[openssl-commits] Build completed: openssl master.16697
Build openssl master.16697 completed Commit aed3df20c1 by Pauli on 3/21/2018 11:42 PM: Don't call strsignal, just print the signal number. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.16696
Build openssl master.16696 failed Commit 55ea493e6a by Kurt Roeckx on 3/3/2018 10:19 PM: Make sure we use a nonce when a nonce is required Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via aed3df20c105b6555ea2aeff559f2fab4ad4cefc (commit) from e613b1eff40f21cd99240f9884cd3396b0ab50f1 (commit) - Log - commit aed3df20c105b6555ea2aeff559f2fab4ad4cefc Author: PauliDate: Tue Mar 20 07:17:32 2018 +1000 Don't call strsignal, just print the signal number. The strsignal call is not supported by some machines, so avoid its use. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5658) --- Summary of changes: apps/ocsp.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 015f4d3..3c5534a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -882,7 +882,6 @@ static void noteterm (int sig) */ static void spawn_loop(void) { -const char *signame; pid_t *kidpids = NULL; int status; int procs = 0; @@ -978,9 +977,7 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ -signame = strsignal(termsig); -syslog(LOG_INFO, "terminating on signal: %s(%d)", - signame ? signame : "", termsig); +syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } # endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d1915ac75ca02f62e91e72d530515df030103253 (commit) from 3519dc1324f73e6d902f46ccb3685cef98ef78c8 (commit) - Log - commit d1915ac75ca02f62e91e72d530515df030103253 Author: Matt CaswellDate: Wed Mar 21 23:02:15 2018 + Update newsflash with pre-announcement for next release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index b812aa0..572c8db 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security release due on 27th March 2018 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last Group of Contributors 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0 (commit) from ab0a3914a64d8f1fce22795c02269e1288df52b1 (commit) - Log - commit 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0 Author: FdaSilvaYYDate: Wed Mar 21 16:01:24 2018 -0400 Unify s_client/s_server srtp profiles option handling Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4908) --- Summary of changes: apps/s_client.c | 5 +++-- apps/s_server.c | 11 ++- ssl/ssl_locl.h | 4 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 4b7df0c..ce7366f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -static char *srtp_profiles = NULL; - #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { @@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = { OPT_R_OPTIONS, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, +#ifndef OPENSSL_NO_SRTP {"use_srtp", OPT_USE_SRTP, 's', "Offer SRTP key management with a colon-separated profile list"}, +#endif {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv) int srp_lateuser = 0; SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; #endif +char *srtp_profiles = NULL; #ifndef OPENSSL_NO_CT char *ctlog_file = NULL; int ct_validation = 0; diff --git a/apps/s_server.c b/apps/s_server.c index bfa1345..9b5106d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -236,6 +236,7 @@ typedef struct srpsrvparm_st { SRP_VBASE *vb; SRP_user_pwd *user; } srpsrvparm; +static srpsrvparm srp_callback_parm; /* * This callback pretends to require some asynchronous logic in order to @@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -#ifndef OPENSSL_NO_SRP -static srpsrvparm srp_callback_parm; -#endif -#ifndef OPENSSL_NO_SRTP -static char *srtp_profiles = NULL; -#endif - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, @@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[]) char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif +char *srtp_profiles = NULL; int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; int s_server_session_id_context = 1; /* anything will do */ @@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[]) alpn_in = opt_arg(); break; case OPT_SRTP_PROFILES: -#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); -#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a28facd..eae5788 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1019,8 +1019,10 @@ struct ssl_ctx_st { /* Shared DANE context */ struct dane_ctx_st dane; +# ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +# endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. @@ -1358,10 +1360,12 @@ struct ssl_st { int scts_parsed; # endif SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ +# ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; +# endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ab0a3914a64d8f1fce22795c02269e1288df52b1 (commit) from 63ff89ab71d38f03bb56603e4048a1dc143942b2 (commit) - Log - commit ab0a3914a64d8f1fce22795c02269e1288df52b1 Author: Matt CaswellDate: Wed Mar 21 16:27:55 2018 + The default conv_form is uncompressed Fixes #5711 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5712) --- Summary of changes: doc/man1/ecparam.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/ecparam.pod b/doc/man1/ecparam.pod index dc07caf..6788c9f 100644 --- a/doc/man1/ecparam.pod +++ b/doc/man1/ecparam.pod @@ -92,8 +92,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 42b291f30be846f50ad5a36dc9d7cbb3ad9c67e1 (commit) from 0d6710289307d277ebc3354105c965b6e8ba8eb0 (commit) - Log - commit 42b291f30be846f50ad5a36dc9d7cbb3ad9c67e1 Author: Matt CaswellDate: Wed Mar 21 16:27:55 2018 + The default conv_form is uncompressed Fixes #5711 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5712) (cherry picked from commit ab0a3914a64d8f1fce22795c02269e1288df52b1) --- Summary of changes: doc/apps/ecparam.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index ba2f3b9..9482095 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -86,8 +86,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 813bcdf8eb79f24aa597939ad3f205104b4d84bc (commit) from 7150a4720af7913cae16f2e4eaf768b578c0b298 (commit) - Log - commit 813bcdf8eb79f24aa597939ad3f205104b4d84bc Author: Matt CaswellDate: Wed Mar 21 16:27:55 2018 + The default conv_form is uncompressed Fixes #5711 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5712) (cherry picked from commit ab0a3914a64d8f1fce22795c02269e1288df52b1) --- Summary of changes: doc/apps/ecparam.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index 9c279e0..f866fdb 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -91,8 +91,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 0d6710289307d277ebc3354105c965b6e8ba8eb0 (commit) via 64eb614ccc7ccf30cc412b736f509f1d82bbf897 (commit) via 0b199a883e9170cdfe8e61c150bbaf8d8951f3e7 (commit) from c03db40dcfa8b9e0d71837fcc70d1af6b9994cf1 (commit) - Log - commit 0d6710289307d277ebc3354105c965b6e8ba8eb0 Author: Samuel WeiserDate: Fri Feb 9 14:11:47 2018 +0100 consttime flag changed Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 7150a4720af7913cae16f2e4eaf768b578c0b298) commit 64eb614ccc7ccf30cc412b736f509f1d82bbf897 Author: Samuel Weiser Date: Wed Jan 31 13:10:55 2018 +0100 used ERR set/pop mark Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 011f82e66f4bf131c733fd41a8390039859aafb2) commit 0b199a883e9170cdfe8e61c150bbaf8d8951f3e7 Author: Samuel Weiser Date: Tue Dec 5 15:55:17 2017 +0100 Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 9db724cfede4ba7a3668bff533973ee70145ec07) --- Summary of changes: crypto/rsa/rsa_gen.c | 32 ++-- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index a85493d..9ca5dfe 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -109,6 +109,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *pr0, *d, *p; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; +unsigned long error = 0; /* * When generating ridiculously small keys, we can get stuck @@ -155,16 +156,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; +BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; -if (!BN_gcd(r1, r2, rsa->e, ctx)) -goto err; -if (BN_is_one(r1)) +ERR_set_mark(); +if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { +/* GCD == 1 since inverse exists */ break; +} +error = ERR_peek_last_error(); +if (ERR_GET_LIB(error) == ERR_LIB_BN +&& ERR_GET_REASON(error) == BN_R_NO_INVERSE) { +/* GCD != 1 */ +ERR_pop_to_mark(); +} else { +goto err; +} if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -177,10 +188,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; -if (!BN_gcd(r1, r2, rsa->e, ctx)) -goto err; -if (BN_is_one(r1)) +ERR_set_mark(); +if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { +/* GCD == 1 since inverse exists */ break; +} +error = ERR_peek_last_error(); +if (ERR_GET_LIB(error) == ERR_LIB_BN +&& ERR_GET_REASON(error) == BN_R_NO_INVERSE) { +/* GCD != 1 */ +ERR_pop_to_mark(); +} else { +goto err; +} if (!BN_GENCB_call(cb, 2, n++)) goto err; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 7150a4720af7913cae16f2e4eaf768b578c0b298 (commit) via 011f82e66f4bf131c733fd41a8390039859aafb2 (commit) via 9db724cfede4ba7a3668bff533973ee70145ec07 (commit) from 178a2a6f1c25d05d801544e6f18963726d90ac0b (commit) - Log - commit 7150a4720af7913cae16f2e4eaf768b578c0b298 Author: Samuel WeiserDate: Fri Feb 9 14:11:47 2018 +0100 consttime flag changed Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) commit 011f82e66f4bf131c733fd41a8390039859aafb2 Author: Samuel Weiser Date: Wed Jan 31 13:10:55 2018 +0100 used ERR set/pop mark Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) commit 9db724cfede4ba7a3668bff533973ee70145ec07 Author: Samuel Weiser Date: Tue Dec 5 15:55:17 2017 +0100 Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) --- Summary of changes: crypto/rsa/rsa_gen.c | 32 ++-- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 4ced965..4952ec3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -42,6 +42,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; +unsigned long error = 0; /* * When generating ridiculously small keys, we can get stuck @@ -88,16 +89,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; +BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; -if (!BN_gcd(r1, r2, rsa->e, ctx)) -goto err; -if (BN_is_one(r1)) +ERR_set_mark(); +if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { +/* GCD == 1 since inverse exists */ break; +} +error = ERR_peek_last_error(); +if (ERR_GET_LIB(error) == ERR_LIB_BN +&& ERR_GET_REASON(error) == BN_R_NO_INVERSE) { +/* GCD != 1 */ +ERR_pop_to_mark(); +} else { +goto err; +} if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -110,10 +121,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; -if (!BN_gcd(r1, r2, rsa->e, ctx)) -goto err; -if (BN_is_one(r1)) +ERR_set_mark(); +if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { +/* GCD == 1 since inverse exists */ break; +} +error = ERR_peek_last_error(); +if (ERR_GET_LIB(error) == ERR_LIB_BN +&& ERR_GET_REASON(error) == BN_R_NO_INVERSE) { +/* GCD != 1 */ +ERR_pop_to_mark(); +} else { +goto err; +} if (!BN_GENCB_call(cb, 2, n++)) goto err; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 63ff89ab71d38f03bb56603e4048a1dc143942b2 (commit) from ddc1caac2d6b22250f78ae9e0d392c923bc85933 (commit) - Log - commit 63ff89ab71d38f03bb56603e4048a1dc143942b2 Author: Philippe AntoineDate: Wed Mar 21 08:27:34 2018 +0100 Fixes integer underflow with SSL_trace support Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5706) --- Summary of changes: ssl/t1_trce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 55f1824..f8d0501 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -729,7 +729,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, while (xlen > 0) { size_t plen = *ext++; -if (plen > xlen + 1) +if (plen + 1 > xlen) return 0; BIO_indent(bio, indent + 2, 80); BIO_write(bio, ext, plen); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.16669
Build openssl master.16669 completed Commit 390469c676 by Andy Polyakov on 3/21/2018 3:20 PM: man3/OPENSSL_ia32cap.pod: update versioning information. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.16668
Build openssl master.16668 failed Commit b444c62319 by Rich Salz on 3/21/2018 11:52 AM: Filter out .rc file, fix copyright year generation Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 178a2a6f1c25d05d801544e6f18963726d90ac0b (commit) from 329aa3412ea1d8baa4fb09c976b11f9e7c46a762 (commit) - Log - commit 178a2a6f1c25d05d801544e6f18963726d90ac0b Author: Bernd EdlingerDate: Wed Mar 21 17:27:44 2018 +0100 Cleanup the s_time command. Various code-cleanups. Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling SSL_ERROR_WANT_READ everywhere. Turn off the linger option on connected sockets to avoid failure. Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput. Continue test even without -cipher option as in 1.0.2. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5698) --- Summary of changes: apps/s_time.c | 89 +++ 1 file changed, 23 insertions(+), 66 deletions(-) diff --git a/apps/s_time.c b/apps/s_time.c index cb2a4fd..0527d53 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define NO_SHUTDOWN - #include #include #include @@ -28,22 +26,8 @@ # include OPENSSL_UNISTD #endif -#undef ioctl -#define ioctl ioctlsocket - #define SSL_CONNECT_NAME"localhost:4433" -/* no default cert. */ -/* - * #define TEST_CERT "client.pem" - */ - -#undef min -#undef max -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#define max(a,b) (((a) > (b)) ? (a) : (b)) - -#undef SECONDS #define SECONDS 30 #define SECONDSSTR "30" @@ -185,21 +169,20 @@ int s_time_main(int argc, char **argv) if (cipher == NULL) cipher = getenv("SSL_CIPHER"); -if (cipher == NULL) { +if (cipher == NULL) BIO_printf(bio_err, "No CIPHER specified\n"); -goto end; -} if ((ctx = SSL_CTX_new(meth)) == NULL) goto end; +SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_quiet_shutdown(ctx, 1); if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; if (st_bugs) SSL_CTX_set_options(ctx, SSL_OP_ALL); -if (!SSL_CTX_set_cipher_list(ctx, cipher)) +if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher)) goto end; if (!set_cert_stuff(ctx, certfile, keyfile)) goto end; @@ -229,16 +212,10 @@ int s_time_main(int argc, char **argv) fmt_http_get_cmd, www_path); if (SSL_write(scon, buf, buf_len) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) -if (i > 0) bytes_read += i; +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) +bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -289,16 +266,10 @@ int s_time_main(int argc, char **argv) fmt_http_get_cmd, www_path); if (SSL_write(scon, buf, buf_len) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) continue; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn = 0; @@ -322,16 +293,10 @@ int s_time_main(int argc, char **argv) www_path); if (SSL_write(scon, buf, strlen(buf)) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) -if (i > 0) bytes_read += i; +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) +bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -373,13 +338,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) { BIO *conn; SSL *serverCon; -int width, i; -fd_set readfds; +int i; if ((conn = BIO_new(BIO_s_connect())) == NULL) -return (NULL); +return NULL;
[openssl-commits] [openssl] master update
The branch master has been updated via 0870c8ea93929d4e123d31805707a978bc39fdf0 (commit) from 693be9a2cb0fc79fe856259feea54772c18a3637 (commit) - Log - commit 0870c8ea93929d4e123d31805707a978bc39fdf0 Author: Bernd EdlingerDate: Wed Mar 21 16:23:57 2018 +0100 Cleanup the s_time command. Various code-cleanups. Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling SSL_ERROR_WANT_READ everywhere. Turn off the linger option on connected sockets to avoid failure. Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3952) --- Summary of changes: apps/s_time.c | 82 +++ 1 file changed, 21 insertions(+), 61 deletions(-) diff --git a/apps/s_time.c b/apps/s_time.c index 0d3543e..5688f4f 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define NO_SHUTDOWN - #include #include #include @@ -24,26 +22,13 @@ #include #include "s_apps.h" #include +#include #if !defined(OPENSSL_SYS_MSDOS) # include OPENSSL_UNISTD #endif -#undef ioctl -#define ioctl ioctlsocket - #define SSL_CONNECT_NAME"localhost:4433" -/* no default cert. */ -/* - * #define TEST_CERT "client.pem" - */ - -#undef min -#undef max -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#define max(a,b) (((a) > (b)) ? (a) : (b)) - -#undef SECONDS #define SECONDS 30 #define SECONDSSTR "30" @@ -206,6 +191,7 @@ int s_time_main(int argc, char **argv) if ((ctx = SSL_CTX_new(meth)) == NULL) goto end; +SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_quiet_shutdown(ctx, 1); if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; @@ -244,16 +230,10 @@ int s_time_main(int argc, char **argv) www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) -if (i > 0) bytes_read += i; +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) +bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -303,16 +283,10 @@ int s_time_main(int argc, char **argv) buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) continue; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn = 0; @@ -336,16 +310,10 @@ int s_time_main(int argc, char **argv) www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; -while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || -SSL_get_error(scon, i) == SSL_ERROR_WANT_READ || -SSL_get_error(scon, i) == SSL_ERROR_WANT_WRITE) -if (i > 0) bytes_read += i; +while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) +bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else -SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -387,13 +355,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) { BIO *conn; SSL *serverCon; -int width, i; -fd_set readfds; +int i; if ((conn = BIO_new(BIO_s_connect())) == NULL) return NULL; BIO_set_conn_hostname(conn, host); +BIO_set_conn_mode(conn, BIO_SOCK_NODELAY); if (scon == NULL) serverCon = SSL_new(ctx); @@ -405,26 +373,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) SSL_set_bio(serverCon, conn, conn); /* ok, lets connect */ -for (;;) { -i = SSL_connect(serverCon); -if (BIO_sock_should_retry(i)) { -
[openssl-commits] Build completed: openssl master.16663
Build openssl master.16663 completed Commit f78a0217cd by Bernd Edlinger on 3/21/2018 2:01 PM: fix appveyor failure Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.16662
Build openssl master.16662 failed Commit 52f20c3720 by Philippe Antoine on 3/21/2018 12:50 PM: Adds multiple checks to avoid buffer over reads Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.16661
Build openssl master.16661 completed Commit a4d482856c by Andy Polyakov on 3/21/2018 12:12 PM: include/openssl/rand.h: omit intermediate typedef. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 329aa3412ea1d8baa4fb09c976b11f9e7c46a762 (commit) via 041ddc366b6d18ee3993877a50299257e688c00c (commit) from 8e4057768586961942851d89287f43969352127a (commit) - Log - commit 329aa3412ea1d8baa4fb09c976b11f9e7c46a762 Author: Matt CaswellDate: Tue Jan 16 11:26:50 2018 + Don't wait for dry at the end of a handshake For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5085) commit 041ddc366b6d18ee3993877a50299257e688c00c Author: Matt Caswell Date: Tue Jan 16 10:48:01 2018 + Check for alerts while waiting for a dry event At a couple of points in a DTLS/SCTP handshake we need to wait for a dry event before continuing. However if an alert has been sent by the peer then we will never receive that dry event and an infinite loop results. This commit changes things so that we attempt to read a message if we are waiting for a dry event but haven't got one yet. This should never succeed, but any alerts will be processed. Fixes #4763 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5085) --- Summary of changes: include/openssl/ssl.h| 1 + ssl/ssl_err.c| 1 + ssl/statem/statem_dtls.c | 19 +++ ssl/statem/statem_lib.c | 9 - 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index abe4406..d99008d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2110,6 +2110,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST385 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 # define SSL_F_OPENSSL_INIT_SSL 342 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 3c2ebe1..580861e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -48,6 +48,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE), "dtls_get_reassembled_message"}, {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"}, +{ERR_FUNC(SSL_F_DTLS_WAIT_FOR_DRY), "dtls_wait_for_dry"}, {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"}, {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION), "ossl_statem_client_read_transition"}, diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 22be871..ebc95d3 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -910,9 +910,14 @@ int dtls_construct_change_cipher_spec(SSL *s) } #ifndef OPENSSL_NO_SCTP +/* + * Wait for a dry event. Should only be called at a point in the handshake + * where we are not expecting any data from the peer (except possibly an alert). + */ WORK_STATE dtls_wait_for_dry(SSL *s) { int ret; +long len; /* read app data until dry event */ ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); @@ -920,6 +925,20 @@ WORK_STATE dtls_wait_for_dry(SSL *s) return WORK_ERROR; if (ret == 0) { +/* + * We're not expecting any more messages from the peer at this point - + * but we could get an alert. If an alert is waiting then we will never + * return successfully. Therefore we attempt to read a message. This + * should never succeed but will process any waiting alerts. + */ +if (dtls_get_reassembled_message(s, )) { +/* The call succeeded! This should never happen */ +SSLerr(SSL_F_DTLS_WAIT_FOR_DRY, SSL_R_UNEXPECTED_MESSAGE); +ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); +ossl_statem_set_error(s); +return WORK_ERROR; +} + s->s3->in_read_app_data = 2; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); diff --git
[openssl-commits] [openssl] master update
The branch master has been updated via 424afe931e7d813f75c7d1eacad7a5cd946c6456 (commit) via 2e92af5ea5987354fd7fe582a07440ff7aca01f4 (commit) from 696de86f8edefdf885a665ed9166ee2432f2ee30 (commit) - Log - commit 424afe931e7d813f75c7d1eacad7a5cd946c6456 Author: Matt CaswellDate: Tue Jan 16 11:26:50 2018 + Don't wait for dry at the end of a handshake For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5084) commit 2e92af5ea5987354fd7fe582a07440ff7aca01f4 Author: Matt Caswell Date: Tue Jan 16 10:48:01 2018 + Check for alerts while waiting for a dry event At a couple of points in a DTLS/SCTP handshake we need to wait for a dry event before continuing. However if an alert has been sent by the peer then we will never receive that dry event and an infinite loop results. This commit changes things so that we attempt to read a message if we are waiting for a dry event but haven't got one yet. This should never succeed, but any alerts will be processed. Fixes #4763 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5084) --- Summary of changes: ssl/statem/statem_dtls.c | 20 +++- ssl/statem/statem_lib.c | 9 - 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 9bda18b..b5e62a2 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -922,9 +922,14 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) } #ifndef OPENSSL_NO_SCTP +/* + * Wait for a dry event. Should only be called at a point in the handshake + * where we are not expecting any data from the peer except an alert. + */ WORK_STATE dtls_wait_for_dry(SSL *s) { -int ret; +int ret, errtype; +size_t len; /* read app data until dry event */ ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); @@ -935,6 +940,19 @@ WORK_STATE dtls_wait_for_dry(SSL *s) } if (ret == 0) { +/* + * We're not expecting any more messages from the peer at this point - + * but we could get an alert. If an alert is waiting then we will never + * return successfully. Therefore we attempt to read a message. This + * should never succeed but will process any waiting alerts. + */ +if (dtls_get_reassembled_message(s, , )) { +/* The call succeeded! This should never happen */ +SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY, + SSL_R_UNEXPECTED_MESSAGE); +return WORK_ERROR; +} + s->s3->in_read_app_data = 2; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a82079c..190050c 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1004,15 +1004,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) int discard; void (*cb) (const SSL *ssl, int type, int val) = NULL; -#ifndef OPENSSL_NO_SCTP -if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { -WORK_STATE ret; -ret = dtls_wait_for_dry(s); -if (ret != WORK_FINISHED_CONTINUE) -return ret; -} -#endif - if (clearbufs) { if (!SSL_IS_DTLS(s)) { /* _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 696de86f8edefdf885a665ed9166ee2432f2ee30 (commit) from 9d9dc6ac852a74836ba15a3ed10b3ecb6581fd1b (commit) - Log - commit 696de86f8edefdf885a665ed9166ee2432f2ee30 Author: Peter WuDate: Tue Mar 20 23:47:06 2018 +0100 Fix stack-use-after-scope Fixes regression from #5667. Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5701) --- Summary of changes: ssl/statem/extensions_clnt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index bebf73a..5c36004 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -744,6 +744,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { +#ifndef OPENSSL_NO_PSK +char identity[PSK_MAX_IDENTITY_LEN + 1]; +#endif /* OPENSSL_NO_PSK */ const unsigned char *id = NULL; size_t idlen = 0; SSL_SESSION *psksess = NULL; @@ -765,7 +768,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_PSK if (psksess == NULL && s->psk_client_callback != NULL) { -char identity[PSK_MAX_IDENTITY_LEN + 1]; unsigned char psk[PSK_MAX_PSK_LEN]; size_t psklen = 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9d9dc6ac852a74836ba15a3ed10b3ecb6581fd1b (commit) from 4af14b7b018750bf3584587068211948924738fb (commit) - Log - commit 9d9dc6ac852a74836ba15a3ed10b3ecb6581fd1b Author: Andy PolyakovDate: Mon Mar 19 18:12:31 2018 +0100 o_fopen.c,rand/randfile.c: compensate for e_os.h omission. At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c and randfile.c which are not OS-neutral, and contain some Win32-specific code. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5676) --- Summary of changes: crypto/o_fopen.c | 3 +++ crypto/rand/randfile.c | 12 +--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c index a3a0065..951d034 100644 --- a/crypto/o_fopen.c +++ b/crypto/o_fopen.c @@ -12,6 +12,9 @@ #if !defined(OPENSSL_NO_STDIO) # include +# ifdef _WIN32 +# include +# endif FILE *openssl_fopen(const char *filename, const char *mode) { diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index d4edc50..a979eb9 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -26,7 +26,12 @@ # include # include # ifdef _WIN32 +# include # include +# define stat_stat +# define chmod _chmod +# define open_open +# define fdopen _fdopen # endif #endif @@ -41,13 +46,6 @@ # define S_ISREG(m) ((m) & S_IFREG) # endif -#ifdef _WIN32 -# define stat_stat -# define chmod _chmod -# define open_open -# define fdopen _fdopen -#endif - #define RAND_FILE_SIZE 1024 #define RFILE ".rnd" _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits