[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.4417
Build openssl OpenSSL_1_0_2-stable.4417 completed Commit f4d3fe420e by Benjamin Kaduk on 7/22/2016 2:55 PM: Fix a bug in clienthello processing Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#5100 (OpenSSL_1_0_2-stable - 325da82)
Build Update for openssl/openssl - Build: #5100 Status: Still Failing Duration: 30 minutes and 33 seconds Commit: 325da82 (OpenSSL_1_0_2-stable) Author: Dr. Stephen Henson Message: Use newest CRL. If two CRLs are equivalent then use the one with a later lastUpdate field: this will result in the newest CRL available being used. RT#4615 Reviewed-by: Rich Salz(cherry picked from commit 626aa24849be549b7ef4f049d8427989940c8a37) View the changeset: https://github.com/openssl/openssl/compare/02f873c5410e...325da8231c8d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146674370 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.4416
Build openssl master.4416 failed Commit e685802f4c by Richard Levitte on 7/22/2016 2:45 PM: Make it possible for external code to flag a certificate as a proxy one. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#5098 (OpenSSL_1_0_2-stable - 02f873c)
Build Update for openssl/openssl - Build: #5098 Status: Still Failing Duration: 12 minutes and 32 seconds Commit: 02f873c (OpenSSL_1_0_2-stable) Author: Dr. Stephen Henson Message: Send alert for bad DH CKE RT#4511 Reviewed-by: Matt CaswellView the changeset: https://github.com/openssl/openssl/compare/b746aa3fe05b...02f873c5410e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146673413 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#5092 (OpenSSL_1_0_2-stable - b746aa3)
Build Update for openssl/openssl - Build: #5092 Status: Still Failing Duration: 23 minutes and 21 seconds Commit: b746aa3 (OpenSSL_1_0_2-stable) Author: Dr. Stephen Henson Message: Fix OOB read in TS_OBJ_print_bio(). TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a) View the changeset: https://github.com/openssl/openssl/compare/b88028368395...b746aa3fe05b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146659151 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 626aa24849be549b7ef4f049d8427989940c8a37 (commit) from 31a7d80d0ddb9e45c112316057a83e743c15 (commit) - Log - commit 626aa24849be549b7ef4f049d8427989940c8a37 Author: Dr. Stephen HensonDate: Fri Jul 22 13:43:41 2016 +0100 Use newest CRL. If two CRLs are equivalent then use the one with a later lastUpdate field: this will result in the newest CRL available being used. RT#4615 Reviewed-by: Rich Salz --- Summary of changes: crypto/x509/x509_vfy.c | 20 ++-- 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index ee1c9af..2a15702 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -971,13 +971,21 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, crl = sk_X509_CRL_value(crls, i); reasons = *preasons; crl_score = get_crl_score(ctx, _issuer, , crl, x); - -if (crl_score > best_score) { -best_crl = crl; -best_crl_issuer = crl_issuer; -best_score = crl_score; -best_reasons = reasons; +if (crl_score < best_score) +continue; +/* If current CRL is equivalent use it if it is newer */ +if (crl_score == best_score) { +int day, sec; +if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl), + X509_CRL_get_lastUpdate(crl)) == 0) +continue; +if (day < 0 || sec <= 0) +continue; } +best_crl = crl; +best_crl_issuer = crl_issuer; +best_score = crl_score; +best_reasons = reasons; } if (best_crl) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 325da8231c8d441e6bb7f15d1a5a23ff63c842e5 (commit) from 02f873c5410e8b96c6a55cc906b8f10cd84b0835 (commit) - Log - commit 325da8231c8d441e6bb7f15d1a5a23ff63c842e5 Author: Dr. Stephen HensonDate: Fri Jul 22 13:43:41 2016 +0100 Use newest CRL. If two CRLs are equivalent then use the one with a later lastUpdate field: this will result in the newest CRL available being used. RT#4615 Reviewed-by: Rich Salz (cherry picked from commit 626aa24849be549b7ef4f049d8427989940c8a37) --- Summary of changes: crypto/x509/x509_vfy.c | 20 ++-- 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 389b1c2..5873ad4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1122,13 +1122,21 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, crl = sk_X509_CRL_value(crls, i); reasons = *preasons; crl_score = get_crl_score(ctx, _issuer, , crl, x); - -if (crl_score > best_score) { -best_crl = crl; -best_crl_issuer = crl_issuer; -best_score = crl_score; -best_reasons = reasons; +if (crl_score < best_score) +continue; +/* If current CRL is equivalent use it if it is newer */ +if (crl_score == best_score) { +int day, sec; +if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl), + X509_CRL_get_lastUpdate(crl)) == 0) +continue; +if (day < 0 || sec <= 0) +continue; } +best_crl = crl; +best_crl_issuer = crl_issuer; +best_score = crl_score; +best_reasons = reasons; } if (best_crl) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 31a7d80d0ddb9e45c112316057a83e743c15 (commit) from 0ed26acce328ec16a3aa635f1ca37365e8c7403a (commit) - Log - commit 31a7d80d0ddb9e45c112316057a83e743c15 Author: Dr. Stephen HensonDate: Fri Jul 22 15:55:38 2016 +0100 Send alert for bad DH CKE RT#4511 Reviewed-by: Matt Caswell --- Summary of changes: ssl/statem/statem_srvr.c | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e56d791..b7f2a0f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2269,17 +2269,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) EVP_PKEY *ckey = NULL; int ret = 0; -if (!PACKET_get_net_2(pkt, )) { +if (!PACKET_get_net_2(pkt, ) || PACKET_remaining(pkt) != i) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } -if (PACKET_remaining(pkt) != i) { -SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, - SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); -goto err; -} skey = s->s3->tmp.pkey; if (skey == NULL) { *al = SSL_AD_HANDSHAKE_FAILURE; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 02f873c5410e8b96c6a55cc906b8f10cd84b0835 (commit) from b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 (commit) - Log - commit 02f873c5410e8b96c6a55cc906b8f10cd84b0835 Author: Dr. Stephen HensonDate: Fri Jul 22 16:02:07 2016 +0100 Send alert for bad DH CKE RT#4511 Reviewed-by: Matt Caswell --- Summary of changes: ssl/s3_srvr.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 803afd8..c95d610 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2325,7 +2325,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); -goto err; +al = SSL_AD_HANDSHAKE_FAILURE; +goto f_err; } else { p -= 2; i = (int)n; @@ -2378,9 +2379,10 @@ int ssl3_get_client_key_exchange(SSL *s) i = DH_compute_key(p, pub, dh_srvr); if (i <= 0) { +al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); BN_clear_free(pub); -goto err; +goto f_err; } DH_free(s->s3->tmp.dh); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: mouse07410/openssl#31 (OpenSSL_1_0_2-stable - b746aa3)
Build Update for mouse07410/openssl - Build: #31 Status: Failed Duration: 16 minutes and 48 seconds Commit: b746aa3 (OpenSSL_1_0_2-stable) Author: Dr. Stephen Henson Message: Fix OOB read in TS_OBJ_print_bio(). TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a) View the changeset: https://github.com/mouse07410/openssl/compare/941d9fb6bdfa...b746aa3fe05b View the full build log and details: https://travis-ci.org/mouse07410/openssl/builds/146660487 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#5090 (OpenSSL_1_0_2-stable - b880283)
Build Update for openssl/openssl - Build: #5090 Status: Still Failing Duration: 21 minutes and 58 seconds Commit: b880283 (OpenSSL_1_0_2-stable) Author: Dr. Stephen Henson Message: Clarify digest change in HMAC_Init_ex() RT#4603 Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/941d9fb6bdfa...b88028368395 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146658596 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via b880283683958c873ce8363892c44277ec5081f8 (commit) from 941d9fb6bdfacbdab6325d24d65402b75afc20c5 (commit) - Log - commit b880283683958c873ce8363892c44277ec5081f8 Author: Dr. Stephen HensonDate: Fri Jul 22 14:11:13 2016 +0100 Clarify digest change in HMAC_Init_ex() RT#4603 Reviewed-by: Rich Salz --- Summary of changes: doc/crypto/hmac.pod | 18 +++--- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index 58a57f4..2c8f20a 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -60,13 +60,17 @@ function B and the key B which is B bytes long. It is deprecated and only included for backward compatibility with OpenSSL 0.9.6b. -HMAC_Init_ex() initializes or reuses a B structure to use -the function B and key B. Either can be NULL, in which -case the existing one will be reused. HMAC_CTX_init() must have been -called before the first use of an B in this -function. B. +HMAC_Init_ex() initializes or reuses a B structure to use the hash +function B and key B. If both are NULL (or B is the same +as the previous digest used by B and B is NULL) the existing key is +reused. B must have been created with HMAC_CTX_new() before the first use +of an B in this function. B. + +B NULL and B is not the +same as the previous digest used by B then an error is returned +because reuse of an existing key with a different digest is not supported.> HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B bytes at B). _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0ed26acce328ec16a3aa635f1ca37365e8c7403a (commit) from d0c4415de5eaa555ead6eb99660e46410b45e181 (commit) - Log - commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a Author: Dr. Stephen HensonDate: Thu Jul 21 15:24:16 2016 +0100 Fix OOB read in TS_OBJ_print_bio(). TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell --- Summary of changes: crypto/ts/ts_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index bde1bd7..e18f1f3 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -40,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) { char obj_txt[128]; -int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); -BIO_write(bio, obj_txt, len); -BIO_write(bio, "\n", 1); +OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); +BIO_printf(bio, "%s\n", obj_txt); return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via 6adf409c7432b90c06d9890787fe56c48f2a16e7 (commit) from beaa2c03e70b523f006003a489497a18b4d53e6c (commit) - Log - commit 6adf409c7432b90c06d9890787fe56c48f2a16e7 Author: Dr. Stephen HensonDate: Thu Jul 21 15:24:16 2016 +0100 Fix OOB read in TS_OBJ_print_bio(). TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell (cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a) --- Summary of changes: crypto/ts/ts_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index c51538a..e0f1063 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) { char obj_txt[128]; -int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); -BIO_write(bio, obj_txt, len); -BIO_write(bio, "\n", 1); +OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); +BIO_printf(bio, "%s\n", obj_txt); return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d0c4415de5eaa555ead6eb99660e46410b45e181 (commit) via d972af2b5e6b8c266f878ce28e60badcbc402311 (commit) from bd19d1aa04d14233c037386a2c969b0164c2cc37 (commit) - Log - commit d0c4415de5eaa555ead6eb99660e46410b45e181 Author: Emilia KasperDate: Thu Jul 21 19:19:07 2016 +0200 SSL tests: compress generated output a little Don't emit duplicate server/client sections when they are identical. Instead, just point to the same section. Reviewed-by: Rich Salz commit d972af2b5e6b8c266f878ce28e60badcbc402311 Author: Emilia Kasper Date: Thu Jul 21 16:32:07 2016 +0200 Make boolean SSL test conf values case-insensitive Undo review mistake: I changed the wrong strcmp in a previous pull request. Add test. Reviewed-by: Rich Salz --- Summary of changes: test/generate_ssl_tests.pl | 31 +-- test/ssl-tests/05-sni.conf | 35 +--- test/ssl-tests/06-sni-ticket.conf | 34 ++-- test/ssl-tests/08-npn.conf | 10 +- test/ssl-tests/09-alpn.conf| 8 +- test/ssl-tests/10-resumption.conf | 342 +++-- test/ssl-tests/11-dtls_resumption.conf | 152 +++ test/ssl_test.tmpl | 10 +- test/ssl_test_ctx.c| 6 +- test/ssl_test_ctx_test.conf| 2 +- 10 files changed, 164 insertions(+), 466 deletions(-) diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index 951421b..f103e8e 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -45,32 +45,35 @@ sub print_templates { $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) }; if (defined $test->{"server2"}) { $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; -} elsif (defined $test->{"test"}->{"ServerNameCallback"}) { -# Default is the same as server. -$test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) }; } else { -# Do not emit an empty "server2" section. +if (defined $test->{"test"}->{"ServerNameCallback"}) { +# Default is the same as server. +$test->{"reuse_server2"} = 1; +} +# Do not emit an empty/duplicate "server2" section. $test->{"server2"} = { }; } if (defined $test->{"resume_server"}) { $test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"resume_server"}}) }; -} elsif (defined $test->{"test"}->{"HandshakeMode"} && - $test->{"test"}->{"HandshakeMode"} eq "Resume") { -# Default is the same as server. -$test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"server"}}) }; } else { -# Do not emit an empty "resume-server" section. +if (defined $test->{"test"}->{"HandshakeMode"} && + $test->{"test"}->{"HandshakeMode"} eq "Resume") { +# Default is the same as server. +$test->{"reuse_resume_server"} = 1; +} +# Do not emit an empty/duplicate "resume-server" section. $test->{"resume_server"} = { }; } $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; if (defined $test->{"resume_client"}) { $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) }; -} elsif (defined $test->{"test"}->{"HandshakeMode"} && - $test->{"test"}->{"HandshakeMode"} eq "Resume") { -# Default is the same as client. -$test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; } else { -# Do not emit an empty "resume-client" section. +if (defined $test->{"test"}->{"HandshakeMode"} && + $test->{"test"}->{"HandshakeMode"} eq "Resume") { +# Default is the same as client. +$test->{"reuse_resume_client"} = 1; +} +# Do not emit an empty/duplicate "resume-client" section. $test->{"resume_client"} = { }; } } diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf index ef6db27..3fbb169 100644 --- a/test/ssl-tests/05-sni.conf +++ b/test/ssl-tests/05-sni.conf @@ -15,19 +15,14 @@ ssl_conf = 0-SNI-switch-context-ssl [0-SNI-switch-context-ssl] server = 0-SNI-switch-context-server -server2 = 0-SNI-switch-context-server2 client = 0-SNI-switch-context-client +server2 = 0-SNI-switch-context-server [0-SNI-switch-context-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
[openssl-commits] [openssl] master update
The branch master has been updated via bd19d1aa04d14233c037386a2c969b0164c2cc37 (commit) from 3770b877ea7b7fa08e88395e8c472c102f9e707e (commit) - Log - commit bd19d1aa04d14233c037386a2c969b0164c2cc37 Author: Dr. Stephen HensonDate: Tue Jul 19 18:40:14 2016 +0100 Clarify digest change in HMAC_Init_ex() RT#4603 Reviewed-by: Rich Salz --- Summary of changes: doc/crypto/HMAC.pod | 18 +++--- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/doc/crypto/HMAC.pod b/doc/crypto/HMAC.pod index fdafec8..91d0bdc 100644 --- a/doc/crypto/HMAC.pod +++ b/doc/crypto/HMAC.pod @@ -79,13 +79,17 @@ function B and the key B which is B bytes long. It is deprecated and only included for backward compatibility with OpenSSL 0.9.6b. -HMAC_Init_ex() initializes or reuses a B structure to use -the function B and key B. Either can be NULL, in which -case the existing one will be reused. B must have been created -with HMAC_CTX_new() before the first use of an B in this -function. B. +HMAC_Init_ex() initializes or reuses a B structure to use the hash +function B and key B. If both are NULL (or B is the same +as the previous digest used by B and B is NULL) the existing key is +reused. B must have been created with HMAC_CTX_new() before the first use +of an B in this function. B. + +B NULL and B is not the +same as the previous digest used by B then an error is returned +because reuse of an existing key with a different digest is not supported.> HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B bytes at B). _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3770b877ea7b7fa08e88395e8c472c102f9e707e (commit) via ee8f785873232583114981b5b44c64826b52116e (commit) via f22ff0eb169dcf8e49180b1c052d5c388c3a7197 (commit) from 912c258fc921fd100b5da3dc25773ecc507891b4 (commit) - Log - commit 3770b877ea7b7fa08e88395e8c472c102f9e707e Author: Dr. Stephen HensonDate: Fri Jul 22 01:09:52 2016 +0100 Add mask for newly created symlink. Reviewed-by: Rich Salz commit ee8f785873232583114981b5b44c64826b52116e Author: Dr. Stephen Henson Date: Fri Jul 22 01:09:04 2016 +0100 Check suffixes properly. Reviewed-by: Rich Salz commit f22ff0eb169dcf8e49180b1c052d5c388c3a7197 Author: Dr. Stephen Henson Date: Thu Jul 21 16:23:48 2016 +0100 use correct name for duplicate Reviewed-by: Rich Salz --- Summary of changes: apps/rehash.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/apps/rehash.c b/apps/rehash.c index 4686b53..aacb169 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -114,8 +114,8 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename, for (ep = bp->first_entry; ep; ep = ep->next) { if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { BIO_printf(bio_err, - "%s: skipping duplicate certificate in %s\n", - opt_getprog(), filename); + "%s: skipping duplicate %s in %s\n", opt_getprog(), + type == TYPE_CERT ? "certificate" : "CRL", filename); return 1; } if (strcmp(filename, ep->filename) == 0) { @@ -174,9 +174,11 @@ static int handle_symlink(const char *filename, const char *fullpath) } if (filename[i++] != '.') return -1; -for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) -if (strcasecmp(suffixes[type], [i]) == 0) +for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { +const char *suffix = suffixes[type]; +if (strncasecmp(suffix, [i], strlen(suffix)) == 0) break; +} i += strlen(suffixes[type]); id = strtoul([i], , 10); @@ -364,6 +366,7 @@ static int do_dir(const char *dirname, enum Hash h) strerror(errno)); errs++; } +bit_set(idmask, nextid); } else if (remove_links) { /* Link to be deleted */ snprintf(buf, buflen, "%s%s%n%08x.%s%d", _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: openssl/openssl#5086 (master - 912c258)
Build Update for openssl/openssl - Build: #5086 Status: Fixed Duration: 26 minutes and 59 seconds Commit: 912c258 (master) Author: Richard Levitte Message: Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/82c78ee48034...912c258fc921 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146602530 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 912c258fc921fd100b5da3dc25773ecc507891b4 (commit) from 82c78ee480346f6a2e88a7fa4964ab090b0d8b69 (commit) - Log - commit 912c258fc921fd100b5da3dc25773ecc507891b4 Author: Richard LevitteDate: Wed Jul 20 17:52:35 2016 +0200 Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result Reviewed-by: Rich Salz --- Summary of changes: ssl/ssl_ciph.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2a54f9d..2f036c3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -502,9 +502,9 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) return 1; } -static void load_builtin_compressions(void) +static int load_builtin_compressions(void) { -RUN_ONCE(_load_builtin_comp_once, do_load_builtin_compressions); +return RUN_ONCE(_load_builtin_comp_once, do_load_builtin_compressions); } #endif @@ -521,7 +521,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (comp != NULL) { SSL_COMP ctmp; #ifndef OPENSSL_NO_COMP -load_builtin_compressions(); +if (!load_builtin_compressions()) { +/* + * Currently don't care, since a failure only means that + * ssl_comp_methods is NULL, which is perfectly OK + */ +} #endif *comp = NULL; ctmp.id = s->compress_meth; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#5085 (master - 82c78ee)
Build Update for openssl/openssl - Build: #5085 Status: Broken Duration: 29 minutes and 30 seconds Commit: 82c78ee (master) Author: Richard Levitte Message: VMS: Rearrange installation targets for shared libraries The way it was implemented before this change, the shared libraries were installed twice. On a file system that supports file generations, that's a waste. Slightly rearranging the install targets solves the problem. Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/11279b13f586...82c78ee48034 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/146575376 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 82c78ee480346f6a2e88a7fa4964ab090b0d8b69 (commit) from 11279b13f586441a8fcc5109ee1907f33eb0cc24 (commit) - Log - commit 82c78ee480346f6a2e88a7fa4964ab090b0d8b69 Author: Richard LevitteDate: Thu Jul 21 12:33:23 2016 +0200 VMS: Rearrange installation targets for shared libraries The way it was implemented before this change, the shared libraries were installed twice. On a file system that supports file generations, that's a waste. Slightly rearranging the install targets solves the problem. Reviewed-by: Rich Salz --- Summary of changes: Configurations/descrip.mms.tmpl | 40 ++-- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index bf1f248..8993097 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -353,9 +353,13 @@ descrip.mms : FORCE # Install helper targets # -install_sw : all install_dev install_engines install_runtime install_startup install_ivp +install_sw : all install_shared _install_dev_ns - + install_engines _install_runtime_ns - + install_startup install_ivp -uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_startup uninstall_ivp +uninstall_sw : uninstall_shared _uninstall_dev_ns - + uninstall_engines _uninstall_runtime_ns - + uninstall_startup uninstall_ivp install_docs : install_html_docs @@ -374,7 +378,17 @@ install_ssldirs : check_INSTALLTOP COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} - ossl_dataroot:[00]openssl.cnf -install_dev : check_INSTALLTOP +install_shared : check_INSTALLTOP +@ {- output_off() if $disabled{shared}; "" -} ! +@ WRITE SYS$OUTPUT "*** Installing shareable images" +@ ! Install shared (runtime) libraries +- CREATE/DIR ossl_installroot:[LIB.'arch'] +{- join("\n", +map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } +@install_shlibs) -} +@ {- output_on() if $disabled{shared}; "" -} ! + +_install_dev_ns : check_INSTALLTOP @ WRITE SYS$OUTPUT "*** Installing development files" @ ! Install header files - CREATE/DIR ossl_installroot:[include.openssl] @@ -384,22 +398,10 @@ install_dev : check_INSTALLTOP {- join("\n", map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } @{$unified_info{install}->{libraries}}) -} -@ {- output_off() if $disabled{shared}; "" -} ! -@ ! Install shared (runtime) libraries -{- join("\n", -map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } -@install_shlibs) -} -@ {- output_on() if $disabled{shared}; "" -} ! -install_runtime : check_INSTALLTOP -@ ! {- output_off() if $disabled{apps}; "" -} -@ WRITE SYS$OUTPUT "*** Installing runtime files" -@ {- output_off() if $disabled{shared}; "" -} ! -@ ! Install shared (runtime) libraries -{- join("\n", -map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } -@install_shlibs) -} -@ {- output_on() if $disabled{shared}; "" -} ! +install_dev : install_shared _install_dev_ns + +_install_runtime_ns : check_INSTALLTOP @ ! Install the main program - CREATE/DIR ossl_installroot:[EXE.'arch'] COPY/PROT=W:RE [.APPS]openssl.EXE - @@ -408,6 +410,8 @@ install_runtime : check_INSTALLTOP COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE] @ ! {- output_on() if $disabled{apps}; "" -} +install_runtime : install_shared _install_runtime_ns + install_engines : check_INSTALLTOP @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! @ WRITE SYS$OUTPUT "*** Installing engines" _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits