[openssl-commits] Build completed: openssl master.4934

2016-08-19 Thread AppVeyor 


Build openssl master.4934 completed



Commit a73ce56d7d by FdaSilvaYY on 8/19/2016 5:44 PM:

Constify a bit X509_NAME_get_entry


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5599 (master - c4fbed6)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5599
Status: Broken

Duration: 35 minutes and 12 seconds
Commit: c4fbed6 (master)
Author: Viktor Dukhovni
Message: Add -dane_ee_no_namechecks s_client(1) option

The DANE API supports a DANE_FLAG_NO_DANE_EE_NAMECHECKS option, but
there was no way to exercise/enable it via s_client.  This commit
addresses that gap.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/dc047d31fa0c...c4fbed6c3139

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153607033

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-19 Thread Rich Salz 
The branch master has been updated
   via  8b8d963db5bb619fbada014f294fd09a855a2650 (commit)
  from  9e313563da23f3dc0a6db557f708726234e3f653 (commit)


- Log -
commit 8b8d963db5bb619fbada014f294fd09a855a2650
Author: Rich Salz 
Date:   Fri Aug 19 21:04:41 2016 -0400

Add BIO_get_new_index()

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 crypto/bio/b_addr.c |  4 +++-
 crypto/bio/bio_lcl.h|  1 +
 crypto/bio/bio_lib.c|  2 ++
 crypto/bio/bio_meth.c   | 12 ++
 doc/crypto/BIO_meth_new.pod |  7 +-
 include/openssl/bio.h   | 58 +++--
 util/libcrypto.num  |  1 +
 7 files changed, 55 insertions(+), 30 deletions(-)

diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 4e8785f..17ab3e4 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -19,6 +19,7 @@
 #include 
 
 CRYPTO_RWLOCK *bio_lookup_lock;
+extern CRYPTO_RWLOCK  *bio_type_lock;
 static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
 
 /*
@@ -605,7 +606,8 @@ static int addrinfo_wrap(int family, int socktype,
 DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
 {
 bio_lookup_lock = CRYPTO_THREAD_lock_new();
-return (bio_lookup_lock != NULL);
+bio_type_lock = CRYPTO_THREAD_lock_new();
+return bio_lookup_lock != NULL && bio_type_lock != NULL;
 }
 
 /*-
diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h
index f5a886c..5d0b827 100644
--- a/crypto/bio/bio_lcl.h
+++ b/crypto/bio/bio_lcl.h
@@ -137,6 +137,7 @@ typedef unsigned int socklen_t;
 # endif
 
 extern CRYPTO_RWLOCK *bio_lookup_lock;
+extern CRYPTO_RWLOCK *bio_type_lock;
 
 int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa);
 const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap);
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 98f3707..8a00103 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -594,5 +594,7 @@ void bio_cleanup(void)
 bio_sock_cleanup_int();
 CRYPTO_THREAD_lock_free(bio_lookup_lock);
 bio_lookup_lock = NULL;
+CRYPTO_THREAD_lock_free(bio_type_lock);
+bio_type_lock = NULL;
 #endif
 }
diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c
index d172047..7754b00 100644
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@@ -9,6 +9,18 @@
 
 #include "bio_lcl.h"
 
+CRYPTO_RWLOCK *bio_type_lock;
+static int bio_count = BIO_TYPE_START;
+
+int BIO_get_new_index()
+{
+int newval;
+
+if (!CRYPTO_atomic_add(_count, 1, , bio_type_lock))
+return -1;
+return newval;
+}
+
 BIO_METHOD *BIO_meth_new(int type, const char *name)
 {
 BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
diff --git a/doc/crypto/BIO_meth_new.pod b/doc/crypto/BIO_meth_new.pod
index 65e48cb..bf33161 100644
--- a/doc/crypto/BIO_meth_new.pod
+++ b/doc/crypto/BIO_meth_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+BIO_get_new_index,
 BIO_meth_new, BIO_meth_free, BIO_meth_get_write, BIO_meth_set_write,
 BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts,
 BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl,
@@ -13,6 +14,7 @@ BIO_meth_set_callback_ctrl  - Routines to build up BIO methods
 
  #include 
 
+ int BIO_get_new_index(void);
  BIO_METHOD *BIO_meth_new(int type, const char *name);
  void BIO_meth_free(BIO_METHOD *biom);
  int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int);
@@ -47,7 +49,10 @@ types. It provides a set of of functions used by OpenSSL for 
the implementation
 of the various BIO capabilities. See the L page for more information.
 
 BIO_meth_new() creates a new B structure. It should be given a
-unique integer B and a string that represents its B. The set of
+unique integer B and a string that represents its B.
+Use BIO_get_new_index() to get the value for B.
+
+The set of
 standard OpenSSL provided BIO types is provided in B. Some examples
 include B and B. Filter BIOs should have a
 type which have the "filter" bit set (B). Source/sink BIOs
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index f847348..d733f47 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -31,38 +31,39 @@
 extern "C" {
 #endif
 
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER 0x0200
+# define BIO_TYPE_SOURCE_SINK0x0400
+
 /* These are the 'types' of BIOs */
-# define BIO_TYPE_NONE   0
-# define BIO_TYPE_MEM(1|0x0400)
-# define BIO_TYPE_FILE   (2|0x0400)
-
-# define BIO_TYPE_FD (4|0x0400|0x0100)
-# define BIO_TYPE_SOCKET (5|0x0400|0x0100)
-# define BIO_TYPE_NULL   (6|0x0400)
-# define BIO_TYPE_SSL(7|0x0200)
-# define BIO_TYPE_MD (8|0x0200)/* passive filter */

[openssl-commits] Broken: openssl/openssl#5596 (OpenSSL_1_0_2-stable - ff5537c)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5596
Status: Broken

Duration: 16 minutes and 52 seconds
Commit: ff5537c (OpenSSL_1_0_2-stable)
Author: Rich Salz
Message: RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit 2a9afa4046592d44af84644cd89fe1a0d6d46889)

View the changeset: 
https://github.com/openssl/openssl/compare/a03f81f4ead2...ff5537c25565

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153597921

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.4923

2016-08-19 Thread AppVeyor 


Build openssl OpenSSL_1_0_1-stable.4923 completed



Commit 19fca4cafc by Rich Salz on 8/19/2016 3:45 PM:

RT3940: For now, just document the issue.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#1805 (pack_argv_options - a6424a7)

2016-08-19 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #1805
Status: Broken

Duration: 41 minutes and 5 seconds
Commit: a6424a7 (pack_argv_options)
Author: FdaSilvaYY
Message: Simplify certificate filename creation code loop

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/67d130fb2119...a6424a796883

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/153702105

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.4922

2016-08-19 Thread AppVeyor 



Build openssl OpenSSL_1_0_2-stable.4922 failed


Commit ff5537c255 by Rich Salz on 8/19/2016 3:45 PM:

RT3940: For now, just document the issue.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: mouse07410/openssl#43 (OpenSSL_1_0_2-stable - ff5537c)

2016-08-19 Thread Travis CI 
Build Update for mouse07410/openssl
-

Build: #43
Status: Errored

Duration: 6 hours, 2 minutes, and 17 seconds
Commit: ff5537c (OpenSSL_1_0_2-stable)
Author: Rich Salz
Message: RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit 2a9afa4046592d44af84644cd89fe1a0d6d46889)

View the changeset: 
https://github.com/mouse07410/openssl/compare/8a2ce3a31365...ff5537c25565

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/153607811

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#1803 (oss_constify_api - 359bc9c)

2016-08-19 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #1803
Status: Passed

Duration: 21 minutes and 9 seconds
Commit: 359bc9c (oss_constify_api)
Author: FdaSilvaYY
Message: Constify a bit X509_NAME_get_entry

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/abdce35ef138...359bc9c069cc

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/153689906

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5590 (master - e597260)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5590
Status: Broken

Duration: 22 minutes and 19 seconds
Commit: e597260 (master)
Author: FdaSilvaYY
Message: Allow to run all speed test when async_jobs active

... without any interruption.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1468)

View the changeset: 
https://github.com/openssl/openssl/compare/d5d9636a91b7...e5972607a151

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153584242

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#1802 (Constify_test - 59e9b01)

2016-08-19 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #1802
Status: Passed

Duration: 22 minutes and 5 seconds
Commit: 59e9b01 (Constify_test)
Author: FdaSilvaYY
Message: Constify a bit X509_NAME_get_entry

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/8b50e2b2300f...59e9b0151991

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/153651319

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.4919

2016-08-19 Thread AppVeyor 


Build openssl master.4919 completed



Commit a73733d411 by Rich Salz on 8/19/2016 3:08 PM:

Review comments


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#5584 (master - 7f35b7d)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5584
Status: Errored

Duration: 6 hours, 27 minutes, and 11 seconds
Commit: 7f35b7d (master)
Author: Matt Caswell
Message: Update function error code

A function error code needed updating due to merge issues.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/15269e565427...7f35b7d9c5f4

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153555472

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.4918

2016-08-19 Thread AppVeyor 



Build openssl OpenSSL_1_0_2-stable.4918 failed


Commit 49dbcc3013 by Richard Levitte on 8/19/2016 2:53 PM:

mk1mf: dtlstest needs ssltestlib, include it with a hack


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5589 (master - d5d9636)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5589
Status: Broken

