[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-comp
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-comp Commit log since last time: 0807691 test/asn1_internal_test.c: silence the new check for the ASN1 method table b5ee517 Increase CT_NUMBER values 10281e8 Fix setting of ssl_strings_inited. 4e36044 Check early that the config target exists and isn't a template 2b98842 CHANGES: mention s390x assembly pack extensions 8f15498 crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. e519d6b engine/eng_lib.c: remove redundant #ifdef. d1f8b74 man3/OPENSSL_LH_COMPFUNC.pod: clarifications and updates. f21b5b6 x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity. 0da7358 x509v3/v3_purp.c: resolve Thread Sanitizer nit. 9ef9088 ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. cab76c0 lhash/lhash.c: switch to Thread-Sanitizer-friendly primitives. ede3e66 Add internal/tsan_assist.h. 8839324 stack/stack.c: omit redundant NULL checks. 5b37fef Harmonize use of sk_TYPE_find's return value. 28ad731 x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ. f44d7e8 INSTALL,NOTES.ANDROID: minor updates. 38eca7f Make EVP_PKEY_asn1_new() stricter with its input 3ef97bd Relocate memcmp test. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t
[openssl-commits] [openssl] master update
The branch master has been updated
via 080769102a0bb41c23f81cf4f4f8060991dd0b8e (commit)
from b5ee517794cf546dc7e3d5a82b400955a7381053 (commit)
- Log -
commit 080769102a0bb41c23f81cf4f4f8060991dd0b8e
Author: Dr. Matthias St. Pierre
Date: Tue Aug 7 17:49:28 2018 +0200
test/asn1_internal_test.c: silence the new check for the ASN1 method table
In 38eca7fed09a a new check for the pem_str member of the entries of the
ASN1 method table was introduced. Because the test condition was split
into two TEST_true(...) conditions, the test outputs error diagnostics
for all entries which have pem_str != NULL. This commit joins the two
test conditions into a single condition.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6888)
---
Summary of changes:
test/asn1_internal_test.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index fa69dc7..38313d5 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -85,10 +85,8 @@ static int test_standard_methods(void)
*
* Anything else is an error and may lead to a corrupt ASN1 method
table
*/
-if (!TEST_true((*tmp)->pem_str == NULL &&
- ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) != 0)
-&& !TEST_true((*tmp)->pem_str != NULL &&
- ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0)) {
+if (!TEST_true(((*tmp)->pem_str == NULL && ((*tmp)->pkey_flags &
ASN1_PKEY_ALIAS) != 0)
+ || ((*tmp)->pem_str != NULL && ((*tmp)->pkey_flags &
ASN1_PKEY_ALIAS) == 0))) {
TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s",
i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id));
ok = 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via a0f443a05dd68b9949b39b3310a595babcae4624 (commit)
from f48e0ef1144c647a3159a71db114598d8fb6adc9 (commit)
- Log -
commit a0f443a05dd68b9949b39b3310a595babcae4624
Author: Rich Salz
Date: Tue Aug 7 15:28:59 2018 -0400
Increase CT_NUMBER values
Also add build-time errors to keep them in sync.
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6874)
(cherry picked from commit b5ee517794cf546dc7e3d5a82b400955a7381053)
---
Summary of changes:
include/openssl/ssl3.h | 10 --
include/openssl/tls1.h | 8 +++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 4ca434e..e51629f 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -252,9 +252,15 @@ extern "C" {
# define SSL3_CT_FORTEZZA_DMS20
/*
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
*/
-# define SSL3_CT_NUMBER 9
+# define SSL3_CT_NUMBER 10
+
+# if defined(TLS_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 3fe01fe..b536d84 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -883,7 +883,13 @@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 9
+# define TLS_CT_NUMBER 10
+
+# if defined(SSL3_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define TLS1_FINISH_MAC_LENGTH 12
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b5ee517794cf546dc7e3d5a82b400955a7381053 (commit)
from 10281e83eac0fb96de3f14855154197aa33bb800 (commit)
- Log -
commit b5ee517794cf546dc7e3d5a82b400955a7381053
Author: Rich Salz
Date: Tue Aug 7 15:28:59 2018 -0400
Increase CT_NUMBER values
Also add build-time errors to keep them in sync.
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6874)
---
Summary of changes:
include/openssl/ssl3.h | 10 --
include/openssl/tls1.h | 8 +++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 6d0ed11..8d01fcc 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -263,9 +263,15 @@ extern "C" {
# define SSL3_CT_FORTEZZA_DMS20
/*
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
*/
-# define SSL3_CT_NUMBER 9
+# define SSL3_CT_NUMBER 10
+
+# if defined(TLS_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
/* No longer used as of OpenSSL 1.1.1 */
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 761a86a..2f19ccf 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1149,7 +1149,13 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY
*pk, STACK_OF(X509) *chain)
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 9
+# define TLS_CT_NUMBER 10
+
+# if defined(SSL3_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define TLS1_FINISH_MAC_LENGTH 12
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via f48e0ef1144c647a3159a71db114598d8fb6adc9 (commit) from 32096fdac975dde7a13d463fdf256fd2955cd5ab (commit) - Log - commit f48e0ef1144c647a3159a71db114598d8fb6adc9 Author: Rich Salz Date: Tue Aug 7 15:08:03 2018 -0400 Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6875) (cherry picked from commit 10281e83eac0fb96de3f14855154197aa33bb800) --- Summary of changes: ssl/ssl_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index c91e1c5..0b9155d 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -127,8 +127,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) "ERR_load_SSL_strings()\n"); # endif ERR_load_SSL_strings(); -#endif ssl_strings_inited = 1; +#endif return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 10281e83eac0fb96de3f14855154197aa33bb800 (commit) from 4e360445473c3da938703a8142a36cf6ee86a191 (commit) - Log - commit 10281e83eac0fb96de3f14855154197aa33bb800 Author: Rich Salz Date: Tue Aug 7 15:08:03 2018 -0400 Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6875) --- Summary of changes: ssl/ssl_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index ed2bf84..c0ccb93 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -129,8 +129,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) "ERR_load_SSL_strings()\n"); # endif ERR_load_SSL_strings(); -#endif ssl_strings_inited = 1; +#endif return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 32096fdac975dde7a13d463fdf256fd2955cd5ab (commit)
from 29cbeb9f0279678706dc9f5d96bcb64fc766658f (commit)
- Log -
commit 32096fdac975dde7a13d463fdf256fd2955cd5ab
Author: Richard Levitte
Date: Tue Aug 7 12:38:16 2018 +0200
Check early that the config target exists and isn't a template
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6885)
(cherry picked from commit 4e360445473c3da938703a8142a36cf6ee86a191)
---
Summary of changes:
Configure | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Configure b/Configure
index 7e482f7..d85ff6a 100755
--- a/Configure
+++ b/Configure
@@ -911,11 +911,12 @@ if ($d) {
$target = $t;
}
}
+
+ if !$table{$target} || $table{$target}->{template};
+
$config{target} = $target;
my %target = resolve_config($target);
- if (!%target || $target{template});
-
my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
$config{conf_files} = [ sort keys %conf_files ];
%target = ( %{$table{DEFAULTS}}, %target );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 4e360445473c3da938703a8142a36cf6ee86a191 (commit)
from 2b988423252232b2202f32a4d702f1cc24de5369 (commit)
- Log -
commit 4e360445473c3da938703a8142a36cf6ee86a191
Author: Richard Levitte
Date: Tue Aug 7 12:38:16 2018 +0200
Check early that the config target exists and isn't a template
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6885)
---
Summary of changes:
Configure | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Configure b/Configure
index 9f728b9..0592712 100755
--- a/Configure
+++ b/Configure
@@ -1034,11 +1034,12 @@ if ($d) {
$target = $t;
}
}
+
+ if !$table{$target} || $table{$target}->{template};
+
$config{target} = $target;
my %target = resolve_config($target);
- if (!%target || $target{template});
-
foreach (keys %target_attr_translate) {
$target{$target_attr_translate{$_}} = $target{$_}
if $target{$_};
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.19279
Build openssl master.19279 completed Commit ac151ac2f7 by Richard Levitte on 8/7/2018 2:34 PM: fixup! Check early that the config target exists and isn't a template Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 2b988423252232b2202f32a4d702f1cc24de5369 (commit) from 8f15498563658726a7c2bce7abcf01bea08515de (commit) - Log - commit 2b988423252232b2202f32a4d702f1cc24de5369 Author: Patrick Steuer Date: Tue Aug 7 12:50:06 2018 +0200 CHANGES: mention s390x assembly pack extensions Signed-off-by: Patrick Steuer Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6870) --- Summary of changes: CHANGES | 5 + 1 file changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 4b31ac7..8c67dab 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.1.0h and 1.1.1 [xx XXX ] + *) s390x assembly pack: add (improved) hardware-support for the following + cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, + aes-cfb/cfb8, aes-ecb. + [Patrick Steuer] + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str parameter is no longer accepted, as it leads to a corrupt table. NULL pem_str is reserved for alias entries only. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.19278
Build openssl master.19278 failed Commit 3fb54c7e98 by Paul Yang on 8/7/2018 10:02 AM: Add documentation for 128-EEA3 cipher Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8f15498563658726a7c2bce7abcf01bea08515de (commit) via e519d6b563d95d630723784a5737ebe5ef74e4f3 (commit) via d1f8b74c584d55a3c7f8f88d997ad69b67076c77 (commit) via f21b5b64cbbc279ef31389e6ae312690575187da (commit) via 0da7358b0757fa35f2c3a8f51fa036466ae50fd7 (commit) via 9ef9088c1585e13b9727796f15f77da64dbbe623 (commit) via cab76c0f6482df5140efa2ca93c9e2d972fcd9b0 (commit) via ede3e6653c1127e852493655737327170567a453 (commit) from 8839324450b569a6253e0dd237ee3e417ef17771 (commit) - Log - commit 8f15498563658726a7c2bce7abcf01bea08515de Author: Andy Polyakov Date: Fri Aug 3 10:46:03 2018 +0200 crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. Rationale is that it wasn't providing accurate statistics anyway. For statistics to be accurate CRYPTO_get_alloc_counts should acquire a lock and lock-free additions should not be an option. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit e519d6b563d95d630723784a5737ebe5ef74e4f3 Author: Andy Polyakov Date: Fri Aug 3 10:20:59 2018 +0200 engine/eng_lib.c: remove redundant #ifdef. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit d1f8b74c584d55a3c7f8f88d997ad69b67076c77 Author: Andy Polyakov Date: Sun Jul 29 15:21:38 2018 +0200 man3/OPENSSL_LH_COMPFUNC.pod: clarifications and updates. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit f21b5b64cbbc279ef31389e6ae312690575187da Author: Andy Polyakov Date: Sun Jul 29 14:37:17 2018 +0200 x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit 0da7358b0757fa35f2c3a8f51fa036466ae50fd7 Author: Andy Polyakov Date: Sun Jul 29 14:13:32 2018 +0200 x509v3/v3_purp.c: resolve Thread Sanitizer nit. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit 9ef9088c1585e13b9727796f15f77da64dbbe623 Author: Andy Polyakov Date: Sun Jul 29 14:12:53 2018 +0200 ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit cab76c0f6482df5140efa2ca93c9e2d972fcd9b0 Author: Andy Polyakov Date: Sun Jul 29 14:11:49 2018 +0200 lhash/lhash.c: switch to Thread-Sanitizer-friendly primitives. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) commit ede3e6653c1127e852493655737327170567a453 Author: Andy Polyakov Date: Sun Jul 29 14:10:20 2018 +0200 Add internal/tsan_assist.h. Goal here is to facilitate writing "thread-opportunistic" code that withstands Thread Sanitizer's scrutiny. "Thread-opportunistic" is when exact result is not required, e.g. some statistics, or execution flow doesn't have to be unambiguous. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) --- Summary of changes: crypto/engine/eng_lib.c| 6 +-- crypto/include/internal/x509_int.h | 1 + crypto/lhash/lhash.c | 14 --- crypto/lhash/lhash_lcl.h | 12 +++--- crypto/mem.c | 18 crypto/x509v3/v3_purp.c| 11 - doc/man3/OPENSSL_LH_COMPFUNC.pod | 25 include/internal/tsan_assist.h | 84 ++ ssl/ssl_lib.c | 41 ++- ssl/ssl_locl.h | 33 --- ssl/ssl_sess.c | 20 - ssl/statem/extensions.c| 8 ++-- ssl/statem/statem_clnt.c | 4 +- ssl/statem/statem_lib.c| 23 --- 14 files changed, 177 insertions(+), 123 deletions(-) create mode 100644 include/internal/tsan_assist.h diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 9028319..3ef3aae 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -75,14 +75,10 @@ int engine_free_util(ENGINE *e, int not_locked) if (e == NULL) return 1; -#ifdef HAVE_ATOMICS -CRYPTO_DOWN_REF(>struct_ref, , global_engine_lock); -#else if (not_locked) -CRYPTO_atomic_add(>struct_ref, -1, , global_engine_lock); +CRYPTO_DOWN_REF(>struct_ref, , global_engine_lock); else i = --e->struct_ref; -#endif engine_ref_debug(e, 0,
[openssl-commits] [openssl] master update
The branch master has been updated via 8839324450b569a6253e0dd237ee3e417ef17771 (commit) via 5b37fef04a2b765835361f0652aaa0c41ed1b842 (commit) via 28ad73181aeb3b0b027d53d3266159f4b2e15d5b (commit) via f44d7e8b472dfc0602f8d06ef72e808a5e8d410c (commit) from 38eca7fed09a57c1b7a05d651af2c667b3e87719 (commit) - Log - commit 8839324450b569a6253e0dd237ee3e417ef17771 Author: Andy Polyakov Date: Sun Aug 5 16:56:54 2018 +0200 stack/stack.c: omit redundant NULL checks. Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num. This is because these are used as "opportunistic" readers, pulling whatever datai, if any, set by somebody else. All calls that add data don't check for stack being NULL, because caller should have checked if stack was actually created. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit 5b37fef04a2b765835361f0652aaa0c41ed1b842 Author: Andy Polyakov Date: Sun Aug 5 16:50:41 2018 +0200 Harmonize use of sk_TYPE_find's return value. In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit 28ad73181aeb3b0b027d53d3266159f4b2e15d5b Author: Andy Polyakov Date: Sun Aug 5 11:51:37 2018 +0200 x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ. Documentation says "at most B bytes will be written", which formally doesn't prohibit zero. But if zero B was passed, the call to memcpy was bound to crash. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6860) commit f44d7e8b472dfc0602f8d06ef72e808a5e8d410c Author: Andy Polyakov Date: Mon Aug 6 09:43:39 2018 +0200 INSTALL,NOTES.ANDROID: minor updates. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6866) --- Summary of changes: INSTALL | 10 ++ NOTES.ANDROID | 4 ++-- crypto/asn1/asn_mime.c| 4 crypto/evp/evp_pbe.c | 5 ++--- crypto/objects/obj_xref.c | 5 ++--- crypto/stack/stack.c | 21 - crypto/x509/by_dir.c | 10 +++--- crypto/x509/x509_lu.c | 11 ++- crypto/x509/x509_trs.c| 7 --- crypto/x509/x509_vpm.c| 9 - crypto/x509/x509name.c| 8 +--- crypto/x509/x_crl.c | 10 +++--- crypto/x509v3/pcy_cache.c | 10 -- crypto/x509v3/pcy_node.c | 3 --- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_lib.c| 2 -- crypto/x509v3/v3_purp.c | 7 --- ssl/ssl_ciph.c| 5 + 18 files changed, 59 insertions(+), 74 deletions(-) diff --git a/INSTALL b/INSTALL index 98c34d6..34023dc 100644 --- a/INSTALL +++ b/INSTALL @@ -145,8 +145,8 @@ put together one-size-fits-all instructions. You might have to pass more flags or set up environment variables to actually make it work. Android and iOS cases are - discussed in corresponding Configurations/10-main.cf - sections. But there are cases when this option alone is + discussed in corresponding Configurations/15-*.conf + files. But there are cases when this option alone is sufficient. For example to build the mingw64 target on Linux "--cross-compile-prefix=x86_64-w64-mingw32-" works. Naturally provided that mingw packages are @@ -157,10 +157,12 @@ "--cross-compile-prefix=mipsel-linux-gnu-" suffices in such case. Needless to mention that you have to invoke ./Configure, not ./config, and pass your target - name explicitly. + name explicitly. Also, note that --openssldir refers + to target's file system, not one you are building on. --debug - Build OpenSSL with debugging symbols. + Build OpenSSL with debugging symbols and zero optimization + level. --libdir=DIR The name of the directory under the top of the installation diff --git a/NOTES.ANDROID b/NOTES.ANDROID index 103ed87..d13f47d 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -46,8 +46,8 @@ One can engage clang by adjusting PATH to cover NDK's clang. Just keep in mind that if you miss it, Configure will try to use gcc... Also, PATH would need even further adjustment to cover unprefixed, yet - target-specific, ar
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2 (commit)
from 29d8bda90ce824263317eae5354388f79844dd51 (commit)
- Log -
commit f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2
Author: Richard Levitte
Date: Tue Aug 7 06:21:43 2018 +0200
Make EVP_PKEY_asn1_new() stricter with its input
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6881)
---
Summary of changes:
CHANGES | 5 +
crypto/asn1/ameth_lib.c | 12
2 files changed, 17 insertions(+)
diff --git a/CHANGES b/CHANGES
index b8e2f86..4f24046 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
Changes between 1.0.2o and 1.0.2p [xx XXX ]
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 43ddebb..8f49071 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
} else
ameth->info = NULL;
+/*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+goto err;
+
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
