date:20181029

The branch master has been updated
   via  388de53c274dee20c07eee7ff892108668fb3a61 (commit)
   via  f8c9a8e325b23f4b3de67e9a0d385355f81bd6fc (commit)
   via  6723f86746ab7e8ff9a914603db4f85c53eafc7c (commit)
  from  56adb7d93721a72bfae532845cbebc4a565ceb65 (commit)


- Log -
commit 388de53c274dee20c07eee7ff892108668fb3a61
Author: Richard Levitte 
Date:   Wed Oct 24 22:49:49 2018 +0200

Make sure at least one HMAC test still uses the EVP_PKEY method

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7483)

commit f8c9a8e325b23f4b3de67e9a0d385355f81bd6fc
Author: Richard Levitte 
Date:   Wed Oct 24 21:25:00 2018 +0200

EVP_MAC: Integrate HMAC EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7483)

commit 6723f86746ab7e8ff9a914603db4f85c53eafc7c
Author: Richard Levitte 
Date:   Wed Oct 24 21:20:00 2018 +0200

EVP_MAC: Add HMAC implementation

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7483)

---

Summary of changes:
 crypto/evp/c_allm.c |   1 +
 crypto/evp/pkey_mac.c   |  33 
 crypto/hmac/build.info  |   2 +-
 crypto/hmac/hm_meth.c   | 173 +++
 crypto/hmac/hm_pmeth.c  | 212 
 crypto/include/internal/evp_int.h   |   1 +
 doc/man3/EVP_MAC.pod|   3 +-
 doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_HMAC.pod} |  16 +-
 include/openssl/evp.h   |   1 +
 test/recipes/30-test_evp_data/evpmac.txt|   2 +-
 10 files changed, 224 insertions(+), 220 deletions(-)
 create mode 100644 crypto/hmac/hm_meth.c
 delete mode 100644 crypto/hmac/hm_pmeth.c
 copy doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_HMAC.pod} (70%)

diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c
index 862b639..edf8ba5 100644
--- a/crypto/evp/c_allm.c
+++ b/crypto/evp/c_allm.c
@@ -15,4 +15,5 @@ void openssl_add_all_macs_int(void)
 #ifndef OPENSSL_NO_CMAC
 EVP_add_mac(_meth);
 #endif
+EVP_add_mac(_meth);
 }
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index ecf70bb..9f3817c 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -359,3 +359,36 @@ const EVP_PKEY_METHOD cmac_pkey_meth = {
 pkey_mac_ctrl,
 pkey_mac_ctrl_str
 };
+
+const EVP_PKEY_METHOD hmac_pkey_meth = {
+EVP_PKEY_HMAC,
+0,
+pkey_mac_init,
+pkey_mac_copy,
+pkey_mac_cleanup,
+
+0, 0,
+
+0,
+pkey_mac_keygen,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+pkey_mac_signctx_init,
+pkey_mac_signctx,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+pkey_mac_ctrl,
+pkey_mac_ctrl_str
+};
diff --git a/crypto/hmac/build.info b/crypto/hmac/build.info
index 09f67c2..f63524d 100644
--- a/crypto/hmac/build.info
+++ b/crypto/hmac/build.info
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-hmac.c hm_ameth.c hm_pmeth.c
+hmac.c hm_ameth.c hm_meth.c
diff --git a/crypto/hmac/hm_meth.c b/crypto/hmac/hm_meth.c
new file mode 100644
index 000..fb48830
--- /dev/null
+++ b/crypto/hmac/hm_meth.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "internal/evp_int.h"
+
+/* local HMAC context structure */
+
+/* typedef EVP_MAC_IMPL */
+struct evp_mac_impl_st {
+/* tmpmd and tmpengine are set to NULL after a CMAC_Init call */
+const EVP_MD *tmpmd; /* HMAC digest */
+const ENGINE *tmpengine; /* HMAC digest engine */
+HMAC_CTX *ctx;   /* HMAC context */
+};
+
+static EVP_MAC_IMPL *hmac_new(void)
+{
+EVP_MAC_IMPL *hctx;
+
+if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL
+|| (hctx->ctx = HMAC_CTX_new()) == NULL) {
+OPENSSL_free(hctx);
+return NULL;
+}
+
+return hctx;
+}
+
+static void hmac_free(EVP_MAC_IMPL *hctx)
+{
+if (hctx != NULL) {
+HMAC_CTX_free(hctx->ctx);
+OPENSSL_free(hctx);
+}
+}
+
+static int hmac_copy(EVP_MAC_IMPL *hdst, EVP_MAC_IMPL *hsrc)
+{
+if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx))
+return 0;
+
+hdst->tmpengine = hsrc->tmpengine;
+hdst->tmpmd = hsrc->tmpmd;
+return 1;
+}
+
+static size_t hmac_size(EVP_MAC_IMPL *hctx)
+{
+return HMAC_size(hctx->ctx);
+}
+
+static int hmac_init(EVP_MAC_IMPL *hctx)
+{
+int rv = 1;
+
+/* HMAC_Init_ex

[openssl-commits] [openssl] master update

The branch master has been updated
   via  56adb7d93721a72bfae532845cbebc4a565ceb65 (commit)
   via  b8d77c9bd675b4128aeeafb4a738938460477a2e (commit)
   via  e74a435f58441c6f1f6b4558c762e17d0ab67b7f (commit)
   via  f71faf2753cc1b1cbba0da0997b70e5a908ac24b (commit)
  from  cf4eea12046445fc418507d2d5e14956b4353495 (commit)


- Log -
commit 56adb7d93721a72bfae532845cbebc4a565ceb65
Author: Richard Levitte 
Date:   Wed Oct 24 22:47:28 2018 +0200

Make sure at least one CMAC test still uses the EVP_PKEY method

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7484)

commit b8d77c9bd675b4128aeeafb4a738938460477a2e
Author: Richard Levitte 
Date:   Wed Oct 24 21:40:00 2018 +0200

Adapt other EVP code to use EVP_MAC instead of direct implementation calls

The EVP_PKEY methods for CMAC and HMAC needed a rework, although it
wasn't much change apart from name changes.