Duration: 42 minutes and 27 seconds
Commit: d5d9636 (master)
Author: Dr. Stephen Henson
Message: make update

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/7f35b7d9c5f4...d5d9636a91b7

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153581546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.4917

2016-08-19 Thread AppVeyor 



Build openssl OpenSSL_1_0_2-stable.4917 failed


Commit 526b2a0ef8 by Richard Levitte on 8/19/2016 2:53 PM:

mk1mf: dtlstest needs ssltestlib, include it with a hack


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-19 Thread Dr . Stephen Henson 
The branch master has been updated
   via  9e313563da23f3dc0a6db557f708726234e3f653 (commit)
  from  bb1c5bbe6b5a5d3d21d4577fdf2d8e6f2bb78223 (commit)


- Log -
commit 9e313563da23f3dc0a6db557f708726234e3f653
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 19:32:19 2016 +0100

fix warning about trailing comma

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/s_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 48e9b82d..f43a578 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -555,7 +555,7 @@ typedef enum OPTION_choice {
 #ifndef OPENSSL_NO_CT
 OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
 #endif
-OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME
 } OPTION_CHOICE;
 
 OPTIONS s_client_options[] = {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl 1.0.1072

2016-08-19 Thread AppVeyor 


Build openssl 1.0.1072 completed



Commit 8b50e2b230 by FdaSilvaYY on 8/19/2016 5:44 PM:

Constify a bit X509_NAME_get_entry


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5587 (OpenSSL_1_0_2-stable - 66e7083)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5587
Status: Broken

Duration: 1 hour, 12 minutes, and 54 seconds
Commit: 66e7083 (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: Have dtlstest run on VMS as well

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/26aebca74e38...66e708326524

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153558257

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.4913

2016-08-19 Thread AppVeyor 



Build openssl OpenSSL_1_0_2-stable.4913 failed


Commit 66e7083265 by Richard Levitte on 8/19/2016 1:19 PM:

Have dtlstest run on VMS as well


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-19 Thread Dr . Stephen Henson 
The branch master has been updated
   via  bb1c5bbe6b5a5d3d21d4577fdf2d8e6f2bb78223 (commit)
   via  2729f62794bbef7a7455388034b540b9d292c624 (commit)
   via  568ce3a583a17c33feacbf5028ece9f7f0680478 (commit)
  from  c4fbed6c3139726fc719a703d2195f3b6426b748 (commit)


- Log -
commit bb1c5bbe6b5a5d3d21d4577fdf2d8e6f2bb78223
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 16:51:07 2016 +0100

make update

Reviewed-by: Rich Salz 

commit 2729f62794bbef7a7455388034b540b9d292c624
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 15:30:13 2016 +0100

rename ordinals

Reviewed-by: Rich Salz 

commit 568ce3a583a17c33feacbf5028ece9f7f0680478
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 12:39:57 2016 +0100

Constify certificate and CRL time routines.

Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/apps.c   |  4 ++--
 apps/ca.c | 16 +++---
 apps/crl.c|  6 ++---
 apps/s_cb.c   |  4 ++--
 apps/x509.c   |  6 ++---
 crypto/x509/t_crl.c   |  6 ++---
 crypto/x509/t_x509.c  |  4 ++--
 crypto/x509/x509_set.c| 18 ---
 crypto/x509/x509_vfy.c| 18 +++
 crypto/x509/x509cset.c| 20 +
 doc/crypto/X509_get_notBefore.pod | 46 ---
 include/openssl/x509.h| 32 ---
 util/libcrypto.num| 20 ++---
 13 files changed, 127 insertions(+), 73 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 1ce632f..23c6569 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2604,7 +2604,7 @@ int set_cert_times(X509 *x, const char *startdate, const 
char *enddate,
 goto err;
 }
 
-if (!X509_set_notBefore(x, tm))
+if (!X509_set1_notBefore(x, tm))
 goto err;
 
 if (enddate == NULL) {
@@ -2614,7 +2614,7 @@ int set_cert_times(X509 *x, const char *startdate, const 
char *enddate,
 goto err;
 }
 
-if (!X509_set_notAfter(x, tm))
+if (!X509_set1_notAfter(x, tm))
 goto err;
 
 rv = 1;
diff --git a/apps/ca.c b/apps/ca.c
index ef61de2..3db3f99 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1100,13 +1100,13 @@ end_of_options:
 if (tmptm == NULL)
 goto end;
 X509_gmtime_adj(tmptm, 0);
-X509_CRL_set_lastUpdate(crl, tmptm);
+X509_CRL_set1_lastUpdate(crl, tmptm);
 if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
   NULL)) {
 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
 goto end;
 }
-X509_CRL_set_nextUpdate(crl, tmptm);
+X509_CRL_set1_nextUpdate(crl, tmptm);
 
 ASN1_TIME_free(tmptm);
 
@@ -1377,7 +1377,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 {
 X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
 NULL;
-ASN1_UTCTIME *tm;
+const ASN1_TIME *tm;
 ASN1_STRING *str, *str2;
 ASN1_OBJECT *obj;
 X509 *ret = NULL;
@@ -1703,7 +1703,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 
 if (enddate != NULL) {
 int tdays;
-ASN1_TIME_diff(, NULL, NULL, X509_get_notAfter(ret));
+ASN1_TIME_diff(, NULL, NULL, X509_get0_notAfter(ret));
 days = tdays;
 }
 
@@ -1789,7 +1789,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 }
 
 BIO_printf(bio_err, "Certificate is to be certified until ");
-ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
+ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
 if (days)
 BIO_printf(bio_err, " (%ld days)", days);
 BIO_printf(bio_err, "\n");
@@ -1822,7 +1822,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 
 /* We now just add it to the database */
 row[DB_type] = OPENSSL_strdup("V");
-tm = X509_get_notAfter(ret);
+tm = X509_get0_notAfter(ret);
 row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
 memcpy(row[DB_exp_date], tm->data, tm->length);
 row[DB_exp_date][tm->length] = '\0';
@@ -2021,7 +2021,7 @@ static int check_time_format(const char *str)
 
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 {
-ASN1_UTCTIME *tm = NULL;
+const ASN1_TIME *tm = NULL;
 char *row[DB_NUMBER], **rrow, **irow;
 char *rev_str = NULL;
 BIGNUM *bn = NULL;
@@ -2054,7 +2054,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, 
char *value)
 
 /* We now just add it to the database */

[openssl-commits] Broken: FdaSilvaYY/openssl#1795 (fix_speed_sharing - f002d92)

2016-08-19 Thread Travis CI 
Build Update for FdaSilvaYY/openssl
-

Build: #1795
Status: Broken

Duration: 22 minutes and 30 seconds
Commit: f002d92 (fix_speed_sharing)
Author: FdaSilvaYY
Message: Fix loopargs_t object duplication into ASYNC context

Code was relying on an implicit data-sharing through duplication of
loopargs_t pointer-members made by ASYNC_start_job().

Now share structure address instead of structure content.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/6e1ccc6808fc...f002d9205ea4

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/153621970

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.1071

2016-08-19 Thread AppVeyor 



Build openssl 1.0.1071 failed


Commit f002d9205e by FdaSilvaYY on 8/19/2016 5:17 PM:

Fix loopargs_t object duplication into ASYNC context


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.4912

2016-08-19 Thread AppVeyor 


Build openssl OpenSSL_1_0_1-stable.4912 completed



Commit 5802758eb4 by Matt Caswell on 8/19/2016 1:05 PM:

Update function error code


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5585 (OpenSSL_1_0_2-stable - 26aebca)

2016-08-19 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #5585
Status: Broken

Duration: 35 minutes and 0 seconds
Commit: 26aebca (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Update function error code

A function error code needed updating due to merge issues.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/7b415b0ec383...26aebca74e38

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/153555650

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.4911

2016-08-19 Thread AppVeyor 



Build openssl OpenSSL_1_0_2-stable.4911 failed


Commit 26aebca74e by Matt Caswell on 8/19/2016 12:50 PM:

Update function error code


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-08-19 Thread Rich Salz 
The branch OpenSSL_1_0_2-stable has been updated
   via  ff5537c25565ad288ef00d67120b479c615bc6d3 (commit)
  from  a03f81f4ead24c234dc26e388d86a352685f3948 (commit)


- Log -
commit ff5537c25565ad288ef00d67120b479c615bc6d3
Author: Rich Salz 
Date:   Sat Aug 13 10:47:50 2016 -0400

RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit 2a9afa4046592d44af84644cd89fe1a0d6d46889)

---

Summary of changes:
 doc/apps/cms.pod   | 3 +++
 doc/apps/smime.pod | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 4eaedbc..ac69804 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -86,6 +86,9 @@ encrypt mail for the given recipient certificates. Input file 
is the message
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is EnvelopedData.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index d5618c8..04a83ca 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -53,6 +53,9 @@ The meaning of the other options varies according to the 
operation type.
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_noec #942

2016-08-19 Thread openssl . sanity 
See 

Changes:

[steve] Convert PKCS12* functions to use const getters

[steve] make update

[rsalz] Allow to run all speed test when async_jobs active

--
[...truncated 2582 lines...]
make[2]: Leaving directory 
`
gcc  -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack  -MMD -MF test/ssl_test_ctx_test.d.tmp -MT 
test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o test/ssl_test_ctx_test.c
rm -f test/ssl_test_ctx_test
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ssl_test_ctx_test OBJECTS="test/ssl_test_ctx.o 
test/ssl_test_ctx_test.o test/testutil.o" \
LIBDEPS=' '" -L. -lcrypto"' -ldl ' \
CC='gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack ' \
LDFLAGS='' LIBRPATH='/usr/local/lib64' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:--L. -lcrypto -ldl }"; LDCMD="${LDCMD:-gcc}"; 
LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in $LIBDEPS; do echo $x; done 
| sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ 
/:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/ssl_test_ctx_test} test/ssl_test_ctx.o test/ssl_test_ctx_test.o 
test/testutil.o ${LIBDEPS}; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} 
${LDFLAGS} -o ${APPNAME:=test/ssl_test_ctx_test} test/ssl_test_ctx.o 
test/ssl_test_ctx_test.o test/tes
 tutil.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" 
-DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DL_ENDIAN 
-Wa,--noexecstack -o test/ssl_test_ctx_test test/ssl_test_ctx.o 
test/ssl_test_ctx_test.o test/testutil.o -L. -lcrypto -ldl
make[2]: Leaving directory 
`
gcc  -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack  -MMD -MF test/sslapitest.d.tmp -MT 
test/sslapitest.o -c -o test/sslapitest.o test/sslapitest.c
rm -f test/sslapitest
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/sslapitest OBJECTS="test/sslapitest.o test/ssltestlib.o 
test/testutil.o" \
LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \
CC='gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack ' \
LDFLAGS='' LIBRPATH='/usr/local/lib64' \
link_app.
make[2]: Entering directory

[openssl-commits] [openssl] master update

2016-08-19 Thread Rich Salz 
The branch master has been updated
   via  e5972607a15113d07bb4bbd52df59cb9cede3079 (commit)
  from  d5d9636a91b7d755e2bcb50d5708312b9f762a5f (commit)


- Log -
commit e5972607a15113d07bb4bbd52df59cb9cede3079
Author: FdaSilvaYY 
Date:   Thu Aug 18 08:44:43 2016 +0200

Allow to run all speed test when async_jobs active

... without any interruption.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1468)

---

Summary of changes:
 apps/speed.c | 87 +---
 1 file changed, 54 insertions(+), 33 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 0097ebd..f5fe387 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2092,13 +2092,14 @@ int speed_main(int argc, char **argv)
 
 #ifndef OPENSSL_NO_CAMELLIA
 if (doit[D_CBC_128_CML]) {
-for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+if (async_jobs > 0) {
+BIO_printf(bio_err, "Async mode is not supported with %s\n",
+   names[D_CBC_128_CML]);
+doit[D_CBC_128_CML] = 0;
+}
+for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
   lengths[testnum]);
-if (async_jobs > 0) {
-BIO_printf(bio_err, "Async mode is not supported, exiting...");
-exit(1);
-}
 Time_F(START);
 for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
@@ -2109,7 +2110,12 @@ int speed_main(int argc, char **argv)
 }
 }
 if (doit[D_CBC_192_CML]) {
-for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+if (async_jobs > 0) {
+BIO_printf(bio_err, "Async mode is not supported with %s\n",
+   names[D_CBC_192_CML]);
+doit[D_CBC_192_CML] = 0;
+}
+for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
   lengths[testnum]);
 if (async_jobs > 0) {
@@ -2126,13 +2132,14 @@ int speed_main(int argc, char **argv)
 }
 }
 if (doit[D_CBC_256_CML]) {
-for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+if (async_jobs > 0) {
+BIO_printf(bio_err, "Async mode is not supported with %s\n",
+   names[D_CBC_256_CML]);
+doit[D_CBC_256_CML] = 0;
+}
+for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
   lengths[testnum]);
-if (async_jobs > 0) {
-BIO_printf(bio_err, "Async mode is not supported, exiting...");
-exit(1);
-}
 Time_F(START);
 for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
@@ -2145,12 +2152,13 @@ int speed_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_IDEA
 if (doit[D_CBC_IDEA]) {
-for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+if (async_jobs > 0) {
+BIO_printf(bio_err, "Async mode is not supported with %s\n",
+   names[D_CBC_IDEA]);
+doit[D_CBC_IDEA] = 0;
+}
+for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], 
lengths[testnum]);
-if (async_jobs > 0) {
-BIO_printf(bio_err, "Async mode is not supported, exiting...");
-exit(1);
-}
 Time_F(START);
 for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
 IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
@@ -2163,12 +2171,13 @@ int speed_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SEED
 if (doit[D_CBC_SEED]) {
-for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+if (async_jobs > 0) {
+BIO_printf(bio_err, "Async mode is not supported with %s\n",
+   names[D_CBC_SEED]);
+doit[D_CBC_SEED] = 0;
+}
+for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
 print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], 
lengths[testnum]);
-if (async_jobs > 0) {
-BIO_printf(bio_err, "Async mode is not supported, exiting...");
-exit(1);
-}

[openssl-commits] [openssl] master update

2016-08-19 Thread Dr . Stephen Henson 
The branch master has been updated
   via  d5d9636a91b7d755e2bcb50d5708312b9f762a5f (commit)
   via  28da14555f09f1d523b8b7277529fb80a1383e85 (commit)
  from  7f35b7d9c5f41cac834c9fe20a16757adbd06535 (commit)


- Log -
commit d5d9636a91b7d755e2bcb50d5708312b9f762a5f
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 12:59:55 2016 +0100

make update

Reviewed-by: Richard Levitte 

commit 28da14555f09f1d523b8b7277529fb80a1383e85
Author: Matt Caswell 
Date:   Sat Aug 13 12:07:42 2016 +0100

Convert PKCS12* functions to use const getters

Reviewed-by: Richard Levitte 
Reviewed-by: Stephen Henson 

---

Summary of changes:
 apps/pkcs12.c| 40 +---
 crypto/pkcs12/p12_add.c  |  4 ++--
 crypto/pkcs12/p12_attr.c |  5 +++--
 crypto/pkcs12/p12_kiss.c |  6 +++---
 crypto/pkcs12/p12_mutl.c |  2 +-
 crypto/pkcs12/p12_sbag.c | 27 ++-
 include/openssl/pkcs12.h | 32 ++--
 util/libcrypto.num   |  1 +
 8 files changed, 67 insertions(+), 50 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 7b12221..b5d5673 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -29,14 +29,15 @@ NON_EMPTY_TRANSLATION_UNIT
 
 static int get_cert_chain(X509 *cert, X509_STORE *store,
   STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
-int options, char *pempass, const EVP_CIPHER *enc);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-  char *pass, int passlen, int options, char *pempass,
-  const EVP_CIPHER *enc);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
- int passlen, int options, char *pempass,
- const EVP_CIPHER *enc);
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
+const char *pass, int passlen, int options,
+char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+  const char *pass, int passlen, int options,
+  char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
+ const char *pass, int passlen,
+ int options, char *pempass, const EVP_CIPHER *enc);
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -563,7 +564,7 @@ int pkcs12_main(int argc, char **argv)
 return (ret);
 }
 
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
 int passlen, int options, char *pempass,
 const EVP_CIPHER *enc)
 {
@@ -607,9 +608,9 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
 return ret;
 }
 
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-  char *pass, int passlen, int options, char *pempass,
-  const EVP_CIPHER *enc)
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+  const char *pass, int passlen, int options,
+  char *pempass, const EVP_CIPHER *enc)
 {
 int i;
 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
@@ -621,14 +622,15 @@ int dump_certs_pkeys_bags(BIO *out, 
STACK_OF(PKCS12_SAFEBAG) *bags,
 return 1;
 }
 
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options, char *pempass,
- const EVP_CIPHER *enc)
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc)
 {
 EVP_PKEY *pkey;
 PKCS8_PRIV_KEY_INFO *p8;
+const PKCS8_PRIV_KEY_INFO *p8c;
 X509 *x509;
-STACK_OF(X509_ATTRIBUTE) *attrs;
+const STACK_OF(X509_ATTRIBUTE) *attrs;
 int ret = 0;
 
 attrs = PKCS12_SAFEBAG_get0_attrs(bag);
@@ -640,10 +642,10 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, 
char *pass,
 if (options & NOKEYS)
 return 1;
 print_attribs(out, attrs, "Bag Attributes");
-p8 = PKCS12_SAFEBAG_get0_p8inf(bag);
-if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
+p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
+if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
 return 0;
-print_attribs(out,

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-08-19 Thread Rich Salz 
The branch OpenSSL_1_0_2-stable has been updated
   via  a03f81f4ead24c234dc26e388d86a352685f3948 (commit)
  from  66e708326524929a0e1631f8d1ef6e63c153922c (commit)


- Log -
commit a03f81f4ead24c234dc26e388d86a352685f3948
Author: Rich Salz 
Date:   Fri Aug 19 10:31:03 2016 -0400

Fix NULL-return checks in 1.0.2

RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences

Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/apps.c|  3 ++-
 apps/ca.c  | 20 
 apps/speed.c   |  4 
 crypto/asn1/asn_mime.c |  2 ++
 crypto/bio/bss_rtcp.c  |  2 ++
 crypto/conf/conf_mod.c |  4 
 crypto/engine/eng_cryptodev.c  |  6 +-
 crypto/evp/openbsd_hw.c| 22 ++
 crypto/evp/pmeth_gn.c  |  5 +
 crypto/jpake/jpake.c   |  4 
 crypto/pkcs7/pk7_doit.c|  2 ++
 crypto/ui/ui_lib.c |  2 ++
 crypto/x509/by_dir.c   |  4 
 crypto/x509v3/v3_alt.c |  2 ++
 doc/crypto/OBJ_nid2obj.pod |  4 +++-
 engines/ccgost/gost2001.c  |  6 ++
 engines/ccgost/gost2001_keyx.c |  2 ++
 engines/ccgost/gost94_keyx.c   |  2 ++
 engines/ccgost/gost_ameth.c| 14 ++
 engines/ccgost/gost_pmeth.c|  4 
 engines/e_4758cca.c|  8 
 engines/e_aep.c|  3 ++-
 engines/e_capi.c   | 13 +
 engines/e_chil.c   | 33 -
 ssl/d1_both.c  |  2 ++
 ssl/s3_clnt.c  |  4 
 ssl/s3_enc.c   |  4 
 ssl/ssl_ciph.c |  5 +
 ssl/ssl_sess.c |  4 
 ssl/t1_lib.c   |  2 ++
 30 files changed, 171 insertions(+), 21 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 0385490..08ddbc4 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -215,7 +215,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 if (arg != NULL)
 OPENSSL_free(arg);
 arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
-
+if (arg == NULL)
+return 0;
 *argv = arg;
 num = 0;
 p = buf;
diff --git a/apps/ca.c b/apps/ca.c
index 0b66095..0ad7be3 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2103,25 +2103,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 goto err;
 
 /* We now just add it to the database */
-row[DB_type] = (char *)OPENSSL_malloc(2);
-
 tm = X509_get_notAfter(ret);
-row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
-memcpy(row[DB_exp_date], tm->data, tm->length);
-row[DB_exp_date][tm->length] = '\0';
-
-row[DB_rev_date] = NULL;
-
-/* row[DB_serial] done already */
-row[DB_file] = (char *)OPENSSL_malloc(8);
+row[DB_type] = OPENSSL_malloc(2);
+row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
+row[DB_file] = OPENSSL_malloc(8);
 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
-
 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
 (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
 goto err;
 }
-BUF_strlcpy(row[DB_file], "unknown", 8);
+
+memcpy(row[DB_exp_date], tm->data, tm->length);
+row[DB_exp_date][tm->length] = '\0';
+row[DB_rev_date] = '\0';
+strcpy(row[DB_file], "unknown");
 row[DB_type][0] = 'V';
 row[DB_type][1] = '\0';
 
diff --git a/apps/speed.c b/apps/speed.c
index 95adcc1..b862868 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2614,6 +2614,10 @@ static int do_multi(int multi)
 static char sep[] = ":";
 
 fds = malloc(multi * sizeof *fds);
+if (fds == NULL) {
+fprintf(stderr, "Out of memory in speed (do_multi)\n");
+exit(1);
+}
 for (n = 0; n < multi; ++n) {
 if (pipe(fd) == -1) {
 fprintf(stderr, "pipe failure\n");
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 9fd5bef..5170906 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -623,6 +623,8 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO)

[openssl-commits] Passed: ekasper/openssl#47 (0070-explain-adding-tests - 4e543cc)

2016-08-19 Thread Travis CI 
Build Update for ekasper/openssl
-

Build: #47
Status: Passed

Duration: 1 hour, 10 minutes, and 17 seconds
Commit: 4e543cc (0070-explain-adding-tests)
Author: Emilia Kasper
Message: Add more details on how to add a new SSL test

View the changeset: 
https://github.com/ekasper/openssl/compare/8461638cfff8...4e543cc1ba58

View the full build log and details: 
https://travis-ci.org/ekasper/openssl/builds/153544759

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-08-19 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  5802758eb480c5f14a768f6a061df1dd20aec8c4 (commit)
   via  b77ab018b79a00f789b0fb85596b446b08be4c9d (commit)
   via  fa75569758298e2930c78989b516cac937118acc (commit)
  from  6c858db32b1ae293d7649ea593de3359225a4f7e (commit)


- Log -
commit 5802758eb480c5f14a768f6a061df1dd20aec8c4
Author: Matt Caswell 
Date:   Wed Aug 17 17:55:36 2016 +0100

Update function error code

A function error code needed updating due to merge issues.

Reviewed-by: Richard Levitte 

commit b77ab018b79a00f789b0fb85596b446b08be4c9d
Author: Matt Caswell 
Date:   Tue Jul 5 12:04:37 2016 +0100

Fix DTLS replay protection

The DTLS implementation provides some protection against replay attacks
in accordance with RFC6347 section 4.1.2.6.

A sliding "window" of valid record sequence numbers is maintained with
the "right" hand edge of the window set to the highest sequence number we
have received so far. Records that arrive that are off the "left" hand
edge of the window are rejected. Records within the window are checked
against a list of records received so far. If we already received it then
we also reject the new record.

If we have not already received the record, or the sequence number is off
the right hand edge of the window then we verify the MAC of the record.
If MAC verification fails then we discard the record. Otherwise we mark
the record as received. If the sequence number was off the right hand edge
of the window, then we slide the window along so that the right hand edge
is in line with the newly received sequence number.

Records may arrive for future epochs, i.e. a record from after a CCS being
sent, can arrive before the CCS does if the packets get re-ordered. As we
have not yet received the CCS we are not yet in a position to decrypt or
validate the MAC of those records. OpenSSL places those records on an
unprocessed records queue. It additionally updates the window immediately,
even though we have not yet verified the MAC. This will only occur if
currently in a handshake/renegotiation.

This could be exploited by an attacker by sending a record for the next
epoch (which does not have to decrypt or have a valid MAC), with a very
large sequence number. This means the right hand edge of the window is
moved very far to the right, and all subsequent legitimate packets are
dropped causing a denial of service.

A similar effect can be achieved during the initial handshake. In this
case there is no MAC key negotiated yet. Therefore an attacker can send a
message for the current epoch with a very large sequence number. The code
will process the record as normal. If the hanshake message sequence number
(as opposed to the record sequence number that we have been talking about
so far) is in the future then the injected message is bufferred to be
handled later, but the window is still updated. Therefore all subsequent
legitimate handshake records are dropped. This aspect is not considered a
security issue because there are many ways for an attacker to disrupt the
initial handshake and prevent it from completing successfully (e.g.
injection of a handshake message will cause the Finished MAC to fail and
the handshake to be aborted). This issue comes about as a result of trying
to do replay protection, but having no integrity mechanism in place yet.
Does it even make sense to have replay protection in epoch 0? That
issue isn't addressed here though.

This addressed an OCAP Audit issue.

CVE-2016-2181

Reviewed-by: Richard Levitte 

commit fa75569758298e2930c78989b516cac937118acc
Author: Matt Caswell 
Date:   Tue Jul 5 11:46:26 2016 +0100

Fix DTLS unprocessed records bug

During a DTLS handshake we may get records destined for the next epoch
arrive before we have processed the CCS. In that case we can't decrypt or
verify the record yet, so we buffer it for later use. When we do receive
the CCS we work through the queue of unprocessed records and process them.

Unfortunately the act of processing wipes out any existing packet data
that we were still working through. This includes any records from the new
epoch that were in the same packet as the CCS. We should only process the
buffered records if we've not got any data left.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/d1_pkt.c  | 83 +--
 ssl/ssl.h |  1 +
 ssl/ssl_err.c |  4 ++-
 3 files changed, 73

[openssl-commits] [openssl] master update

2016-08-19 Thread Matt Caswell 
The branch master has been updated
   via  a9c27fe19f159391aac7e591b64b44c1ea9d3642 (commit)
  from  bc87fb6bcd8f9ff419ca309e88a2a2e8346e17a2 (commit)


- Log -
commit a9c27fe19f159391aac7e591b64b44c1ea9d3642
Author: Benjamin Kaduk 
Date:   Thu Aug 18 15:47:04 2016 -0500

Sort %disabled in Configure

@disablables is sorted, but these were just added at the end of
%disabled in commits c2e27310 and 22e3dcb7.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 Configure | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Configure b/Configure
index 0a33fc2..4a7d322 100755
--- a/Configure
+++ b/Configure
@@ -365,10 +365,13 @@ my %deprecated_disablables = (
 
 our %disabled = ( # "what" => "comment"
   "asan"   => "default",
+ "crypto-mdebug"   => "default",
+ "crypto-mdebug-backtrace" => "default",
  "ec_nistp_64_gcc_128" => "default",
  "egd" => "default",
  "fuzz-libfuzzer"  => "default",
  "fuzz-afl"=> "default",
+ "heartbeats"  => "default",
  "md2" => "default",
   "msan"=> "default",
  "rc5" => "default",
@@ -381,9 +384,6 @@ our %disabled = ( # "what" => "comment"
  "weak-ssl-ciphers"=> "default",
  "zlib"=> "default",
  "zlib-dynamic"=> "default",
- "crypto-mdebug"   => "default",
- "crypto-mdebug-backtrace" => "default",
- "heartbeats"  => "default",
);
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4903

2016-08-19 Thread AppVeyor 



Build openssl master.4903 failed


Commit 5918c53754 by FdaSilvaYY on 8/18/2016 7:17 PM:

Constify more API using get0 pattern


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits