 
-/* advance counter */
-if (++input[12] == 0)
-input[13]++;
+/*
+ * Advance 32-bit counter. Note that as subroutine is so to
+ * say nonce-agnostic, this limited counter width doesn't
+ * prevent caller from implementing wider counter. It would
+ * simply take two calls split on counter overflow...
+ */
+input[12]++;
 }
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

49 matches

Mail list logo