This also meant that EVP_PKEY_new_CMAC_key() needed an adjustment.
(the possibility to rewrite this function to work with any MAC is yet
to be explored)

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7484)

commit e74a435f58441c6f1f6b4558c762e17d0ab67b7f
Author: Richard Levitte 
Date:   Wed Oct 24 21:35:00 2018 +0200

EVP_MAC: Integrate CMAC EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7484)

commit f71faf2753cc1b1cbba0da0997b70e5a908ac24b
Author: Richard Levitte 
Date:   Wed Oct 24 21:30:00 2018 +0200

EVP_MAC: Add CMAC implementation

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7484)

---

Summary of changes:
 crypto/cmac/build.info   |   2 +-
 crypto/cmac/cm_ameth.c   |   7 +-
 crypto/cmac/cm_meth.c| 164 +++
 crypto/cmac/cm_pmeth.c   | 161 --
 crypto/evp/c_allm.c  |   3 +
 crypto/evp/p_lib.c   |   8 +-
 crypto/evp/pkey_mac.c|  11 +--
 crypto/include/internal/evp_int.h|   2 +
 doc/man3/EVP_MAC.pod |   8 --
 doc/man7/EVP_MAC_CMAC.pod|  65 
 include/openssl/evp.h|   2 +
 test/recipes/30-test_evp_data/evpmac.txt |   2 +-
 12 files changed, 248 insertions(+), 187 deletions(-)
 create mode 100644 crypto/cmac/cm_meth.c
 delete mode 100644 crypto/cmac/cm_pmeth.c
 create mode 100644 doc/man7/EVP_MAC_CMAC.pod

diff --git a/crypto/cmac/build.info b/crypto/cmac/build.info
index c8a4949..c460598 100644
--- a/crypto/cmac/build.info
+++ b/crypto/cmac/build.info
@@ -1,2 +1,2 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_pmeth.c
+SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_meth.c
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
index a58454a..7126584 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,6 @@
 #include 
 #include "internal/cryptlib.h"
 #include 
-#include 
 #include "internal/asn1_int.h"
 
 /*
@@ -25,8 +24,8 @@ static int cmac_size(const EVP_PKEY *pkey)
 
 static void cmac_key_free(EVP_PKEY *pkey)
 {
-CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
-CMAC_CTX_free(cmctx);
+EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+EVP_MAC_CTX_free(cmctx);
 }
 
 const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c
new file mode 100644
index 000..7089936
--- /dev/null
+++ b/crypto/cmac/cm_meth.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include 
+#include "internal/cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include "internal/evp_int.h"
+
+/* local CMAC pkey structure */
+
+/* typedef EVP_MAC_IMPL */
+struct evp_mac_impl_st {
+/* tmpcipher and tmpengine are set to NULL after a CMAC_Init call */
+const EVP_CIPHER *tmpcipher; /* cached CMAC cipher */
+const ENGINE *tmpengine; /* cached CMAC cipher engine */
+CMAC_CTX *ctx;
+};
+
+static EVP_MAC_IMPL *cmac_new(void)
+{
+EVP_MAC_IMPL *cctx;
+
+if ((cctx =

[openssl-commits] Build failed: openssl master.20654

2018-10-29 Thread AppVeyor




Build openssl master.20654 failed


Commit 3bbd08abea by Paul Yang on 10/30/2018 3:21 AM:

fix review comments


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  189b56b206e9d588560b609a3738fabceb76bcc3 (commit)
  from  d308458ef138dfbe925203b5cb01a015f0aa93ac (commit)


- Log -
commit 189b56b206e9d588560b609a3738fabceb76bcc3
Author: Chocobo1 
Date:   Fri Oct 19 22:05:49 2018 +0800

Fix MSVC warning C4819

CLA: trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7444)

(cherry picked from commit cf4eea12046445fc418507d2d5e14956b4353495)

---

Summary of changes:
 crypto/bn/bn_exp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 2c92d7e..c026ffc 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM 
*a, const BIGNUM *p,
  * is not only slower but also makes each bit vulnerable to
  * EM (and likely other) side-channel attacks like One
  * (for details see "One: A Single-Decryption EM-Based
- *  Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+ *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
  *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
  *  M. Prvulovic, in USENIX Security'18)
  */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  cf4eea12046445fc418507d2d5e14956b4353495 (commit)
  from  3afd38b277a806b901e039c6ad281c5e5c97ef67 (commit)


- Log -
commit cf4eea12046445fc418507d2d5e14956b4353495
Author: Chocobo1 
Date:   Fri Oct 19 22:05:49 2018 +0800

Fix MSVC warning C4819

CLA: trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7444)

---

Summary of changes:
 crypto/bn/bn_exp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 2c92d7e..c026ffc 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM 
*a, const BIGNUM *p,
  * is not only slower but also makes each bit vulnerable to
  * EM (and likely other) side-channel attacks like One
  * (for details see "One: A Single-Decryption EM-Based
- *  Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+ *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
  *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
  *  M. Prvulovic, in USENIX Security'18)
  */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#21380 (OpenSSL_1_1_0-stable - 003f1bf)

Build Update for openssl/openssl
-

Build: #21380
Status: Fixed

Duration: 14 mins and 51 secs
Commit: 003f1bf (OpenSSL_1_1_0-stable)
Author: Rod Vagg
Message: Remove brace from bad cherry-pick of DSA reallocation fix

Commit 56fb454 backported the DSA reallocation fix to 1.1.0, however a
code block that has multiple statements in 1.1.1+ only has a `goto` in
1.1.0 so introduces a brace that causes a compile failure.

CLA:trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7516)

View the changeset: 
https://github.com/openssl/openssl/compare/56fb454d281a...003f1bfd1852

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/448136819?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

The branch OpenSSL_1_1_0-stable has been updated
   via  003f1bfd185267cc67ac9dc521a27d7a2af0d0ee (commit)
  from  56fb454d281a023b3f950d969693553d3f3ceea1 (commit)


- Log -
commit 003f1bfd185267cc67ac9dc521a27d7a2af0d0ee
Author: Rod Vagg 
Date:   Mon Oct 29 20:43:53 2018 +1100

Remove brace from bad cherry-pick of DSA reallocation fix

Commit 56fb454 backported the DSA reallocation fix to 1.1.0, however a
code block that has multiple statements in 1.1.1+ only has a `goto` in
1.1.0 so introduces a brace that causes a compile failure.

CLA:trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7516)

---

Summary of changes:
 crypto/ec/ec_mult.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index ff882cc..8350082 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -178,7 +178,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT 
*r,
 cardinality_bits = BN_num_bits(cardinality);
 group_top = bn_get_top(cardinality);
 if ((bn_wexpand(k, group_top + 2) == NULL)
-|| (bn_wexpand(lambda, group_top + 2) == NULL)) {
+|| (bn_wexpand(lambda, group_top + 2) == NULL))
 goto err;
 
 if (!BN_copy(k, scalar))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

The branch master has been updated
   via  ec4583cb047f1dd56918b38f5a36941747d50d28 (commit)
  from  54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit)


- Log -
commit ec4583cb047f1dd56918b38f5a36941747d50d28
Author: Matt Caswell 
Date:   Mon Oct 29 21:52:29 2018 +

Correct the security advisory name

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/web/pull/91)

---

Summary of changes:
 news/secadv/{20181030.pdf => 20181030.txt} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename news/secadv/{20181030.pdf => 20181030.txt} (100%)

diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.txt
similarity index 100%
rename from news/secadv/20181030.pdf
rename to news/secadv/20181030.txt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  3afd38b277a806b901e039c6ad281c5e5c97ef67 (commit)
  from  88e3cf0a1024f4afaf8e44553526eb326db102bc (commit)


- Log -
commit 3afd38b277a806b901e039c6ad281c5e5c97ef67
Author: Vitezslav Cizek 
Date:   Thu Oct 25 13:53:26 2018 +0200

DSA: Check for sanity of input parameters

dsa_builtin_paramgen2 expects the L parameter to be greater than N,
otherwise the generation will get stuck in an infinite loop.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7493)

---

Summary of changes:
 crypto/dsa/dsa_gen.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 46f4f01..383d853 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 if (mctx == NULL)
 goto err;
 
+/* make sure L > N, otherwise we'll get trapped in an infinite loop */
+if (L <= N) {
+DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+goto err;
+}
+
 if (evpmd == NULL) {
 if (N == 160)
 evpmd = EVP_sha1();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

The branch OpenSSL_1_0_2-stable has been updated
   via  ebf65dbe1a67682d7e1f58db9c53ef737fb37f32 (commit)
  from  43e6a58d4991a451daf4891ff05a48735df871ac (commit)


- Log -
commit ebf65dbe1a67682d7e1f58db9c53ef737fb37f32
Author: Pauli 
Date:   Mon Oct 29 07:18:09 2018 +1000

Merge to 1.0.2: DSA mod inverse fix.

There is a side channel attack against the division used to calculate one of
the modulo inverses in the DSA algorithm. This change takes advantage of the
primality of the modulo and Fermat's little theorem to calculate the inverse
without leaking information.

Thanks to Samuel Weiser for finding and reporting this.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7512)

---

Summary of changes:
 crypto/dsa/dsa_ossl.c | 34 --
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 100e269..80daf60 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -73,6 +73,8 @@ static int dsa_do_verify(const unsigned char *dgst, int 
dgst_len,
  DSA_SIG *sig, DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+  BN_CTX *ctx);
 
 static DSA_METHOD openssl_dsa_meth = {
 "OpenSSL DSA method",
@@ -333,8 +335,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM 
**kinvp,
 if (!BN_mod(r, r, dsa->q, ctx))
 goto err;
 
-/* Compute  part of 's = inv(k) (m + xr) mod q' */
-if ((kinv = BN_mod_inverse(NULL, , dsa->q, ctx)) == NULL)
+/* Compute part of 's = inv(k) (m + xr) mod q' */
+if ((kinv = dsa_mod_inverse_fermat(, dsa->q, ctx)) == NULL)
 goto err;
 
 if (*kinvp != NULL)
@@ -468,3 +470,31 @@ static int dsa_finish(DSA *dsa)
 BN_MONT_CTX_free(dsa->method_mont_p);
 return (1);
 }
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation.  Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+  BN_CTX *ctx)
+{
+BIGNUM *res = NULL;
+BIGNUM *r, e;
+
+if ((r = BN_new()) == NULL)
+return NULL;
+
+BN_init();
+
+if (BN_set_word(r, 2)
+&& BN_sub(, q, r)
+&& BN_mod_exp_mont(r, k, , q, ctx, NULL))
+res = r;
+else
+BN_free(r);
+BN_free();
+return res;
+}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

The branch master has been updated
   via  54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit)
   via  c84f2126b736207c23b1984cbc07d496c22ca85d (commit)
  from  43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit)


- Log -
commit 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132
Merge: c84f212 43a3ec6
Author: Pauli 
Date:   Tue Oct 30 07:00:24 2018 +1000

Merge branch 'master' of git.openssl.org:openssl-web

commit c84f2126b736207c23b1984cbc07d496c22ca85d
Author: Pauli 
Date:   Tue Oct 30 07:00:08 2018 +1000

Add CVE-2018-0734

---

Summary of changes:
 news/newsflash.txt   |  3 ++-
 news/secadv/20181030.pdf | 32 +
 news/vulnerabilities.xml | 52 +++-
 3 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 news/secadv/20181030.pdf

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 311c39b..2c05c1a 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,7 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
-29-Oct-2018: Security Advisory: one 
low severity fix
+29-Oct-2018: Security Advisory: one 
low severity fix in DSA
+29-Oct-2018: Security Advisory: one 
low severity fix in ECDSA
 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please 
download and upgrade!
 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please 
download and test it
 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.pdf
new file mode 100644
index 000..b33ac41
--- /dev/null
+++ b/news/secadv/20181030.pdf
@@ -0,0 +1,32 @@
+OpenSSL Security Advisory [30 October 2018]
+===
+
+Timing vulnerability in DSA signature generation (CVE-2018-0734)
+
+
+Severity: Low
+
+The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+timing side channel attack. An attacker could use variations in the signing
+algorithm to recover the private key.
+
+Due to the low severity of this issue we are not issuing a new release
+of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included
+in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become
+available. The fix is also available in commit 8abfe72e8c (for 1.1.1),
+ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL
+git repository.
+
+This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20181030.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 52cc185..97ec427 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,57 @@
 
 
-
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+  
+
+
+  
+
+Constant time issue
+Timing attack against DSA
+
+  The OpenSSL DSA signature algorithm has been shown to be vulnerable
+  to a timing side channel attack. An attacker could use variations
+  in the signing algorithm to recover the private key.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

The branch OpenSSL_1_0_2-stable has been updated
   via  43e6a58d4991a451daf4891ff05a48735df871ac (commit)
  from  896e8c5713b50ff2ef1478d5c6709874ce57cf05 (commit)


- Log -
commit 43e6a58d4991a451daf4891ff05a48735df871ac
Author: Pauli 
Date:   Mon Oct 29 08:24:22 2018 +1000

Merge DSA reallocation timing fix CVE-2018-0734.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7513)

---

Summary of changes:
 crypto/dsa/dsa_ossl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 2dcfede..100e269 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM 
**kinvp,
 goto err;
 
 /* Preallocate space */
-q_bits = BN_num_bits(dsa->q);
+q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16;
 if (!BN_set_bit(, q_bits)
 || !BN_set_bit(, q_bits)
 || !BN_set_bit(, q_bits))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#21366 (master - 88e3cf0)

Build Update for openssl/openssl
-

Build: #21366
Status: Fixed

Duration: 18 mins and 34 secs
Commit: 88e3cf0 (master)
Author: Richard Levitte
Message: test/evp_test.c: Fixed strcmp() fault in mac_test_init()

When wanting to compare the end of a string with another string, make
sure not to start somewhere before the start of the first string.

[extended tests]

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7520)

View the changeset: 
https://github.com/openssl/openssl/compare/ce5d64c79c4d...88e3cf0a1024

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/447942857?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  88e3cf0a1024f4afaf8e44553526eb326db102bc (commit)
  from  ce5d64c79c4d809ece8fe28a5b62915467a1c0e1 (commit)


- Log -
commit 88e3cf0a1024f4afaf8e44553526eb326db102bc
Author: Richard Levitte 
Date:   Mon Oct 29 16:27:43 2018 +0100

test/evp_test.c: Fixed strcmp() fault in mac_test_init()

When wanting to compare the end of a string with another string, make
sure not to start somewhere before the start of the first string.

[extended tests]

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7520)

---

Summary of changes:
 test/evp_test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index 311814b..25b10d3 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -863,7 +863,8 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
 size_t sz = strlen(alg);
 static const char epilogue[] = " by EVP_PKEY";
 
-if (strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
+if (sz >= sizeof(epilogue)
+&& strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
 sz -= sizeof(epilogue) - 1;
 
 if (strncmp(alg, "HMAC", sz) == 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#21364 (master - ce5d64c)

Build Update for openssl/openssl
-

Build: #21364
Status: Still Failing

Duration: 21 mins and 24 secs
Commit: ce5d64c (master)
Author: Richard Levitte
Message: test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()

pkey_test_ctrl() was designed for parsing values, not for using in
test runs. Relying on its returned value when it returned 1 even for
control errors made it particularly useless for mac_test_run().

Here, it gets replaced with a MAC specific control function, that
parses values the same way but is designed for use in a _run() rather
than a _parse() function.

This uncovers a SipHash test with an invalid control that wasn't
caught properly. After all, that stanza is supposed to test that
invalid control values do generate an error. Now we catch that.

Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7500)

View the changeset:
https://github.com/openssl/openssl/compare/10d5b415f9e9...ce5d64c79c4d

View the full build log and details:
https://travis-ci.org/openssl/openssl/builds/447891510?utm_medium=notification_source=email

You can unsubscribe from build emails from the openssl/openssl repository going
to
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  d308458ef138dfbe925203b5cb01a015f0aa93ac (commit)
  from  86743ef857ae3323e0d5afe73282d79b7245586f (commit)


- Log -
commit d308458ef138dfbe925203b5cb01a015f0aa93ac
Author: Richard Levitte 
Date:   Fri Oct 26 13:42:40 2018 +0200

test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()

pkey_test_ctrl() was designed for parsing values, not for using in
test runs.  Relying on its returned value when it returned 1 even for
control errors made it particularly useless for mac_test_run().

Here, it gets replaced with a MAC specific control function, that
parses values the same way but is designed for use in a _run() rather
than a _parse() function.

This uncovers a SipHash test with an invalid control that wasn't
caught properly.  After all, that stanza is supposed to test that
invalid control values do generate an error.  Now we catch that.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7500)

(cherry picked from commit ce5d64c79c4d809ece8fe28a5b62915467a1c0e1)

---

Summary of changes:
 test/evp_test.c  | 33 ++--
 test/recipes/30-test_evp_data/evpmac.txt |  3 +--
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index 2ac69e1..e7e376e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -73,8 +73,6 @@ static KEY_LIST *public_keys;
 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
 
 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
-static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
-  const char *value);
 
 /*
  * Compare two memory regions for equality, returning zero if they differ.
@@ -927,6 +925,28 @@ static int mac_test_parse(EVP_TEST *t,
 return 0;
 }
 
+static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+  const char *value)
+{
+int rv;
+char *p, *tmpval;
+
+if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
+return 0;
+p = strchr(tmpval, ':');
+if (p != NULL)
+*p++ = '\0';
+rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+if (rv == -2)
+t->err = "PKEY_CTRL_INVALID";
+else if (rv <= 0)
+t->err = "PKEY_CTRL_ERROR";
+else
+rv = 1;
+OPENSSL_free(tmpval);
+return rv > 0;
+}
+
 static int mac_test_run(EVP_TEST *t)
 {
 MAC_DATA *expected = t->data;
@@ -972,8 +992,9 @@ static int mac_test_run(EVP_TEST *t)
 goto err;
 }
 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
-if (!pkey_test_ctrl(t, pctx,
-sk_OPENSSL_STRING_value(expected->controls, i))) {
+if (!mac_test_ctrl_pkey(t, pctx,
+sk_OPENSSL_STRING_value(expected->controls,
+i))) {
 t->err = "EVPPKEYCTXCTRL_ERROR";
 goto err;
 }
@@ -2614,8 +2635,8 @@ top:
 return 0;
 }
 if (rv < 0) {
-TEST_info("Line %d: error processing keyword %s\n",
-t->s.curr, pp->key);
+TEST_info("Line %d: error processing keyword %s = %s\n",
+  t->s.curr, pp->key, pp->value);
 return 0;
 }
 }
diff --git a/test/recipes/30-test_evp_data/evpmac.txt 
b/test/recipes/30-test_evp_data/evpmac.txt
index 6864070..4ec5fa4 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -157,8 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c
 MAC = SipHash
 Ctrl = digestsize:13
 Key = 000102030405060708090A0B0C0D0E0F
-Input = 
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = 5150d1772f50834a503e069a973fbd7c
+Result = EVPPKEYCTXCTRL_ERROR
 
 Title = HMAC tests (from RFC2104 and others)
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  ce5d64c79c4d809ece8fe28a5b62915467a1c0e1 (commit)
  from  10d5b415f9e973f44f18eeaf2713868ec813e1d7 (commit)


- Log -
commit ce5d64c79c4d809ece8fe28a5b62915467a1c0e1
Author: Richard Levitte 
Date:   Fri Oct 26 13:42:40 2018 +0200

test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()

pkey_test_ctrl() was designed for parsing values, not for using in
test runs.  Relying on its returned value when it returned 1 even for
control errors made it particularly useless for mac_test_run().

Here, it gets replaced with a MAC specific control function, that
parses values the same way but is designed for use in a _run() rather
than a _parse() function.

This uncovers a SipHash test with an invalid control that wasn't
caught properly.  After all, that stanza is supposed to test that
invalid control values do generate an error.  Now we catch that.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7500)

---

Summary of changes:
 test/evp_test.c  | 33 ++--
 test/recipes/30-test_evp_data/evpmac.txt |  3 +--
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index be18afb..311814b 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -73,8 +73,6 @@ static KEY_LIST *public_keys;
 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
 
 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
-static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
-  const char *value);
 
 /*
  * Compare two memory regions for equality, returning zero if they differ.
@@ -953,6 +951,28 @@ static int mac_test_parse(EVP_TEST *t,
 return 0;
 }
 
+static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+  const char *value)
+{
+int rv;
+char *p, *tmpval;
+
+if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
+return 0;
+p = strchr(tmpval, ':');
+if (p != NULL)
+*p++ = '\0';
+rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+if (rv == -2)
+t->err = "PKEY_CTRL_INVALID";
+else if (rv <= 0)
+t->err = "PKEY_CTRL_ERROR";
+else
+rv = 1;
+OPENSSL_free(tmpval);
+return rv > 0;
+}
+
 static int mac_test_run_pkey(EVP_TEST *t)
 {
 MAC_DATA *expected = t->data;
@@ -1004,8 +1024,9 @@ static int mac_test_run_pkey(EVP_TEST *t)
 goto err;
 }
 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
-if (!pkey_test_ctrl(t, pctx,
-sk_OPENSSL_STRING_value(expected->controls, i))) {
+if (!mac_test_ctrl_pkey(t, pctx,
+sk_OPENSSL_STRING_value(expected->controls,
+i))) {
 t->err = "EVPPKEYCTXCTRL_ERROR";
 goto err;
 }
@@ -2766,8 +2787,8 @@ top:
 return 0;
 }
 if (rv < 0) {
-TEST_info("Line %d: error processing keyword %s\n",
-t->s.curr, pp->key);
+TEST_info("Line %d: error processing keyword %s = %s\n",
+  t->s.curr, pp->key, pp->value);
 return 0;
 }
 }
diff --git a/test/recipes/30-test_evp_data/evpmac.txt 
b/test/recipes/30-test_evp_data/evpmac.txt
index 6864070..4ec5fa4 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -157,8 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c
 MAC = SipHash
 Ctrl = digestsize:13
 Key = 000102030405060708090A0B0C0D0E0F
-Input = 
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = 5150d1772f50834a503e069a973fbd7c
+Result = EVPPKEYCTXCTRL_ERROR
 
 Title = HMAC tests (from RFC2104 and others)
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#21356 (master - 10d5b41)

Build Update for openssl/openssl
-

Build: #21356
Status: Still Failing

Duration: 21 mins and 25 secs
Commit: 10d5b41 (master)
Author: Matt Caswell
Message: Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7501)

View the changeset: 
https://github.com/openssl/openssl/compare/ecc347f5f53a...10d5b415f9e9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/447813877?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#21353 (master - ecc347f)

Build Update for openssl/openssl
-

Build: #21353
Status: Still Failing

Duration: 26 mins and 13 secs
Commit: ecc347f (master)
Author: Richard Levitte
Message: Windows build: build foo.d after foo.obj

We made the build of foo.obj depend on foo.d, meaning the latter gets
built first.  Unfortunately, the way the compiler works, we are forced
to redirect all output to foo.d, meaning that if the source contains
an error, the build fails without showing those errors.

We therefore remove the dependency and force the build of foo.d to
always happen after build of foo.obj.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7469)

View the changeset: 
https://github.com/openssl/openssl/compare/60690b5b8396...ecc347f5f53a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/447790892?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  86743ef857ae3323e0d5afe73282d79b7245586f (commit)
   via  070ce40be1dce27cf321b437a4a5446add17e945 (commit)
  from  7e01266fa69db90533e53a37cc83d0df99b1c08f (commit)


- Log -
commit 86743ef857ae3323e0d5afe73282d79b7245586f
Author: Matt Caswell 
Date:   Fri Oct 26 12:45:27 2018 +0100

Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7501)

(cherry picked from commit 10d5b415f9e973f44f18eeaf2713868ec813e1d7)

commit 070ce40be1dce27cf321b437a4a5446add17e945
Author: Matt Caswell 
Date:   Fri Oct 26 12:19:43 2018 +0100

Reset the HKDF state between operations

Fixes #7497

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7501)

(cherry picked from commit ca55d70be031746daddd8bd0611db54ed81f1737)

---

Summary of changes:
 crypto/kdf/hkdf.c | 14 +-
 test/evp_extra_test.c | 46 ++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index ec6090a..ae46fad 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const 
char *type,
 return -2;
 }
 
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+HKDF_PKEY_CTX *kctx = ctx->data;
+
+OPENSSL_clear_free(kctx->key, kctx->key_len);
+OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+OPENSSL_cleanse(kctx->info, kctx->info_len);
+memset(kctx, 0, sizeof(*kctx));
+
+return 1;
+}
+
 static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
 size_t *keylen)
 {
@@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
 
 0, 0,
 
-0,
+pkey_hkdf_derive_init,
 pkey_hkdf_derive,
 pkey_hkdf_ctrl,
 pkey_hkdf_ctrl_str
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 7b847ee..e396b07 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "testutil.h"
 #include "internal/nelem.h"
 #include "internal/evp_int.h"
@@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i)
 return ret;
 }
 
+static int test_HKDF(void)
+{
+EVP_PKEY_CTX *pctx;
+unsigned char out[20];
+size_t outlen;
+int i, ret = 0;
+unsigned char salt[] = "0123456789";
+unsigned char key[] = "012345678901234567890123456789";
+unsigned char info[] = "infostring";
+const unsigned char expected[] = {
+0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
+0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
+};
+size_t expectedlen = sizeof(expected);
+
+if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+goto done;
+
+/* We do this twice to test reuse of the EVP_PKEY_CTX */
+for (i = 0; i < 2; i++) {
+outlen = sizeof(out);
+memset(out, 0, outlen);
+
+if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 
0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+sizeof(salt) - 1), 
0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+   sizeof(key) - 1), 0)
+|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+sizeof(info) - 1), 
0)
+|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, ), 0)
+|| !TEST_mem_eq(out, outlen, expected, expectedlen))
+goto done;
+}
+
+ret = 1;
+
+ done:
+EVP_PKEY_CTX_free(pctx);
+
+return ret;
+}
+
 int setup_tests(void)
 {
 ADD_TEST(test_EVP_DigestSignInit);
@@ -941,5 +986,6 @@ int setup_tests(void)
 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
 return 0;
 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
+ADD_TEST(test_HKDF);
 return 1;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  10d5b415f9e973f44f18eeaf2713868ec813e1d7 (commit)
   via  ca55d70be031746daddd8bd0611db54ed81f1737 (commit)
  from  ecc347f5f53a9f2edc2805d50cba07db64267e8a (commit)


- Log -
commit 10d5b415f9e973f44f18eeaf2713868ec813e1d7
Author: Matt Caswell 
Date:   Fri Oct 26 12:45:27 2018 +0100

Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7501)

commit ca55d70be031746daddd8bd0611db54ed81f1737
Author: Matt Caswell 
Date:   Fri Oct 26 12:19:43 2018 +0100

Reset the HKDF state between operations

Fixes #7497

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7501)

---

Summary of changes:
 crypto/kdf/hkdf.c | 14 +-
 test/evp_extra_test.c | 46 ++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index ec6090a..ae46fad 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const 
char *type,
 return -2;
 }
 
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+HKDF_PKEY_CTX *kctx = ctx->data;
+
+OPENSSL_clear_free(kctx->key, kctx->key_len);
+OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+OPENSSL_cleanse(kctx->info, kctx->info_len);
+memset(kctx, 0, sizeof(*kctx));
+
+return 1;
+}
+
 static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
 size_t *keylen)
 {
@@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
 
 0, 0,
 
-0,
+pkey_hkdf_derive_init,
 pkey_hkdf_derive,
 pkey_hkdf_ctrl,
 pkey_hkdf_ctrl_str
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 7b847ee..e396b07 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "testutil.h"
 #include "internal/nelem.h"
 #include "internal/evp_int.h"
@@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i)
 return ret;
 }
 
+static int test_HKDF(void)
+{
+EVP_PKEY_CTX *pctx;
+unsigned char out[20];
+size_t outlen;
+int i, ret = 0;
+unsigned char salt[] = "0123456789";
+unsigned char key[] = "012345678901234567890123456789";
+unsigned char info[] = "infostring";
+const unsigned char expected[] = {
+0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
+0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
+};
+size_t expectedlen = sizeof(expected);
+
+if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+goto done;
+
+/* We do this twice to test reuse of the EVP_PKEY_CTX */
+for (i = 0; i < 2; i++) {
+outlen = sizeof(out);
+memset(out, 0, outlen);
+
+if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 
0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+sizeof(salt) - 1), 
0)
+|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+   sizeof(key) - 1), 0)
+|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+sizeof(info) - 1), 
0)
+|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, ), 0)
+|| !TEST_mem_eq(out, outlen, expected, expectedlen))
+goto done;
+}
+
+ret = 1;
+
+ done:
+EVP_PKEY_CTX_free(pctx);
+
+return ret;
+}
+
 int setup_tests(void)
 {
 ADD_TEST(test_EVP_DigestSignInit);
@@ -941,5 +986,6 @@ int setup_tests(void)
 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
 return 0;
 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
+ADD_TEST(test_HKDF);
 return 1;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#21351 (master - 60690b5)

Build Update for openssl/openssl
-

Build: #21351
Status: Still Failing

Duration: 22 mins and 51 secs
Commit: 60690b5 (master)
Author: Richard Levitte
Message: ssl/statem: Don't compare size_t with less than zero

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

View the changeset: 
https://github.com/openssl/openssl/compare/f842b6b2a4d7...60690b5b8396

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/447789263?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

The branch master has been updated
   via  43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit)
  from  ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit)


- Log -
commit 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb
Author: Matt Caswell 
Date:   Mon Oct 29 12:09:44 2018 +

Update vulnerabilities.xml

The new CVE is only fixed in the dev version. 1.1.1a and 1.1.0j are not
yet released.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/90)

---

Summary of changes:
 news/vulnerabilities.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 6067c1e..52cc185 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -22,10 +22,10 @@
 
 
 
-
+
   
 
-
+
   
 
 Constant time issue
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  7e01266fa69db90533e53a37cc83d0df99b1c08f (commit)
  from  7ccfce81db635eb89401ed0bf2d9e256e962e5d8 (commit)


- Log -
commit 7e01266fa69db90533e53a37cc83d0df99b1c08f
Author: Richard Levitte 
Date:   Tue Oct 23 10:35:48 2018 +0200

Windows build: build foo.d after foo.obj

We made the build of foo.obj depend on foo.d, meaning the latter gets
built first.  Unfortunately, the way the compiler works, we are forced
to redirect all output to foo.d, meaning that if the source contains
an error, the build fails without showing those errors.

We therefore remove the dependency and force the build of foo.d to
always happen after build of foo.obj.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7469)

(cherry picked from commit ecc347f5f53a9f2edc2805d50cba07db64267e8a)

---

Summary of changes:
 Configurations/windows-makefile.tmpl | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 13368fc..c270549 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -594,16 +594,14 @@ $obj$objext: $deps
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags 
\$(ASOUTFLAG)\$\@ \$@.asm
 EOF
  }
- return <<"EOF"if (!$disabled{makedepend});
-$obj$depext: $deps
-   \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
-$obj$objext: $obj$depext
-   \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
-EOF
-return <<"EOF" if ($disabled{makedepend});
+ my $recipe = <<"EOF";
 $obj$objext: $deps
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
 EOF
+ $recipe .= <<"EOF"unless $disabled{makedepend};
+   \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
+EOF
+ return $recipe;
  }
 
  # We *know* this routine is only called when we've configure 'shared'.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  ecc347f5f53a9f2edc2805d50cba07db64267e8a (commit)
  from  60690b5b8396d7d5234cd067206190fb8aca78d2 (commit)


- Log -
commit ecc347f5f53a9f2edc2805d50cba07db64267e8a
Author: Richard Levitte 
Date:   Tue Oct 23 10:35:48 2018 +0200

Windows build: build foo.d after foo.obj

We made the build of foo.obj depend on foo.d, meaning the latter gets
built first.  Unfortunately, the way the compiler works, we are forced
to redirect all output to foo.d, meaning that if the source contains
an error, the build fails without showing those errors.

We therefore remove the dependency and force the build of foo.d to
always happen after build of foo.obj.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7469)

---

Summary of changes:
 Configurations/windows-makefile.tmpl | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 44cc7d0..c4987f2 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -615,16 +615,14 @@ $obj$objext: $deps
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags 
\$(ASOUTFLAG)\$\@ \$@.asm
 EOF
  }
- return <<"EOF"if (!$disabled{makedepend});
-$obj$depext: $deps
-   \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
-$obj$objext: $obj$depext
-   \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
-EOF
-return <<"EOF" if ($disabled{makedepend});
+ my $recipe = <<"EOF";
 $obj$objext: $deps
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
 EOF
+ $recipe .= <<"EOF"unless $disabled{makedepend};
+   \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
+EOF
+ return $recipe;
  }
 
  # We *know* this routine is only called when we've configure 'shared'.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  7ccfce81db635eb89401ed0bf2d9e256e962e5d8 (commit)
   via  a862a1d517032ae4ba6ea4e7a32505bb8fedf8e7 (commit)
   via  bbc1c56a3c2e722f22ebae44e55598c05a58cf2a (commit)
  from  6101850bafeb28fd5d752576037812c2672321e6 (commit)


- Log -
commit 7ccfce81db635eb89401ed0bf2d9e256e962e5d8
Author: Richard Levitte 
Date:   Wed Sep 12 02:31:10 2018 +0200

ssl/statem: Don't compare size_t with less than zero

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit 60690b5b8396d7d5234cd067206190fb8aca78d2)

commit a862a1d517032ae4ba6ea4e7a32505bb8fedf8e7
Author: Richard Levitte 
Date:   Wed Sep 12 02:30:25 2018 +0200

VMS & cryptoerr.h: include symhacks.h

Needed to clear a clash between ERR_load_CRYPTO_strings and
ERR_load_crypto_strings

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit cc3a2e4f51679d99507a979f9a920f6068473aa2)

commit bbc1c56a3c2e722f22ebae44e55598c05a58cf2a
Author: Richard Levitte 
Date:   Wed Sep 12 02:28:35 2018 +0200

apps/rehash.c: Convert ISO-8859-1 to UTF-8

Believe it or not, the VMS C compiler is remarking on this

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit 4602cc85aff35b7aa5e27dc57ead89f0867637f9)

---

Summary of changes:
 apps/rehash.c   | 2 +-
 include/openssl/cryptoerr.h | 3 +++
 ssl/statem/extensions.c | 6 --
 ssl/statem/statem_lib.c | 5 +++--
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/apps/rehash.c b/apps/rehash.c
index de7217c..bb41d31 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Ter�s 
+ * Copyright (c) 2013-2014 Timo Teräs 
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index e127ff6..10723d0 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -14,6 +14,9 @@
 # ifdef  __cplusplus
 extern "C"
 # endif
+
+# include 
+
 int ERR_load_CRYPTO_strings(void);
 
 /*
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8422161..8d4939d 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const 
unsigned char *msgstart,
  */
 if (s->hello_retry_request == SSL_HRR_PENDING) {
 size_t hdatalen;
+long hdatalen_l;
 void *hdata;
 
-hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, );
-if (hdatalen <= 0) {
+hdatalen = hdatalen_l =
+BIO_get_mem_data(s->s3->handshake_buffer, );
+if (hdatalen_l <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
  SSL_R_BAD_HANDSHAKE_LENGTH);
 goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 508bb88..e6e61f7 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char 
*tls13tbs,
 *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
 } else {
 size_t retlen;
+long retlen_l;
 
-retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
-if (retlen <= 0) {
+retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+if (retlen_l <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
  ERR_R_INTERNAL_ERROR);
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

The branch master has been updated
   via  60690b5b8396d7d5234cd067206190fb8aca78d2 (commit)
   via  cc3a2e4f51679d99507a979f9a920f6068473aa2 (commit)
   via  4602cc85aff35b7aa5e27dc57ead89f0867637f9 (commit)
  from  f842b6b2a4d7cbb9d22e4605c502b73f25bb6a7b (commit)


- Log -
commit 60690b5b8396d7d5234cd067206190fb8aca78d2
Author: Richard Levitte 
Date:   Wed Sep 12 02:31:10 2018 +0200

ssl/statem: Don't compare size_t with less than zero

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

commit cc3a2e4f51679d99507a979f9a920f6068473aa2
Author: Richard Levitte 
Date:   Wed Sep 12 02:30:25 2018 +0200

VMS & cryptoerr.h: include symhacks.h

Needed to clear a clash between ERR_load_CRYPTO_strings and
ERR_load_crypto_strings

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

commit 4602cc85aff35b7aa5e27dc57ead89f0867637f9
Author: Richard Levitte 
Date:   Wed Sep 12 02:28:35 2018 +0200

apps/rehash.c: Convert ISO-8859-1 to UTF-8

Believe it or not, the VMS C compiler is remarking on this

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7194)

---

Summary of changes:
 apps/rehash.c   | 2 +-
 include/openssl/cryptoerr.h | 3 +++
 ssl/statem/extensions.c | 6 --
 ssl/statem/statem_lib.c | 5 +++--
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/apps/rehash.c b/apps/rehash.c
index de7217c..bb41d31 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Ter�s 
+ * Copyright (c) 2013-2014 Timo Teräs 
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index e127ff6..10723d0 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -14,6 +14,9 @@
 # ifdef  __cplusplus
 extern "C"
 # endif
+
+# include 
+
 int ERR_load_CRYPTO_strings(void);
 
 /*
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8422161..8d4939d 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const 
unsigned char *msgstart,
  */
 if (s->hello_retry_request == SSL_HRR_PENDING) {
 size_t hdatalen;
+long hdatalen_l;
 void *hdata;
 
-hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, );
-if (hdatalen <= 0) {
+hdatalen = hdatalen_l =
+BIO_get_mem_data(s->s3->handshake_buffer, );
+if (hdatalen_l <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
  SSL_R_BAD_HANDSHAKE_LENGTH);
 goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 508bb88..e6e61f7 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char 
*tls13tbs,
 *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
 } else {
 size_t retlen;
+long retlen_l;
 
-retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
-if (retlen <= 0) {
+retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+if (retlen_l <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
  ERR_R_INTERNAL_ERROR);
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#21345 (master - f842b6b)

Build Update for openssl/openssl
-

Build: #21345
Status: Broken

Duration: 19 mins and 0 secs
Commit: f842b6b (master)
Author: Richard Levitte
Message: Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl()

These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and
EVP_PKEY_CTX_hex2ctrl().  They will parse the value, and then pass the
parsed result and length to a callback that knows exactly how to pass
them on to a main _ctrl function, along with a context structure
pointer.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7393)

View the changeset: 
https://github.com/openssl/openssl/compare/f9e43929c46b...f842b6b2a4d7

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/447767730?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update