[openssl-commits] Build completed: openssl 1.0.284
Build openssl 1.0.284 completed Commit 398abffab2 by FdaSilvaYY on 6/3/2016 9:27 PM: Rework error handling from asn1_do_lock method. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.283
Build openssl 1.0.283 failed Commit db7e2bc8a6 by FdaSilvaYY on 6/3/2016 9:21 PM: Add checks on sk__push return value Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4317 (master - f6ce429)
Build Update for openssl/openssl - Build: #4317 Status: Errored Duration: 10 minutes and 3 seconds Commit: f6ce429 (master) Author: Richard Levitte Message: Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h Needed to get size_t on Windows Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/39a470088af6...f6ce42908415 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135166242 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4315 (master - 39a4700)
Build Update for openssl/openssl - Build: #4315 Status: Errored Duration: 11 minutes and 11 seconds Commit: 39a4700 (master) Author: Matt Caswell Message: Fix documentation error in x509 app certopt flag According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/416a5b6c92f9...39a470088af6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135156588 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1017 (fix_set_dup_exdata - 97bf87a)
Build Update for FdaSilvaYY/openssl - Build: #1017 Status: Errored Duration: 10 minutes and 26 seconds Commit: 97bf87a (fix_set_dup_exdata) Author: FdaSilvaYY Message: Fix possible malloc failure inside CRYPTO_dup_ex_data() Fix related docs. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/4a03bcac98eb...97bf87aeb51b View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135155848 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1016 (crypto-add-checks-on-sk_type_push - 82ba805)
Build Update for FdaSilvaYY/openssl - Build: #1016 Status: Errored Duration: 10 minutes and 6 seconds Commit: 82ba805 (crypto-add-checks-on-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push return value. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/db7e2bc8a670...82ba805db739 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135154400 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 39a470088af6f833bd1a912908c44bf4a9f48b0c (commit) from 416a5b6c92f9f7a664c34a96e63f50c38b7e3291 (commit) - Log - commit 39a470088af6f833bd1a912908c44bf4a9f48b0c Author: Matt CaswellDate: Fri Jun 3 21:49:01 2016 +0100 Fix documentation error in x509 app certopt flag According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich Salz --- Summary of changes: doc/apps/x509.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 72ed6cf..4eb1a22 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -655,8 +655,8 @@ hex dump unsupported extensions. =item B -the value used by the B utility, equivalent to B, B, B, -B, B and B. +the value used by the B utility, equivalent to B, B, +B, and B. =back _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 46bad91986eb56f2beb9059e14fb4ee94c3f952a (commit) from 96f1de5bf40af27db3df91c106d799fa86165eb9 (commit) - Log - commit 46bad91986eb56f2beb9059e14fb4ee94c3f952a Author: Matt CaswellDate: Fri Jun 3 21:49:01 2016 +0100 Fix documentation error in x509 app certopt flag According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich Salz (cherry picked from commit 39a470088af6f833bd1a912908c44bf4a9f48b0c) --- Summary of changes: doc/apps/x509.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 26f71c8..1479a74 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -642,8 +642,8 @@ hex dump unsupported extensions. =item B -the value used by the B utility, equivalent to B, B, B, -B, B and B. +the value used by the B utility, equivalent to B, B, +B, and B. =back _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1015 (various-fixes - a104502)
Build Update for FdaSilvaYY/openssl - Build: #1015 Status: Errored Duration: 26 minutes and 42 seconds Commit: a104502 (various-fixes) Author: FdaSilvaYY Message: Use directly zalloc in OPENSSL_sk_dup View the changeset: https://github.com/FdaSilvaYY/openssl/compare/e0c2b7d5f536^...a1045023d21c View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135144317 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1014 (constify - 937a65d)
Build Update for FdaSilvaYY/openssl - Build: #1014 Status: Errored Duration: 20 minutes and 5 seconds Commit: 937a65d (constify) Author: FdaSilvaYY Message: Constify X509V3_EXT_*_conf* View the changeset: https://github.com/FdaSilvaYY/openssl/compare/0b2ef16d8248...937a65d1c4a3 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135143907 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1013 (fix_asn1_do_lock - 398abff)
Build Update for FdaSilvaYY/openssl - Build: #1013 Status: Errored Duration: 11 minutes and 33 seconds Commit: 398abff (fix_asn1_do_lock) Author: FdaSilvaYY Message: Rework error handling from asn1_do_lock method. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/76eabf2ac21d...398abffab22b View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135143706 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.278
Build openssl 1.0.278 failed Commit 809d443b63 by FdaSilvaYY on 6/3/2016 8:49 PM: Add checks on sk__push() returned result Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1012 (crypto-add-checks-on-sk_type_push - db7e2bc)
Build Update for FdaSilvaYY/openssl - Build: #1012 Status: Errored Duration: 6 minutes and 34 seconds Commit: db7e2bc (crypto-add-checks-on-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/21d0f655a85e...db7e2bc8a670 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135142840 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1011 (ssl-add-checks-on-sk_type_push - 914f62c)
Build Update for FdaSilvaYY/openssl - Build: #1011 Status: Errored Duration: 9 minutes and 49 seconds Commit: 914f62c (ssl-add-checks-on-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push() returned result View the changeset: https://github.com/FdaSilvaYY/openssl/compare/809d443b63cc...914f62cbdd2b View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135142769 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1010 (master - 416a5b6)
Build Update for FdaSilvaYY/openssl - Build: #1010 Status: Errored Duration: 10 minutes and 47 seconds Commit: 416a5b6 (master) Author: Matt Caswell Message: BIO_printf() can fail to print the last character If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich SalzView the changeset: https://github.com/FdaSilvaYY/openssl/compare/ade82832cd4b...416a5b6c92f9 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135135571 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1009 (master - ade8283)
Build Update for FdaSilvaYY/openssl - Build: #1009 Status: Errored Duration: 11 minutes and 0 seconds Commit: ade8283 (master) Author: Rich Salz Message: Remove NOEXIST entries checkpoint before release. Reviewed-by: Richard LevitteView the changeset: https://github.com/FdaSilvaYY/openssl/compare/45361b1e0eb6...ade82832cd4b View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135135421 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.277
Build openssl 1.0.277 failed Commit 809d443b63 by FdaSilvaYY on 6/3/2016 8:49 PM: Add checks on sk__push() returned result Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1008 (crypto-add-checks-on-sk_type_push - 21d0f65)
Build Update for FdaSilvaYY/openssl - Build: #1008 Status: Errored Duration: 4 minutes and 49 seconds Commit: 21d0f65 (crypto-add-checks-on-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/crypto-add-checks-on-sk_type_push View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135135082 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1007 (ssl-add-checks-on-sk_type_push - 809d443)
Build Update for FdaSilvaYY/openssl - Build: #1007 Status: Errored Duration: 5 minutes and 26 seconds Commit: 809d443 (ssl-add-checks-on-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push() returned result View the changeset: https://github.com/FdaSilvaYY/openssl/compare/ssl-add-checks-on-sk_type_push View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135134854 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.276
Build openssl 1.0.276 failed Commit 21d0f655a8 by FdaSilvaYY on 6/3/2016 8:37 PM: Add checks on sk__push return value Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1006 (add_sk_push_fixes - 809d443)
Build Update for FdaSilvaYY/openssl - Build: #1006 Status: Errored Duration: 5 minutes and 19 seconds Commit: 809d443 (add_sk_push_fixes) Author: FdaSilvaYY Message: Add checks on sk__push() returned result View the changeset: https://github.com/FdaSilvaYY/openssl/commit/809d443b63cc View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135134272 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1005 (add--check-crypto-sk_type_push - 21d0f65)
Build Update for FdaSilvaYY/openssl - Build: #1005 Status: Errored Duration: 4 minutes and 57 seconds Commit: 21d0f65 (add--check-crypto-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/e46c2dc85a7f...21d0f655a85e View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135131495 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.275
Build openssl 1.0.275 failed Commit e46c2dc85a by FdaSilvaYY on 6/3/2016 7:24 PM: Add checks on sk__push return value Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4312 (master - 416a5b6)
Build Update for openssl/openssl - Build: #4312 Status: Errored Duration: 15 minutes and 16 seconds Commit: 416a5b6 (master) Author: Matt Caswell Message: BIO_printf() can fail to print the last character If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/fa28bfd66fc2...416a5b6c92f9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135116124 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 96f1de5bf40af27db3df91c106d799fa86165eb9 (commit) via f3cab0b11ffd1e1816f34a2880493ff1a3313f49 (commit) from 782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit) - Log - commit 96f1de5bf40af27db3df91c106d799fa86165eb9 Author: Matt CaswellDate: Fri Jun 3 15:53:54 2016 +0100 BIO_printf() can fail to print the last character If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz commit f3cab0b11ffd1e1816f34a2880493ff1a3313f49 Author: Jonas Maebe Date: Sun Dec 8 17:24:18 2013 +0100 cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- Summary of changes: crypto/bio/b_print.c | 12 +--- crypto/engine/eng_cryptodev.c | 23 --- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 90248fa..987fe06 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -423,9 +423,15 @@ _dopr(char **sbuffer, break; } } -*truncated = (currlen > *maxlen - 1); -if (*truncated) -currlen = *maxlen - 1; +/* + * We have to truncate if there is no dynamic buffer and we have filled the + * static buffer. + */ +if (buffer == NULL) { +*truncated = (currlen > *maxlen - 1); +if (*truncated) +currlen = *maxlen - 1; +} if(!doapr_outch(sbuffer, buffer, , maxlen, '\0')) return 0; *retlen = currlen - 1; diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 8fb9c33..5a2ca6d 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -26,6 +26,7 @@ * */ +#include #include #include #include @@ -1064,8 +1065,7 @@ static void zapparams(struct crypt_kop *kop) int i; for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { -if (kop->crk_param[i].crp_p) -free(kop->crk_param[i].crp_p); +OPENSSL_free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; kop->crk_param[i].crp_nbits = 0; } @@ -1078,16 +1078,25 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, int fd, ret = -1; if ((fd = get_asym_dev_crypto()) < 0) -return (ret); +return ret; if (r) { -kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen); +if (kop->crk_param[kop->crk_iparams].crp_p == NULL) +return ret; +memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen); kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; kop->crk_oparams++; } if (s) { -kop->crk_param[kop->crk_iparams + 1].crp_p = -calloc(slen, sizeof(char)); +kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen); +/* No need to free the kop->crk_iparams parameter if it was allocated, + * callers of this routine have to free allocated parameters through + * zapparams both in case of success and failure + */ +if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL) +return ret; +memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen); kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; kop->crk_oparams++; } @@ -1100,7 +1109,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, ret = 0; } -return (ret); +return ret; } static int _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 416a5b6c92f9f7a664c34a96e63f50c38b7e3291 (commit) via 93879f8eedc38b45a30bbd0e7f5863ebfc6d3b86 (commit) via 2c4a056f59a6819b8a0d40e3a7e11cf6d35b3e88 (commit) from fa28bfd66fc221e18ee57134e42b54b4012e66db (commit) - Log - commit 416a5b6c92f9f7a664c34a96e63f50c38b7e3291 Author: Matt CaswellDate: Fri Jun 3 15:53:54 2016 +0100 BIO_printf() can fail to print the last character If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz commit 93879f8eedc38b45a30bbd0e7f5863ebfc6d3b86 Author: Jonas Maebe Date: Sun Dec 8 17:24:18 2013 +0100 cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell commit 2c4a056f59a6819b8a0d40e3a7e11cf6d35b3e88 Author: Matt Caswell Date: Fri Jun 3 11:59:19 2016 +0100 Handle a memory allocation failure in ssl3_init_finished_mac() The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: Rich Salz --- Summary of changes: crypto/bio/b_print.c | 12 +--- crypto/engine/eng_cryptodev.c | 19 +-- include/openssl/ssl.h | 1 + ssl/s3_enc.c | 11 +-- ssl/ssl_err.c | 1 + ssl/ssl_locl.h| 2 +- ssl/statem/statem.c | 8 ++-- ssl/statem/statem_clnt.c | 5 - ssl/statem/statem_srvr.c | 11 --- 9 files changed, 52 insertions(+), 18 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 1b70bac..6808cdc 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -363,9 +363,15 @@ _dopr(char **sbuffer, break; } } -*truncated = (currlen > *maxlen - 1); -if (*truncated) -currlen = *maxlen - 1; +/* + * We have to truncate if there is no dynamic buffer and we have filled the + * static buffer. + */ +if (buffer == NULL) { +*truncated = (currlen > *maxlen - 1); +if (*truncated) +currlen = *maxlen - 1; +} if(!doapr_outch(sbuffer, buffer, , maxlen, '\0')) return 0; *retlen = currlen - 1; diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 79a0641..a2acabe 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1257,8 +1257,7 @@ static void zapparams(struct crypt_kop *kop) int i; for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { -if (kop->crk_param[i].crp_p) -free(kop->crk_param[i].crp_p); +OPENSSL_free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; kop->crk_param[i].crp_nbits = 0; } @@ -1271,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, int fd, ret = -1; if ((fd = get_asym_dev_crypto()) < 0) -return (ret); +return ret; if (r) { -kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen); +if (kop->crk_param[kop->crk_iparams].crp_p == NULL) +return ret; kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; kop->crk_oparams++; } if (s) { kop->crk_param[kop->crk_iparams + 1].crp_p = -calloc(slen, sizeof(char)); +OPENSSL_zalloc(slen); +/* No need to free the kop->crk_iparams parameter if it was allocated, + * callers of this routine have to free allocated parameters through + * zapparams both in case of success and failure + */ +if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL) +return ret; kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; kop->crk_oparams++; } @@ -1293,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, ret = 0; } -return (ret); +return ret; } static int diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c6c3576..2779fff 100644 ---
[openssl-commits] Errored: FdaSilvaYY/openssl#1004 (add--check-crypto-sk_type_push - e46c2dc)
Build Update for FdaSilvaYY/openssl - Build: #1004 Status: Errored Duration: 4 minutes and 47 seconds Commit: e46c2dc (add--check-crypto-sk_type_push) Author: FdaSilvaYY Message: Add checks on sk__push return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/a182e546c74a^...e46c2dc85a7f View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/135114851 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#4311 (OpenSSL_1_0_2-stable - 782a2be)
Build Update for openssl/openssl - Build: #4311 Status: Still Failing Duration: 19 minutes and 43 seconds Commit: 782a2be (OpenSSL_1_0_2-stable) Author: Dirk Feytons Message: Fix build with no-cmac Add missing ifdefs. Same change is already present in master, see b4a3aeebd9f9280aa7e69a343f5c824e68466d90 Reviewed-by: Matt CaswellReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1155) View the changeset: https://github.com/openssl/openssl/compare/733f72f182f4...782a2be2ed5f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135083297 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4310 (master - fa28bfd)
Build Update for openssl/openssl - Build: #4310 Status: Errored Duration: 23 minutes and 16 seconds Commit: fa28bfd (master) Author: Matt Caswell Message: Update INSTALL instructions Fill out the INSTALL instructions with more information on Configure arguments, environment variables and Makefile targets. Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/6191fc8634eb...fa28bfd66fc2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135072842 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4309 (master - 6191fc8)
Build Update for openssl/openssl - Build: #4309 Status: Errored Duration: 11 minutes and 31 seconds Commit: 6191fc8 (master) Author: Mat Message: Added define for STATUS_SUCCESS Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by: Matt CaswellReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1142) View the changeset: https://github.com/openssl/openssl/compare/49c2a00d1427...6191fc8634eb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135071193 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit) from 733f72f182f420282bc248441cbf34a0f3721e7f (commit) - Log - commit 782a2be2ed5f4781d6c90d56ccf4a608b875f325 Author: Dirk FeytonsDate: Thu Jun 2 15:31:57 2016 +0200 Fix build with no-cmac Add missing ifdefs. Same change is already present in master, see b4a3aeebd9f9280aa7e69a343f5c824e68466d90 Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1155) --- Summary of changes: crypto/asn1/ameth_lib.c | 2 ++ crypto/evp/pmeth_lib.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 5389c04..43ddebb 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { _asn1_meth, #endif _asn1_meth, +#ifndef OPENSSL_NO_CMAC _asn1_meth, +#endif #ifndef OPENSSL_NO_DH _asn1_meth #endif diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9f81d10..9668b3a 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = { _pkey_meth, #endif _pkey_meth, +#ifndef OPENSSL_NO_CMAC _pkey_meth, +#endif #ifndef OPENSSL_NO_DH _pkey_meth #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#4307 (OpenSSL_1_0_2-stable - 733f72f)
Build Update for openssl/openssl - Build: #4307 Status: Still Failing Duration: 19 minutes and 32 seconds Commit: 733f72f (OpenSSL_1_0_2-stable) Author: Matt Caswell Message: Update CONTRIBUTING Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/a004e72b9583...733f72f182f4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135070721 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4306 (master - 49c2a00)
Build Update for openssl/openssl - Build: #4306 Status: Errored Duration: 15 minutes and 23 seconds Commit: 49c2a00 (master) Author: Matt Caswell Message: Add a paragraph on documentation to CONTRIBUTING Reviewed-by: Rich SalzReviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/7d6df9e9150a...49c2a00d1427 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135070112 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4305 (master - 7d6df9e)
Build Update for openssl/openssl - Build: #4305 Status: Errored Duration: 10 minutes and 54 seconds Commit: 7d6df9e (master) Author: Pauli Message: Fix threading issue that at best will leak memory The problem is the checking in policy_cache_set, there is a race condition between the null check and obtaining the lock. The fix is in policy_cache_new to detect if the creation has happened already. Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/b38c43f7bc47...7d6df9e9150a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135068737 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via fa28bfd66fc221e18ee57134e42b54b4012e66db (commit) from 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit) - Log - commit fa28bfd66fc221e18ee57134e42b54b4012e66db Author: Matt CaswellDate: Thu Jun 2 20:18:33 2016 +0100 Update INSTALL instructions Fill out the INSTALL instructions with more information on Configure arguments, environment variables and Makefile targets. Reviewed-by: Richard Levitte --- Summary of changes: INSTALL | 214 +--- 1 file changed, 191 insertions(+), 23 deletions(-) diff --git a/INSTALL b/INSTALL index ff134f2..b5cfa71 100644 --- a/INSTALL +++ b/INSTALL @@ -77,13 +77,28 @@ --openssldir depend in what configuration is used and what Windows implementation OpenSSL is built on. More notes on this in NOTES.WIN): - --prefix=DIR - The top of the installation directory tree. Defaults are: + --api=x.y.z + Don't build with support for deprecated APIs below the + specified version number. For example "--api=1.1.0" will + remove support for all APIS that were deprecated in OpenSSL + version 1.1.0 or below. - Unix: /usr/local - Windows:C:\Program Files\OpenSSL -or C:\Program Files (x86)\OpenSSL - OpenVMS:SYS$COMMON:[OPENSSL-'version'] + --cross-compile-prefix=PREFIX + The PREFIX to include in front of commands for your + toolchain. For example to build the mingw64 target on Linux + you might use "--cross-compile-prefix=x86_64-w64-mingw32-". + If the compiler is gcc, then this will attempt to run + x86_64-w64-mingw32-gcc when compiling. + + --debug + Build OpenSSL with debugging symbols. + + --libdir=DIR + The name of the directory under the top of the installation + directory tree (see the --prefix option) where libraries will + be installed. By default this is "lib". Note that on Windows + only ".lib" files will be stored in this location. dll files + will always be installed to the "bin" directory. --openssldir=DIR Directory for OpenSSL configuration files, and also the @@ -94,16 +109,54 @@ or C:\Program Files (x86)\Common Files\SSL OpenVMS:SYS$COMMON:[OPENSSL-COMMON] - --api=x.y.z - Don't build with support for deprecated APIs below the - specified version number. For example "--api=1.1.0" will - remove support for all APIS that were deprecated in OpenSSL - version 1.1.0 or below. + --prefix=DIR + The top of the installation directory tree. Defaults are: + + Unix: /usr/local + Windows:C:\Program Files\OpenSSL +or C:\Program Files (x86)\OpenSSL + OpenVMS:SYS$COMMON:[OPENSSL-'version'] + + --release + Build OpenSSL without debugging symbols. This is the default. + + --strict-warnings + This is a developer flag that switches on various compiler + options recommended for OpenSSL development. It only works + when using gcc or clang as the compiler. If you are + developing a patch for OpenSSL then it is recommended that + you use this option where possible. + + --with-zlib-include=DIR + The directory for the location of the zlib include file. This + option is only necessary if enable-zlib (see below) is used + and the include file is not already on the system include + path. + + --with-zlib-lib=LIB + On Unix: this is the directory containing the zlib library. + If not provided the system library path will be used. + On Windows: this is the filename of the zlib library (with or + without a path). This flag must be provided if the + zlib-dynamic option is not also used. If zlib-dynamic is used + then this flag is optional and a default value ("ZLIB1") is + used if not provided. + On VMS: this is the filename of the zlib library (with or + without a path). This flag is optional and if not provided + then "GNV$LIBZSHR",
[openssl-commits] [openssl] master update
The branch master has been updated via 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit) via e56f956ef1347b8eb9024471f4fa16691cf8e3ea (commit) via 0814afcfa46039c8f27739dbe6a355b731f34608 (commit) via fa64e63373fbc845a39907407ad990a6bbb84174 (commit) from 49c2a00d1427b84bd851125740f493d1822e6fbc (commit) - Log - commit 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 Author: MatDate: Thu Jun 2 23:38:56 2016 +0200 Added define for STATUS_SUCCESS Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1142) commit e56f956ef1347b8eb9024471f4fa16691cf8e3ea Author: Mat Date: Sun May 29 20:44:27 2016 +0200 Adds casts for 64-bit Adds missing casts for 64-bit. Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1142) commit 0814afcfa46039c8f27739dbe6a355b731f34608 Author: Mat Date: Sun May 29 20:38:37 2016 +0200 Define USE_BCRYPT Define USE_BCRYPT Removed _WIN32_WINNT define Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1142) commit fa64e63373fbc845a39907407ad990a6bbb84174 Author: Mat Date: Sun May 29 20:23:22 2016 +0200 Use BCryptGenRandom on Windows 7 or higher When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI. This change brings the following benefits: - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded. - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps) Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1142) --- Summary of changes: crypto/rand/rand_win.c | 33 + 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 46cbe14..c5d0aa1 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -13,31 +13,47 @@ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # include -# ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 +/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 +# define RAND_WINDOWS_USE_BCRYPT # endif -# include +# ifdef RAND_WINDOWS_USE_BCRYPT +# include +# pragma comment(lib, "bcrypt.lib") +# ifndef STATUS_SUCCESS +# define STATUS_SUCCESS ((NTSTATUS)0xL) +# endif +# else +# include /* * Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ -# define PROV_INTEL_SEC 22 -# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# define PROV_INTEL_SEC 22 +# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# endif static void readtimer(void); int RAND_poll(void) { MEMORYSTATUS mst; -HCRYPTPROV hProvider = 0; +# ifndef RAND_WINDOWS_USE_BCRYPT +HCRYPTPROV hProvider; +# endif DWORD w; BYTE buf[64]; +# ifdef RAND_WINDOWS_USE_BCRYPT +if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) { +RAND_add(buf, sizeof(buf), sizeof(buf)); +} +# else /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (CryptAcquireContextW(, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { -if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) { +if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); } CryptReleaseContext(hProvider, 0); @@ -45,11 +61,12 @@ int RAND_poll(void) /* poll the Pentium PRG with CryptoAPI */ if (CryptAcquireContextW(, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { -if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) { +if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf),
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via ac29a0fed67ea1aeba71bad91f48593b644db4fd (commit) from 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 (commit) - Log - commit ac29a0fed67ea1aeba71bad91f48593b644db4fd Author: Matt CaswellDate: Fri Jun 3 17:12:08 2016 +0100 Update CONTRIBUTING Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz --- Summary of changes: CONTRIBUTING | 25 - 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1bfbc1b..07115e5 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,11 +1,11 @@ HOW TO CONTRIBUTE TO PATCHES OpenSSL -(Please visit https://openssl.org/community/getting-started.html for +(Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) Development is coordinated on the openssl-dev mailing list (see the -above link or http://mta.openssl.org for information on subscribing). +above link or https://mta.openssl.org for information on subscribing). If you are unsure as to whether a feature will be useful for the general OpenSSL community you might want to discuss it on the openssl-dev mailing list first. Someone may be already working on the same thing or there @@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on GitHub. If you think the patch could use feedback from the community, please start a thread on openssl-dev. -You can also submit patches by sending it as mail to rt@opensslorg. +You can also submit patches by sending it as mail to r...@openssl.org. Please include the word "PATCH" and an explanation of what the patch does in the subject line. If you do this, our preferred format is "git format-patch" output. For example to provide a patch file containing the @@ -42,7 +42,7 @@ the acceptance and review process faster: 1. Anything other than trivial contributions will require a contributor licensing agreement, giving us permission to use your code. See -https://openssl.org/policies/cla.html for details. +https://www.openssl.org/policies/cla.html for details. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -56,13 +56,20 @@ the acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible. When using GitHub, please -expect to have to rebase and update often. +expect to have to rebase and update often. Note that we do not accept merge +commits. You will be asked to remove them before a patch is considered +acceptable. -3. Patches should follow our coding style (see +4. Patches should follow our coding style (see https://www.openssl.org/policies/codingstyle.html) and compile without -warnings using the --strict-warnings flag. OpenSSL compiles on many -varied platforms: try to ensure you only use portable features. +warnings. Where gcc or clang is availble you should use the +--strict-warnings Configure option. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. -4. When at all possible, patches should include tests. These can either be +5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. + +6. New features or changed functionality must include documentation. Please +look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of +our style. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 733f72f182f420282bc248441cbf34a0f3721e7f (commit) from a004e72b95835136d3f1ea90517f706c24c03da7 (commit) - Log - commit 733f72f182f420282bc248441cbf34a0f3721e7f Author: Matt CaswellDate: Fri Jun 3 17:12:08 2016 +0100 Update CONTRIBUTING Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz --- Summary of changes: CONTRIBUTING | 25 - 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1bfbc1b..07115e5 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,11 +1,11 @@ HOW TO CONTRIBUTE TO PATCHES OpenSSL -(Please visit https://openssl.org/community/getting-started.html for +(Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) Development is coordinated on the openssl-dev mailing list (see the -above link or http://mta.openssl.org for information on subscribing). +above link or https://mta.openssl.org for information on subscribing). If you are unsure as to whether a feature will be useful for the general OpenSSL community you might want to discuss it on the openssl-dev mailing list first. Someone may be already working on the same thing or there @@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on GitHub. If you think the patch could use feedback from the community, please start a thread on openssl-dev. -You can also submit patches by sending it as mail to rt@opensslorg. +You can also submit patches by sending it as mail to r...@openssl.org. Please include the word "PATCH" and an explanation of what the patch does in the subject line. If you do this, our preferred format is "git format-patch" output. For example to provide a patch file containing the @@ -42,7 +42,7 @@ the acceptance and review process faster: 1. Anything other than trivial contributions will require a contributor licensing agreement, giving us permission to use your code. See -https://openssl.org/policies/cla.html for details. +https://www.openssl.org/policies/cla.html for details. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -56,13 +56,20 @@ the acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible. When using GitHub, please -expect to have to rebase and update often. +expect to have to rebase and update often. Note that we do not accept merge +commits. You will be asked to remove them before a patch is considered +acceptable. -3. Patches should follow our coding style (see +4. Patches should follow our coding style (see https://www.openssl.org/policies/codingstyle.html) and compile without -warnings using the --strict-warnings flag. OpenSSL compiles on many -varied platforms: try to ensure you only use portable features. +warnings. Where gcc or clang is availble you should use the +--strict-warnings Configure option. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. -4. When at all possible, patches should include tests. These can either be +5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. + +6. New features or changed functionality must include documentation. Please +look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of +our style. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 49c2a00d1427b84bd851125740f493d1822e6fbc (commit) via 4d6013c762dcd8d1eb7d481b7d6df6b5433818fe (commit) via 073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2 (commit) via 8c4f8039df25c930f9120eca4ccd9cfd225ad7ef (commit) via 75737d4fcd19974dc7b21fa790836435dafb294c (commit) via 26dee42d6ac6770d6ccdff59500f1619eb486cf0 (commit) from 7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit) - Log - commit 49c2a00d1427b84bd851125740f493d1822e6fbc Author: Matt CaswellDate: Fri Jun 3 10:51:13 2016 +0100 Add a paragraph on documentation to CONTRIBUTING Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 4d6013c762dcd8d1eb7d481b7d6df6b5433818fe Author: Matt Caswell Date: Fri Jun 3 10:42:20 2016 +0100 Further update CONTRIBUTING Tweak to the wording on merge commits. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2 Author: Matt Caswell Date: Thu Jun 2 11:09:13 2016 +0100 Tweaks to NOTES.PERL Fix some typos and other minor amendments to NOTES.PERL. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 8c4f8039df25c930f9120eca4ccd9cfd225ad7ef Author: Matt Caswell Date: Thu Jun 2 11:03:45 2016 +0100 Update NOTES.WIN Make the recommendation for MSYS perl in an MSYS environment more forceful. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 75737d4fcd19974dc7b21fa790836435dafb294c Author: Matt Caswell Date: Thu Jun 2 11:03:10 2016 +0100 Update CONTRIBUTING Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 26dee42d6ac6770d6ccdff59500f1619eb486cf0 Author: Matt Caswell Date: Thu Jun 2 11:01:32 2016 +0100 Bring the README file up to date The README file was a little out of date so needed a refresh Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- Summary of changes: CONTRIBUTING | 25 - NOTES.PERL | 9 + NOTES.WIN| 2 +- README | 34 -- 4 files changed, 38 insertions(+), 32 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1bfbc1b..07115e5 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,11 +1,11 @@ HOW TO CONTRIBUTE TO PATCHES OpenSSL -(Please visit https://openssl.org/community/getting-started.html for +(Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) Development is coordinated on the openssl-dev mailing list (see the -above link or http://mta.openssl.org for information on subscribing). +above link or https://mta.openssl.org for information on subscribing). If you are unsure as to whether a feature will be useful for the general OpenSSL community you might want to discuss it on the openssl-dev mailing list first. Someone may be already working on the same thing or there @@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on GitHub. If you think the patch could use feedback from the community, please start a thread on openssl-dev. -You can also submit patches by sending it as mail to rt@opensslorg. +You can also submit patches by sending it as mail to r...@openssl.org. Please include the word "PATCH" and an explanation of what the patch does in the subject line. If you do this, our preferred format is "git format-patch" output. For example to provide a patch file containing the @@ -42,7 +42,7 @@ the acceptance and review process faster: 1. Anything other than trivial contributions will require a contributor licensing agreement, giving us permission to use your code. See -https://openssl.org/policies/cla.html for details. +https://www.openssl.org/policies/cla.html for details. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -56,13 +56,20 @@ the acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible. When using GitHub, please -expect to have to rebase and update often. +expect to have to rebase and update often. Note that we do not accept merge +commits. You will be asked to remove them before a
[openssl-commits] [openssl] master update
The branch master has been updated via 7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit) from b38c43f7bc474c369ed652b19360ec90458be516 (commit) - Log - commit 7d6df9e9150abc8e0d8f88b02159261e37eea167 Author: PauliDate: Fri Jun 3 10:52:32 2016 -0400 Fix threading issue that at best will leak memory The problem is the checking in policy_cache_set, there is a race condition between the null check and obtaining the lock. The fix is in policy_cache_new to detect if the creation has happened already. Reviewed-by: Richard Levitte --- Summary of changes: crypto/x509v3/pcy_cache.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index e254142..a9ee30a 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -78,6 +78,9 @@ static int policy_cache_new(X509 *x) CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; + +if (x->policy_cache != NULL) +return 1; cache = OPENSSL_malloc(sizeof(*cache)); if (cache == NULL) return 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.3616
Build openssl master.3616 failed Commit e1a7a5e9c7 by Alfred E. Heggestad on 6/3/2016 12:58 PM: dtls: add callback for setting timeout value Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4298 (master - b38c43f)
Build Update for openssl/openssl - Build: #4298 Status: Errored Duration: 11 minutes and 50 seconds Commit: b38c43f (master) Author: Richard Levitte Message: tests: clean up temporary SSL session files. RT#4557 Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/4a2c4c1ab81b...b38c43f7bc47 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/135025978 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b38c43f7bc474c369ed652b19360ec90458be516 (commit) from 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit) - Log - commit b38c43f7bc474c369ed652b19360ec90458be516 Author: Richard LevitteDate: Fri Jun 3 13:56:20 2016 +0200 tests: clean up temporary SSL session files. RT#4557 Reviewed-by: Rich Salz --- Summary of changes: test/recipes/70-test_sslsessiontick.t | 9 ++--- test/recipes/70-test_tlsextms.t | 15 ++- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index c30ac44..aeed99c 100755 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -75,7 +75,7 @@ checkmessages(3, "No client support session ticket test", 0, 0, 0, 1); #Expected result: ClientHello extension seen; ServerHello extension not seen # NewSessionTicket message not seen; Abbreviated handshake clearall(); -(my $fh, my $session) = tempfile(); +(undef, my $session) = tempfile(); $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->start(); @@ -83,12 +83,13 @@ $proxy->clearClient(); $proxy->clientflags("-sess_in ".$session); $proxy->clientstart(); checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0); +unlink $session; #Test 5: Test session resumption with ticket capable client without a ticket #Expected result: ClientHello extension seen; ServerHello extension seen # NewSessionTicket message seen; Abbreviated handshake clearall(); -($fh, $session) = tempfile(); +(undef, $session) = tempfile(); $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session." -no_ticket"); $proxy->start(); @@ -97,6 +98,7 @@ $proxy->clientflags("-sess_in ".$session); $proxy->clientstart(); checkmessages(5, "Session resumption with ticket capable client without a " ."ticket", 1, 1, 1, 0); +unlink $session; #Test 6: Client accepts empty ticket. #Expected result: ClientHello extension seen; ServerHello extension seen; @@ -108,7 +110,7 @@ checkmessages(6, "Empty ticket test", 1, 1, 1, 1); #Test 7-8: Client keeps existing ticket on empty ticket. clearall(); -($fh, $session) = tempfile(); +(undef, $session) = tempfile(); $proxy->serverconnects(3); $proxy->filter(undef); $proxy->clientflags("-sess_out ".$session); @@ -127,6 +129,7 @@ $proxy->clientstart(); #Expected result: ClientHello extension seen; ServerHello extension not seen; # NewSessionTicket message not seen; Abbreviated handshake. checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0); +unlink $session; #Test 9: Bad server sends the ServerHello extension but does not send a #NewSessionTicket diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t index 6cc04ff..25cc627 100644 --- a/test/recipes/70-test_tlsextms.t +++ b/test/recipes/70-test_tlsextms.t @@ -91,7 +91,7 @@ checkmessages(2, "No ticket, no client extension extended master secret test", 0 clearall(); setrmextms(0, 0); -(my $fh, my $session) = tempfile(); +(undef, my $session) = tempfile(); $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->start(); @@ -99,6 +99,7 @@ $proxy->clearClient(); $proxy->clientflags("-sess_in ".$session); $proxy->clientstart(); checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); +unlink $session; #Test 6: Session resumption extended master secret test original session # omits extension. Server must not resume session. @@ -107,7 +108,7 @@ checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); clearall(); setrmextms(1, 0); -($fh, $session) = tempfile(); +(undef, $session) = tempfile(); $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->start(); @@ -116,6 +117,7 @@ $proxy->clientflags("-sess_in ".$session); setrmextms(0, 0); $proxy->clientstart(); checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); +unlink $session; #Test 7: Session resumption extended master secret test resumed session # omits client extension. Server must abort connection. @@ -123,7 +125,7 @@ checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); clearall(); setrmextms(0, 0); -($fh, $session) = tempfile(); +(undef, $session) = tempfile(); $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->start(); @@ -132,6 +134,7 @@ $proxy->clientflags("-sess_in ".$session); setrmextms(1, 0); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Client inconsistent session resumption"); +unlink $session; #Test 8: Session resumption extended master secret test resumed
[openssl-commits] [openssl] master update
The branch master has been updated via 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit) via 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b (commit) via e298cb10feab3115b6da189a0f569e24b4f6c2a9 (commit) via e78fadede267e3627ac85b3707a773b3b51e8f46 (commit) from 63936115e8e70ac36fc865ea32830dc93a7a5157 (commit) - Log - commit 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a Author: Ben LaurieDate: Fri Jun 3 11:07:42 2016 +0100 Add ct fuzzer. Reviewed-by: Rich Salz commit 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b Author: Ben Laurie Date: Thu May 12 10:39:43 2016 +0100 Linkify libfuzzer. Reviewed-by: Rich Salz commit e298cb10feab3115b6da189a0f569e24b4f6c2a9 Author: Ben Laurie Date: Wed May 11 16:07:14 2016 +0100 Fuzz everything with every input. Reviewed-by: Rich Salz commit e78fadede267e3627ac85b3707a773b3b51e8f46 Author: Ben Laurie Date: Sat May 7 18:58:44 2016 +0100 Sort. Reviewed-by: Rich Salz --- Summary of changes: .gitignore | 2 ++ fuzz/README.md | 2 +- fuzz/asn1.c | 92 ++-- fuzz/build.info | 26 --- fuzz/{cms.c => ct.c} | 14 5 files changed, 62 insertions(+), 74 deletions(-) copy fuzz/{cms.c => ct.c} (63%) diff --git a/.gitignore b/.gitignore index 2f99952..508fe0b 100644 --- a/.gitignore +++ b/.gitignore @@ -63,6 +63,7 @@ Makefile /fuzz/bndiv /fuzz/conf /fuzz/cms +/fuzz/ct /fuzz/server /fuzz/x509 /test/sha256t @@ -85,6 +86,7 @@ Makefile *.dylib* *.dll* *.exe +*.pyc # Exceptions !/test/bctest !/crypto/des/times/486-50.sol diff --git a/fuzz/README.md b/fuzz/README.md index 948590d..9b6d7d7 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -1,6 +1,6 @@ # I Can Haz Fuzz? -Or, how to fuzz OpenSSL with libfuzzer. +Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html). Starting from a vanilla+OpenSSH server Ubuntu install. diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fc129a8..fdf4c5e 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -26,61 +26,45 @@ #include #include "fuzzer.h" -static const ASN1_ITEM *item_type; - -int LLVMFuzzerInitialize(int *argc, char ***argv) { -const char *cmd; -OPENSSL_assert(*argc > 1); - -cmd = (*argv)[1]; -(*argv)[1] = (*argv)[0]; -++*argv; ---*argc; - -// TODO: make this work like d2i_test.c does, once its decided what the -// common scheme is! -#define Y(t) if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t) -#define X(t) else Y(t) - -Y(ASN1_SEQUENCE); -X(AUTHORITY_INFO_ACCESS); -X(BIGNUM); -X(ECPARAMETERS); -X(ECPKPARAMETERS); -X(GENERAL_NAME); -X(GENERAL_SUBTREE); -X(NAME_CONSTRAINTS); -X(OCSP_BASICRESP); -X(OCSP_RESPONSE); -X(PKCS12); -X(PKCS12_AUTHSAFES); -X(PKCS12_SAFEBAGS); -X(PKCS7); -X(PKCS7_ATTR_SIGN); -X(PKCS7_ATTR_VERIFY); -X(PKCS7_DIGEST); -X(PKCS7_ENC_CONTENT); -X(PKCS7_ENCRYPT); -X(PKCS7_ENVELOPE); -X(PKCS7_RECIP_INFO); -X(PKCS7_SIGN_ENVELOPE); -X(PKCS7_SIGNED); -X(PKCS7_SIGNER_INFO); -X(POLICY_CONSTRAINTS); -X(POLICY_MAPPINGS); -X(SXNET); -//X(TS_RESP); want to do this, but type is hidden, however d2i exists... -X(X509); -X(X509_CRL); -else -OPENSSL_assert(!"Bad type"); - -return 0; -} +static const ASN1_ITEM *item_type[] = { +ASN1_ITEM_rptr(ASN1_SEQUENCE), +ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS), +ASN1_ITEM_rptr(BIGNUM), +ASN1_ITEM_rptr(ECPARAMETERS), +ASN1_ITEM_rptr(ECPKPARAMETERS), +ASN1_ITEM_rptr(GENERAL_NAME), +ASN1_ITEM_rptr(GENERAL_SUBTREE), +ASN1_ITEM_rptr(NAME_CONSTRAINTS), +ASN1_ITEM_rptr(OCSP_BASICRESP), +ASN1_ITEM_rptr(OCSP_RESPONSE), +ASN1_ITEM_rptr(PKCS12), +ASN1_ITEM_rptr(PKCS12_AUTHSAFES), +ASN1_ITEM_rptr(PKCS12_SAFEBAGS), +ASN1_ITEM_rptr(PKCS7), +ASN1_ITEM_rptr(PKCS7_ATTR_SIGN), +ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY), +ASN1_ITEM_rptr(PKCS7_DIGEST), +ASN1_ITEM_rptr(PKCS7_ENC_CONTENT), +ASN1_ITEM_rptr(PKCS7_ENCRYPT), +ASN1_ITEM_rptr(PKCS7_ENVELOPE), +ASN1_ITEM_rptr(PKCS7_RECIP_INFO), +ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE), +ASN1_ITEM_rptr(PKCS7_SIGNED), +ASN1_ITEM_rptr(PKCS7_SIGNER_INFO), +ASN1_ITEM_rptr(POLICY_CONSTRAINTS), +ASN1_ITEM_rptr(POLICY_MAPPINGS), +ASN1_ITEM_rptr(SXNET), +//ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists... +ASN1_ITEM_rptr(X509), +ASN1_ITEM_rptr(X509_CRL), +NULL +}; int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { -const uint8_t *b = buf; -ASN1_VALUE *o =
[openssl-commits] Errored: openssl/openssl#4294 (master - 6393611)
Build Update for openssl/openssl - Build: #4294 Status: Errored Duration: 10 minutes and 25 seconds Commit: 6393611 (master) Author: Emilia Kasper Message: Update client authentication tests Port client auth tests to the new framework, add coverage. The old tests were only testing success, and only for some protocol versions; the new tests add all protocol versions and various failure modes. Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/66bceb5f19d8...63936115e8e7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/134985151 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 63936115e8e70ac36fc865ea32830dc93a7a5157 (commit) from 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit) - Log - commit 63936115e8e70ac36fc865ea32830dc93a7a5157 Author: Emilia KasperDate: Tue May 31 16:42:58 2016 +0200 Update client authentication tests Port client auth tests to the new framework, add coverage. The old tests were only testing success, and only for some protocol versions; the new tests add all protocol versions and various failure modes. Reviewed-by: Rich Salz --- Summary of changes: test/certs/{ee-client.pem => ee-client-chain.pem} | 18 + test/recipes/80-test_ssl_new.t| 2 +- test/recipes/80-test_ssl_old.t| 89 ++-- test/ssl-tests/04-client_auth.conf| 602 ++ test/ssl-tests/04-client_auth.conf.in | 109 5 files changed, 759 insertions(+), 61 deletions(-) copy test/certs/{ee-client.pem => ee-client-chain.pem} (51%) create mode 100644 test/ssl-tests/04-client_auth.conf create mode 100644 test/ssl-tests/04-client_auth.conf.in diff --git a/test/certs/ee-client.pem b/test/certs/ee-client-chain.pem similarity index 51% copy from test/certs/ee-client.pem copy to test/certs/ee-client-chain.pem index a6105b2..27652fa 100644 --- a/test/certs/ee-client.pem +++ b/test/certs/ee-client-chain.pem @@ -17,3 +17,21 @@ A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx -END CERTIFICATE- +-BEGIN CERTIFICATE- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-END CERTIFICATE- diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 2bce02a..d432d1a 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -42,7 +42,7 @@ foreach my $conf (@conf_files) { # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 3; # = scalar @conf_srcs +plan tests => 4; # = scalar @conf_srcs sub test_conf { plan tests => 3; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index b41e67a..74d4360 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -311,11 +311,8 @@ sub testss { } sub testssl { -my $key = shift || bldtop_file("apps","server.pem"); -my $cert = shift || bldtop_file("apps","server.pem"); -my $CAtmp = shift; +my ($key, $cert, $CAtmp) = @_; my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs")); -my @extra = @_; my @ssltest = ("ssltest_old", "-s_key", $key, "-s_cert", $cert, @@ -334,47 +331,19 @@ sub testssl { subtest 'standard SSL tests' => sub { ## - plan tests => 29; +plan tests => 21; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 if disabled("ssl3"); - ok(run(test([@ssltest, "-ssl3", @extra])), -'test sslv3'); - ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])), -'test sslv3 with server authentication'); - ok(run(test([@ssltest, "-ssl3", "-client_auth", @CA, @extra])), -'test sslv3 with client authentication'); - ok(run(test([@ssltest, "-ssl3", "-server_auth", "-client_auth", @CA, @extra])), -'test sslv3 with both server and client authentication'); - } - - SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 4 - if $no_anytls; - - ok(run(test([@ssltest, @extra])),
[openssl-commits] Build completed: openssl master.3612
Build openssl master.3612 completed Commit 66bceb5f19 by Andy Polyakov on 6/3/2016 8:23 AM: chacha/chacha_enc.c: harmonize counter width with subroutine name. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#4293 (master - 66bceb5)
Build Update for openssl/openssl - Build: #4293 Status: Errored Duration: 14 minutes and 6 seconds Commit: 66bceb5 (master) Author: Andy Polyakov Message: chacha/chacha_enc.c: harmonize counter width with subroutine name. _ctr32 in function name refers to 32-bit counter, but it was implementing 64-bit one. This didn't pose problem to EVP, but 64-bit counter was just misleading. RT#4512 Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/b1ffe8dbeef2...66bceb5f19d8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/134966188 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit) from b1ffe8dbeef2e233707a78847494769cbe305821 (commit) - Log - commit 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 Author: Andy PolyakovDate: Wed Apr 27 15:07:32 2016 +0200 chacha/chacha_enc.c: harmonize counter width with subroutine name. _ctr32 in function name refers to 32-bit counter, but it was implementing 64-bit one. This didn't pose problem to EVP, but 64-bit counter was just misleading. RT#4512 Reviewed-by: Richard Levitte --- Summary of changes: crypto/chacha/chacha_enc.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c index 13720d0..239f68a 100644 --- a/crypto/chacha/chacha_enc.c +++ b/crypto/chacha/chacha_enc.c @@ -110,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, inp += todo; len -= todo; -/* advance counter */ -if (++input[12] == 0) -input[13]++; +/* + * Advance 32-bit counter. Note that as subroutine is so to + * say nonce-agnostic, this limited counter width doesn't + * prevent caller from implementing wider counter. It would + * simply take two calls split on counter overflow... + */ +input[12]++; } } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits