[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec

2018-04-17 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec

Commit log since last time:

55442b8 BIGNUM signed add/sub routines refactory
9f2a3bb Fix a memory leak in an error path
a682365 Check the return from EVP_PKEY_get0_DH()
7d4488b Extend the SSL_set_bio() tests
bd7775e Fix assertion failure in SSL_set_bio()
2bdeffe Update fingerprints.txt
5bbf42a Update the info callback documentation for TLSv1.3
5718fe4 Add a test for the info callback
7f9f5f7 Make sure info callback knows about all handshake start events
c2c1d8a Call the info callback on all handshake done events
ded4a83 Ignore the status_request extension in a resumption handshake
a12de2c SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() 
call
e62fb0d p5_scrypt.c: fix error check of RAND_bytes() call
43687d6 DRBG: fix coverity issues
826e154 apps/s_socket.c: print only dynamically allocated port in do_server.
dbabc86 Add a config option to disable automatic config loading
a051af0 Prepare for 1.1.1-pre6-dev
4ff3df1 Prepare for 1.1.1-pre5 release
2842813 Update copyright year
6761890 OpenSSL 1.1.1-pre5: update CHANGES with recent user visible changes

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o 
../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -pthread -m64 -Qunused-arguments -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror  -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o 
test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o 
test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o 
test/cipherlist_test.o ../openssl/test/cipherlist_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o 
test/ciphername_test.o ../openssl/test/ciphername_test.c
clang

[openssl-commits] [openssl] master update

2018-04-17 Thread Rich Salz 
The branch master has been updated
   via  55442b8a5b719f54578083fae0fcc814b599cd84 (commit)
  from  9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94 (commit)


- Log -
commit 55442b8a5b719f54578083fae0fcc814b599cd84
Author: Davide Galassi 
Date:   Tue Apr 17 16:57:22 2018 -0400

BIGNUM signed add/sub routines refactory

Old code replaced in favor of a clearer implementation.
Performances are not penalized.

Updated the copyright end date to 2018.

Reviewed-by: David Benjamin 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5963)

---

Summary of changes:
 crypto/bn/bn_add.c | 132 +++--
 1 file changed, 47 insertions(+), 85 deletions(-)

diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index 7cdefa7..f2736b8 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,51 +10,69 @@
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
-/* r can == a or b */
+/* signed add of b to a. */
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
-int a_neg = a->neg, ret;
+int ret, r_neg, cmp_res;
 
 bn_check_top(a);
 bn_check_top(b);
 
-/*-
- *  a +  b  a+b
- *  a + -b  a-b
- * -a +  b  b-a
- * -a + -b  -(a+b)
- */
-if (a_neg ^ b->neg) {
-/* only one is negative */
-if (a_neg) {
-const BIGNUM *tmp;
-
-tmp = a;
-a = b;
-b = tmp;
+if (a->neg == b->neg) {
+r_neg = a->neg;
+ret = BN_uadd(r, a, b);
+} else {
+cmp_res = BN_ucmp(a, b);
+if (cmp_res > 0) {
+r_neg = a->neg;
+ret = BN_usub(r, a, b);
+} else if (cmp_res < 0) {
+r_neg = b->neg;
+ret = BN_usub(r, b, a);
+} else {
+r_neg = 0;
+BN_zero(r);
+ret = 1;
 }
+}
+
+r->neg = r_neg;
+bn_check_top(r);
+return ret;
+}
+
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+int ret, r_neg, cmp_res;
 
-/* we are now a - b */
+bn_check_top(a);
+bn_check_top(b);
 
-if (BN_ucmp(a, b) < 0) {
-if (!BN_usub(r, b, a))
-return 0;
-r->neg = 1;
+if (a->neg != b->neg) {
+r_neg = a->neg;
+ret = BN_uadd(r, a, b);
+} else {
+cmp_res = BN_ucmp(a, b);
+if (cmp_res > 0) {
+r_neg = a->neg;
+ret = BN_usub(r, a, b);
+} else if (cmp_res < 0) {
+r_neg = !b->neg;
+ret = BN_usub(r, b, a);
 } else {
-if (!BN_usub(r, a, b))
-return 0;
-r->neg = 0;
+r_neg = 0;
+BN_zero(r);
+ret = 1;
 }
-return 1;
 }
 
-ret = BN_uadd(r, a, b);
-r->neg = a_neg;
+r->neg = r_neg;
 bn_check_top(r);
 return ret;
 }
 
-/* unsigned add of b to a */
+/* unsigned add of b to a, r can be equal to a or b. */
 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
 int max, min, dif;
@@ -151,59 +169,3 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 return 1;
 }
 
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
-int max;
-int add = 0, neg = 0;
-
-bn_check_top(a);
-bn_check_top(b);
-
-/*-
- *  a -  b  a-b
- *  a - -b  a+b
- * -a -  b  -(a+b)
- * -a - -b  b-a
- */
-if (a->neg) {
-if (b->neg) {
-const BIGNUM *tmp;
-
-tmp = a;
-a = b;
-b = tmp;
-} else {
-add = 1;
-neg = 1;
-}
-} else {
-if (b->neg) {
-add = 1;
-neg = 0;
-}
-}
-
-if (add) {
-if (!BN_uadd(r, a, b))
-return 0;
-r->neg = neg;
-return 1;
-}
-
-/* We are actually doing a - b :-) */
-
-max = (a->top > b->top) ? a->top : b->top;
-if (bn_wexpand(r, max) == NULL)
-return 0;
-if (BN_ucmp(a, b) < 0) {
-if (!BN_usub(r, b, a))
-return 0;
-r->neg = 1;
-} else {
-if (!BN_usub(r, a, b))
-return 0;
-r->neg = 0;
-}
-bn_check_top(r);
-return 1;
-}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-04-17 Thread Richard Levitte 
The branch OpenSSL_1_0_2-stable has been updated
   via  82d8cec06ae8af5dbe68c8e4be38ad32ce9fa594 (commit)
  from  363c9f0ba4973a3d7d4ce743fadbc252aa9f0d4c (commit)


- Log -
commit 82d8cec06ae8af5dbe68c8e4be38ad32ce9fa594
Author: John Eichenberger 
Date:   Tue Apr 3 16:08:31 2018 -0700

Correct the check of RSA_FLAG_SIGN_VER

The wrong flags were being tested. It is the rsa->meth flags not the rsa
flags that should be tested.

wpa_supplicant has a bit of code that
1. Allocates and defines a RSA_METHOD structure.
2. calls RSA_new();
3. calls RSA_set_method().

In current versions of that code the rsa_sign and rsa_verify members of
the RSA_METHOD structure are not defined, thus making it compatible
with the really old versions of OpenSSL.

But should one change it use the rsa_sign method one must set the
RSA_FLAG_SIGN_VER bit of the RSA_METHOD structure to indicate that
one or both of those new methods are required.  In doing so, OpenSSL
will not call the new methods, not without this change.

CLA: trivial

Change-Id: I6e65a80f21399f25e966466ff676e3b21f85f360

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5971)

---

Summary of changes:
 crypto/rsa/rsa_sign.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 82ca832..b7fff43 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int 
m_len,
 return 0;
 }
 #endif
-if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
 return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
 }
 /* Special case: SSL signature, just check the length */
@@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned 
int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
 
-if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
 return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94 (commit)
  from  a68236572850a1f50d5c40990b5a15a18ebea3bc (commit)


- Log -
commit 9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94
Author: Matt Caswell 
Date:   Mon Apr 16 18:41:01 2018 +0100

Fix a memory leak in an error path

Found by Coverity.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5970)

---

Summary of changes:
 crypto/srp/srp_vfy.c | 22 ++
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 1bf2f26..b13c006 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -69,8 +69,10 @@ static int t_fromb64(unsigned char *a, size_t alen, const 
char *src)
  *  4 bytes unencoded = 6 bytes encoded
  *  etc
  */
-if (padsize == 3)
-return -1;
+if (padsize == 3) {
+outl = -1;
+goto err;
+}
 
 /* Valid padsize values are now 0, 1 or 2 */
 
@@ -80,12 +82,12 @@ static int t_fromb64(unsigned char *a, size_t alen, const 
char *src)
 /* Add any encoded padding that is required */
 if (padsize != 0
 && EVP_DecodeUpdate(ctx, a, , pad, padsize) < 0) {
-EVP_ENCODE_CTX_free(ctx);
-return -1;
+outl = -1;
+goto err;
 }
 if (EVP_DecodeUpdate(ctx, a, , (const unsigned char *)src, size) < 
0) {
-EVP_ENCODE_CTX_free(ctx);
-return -1;
+outl = -1;
+goto err;
 }
 outl += outl2;
 EVP_DecodeFinal(ctx, a + outl, );
@@ -93,8 +95,11 @@ static int t_fromb64(unsigned char *a, size_t alen, const 
char *src)
 
 /* Strip off the leading padding */
 if (padsize != 0) {
-if ((int)padsize >= outl)
-return -1;
+if ((int)padsize >= outl) {
+outl = -1;
+goto err;
+}
+
 /*
  * If we added 1 byte of padding prior to encoding then we have 2 bytes
  * of "real" data which gets spread across 4 encoded bytes like this:
@@ -112,6 +117,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const 
char *src)
 outl -= padsize;
 }
 
+ err:
 EVP_ENCODE_CTX_free(ctx);
 
 return outl;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  a68236572850a1f50d5c40990b5a15a18ebea3bc (commit)
  from  7d4488bbd7ac34fffb776cccbfff6b4ac0387e03 (commit)


- Log -
commit a68236572850a1f50d5c40990b5a15a18ebea3bc
Author: Matt Caswell 
Date:   Tue Apr 17 11:32:20 2018 +0100

Check the return from EVP_PKEY_get0_DH()

Fixes #5934

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5983)

---

Summary of changes:
 ssl/statem/statem_srvr.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7e033ce..aa38fad 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2481,6 +2481,12 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET 
*pkt)
 }
 
 dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+if (dh == NULL) {
+SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+goto err;
+}
 
 EVP_PKEY_free(pkdh);
 pkdh = NULL;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-04-17 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  1d015368ebe245c4468522d152edfd8a1069426e (commit)
  from  8917c8909ab0f63cf5812bfc9cba7cbb9ccb5210 (commit)


- Log -
commit 1d015368ebe245c4468522d152edfd8a1069426e
Author: Matt Caswell 
Date:   Mon Apr 16 14:06:56 2018 +0100

Fix assertion failure in SSL_set_bio()

If SSL_set_bio() is called with a NULL wbio after a failed connection then
this can trigger an assertion failure. This should be valid behaviour and
the assertion is in fact invalid and can simply be removed.

Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/5966)

(cherry picked from commit bd7775e14a19c326d3720f2345c2ae324409e979)

---

Summary of changes:
 ssl/ssl_lib.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8a190d2..a1a514f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3519,7 +3519,6 @@ void ssl_free_wbio_buffer(SSL *s)
 return;
 
 s->wbio = BIO_pop(s->wbio);
-assert(s->wbio != NULL);
 BIO_free(s->bbio);
 s->bbio = NULL;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  7d4488bbd7ac34fffb776cccbfff6b4ac0387e03 (commit)
   via  bd7775e14a19c326d3720f2345c2ae324409e979 (commit)
  from  2bdeffefddd8e8a65a51a7b020f8d51a4a3b1602 (commit)


- Log -
commit 7d4488bbd7ac34fffb776cccbfff6b4ac0387e03
Author: Matt Caswell 
Date:   Mon Apr 16 14:08:38 2018 +0100

Extend the SSL_set_bio() tests

The SSL_set_bio() tests only did standalone testing without being in the
context of an actual connection. We extend this to do additional tests
following a successful or failed connection attempt. This would have
caught the issue fixed in the previous commit.

Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/5966)

commit bd7775e14a19c326d3720f2345c2ae324409e979
Author: Matt Caswell 
Date:   Mon Apr 16 14:06:56 2018 +0100

Fix assertion failure in SSL_set_bio()

If SSL_set_bio() is called with a NULL wbio after a failed connection then
this can trigger an assertion failure. This should be valid behaviour and
the assertion is in fact invalid and can simply be removed.

Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/5966)

---

Summary of changes:
 ssl/ssl_lib.c |   2 -
 test/sslapitest.c | 127 --
 2 files changed, 95 insertions(+), 34 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b1d78dc..1e24f84 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3844,8 +3844,6 @@ int ssl_free_wbio_buffer(SSL *s)
 return 1;
 
 s->wbio = BIO_pop(s->wbio);
-if (!ossl_assert(s->wbio != NULL))
-return 0;
 BIO_free(s->bbio);
 s->bbio = NULL;
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 1c9f294..338c61c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1113,11 +1113,27 @@ static int test_session_with_both_cache(void)
 #endif
 }
 
-#define USE_NULL0
-#define USE_BIO_1   1
-#define USE_BIO_2   2
+#define USE_NULL0
+#define USE_BIO_1   1
+#define USE_BIO_2   2
+#define USE_DEFAULT 3
+
+#define CONNTYPE_CONNECTION_SUCCESS  0
+#define CONNTYPE_CONNECTION_FAIL 1
+#define CONNTYPE_NO_CONNECTION   2
+
+#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
+#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS(2 * 2)
+#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
+# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS   (2 * 2)
+#else
+# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS   0
+#endif
+
 
-#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
+#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \
++ TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \
++ TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS
 
 static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
 {
@@ -1134,28 +1150,65 @@ static void setupbio(BIO **res, BIO *bio1, BIO *bio2, 
int type)
 }
 }
 
+
+/*
+ * Tests calls to SSL_set_bio() under various conditions.
+ *
+ * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with
+ * various combinations of valid BIOs or NULL being set for the rbio/wbio. We
+ * then do more tests where we create a successful connection first using our
+ * standard connection setup functions, and then call SSL_set_bio() with
+ * various combinations of valid BIOs or NULL. We then repeat these tests
+ * following a failed connection. In this last case we are looking to check 
that
+ * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
+ */
 static int test_ssl_set_bio(int idx)
 {
-SSL_CTX *ctx;
+SSL_CTX *sctx = NULL, *cctx = NULL;
 BIO *bio1 = NULL;
 BIO *bio2 = NULL;
 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
-SSL *ssl = NULL;
-int initrbio, initwbio, newrbio, newwbio;
+SSL *serverssl = NULL, *clientssl = NULL;
+int initrbio, initwbio, newrbio, newwbio, conntype;
 int testresult = 0;
 
-initrbio = idx % 3;
-idx /= 3;
-initwbio = idx % 3;
-idx /= 3;
-newrbio = idx % 3;
-idx /= 3;
-newwbio = idx;
-if (!TEST_int_le(newwbio, 2))
-return 0;
+if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) {
+initrbio = idx % 3;
+idx /= 3;
+initwbio = idx % 3;
+idx /= 3;
+newrbio = idx % 3;
+idx /= 3;
+newwbio = idx % 3;
+conntype = CONNTYPE_NO_CONNECTION;
+} else {
+idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS;
+initrbio = initwbio = USE_DEFAULT;
+newrbio = idx % 2;
+idx /= 2;
+newwbio = idx % 2;
+idx /= 2;
+conntype = idx % 2;
+}
 
-if (!TEST_ptr(ctx =

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-04-17 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  363c9f0ba4973a3d7d4ce743fadbc252aa9f0d4c (commit)
  from  1084fc8f0086cece8ae1a1e9f484d30fdff25192 (commit)


- Log -
commit 363c9f0ba4973a3d7d4ce743fadbc252aa9f0d4c
Author: Matt Caswell 
Date:   Tue Apr 17 13:40:07 2018 +0100

Update fingerprints.txt

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5988)

---

Summary of changes:
 doc/fingerprints.txt | 67 +++-
 1 file changed, 14 insertions(+), 53 deletions(-)

diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt
index 373e90d..2cb74ae 100644
--- a/doc/fingerprints.txt
+++ b/doc/fingerprints.txt
@@ -1,63 +1,24 @@
-  Fingerprints
+Fingerprints for Signing Releases
 
-OpenSSL releases are signed with PGP/GnuPG keys.  You can find the
-signatures in separate files in the same location you find the
-distributions themselves.  The normal file name is the same as the
-distribution file, with '.asc' added.  For example, the signature for
-the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in
-the file openssl-1.0.1h.tar.gz.asc.
+OpenSSL releases are signed with PGP/GnuPG keys.  This file contains
+the fingerprints of team members who are "authorized" to sign the
+next release.
+
+The signature is a detached cleartxt signature, with the same name
+as the release but with ".asc" appended.  For example, release
+1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature
+in the file named openssl-1.0.1h.tar.gz.asc.
 
 The following is the list of fingerprints for the keys that are
 currently in use to sign OpenSSL distributions:
 
-pub   1024D/F709453B 2003-10-20
-  Key fingerprint = C4CA B749 C34F 7F4C C04F  DAC9 A7AF 9E78 F709 453B
-uid  Richard Levitte 
+pub   4096R/7DF9EE8C 2014-10-04
+  Key fingerprint = 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
+uid  Richard Levitte 
 uid  Richard Levitte 
-uid  Richard Levitte 
-
-pub   2048R/F295C759 1998-12-13
-  Key fingerprint = D0 5D 8C 61 6E 27 E6 60  41 EC B1 B8 D5 7E E5 97
-uid  Dr S N Henson 
-
-pub   4096R/FA40E9E2 2005-03-19
-  Key fingerprint = 6260 5AA4 334A F9F0 DDE5  D349 D357 7507 FA40 E9E2
-uid  Dr Stephen Henson 
-uid  Dr Stephen Henson 
-uid  Dr Stephen N Henson 
-sub   4096R/8811F530 2005-03-19
-
-pub   1024R/49A563D9 1997-02-24
-  Key fingerprint = 7B 79 19 FA 71 6B 87 25  0E 77 21 E5 52 D9 83 BF
-uid  Mark Cox 
-uid  Mark Cox 
-uid  Mark Cox 
-
-pub   1024R/9C58A66D 1997-04-03
-  Key fingerprint = 13 D0 B8 9D 37 30 C3 ED  AC 9C 24 7D 45 8C 17 67
-uid  jaeni...@openssl.org
-uid  Lutz Jaenicke 
-
-pub   1024D/2118CF83 1998-07-13
-  Key fingerprint = 7656 55DE 62E3 96FF 2587  EB6C 4F6D E156 2118 CF83
-uid  Ben Laurie 
-uid  Ben Laurie 
-uid  Ben Laurie 
-sub   4096g/1F5143E7 1998-07-13
-
-pub   1024R/5A6A9B85 1994-03-22
-  Key fingerprint = C7 AC 7E AD 56 6A 65 EC  F6 16 66 83 7E 86 68 28
-uid  Bodo Moeller <2...@bmoeller.de>
-uid  Bodo Moeller <2...@bmoeller.de>
-uid  Bodo Moeller <2...@bmoeller.de>
-uid  Bodo Moeller 
-uid  Bodo Moeller 
-uid  Bodo Moeller 
-uid  Bodo Moeller <3moel...@informatik.uni-hamburg.de>
-uid  Bodo Moeller 
-uid  Bodo Moeller <3moel...@rzdspc5.informatik.uni-hamburg.de>
+uid  Richard Levitte 
 
 pub   2048R/0E604491 2013-04-30
   Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid  Matt Caswell 
 uid  Matt Caswell 
-
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-04-17 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  8917c8909ab0f63cf5812bfc9cba7cbb9ccb5210 (commit)
  from  af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb (commit)


- Log -
commit 8917c8909ab0f63cf5812bfc9cba7cbb9ccb5210
Author: Matt Caswell 
Date:   Tue Apr 17 13:40:07 2018 +0100

Update fingerprints.txt

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5987)

(cherry picked from commit 2bdeffefddd8e8a65a51a7b020f8d51a4a3b1602)

---

Summary of changes:
 doc/fingerprints.txt | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt
index 1863224..2cb74ae 100644
--- a/doc/fingerprints.txt
+++ b/doc/fingerprints.txt
@@ -18,10 +18,7 @@ uid  Richard Levitte 

 uid  Richard Levitte 
 uid  Richard Levitte 
 
-pub   4096R/FA40E9E2 2005-03-19
-  Key fingerprint = 6260 5AA4 334A F9F0 DDE5  D349 D357 7507 FA40 E9E2
-uid  Dr Stephen N Henson 
-
 pub   2048R/0E604491 2013-04-30
   Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid  Matt Caswell 
 uid  Matt Caswell 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  2bdeffefddd8e8a65a51a7b020f8d51a4a3b1602 (commit)
  from  5bbf42a519c9fb70bfc13c2e4ad0044016c6f1ae (commit)


- Log -
commit 2bdeffefddd8e8a65a51a7b020f8d51a4a3b1602
Author: Matt Caswell 
Date:   Tue Apr 17 13:40:07 2018 +0100

Update fingerprints.txt

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5987)

---

Summary of changes:
 doc/fingerprints.txt | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt
index 1863224..2cb74ae 100644
--- a/doc/fingerprints.txt
+++ b/doc/fingerprints.txt
@@ -18,10 +18,7 @@ uid  Richard Levitte 

 uid  Richard Levitte 
 uid  Richard Levitte 
 
-pub   4096R/FA40E9E2 2005-03-19
-  Key fingerprint = 6260 5AA4 334A F9F0 DDE5  D349 D357 7507 FA40 E9E2
-uid  Dr Stephen N Henson 
-
 pub   2048R/0E604491 2013-04-30
   Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid  Matt Caswell 
 uid  Matt Caswell 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  5bbf42a519c9fb70bfc13c2e4ad0044016c6f1ae (commit)
   via  5718fe45605681c4d33e43e689491172af0b46c1 (commit)
   via  7f9f5f71e48b12b6029871cbf8542f21c7883c6c (commit)
   via  c2c1d8a495d540e0b1b61f20c2c14f0c7ab7a8f0 (commit)
  from  ded4a83d31f8271e5a74e6fbf357f9975d4878ec (commit)


- Log -
commit 5bbf42a519c9fb70bfc13c2e4ad0044016c6f1ae
Author: Matt Caswell 
Date:   Wed Apr 4 15:02:30 2018 +0100

Update the info callback documentation for TLSv1.3

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5874)

commit 5718fe45605681c4d33e43e689491172af0b46c1
Author: Matt Caswell 
Date:   Wed Apr 4 14:16:28 2018 +0100

Add a test for the info callback

Make sure the info callback gets called in all the places we expect it to.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5874)

commit 7f9f5f71e48b12b6029871cbf8542f21c7883c6c
Author: Matt Caswell 
Date:   Wed Apr 4 14:28:23 2018 +0100

Make sure info callback knows about all handshake start events

The first session ticket sent by the server is actually tacked onto the
end of the first handshake from a state machine perspective. However in
reality this is a post-handshake message, and should be preceeded by a
handshake start event from an info callback perspective.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5874)

commit c2c1d8a495d540e0b1b61f20c2c14f0c7ab7a8f0
Author: Matt Caswell 
Date:   Wed Apr 4 14:17:10 2018 +0100

Call the info callback on all handshake done events

Fixes #5721

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5874)

---

Summary of changes:
 doc/man3/SSL_CTX_set_info_callback.pod |  28 +++-
 ssl/statem/statem_lib.c|  17 ++-
 ssl/statem/statem_srvr.c   |  17 +++
 test/sslapitest.c  | 257 +
 4 files changed, 307 insertions(+), 12 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_info_callback.pod 
b/doc/man3/SSL_CTX_set_info_callback.pod
index f4d9128..85187cf 100644
--- a/doc/man3/SSL_CTX_set_info_callback.pod
+++ b/doc/man3/SSL_CTX_set_info_callback.pod
@@ -2,7 +2,11 @@
 
 =head1 NAME
 
-SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, 
SSL_get_info_callback - handle information callback for SSL connections
+SSL_CTX_set_info_callback,
+SSL_CTX_get_info_callback,
+SSL_set_info_callback,
+SSL_get_info_callback
+- handle information callback for SSL connections
 
 =head1 SYNOPSIS
 
@@ -37,7 +41,8 @@ callback function for B.
 
 When setting up a connection and during use, it is possible to obtain state
 information from the SSL/TLS engine. When set, an information callback function
-is called whenever the state changes, an alert appears, or an error occurs.
+is called whenever a significant event occurs such as: the state changes,
+an alert appears, or an error occurs.
 
 The callback function is called as B.
 The B argument specifies information about where (in which context)
@@ -51,12 +56,15 @@ B is a bitmask made up of the following bits:
 
 =item SSL_CB_LOOP
 
-Callback has been called to indicate state change inside a loop.
+Callback has been called to indicate state change or some other significant
+state machine event. This may mean that the callback gets invoked more than 
once
+per state in some situations.
 
 =item SSL_CB_EXIT
 
-Callback has been called to indicate error exit of a handshake function.
-(May be soft error with retry option for non-blocking setups.)
+Callback has been called to indicate exit of a handshake function. This will
+happen after the end of a handshake, but may happen at other times too such as
+on error or when IO might otherwise block and non-blocking is being used.
 
 =item SSL_CB_READ
 
@@ -84,11 +92,17 @@ Callback has been called due to an alert being sent or 
received.
 
 =item SSL_CB_HANDSHAKE_START
 
-Callback has been called because a new handshake is started.
+Callback has been called because a new handshake is started. In TLSv1.3 this is
+also used for the start of post-handshake message exchanges such as for the
+exchange of session tickets, or for key updates. It also occurs when resuming a
+handshake following a pause to handle early data.
 
 =item SSL_CB_HANDSHAKE_DONE   0x20
 
-Callback has been called because a handshake is finished.
+Callback has been called because a handshake is finished. In TLSv1.3 this is
+also used at the end of an exchange of post-handshake messages such as for

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-04-17 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  1084fc8f0086cece8ae1a1e9f484d30fdff25192 (commit)
  from  349a41da1ad88ad87825414752a8ff5fdd6a6c3f (commit)


- Log -
commit 1084fc8f0086cece8ae1a1e9f484d30fdff25192
Author: Matt Caswell 
Date:   Fri Apr 6 14:33:07 2018 +0100

Ignore the status_request extension in a resumption handshake

We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5898)

---

Summary of changes:
 ssl/t1_lib.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 75c2f41..179802c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned 
char **p,
 goto err;
 if (!tls1_save_sigalgs(s, data, dsize))
 goto err;
-} else if (type == TLSEXT_TYPE_status_request) {
-
+} else if (type == TLSEXT_TYPE_status_request && !s->hit) {
 if (size < 5)
 goto err;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-04-17 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb (commit)
  from  69712507e73437553790ccac6f19a9ded996c0cd (commit)


- Log -
commit af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb
Author: Matt Caswell 
Date:   Fri Apr 6 14:33:07 2018 +0100

Ignore the status_request extension in a resumption handshake

We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: Rich Salz 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/5897)

---

Summary of changes:
 ssl/t1_lib.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc4e652..5ba7377 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET 
*pkt, int *al)
 }
 }
 } else if (type == TLSEXT_TYPE_status_request) {
+/* Ignore this if resuming */
+if (s->hit)
+continue;
+
 if (!PACKET_get_1(,
   (unsigned int *)>tlsext_status_type)) {
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Matt Caswell 
The branch master has been updated
   via  ded4a83d31f8271e5a74e6fbf357f9975d4878ec (commit)
  from  a12de2cba83273b2a553f988716c231af7c9ba68 (commit)


- Log -
commit ded4a83d31f8271e5a74e6fbf357f9975d4878ec
Author: Matt Caswell 
Date:   Fri Apr 6 14:53:05 2018 +0100

Ignore the status_request extension in a resumption handshake

We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: Rich Salz 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/5896)

---

Summary of changes:
 ssl/statem/extensions_srvr.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 90142eb..adf63d8 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, 
unsigned int context,
 {
 PACKET responder_id_list, exts;
 
+/* We ignore this in a resumption handshake */
+if (s->hit)
+return 1;
+
 /* Not defined if we get one of these in a client Certificate */
 if (x != NULL)
 return 1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread matthias . st . pierre 
The branch master has been updated
   via  a12de2cba83273b2a553f988716c231af7c9ba68 (commit)
  from  e62fb0d31bdf25854aa2c7cda8e1d03768984ab4 (commit)


- Log -
commit a12de2cba83273b2a553f988716c231af7c9ba68
Author: Dr. Matthias St. Pierre 
Date:   Tue Apr 17 08:54:26 2018 +0200

SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() call

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5977)

---

Summary of changes:
 doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod 
b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index 3cf0717..7782ea7 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -133,7 +133,7 @@ Reference Implementation:
  HMAC_CTX *hctx, int enc)
  {
  if (enc) { /* create new session */
- if (RAND_bytes(iv, EVP_MAX_IV_LENGTH))
+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
  return -1; /* insufficient random */
 
  key = currentkey(); /* something that you need to implement */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-04-17 Thread matthias . st . pierre 
The branch OpenSSL_1_1_0-stable has been updated
   via  69712507e73437553790ccac6f19a9ded996c0cd (commit)
  from  dbbaeb8973d662ae0d009e0fb6c8975721991b63 (commit)


- Log -
commit 69712507e73437553790ccac6f19a9ded996c0cd
Author: Dr. Matthias St. Pierre 
Date:   Tue Apr 17 08:39:42 2018 +0200

p5_scrypt.c: fix error check of RAND_bytes() call

Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/5977)

---

Summary of changes:
 crypto/asn1/p5_scrypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 4cb7837..a5232fe 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
 if (EVP_CIPHER_iv_length(cipher)) {
 if (aiv)
 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
 goto err;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread matthias . st . pierre 
The branch master has been updated
   via  e62fb0d31bdf25854aa2c7cda8e1d03768984ab4 (commit)
  from  43687d685ffd71fc1cf0ea1079f6d4958dff5026 (commit)


- Log -
commit e62fb0d31bdf25854aa2c7cda8e1d03768984ab4
Author: Dr. Matthias St. Pierre 
Date:   Tue Apr 17 08:39:42 2018 +0200

p5_scrypt.c: fix error check of RAND_bytes() call

Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/5977)

---

Summary of changes:
 crypto/asn1/p5_scrypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index c556d01..1daaa6f 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -82,7 +82,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
 if (EVP_CIPHER_iv_length(cipher)) {
 if (aiv)
 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
 goto err;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread matthias . st . pierre 
The branch master has been updated
   via  43687d685ffd71fc1cf0ea1079f6d4958dff5026 (commit)
  from  826e154481e93413a79c37cb1bf4da6175a05875 (commit)


- Log -
commit 43687d685ffd71fc1cf0ea1079f6d4958dff5026
Author: Dr. Matthias St. Pierre 
Date:   Tue Apr 17 08:07:11 2018 +0200

DRBG: fix coverity issues

- drbg_lib.c: Silence coverity warning: the comment preceding the
  RAND_DRBG_instantiate() call explicitely states that the error
  is ignored and explains the reason why.

- drbgtest: Add checks for the return values of RAND_bytes() and
  RAND_priv_bytes() to run_multi_thread_test().

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5976)

---

Summary of changes:
 crypto/rand/drbg_lib.c |  8 
 test/drbgtest.c| 16 +---
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index cc59236..16ac03b 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -864,14 +864,14 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
 drbg->reseed_counter = 1;
 
 /*
- * Ignore instantiation error so support just-in-time instantiation.
+ * Ignore instantiation error to support just-in-time instantiation.
  *
  * The state of the drbg will be checked in RAND_DRBG_generate() and
  * an automatic recovery is attempted.
  */
-RAND_DRBG_instantiate(drbg,
-  (const unsigned char *) ossl_pers_string,
-  sizeof(ossl_pers_string) - 1);
+(void)RAND_DRBG_instantiate(drbg,
+(const unsigned char *) ossl_pers_string,
+sizeof(ossl_pers_string) - 1);
 return drbg;
 
 err:
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 5426046..d69456b 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -783,6 +783,8 @@ error:
 }
 
 #if defined(OPENSSL_THREADS)
+static int multi_thread_rand_bytes_succeeded = 1;
+static int multi_thread_rand_priv_bytes_succeeded = 1;
 
 static void run_multi_thread_test(void)
 {
@@ -796,8 +798,10 @@ static void run_multi_thread_test(void)
 RAND_DRBG_set_reseed_time_interval(private, 1);
 
 do {
-RAND_bytes(buf, sizeof(buf));
-RAND_priv_bytes(buf, sizeof(buf));
+if (RAND_bytes(buf, sizeof(buf)) <= 0)
+multi_thread_rand_bytes_succeeded = 0;
+if (RAND_priv_bytes(buf, sizeof(buf)) <= 0)
+multi_thread_rand_priv_bytes_succeeded = 0;
 }
 while(time(NULL) - start < 5);
 }
@@ -849,7 +853,7 @@ static int wait_for_thread(thread_t thread)
  * The main thread will also run the test, so we'll have THREADS+1 parallel
  * tests running
  */
-#define THREADS 3
+# define THREADS 3
 
 static int test_multi_thread(void)
 {
@@ -861,6 +865,12 @@ static int test_multi_thread(void)
 run_multi_thread_test();
 for (i = 0; i < THREADS; i++)
 wait_for_thread(t[i]);
+
+if (!TEST_true(multi_thread_rand_bytes_succeeded))
+return 0;
+if (!TEST_true(multi_thread_rand_priv_bytes_succeeded))
+return 0;
+
 return 1;
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Andy Polyakov 
The branch master has been updated
   via  826e154481e93413a79c37cb1bf4da6175a05875 (commit)
  from  dbabc862966b9afbcc55c59cc07ab643a14ffb31 (commit)


- Log -
commit 826e154481e93413a79c37cb1bf4da6175a05875
Author: Andy Polyakov 
Date:   Sat Apr 14 21:42:21 2018 +0200

apps/s_socket.c: print only dynamically allocated port in do_server.

For formal backward compatibility print original "ACCEPT" message for
fixed port and "ACCEPT host:port" for dynamically allocated.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5956)

---

Summary of changes:
 apps/s_socket.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/s_socket.c b/apps/s_socket.c
index ae62a13..d21bfc6 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -283,7 +283,8 @@ int do_server(int *accept_sock, const char *host, const 
char *port,
 BIO_ADDRINFO_free(res);
 res = NULL;
 
-{
+if (BIO_ADDR_rawport(sock_address) == 0) {
+/* dynamically allocated port, report which one */
 union BIO_sock_info_u info;
 char *hostname = NULL;
 char *service = NULL;
@@ -309,6 +310,9 @@ int do_server(int *accept_sock, const char *host, const 
char *port,
 ERR_print_errors(bio_err);
 goto end;
 }
+} else {
+(void)BIO_printf(bio_s_out, "ACCEPT\n");
+(void)BIO_flush(bio_s_out);
 }
 
 if (accept_sock != NULL)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread bernd . edlinger 
The branch master has been updated
   via  dbabc862966b9afbcc55c59cc07ab643a14ffb31 (commit)
  from  a051af0e75bf717cc818db498d9b977953816f80 (commit)


- Log -
commit dbabc862966b9afbcc55c59cc07ab643a14ffb31
Author: Bernd Edlinger 
Date:   Sun Apr 15 12:02:25 2018 +0200

Add a config option to disable automatic config loading

./config no-autoload-config

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5959)

---

Summary of changes:
 Configure   | 3 ++-
 INSTALL | 4 
 ssl/ssl_init.c  | 2 ++
 test/ssl_test.c | 5 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Configure b/Configure
index 99ab26f..5703302 100755
--- a/Configure
+++ b/Configure
@@ -325,6 +325,7 @@ my @disablables = (
 "async",
 "autoalginit",
 "autoerrinit",
+"autoload-config",
 "bf",
 "blake2",
 "camellia",
@@ -426,7 +427,7 @@ my %deprecated_disablables = (
 # All of the following are disabled by default:
 
 our %disabled = ( # "what" => "comment"
-  "asan"   => "default",
+ "asan"=> "default",
  "crypto-mdebug"   => "default",
  "crypto-mdebug-backtrace" => "default",
  "devcryptoeng"=> "default",
diff --git a/INSTALL b/INSTALL
index 71d6b88..c0163a9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -276,6 +276,10 @@
error strings. For a statically linked application this may
be undesirable if small executable size is an objective.
 
+  no-autoload-config
+   Don't automatically load the default openssl.cnf file.
+   Typically OpenSSL will automatically load a system config
+   file which configures default ssl options.
 
   no-capieng
Don't build the CAPI engine. This option will be forced if
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 6073556..ed2bf84 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -195,7 +195,9 @@ int OPENSSL_init_ssl(uint64_t opts, const 
OPENSSL_INIT_SETTINGS * settings)
 }
 
 if (!OPENSSL_init_crypto(opts
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
  | OPENSSL_INIT_LOAD_CONFIG
+#endif
  | OPENSSL_INIT_ADD_ALL_CIPHERS
  | OPENSSL_INIT_ADD_ALL_DIGESTS,
  settings))
diff --git a/test/ssl_test.c b/test/ssl_test.c
index f2a1812..7453a9d 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -467,6 +467,11 @@ static int test_handshake(int idx)
 }
 }
 
+#ifdef OPENSSL_NO_AUTOLOAD_CONFIG
+if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
+goto err;
+#endif
+
 if (!TEST_ptr(server_ctx)
 || !TEST_ptr(client_ctx)
 || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Richard Levitte 
The branch master has been updated
   via  a051af0e75bf717cc818db498d9b977953816f80 (commit)
   via  4ff3df161c8b0caf0acac2e0a19980ccd4173a66 (commit)
  from  28428130db13fe5d1b956a622747db2e0e0b1458 (commit)


- Log -
commit a051af0e75bf717cc818db498d9b977953816f80
Author: Richard Levitte 
Date:   Tue Apr 17 15:32:41 2018 +0200

Prepare for 1.1.1-pre6-dev

Reviewed-by: Matt Caswell 

commit 4ff3df161c8b0caf0acac2e0a19980ccd4173a66
Author: Richard Levitte 
Date:   Tue Apr 17 15:32:02 2018 +0200

Prepare for 1.1.1-pre5 release

Reviewed-by: Matt Caswell 

---

Summary of changes:
 README | 2 +-
 include/openssl/opensslv.h | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README b/README
index 694411d..7484255 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1-pre5-dev
+ OpenSSL 1.1.1-pre6-dev
 
  Copyright (c) 1998-2018 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 241856d..fc1e2b5 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x10101005L
-# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre5-dev  xx XXX "
+# define OPENSSL_VERSION_NUMBER  0x10101006L
+# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre6-dev  xx XXX "
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-pre5 create

2018-04-17 Thread Richard Levitte 
The annotated tag OpenSSL_1_1_1-pre5 has been created
at  1a7c70caec83e52b03df96e83d937eb39ae7424d (tag)
   tagging  4ff3df161c8b0caf0acac2e0a19980ccd4173a66 (commit)
  replaces  OpenSSL_1_1_1-pre4
 tagged by  Richard Levitte
on  Tue Apr 17 15:32:02 2018 +0200

- Log -
OpenSSL 1.1.1-pre5 release tag
-BEGIN PGP SIGNATURE-

iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCWtX3UgAKCRCnr5549wlF
O+kJAJsEDSfdwIpV5FeVhjVlGVVoQd1zCwCfdVRdBfQX4n5y/dQD6zehIUBDiSQ=
=8lqD
-END PGP SIGNATURE-

Andy Polyakov (18):
  TLSProxy/Proxy.pm: switch to dynamic ports and overhaul.
  rand/randfile.c: fix potential resource leak in RAND_load_file.
  test/asn1_time_test.c: make it work on 64-bit HP-UX.
  config: fix hpux64-parisc2-gcc detection.
  Configurations/10-main.conf: clean up HP-UX targets and add magic macros.
  TLSProxy/Proxy.pm: harmonize inner loop with the way sockets are.
  apps/s_socket.c: disable the Nagle algorithm.
  apps/{s_client.c|s_socket}.c: omit usleep calls.
  TLSProxy/Proxy.pm: refine partial packet handling.
  TLSProxy/Record.pm: remove dead condition and improve readability.
  Configurations/10-main.conf: further HP-UX cleanups/unifications.
  bio/b_addr.c: resolve HP-UX compiler warnings.
  appveyor.yml: exercise build_all_generated.
  Configurations/*.tmpl: refine build_all_generated.
  TLSProxy/Proxy.pm: handle -1 as return value from waitpid.
  TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server.
  TLSProxy/Proxy.pm: bind s_server to loopback interface.
  TLSProxy/Proxy.pm: straighten inner loop termination logic.

Bernd Edlinger (15):
  Use gnu_printf format attribute to minimise MinGW warnings
  Fix a crash in the asn1parse command
  Improve diagnostics for invalid arguments in asn1parse -strparse
  Use strtol instead of atoi in asn1parse
  Fix range checks with -offset and -length in asn1parse
  Remove an unnecessary cast in the param to BUF_MEM_grow
  Change the "offset too large" message to more generic wording
  Don't use getenv for critical functions when run as setuid/setgid
  Prevent a possible recursion in ERR_get_state and fix the problem that
 was pointed out in commit aef84bb4efbddfd95d042f3f5f1d362ed7d4faeb 
differently.
  Fix the build_all_generated rule to include generated .map, .def and .opt 
files
  Rework partial packet handling once more
  Fix cygwin make dependencies
  Remove mandatory generated files too
  Remove mandatory generated files on windows too
  Remove mandatory generated files on VMS too

Daniel Bevenius (2):
  Fix minor typos in Configurations/README
  Clarify default section in config.pod

David Benjamin (1):
  Fix a bug in ecp_nistp224.c.

Dr. Matthias St. Pierre (5):
  Fix false positives of IS_*() macros for 8-bit ASCII characters
  DRBG: fix memory leak on error in rand_drbg_get_entropy()
  Minor corrections for the RAND_DRBG API documentation
  DRBG: implement a get_nonce() callback
  Revert "Add OPENSSL_VERSION_AT_LEAST"

Kaoru Toda (1):
  Duplicate code refactored

Kunxian Xia (1):
  Correct the equation for Y' in the comment of point_double function

Matt Caswell (17):
  Prepare for 1.1.1-pre5-dev
  Fix a text canonicalisation bug in CMS
  Fix some errors in the mem leaks docs
  Add some tests for configuring the TLSv1.3 ciphersuites
  Fix configuration of TLSv1.3 ciphersuites
  Add test/versions to gitignore
  Move the loading of the ssl_conf module to libcrypto
  Document the change in the previous commit about loading the config file
  Don't crash if an unrecognised digest is used with dsa_paramgen_md
  Pick a q size consistent with the digest for DSA param generation
  Update the genpkey documentation
  Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
  Add a note and better error if using Ed25519/Ed448 in dgst
  Change SRP functions to use EVP_EncodeUpdate/EVP_DecodeUpdate functions
  Add support for the SRP base64 alphabet
  Add a test for SRP
  RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get 
called with BN_FLG_CONSTTIME flag set.

Matthias Kraft (1):
  openssl#5668: corrections after compiling with -qinfo=all:als.

Pecio (1):
  Enabled OneCore Conf for Console Apps (removed nonUniversal API)

Rich Salz (4):
  Set error code on alloc failures
  Set error code if alloc returns NULL
  Fix bugs in X509_NAME_ENTRY_set
  Updated to CONTRIBUTING to reflect GitHub, etc.

Richard Levitte (17):
  VMS: stricter acquisition of entropy for the pool
  Don't use CPP in Configurations/unix-Makefile.tmpl
  Remove ambiguity in rand_pool_add[_end] return value
  openssl s_server: print the accepting address and socket
  Change

[openssl-commits] [web] master update

2018-04-17 Thread Richard Levitte 
The branch master has been updated
   via  fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit)
  from  168a9472b41c33b508d82a167ec169482b854664 (commit)


- Log -
commit fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2
Author: Richard Levitte 
Date:   Tue Apr 17 15:46:22 2018 +0200

Update newsflash for release of OpenSSL 1.1.1-pre5 (beta 3)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index b0b7cf1..00f1aff 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
 16-Apr-2018: Security Advisory: one 
low severity fix
 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and 
test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-17 Thread Richard Levitte 
The branch master has been updated
   via  28428130db13fe5d1b956a622747db2e0e0b1458 (commit)
  from  6761890195526c28ff82a9e763fc9a86158832ce (commit)


- Log -
commit 28428130db13fe5d1b956a622747db2e0e0b1458
Author: Richard Levitte 
Date:   Tue Apr 17 15:18:40 2018 +0200

Update copyright year

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/5990)

---

Summary of changes:
 crypto/asn1/a_object.c| 2 +-
 crypto/asn1/a_strex.c | 2 +-
 crypto/asn1/a_strnid.c| 2 +-
 crypto/asn1/asn_moid.c| 2 +-
 crypto/asn1/bio_asn1.c| 2 +-
 crypto/asn1/bio_ndef.c| 2 +-
 crypto/asn1/tasn_new.c| 2 +-
 crypto/asn1/tasn_utl.c| 2 +-
 crypto/asn1/x_int64.c | 2 +-
 crypto/async/async_wait.c | 2 +-
 crypto/bio/b_print.c  | 2 +-
 crypto/bn/bn_ctx.c| 2 +-
 crypto/cmac/cmac.c| 2 +-
 crypto/cms/cms_enc.c  | 2 +-
 crypto/cms/cms_pwri.c | 2 +-
 crypto/conf/conf_mall.c   | 2 +-
 crypto/conf/conf_mod.c| 2 +-
 crypto/dh/dh_pmeth.c  | 2 +-
 crypto/dsa/dsa_gen.c  | 2 +-
 crypto/dsa/dsa_pmeth.c| 2 +-
 crypto/ec/ec_key.c| 2 +-
 crypto/ec/ec_oct.c| 2 +-
 crypto/ec/ec_print.c  | 2 +-
 crypto/engine/eng_openssl.c   | 2 +-
 crypto/evp/bio_enc.c  | 2 +-
 crypto/evp/bio_ok.c   | 2 +-
 crypto/evp/encode.c   | 2 +-
 crypto/evp/evp_locl.h | 2 +-
 crypto/hmac/hm_pmeth.c| 2 +-
 crypto/kdf/hkdf.c | 2 +-
 crypto/modes/ocb128.c | 2 +-
 crypto/objects/obj_xref.c | 2 +-
 crypto/poly1305/poly1305_pmeth.c  | 2 +-
 crypto/rsa/rsa_pmeth.c| 2 +-
 crypto/siphash/siphash_pmeth.c| 2 +-
 crypto/stack/stack.c  | 2 +-
 crypto/threads_none.c | 2 +-
 crypto/threads_pthread.c  | 2 +-
 crypto/threads_win.c  | 2 +-
 crypto/ui/ui_lib.c| 2 +-
 crypto/x509/x509name.c| 2 +-
 doc/man1/dgst.pod | 2 +-
 doc/man1/rehash.pod   | 2 +-
 doc/man3/EVP_DigestSignInit.pod   | 2 +-
 doc/man3/EVP_DigestVerifyInit.pod | 2 +-
 doc/man3/OPENSSL_config.pod   | 2 +-
 doc/man3/OPENSSL_init_crypto.pod  | 2 +-
 doc/man3/OPENSSL_malloc.pod   | 2 +-
 ssl/packet.c  | 2 +-
 ssl/pqueue.c  | 2 +-
 ssl/ssl_init.c| 2 +-
 test/recipes/15-test_genrsa.t | 2 +-
 test/recipes/90-test_sslapi.t | 2 +-
 53 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 2d3877b..42c138c 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 7539553..db9fa80 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 948fc1f..f19a9de 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index e1bf1a1..f0b4dab 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index b88b2e5..86ee566 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights

[openssl-commits] [openssl] master update

2018-04-17 Thread Richard Levitte 
The branch master has been updated
   via  6761890195526c28ff82a9e763fc9a86158832ce (commit)
  from  b7fb239438fb289a69e9420ad1edacf3bd1c5d69 (commit)


- Log -
commit 6761890195526c28ff82a9e763fc9a86158832ce
Author: Richard Levitte 
Date:   Tue Apr 17 15:06:00 2018 +0200

OpenSSL 1.1.1-pre5: update CHANGES with recent user visible changes

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/5989)

---

Summary of changes:
 CHANGES | 32 
 1 file changed, 32 insertions(+)

diff --git a/CHANGES b/CHANGES
index e5f6cb6..00b5c40 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,38 @@
 
  Changes between 1.1.0h and 1.1.1 [xx XXX ]
 
+  *) Updated CONTRIBUTING
+ [Rich Salz]
+
+  *) Updated DRBG / RAND to request nonce and additional low entropy
+ randomness from the system.
+ [Matthias St. Pierre]
+
+  *) Updated 'openssl rehash' to use OpenSSL consistent default.
+ [Richard Levitte]
+
+  *) Moved the load of the ssl_conf module to libcrypto, which helps
+ loading engines that libssl uses before libssl is initialised.
+ [Matt Caswell]
+
+  *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
+ [Matt Caswell]
+
+  *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases.
+ [Ingo Schwarze, Rich Salz]
+
+  *) Added output of accepting IP address and port for 'openssl s_server'
+ [Richard Levitte]
+
+  *) Added a new API for TLSv1.3 ciphersuites:
+SSL_CTX_set_ciphersuites()
+SSL_set_ciphersuites()
+ [Matt Caswell]
+
+  *) Memory allocation failures consistenly add an error to the error
+ stack.
+ [Rich Salz]
+
   *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
  in libcrypto when run as setuid/setgid.
  [Bernd Edlinger]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits