[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  18b8431f3b8a593bdcceb0d8f1c9612bddb77541 (commit)
  from  58c81e7e0b71fe45ae836c59506daac87199dcbb (commit)


- Log -
commit 18b8431f3b8a593bdcceb0d8f1c9612bddb77541
Author: Markus Triska 
Date:   Sun Dec 25 19:58:38 2016 +0100

replace "will lookup up" by "will look up"

Reviewed-by: Rich Salz 
Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)
(cherry picked from commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c)

---

Summary of changes:
 doc/ssl/SSL_CTX_set_session_cache_mode.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod 
b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
index c5d2f43..4d71f85 100644
--- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -30,7 +30,7 @@ server. It can only send exactly one id.  The server then 
either
 agrees to reuse the session or it starts a full handshake (to create a new
 session).
 
-A server will lookup up the session in its internal session storage. If the
+A server will look up the session in its internal session storage. If the
 session is not found in internal storage or lookups for the internal storage
 have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
 the external storage if available.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  58c81e7e0b71fe45ae836c59506daac87199dcbb (commit)
  from  222333cf01e2fec4a20c107ac9e820694611a4db (commit)


- Log -
commit 58c81e7e0b71fe45ae836c59506daac87199dcbb
Author: Richard Levitte 
Date:   Tue Dec 20 19:21:00 2016 +0100

Reformat M_check_autoarg to match our coding style

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2121)
(cherry picked from commit 2629440d42e4d64cd0cb849c1b19fa87a4fcb90f)

---

Summary of changes:
 crypto/evp/pmeth_fn.c | 35 ---
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index e11ad3d..727869e 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -65,25 +65,22 @@
 #include "evp_locl.h"
 
 #define M_check_autoarg(ctx, arg, arglen, err) \
-if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
-{ \
-size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-if (pksize == 0) \
-{ \
-EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
-return 0; \
-} \
-else if (!arg) \
-{ \
-*arglen = pksize; \
-return 1; \
-} \
-else if (*arglen < pksize) \
-{ \
-EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
-return 0; \
-} \
-}
+if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {   \
+size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
+  \
+if (pksize == 0) {\
+EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/  \
+return 0; \
+} \
+if (!arg) {   \
+*arglen = pksize; \
+return 1; \
+} \
+if (*arglen < pksize) {   \
+EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+return 0; \
+} \
+}
 
 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
 {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  222333cf01e2fec4a20c107ac9e820694611a4db (commit)
  from  3fb9f875e7d6295129782837db5d4a21940d2efa (commit)


- Log -
commit 222333cf01e2fec4a20c107ac9e820694611a4db
Author: Richard Levitte 
Date:   Tue Dec 20 12:56:14 2016 +0100

M_check_autoarg: sanity check the key

For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)

---

Summary of changes:
 crypto/evp/evp.h  | 6 --
 crypto/evp/evp_err.c  | 3 ++-
 crypto/evp/pmeth_fn.c | 7 ++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 39ab793..d258ef8 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void);
  * The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+
 void ERR_load_EVP_strings(void);
 
 /* Error codes for the EVP functions. */
@@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED  111
 # define EVP_R_INVALID_DIGEST 152
 # define EVP_R_INVALID_FIPS_MODE  168
+# define EVP_R_INVALID_KEY171
 # define EVP_R_INVALID_KEY_LENGTH 130
 # define EVP_R_INVALID_OPERATION  148
 # define EVP_R_IV_TOO_LARGE   102
@@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH   109
 # define EVP_R_WRONG_PUBLIC_KEY_TYPE  110
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 15cf553..bcd841e 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* 
- * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
 {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+{ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index a8b7f2f..e11ad3d 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -68,7 +68,12 @@
 if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
 { \
 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-if (!arg) \
+if (pksize == 0) \
+{ \
+EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
+return 0; \
+} \
+else if (!arg) \
 { \
 *arglen = pksize; \
 return 1; \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  3fb9f875e7d6295129782837db5d4a21940d2efa (commit)
  from  5bbedd3cc1d380595a6cc459e6546bb649f16a0b (commit)


- Log -
commit 3fb9f875e7d6295129782837db5d4a21940d2efa
Author: Finn Hakansson 
Date:   Thu Dec 15 12:58:19 2016 -0500

Fix typo.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)
(cherry picked from commit 0b742f93ea7882a447f6523ac56a6f847d9f8e92)

(cherry picked from commit f7a2da1d584bed2e05774f92d69fee39ce3edda2)

---

Summary of changes:
 doc/crypto/RSA_generate_key.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
index 881391a..0882a1a 100644
--- a/doc/crypto/RSA_generate_key.pod
+++ b/doc/crypto/RSA_generate_key.pod
@@ -52,7 +52,7 @@ it is called as B.
 The process is then repeated for prime q with B.
 
 RSA_generate_key is deprecated (new applications should use
-RSA_generate_key_ex instead). RSA_generate_key works in the same was as
+RSA_generate_key_ex instead). RSA_generate_key works in the same way as
 RSA_generate_key_ex except it uses "old style" call backs. See
 L for further details.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  5bbedd3cc1d380595a6cc459e6546bb649f16a0b (commit)
  from  70705b291cbc496f1d70e4429cc54018e8113f08 (commit)


- Log -
commit 5bbedd3cc1d380595a6cc459e6546bb649f16a0b
Author: russor 
Date:   Mon Jul 25 13:11:28 2016 -0700

zero pad DHE public key in ServerKeyExchange message for interop

Some versions of the Microsoft TLS stack have problems when the DHE public 
key
is encoded with fewer bytes than the DHE prime. (Backported from master)

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1350)

---

Summary of changes:
 ssl/s3_srvr.c | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index aa591eb..0e57cb3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1601,6 +1601,9 @@ int ssl3_send_server_key_exchange(SSL *s)
 unsigned int u;
 #endif
 #ifndef OPENSSL_NO_DH
+# ifdef OPENSSL_NO_RSA
+int j;
+# endif
 DH *dh = NULL, *dhp;
 #endif
 #ifndef OPENSSL_NO_ECDH
@@ -1862,6 +1865,16 @@ int ssl3_send_server_key_exchange(SSL *s)
 n += 1 + nr[i];
 else
 #endif
+#ifndef OPENSSL_NO_DH
+/*
+ * for interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here
+ */
+if ((i == 2) && (type & (SSL_kEDH)))
+n += 2 + nr[0];
+else
+#endif
 n += 2 + nr[i];
 }
 
@@ -1896,6 +1909,20 @@ int ssl3_send_server_key_exchange(SSL *s)
 p++;
 } else
 #endif
+#ifndef OPENSSL_NO_DH
+/*
+ * for interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime
+ */
+if ((i == 2) && (type & (SSL_kEDH))) {
+s2n(nr[0], p);
+for (j = 0; j < (nr[0] - nr[2]); ++j) {
+*p = 0;
+++p;
+}
+} else
+#endif
 s2n(nr[i], p);
 BN_bn2bin(r[i], p);
 p += nr[i];
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  70705b291cbc496f1d70e4429cc54018e8113f08 (commit)
   via  3b584efe91ea55e7752819b4631448c4faab5988 (commit)
  from  292bb56846ad78ac7b68a00c92153c0c9471665b (commit)


- Log -
commit 70705b291cbc496f1d70e4429cc54018e8113f08
Author: Richard Levitte 
Date:   Wed Dec 14 14:10:33 2016 +0100

Fix ssl_cert_dup: change one 'return NULL' to 'goto err'

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/2082)

commit 3b584efe91ea55e7752819b4631448c4faab5988
Author: Richard Levitte 
Date:   Wed Dec 14 13:51:01 2016 +0100

Make 'err' lable in ssl_cert_dup unconditional

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/2082)

---

Summary of changes:
 ssl/ssl_cert.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f48ebae..1be6fb0 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -315,7 +315,7 @@ CERT *ssl_cert_dup(CERT *cert)
 OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
 if (ret->pkeys[i].serverinfo == NULL) {
 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-return NULL;
+goto err;
 }
 ret->pkeys[i].serverinfo_length =
 cert->pkeys[i].serverinfo_length;
@@ -392,9 +392,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
 return (ret);
 
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
  err:
-#endif
 #ifndef OPENSSL_NO_RSA
 if (ret->rsa_tmp != NULL)
 RSA_free(ret->rsa_tmp);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  292bb56846ad78ac7b68a00c92153c0c9471665b (commit)
  from  7624a318ce75aec963fa397622ec2843c42dc075 (commit)


- Log -
commit 292bb56846ad78ac7b68a00c92153c0c9471665b
Author: Benjamin Kaduk 
Date:   Fri Jul 22 09:55:48 2016 -0500

Fix a bug in clienthello processing

- Always process ALPN (previously there was an early return in the
  certificate status handling)

1.0.2 did not have the double-alert issue from master, but it seems
cleanest to pull in the structural change to alert handling anyway
and jump to f_err instead of err to send the alert in the caller.

(cherry picked from commit 70c22888c1648fe8652e77107f3c74bf2212de36)

Reviewed-by: Emilia Käsper 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/s3_srvr.c  |  4 +--
 ssl/ssl_locl.h |  2 +-
 ssl/t1_lib.c   | 85 +++---
 3 files changed, 37 insertions(+), 54 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 01ccd5d..aa591eb 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1465,9 +1465,9 @@ int ssl3_get_client_hello(SSL *s)
 
 /* Handles TLS extensions that we couldn't check earlier */
 if (s->version >= SSL3_VERSION) {
-if (ssl_check_clienthello_tlsext_late(s) <= 0) {
+if (!ssl_check_clienthello_tlsext_late(s, )) {
 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-goto err;
+goto f_err;
 }
 }
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6df725f..d50edd1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1384,7 +1384,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, 
unsigned char *buf,
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
  unsigned char *limit);
 int tls1_set_server_sigalgs(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
  unsigned char *d, int n);
 int ssl_prepare_clienthello_tlsext(SSL *s);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 69706be..e60c88b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2068,11 +2068,10 @@ static int tls1_alpn_handle_client_hello(SSL *s, const 
unsigned char *data,
 
 /*
  * Process the ALPN extension in a ClientHello.
- * ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
  * al: a pointer to the alert value to send in the event of a failure.
- * returns 1 on success, 0 on failure: al/ret set only on failure
+ * returns 1 on success, 0 on failure: al set only on failure
  */
-static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
+static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
 {
 const unsigned char *selected = NULL;
 unsigned char selected_len = 0;
@@ -2088,7 +2087,6 @@ static int tls1_alpn_handle_client_hello_late(SSL *s, int 
*ret, int *al)
 s->s3->alpn_selected = OPENSSL_malloc(selected_len);
 if (s->s3->alpn_selected == NULL) {
 *al = SSL_AD_INTERNAL_ERROR;
-*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
 return 0;
 }
 memcpy(s->s3->alpn_selected, selected, selected_len);
@@ -3166,10 +3164,12 @@ int tls1_set_server_sigalgs(SSL *s)
 return 0;
 }
 
-int ssl_check_clienthello_tlsext_late(SSL *s)
+/*
+ * Upon success, returns 1.
+ * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
+ */
+int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
 {
-int ret = SSL_TLSEXT_ERR_OK;
-int al;
 
 /*
  * If status request then ask callback what to do. Note: this must be
@@ -3178,58 +3178,41 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
  * influence which certificate is sent
  */
 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
-int r;
+int ret;
 CERT_PKEY *certpkey;
 certpkey = ssl_get_server_send_pkey(s);
 /* If no certificate can't return certificate status */
-if (certpkey == NULL) {
-s->tlsext_status_expected = 0;
-return 1;
-}
-/*
- * Set current certificate to one we will use so SSL_get_certificate
- * et al can pick it up.
- */
-s->cert->key = certpkey;
-r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-switch (r) {
-/* We don't want to send a status request response */
-case SSL_TLSEXT_ERR_NOACK:
-s->tlsext_status_expected = 0;
-break;
-/* status request response should be sent */
-case 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  7624a318ce75aec963fa397622ec2843c42dc075 (commit)
  from  10a50374bfcff8fd27e8b39a0de20869d64ca346 (commit)


- Log -
commit 7624a318ce75aec963fa397622ec2843c42dc075
Author: Andy Polyakov 
Date:   Fri Dec 9 15:26:19 2016 +0100

perlasm/x86_64-xlate.pl: refine sign extension in ea package.

$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz 
(cherry picked from commit 82e089308bd9a7794a45f0fa3973d7659420fbd8)

---

Summary of changes:
 crypto/perlasm/x86_64-xlate.pl | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index 7a3dd04..b7ae40b 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -250,11 +250,18 @@ my %globals;
$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
 
# Solaris /usr/ccs/bin/as can't handle multiplications
-   # in $self->{label}, new gas requires sign extension...
+   # in $self->{label}...
use integer;
$self->{label} =~ s/(?{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg;
-   $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;
+
+   # Some assemblers insist on signed presentation of 32-bit
+   # offsets, but sign extension is a tricky business in perl...
+   if ((1<<31)<<1) {
+   $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;
+   } else {
+   $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;
+   }
 
if (!$self->{label} && $self->{index} && $self->{scale}==1 &&
$self->{base} =~ /(rbp|r13)/) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  10a50374bfcff8fd27e8b39a0de20869d64ca346 (commit)
  from  78a3e80a31b9c2b66bd8e1d33903d386915aefbb (commit)


- Log -
commit 10a50374bfcff8fd27e8b39a0de20869d64ca346
Author: Richard Levitte 
Date:   Wed Dec 7 20:28:43 2016 +0100

UI_OpenSSL()'s session opener fails on MacOS X

If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2039)
(cherry picked from commit c901bccec6f747467e1af31473655c8290e32309)

---

Summary of changes:
 crypto/ui/ui_openssl.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 377384b..17d14f5 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -509,6 +509,15 @@ static int open_console(UI *ui)
 is_a_tty = 0;
 else
 # endif
+# ifdef ENODEV
+/*
+ * MacOS X returns ENODEV (Operation not supported by device),
+ * which seems appropriate.
+ */
+if (errno == ENODEV)
+is_a_tty = 0;
+else
+# endif
 return 0;
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  78a3e80a31b9c2b66bd8e1d33903d386915aefbb (commit)
  from  fecd4c265527459e3db5ac37bbf77ab47aa10dc7 (commit)


- Log -
commit 78a3e80a31b9c2b66bd8e1d33903d386915aefbb
Author: Richard Levitte 
Date:   Fri Dec 9 23:41:01 2016 +0100

VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error

On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2064)

---

Summary of changes:
 crypto/ui/ui_openssl.c | 48 
 1 file changed, 28 insertions(+), 20 deletions(-)

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 295fbc5..377384b 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -514,13 +514,17 @@ static int open_console(UI *ui)
 #endif
 #ifdef OPENSSL_SYS_VMS
 status = sys$assign(, , 0, 0);
+
+/* if there isn't a TT device, something is very wrong */
 if (status != SS$_NORMAL)
 return 0;
-status =
-sys$qiow(0, channel, IO$_SENSEMODE, , 0, 0, tty_orig, 12, 0, 0,
- 0, 0);
+
+status = sys$qiow(0, channel, IO$_SENSEMODE, , 0, 0, tty_orig, 12,
+  0, 0, 0, 0);
+
+/* If IO$_SENSEMODE doesn't work, this is not a terminal device */
 if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-return 0;
+is_a_tty = 0;
 #endif
 return 1;
 }
@@ -537,14 +541,15 @@ static int noecho_console(UI *ui)
 return 0;
 #endif
 #ifdef OPENSSL_SYS_VMS
-tty_new[0] = tty_orig[0];
-tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-tty_new[2] = tty_orig[2];
-status =
-sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12, 0, 0, 0,
- 0);
-if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-return 0;
+if (is_a_tty) {
+tty_new[0] = tty_orig[0];
+tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+tty_new[2] = tty_orig[2];
+status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12,
+  0, 0, 0, 0);
+if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+return 0;
+}
 #endif
 return 1;
 }
@@ -561,14 +566,15 @@ static int echo_console(UI *ui)
 return 0;
 #endif
 #ifdef OPENSSL_SYS_VMS
-tty_new[0] = tty_orig[0];
-tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
-tty_new[2] = tty_orig[2];
-status =
-sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12, 0, 0, 0,
- 0);
-if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-return 0;
+if (is_a_tty) {
+tty_new[0] = tty_orig[0];
+tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+tty_new[2] = tty_orig[2];
+status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12,
+  0, 0, 0, 0);
+if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+return 0;
+}
 #endif
 return 1;
 }
@@ -581,6 +587,8 @@ static int close_console(UI *ui)
 fclose(tty_out);
 #ifdef OPENSSL_SYS_VMS
 status = sys$dassgn(channel);
+if (status != SS$_NORMAL)
+return 0;
 #endif
 CRYPTO_w_unlock(CRYPTO_LOCK_UI);
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  fecd4c265527459e3db5ac37bbf77ab47aa10dc7 (commit)
  from  5ae285ecb52bb569b4abee4d4939da360da73d03 (commit)


- Log -
commit fecd4c265527459e3db5ac37bbf77ab47aa10dc7
Author: Dr. Stephen Henson 
Date:   Thu Dec 8 12:16:02 2016 +

Check input length to pkey_rsa_verify()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0)

Conflicts:
crypto/rsa/rsa_err.c
include/openssl/rsa.h

---

Summary of changes:
 crypto/rsa/rsa_pmeth.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 94db87a..ac583bf 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -373,6 +373,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
 if (rctx->pad_mode == RSA_PKCS1_PADDING)
 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
   sig, siglen, rsa);
+if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+return -1;
+}
 if (rctx->pad_mode == RSA_X931_PADDING) {
 if (pkey_rsa_verifyrecover(ctx, NULL, , sig, siglen) <= 0)
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  5ae285ecb52bb569b4abee4d4939da360da73d03 (commit)
  from  59ba83c9897b1ed311aa16cb1f575ffae4650068 (commit)


- Log -
commit 5ae285ecb52bb569b4abee4d4939da360da73d03
Author: Richard Levitte 
Date:   Thu Dec 8 20:51:21 2016 +0100

Remove extra bang

A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2051)
(cherry picked from commit 949320c567811e714216ea987fe24eea1b56da5e)

---

Summary of changes:
 crypto/ui/ui_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 8fd89ee..3cc067c 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -522,7 +522,7 @@ int UI_process(UI *ui)
 }
  err:
 if (ui->meth->ui_close_session != NULL
-&& !ui->meth->ui_close_session(ui) <= 0)
+&& ui->meth->ui_close_session(ui) <= 0)
 return -1;
 return ok;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  59ba83c9897b1ed311aa16cb1f575ffae4650068 (commit)
  from  748a2d94c07c3f3c360357db6d3299a4828bc068 (commit)


- Log -
commit 59ba83c9897b1ed311aa16cb1f575ffae4650068
Author: Richard Levitte 
Date:   Thu Dec 8 18:01:04 2016 +0100

UI code style cleanup

Mostly condition check changes.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2047)
(cherry picked from commit 120fb9e43656e1801c75a4fbb7c178ebec9bac18)

---

Summary of changes:
 crypto/ui/ui_lib.c | 138 ++---
 crypto/ui/ui_openssl.c |   2 +-
 2 files changed, 73 insertions(+), 67 deletions(-)

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index d25b4f3..8fd89ee 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -164,7 +164,7 @@ static int general_allocate_string(UI *ui, const char 
*prompt,
 UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
type, input_flags, result_buf);
 
-if (s) {
+if (s != NULL) {
 if (allocate_string_stack(ui) >= 0) {
 s->_.string_data.result_minsize = minsize;
 s->_.string_data.result_maxsize = maxsize;
@@ -197,8 +197,8 @@ static int general_allocate_boolean(UI *ui,
 } else if (cancel_chars == NULL) {
 UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
 } else {
-for (p = ok_chars; *p; p++) {
-if (strchr(cancel_chars, *p)) {
+for (p = ok_chars; *p != '\0'; p++) {
+if (strchr(cancel_chars, *p) != NULL) {
 UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
   UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
 }
@@ -207,7 +207,7 @@ static int general_allocate_boolean(UI *ui,
 s = general_allocate_prompt(ui, prompt, prompt_freeable,
 type, input_flags, result_buf);
 
-if (s) {
+if (s != NULL) {
 if (allocate_string_stack(ui) >= 0) {
 s->_.boolean_data.action_desc = action_desc;
 s->_.boolean_data.ok_chars = ok_chars;
@@ -243,7 +243,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int 
flags,
 {
 char *prompt_copy = NULL;
 
-if (prompt) {
+if (prompt != NULL) {
 prompt_copy = BUF_strdup(prompt);
 if (prompt_copy == NULL) {
 UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
@@ -271,7 +271,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int 
flags,
 {
 char *prompt_copy = NULL;
 
-if (prompt) {
+if (prompt != NULL) {
 prompt_copy = BUF_strdup(prompt);
 if (prompt_copy == NULL) {
 UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
@@ -302,7 +302,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const 
char *action_desc,
 char *ok_chars_copy = NULL;
 char *cancel_chars_copy = NULL;
 
-if (prompt) {
+if (prompt != NULL) {
 prompt_copy = BUF_strdup(prompt);
 if (prompt_copy == NULL) {
 UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -310,7 +310,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const 
char *action_desc,
 }
 }
 
-if (action_desc) {
+if (action_desc != NULL) {
 action_desc_copy = BUF_strdup(action_desc);
 if (action_desc_copy == NULL) {
 UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -318,7 +318,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const 
char *action_desc,
 }
 }
 
-if (ok_chars) {
+if (ok_chars != NULL) {
 ok_chars_copy = BUF_strdup(ok_chars);
 if (ok_chars_copy == NULL) {
 UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -326,7 +326,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const 
char *action_desc,
 }
 }
 
-if (cancel_chars) {
+if (cancel_chars != NULL) {
 cancel_chars_copy = BUF_strdup(cancel_chars);
 if (cancel_chars_copy == NULL) {
 UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -359,7 +359,7 @@ int UI_dup_info_string(UI *ui, const char *text)
 {
 char *text_copy = NULL;
 
-if (text) {
+if (text != NULL) {
 text_copy = BUF_strdup(text);
 if (text_copy == NULL) {
 UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
@@ -381,7 +381,7 @@ int UI_dup_error_string(UI *ui, const char *text)
 {
 char *text_copy = NULL;
 
-if (text) {
+if (text != NULL) {
 text_copy = BUF_strdup(text);
 if (text_copy == NULL) {
 UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
@@ -397,7 +397,7 @@ char *UI_construct_prompt(UI 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  748a2d94c07c3f3c360357db6d3299a4828bc068 (commit)
  from  be3a7ddef6c61ef59228acd2dd5e511e3334445c (commit)


- Log -
commit 748a2d94c07c3f3c360357db6d3299a4828bc068
Author: Matt Caswell 
Date:   Mon Nov 28 09:41:42 2016 +

Revert "Fix heartbeat_test"

Commit fa4c37457 got reverted, so this one also needs to be reverted as
a result.

This reverts commit ad69a30323cbc6723c2387d6ce546a51b10c42d0.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/heartbeat_test.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c
index 493bf0c..7623c36 100644
--- a/ssl/heartbeat_test.c
+++ b/ssl/heartbeat_test.c
@@ -278,7 +278,7 @@ static int test_dtls1_not_bleeding()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = -1;
+fixture.expected_return_value = 0;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload =
 "Not bleeding, sixteen spaces of padding";
@@ -301,7 +301,7 @@ static int test_dtls1_not_bleeding_empty_payload()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = -1;
+fixture.expected_return_value = 0;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload = "";
 EXECUTE_HEARTBEAT_TEST();
@@ -370,7 +370,7 @@ static int test_tls1_not_bleeding()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = -1;
+fixture.expected_return_value = 0;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload =
 "Not bleeding, sixteen spaces of padding";
@@ -393,7 +393,7 @@ static int test_tls1_not_bleeding_empty_payload()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = -1;
+fixture.expected_return_value = 0;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload = "";
 EXECUTE_HEARTBEAT_TEST();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  be3a7ddef6c61ef59228acd2dd5e511e3334445c (commit)
  from  c477f8e7165d30c5c8ca98f7409714f56dc2048c (commit)


- Log -
commit be3a7ddef6c61ef59228acd2dd5e511e3334445c
Author: Vitezslav Cizek 
Date:   Thu Nov 24 13:21:41 2016 +0100

apps/speed.c: Fix crash when config loading fails

Move rsa_key initialization in front of load_config().
If loading the config fails, rsa_key isn't initialized and may
cause invalid free() in the end: cleanup.
Remove superfluous memset.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/speed.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index f16b3c9..6cd1021 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -670,6 +670,10 @@ int MAIN(int argc, char **argv)
 ecdh_b[i] = NULL;
 }
 # endif
+# ifndef OPENSSL_NO_RSA
+for (i = 0; i < RSA_NUM; i++)
+rsa_key[i] = NULL;
+# endif
 
 if (bio_err == NULL)
 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
@@ -678,12 +682,6 @@ int MAIN(int argc, char **argv)
 if (!load_config(bio_err, NULL))
 goto end;
 
-# ifndef OPENSSL_NO_RSA
-memset(rsa_key, 0, sizeof(rsa_key));
-for (i = 0; i < RSA_NUM; i++)
-rsa_key[i] = NULL;
-# endif
-
 if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
 BIO_printf(bio_err, "out of memory\n");
 goto end;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  c477f8e7165d30c5c8ca98f7409714f56dc2048c (commit)
  from  f47201b3279b3fd16f90ba512e5b203e4944b30c (commit)


- Log -
commit c477f8e7165d30c5c8ca98f7409714f56dc2048c
Author: Andy Polyakov 
Date:   Fri Nov 25 17:50:37 2016 +0100

INSTALL: clarify 386 and no-sse2 options.

This is 1.0.2-specific reformat of 5ae5dc96610f0a598dac9d2f267b5c0ddd77b2e4.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configure |  5 +++--
 INSTALL   | 45 ++---
 2 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/Configure b/Configure
index c26c9d7..5da7cad 100755
--- a/Configure
+++ b/Configure
@@ -58,12 +58,13 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [experimenta
 # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
 #  library and will be loaded in run-time by the OpenSSL library.
 # sctp  include SCTP support
-# 386   generate 80386 code
 # enable-weak-ssl-ciphers
 #  Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #  default.  Note, weak SSLv2 ciphers are unconditionally
 #  disabled.
-# no-sse2  disables IA-32 SSE2 code, above option implies no-sse2
+# 386  generate 80386 code in assembly modules
+# no-sse2  disables IA-32 SSE2 code in assembly modules, the above
+#  mentioned '386' option implies this one
 # no-   build without specified algorithm (rsa, idea, rc5, ...)
 # - + compiler options are passed through 
 #
diff --git a/INSTALL b/INSTALL
index 475ac92..aa7e35f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -74,24 +74,26 @@
 
   no-asmDo not use assembler code.
 
-  386   Use the 80386 instruction set only (the default x86 code is
-more efficient, but requires at least a 486). Note: Use
-compiler flags for any other CPU specific configuration,
-e.g. "-m32" to build x86 code on an x64 system.
-
-  no-sse2  Exclude SSE2 code pathes. Normally SSE2 extention is
-   detected at run-time, but the decision whether or not the
-   machine code will be executed is taken solely on CPU
-   capability vector. This means that if you happen to run OS
-   kernel which does not support SSE2 extension on Intel P4
-   processor, then your application might be exposed to
-   "illegal instruction" exception. There might be a way
-   to enable support in kernel, e.g. FreeBSD kernel can be
-   compiled with CPU_ENABLE_SSE, and there is a way to
-   disengage SSE2 code pathes upon application start-up,
-   but if you aim for wider "audience" running such kernel,
-   consider no-sse2. Both 386 and no-asm options above imply
-   no-sse2.
+  386   In 32-bit x86 builds, when generating assembly modules,
+use the 80386 instruction set only (the default x86 code
+is more efficient, but requires at least a 486). Note:
+This doesn't affect code generated by compiler, you're
+likely to complement configuration command line with
+suitable compiler-specific option.
+
+  no-sse2   Exclude SSE2 code paths from 32-bit x86 assembly modules.
+Normally SSE2 extension is detected at run-time, but the
+decision whether or not the machine code will be executed
+is taken solely on CPU capability vector. This means that
+if you happen to run OS kernel which does not support SSE2
+extension on Intel P4 processor, then your application
+might be exposed to "illegal instruction" exception.
+There might be a way to enable support in kernel, e.g.
+FreeBSD kernel can  be compiled with CPU_ENABLE_SSE, and
+there is a way to disengage SSE2 code paths upon application
+start-up, but if you aim for wider "audience" running
+such kernel, consider no-sse2. Both the 386 and
+no-asm options imply no-sse2.
 
   no-   Build without the specified cipher (bf, cast, des, dh, dsa,
 hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
@@ -101,7 +103,12 @@
   -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
 be passed through to the compiler to allow you to
 define preprocessor symbols, specify additional libraries,
-library directories or other compiler options.
+library directories or other compiler options. It might be
+worth noting that some 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  f47201b3279b3fd16f90ba512e5b203e4944b30c (commit)
  from  c4c71650bb670ab09ea7cc2e68cd4be7a414c855 (commit)


- Log -
commit f47201b3279b3fd16f90ba512e5b203e4944b30c
Author: Andy Polyakov 
Date:   Sun Nov 20 23:38:12 2016 +0100

modes/ctr128.c: fix false carry in counter increment procedure.

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell 
(cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)

---

Summary of changes:
 crypto/modes/ctr128.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index bcafd6b..d4b2272 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
 --n;
 d = data[n] += c;
 /* did addition carry? */
-c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
 } while (n);
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  c4c71650bb670ab09ea7cc2e68cd4be7a414c855 (commit)
  from  31b430700af6c2974ead8bdbe02c6f11de81debd (commit)


- Log -
commit c4c71650bb670ab09ea7cc2e68cd4be7a414c855
Author: Richard Levitte 
Date:   Tue Nov 22 11:22:16 2016 +0100

Clarify what X509_NAME_online does with the given buffer and size

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1980)
(cherry picked from commit 19cb71ef6e414759d737918bab10be2cc1d8bd99)

(cherry picked from commit 793d9b79033c2fffc8e781dab2fd678661b348cd)

---

Summary of changes:
 doc/crypto/X509_NAME_print_ex.pod | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/crypto/X509_NAME_print_ex.pod 
b/doc/crypto/X509_NAME_print_ex.pod
index 2579a5d..d73520f 100644
--- a/doc/crypto/X509_NAME_print_ex.pod
+++ b/doc/crypto/X509_NAME_print_ex.pod
@@ -23,9 +23,11 @@ can be extensively customised by use of the B 
parameter.
 X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output 
is
 written to FILE pointer B.
 
-X509_NAME_oneline() prints an ASCII version of B to B. At most B
-bytes will be written. If B is B then a buffer is dynamically 
allocated
-and returned, otherwise B is returned.
+X509_NAME_oneline() prints an ASCII version of B to B.
+If B is B then a buffer is dynamically allocated and returned, and
+B is ignored.
+Otherwise, at most B bytes will be written, including the ending '\0',
+and B is returned.
 
 X509_NAME_print() prints out B to B indenting each line by B 
 characters. Multiple lines are used if the output (including indent) exceeds
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Kurt Roeckx]

The branch OpenSSL_1_0_2-stable has been updated
   via  31b430700af6c2974ead8bdbe02c6f11de81debd (commit)
  from  09b894b5124f8a1f389edd9722c691275783ef5d (commit)


- Log -
commit 31b430700af6c2974ead8bdbe02c6f11de81debd
Author: Kurt Roeckx 
Date:   Tue Nov 15 18:58:52 2016 +0100

Make SSL_read and SSL_write return the old behaviour and document it.

Backport of beacb0f0c1ae7b0542fe053b95307f515b578eb7, revert of
fa4c374572e94f467900f5820cd1d00af2470a17

Fixes: #1903

Reviewed-by: Matt Caswell 

GH: #1967

---

Summary of changes:
 doc/ssl/SSL_get_error.pod | 22 ++
 doc/ssl/SSL_read.pod  | 32 ++--
 doc/ssl/SSL_write.pod | 19 ---
 ssl/s23_pkt.c | 16 +---
 ssl/s2_pkt.c  | 14 --
 ssl/s3_pkt.c  | 14 --
 6 files changed, 45 insertions(+), 72 deletions(-)

diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
index 48c6b15..2a93894 100644
--- a/doc/ssl/SSL_get_error.pod
+++ b/doc/ssl/SSL_get_error.pod
@@ -38,12 +38,13 @@ if and only if B 0>.
 
 =item SSL_ERROR_ZERO_RETURN
 
-The TLS/SSL connection has been closed.  If the protocol version is SSL 3.0
-or TLS 1.0, this result code is returned only if a closure
-alert has occurred in the protocol, i.e. if the connection has been
-closed cleanly. Note that in this case B
-does not necessarily indicate that the underlying transport
-has been closed.
+The TLS/SSL connection has been closed.
+If the protocol version is SSL 3.0 or higher, this result code is returned only
+if a closure alert has occurred in the protocol, i.e. if the connection has 
been
+closed cleanly.
+Note that in this case B does not necessarily
+indicate that the underlying transport has been closed.
+
 
 =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
 
@@ -89,12 +90,9 @@ Details depend on the application.
 
 =item SSL_ERROR_SYSCALL
 
-Some I/O error occurred.  The OpenSSL error queue may contain more
-information on the error.  If the error queue is empty
-(i.e. ERR_get_error() returns 0), B can be used to find out more
-about the error: If B, an EOF was observed that violates
-the protocol.  If B, the underlying B reported an
-I/O error (for socket I/O on Unix systems, consult B for details).
+Some non-recoverable I/O error occurred.
+The OpenSSL error queue may contain more information on the error.
+For socket I/O on Unix systems, consult B for details.
 
 =item SSL_ERROR_SSL
 
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
index 8ca0ce5..ef983c9 100644
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -81,33 +81,29 @@ The following return values can occur:
 
 =over 4
 
-=item E0
+=item E 0
 
-The read operation was successful; the return value is the number of
-bytes actually read from the TLS/SSL connection.
+The read operation was successful.
+The return value is the number of bytes actually read from the TLS/SSL
+connection.
 
-=item Z<>0
+=item Z<><= 0
 
-The read operation was not successful. The reason may either be a clean
-shutdown due to a "close notify" alert sent by the peer (in which case
-the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
-(see L,
-L). It is also possible, that
-the peer simply shut down the underlying transport and the shutdown is
-incomplete. Call SSL_get_error() with the return value B to find out,
-whether an error occurred or the connection was shut down cleanly
-(SSL_ERROR_ZERO_RETURN).
+
+=item E0
+
+The read operation was not successful, because either the connection was 
closed,
+an error occurred or action must be taken by the calling process.
+Call L with the return value B to find out the reason.
 
 SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
 only be detected, whether the underlying connection was closed. It cannot
 be checked, whether the closure was initiated by the peer or by something
 else.
 
-=item E0
-
-The read operation was not successful, because either an error occurred
-or action must be taken by the calling process. Call SSL_get_error() with the
-return value B to find out the reason.
+Old documentation indicated a difference between 0 and -1, and that -1 was
+retryable.
+You should instead call SSL_get_error() to find out if it's retryable.
 
 =back
 
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
index a57617f..4c1a7ee 100644
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -74,27 +74,24 @@ The following return values can occur:
 
 =over 4
 
-=item E0
+=item E 0
 
 The write operation was successful, the return value is the number of
 bytes actually written to the TLS/SSL connection.
 
-=item Z<>0

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  09b894b5124f8a1f389edd9722c691275783ef5d (commit)
  from  f4ef1c53486d378ab2e2ef3427c0eb1c2fea358f (commit)


- Log -
commit 09b894b5124f8a1f389edd9722c691275783ef5d
Author: Beat Bolli 
Date:   Fri Nov 18 09:53:48 2016 +0100

Use consistent variable names

In the X509_NAME_get_index_by_NID.pod example, the initialized variable is 
called
"loc", but the one used in the for loop is called "lastpos". Make the names 
match.

CLA: trivial
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1949)

(cherry picked from commit 4b9c2669f31da26bfe56f629973fa014083dc2a0)

---

Summary of changes:
 doc/crypto/X509_NAME_get_index_by_NID.pod | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod 
b/doc/crypto/X509_NAME_get_index_by_NID.pod
index 109f561..cdec4b1 100644
--- a/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -83,10 +83,9 @@ Process all entries:
 
 Process all commonName entries:
 
- int loc;
+ int lastpos = -1;
  X509_NAME_ENTRY *e;
 
- loc = -1;
  for (;;)
{
lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  f4ef1c53486d378ab2e2ef3427c0eb1c2fea358f (commit)
   via  7a9d7128d87d1572a0b7f99ff7b19d704395c8db (commit)
   via  62f16de2d17af4ac1f3df4622b7bec850b60820a (commit)
   via  22cc44d6b63e070cbff9770497f4fe6b3fa8d2a5 (commit)
   via  ecc955157af5f0fa19bcd74caaf52ec3fa18f755 (commit)
  from  8ac70bef694e733cec0f19a9438af98991cb5fa3 (commit)


- Log -
commit f4ef1c53486d378ab2e2ef3427c0eb1c2fea358f
Author: Orgad Shaneh 
Date:   Mon Sep 19 15:12:08 2016 +0300

domd: Preserve Makefile time when it is unchanged

also on systems with makedepend that does not report its version, or that
its version does not contain "gcc" or "clang".

Some versions of makedepends just overwrite Makefile. Preserve the
timestamp of the previous Makefile, and copy it back if it is unchanged.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1370)

commit 7a9d7128d87d1572a0b7f99ff7b19d704395c8db
Author: Orgad Shaneh 
Date:   Sun Jul 31 09:18:22 2016 +0300

mklink: Do not needlessly overwrite linked files...

... on systems with symlinks.

Creating or overwriting a symlink sets the file ctime to the current time.
This causes needless rebuilds because the time of all the headers is
changed, and apparently make considers the link's time rather than the
time of the target.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1370)

commit 62f16de2d17af4ac1f3df4622b7bec850b60820a
Author: Orgad Shaneh 
Date:   Sun Jul 31 15:34:57 2016 +0300

domd: Do not needlessly overwrite Makefiles

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1370)

commit 22cc44d6b63e070cbff9770497f4fe6b3fa8d2a5
Author: Orgad Shaneh 
Date:   Sun Jul 31 09:18:22 2016 +0300

mklink: Do not needlessly overwrite linked files...

... on systems without symlinks.

Overwriting all the headers on each Configure causes full rebuild even if
nothing has changed.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1370)

commit ecc955157af5f0fa19bcd74caaf52ec3fa18f755
Author: Orgad Shaneh 
Date:   Sun Jul 31 09:13:13 2016 +0300

Configure: Improve incremental build time

When Makefile/opensslconf.h is unchanged, don't write it at all.

Currently every time Configure is executed, these files are overwritten.
Makefile leads to regeneration of buildinf.h, and opensslconf.h is itself
a central header.

As a result, Configure triggers full rebuild, even if nothing is changed.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1370)

---

Summary of changes:
 Configure  | 29 -
 util/domd  | 11 +--
 util/mklink.pl |  8 +---
 3 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/Configure b/Configure
index c39f71a..c26c9d7 100755
--- a/Configure
+++ b/Configure
@@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
 
 require 5.000;
 use strict;
+use File::Compare;
 
 # see INSTALL for instructions.
 
@@ -1792,8 +1793,16 @@ while ()
}
 close(IN);
 close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e 
$Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+if ((compare($Makefile, "$Makefile.new"))
+   or file_newer('Configure', $Makefile)
+   or file_newer('config', $Makefile)
+   or file_newer('Makefile.org', $Makefile))
+   {
+   rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" 
if -e $Makefile;
+   rename("$Makefile.new",$Makefile) || die "unable to rename 
$Makefile.new\n";
+   }
+else
+   { unlink("$Makefile.new"); }
 
 print "CC=$cc\n";
 print "CFLAG =$cflags\n";
@@ -1985,9 +1994,13 @@ print OUT "#ifdef  __cplusplus\n";
 print OUT "}\n";
 print OUT "#endif\n";
 close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to 
rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to 
rename crypto/opensslconf.h.new\n";
-
+if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
+   {
+   

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  8ac70bef694e733cec0f19a9438af98991cb5fa3 (commit)
  from  3201a1d68121cb074c4b7e7712be77acb17df632 (commit)


- Log -
commit 8ac70bef694e733cec0f19a9438af98991cb5fa3
Author: Rich Salz 
Date:   Tue Nov 15 18:54:28 2016 -0500

Check return value of some BN functions.

Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1626)
(cherry picked from commit 78e09b53a40729f5e99829ccc733b592bd22fea1)

---

Summary of changes:
 crypto/bn/bn_exp.c   |  5 +++--
 crypto/bn/bn_mul.c   |  5 +++--
 crypto/bn/bn_prime.c |  3 ++-
 crypto/bn/bn_sqr.c   |  5 +++--
 crypto/ec/ec2_mult.c | 20 +++-
 crypto/rsa/rsa_gen.c |  3 ++-
 6 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 1670f01..195a786 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -180,8 +180,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 
BN_CTX *ctx)
 goto err;
 }
 }
-if (r != rr)
-BN_copy(r, rr);
+if (r != rr && BN_copy(r, rr) == NULL)
+goto err;
+
 ret = 1;
  err:
 BN_CTX_end(ctx);
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index b174850..3c618dc 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -1083,8 +1083,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 
BN_CTX *ctx)
  end:
 #endif
 bn_correct_top(rr);
-if (r != rr)
-BN_copy(r, rr);
+if (r != rr && BN_copy(r, rr) == NULL)
+goto err;
+
 ret = 1;
  err:
 bn_check_top(r);
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 1d25687..8177fd2 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -283,7 +283,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, 
BN_CTX *ctx_passed,
 BIGNUM *t;
 if ((t = BN_CTX_get(ctx)) == NULL)
 goto err;
-BN_copy(t, a);
+if (BN_copy(t, a) == NULL)
+goto err;
 t->neg = 0;
 A = t;
 } else
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index 3ca6987..256d26e 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -143,8 +143,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 rr->top = max - 1;
 else
 rr->top = max;
-if (rr != r)
-BN_copy(r, rr);
+if (r != rr && BN_copy(r, rr) == NULL)
+goto err;
+
 ret = 1;
  err:
 bn_check_top(rr);
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index 68cc877..1f9cc00 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP 
*group,
  BN_CTX *ctx)
 {
 BIGNUM *x1, *x2, *z1, *z2;
-int ret = 0, i;
+int ret = 0, i, group_top;
 BN_ULONG mask, word;
 
 if (r == point) {
@@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_multiply(const 
EC_GROUP *group,
 x2 = >X;
 z2 = >Y;
 
-bn_wexpand(x1, group->field.top);
-bn_wexpand(z1, group->field.top);
-bn_wexpand(x2, group->field.top);
-bn_wexpand(z2, group->field.top);
+group_top = group->field.top;
+if (bn_wexpand(x1, group_top) == NULL
+|| bn_wexpand(z1, group_top) == NULL
+|| bn_wexpand(x2, group_top) == NULL
+|| bn_wexpand(z2, group_top) == NULL)
+goto err;
 
 if (!BN_GF2m_mod_arr(x1, >X, group->poly))
 goto err;   /* x1 = x */
@@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_multiply(const 
EC_GROUP *group,
 for (; i >= 0; i--) {
 word = scalar->d[i];
 while (mask) {
-BN_consttime_swap(word & mask, x1, x2, group->field.top);
-BN_consttime_swap(word & mask, z1, z2, group->field.top);
+BN_consttime_swap(word & mask, x1, x2, group_top);
+BN_consttime_swap(word & mask, z1, z2, group_top);
 if (!gf2m_Madd(group, >X, x2, z2, x1, z1, ctx))
 goto err;
 if (!gf2m_Mdouble(group, x1, z1, ctx))
 goto err;
-BN_consttime_swap(word & mask, x1, x2, group->field.top);
-BN_consttime_swap(word & mask, z1, z2, group->field.top);
+BN_consttime_swap(word & mask, x1, x2, group_top);
+BN_consttime_swap(word & mask, z1, z2, group_top);
 mask >>= 1;
 }
 mask = BN_TBIT;
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  3201a1d68121cb074c4b7e7712be77acb17df632 (commit)
  from  19e1de548eff0b08ba2878b3258aaceead32977b (commit)


- Log -
commit 3201a1d68121cb074c4b7e7712be77acb17df632
Author: Matthias Kraft 
Date:   Fri Sep 30 10:50:17 2016 +0200

Solution proposal for issue #1647.

Avoid a memory alignment issue.

Signed-off-by: Matthias Kraft 
CLA: trivial
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1650)

---

Summary of changes:
 ssl/bad_dtls_test.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c
index d42817f..70d8578 100644
--- a/ssl/bad_dtls_test.c
+++ b/ssl/bad_dtls_test.c
@@ -756,6 +756,7 @@ int main(int argc, char *argv[])
 BIO *rbio;
 BIO *wbio;
 BIO *err;
+time_t now = 0;
 int testresult = 0;
 int ret;
 int i;
@@ -773,7 +774,9 @@ int main(int argc, char *argv[])
 RAND_bytes(master_secret, sizeof(master_secret));
 RAND_bytes(cookie, sizeof(cookie));
 RAND_bytes(server_random + 4, sizeof(server_random) - 4);
-time((void *)server_random);
+
+now = time(NULL);
+memcpy(server_random, , sizeof(now));
 
 sess = client_session();
 if (sess == NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  19e1de548eff0b08ba2878b3258aaceead32977b (commit)
  from  57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (commit)


- Log -
commit 19e1de548eff0b08ba2878b3258aaceead32977b
Author: Matt Caswell 
Date:   Thu Nov 10 11:49:06 2016 +

Update CHANGES and NEWS

Reviewed-by: Richard Levitte 

---

Summary of changes:
 CHANGES | 23 +++
 NEWS|  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 1fbe3b3..15c9277 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,29 @@
 
  Changes between 1.0.2j and 1.0.2k [xx XXX ]
 
+  *) Montgomery multiplication may produce incorrect results
+
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+ and DH private keys are impossible. This is because the subroutine in
+ question is not used in operations with the private key itself and an 
input
+ of the attacker's direct choice. Otherwise the bug can manifest itself as
+ transient authentication and key negotiation failures or reproducible
+ erroneous outcome of public-key operations with specially crafted input.
+ Among EC algorithms only Brainpool P-512 curves are affected and one
+ presumably can attack ECDH key negotiation. Impact was not analyzed in
+ detail, because pre-requisites for attack are considered unlikely. Namely
+ multiple clients have to choose the curve in question and the server has 
to
+ share the private key among them, neither of which is default behaviour.
+ Even then only clients that chose the curve will be affected.
+
+ This issue was publicly reported as transient failures and was not
+ initially recognized as a security issue. Thanks to Richard Morgan for
+ providing reproducible case.
+ (CVE-2016-7055)
+ [Andy Polyakov]
+
   *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
  or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
  prevent issues where no progress is being made and the peer continually
diff --git a/NEWS b/NEWS
index d750fb5..efd2dbf 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
 
   Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
 
-  o
+  o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
 
   Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (commit)
  from  c210840d06bf9e72ad6e26a444b4a2dabfc505b4 (commit)


- Log -
commit 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a
Author: Andy Polyakov 
Date:   Sun Nov 6 18:33:17 2016 +0100

bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).

Reviewed-by: Rich Salz 
(cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a)

---

Summary of changes:
 crypto/bn/asm/x86_64-mont.pl | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index 044fd7e..80492d8 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1148,18 +1148,17 @@ $code.=<<___;
mulx2*8($aptr),%r15,%r13# ...
adox-3*8($tptr),%r11
adcx%r15,%r12
-   adox$zero,%r12
+   adox-2*8($tptr),%r12
adcx$zero,%r13
+   adox$zero,%r13
 
mov $bptr,8(%rsp)   # off-load [i]
-   .byte   0x67
mov $mi,%r15
imulq   24(%rsp),$mi# "t[0]"*n0
xor %ebp,%ebp   # xor   $zero,$zero # cf=0, of=0
 
mulx3*8($aptr),%rax,%r14
 mov$mi,%rdx
-   adox-2*8($tptr),%r12
adcx%rax,%r13
adox-1*8($tptr),%r13
adcx$zero,%r14
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  c210840d06bf9e72ad6e26a444b4a2dabfc505b4 (commit)
  from  95873c51ed8b826aa3978044cb13948d5d3250de (commit)


- Log -
commit c210840d06bf9e72ad6e26a444b4a2dabfc505b4
Author: Andy Polyakov 
Date:   Sun Nov 6 21:46:11 2016 +0100

Makefile.org: clear APPS environment variable.

Build failure was reported in GH#1818 if APPS environment was defined.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/1864)

---

Summary of changes:
 Makefile.org | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile.org b/Makefile.org
index 2377f50..61a329b 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -201,7 +201,8 @@ CLEARENV=   TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} 
\
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}   \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
-   $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+   $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}   \
+   $${APPS+APPS}
 
 # LC_ALL=C ensures that error [and other] messages are delivered in
 # same language for uniform treatment.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  95873c51ed8b826aa3978044cb13948d5d3250de (commit)
  from  563a34e18eb34f86fb26944724d4aa21ebaea850 (commit)


- Log -
commit 95873c51ed8b826aa3978044cb13948d5d3250de
Author: Rich Salz 
Date:   Fri Nov 4 10:27:47 2016 -0400

Missed a mention of RT

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1849)
(cherry picked from commit 1e62cc12f35408508594be254f40bf9b65d2a3a9)

---

Summary of changes:
 INSTALL | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/INSTALL b/INSTALL
index 679b30d..475ac92 100644
--- a/INSTALL
+++ b/INSTALL
@@ -159,18 +159,18 @@
  OpenSSL binary ("openssl"). The libraries will be built in the top-level
  directory, and the binary will be in the "apps" directory.
 
- If "make" fails, look at the output.  There may be reasons for
- the failure that aren't problems in OpenSSL itself (like missing
- standard headers).  If it is a problem with OpenSSL itself, please
- report the problem to  (note that your
- message will be recorded in the request tracker publicly readable
- at https://www.openssl.org/community/index.html#bugs and will be
- forwarded to a public mailing list). Include the output of "make
- report" in your message.  Please check out the request tracker. Maybe
- the bug was already reported or has already been fixed.
-
- [If you encounter assembler error messages, try the "no-asm"
- configuration option as an immediate fix.]
+ If the build fails, look at the output.  There may be reasons
+ for the failure that aren't problems in OpenSSL itself (like
+ missing standard headers).  If you are having problems you can
+ get help by sending an email to the openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for details). If
+ it is a bug with OpenSSL itself, please open an issue on GitHub, at
+ https://github.com/openssl/openssl/issues. Please review the existing
+ ones first; maybe the bug was already reported or has already been
+ fixed.
+
+ (If you encounter assembler error messages, try the "no-asm"
+ configuration option as an immediate fix.)
 
  Compiling parts of OpenSSL with gcc and others with the system
  compiler will result in unresolved symbols on some systems.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  563a34e18eb34f86fb26944724d4aa21ebaea850 (commit)
   via  f1185392189641014dca94f3fe7834bccb5f4c16 (commit)
  from  ad69a30323cbc6723c2387d6ce546a51b10c42d0 (commit)


- Log -
commit 563a34e18eb34f86fb26944724d4aa21ebaea850
Author: Matt Caswell 
Date:   Wed Nov 2 22:27:22 2016 +

Add a CHANGES entry for the unrecognised record type change

Reviewed-by: Tim Hudson 

commit f1185392189641014dca94f3fe7834bccb5f4c16
Author: Matt Caswell 
Date:   Wed Nov 2 22:26:17 2016 +

Fail if an unrecognised record type is received

TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but
TLS 1.2 says you MUST send an unexpected message alert. We swap to the
TLS 1.2 behaviour for all protocol versions to prevent issues where no
progress is being made and the peer continually sends unrecognised record
types, using up resources processing them.

Issue reported by 郭志攀

Reviewed-by: Tim Hudson 

---

Summary of changes:
 CHANGES  |  6 +-
 ssl/s3_pkt.c | 13 +
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 009b7ef..1fbe3b3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.0.2j and 1.0.2k [xx XXX ]
 
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+ or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+ prevent issues where no progress is being made and the peer continually
+ sends unrecognised record types, using up resources processing them.
+ [Matt Caswell]
 
  Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
 
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 7e3a7b4..cb74d46 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1605,16 +1605,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 
 switch (rr->type) {
 default:
-#ifndef OPENSSL_NO_TLS
 /*
- * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
- * an unexpected message alert.
+ * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+ * TLS 1.2 says you MUST send an unexpected message alert. We use the
+ * TLS 1.2 behaviour for all protocol versions to prevent issues where
+ * no progress is being made and the peer continually sends 
unrecognised
+ * record types, using up resources processing them.
  */
-if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
-rr->length = 0;
-goto start;
-}
-#endif
 al = SSL_AD_UNEXPECTED_MESSAGE;
 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
 goto f_err;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  ad69a30323cbc6723c2387d6ce546a51b10c42d0 (commit)
  from  ba2bf831c0f0b3468acbd433957f4c46c20cf43d (commit)


- Log -
commit ad69a30323cbc6723c2387d6ce546a51b10c42d0
Author: Matt Caswell 
Date:   Wed Nov 2 15:36:06 2016 +

Fix heartbeat_test

The heartbeat_test reaches into the internals of libssl and calls some
internal functions. It then checks the return value to check its what it
expected. However commit fa4c37457 changed the return value of these
internal functions, and now the test is failing.

The solution is to update the test to look for the new return value.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/heartbeat_test.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c
index 7623c36..493bf0c 100644
--- a/ssl/heartbeat_test.c
+++ b/ssl/heartbeat_test.c
@@ -278,7 +278,7 @@ static int test_dtls1_not_bleeding()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = 0;
+fixture.expected_return_value = -1;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload =
 "Not bleeding, sixteen spaces of padding";
@@ -301,7 +301,7 @@ static int test_dtls1_not_bleeding_empty_payload()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = 0;
+fixture.expected_return_value = -1;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload = "";
 EXECUTE_HEARTBEAT_TEST();
@@ -370,7 +370,7 @@ static int test_tls1_not_bleeding()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = 0;
+fixture.expected_return_value = -1;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload =
 "Not bleeding, sixteen spaces of padding";
@@ -393,7 +393,7 @@ static int test_tls1_not_bleeding_empty_payload()
 
 fixture.payload = _buf[0];
 fixture.sent_payload_len = payload_buf_len;
-fixture.expected_return_value = 0;
+fixture.expected_return_value = -1;
 fixture.expected_payload_len = payload_buf_len;
 fixture.expected_return_payload = "";
 EXECUTE_HEARTBEAT_TEST();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  ba2bf831c0f0b3468acbd433957f4c46c20cf43d (commit)
  from  e0223754740307fe1dae291120c9071aa52897f2 (commit)


- Log -
commit ba2bf831c0f0b3468acbd433957f4c46c20cf43d
Author: Richard Levitte 
Date:   Wed Nov 2 00:09:03 2016 +0100

Secure our notification email.

Forks will have to define their own

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1821)
(cherry picked from commit 5e28b1c1e048eef600dc49820934a5e1531186d4)

---

Summary of changes:
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index c46716b..995e517 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -57,4 +57,4 @@ script:
 
 notifications:
 email:
-- openssl-commits@openssl.org
+secure: 
"xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  e0223754740307fe1dae291120c9071aa52897f2 (commit)
  from  787b2dcc2fec8fa5b5c91c64dd06da850e9ea347 (commit)


- Log -
commit e0223754740307fe1dae291120c9071aa52897f2
Author: Benjamin Kaduk 
Date:   Mon Sep 26 15:30:42 2016 -0500

Fix grammar-o in CONTRIBUTING

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1625)
(cherry picked from commit e4d94269a5a41594852dc60716500580f1d47cef)

---

Summary of changes:
 CONTRIBUTING | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 7cc3850..f734d77 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,4 +1,4 @@
-HOW TO CONTRIBUTE TO PATCHES OpenSSL
+HOW TO CONTRIBUTE PATCHES TO OpenSSL
 
 
 (Please visit https://www.openssl.org/community/getting-started.html for
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  787b2dcc2fec8fa5b5c91c64dd06da850e9ea347 (commit)
  from  0b9c5da0fd9c53a9a6193f9d48da86c83a4935d6 (commit)


- Log -
commit 787b2dcc2fec8fa5b5c91c64dd06da850e9ea347
Author: Richard Levitte 
Date:   Fri Oct 28 23:57:58 2016 +0200

Add $(EX_LIBS) to the LIBDEPS for libgost.so, just as for all other engines

Without this, any linker flag the user gave when configuring are ignored.

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/1803)

---

Summary of changes:
 engines/ccgost/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
index 17e1efb..f378530 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -32,7 +32,7 @@ lib: $(LIBOBJ)
$(MAKE) -f $(TOP)/Makefile.shared -e \
LIBNAME=$(LIBNAME) \
LIBEXTRAS='$(LIBOBJ)' \
-   LIBDEPS='-L$(TOP) -lcrypto' \
+   LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \
link_o.$(SHLIB_TARGET); \
else \
$(AR) $(LIB) $(LIBOBJ); \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  0b9c5da0fd9c53a9a6193f9d48da86c83a4935d6 (commit)
   via  a520723f29aac6598ff0d69e34f5e9b88213e511 (commit)
   via  83a1d4b2011ff3a7798250902bdacbca6e1766c0 (commit)
  from  57aa2f154e3e0f427be59497f58092dd3ec0528a (commit)


- Log -
commit 0b9c5da0fd9c53a9a6193f9d48da86c83a4935d6
Author: Matt Caswell 
Date:   Tue Oct 25 11:10:56 2016 +0100

Implement length checks as a macro

Replace the various length checks in the extension code with a macro to
simplify the logic.

Reviewed-by: Rich Salz 

commit a520723f29aac6598ff0d69e34f5e9b88213e511
Author: Matt Caswell 
Date:   Fri Oct 14 13:07:00 2016 +0100

Ensure we have length checks for all extensions

The previous commit inspired a review of all the length checks for the
extension adding code. This adds more robust checks and adds checks where
some were missing previously. The real solution for this is to use WPACKET
which is currently in master - but that cannot be applied to release
branches.

Reviewed-by: Rich Salz 

commit 83a1d4b2011ff3a7798250902bdacbca6e1766c0
Author: Matt Caswell 
Date:   Fri Oct 14 11:49:06 2016 +0100

Fix length check writing status request extension

The status request extension did not correctly check its length, meaning
that writing the extension could go 2 bytes beyond the buffer size. In
practice this makes little difference because, due to logic in buffer.c the
buffer is actually over allocated by approximately 5k!

Issue reported by Guido Vranken.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/t1_lib.c | 206 ---
 1 file changed, 154 insertions(+), 52 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7831046..69706be 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -132,6 +132,9 @@ static int ssl_check_clienthello_tlsext_early(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 #endif
 
+#define CHECKLEN(curr, val, limit) \
+(((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))
+
 SSL3_ENC_METHOD TLSv1_enc_data = {
 tls1_enc,
 tls1_mac,
@@ -1263,8 +1266,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 
 if (s->tlsext_hostname != NULL) {
 /* Add TLS extension servername to the Client Hello message */
-unsigned long size_str;
-long lenmax;
+size_t size_str;
 
 /*-
  * check for enough space.
@@ -1274,10 +1276,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
  * 2 for hostname length
  * + hostname length
  */
-
-if ((lenmax = limit - ret - 9) < 0
-|| (size_str =
-strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+size_str = strlen(s->tlsext_hostname);
+if (CHECKLEN(ret, 9 + size_str, limit))
 return NULL;
 
 /* extension type and length */
@@ -1321,7 +1321,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
  * Client Hello message */
 
-int login_len = strlen(s->srp_ctx.login);
+size_t login_len = strlen(s->srp_ctx.login);
 if (login_len > 255 || login_len == 0) {
 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
 return NULL;
@@ -1333,7 +1333,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
  * 1 for the srp user identity
  * + srp user identity length
  */
-if ((limit - ret - 5 - login_len) < 0)
+if (CHECKLEN(ret, 5 + login_len, limit))
 return NULL;
 
 /* fill in the extension */
@@ -1350,20 +1350,23 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 /*
  * Add TLS extension ECPointFormats to the ClientHello message
  */
-long lenmax;
 const unsigned char *pcurves, *pformats;
 size_t num_curves, num_formats, curves_list_len;
 
 tls1_get_formatlist(s, , _formats);
 
-if ((lenmax = limit - ret - 5) < 0)
-return NULL;
-if (num_formats > (size_t)lenmax)
-return NULL;
 if (num_formats > 255) {
 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
 return NULL;
 }
+/*-
+ * check for enough space.
+ * 4 bytes for the ec point formats type and extension length
+ * 1 byte for the length of the formats
+ * + formats length
+ 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  57aa2f154e3e0f427be59497f58092dd3ec0528a (commit)
  from  fa4c374572e94f467900f5820cd1d00af2470a17 (commit)


- Log -
commit 57aa2f154e3e0f427be59497f58092dd3ec0528a
Author: Matt Caswell 
Date:   Mon Oct 10 16:53:11 2016 +0100

Fix a double free in ca command line

Providing a spkac file with no default section causes a double free.

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Kurt Roeckx 
(cherry picked from commit 229bd12487f8576fc088dc4f641950ac33c62033)

---

Summary of changes:
 apps/ca.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/ca.c b/apps/ca.c
index 20c4ebb..4cea3cb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2224,7 +2224,6 @@ static int certify_spkac(X509 **xret, char *infile, 
EVP_PKEY *pkey,
 sk = CONF_get_section(parms, "default");
 if (sk_CONF_VALUE_num(sk) == 0) {
 BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
-CONF_free(parms);
 goto err;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  fa4c374572e94f467900f5820cd1d00af2470a17 (commit)
  from  31bf65c89a43b4a1b3dd942c3e71d4573a0d4d66 (commit)


- Log -
commit fa4c374572e94f467900f5820cd1d00af2470a17
Author: Matt Caswell 
Date:   Fri Oct 21 14:49:33 2016 +0100

A zero return from BIO_read/BIO_write() could be retryable

A zero return from BIO_read()/BIO_write() could mean that an IO operation
is retryable. A zero return from SSL_read()/SSL_write() means that the
connection has been closed down (either cleanly or not). Therefore we
should not propagate a zero return value from BIO_read()/BIO_write() back
up the stack to SSL_read()/SSL_write(). This could result in a retryable
failure being treated as fatal.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/s23_pkt.c | 18 +++---
 ssl/s2_pkt.c  | 16 ++--
 ssl/s3_pkt.c  | 18 +++---
 3 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c
index efc8647..5a63eff 100644
--- a/ssl/s23_pkt.c
+++ b/ssl/s23_pkt.c
@@ -63,6 +63,12 @@
 #include 
 #include 
 
+/*
+ * Return values are as per SSL_write(), i.e.
+ * >0 The number of read bytes
+ *  0 Failure (not retryable)
+ * <0 Failure (may be retryable)
+ */
 int ssl23_write_bytes(SSL *s)
 {
 int i, num, tot;
@@ -77,7 +83,7 @@ int ssl23_write_bytes(SSL *s)
 if (i <= 0) {
 s->init_off = tot;
 s->init_num = num;
-return (i);
+return -1;
 }
 s->rwstate = SSL_NOTHING;
 if (i == num)
@@ -88,7 +94,13 @@ int ssl23_write_bytes(SSL *s)
 }
 }
 
-/* return regularly only when we have read (at least) 'n' bytes */
+/* return regularly only when we have read (at least) 'n' bytes
+ * 
+ * Return values are as per SSL_read(), i.e.
+ * >0 The number of read bytes
+ *  0 Failure (not retryable)
+ * <0 Failure (may be retryable)
+ */
 int ssl23_read_bytes(SSL *s, int n)
 {
 unsigned char *p;
@@ -102,7 +114,7 @@ int ssl23_read_bytes(SSL *s, int n)
 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
  n - s->packet_length);
 if (j <= 0)
-return (j);
+return -1;
 s->rwstate = SSL_NOTHING;
 s->packet_length += j;
 if (s->packet_length >= (unsigned int)n)
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index 7a61888..394b433 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -307,6 +307,12 @@ int ssl2_peek(SSL *s, void *buf, int len)
 return ssl2_read_internal(s, buf, len, 1);
 }
 
+/*
+ * Return values are as per SSL_read(), i.e.
+ * >0 The number of read bytes
+ *  0 Failure (not retryable)
+ * <0 Failure (may be retryable)
+ */
 static int read_n(SSL *s, unsigned int n, unsigned int max,
   unsigned int extend)
 {
@@ -374,7 +380,7 @@ static int read_n(SSL *s, unsigned int n, unsigned int max,
 # endif
 if (i <= 0) {
 s->s2->rbuf_left += newb;
-return (i);
+return -1;
 }
 newb += i;
 }
@@ -441,6 +447,12 @@ int ssl2_write(SSL *s, const void *_buf, int len)
 }
 }
 
+/*
+ * Return values are as per SSL_write(), i.e.
+ * >0 The number of read bytes
+ *  0 Failure (not retryable)
+ * <0 Failure (may be retryable)
+ */
 static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
 {
 int i;
@@ -477,7 +489,7 @@ static int write_pending(SSL *s, const unsigned char *buf, 
unsigned int len)
 s->rwstate = SSL_NOTHING;
 return (s->s2->wpend_ret);
 } else if (i <= 0)
-return (i);
+return -1;
 s->s2->wpend_off += i;
 s->s2->wpend_len -= i;
 }
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index be37ef0..7e3a7b4 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -136,6 +136,12 @@ static int do_ssl3_write(SSL *s, int type, const unsigned 
char *buf,
  unsigned int len, int create_empty_fragment);
 static int ssl3_get_record(SSL *s);
 
+/*
+ * Return values are as per SSL_read(), i.e.
+ * >0 The number of read bytes
+ *  0 Failure (not retryable)
+ * <0 Failure (may be retryable)
+ */
 int ssl3_read_n(SSL *s, int n, int max, int extend)
 {
 /*
@@ -263,7 +269,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
 if (len + left == 0)
 ssl3_release_read_buffer(s);
-return (i);
+return -1;
 }
 left += i;
 /*
@@ -1082,7 +1088,13 @@ static int do_ssl3_write(SSL *s, int type, const 
unsigned char *buf,
 return -1;
 }
 
-/* if s->s3->wbuf.left != 0, we need to call this */
+/* if 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  31bf65c89a43b4a1b3dd942c3e71d4573a0d4d66 (commit)
  from  0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit)


- Log -
commit 31bf65c89a43b4a1b3dd942c3e71d4573a0d4d66
Author: Rich Salz 
Date:   Wed Oct 26 11:48:43 2016 -0400

Fix typo (reported by Matthias St. Pierre)

Reviewed-by: Tim Hudson 
(cherry picked from commit 12a7715e3daed439e46cbed461d2a3d9dfd37c0f)

---

Summary of changes:
 README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README b/README
index 93f27fd..75abf2d 100644
--- a/README
+++ b/README
@@ -95,7 +95,7 @@
  LEGALITIES
  --
 
- A number of nations, restrict the use or export of cryptography. If you
+ A number of nations restrict the use or export of cryptography. If you
  are potentially subject to such restrictions you should seek competent
  professional legal advice before attempting to develop or distribute
  cryptographic code.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit)
  from  3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)


- Log -
commit 0e4690165b4beb6777b747b0aeb1646a301f41d9
Author: Dr. Matthias St. Pierre 
Date:   Sun Oct 16 00:53:33 2016 +0200

Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ecdh/ech_ossl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index df115cc..d3b0524 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const 
EC_POINT *pub_key,
 BN_CTX_end(ctx);
 if (ctx)
 BN_CTX_free(ctx);
-if (buf)
+if (buf) {
+OPENSSL_cleanse(buf, buflen);
 OPENSSL_free(buf);
+}
 return (ret);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)
  from  45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit)


- Log -
commit 3ade92e785bb3777c92332f88e23f6ce906ee260
Author: Rich Salz 
Date:   Sat Oct 22 03:53:47 2016 -0400

Correctly find all critical CRL extensions

Unhandled critical CRL extensions were not detected if they appeared
after the handled ones.  (GitHub issue 1757).  Thanks to John Chuah
for reporting this.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1769)

---

Summary of changes:
 crypto/asn1/x_crl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 0279503..c78ded8 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const 
ASN1_ITEM *it,
 
 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
 int nid;
+
 ext = sk_X509_EXTENSION_value(exts, idx);
 nid = OBJ_obj2nid(ext->object);
 if (nid == NID_freshest_crl)
@@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const 
ASN1_ITEM *it,
 if ((nid == NID_issuing_distribution_point)
 || (nid == NID_authority_key_identifier)
 || (nid == NID_delta_crl))
-break;;
+continue;
 crl->flags |= EXFLAG_CRITICAL;
 break;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit)
  from  cdb203f49a555cbc94431e9d83df6c93208fb610 (commit)


- Log -
commit 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5
Author: Cristian Stoica 
Date:   Wed Aug 17 14:55:57 2016 +0300

remove redundant zero assignments

The structure has already been initialized to zero with memset.
See also commit 64b25758edca688a30f02c260262150f7ad0bc7d (remove 0 
assignments)

Signed-off-by: Cristian Stoica 
CLA: trivial
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1463)

---

Summary of changes:
 crypto/evp/pmeth_lib.c | 28 +---
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9668b3a..d066862 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -199,6 +199,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, 
int id)
 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 {
 EVP_PKEY_METHOD *pmeth;
+
 pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
 if (!pmeth)
 return NULL;
@@ -207,33 +208,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 
 pmeth->pkey_id = id;
 pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
-
-pmeth->init = 0;
-pmeth->copy = 0;
-pmeth->cleanup = 0;
-pmeth->paramgen_init = 0;
-pmeth->paramgen = 0;
-pmeth->keygen_init = 0;
-pmeth->keygen = 0;
-pmeth->sign_init = 0;
-pmeth->sign = 0;
-pmeth->verify_init = 0;
-pmeth->verify = 0;
-pmeth->verify_recover_init = 0;
-pmeth->verify_recover = 0;
-pmeth->signctx_init = 0;
-pmeth->signctx = 0;
-pmeth->verifyctx_init = 0;
-pmeth->verifyctx = 0;
-pmeth->encrypt_init = 0;
-pmeth->encrypt = 0;
-pmeth->decrypt_init = 0;
-pmeth->decrypt = 0;
-pmeth->derive_init = 0;
-pmeth->derive = 0;
-pmeth->ctrl = 0;
-pmeth->ctrl_str = 0;
-
 return pmeth;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  cdb203f49a555cbc94431e9d83df6c93208fb610 (commit)
  from  0df1caa77b793d055714f4d78d9aac7a985babb8 (commit)


- Log -
commit cdb203f49a555cbc94431e9d83df6c93208fb610
Author: Richard Levitte 
Date:   Thu Oct 20 09:07:06 2016 +0200

%p takes void*, so make sure to cast arguments to void*

This avoids failures when configuring with --strict-warnings

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1749)

---

Summary of changes:
 apps/s_cb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index d1a99a7..7d71954 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -548,12 +548,12 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, 
const char *argp,
 
 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
 BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
-   (void *)bio, argp, (unsigned long)argi, ret, ret);
+   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
 BIO_dump(out, argp, (int)ret);
 return (ret);
 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
 BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
-   (void *)bio, argp, (unsigned long)argi, ret, ret);
+   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
 BIO_dump(out, argp, (int)ret);
 }
 return (ret);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  0df1caa77b793d055714f4d78d9aac7a985babb8 (commit)
   via  aa01b82c69eeb0cfd255174111fc34a7ed5f8429 (commit)
  from  10e60f26cef02a6310d20cc2c918184fc9100d14 (commit)


- Log -
commit 0df1caa77b793d055714f4d78d9aac7a985babb8
Author: Richard Levitte 
Date:   Wed Oct 19 19:46:38 2016 +0200

apps: make setup_engine() and release_engine() available always

This removes some #ifndef clutter.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1644)

commit aa01b82c69eeb0cfd255174111fc34a7ed5f8429
Author: Richard Levitte 
Date:   Thu Sep 29 00:40:20 2016 +0200

If an engine comes up explicitely, it must also come down explicitely

In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it has registered at least one cipher or digest
algorithm method, and therefore gets a functional reference through the
ENGINE_set_default() call), we end up returning an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Originally, the ENGINE API wasn't designed for this to happen, an
engine had to register at least one algorithm method, and was
especially expected to register the algorithms corresponding to the
key types that could be stored and hidden in hardware.  However, it
turns out that some engines will not register those algorithms with
the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest
functions, as they only want the methods to be used for keys, not as
general crypto accelerator methods.  That may cause ENGINE_set_default()
to do nothing, and no functional reference is therefore made, leading
to a premature deallocation of the engine and it thereby becoming
unavailable when trying to fetch a key.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1644)

---

Summary of changes:
 apps/apps.c  | 14 +++---
 apps/apps.h  |  4 ++--
 apps/ca.c|  5 +
 apps/cms.c   |  5 +
 apps/dgst.c  |  1 +
 apps/dh.c|  6 --
 apps/dhparam.c   |  8 +++-
 apps/dsa.c   |  7 +--
 apps/dsaparam.c  |  8 +++-
 apps/ec.c|  6 +++---
 apps/ecparam.c   | 10 +-
 apps/enc.c   |  8 +++-
 apps/gendh.c |  4 
 apps/gendsa.c|  8 +++-
 apps/genpkey.c   |  2 +-
 apps/genrsa.c|  7 +--
 apps/pkcs12.c|  5 +
 apps/pkcs7.c |  8 +++-
 apps/pkcs8.c |  5 +
 apps/pkey.c  |  5 +
 apps/pkeyparam.c |  8 +++-
 apps/pkeyutl.c   |  1 +
 apps/rand.c  |  8 +++-
 apps/req.c   |  5 +
 apps/rsa.c   |  5 +
 apps/rsautl.c|  5 +
 apps/s_client.c  |  7 ---
 apps/s_server.c  |  7 +--
 apps/smime.c |  5 +
 apps/speed.c |  4 +++-
 apps/spkac.c |  5 +
 apps/srp.c   |  8 +++-
 apps/verify.c|  5 +
 apps/x509.c  |  5 +
 34 files changed, 70 insertions(+), 134 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index ff17b35..c487bd9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1535,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char 
*engine, int debug)
 }
 return e;
 }
+#endif
 
 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 {
 ENGINE *e = NULL;
 
+#ifndef OPENSSL_NO_ENGINE
 if (engine) {
 if (strcmp(engine, "auto") == 0) {
 BIO_printf(err, "enabling auto ENGINE support\n");
@@ -1564,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 }
 
 BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-/* Free our "structural" reference. */
-ENGINE_free(e);
 }
+#endif
 return e;
 }
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+if (e != NULL)
+/* Free our "structural" reference. */
+ENGINE_free(e);
 #endif
+}
 
 int load_config(BIO *err, CONF *cnf)
 {
diff --git a/apps/apps.h b/apps/apps.h
index c6c3881..268863c 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, 
int format,
   const char *pass, ENGINE *e,
   const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-# ifndef OPENSSL_NO_ENGINE
+
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
 
 # ifndef OPENSSL_NO_OCSP
 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  10e60f26cef02a6310d20cc2c918184fc9100d14 (commit)
  from  1c6aab6a527b057133b470fa8c778e3d45f1605a (commit)


- Log -
commit 10e60f26cef02a6310d20cc2c918184fc9100d14
Author: Richard Levitte 
Date:   Wed Oct 19 22:54:06 2016 +0200

Fix no-des

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1748)

---

Summary of changes:
 apps/pkcs12.c | 2 ++
 crypto/cms/cms_kari.c | 5 -
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 82182c2..4e7de43 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1110,4 +1110,6 @@ static int set_pbe(BIO *err, int *ppbe, const char *str)
 return 1;
 }
 
+#else
+static void *dummy = 
 #endif
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 2cfcdb2..ee28317 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
  * Pick a cipher based on content encryption cipher. If it is DES3 use
  * DES3 wrap otherwise use AES wrap similar to key size.
  */
+#ifndef OPENSSL_NO_DES
 if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
 kekcipher = EVP_des_ede3_wrap();
-else if (keylen <= 16)
+else
+#endif
+if (keylen <= 16)
 kekcipher = EVP_aes_128_wrap();
 else if (keylen <= 24)
 kekcipher = EVP_aes_192_wrap();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  1c6aab6a527b057133b470fa8c778e3d45f1605a (commit)
  from  99c002b305705a3d1e092402bc092de1943fbc27 (commit)


- Log -
commit 1c6aab6a527b057133b470fa8c778e3d45f1605a
Author: Richard Levitte 
Date:   Thu Oct 6 09:31:34 2016 +0200

Make 'openssl prime ""' not segfault

Fixes RT#4699

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/1668)

---

Summary of changes:
 apps/prime.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/apps/prime.c b/apps/prime.c
index 1fb1c8d..133167f 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -128,16 +128,24 @@ int MAIN(int argc, char **argv)
 BIO_printf(bio_out, "%s\n", s);
 OPENSSL_free(s);
 } else {
+int r;
+
 if (hex)
-BN_hex2bn(, argv[0]);
+r = BN_hex2bn(, argv[0]);
 else
-BN_dec2bn(, argv[0]);
+r = BN_dec2bn(, argv[0]);
+
+if(!r) {
+BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
+goto end;
+}
 
 BN_print(bio_out, bn);
 BIO_printf(bio_out, " is %sprime\n",
BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
 }
 
+ end:
 BN_free(bn);
 BIO_free_all(bio_out);
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  99c002b305705a3d1e092402bc092de1943fbc27 (commit)
   via  b0161f6a8961b131c4dd43a4cc240b4a9ffda72d (commit)
  from  78ee64c237a8d73b8e92b2612f565db26c169ed5 (commit)


- Log -
commit 99c002b305705a3d1e092402bc092de1943fbc27
Author: Patrick Steuer 
Date:   Mon Oct 17 10:30:33 2016 +0200

Fix strict-warnings build

crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt
functions need to be changed from char to unsigned char to avoid build
error due to -Werror=incompatible-pointer-types.

crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change.

Signed-off-by: Patrick Steuer 

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
CLA: trivial

commit b0161f6a8961b131c4dd43a4cc240b4a9ffda72d
Author: Patrick Steuer 
Date:   Mon Oct 17 10:24:49 2016 +0200

Fix strict-warnings build

crypto/s390xcap.c: cryptlib.h needs to be included for OPENSSL_cpuid_setup
function prototype is located there to avoid build error due to
-Werror=missing-prototypes.

Signed-off-by: Patrick Steuer 

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
CLA: trivial

---

Summary of changes:
 crypto/aes/asm/aes-s390x.pl | 8 
 crypto/evp/e_aes.c  | 4 ++--
 crypto/s390xcap.c   | 1 +
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index 76ca8e5..a8f4d29 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1568,8 +1568,8 @@ ___
 }
 
 
-# void AES_xts_encrypt(const char *inp,char *out,size_t len,
-#  const AES_KEY *key1, const AES_KEY *key2,
+# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+#  size_t len, const AES_KEY *key1, const AES_KEY *key2,
 #  const unsigned char iv[16]);
 #
 {
@@ -1937,8 +1937,8 @@ $code.=<<___;
br  $ra
 .size  AES_xts_encrypt,.-AES_xts_encrypt
 ___
-# void AES_xts_decrypt(const char *inp,char *out,size_t len,
-#  const AES_KEY *key1, const AES_KEY *key2,
+# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+#  size_t len, const AES_KEY *key1, const AES_KEY *key2,
 #  const unsigned char iv[16]);
 #
 $code.=<<___;
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1734a82..7c62d32 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned 
char *out,
const unsigned char ivec[AES_BLOCK_SIZE]);
 # endif
 # ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp, char *out, size_t len,
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
  const AES_KEY *key1, const AES_KEY *key2,
  const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp, char *out, size_t len,
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
  const AES_KEY *key1, const AES_KEY *key2,
  const unsigned char iv[16]);
 # endif
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index 47d6b6f..cf8c372 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -3,6 +3,7 @@
 #include 
 #include 
 #include 
+#include "cryptlib.h"
 
 extern unsigned long OPENSSL_s390xcap_P[];
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  78ee64c237a8d73b8e92b2612f565db26c169ed5 (commit)
  from  02a02319ea6cde904e4bfa3a05fe128fd9b6675c (commit)


- Log -
commit 78ee64c237a8d73b8e92b2612f565db26c169ed5
Author: Steven Fackler 
Date:   Sat Oct 15 13:01:25 2016 -0700

Fix signatures of EVP_Digest{Sign,Verify}Update

These are implemented as macros delegating to `EVP_DigestUpdate`, which
takes a `size_t` as its third argument, not an `unsigned int`.

CLA: trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Matt Caswell 
(cherry picked from commit 8bdce8d160e29b4e1b80fec31f618d85d8c2b7a8)

---

Summary of changes:
 doc/crypto/EVP_DigestSignInit.pod   | 2 +-
 doc/crypto/EVP_DigestVerifyInit.pod | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/crypto/EVP_DigestSignInit.pod 
b/doc/crypto/EVP_DigestSignInit.pod
index 37d960e..83e6589 100644
--- a/doc/crypto/EVP_DigestSignInit.pod
+++ b/doc/crypto/EVP_DigestSignInit.pod
@@ -10,7 +10,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal 
- EVP signing func
 
  int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
  int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
 
 =head1 DESCRIPTION
diff --git a/doc/crypto/EVP_DigestVerifyInit.pod 
b/doc/crypto/EVP_DigestVerifyInit.pod
index 0ead2d2..347c511 100644
--- a/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/doc/crypto/EVP_DigestVerifyInit.pod
@@ -10,7 +10,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, 
EVP_DigestVerifyFinal - EVP signat
 
  int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
  int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t 
siglen);
 
 =head1 DESCRIPTION
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  02a02319ea6cde904e4bfa3a05fe128fd9b6675c (commit)
  from  6d69dc56de8f0535be9ccabea7a8d4e61c04c2f1 (commit)


- Log -
commit 02a02319ea6cde904e4bfa3a05fe128fd9b6675c
Author: Matt Caswell 
Date:   Wed Oct 12 16:43:03 2016 +0100

Ensure we handle len == 0 in ERR_err_string_n

If len == 0 in a call to ERR_error_string_n() then we can read beyond the
end of the buffer. Really applications should not be calling this function
with len == 0, but we shouldn't be letting it through either!

Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on
this issue is available here:

https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/

Reviewed-by: Richard Levitte 
(cherry picked from commit e5c1361580d8de79682958b04a5f0d262e680f8b)

---

Summary of changes:
 crypto/err/err.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/err/err.c b/crypto/err/err.c
index e77d963..52dc9a5 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -868,6 +868,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t 
len)
 const char *ls, *fs, *rs;
 unsigned long l, f, r;
 
+if (len == 0)
+return;
+
 l = ERR_GET_LIB(e);
 f = ERR_GET_FUNC(e);
 r = ERR_GET_REASON(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  6d69dc56de8f0535be9ccabea7a8d4e61c04c2f1 (commit)
  from  e8e380ce013b4d14a2eccda9475536729b72af8e (commit)


- Log -
commit 6d69dc56de8f0535be9ccabea7a8d4e61c04c2f1
Author: Vitezslav Cizek 
Date:   Mon Oct 10 16:41:57 2016 +0200

Degrade 3DES to MEDIUM in SSL2

The SWEET32 fix moved 3DES from HIGH to MEDIUM, but omitted SSL2.

CLA: trivial
Reviewed-by: Kurt Roeckx 
Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1683)

---

Summary of changes:
 ssl/s2_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 88e67f0..cc13603 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
  SSL_3DES,
  SSL_MD5,
  SSL_SSLV2,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
  0,
  112,
  168,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  e8e380ce013b4d14a2eccda9475536729b72af8e (commit)
  from  f1f97699cb5e01f1b7e37f4c92df1a9bce6772f5 (commit)


- Log -
commit e8e380ce013b4d14a2eccda9475536729b72af8e
Author: Rich Salz 
Date:   Wed Oct 12 15:49:06 2016 -0400

RT is put out to pasture

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/1702)
(cherry picked from commit 7954dced19a7e59e7055eab95a981fa943c7d100)

---

Summary of changes:
 CONTRIBUTING | 53 -
 README   | 34 --
 2 files changed, 24 insertions(+), 63 deletions(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 07115e5..7cc3850 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -11,34 +11,12 @@ OpenSSL community you might want to discuss it on the 
openssl-dev mailing
 list first.  Someone may be already working on the same thing or there
 may be a good reason as to why that feature isn't implemented.
 
-The best way to submit a patch is to make a pull request on GitHub.
-(It is not necessary to send mail to r...@openssl.org to open a ticket!)
-If you think the patch could use feedback from the community, please
-start a thread on openssl-dev.
+To submit a patch, make a pull request on GitHub.  If you think the patch
+could use feedback from the community, please start a thread on openssl-dev
+to discuss it.
 
-You can also submit patches by sending it as mail to r...@openssl.org.
-Please include the word "PATCH" and an explanation of what the patch
-does in the subject line.  If you do this, our preferred format is "git
-format-patch" output. For example to provide a patch file containing the
-last commit in your local git repository use the following command:
-
-% git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-% cd openssl-work
-...make your changes...
-% ./Configure dist; make clean
-% cd ..
-% diff -ur openssl-orig openssl-work >mydiffs.patch
-
-Note that pull requests are generally easier for the team, and community, to
-work with.  Pull requests benefit from all of the standard GitHub features,
-including code review tools, simpler integration, and CI build support.
-
-No matter how a patch is submitted, the following items will help make
-the acceptance and review process faster:
+Having addressed the following items before the PR will help make the
+acceptance and review process faster:
 
 1. Anything other than trivial contributions will require a contributor
 licensing agreement, giving us permission to use your code. See
@@ -55,21 +33,22 @@ the acceptance and review process faster:
 in the file LICENSE in the source distribution or at
 https://www.openssl.org/source/license.html
 
-3.  Patches should be as current as possible.  When using GitHub, please
-expect to have to rebase and update often. Note that we do not accept merge
-commits. You will be asked to remove them before a patch is considered
-acceptable.
+3.  Patches should be as current as possible; expect to have to rebase
+often. We do not accept merge commits; You will be asked to remove
+them before a patch is considered acceptable.
 
 4.  Patches should follow our coding style (see
 https://www.openssl.org/policies/codingstyle.html) and compile without
 warnings. Where gcc or clang is availble you should use the
 --strict-warnings Configure option.  OpenSSL compiles on many varied
 platforms: try to ensure you only use portable features.
+Clean builds via Travis and AppVeyor are expected, and done whenever
+a PR is created or updated.
 
-5.  When at all possible, patches should include tests. These can either be
-added to an existing test, or completely new.  Please see test/README
-for information on the test framework.
+5.  When at all possible, patches should include tests. These can
+either be added to an existing test, or completely new.  Please see
+test/README for information on the test framework.
 
-6.  New features or changed functionality must include documentation. 
Please
-look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
-our style.
+6.  New features or changed functionality must include
+documentation. Please look at the "pod" files in doc/apps, doc/crypto
+and doc/ssl for examples of our style.
diff --git a/README b/README
index dece269..93f27fd 100644
--- a/README
+++ b/README
@@ -66,13 +66,13 @@
  If you have any problems with OpenSSL then please take the following steps
  first:
 
-- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+- 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  f1f97699cb5e01f1b7e37f4c92df1a9bce6772f5 (commit)
  from  53a71b7429a4315f7761bea1be20a6d0b9c9a502 (commit)


- Log -
commit f1f97699cb5e01f1b7e37f4c92df1a9bce6772f5
Author: Kurt Cancemi 
Date:   Thu Sep 22 18:05:37 2016 -0400

Add missing error string for SSL_R_TOO_MANY_WARN_ALERTS

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/ssl_err.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 79aaf1a..a4c17a6 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -753,6 +753,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
  "tls illegal exporter label"},
 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
  "tls invalid ecpointformat list"},
+{ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
  "tls peer did not respond with certificate list"},
 {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  53a71b7429a4315f7761bea1be20a6d0b9c9a502 (commit)
  from  a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit)


- Log -
commit 53a71b7429a4315f7761bea1be20a6d0b9c9a502
Author: Richard Levitte 
Date:   Wed Sep 28 21:28:00 2016 +0200

apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 
(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6)

---

Summary of changes:
 apps/apps.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..ff17b35 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, 
int maybe_stdin,
 if (!e)
 BIO_printf(err, "no engine specified\n");
 else {
-pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+if (ENGINE_init(e)) {
+pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+ENGINE_finish(e);
+}
 if (!pkey) {
 BIO_printf(err, "cannot load %s from engine\n", key_descrip);
 ERR_print_errors(err);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit)
  from  4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit)


- Log -
commit a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74
Author: Rich Salz 
Date:   Wed Sep 28 14:39:32 2016 -0400

Revert "Call ENGINE_init() before trying to use keys from engine"

This reverts commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d.
This fails to call ENGINE_finish; an alternate fix is coming.

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 apps/apps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 40401c1..9fdc3e0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(err, "can't use that engine\n");
 ERR_print_errors(err);
 ENGINE_free(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit)
  from  9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e (commit)


- Log -
commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d
Author: David Woodhouse 
Date:   Wed Sep 28 14:31:22 2016 +0100

Call ENGINE_init() before trying to use keys from engine

Things like 'openssl s_client' only ever worked with keys from an engine
which provided a default generic method for some key type — because it
called ENGINE_set_default() and that ended up being an implicit
initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get
initialised, and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1640)

---

Summary of changes:
 apps/apps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..40401c1 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(err, "can't use that engine\n");
 ERR_print_errors(err);
 ENGINE_free(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e (commit)
  from  f6e43fee7060ec5c335724fea8097060a4359f2f (commit)


- Log -
commit 9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e
Author: Matt Caswell 
Date:   Mon Sep 26 11:20:11 2016 +0100

Fix NEWS error

The NEWS file referenced the wrong CVE for 1.0.2

Reviewed-by: Richard Levitte 

---

Summary of changes:
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 24a1317..d750fb5 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@
 
   Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
 
-  o Fix Use After Free for large message sizes (CVE-2016-6309)
+  o Missing CRL sanity check (CVE-2016-7052)
 
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  f6e43fee7060ec5c335724fea8097060a4359f2f (commit)
   via  e216bf9d7ca761718f34e8b3094fcb32c7a143e4 (commit)
   via  ca430ece0d5cf5820d9e580252f3118602e40332 (commit)
   via  6e629b5be45face20b4ca71c4fcbfed78b864a2e (commit)
  from  f15a7e39a1f7d41716ca5f07faef74f55147d2cf (commit)


- Log -
commit f6e43fee7060ec5c335724fea8097060a4359f2f
Author: Matt Caswell 
Date:   Mon Sep 26 10:50:48 2016 +0100

Prepare for 1.0.2k-dev

Reviewed-by: Richard Levitte 

commit e216bf9d7ca761718f34e8b3094fcb32c7a143e4
Author: Matt Caswell 
Date:   Mon Sep 26 10:49:49 2016 +0100

Prepare for 1.0.2j release

Reviewed-by: Richard Levitte 

commit ca430ece0d5cf5820d9e580252f3118602e40332
Author: Matt Caswell 
Date:   Mon Sep 26 09:51:30 2016 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit 6e629b5be45face20b4ca71c4fcbfed78b864a2e
Author: Matt Caswell 
Date:   Tue Aug 23 00:01:57 2016 +0100

Add some sanity checks when checking CRL scores

Note: this was accidentally omitted from OpenSSL 1.0.2 branch.
Without this fix any attempt to use CRLs will crash.

CVE-2016-7052

Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue.

Reviewed-by: Stephen Henson 
Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES| 14 +-
 NEWS   |  6 +-
 README |  2 +-
 crypto/opensslv.h  |  6 +++---
 crypto/x509/x509_vfy.c |  4 ++--
 openssl.spec   |  2 +-
 6 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index c072379..009b7ef 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,22 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.2i and 1.0.2j [xx XXX ]
+ Changes between 1.0.2j and 1.0.2k [xx XXX ]
 
   *)
 
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
+
+  *) Missing CRL sanity check
+
+ A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+ but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+ CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+ This issue only affects the OpenSSL 1.0.2i
+ (CVE-2016-7052)
+ [Matt Caswell]
+
  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
 
   *) OCSP Status Request extension unbounded memory growth
diff --git a/NEWS b/NEWS
index 6a787e6..24a1317 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development]
+  Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
 
   o
 
+  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
+
+  o Fix Use After Free for large message sizes (CVE-2016-6309)
+
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 
   o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
diff --git a/README b/README
index 9cba523..dece269 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2j-dev
+ OpenSSL 1.0.2k-dev
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index c40160b..0f4251f 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x100020a0L
+# define OPENSSL_VERSION_NUMBER  0x100020b0L
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2j-fips-dev  xx XXX "
+#  define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2k-fips-dev  xx XXX "
 # else
-#  define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2j-dev  xx XXX "
+#  define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2k-dev  xx XXX "
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8334b3f..b147201 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL 
**pcrl, X509_CRL **pdcrl,
 crl = sk_X509_CRL_value(crls, i);
 reasons = *preasons;
 crl_score = get_crl_score(ctx, _issuer, , crl, x);
-if (crl_score < best_score)
+if (crl_score < best_score || crl_score == 0)
 continue;
 /* If current CRL is 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  f15a7e39a1f7d41716ca5f07faef74f55147d2cf (commit)
  from  581215a519c66db7255ea360ed25bb00033ccd52 (commit)


- Log -
commit f15a7e39a1f7d41716ca5f07faef74f55147d2cf
Author: Dirk Feytons 
Date:   Thu Sep 22 16:17:45 2016 +0200

Fix build with no-nextprotoneg

Add a missing ifdef. Same change is already present in master.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1100)

---

Summary of changes:
 ssl/t1_ext.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 724ddf7..79ed946 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int ext_type)
 case TLSEXT_TYPE_ec_point_formats:
 case TLSEXT_TYPE_elliptic_curves:
 case TLSEXT_TYPE_heartbeat:
+# ifndef OPENSSL_NO_NEXTPROTONEG
 case TLSEXT_TYPE_next_proto_neg:
+# endif
 case TLSEXT_TYPE_padding:
 case TLSEXT_TYPE_renegotiate:
 case TLSEXT_TYPE_server_name:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  581215a519c66db7255ea360ed25bb00033ccd52 (commit)
  from  9d264d11a93413d2724b7c8c873e56b2ddd8c53f (commit)


- Log -
commit 581215a519c66db7255ea360ed25bb00033ccd52
Author: Rich Salz 
Date:   Thu Sep 22 08:47:45 2016 -0400

Fix typo introduced by a03f81f4

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/engine/eng_cryptodev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 65a74df..2a2b95c 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const 
EVP_MD_CTX *from)
 if (fstate->mac_len != 0) {
 if (fstate->mac_data != NULL) {
 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-if (dstate->ac_data == NULL) {
+if (dstate->mac_data == NULL) {
 printf("cryptodev_digest_init: malloc failed\n");
 return 0;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  9d264d11a93413d2724b7c8c873e56b2ddd8c53f (commit)
   via  32c130160f7dac2cef5d0e30d94b335e4a87104d (commit)
   via  35aede1cd7411aa404512facfcb22e3859966ef6 (commit)
   via  92c8d6ae0d741fdca3b72baf627d16908dae64ce (commit)
   via  38f59bd1f1da9f5ef67044b35af26528e5b183dd (commit)
   via  ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f (commit)
  from  90d6f35162a9515287e75248e1f880cd1cc92c1f (commit)


- Log -
commit 9d264d11a93413d2724b7c8c873e56b2ddd8c53f
Author: Matt Caswell 
Date:   Thu Sep 22 11:25:49 2016 +0100

Prepare for 1.0.2j-dev

Reviewed-by: Richard Levitte 

commit 32c130160f7dac2cef5d0e30d94b335e4a87104d
Author: Matt Caswell 
Date:   Thu Sep 22 11:24:53 2016 +0100

Prepare for 1.0.2i release

Reviewed-by: Richard Levitte 

commit 35aede1cd7411aa404512facfcb22e3859966ef6
Author: Matt Caswell 
Date:   Wed Sep 21 21:59:49 2016 +0100

Updates CHANGES and NEWS for new release

Reviewed-by: Richard Levitte 

commit 92c8d6ae0d741fdca3b72baf627d16908dae64ce
Author: Dmitry Belyavsky 
Date:   Mon Sep 19 16:05:53 2016 +0100

Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 

commit 38f59bd1f1da9f5ef67044b35af26528e5b183dd
Author: Matt Caswell 
Date:   Fri Sep 9 10:53:39 2016 +0100

Fix a mem leak in NPN handling

If a server sent multiple NPN extensions in a single ClientHello then a
mem leak can occur. This will only happen where the client has requested
NPN in the first place. It does not occur during renegotiation. Therefore
the maximum that could be leaked in a single connection with a malicious
server is 64k (the maximum size of the ServerHello extensions section). As
this is client side, only occurs if NPN has been requested and does not
occur during renegotiation this is unlikely to be exploitable.

Issue reported by Shi Lei.

Reviewed-by: Rich Salz 

commit ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f
Author: Matt Caswell 
Date:   Fri Sep 9 10:08:45 2016 +0100

Fix OCSP Status Request extension unbounded memory growth

A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation,
sending a large OCSP Status Request extension each time, then there will
be unbounded memory growth on the server. This will eventually lead to a
Denial Of Service attack through memory exhaustion. Servers with a
default configuration are vulnerable even if they do not support OCSP.
Builds using the "no-ocsp" build time option are not affected.

I have also checked other extensions to see if they suffer from a similar
problem but I could not find any other issues.

CVE-2016-6304

Issue reported by Shi Lei.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   | 162 +-
 NEWS  |  16 +-
 README|   2 +-
 crypto/opensslv.h |   6 +-
 openssl.spec  |   2 +-
 ssl/s3_clnt.c |  19 ---
 ssl/t1_lib.c  |  29 +++---
 7 files changed, 201 insertions(+), 35 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6502fc3..c072379 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,14 +2,170 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.2h and 1.0.2i [xx XXX ]
+ Changes between 1.0.2i and 1.0.2j [xx XXX ]
 
   *)
 
-  *) In order to mitigate the SWEET32 attack (CVE-2016-2183),
- the DES ciphers were moved from HIGH to MEDIUM.
+ Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+ A malicious client can send an excessively large OCSP Status Request
+ extension. If that client continually requests renegotiation, sending a
+ large OCSP Status Request extension each time, then there will be 
unbounded
+ memory growth on the server. This will eventually lead to a Denial Of
+ Service attack through memory exhaustion. Servers with a default
+ configuration are vulnerable even if they do not support OCSP. Builds 
using
+ the "no-ocsp" 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  90d6f35162a9515287e75248e1f880cd1cc92c1f (commit)
  from  22646a075e75991b4e8f5d67171e45a6aead5b48 (commit)


- Log -
commit 90d6f35162a9515287e75248e1f880cd1cc92c1f
Author: Richard Levitte 
Date:   Thu Sep 22 10:01:38 2016 +0200

mk1mf.pl: check for no-tls1 here as well

Reviewed-by: Matt Caswell 

---

Summary of changes:
 util/mk1mf.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 4eded5a..7a3ae11 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -277,6 +277,7 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_TLS1" if $no_tls1;
 $cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
 $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
@@ -1205,6 +1206,7 @@ sub read_options
"no-ssl3" => \$no_ssl3,
"no-ssl3-method" => 0,
"no-tlsext" => \$no_tlsext,
+   "no-tls1" => \$no_tls1,
"no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"no-jpake" => \$no_jpake,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  22646a075e75991b4e8f5d67171e45a6aead5b48 (commit)
  from  006a788c84e541c8920dd2ad85fb62b52185c519 (commit)


- Log -
commit 22646a075e75991b4e8f5d67171e45a6aead5b48
Author: Matt Caswell 
Date:   Wed Sep 21 14:48:16 2016 +0100

Don't allow too many consecutive warning alerts

Certain warning alerts are ignored if they are received. This can mean that
no progress will be made if one peer continually sends those warning alerts.
Implement a count so that we abort the connection if we receive too many.

Issue reported by Shi Lei.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/d1_pkt.c   | 15 +++
 ssl/s3_pkt.c   | 15 +++
 ssl/ssl.h  |  1 +
 ssl/ssl_locl.h |  4 
 4 files changed, 35 insertions(+)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index df2e42e..7a02459 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -951,6 +951,13 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, 
int len, int peek)
 goto start;
 }
 
+/*
+ * Reset the count of consecutive warning alerts if we've got a non-empty
+ * record that isn't an alert.
+ */
+if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+s->cert->alert_count = 0;
+
 /* we now have a packet which can be read and processed */
 
 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1217,6 +1224,14 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 
 if (alert_level == SSL3_AL_WARNING) {
 s->s3->warn_alert = alert_descr;
+
+s->cert->alert_count++;
+if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
+al = SSL_AD_UNEXPECTED_MESSAGE;
+SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+goto f_err;
+}
+
 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
 /*
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index df124cf..be37ef0 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1229,6 +1229,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 return (ret);
 }
 
+/*
+ * Reset the count of consecutive warning alerts if we've got a non-empty
+ * record that isn't an alert.
+ */
+if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+s->cert->alert_count = 0;
+
 /* we now have a packet which can be read and processed */
 
 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1443,6 +1450,14 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 
 if (alert_level == SSL3_AL_WARNING) {
 s->s3->warn_alert = alert_descr;
+
+s->cert->alert_count++;
+if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
+al = SSL_AD_UNEXPECTED_MESSAGE;
+SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+goto f_err;
+}
+
 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
 return (0);
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2638755..90aeb0c 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -3107,6 +3107,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234
+# define SSL_R_TOO_MANY_WARN_ALERTS   409
 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235
 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS  236
 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS313
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e358031..6df725f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -591,6 +591,8 @@ typedef struct {
  */
 # define SSL_EXT_FLAG_SENT   0x2
 
+# define MAX_WARN_ALERT_COUNT5
+
 typedef struct {
 custom_ext_method *meths;
 size_t meths_count;
@@ -698,6 +700,8 @@ typedef struct cert_st {
 unsigned char *alpn_proposed;   /* server */
 unsigned int alpn_proposed_len;
 int alpn_sent;  /* client */
+/* Count of the number of consecutive warning alerts received */
+unsigned int alert_count;
 } CERT;
 
 typedef struct sess_cert_st {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  006a788c84e541c8920dd2ad85fb62b52185c519 (commit)
   via  bc9563f83d28342b5ec0073ec12d9e581e4f3317 (commit)
   via  709ec8b3848e2ac201b86f49c5561debb8572ccd (commit)
  from  62841a2350f76a5207376d581acec319196447d7 (commit)


- Log -
commit 006a788c84e541c8920dd2ad85fb62b52185c519
Author: Dr. Stephen Henson 
Date:   Wed Sep 21 13:26:01 2016 +0100

Make message buffer slightly larger than message.

Grow TLS/DTLS 16 bytes more than strictly necessary as a precaution against
OOB reads. In most cases this will have no effect because the message buffer
will be large enough already.

Reviewed-by: Matt Caswell 

commit bc9563f83d28342b5ec0073ec12d9e581e4f3317
Author: Dr. Stephen Henson 
Date:   Wed Sep 21 12:54:13 2016 +0100

Use SSL3_HM_HEADER_LENGTH instead of 4.

Reviewed-by: Matt Caswell 

commit 709ec8b3848e2ac201b86f49c5561debb8572ccd
Author: Dr. Stephen Henson 
Date:   Wed Sep 21 12:57:01 2016 +0100

Remove unnecessary check.

The overflow check will never be triggered because the
the n2l3 result is always less than 2^24.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/d1_both.c |  5 -
 ssl/s3_both.c | 35 ---
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 46c70d8..9bc6153 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -581,9 +581,12 @@ static int dtls1_preprocess_fragment(SSL *s, struct 
hm_header_st *msg_hdr,
 /*
  * msg_len is limited to 2^24, but is effectively checked against max
  * above
+ *
+ * Make buffer slightly larger than message length as a precaution
+ * against small OOB reads e.g. CVE-2016-6306
  */
 if (!BUF_MEM_grow_clean
-(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH + 16)) {
 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
 return SSL_AD_INTERNAL_ERROR;
 }
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 4b636b0..054ded1 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -356,21 +356,22 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, 
long max, int *ok)
 }
 *ok = 1;
 s->state = stn;
-s->init_msg = s->init_buf->data + 4;
+s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
 s->init_num = (int)s->s3->tmp.message_size;
 return s->init_num;
 }
 
 p = (unsigned char *)s->init_buf->data;
 
-if (s->state == st1) {  /* s->init_num < 4 */
+if (s->state == st1) {  /* s->init_num < SSL3_HM_HEADER_LENGTH */
 int skip_message;
 
 do {
-while (s->init_num < 4) {
+while (s->init_num < SSL3_HM_HEADER_LENGTH) {
 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
   [s->init_num],
-  4 - s->init_num, 0);
+  SSL3_HM_HEADER_LENGTH -
+  s->init_num, 0);
 if (i <= 0) {
 s->rwstate = SSL_READING;
 *ok = 0;
@@ -394,12 +395,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, 
long max, int *ok)
 
 if (s->msg_callback)
 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-p, 4, s, s->msg_callback_arg);
+p, SSL3_HM_HEADER_LENGTH, s,
+s->msg_callback_arg);
 }
 }
 while (skip_message);
 
-/* s->init_num == 4 */
+/* s->init_num == SSL3_HM_HEADER_LENGTH */
 
 if ((mt >= 0) && (*p != mt)) {
 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -415,19 +417,20 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, 
long max, int *ok)
 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
 goto f_err;
 }
-if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */
-al = SSL_AD_ILLEGAL_PARAMETER;
-SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-goto f_err;
-}
-if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) {
+/*
+ * Make buffer slightly larger than message length as a precaution
+ * against small OOB reads e.g. CVE-2016-6306
+ */
+if (l
+&& 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  ceb7342dab3ab0827b3e13dd9a367d31c7bc3f43 (commit)
  from  9583e4166d02e160873daaaceb2f8dfe62e49659 (commit)


- Log -
commit ceb7342dab3ab0827b3e13dd9a367d31c7bc3f43
Author: Rich Salz 
Date:   Fri Sep 9 10:52:59 2016 -0400

GH1555: Don't bump size on realloc failure

Reviewed-by: Richard Levitte 
(cherry picked from commit 6fcace45bda108ad4d3f95261494dd479720d92c)

---

Summary of changes:
 crypto/lhash/lhash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 53c5c13..f20353a 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -335,8 +335,8 @@ static void expand(_LHASH *lh)
 n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)(sizeof(LHASH_NODE *) * j));
 if (n == NULL) {
-/*  fputs("realloc error in lhash",stderr); */
 lh->error++;
+lh->num_nodes--;
 lh->p = 0;
 return;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  ff553f837172ecb2b5c8eca257ec3c5619a4b299 (commit)
  from  d0cbaa2f3a36a3359ee979f0262f0ff514630509 (commit)


- Log -
commit ff553f837172ecb2b5c8eca257ec3c5619a4b299
Author: Dr. Stephen Henson 
Date:   Sat Sep 17 12:36:58 2016 +0100

Fix small OOB reads.

In ssl3_get_client_certificate, ssl3_get_server_certificate and
ssl3_get_certificate_request check we have enough room
before reading a length.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.

CVE-2016-6306

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/s3_clnt.c | 11 +++
 ssl/s3_srvr.c |  6 ++
 2 files changed, 17 insertions(+)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 36833f7..d2afaa5 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1216,6 +1216,12 @@ int ssl3_get_server_certificate(SSL *s)
 goto f_err;
 }
 for (nc = 0; nc < llen;) {
+if (nc + 3 > llen) {
+al = SSL_AD_DECODE_ERROR;
+SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+   SSL_R_CERT_LENGTH_MISMATCH);
+goto f_err;
+}
 n2l3(p, l);
 if ((l + nc + 3) > llen) {
 al = SSL_AD_DECODE_ERROR;
@@ -2171,6 +2177,11 @@ int ssl3_get_certificate_request(SSL *s)
 }
 
 for (nc = 0; nc < llen;) {
+if (nc + 2 > llen) {
+ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
+goto err;
+}
 n2s(p, l);
 if ((l + nc + 2) > llen) {
 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7c19753..01ccd5d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3220,6 +3220,12 @@ int ssl3_get_client_certificate(SSL *s)
 goto f_err;
 }
 for (nc = 0; nc < llen;) {
+if (nc + 3 > llen) {
+al = SSL_AD_DECODE_ERROR;
+SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+   SSL_R_CERT_LENGTH_MISMATCH);
+goto f_err;
+}
 n2l3(p, l);
 if ((l + nc + 3) > llen) {
 al = SSL_AD_DECODE_ERROR;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  d0cbaa2f3a36a3359ee979f0262f0ff514630509 (commit)
  from  a5e55f62975c0f978eb348763a1de0cd923f0d77 (commit)


- Log -
commit d0cbaa2f3a36a3359ee979f0262f0ff514630509
Author: Matt Caswell 
Date:   Wed Sep 14 13:27:59 2016 +0100

Fix a missing NULL check in dsa_builtin_paramgen

We should check the last BN_CTX_get() call to ensure that it isn't NULL
before we try and use any of the allocated BIGNUMs.

Issue reported by Shi Lei.

Reviewed-by: Richard Levitte 
(cherry picked from commit 1ff7425d6130380bb00d3e64739633a4b21b11a3)

---

Summary of changes:
 crypto/dsa/dsa_gen.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index f6de684..1fce0f8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -185,6 +185,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t 
qbits,
 p = BN_CTX_get(ctx);
 test = BN_CTX_get(ctx);
 
+if (test == NULL)
+goto err;
+
 if (!BN_lshift(test, BN_value_one(), bits - 1))
 goto err;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  a5e55f62975c0f978eb348763a1de0cd923f0d77 (commit)
  from  6180c0ff0c34b4029bd9d1bec519c8cbc6be4808 (commit)


- Log -
commit a5e55f62975c0f978eb348763a1de0cd923f0d77
Author: Richard Levitte 
Date:   Tue Sep 20 21:41:58 2016 +0200

RT4669: dgst can only sign/verify one file

Check arg count and print an error message.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/dgst.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/apps/dgst.c b/apps/dgst.c
index 95e5fa3..26afcd7 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -243,6 +243,11 @@ int MAIN(int argc, char **argv)
 argv++;
 }
 
+if (keyfile != NULL && argc > 1) {
+BIO_printf(bio_err, "Can only sign or verify one file\n");
+goto end;
+}
+
 if (do_verify && !sigfile) {
 BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  6180c0ff0c34b4029bd9d1bec519c8cbc6be4808 (commit)
  from  32cc4c2627e8f582d906b03abf763f682c7f96dd (commit)


- Log -
commit 6180c0ff0c34b4029bd9d1bec519c8cbc6be4808
Author: Marcus Meissner 
Date:   Tue Sep 6 11:01:21 2016 +0200

initialize the RSA struct to 0.

This helps with program code linked against static builds accessing a 
uninitialized ->engine pointer.

CLA: none; trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1540)

---

Summary of changes:
 crypto/rsa/rsa_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index a6805de..6ea6b40 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -143,6 +143,7 @@ RSA *RSA_new_method(ENGINE *engine)
 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 return NULL;
 }
+memset(ret,0,sizeof(RSA));
 
 ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  32cc4c2627e8f582d906b03abf763f682c7f96dd (commit)
  from  502fcc67cccda4d997fc121eae4f2789f50adae6 (commit)


- Log -
commit 32cc4c2627e8f582d906b03abf763f682c7f96dd
Author: Dr. Stephen Henson 
Date:   Thu Sep 15 23:49:41 2016 +0100

update default dependencies

Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Configure b/Configure
index 684e9dc..c39f71a 100755
--- a/Configure
+++ b/Configure
@@ -799,7 +799,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 
-DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE 
-DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 
-DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 
-DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
 
 # Explicit "no-..." options will be collected in %disabled along with the 
defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's 
experimental).
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  502fcc67cccda4d997fc121eae4f2789f50adae6 (commit)
  from  15c088e4cf8411ffcb2f3187942aea178cc0919c (commit)


- Log -
commit 502fcc67cccda4d997fc121eae4f2789f50adae6
Author: Matt Caswell 
Date:   Thu Sep 15 20:53:09 2016 +0100

Revert "Abort on unrecognised warning alerts"

This reverts commit 15d81749322c3498027105f8ee44e8c25479d475.

There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.

Reviewed-by: Tim Hudson 

---

Summary of changes:
 ssl/s3_pkt.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 91f0c58..df124cf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1462,13 +1462,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-return 0;
+return (0);
 #endif
-else {
-al = SSL_AD_HANDSHAKE_FAILURE;
-SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-goto f_err;
-}
 } else if (alert_level == SSL3_AL_FATAL) {
 char tmp[16];
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  15c088e4cf8411ffcb2f3187942aea178cc0919c (commit)
   via  d6d04b64f5a98ebc07b3f529830724e4fb443708 (commit)
   via  b50826727e77f2736fc2cf5b4a4f646ee0d67182 (commit)
   via  a2d2120033dcee7f9697815cf4a36a3ef8f517bb (commit)
   via  45852545470b36cf1a4eef5b574fa29f9cd55bf4 (commit)
   via  1015609ac0eecb2914b15e8579917625ca43219d (commit)
  from  d69247598991c61dfb68d4fe3b08346b02644812 (commit)


- Log -
commit 15c088e4cf8411ffcb2f3187942aea178cc0919c
Author: Richard Levitte 
Date:   Wed Sep 14 23:37:53 2016 +0200

Finally, make sure vms_term_sock.c is built

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

commit d6d04b64f5a98ebc07b3f529830724e4fb443708
Author: Richard Levitte 
Date:   Thu Sep 15 09:45:57 2016 +0200

Refactor to avoid unnecessary preprocessor logic

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

commit b50826727e77f2736fc2cf5b4a4f646ee0d67182
Author: Richard Levitte 
Date:   Wed Sep 14 20:54:30 2016 +0200

Reformat to fit OpenSSL source code standards

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

commit a2d2120033dcee7f9697815cf4a36a3ef8f517bb
Author: Richard Levitte 
Date:   Wed Sep 14 20:53:06 2016 +0200

Remove entirely unnecessary pointer size guards

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

commit 45852545470b36cf1a4eef5b574fa29f9cd55bf4
Author: Richard Levitte 
Date:   Wed Sep 14 20:52:03 2016 +0200

Add copyright and license on apps/vms_term_sock.[ch]

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

commit 1015609ac0eecb2914b15e8579917625ca43219d
Author: Richard Levitte 
Date:   Wed Aug 3 21:16:43 2016 +0200

VSI submission: redirect terminal input through socket

This is needed, because on VMS, select() can only be used on sockets.  being
able to use select() on all kinds of file descriptors is unique to Unix.

So, the solution for VMS is to create a layer that translates input from
standard input to socket communication.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/apps.c  |  39 +++-
 apps/apps.h  |   2 +
 apps/makeapps.com|   2 +-
 apps/s_client.c  |  23 +-
 apps/s_server.c  |  18 +-
 apps/vms_term_sock.c | 590 +++
 apps/vms_term_sock.h |  30 +++
 7 files changed, 685 insertions(+), 19 deletions(-)
 create mode 100755 apps/vms_term_sock.c
 create mode 100755 apps/vms_term_sock.h

diff --git a/apps/apps.c b/apps/apps.c
index 08ddbc4..44d8afa 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -3198,6 +3198,36 @@ int app_isdir(const char *name)
 #endif
 
 /* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+TerminalSocket (TERM_SOCK_DELETE, _sock);
+}
+
+int fileno_stdin(void)
+{
+if (stdin_sock == -1) {
+TerminalSocket(TERM_SOCK_CREATE, _sock);
+atexit(close_stdin_sock);
+}
+
+return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+return fileno(stdout);
+}
+
 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
 int raw_read_stdin(void *buf, int siz)
 {
@@ -3207,10 +3237,15 @@ int raw_read_stdin(void *buf, int siz)
 else
 return (-1);
 }
+#elif defined(__VMS)
+int raw_read_stdin(void *buf, int siz)
+{
+return recv(fileno_stdin(), buf, siz, 0);
+}
 #else
 int raw_read_stdin(void *buf, int siz)
 {
-return read(fileno(stdin), buf, siz);
+return read(fileno_stdin(), buf, siz);
 }
 #endif
 
@@ -3226,6 +3261,6 @@ int raw_write_stdout(const void *buf, int siz)
 #else
 int raw_write_stdout(const void *buf, int siz)
 {
-return write(fileno(stdout), buf, siz);
+return write(fileno_stdout(), buf, siz);
 }
 #endif
diff --git a/apps/apps.h b/apps/apps.h
index 19bf5cc..c6c3881 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -375,6 +375,8 @@ void store_setup_crl_download(X509_STORE *st);
 # define SERIAL_RAND_BITS64
 
 int app_isdir(const char *);
+int fileno_stdin(void);
+int fileno_stdout(void);
 int raw_read_stdin(void *, int);
 int raw_write_stdout(const void *, int);
 
diff --git a/apps/makeapps.com b/apps/makeapps.com
index 47457af..97dff41 100644
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -186,7 +186,7 @@ $ LIB_OPENSSL = 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  d69247598991c61dfb68d4fe3b08346b02644812 (commit)
   via  ea060e026dd29ea0eaf66ad8686f966c8c81eb7f (commit)
  from  b05f231cd97d80a2a46b6f4d0b145e84c729c39b (commit)


- Log -
commit d69247598991c61dfb68d4fe3b08346b02644812
Author: Dr. Stephen Henson 
Date:   Wed Sep 14 23:42:55 2016 +0100

Fix memory leak on realloc error.

Backport leak fix from master branch.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting this bug.

Reviewed-by: Rich Salz 

commit ea060e026dd29ea0eaf66ad8686f966c8c81eb7f
Author: Dr. Stephen Henson 
Date:   Wed Sep 14 23:54:12 2016 +0100

Fix memory leak on error.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting this bug.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/ssl_asn1.c | 3 +++
 ssl/ssl_rsa.c  | 9 ++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 35cc27c..499f0e8 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -527,6 +527,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const 
unsigned char **pp,
 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
 c.error = SSL_R_BAD_LENGTH;
 c.line = __LINE__;
+OPENSSL_free(os.data);
+os.data = NULL;
+os.length = 0;
 goto err;
 } else {
 ret->sid_ctx_length = os.length;
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 8202247..f679801 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -912,6 +912,8 @@ static int serverinfo_process_buffer(const unsigned char 
*serverinfo,
 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length)
 {
+unsigned char *new_serverinfo;
+
 if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER);
 return 0;
@@ -928,12 +930,13 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned 
char *serverinfo,
 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
 return 0;
 }
-ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
- serverinfo_length);
-if (ctx->cert->key->serverinfo == NULL) {
+new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+ serverinfo_length);
+if (new_serverinfo == NULL) {
 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
 return 0;
 }
+ctx->cert->key->serverinfo = new_serverinfo;
 memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
 ctx->cert->key->serverinfo_length = serverinfo_length;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  b05f231cd97d80a2a46b6f4d0b145e84c729c39b (commit)
  from  68f11e82d9c19e104f34bd5186decc98566738ca (commit)


- Log -
commit b05f231cd97d80a2a46b6f4d0b145e84c729c39b
Author: Richard Levitte 
Date:   Tue Sep 6 17:39:35 2016 +0200

VMS: only use _realloc32 with /POINTER_SIZE=32

This fixes the following error when building with no particular pointer size
is specified (implied 32 bit):

static void *(*realloc_func) (void *, size_t) = realloc;
^
%CC-E-UNDECLARED, In the initializer for realloc_func, "_realloc32" is 
not declared.
at line number 93 in file DEV:[OPENSSL102.crypto]mem.c;1

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/mem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/mem.c b/crypto/mem.c
index 9c45135..06c3960 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -85,7 +85,7 @@ static void *(*malloc_ex_func) (size_t, const char *file, int 
line)
 #ifdef OPENSSL_SYS_VMS
 # if __INITIAL_POINTER_SIZE == 64
 #  define realloc _realloc64
-# else
+# elif __INITIAL_POINTER_SIZE == 32
 #  define realloc _realloc32
 # endif
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  68f11e82d9c19e104f34bd5186decc98566738ca (commit)
  from  15d81749322c3498027105f8ee44e8c25479d475 (commit)


- Log -
commit 68f11e82d9c19e104f34bd5186decc98566738ca
Author: Matt Caswell 
Date:   Thu Sep 8 14:32:27 2016 +0100

Add some sanity checks around usage of t_fromb64()

The internal SRP function t_fromb64() converts from base64 to binary. It
does not validate that the size of the destination is sufficiently large -
that is up to the callers. In some places there was such a check, but not
in others.

Add an argument to t_fromb64() to provide the size of the destination
buffer and validate that we don't write too much data. Also add some sanity
checks to the callers where appropriate.

With thanks to Shi Lei for reporting this issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit 73f0df8331910d6726d45ecaab12bd93cc48b4e2)

---

Summary of changes:
 crypto/srp/srp_vfy.c | 36 +++-
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index af557a1..a8ec52a 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -80,7 +80,7 @@ static char b64table[] =
 /*
  * Convert a base64 string into raw byte array representation.
  */
-static int t_fromb64(unsigned char *a, const char *src)
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 {
 char *loc;
 int i, j;
@@ -89,6 +89,9 @@ static int t_fromb64(unsigned char *a, const char *src)
 while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
 ++src;
 size = strlen(src);
+if (alen > INT_MAX || size > (int)alen)
+return -1;
+
 i = 0;
 while (i < size) {
 loc = strchr(b64table, src[i]);
@@ -231,13 +234,25 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const 
char *s,
 unsigned char tmp[MAX_LEN];
 int len;
 
-if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
+vinfo->v = NULL;
+vinfo->s = NULL;
+
+len = t_fromb64(tmp, sizeof(tmp), v);
+if (len < 0)
 return 0;
-len = t_fromb64(tmp, v);
 if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
 return 0;
-len = t_fromb64(tmp, s);
-return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
+len = t_fromb64(tmp, sizeof(tmp), s);
+if (len < 0)
+goto err;
+vinfo->s = BN_bin2bn(tmp, len, NULL);
+if (vinfo->s == NULL)
+goto err;
+return 1;
+ err:
+BN_free(vinfo->v);
+vinfo->v = NULL;
+return 0;
 }
 
 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
@@ -307,10 +322,13 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch)
 if (newgN == NULL)
 return NULL;
 
+len = t_fromb64(tmp, sizeof(tmp), ch);
+if (len < 0)
+goto err;
+
 if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
 goto err;
 
-len = t_fromb64(tmp, ch);
 if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
 return newgN;
 
@@ -580,10 +598,10 @@ char *SRP_create_verifier(const char *user, const char 
*pass, char **salt,
 goto err;
 
 if (N) {
-if (!(len = t_fromb64(tmp, N)))
+if (!(len = t_fromb64(tmp, sizeof(tmp), N)))
 goto err;
 N_bn = BN_bin2bn(tmp, len, NULL);
-if (!(len = t_fromb64(tmp, g)))
+if (!(len = t_fromb64(tmp, sizeof(tmp), g)))
 goto err;
 g_bn = BN_bin2bn(tmp, len, NULL);
 defgNid = "*";
@@ -602,7 +620,7 @@ char *SRP_create_verifier(const char *user, const char 
*pass, char **salt,
 
 s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
 } else {
-if (!(len = t_fromb64(tmp2, *salt)))
+if (!(len = t_fromb64(tmp2, sizeof(tmp2), *salt)))
 goto err;
 s = BN_bin2bn(tmp2, len, NULL);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  15d81749322c3498027105f8ee44e8c25479d475 (commit)
  from  204fb53895618672120474bac194269c0f837632 (commit)


- Log -
commit 15d81749322c3498027105f8ee44e8c25479d475
Author: Matt Caswell 
Date:   Mon Sep 12 11:04:51 2016 +0100

Abort on unrecognised warning alerts

A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.

Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/s3_pkt.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index df124cf..91f0c58 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1462,8 +1462,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-return (0);
+return 0;
 #endif
+else {
+al = SSL_AD_HANDSHAKE_FAILURE;
+SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+goto f_err;
+}
 } else if (alert_level == SSL3_AL_FATAL) {
 char tmp[16];
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  204fb53895618672120474bac194269c0f837632 (commit)
  from  5ecb5467b6960ab41b8f8b45f9380fcba74c3ed8 (commit)


- Log -
commit 204fb53895618672120474bac194269c0f837632
Author: Richard Levitte 
Date:   Mon Sep 12 16:29:39 2016 +0200

Add enginesdir to libcrypto.pc pkg-config file

Reviewed-by: Rich Salz 

---

Summary of changes:
 Makefile.org | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile.org b/Makefile.org
index bda6c09..2377f50 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -368,6 +368,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
+   echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  5ecb5467b6960ab41b8f8b45f9380fcba74c3ed8 (commit)
  from  373a56139f910c3ef08f6df2d48ad954a5c3a0f4 (commit)


- Log -
commit 5ecb5467b6960ab41b8f8b45f9380fcba74c3ed8
Author: Dr. Stephen Henson 
Date:   Thu Sep 8 15:10:32 2016 +0100

Fix memory leak on error.

Backport leak fix from master branch.

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/x509/x509spki.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
index 2df84ea..5ae5d30 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -112,6 +112,8 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
 der_spki = OPENSSL_malloc(der_len);
 b64_str = OPENSSL_malloc(der_len * 2);
 if (!der_spki || !b64_str) {
+OPENSSL_free(der_spki);
+OPENSSL_free(b64_str);
 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
 return NULL;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  373a56139f910c3ef08f6df2d48ad954a5c3a0f4 (commit)
  from  20d402a38e4d0b0e4b6ffc540ab7c756b39f3904 (commit)


- Log -
commit 373a56139f910c3ef08f6df2d48ad954a5c3a0f4
Author: Rich Salz 
Date:   Fri Sep 9 12:17:47 2016 -0400

Make update

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 test/Makefile | 37 ++---
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/test/Makefile b/test/Makefile
index bda1899..8f272ef 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -594,25 +594,24 @@ asn1test.o: ../include/openssl/sha.h 
../include/openssl/stack.h
 asn1test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 asn1test.o: ../include/openssl/x509_vfy.h asn1test.c
 bad_dtls_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-bad_dtls_test.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-bad_dtls_test.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-bad_dtls_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-bad_dtls_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-bad_dtls_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bad_dtls_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-bad_dtls_test.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-bad_dtls_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bad_dtls_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bad_dtls_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-bad_dtls_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-bad_dtls_test.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-bad_dtls_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bad_dtls_test.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-bad_dtls_test.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-bad_dtls_test.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-bad_dtls_test.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-bad_dtls_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-bad_dtls_test.o: bad_dtls_test.c
+bad_dtls_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+bad_dtls_test.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+bad_dtls_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+bad_dtls_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+bad_dtls_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+bad_dtls_test.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+bad_dtls_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+bad_dtls_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bad_dtls_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bad_dtls_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+bad_dtls_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+bad_dtls_test.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+bad_dtls_test.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+bad_dtls_test.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+bad_dtls_test.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+bad_dtls_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+bad_dtls_test.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+bad_dtls_test.o: ../include/openssl/x509_vfy.h bad_dtls_test.c
 bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
 bftest.o: ../include/openssl/opensslconf.h bftest.c
 bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  20d402a38e4d0b0e4b6ffc540ab7c756b39f3904 (commit)
  from  8195a8691108d89fbb0dd11599154067009d10d6 (commit)


- Log -
commit 20d402a38e4d0b0e4b6ffc540ab7c756b39f3904
Author: Richard Levitte 
Date:   Thu Sep 8 23:39:26 2016 +0200

If errno is ENXIO in BSS_new_file(), set BIO_R_NO_SUCH_FILE

VMS sets that errno when the device part of a file spec is malformed
or a logical name that doesn't exist.

Reviewed-by: Rich Salz 
(cherry picked from commit e82e2186e93e9a678dd8c0c5ba084d21d27d4d62)

---

Summary of changes:
 crypto/bio/bss_file.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index bfba93e..a6e3b3a 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -174,7 +174,11 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 if (file == NULL) {
 SYSerr(SYS_F_FOPEN, get_last_sys_error());
 ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
-if (errno == ENOENT)
+if (errno == ENOENT
+# ifdef ENXIO
+|| errno == ENXIO
+# endif
+)
 BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
 else
 BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  3f1014960353af29a05a7b5dac40afd30d4f9bb3 (commit)
  from  2a20b6d9731488bcb500e58a434375f59fb9adcc (commit)


- Log -
commit 3f1014960353af29a05a7b5dac40afd30d4f9bb3
Author: Rich Salz 
Date:   Mon Sep 5 18:08:43 2016 -0400

Misc BN fixes

Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: 
https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
Ensure |BN_div| never gives negative zero in the no_branch code.

Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
don't have negative zeros lying around.

Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte 
(cherry picked from commit 01c09f9fde5793e0b3712d602b02e2aed4908e8d)
(Some manual work required)

---

Summary of changes:
 crypto/bn/bn.h   |  2 ++
 crypto/bn/bn_print.c | 23 +--
 crypto/bn/bn_rand.c  | 13 -
 doc/crypto/BN_bn2bin.pod |  4 +++-
 doc/crypto/BN_rand.pod   |  6 +-
 5 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 86264ae..633d1b1 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -842,6 +842,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
 if (*(ftl--)) break; \
 (a)->top = tmp_top; \
 } \
+if ((a)->top == 0) \
+(a)->neg = 0; \
 bn_pollute(a); \
 }
 
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index a9ff271..f121fb6 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -72,12 +72,9 @@ char *BN_bn2hex(const BIGNUM *a)
 char *buf;
 char *p;
 
-if (a->neg && BN_is_zero(a)) {
-/* "-0" == 3 bytes including NULL terminator */
-buf = OPENSSL_malloc(3);
-} else {
-buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
-}
+if (BN_is_zero(a))
+return OPENSSL_strdup("0");
+buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
 if (buf == NULL) {
 BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
 goto err;
@@ -244,10 +241,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
 }
 ret->top = h;
 bn_correct_top(ret);
-ret->neg = neg;
 
 *bn = ret;
 bn_check_top(ret);
+/* Don't set the negative flag if it's zero. */
+if (ret->top != 0)
+ret->neg = neg;
 return (num);
  err:
 if (*bn == NULL)
@@ -299,7 +298,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
 if (j == BN_DEC_NUM)
 j = 0;
 l = 0;
-while (*a) {
+while (--i >= 0) {
 l *= 10;
 l += *a - '0';
 a++;
@@ -310,11 +309,13 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
 j = 0;
 }
 }
-ret->neg = neg;
 
 bn_correct_top(ret);
 *bn = ret;
 bn_check_top(ret);
+/* Don't set the negative flag if it's zero. */
+if (ret->top != 0)
+ret->neg = neg;
 return (num);
  err:
 if (*bn == NULL)
@@ -325,6 +326,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
 int BN_asc2bn(BIGNUM **bn, const char *a)
 {
 const char *p = a;
+
 if (*p == '-')
 p++;
 
@@ -335,7 +337,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
 if (!BN_dec2bn(bn, p))
 return 0;
 }
-if (*a == '-')
+/* Don't set the negative flag if it's zero. */
+if (*a == '-' && (*bn)->top != 0)
 (*bn)->neg = 1;
 return 1;
 }
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 2266d22..60d3f22 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -121,15 +121,14 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, 
int top, int bottom)
 int ret = 0, bit, bytes, mask;
 time_t tim;
 
-if (bits < 0 || (bits == 1 && top > 0)) {
-BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
-return 0;
-}
-
 if (bits == 0) {
+if (top != -1 || bottom != 0)
+goto toosmall;
 BN_zero(rnd);
 return 1;
 }
+if (bits < 0 || (bits == 1 && top > 0))
+goto toosmall;
 
 bytes = (bits + 7) / 8;
 bit = (bits - 1) % 8;
@@ -195,6 +194,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, 
int top, int bottom)
 }
 bn_check_top(rnd);
 return (ret);
+
+toosmall:
+BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+return 0;
 }
 
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
index a4b17ca..3bed47f 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  2a20b6d9731488bcb500e58a434375f59fb9adcc (commit)
  from  7c59fbfb26bd59ec173fb109cc6476988a31b165 (commit)


- Log -
commit 2a20b6d9731488bcb500e58a434375f59fb9adcc
Author: Andy Polyakov 
Date:   Sat Aug 27 20:47:57 2016 +0200

crypto/bn/*: x86[_64] division instruction doesn't handle constants, change 
constraint from 'g' to 'r'.

Reviewed-by: Rich Salz 
Reviewed-by: Tim Hudson 
(cherry picked from commit 68b4a6e91f5acd42489bb9d1c580acc5ae457cad)

---

Summary of changes:
 crypto/bn/asm/x86_64-gcc.c | 2 +-
 crypto/bn/bn_div.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
index d77dc43..1729b47 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -194,7 +194,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 BN_ULONG ret, waste;
 
  asm("divq  %4":"=a"(ret), "=d"(waste)
- : "a"(l), "d"(h), "g"(d)
+ : "a"(l), "d"(h), "r"(d)
  : "cc");
 
 return ret;
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 72e6ce3..bc37671 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -155,7 +155,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const 
BIGNUM *d,
 ({  asm volatile (  \
 "divl   %4" \
 : "=a"(q), "=d"(rem)\
-: "a"(n1), "d"(n0), "g"(d0) \
+: "a"(n1), "d"(n0), "r"(d0) \
 : "cc");\
 q;  \
 })
@@ -170,7 +170,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const 
BIGNUM *d,
 ({  asm volatile (  \
 "divq   %4" \
 : "=a"(q), "=d"(rem)\
-: "a"(n1), "d"(n0), "g"(d0) \
+: "a"(n1), "d"(n0), "r"(d0) \
 : "cc");\
 q;  \
 })
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  7c59fbfb26bd59ec173fb109cc6476988a31b165 (commit)
  from  7fb82d06746f7503323a7846448e095bf8f5ef9e (commit)


- Log -
commit 7c59fbfb26bd59ec173fb109cc6476988a31b165
Author: Matt Caswell 
Date:   Tue Aug 30 15:06:01 2016 +0100

Ensure the CertStatus message adds a DTLS message header where needed

The function tls_construct_cert_status() is called by both TLS and DTLS
code. However it only ever constructed a TLS message header for the message
which obviously failed in DTLS.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/s3_srvr.c | 21 +
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5eff98..7c19753 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3504,37 +3504,34 @@ int ssl3_send_cert_status(SSL *s)
 {
 if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
 unsigned char *p;
+size_t msglen;
+
 /*-
  * Grow buffer if need be: the length calculation is as
- * follows 1 (message type) + 3 (message length) +
+ * follows handshake_header_length +
  * 1 (ocsp response type) + 3 (ocsp response length)
  * + (ocsp response)
  */
-if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) {
+msglen = 4 + s->tlsext_ocsp_resplen;
+if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) {
 s->state = SSL_ST_ERR;
 return -1;
 }
 
-p = (unsigned char *)s->init_buf->data;
+p = ssl_handshake_start(s);
 
-/* do the header */
-*(p++) = SSL3_MT_CERTIFICATE_STATUS;
-/* message length */
-l2n3(s->tlsext_ocsp_resplen + 4, p);
 /* status type */
 *(p++) = s->tlsext_status_type;
 /* length of OCSP response */
 l2n3(s->tlsext_ocsp_resplen, p);
 /* actual response */
 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-/* number of bytes to write */
-s->init_num = 8 + s->tlsext_ocsp_resplen;
-s->state = SSL3_ST_SW_CERT_STATUS_B;
-s->init_off = 0;
+
+ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen);
 }
 
 /* SSL3_ST_SW_CERT_STATUS_B */
-return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+return (ssl_do_write(s));
 }
 
 # ifndef OPENSSL_NO_NEXTPROTONEG
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  7fb82d06746f7503323a7846448e095bf8f5ef9e (commit)
  from  06a549c435d6095b33d78f136904c5fc2f7bcf24 (commit)


- Log -
commit 7fb82d06746f7503323a7846448e095bf8f5ef9e
Author: Matt Caswell 
Date:   Fri Aug 26 15:14:24 2016 +0100

SRP_create_verifier does not check for NULL before OPENSSL_cleanse

OPENSSL_cleanse() does not validate its input parameter for NULL so
SRP_create_verifier() should do so instead. Otherwise a segfault will
result.

Alternative solution to GitHub PR#1006

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/srp/srp_vfy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 986babf..af557a1 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -635,7 +635,8 @@ char *SRP_create_verifier(const char *user, const char 
*pass, char **salt,
 BN_free(N_bn);
 BN_free(g_bn);
 }
-OPENSSL_cleanse(vf, vfsize);
+if (vf != NULL)
+OPENSSL_cleanse(vf, vfsize);
 OPENSSL_free(vf);
 BN_clear_free(s);
 BN_clear_free(v);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  06a549c435d6095b33d78f136904c5fc2f7bcf24 (commit)
  from  a404656a8b40d9f1172e5e330f7e2d9d87cabab8 (commit)


- Log -
commit 06a549c435d6095b33d78f136904c5fc2f7bcf24
Author: Richard Levitte 
Date:   Fri Aug 26 09:59:55 2016 +0200

Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c

The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

(partly cherry picked from commit 216e8d91033d237880cff7da0d02d46d47bae41b)

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 Configure   | 9 -
 crypto/evp/e_rc4_hmac_md5.c | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Configure b/Configure
index 695b37d..684e9dc 100755
--- a/Configure
+++ b/Configure
@@ -1558,8 +1558,15 @@ $cpuid_obj="mem_clr.o"   unless ($cpuid_obj =~ /\.o$/);
 $des_obj=$des_enc  unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_encunless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_encunless ($cast_obj =~ /\.o$/);
-$rc4_obj=$rc4_enc  unless ($rc4_obj =~ /\.o$/);
 $rc5_obj=$rc5_enc  unless ($rc5_obj =~ /\.o$/);
+if ($rc4_obj =~ /\.o$/)
+   {
+   $cflags.=" -DRC4_ASM";
+   }
+else
+   {
+   $rc4_obj=$rc4_enc;
+   }
 if ($sha1_obj =~ /\.o$/)
{
 #  $sha1_obj=$sha1_enc;
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index ba5979d..5e92855 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -99,7 +99,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
 return 1;
 }
 
-# if !defined(OPENSSL_NO_ASM) && ( \
+# if defined(RC4_ASM) && defined(MD5_ASM) && (\
 defined(__x86_64)   || defined(__x86_64__)  || \
 defined(_M_AMD64)   || defined(_M_X64)  || \
 defined(__INTEL__)  ) && \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  a404656a8b40d9f1172e5e330f7e2d9d87cabab8 (commit)
  from  50c30153d3fe887d0f6c8c0514bc825c4f3dec6a (commit)


- Log -
commit a404656a8b40d9f1172e5e330f7e2d9d87cabab8
Author: FdaSilvaYY 
Date:   Tue Apr 5 00:33:41 2016 +0200

Fix a few leaks in X509_REQ_to_X509.
Fix a possible leak on NETSCAPE_SPKI_verify failure.

Backport of 0517538d1a39bc
Backport of f6c006ea76304a

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/ca.c  |  1 +
 crypto/x509/x509_r2x.c | 14 +-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 8a3c1e5..a0ec583 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2305,6 +2305,7 @@ static int certify_spkac(X509 **xret, char *infile, 
EVP_PKEY *pkey,
 
 j = NETSCAPE_SPKI_verify(spki, pktmp);
 if (j <= 0) {
+EVP_PKEY_free(pktmp);
 BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
 goto err;
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 0ff439c..2879569 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -70,10 +70,12 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY 
*pkey)
 X509 *ret = NULL;
 X509_CINF *xi = NULL;
 X509_NAME *xn;
+EVP_PKEY *pubkey = NULL;
+int res;
 
 if ((ret = X509_new()) == NULL) {
 X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
-goto err;
+return NULL;
 }
 
 /* duplicate the request */
@@ -89,9 +91,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 }
 
 xn = X509_REQ_get_subject_name(r);
-if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+if (X509_set_subject_name(ret, xn) == 0)
 goto err;
-if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+if (X509_set_issuer_name(ret, xn) == 0)
 goto err;
 
 if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
@@ -100,9 +102,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY 
*pkey)
 NULL)
 goto err;
 
-X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
+pubkey = X509_REQ_get_pubkey(r);
+res = X509_set_pubkey(ret, pubkey);
+EVP_PKEY_free(pubkey);
 
-if (!X509_sign(ret, pkey, EVP_md5()))
+if (!res || !X509_sign(ret, pkey, EVP_md5()))
 goto err;
 if (0) {
  err:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  50c30153d3fe887d0f6c8c0514bc825c4f3dec6a (commit)
   via  ba30f1a070d5824fcee19bdcceb4eb3228e397e9 (commit)
   via  df426c06919e9d30fa9b226c15d24a25c2b90c93 (commit)
  from  847fe929108da550b506594f52fa1875ea815723 (commit)


- Log -
commit 50c30153d3fe887d0f6c8c0514bc825c4f3dec6a
Author: David Woodhouse 
Date:   Wed Aug 3 18:25:07 2016 +0100

Add basic test for Cisco DTLS1_BAD_VER and record replay handling

(Modified for 1.0.2 by adding selected PACKET_xx() functions and PRF, and
subsequent cleanup from commit eb633d03fe2db3666840dee8d0a2dbe491672dfc)

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
(cherry picked from commit 40425899200a3dea9ec3684d3eb80bcf50c99baf)

commit ba30f1a070d5824fcee19bdcceb4eb3228e397e9
Author: David Woodhouse 
Date:   Tue Aug 2 22:54:46 2016 +0100

Fix ubsan 'left shift of negative value -1' error in satsub64be()

Baroque, almost uncommented code triggers behaviour which is undefined
by the C standard. You might quite reasonably not care that the code was
broken on ones-complement machines, but if we support a ubsan build then
we need to at least pretend to care.

It looks like the special-case code for 64-bit big-endian is going to
behave differently (and wrongly) on wrap-around, because it treats the
values as signed. That seems wrong, and allows replay and other attacks.
Surely you need to renegotiate and start a new epoch rather than
wrapping around to sequence number zero again?

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
(cherry picked from commit 2e94723c1b5d8ab974645e83de90b248265af3cd)

commit df426c06919e9d30fa9b226c15d24a25c2b90c93
Author: David Woodhouse 
Date:   Fri Jul 8 20:46:07 2016 +0100

Fix SSL_export_keying_material() for DTLS1_BAD_VER

Commit d8e8590e ("Fix missing return value checks in SCTP") made the
DTLS handshake fail, even for non-SCTP connections, if
SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.

Apply the trivial fix to make it succeed, since there's no real reason
why it shouldn't even though we never need it.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
(cherry picked from commit c8a18468caef4d62778381be0acdadc8a88d6e51)

---

Summary of changes:
 ssl/Makefile|   2 +-
 ssl/bad_dtls_test.c | 923 
 ssl/d1_pkt.c|  61 ++--
 ssl/ssl_lib.c   |   2 +-
 test/Makefile   |  39 ++-
 5 files changed, 1002 insertions(+), 25 deletions(-)
 create mode 100644 ssl/bad_dtls_test.c

diff --git a/ssl/Makefile b/ssl/Makefile
index 775d8ec..dd12962 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -15,7 +15,7 @@ KRB5_INCLUDES=
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c
+TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c 
bad_dtls_test.c
 APPS=
 
 LIB=$(TOP)/libssl.a
diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c
new file mode 100644
index 000..d42817f
--- /dev/null
+++ b/ssl/bad_dtls_test.c
@@ -0,0 +1,923 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Unit test for Cisco DTLS1_BAD_VER session resume, as used by
+ * AnyConnect VPN protocol.
+ *
+ * This is designed to exercise the code paths in
+ * http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/dtls.c
+ * which have frequently been affected by regressions in DTLS1_BAD_VER
+ * support.
+ *
+ * Note that unlike other SSL tests, we don't test against our own SSL
+ * server method. Firstly because we don't have one; we *only* support
+ * DTLS1_BAD_VER as a client. And secondly because even if that were
+ * fixed up it's the wrong thing to test against — because if changes
+ * are made in generic DTLS code which don't take DTLS1_BAD_VER into
+ * account, there's plenty of scope for making those changes such that
+ * they break *both* the client and the server in the same way.
+ *
+ * So we handle the server side manually. In a session resume there isn't
+ * much to be done anyway.
+ */
+#include 
+
+/* On Windows this will include  and thus it needs to be
+ * included *before* anything that includes . Ick. */

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  3953bf53dac62bf8d2e5ebeabc94df388576a8ce (commit)
   via  09f0535681cfa32a137707b61ad94e06b5f2b476 (commit)
   via  e76cf5c06df8bfd2481996edef283ac449774048 (commit)
  from  1f61e8f07a21e033c8fd85ff578d6354a84f2dba (commit)


- Log -
commit 3953bf53dac62bf8d2e5ebeabc94df388576a8ce
Author: Andy Polyakov 
Date:   Wed Aug 24 17:13:09 2016 +0200

ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize 
cmovb.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(cherry picked from commit d3034d31e7c04b334dd245504dd4f56e513ca115)

commit 09f0535681cfa32a137707b61ad94e06b5f2b476
Author: Andy Polyakov 
Date:   Fri Aug 19 23:16:04 2016 +0200

ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.

RT#4625

Reviewed-by: Rich Salz 
(cherry picked from commit e3057a57caf4274ea1fb074518e4714059dfcabf)

commit e76cf5c06df8bfd2481996edef283ac449774048
Author: Andy Polyakov 
Date:   Sat Aug 20 22:04:21 2016 +0200

ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.

Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz 
(cherry picked from commit b62b2454fadfccaf5e055a1810d72174c2633b8f)

---

Summary of changes:
 crypto/ec/asm/ecp_nistz256-x86_64.pl | 139 ++-
 crypto/ec/ecp_nistz256.c |  88 --
 2 files changed, 134 insertions(+), 93 deletions(-)

diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl 
b/crypto/ec/asm/ecp_nistz256-x86_64.pl
index 7140860..7948bf7 100755
--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -128,6 +128,7 @@ ecp_nistz256_mul_by_2:
push%r13
 
mov 8*0($a_ptr), $a0
+   xor $t4,$t4
mov 8*1($a_ptr), $a1
add $a0, $a0# a0:a3+a0:a3
mov 8*2($a_ptr), $a2
@@ -138,7 +139,7 @@ ecp_nistz256_mul_by_2:
adc $a2, $a2
adc $a3, $a3
 mov$a1, $t1
-   sbb $t4, $t4
+   adc \$0, $t4
 
sub 8*0($a_ptr), $a0
 mov$a2, $t2
@@ -146,14 +147,14 @@ ecp_nistz256_mul_by_2:
sbb 8*2($a_ptr), $a2
 mov$a3, $t3
sbb 8*3($a_ptr), $a3
-   test$t4, $t4
+   sbb \$0, $t4
 
-   cmovz   $t0, $a0
-   cmovz   $t1, $a1
+   cmovc   $t0, $a0
+   cmovc   $t1, $a1
mov $a0, 8*0($r_ptr)
-   cmovz   $t2, $a2
+   cmovc   $t2, $a2
mov $a1, 8*1($r_ptr)
-   cmovz   $t3, $a3
+   cmovc   $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
 
@@ -250,12 +251,12 @@ ecp_nistz256_mul_by_3:
sbb \$0, $a2
 mov$a3, $t3
sbb .Lpoly+8*3(%rip), $a3
-   test$t4, $t4
+   sbb \$0, $t4
 
-   cmovz   $t0, $a0
-   cmovz   $t1, $a1
-   cmovz   $t2, $a2
-   cmovz   $t3, $a3
+   cmovc   $t0, $a0
+   cmovc   $t1, $a1
+   cmovc   $t2, $a2
+   cmovc   $t3, $a3
 
xor $t4, $t4
add 8*0($a_ptr), $a0# a0:a3+=a_ptr[0:3]
@@ -272,14 +273,14 @@ ecp_nistz256_mul_by_3:
sbb \$0, $a2
 mov$a3, $t3
sbb .Lpoly+8*3(%rip), $a3
-   test$t4, $t4
+   sbb \$0, $t4
 
-   cmovz   $t0, $a0
-   cmovz   $t1, $a1
+   cmovc   $t0, $a0
+   cmovc   $t1, $a1
mov $a0, 8*0($r_ptr)
-   cmovz   $t2, $a2
+   cmovc   $t2, $a2
mov $a1, 8*1($r_ptr)
-   cmovz   $t3, $a3
+   cmovc   $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
 
@@ -318,14 +319,14 @@ ecp_nistz256_add:
sbb 8*2($a_ptr), $a2
 mov$a3, $t3
sbb 8*3($a_ptr), $a3
-   test$t4, $t4
+   sbb \$0, $t4
 
-   cmovz   $t0, $a0
-   cmovz   $t1, $a1
+   cmovc   $t0, $a0
+   cmovc   $t1, $a1
mov $a0, 8*0($r_ptr)
-   cmovz   $t2, $a2
+   cmovc   $t2, $a2
mov $a1, 8*1($r_ptr)
-   cmovz   $t3, $a3
+   cmovc   $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
 
@@ -1840,13 +1841,14 @@ $code.=<<___;
 .type  __ecp_nistz256_add_toq,\@abi-omnipotent
 .align 32
 __ecp_nistz256_add_toq:
+   xor $t4,$t4
add 8*0($b_ptr), $a0
adc 8*1($b_ptr), $a1
 mov$a0, $t0
adc 8*2($b_ptr), $a2
adc 8*3($b_ptr), $a3
 mov$a1, $t1
-   sbb $t4, $t4
+   adc \$0, $t4
 
sub \$-1, $a0
 mov  

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  1f61e8f07a21e033c8fd85ff578d6354a84f2dba (commit)
  from  1027ad4f34c30b8585592764b9a670ba36888269 (commit)


- Log -
commit 1f61e8f07a21e033c8fd85ff578d6354a84f2dba
Author: Todd Short 
Date:   Thu May 26 13:49:36 2016 -0400

Always use session_ctx when removing a session

Sessions are stored on the session_ctx, which doesn't change after
SSL_set_SSL_CTX().

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/d1_pkt.c   | 2 +-
 ssl/s3_pkt.c   | 4 ++--
 ssl/ssl_sess.c | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 811276b..5fea537 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1251,7 +1251,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
 ERR_add_error_data(2, "SSL alert number ", tmp);
 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-SSL_CTX_remove_session(s->ctx, s->session);
+SSL_CTX_remove_session(s->session_ctx, s->session);
 return (0);
 } else {
 al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3798902..df124cf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1473,7 +1473,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, 
int len, int peek)
 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
 ERR_add_error_data(2, "SSL alert number ", tmp);
 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-SSL_CTX_remove_session(s->ctx, s->session);
+SSL_CTX_remove_session(s->session_ctx, s->session);
 return (0);
 } else {
 al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1698,7 +1698,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
 return -1;
 /* If a fatal one, remove from cache */
 if ((level == 2) && (s->session != NULL))
-SSL_CTX_remove_session(s->ctx, s->session);
+SSL_CTX_remove_session(s->session_ctx, s->session);
 
 s->s3->alert_dispatch = 1;
 s->s3->send_alert[0] = level;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 1dd6e6b..ed9855f 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1127,7 +1127,7 @@ int ssl_clear_bad_session(SSL *s)
 if ((s->session != NULL) &&
 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
 !(SSL_in_init(s) || SSL_in_before(s))) {
-SSL_CTX_remove_session(s->ctx, s->session);
+SSL_CTX_remove_session(s->session_ctx, s->session);
 return (1);
 } else
 return (0);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  1027ad4f34c30b8585592764b9a670ba36888269 (commit)
  from  0fff5065884d5ac61123a604bbcee30a53c808ff (commit)


- Log -
commit 1027ad4f34c30b8585592764b9a670ba36888269
Author: Dr. Stephen Henson 
Date:   Fri Aug 19 23:28:29 2016 +0100

Avoid overflow in MDC2_Update()

Thanks to Shi Lei for reporting this issue.

CVE-2016-6303

Reviewed-by: Matt Caswell 
(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)

---

Summary of changes:
 crypto/mdc2/mdc2dgst.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index 6615cf8..2dce493 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t 
len)
 
 i = c->num;
 if (i != 0) {
-if (i + len < MDC2_BLOCK) {
+if (len < MDC2_BLOCK - i) {
 /* partial block */
 memcpy(&(c->data[i]), in, len);
 c->num += (int)len;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  0fff5065884d5ac61123a604bbcee30a53c808ff (commit)
  from  0ec0104335eb443c6d925d6f12543fb362c6a570 (commit)


- Log -
commit 0fff5065884d5ac61123a604bbcee30a53c808ff
Author: Rich Salz 
Date:   Thu Aug 18 09:26:52 2016 -0400

SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM

Reviewed-by: Viktor Dukhovni 
Reviewed-by: Emilia Käsper 

---

Summary of changes:
 CHANGES  |  4 
 ssl/s3_lib.c | 34 +-
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/CHANGES b/CHANGES
index c3d3d7a..6502fc3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
   *)
 
+  *) In order to mitigate the SWEET32 attack (CVE-2016-2183),
+ the DES ciphers were moved from HIGH to MEDIUM.
+ [Rich Salz]
+
  Changes between 1.0.2g and 1.0.2h [3 May 2016]
 
   *) Prevent padding oracle in AES-NI CBC MAC check
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f2aaf36..0385e03 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -329,7 +329,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -382,7 +382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -434,7 +434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -487,7 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -539,7 +539,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -625,7 +625,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -712,7 +712,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -778,7 +778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_MD5,
  SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_EXP | SSL_MEDIUM,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -1728,7 +1728,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -2120,7 +2120,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -2200,7 +2200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -2280,7 +2280,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -2360,7 +2360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ -2440,7 +2440,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
  SSL_3DES,
  SSL_SHA1,
  SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
  SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
  112,
  168,
@@ 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  0ec0104335eb443c6d925d6f12543fb362c6a570 (commit)
  from  baaabfd8fdcec04a691695fad9a664bea43202b6 (commit)


- Log -
commit 0ec0104335eb443c6d925d6f12543fb362c6a570
Author: Matt Caswell 
Date:   Wed Aug 24 09:23:14 2016 +0100

Fix no-ec

Use a ciphersuite in dtlstest that is not affected by no-* options.
Backport of commit fe34735c19.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/dtlstest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/dtlstest.c b/ssl/dtlstest.c
index 94e3ef1..78ebc67 100644
--- a/ssl/dtlstest.c
+++ b/ssl/dtlstest.c
@@ -59,7 +59,7 @@ static int test_dtls_unprocessed(int testidx)
 printf("Failed configuring auto ECDH\n");
 }
 
-if (!SSL_CTX_set_cipher_list(cctx, "ECDHE-RSA-AES256-SHA384")) {
+if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) {
 printf("Failed setting cipher list\n");
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  baaabfd8fdcec04a691695fad9a664bea43202b6 (commit)
  from  3cb28d188803c7768f767f0da40bbea61449521c (commit)


- Log -
commit baaabfd8fdcec04a691695fad9a664bea43202b6
Author: Dr. Stephen Henson 
Date:   Tue Aug 23 18:14:54 2016 +0100

Sanity check ticket length.

If a ticket callback changes the HMAC digest to SHA512 the existing
sanity checks are not sufficient and an attacker could perform a DoS
attack with a malformed ticket. Add additional checks based on
HMAC size.

Thanks to Shi Lei for reporting this bug.

CVE-2016-6302

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/t1_lib.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7d322d0..fbcf2e6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3401,9 +3401,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char 
*etick,
 HMAC_CTX hctx;
 EVP_CIPHER_CTX ctx;
 SSL_CTX *tctx = s->initial_ctx;
-/* Need at least keyname + iv + some encrypted data */
-if (eticklen < 48)
-return 2;
+
 /* Initialize session ticket encryption and HMAC contexts */
 HMAC_CTX_init();
 EVP_CIPHER_CTX_init();
@@ -3437,6 +3435,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned 
char *etick,
 if (mlen < 0) {
 goto err;
 }
+/* Sanity check ticket length: must exceed keyname + IV + HMAC */
+if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length() + mlen) {
+HMAC_CTX_cleanup();
+EVP_CIPHER_CTX_cleanup();
+return 2;
+}
+
 eticklen -= mlen;
 /* Check HMAC of encrypted ticket */
 if (HMAC_Update(, etick, eticklen) <= 0
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  3cb28d188803c7768f767f0da40bbea61449521c (commit)
  from  01f879d3e3fe5bdcf290b802a3c44a2bdde2b059 (commit)


- Log -
commit 3cb28d188803c7768f767f0da40bbea61449521c
Author: Richard Levitte 
Date:   Fri Aug 19 16:53:54 2016 +0200

mk1mf: dtlstest needs ssltestlib, include it with a hack

We don't really have a mechanism to include other object files into a given
test program.  For now, a simple hack in mk1mf.pl will do.

RT#4653

Reviewed-by: Rich Salz 

---

Summary of changes:
 util/mk1mf.pl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 128a405..4eded5a 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -692,8 +692,8 @@ $rules.=_copy_rule("\$(INCL_D)",$header,"");
 $defs.=_defs("EXHEADER",$exheader,"\$(INCO_D)","");
 $rules.=_copy_rule("\$(INCO_D)",$exheader,"");
 
-$defs.=_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
-$rules.=_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+$defs.=_defs("T_OBJ","$test test${o}ssltestlib","\$(OBJ_D)",$obj);
+$rules.=_compile_rule("\$(OBJ_D)","$test 
test${o}ssltestlib","\$(APP_CFLAGS)");
 
 $defs.=_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
@@ -764,6 +764,7 @@ foreach (split(/\s+/,$test))
{
$t=($_);
$tt="\$(OBJ_D)${o}$t${obj}";
+   $tt.=" \$(OBJ_D)${o}ssltestlib${obj}" if $t eq "dtlstest";

$rules.=_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) 
\$(EX_LIBS)");
}
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  eca5174b5f448d3fc5a9401d76983ce2cf9e2194 (commit)
  from  bc894569c0a450fb7cb56ad83f91d3ef686d9141 (commit)


- Log -
commit eca5174b5f448d3fc5a9401d76983ce2cf9e2194
Author: Andy Polyakov 
Date:   Thu Aug 18 13:38:42 2016 +0200

ec/ecp_nistz256.c: get is_one on 32-bit platforms right.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/ec/ecp_nistz256.c | 37 ++---
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index ca44d0a..1459980 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -205,21 +205,29 @@ static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
 return is_zero(res);
 }
 
-static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS])
+static BN_ULONG is_one(const BIGNUM *z)
 {
-BN_ULONG res;
-
-res = a[0] ^ ONE[0];
-res |= a[1] ^ ONE[1];
-res |= a[2] ^ ONE[2];
-res |= a[3] ^ ONE[3];
-if (P256_LIMBS == 8) {
-res |= a[4] ^ ONE[4];
-res |= a[5] ^ ONE[5];
-res |= a[6] ^ ONE[6];
+BN_ULONG res = 0;
+BN_ULONG *a = z->d;
+
+if (z->top == (P256_LIMBS - P256_LIMBS / 8)) {
+res = a[0] ^ ONE[0];
+res |= a[1] ^ ONE[1];
+res |= a[2] ^ ONE[2];
+res |= a[3] ^ ONE[3];
+if (P256_LIMBS == 8) {
+res |= a[4] ^ ONE[4];
+res |= a[5] ^ ONE[5];
+res |= a[6] ^ ONE[6];
+/*
+ * no check for a[7] (being zero) on 32-bit platforms,
+ * because value of "one" takes only 7 limbs.
+ */
+}
+res = is_zero(res);
 }
 
-return is_zero(res);
+return res;
 }
 
 static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
@@ -741,9 +749,8 @@ static int ecp_nistz256_is_affine_G(const EC_POINT 
*generator)
 {
 return (generator->X.top == P256_LIMBS) &&
 (generator->Y.top == P256_LIMBS) &&
-(generator->Z.top == (P256_LIMBS - P256_LIMBS / 8)) &&
 is_equal(generator->X.d, def_xG) &&
-is_equal(generator->Y.d, def_yG) && is_one(generator->Z.d);
+is_equal(generator->Y.d, def_yG) && is_one(>Z);
 }
 
 static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
@@ -1331,7 +1338,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
 !ecp_nistz256_set_words(>Z, p.p.Z)) {
 goto err;
 }
-r->Z_is_one = is_one(p.p.Z) & 1;
+r->Z_is_one = is_one(>Z) & 1;
 
 ret = 1;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  bc894569c0a450fb7cb56ad83f91d3ef686d9141 (commit)
  from  71da19b050ba67c489b6c5f2543bf239c1947543 (commit)


- Log -
commit bc894569c0a450fb7cb56ad83f91d3ef686d9141
Author: Rich Salz 
Date:   Sun Aug 21 13:23:45 2016 -0400

Fix pointer/alloc prob from previous commit

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/ca.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/ca.c b/apps/ca.c
index 0ad7be3..8a3c1e5 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2106,9 +2106,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 tm = X509_get_notAfter(ret);
 row[DB_type] = OPENSSL_malloc(2);
 row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
+row[DB_rev_date] = OPENSSL_malloc(1);
 row[DB_file] = OPENSSL_malloc(8);
 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+(row[DB_rev_date] == NULL) ||
 (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
 goto err;
@@ -2116,7 +2118,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 
 memcpy(row[DB_exp_date], tm->data, tm->length);
 row[DB_exp_date][tm->length] = '\0';
-row[DB_rev_date] = '\0';
+row[DB_rev_date][0] = '\0';
 strcpy(row[DB_file], "unknown");
 row[DB_type][0] = 'V';
 row[DB_type][1] = '\0';
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  71da19b050ba67c489b6c5f2543bf239c1947543 (commit)
  from  061d6c25ba7cb0524756a872e92da1de2d494d68 (commit)


- Log -
commit 71da19b050ba67c489b6c5f2543bf239c1947543
Author: Rich Salz 
Date:   Sun Aug 21 12:50:05 2016 -0400

Fix incorrect return argument.

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 crypto/jpake/jpake.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
index 1815735..2ba75f0 100644
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@@ -154,7 +154,7 @@ static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
 unsigned char *bin = OPENSSL_malloc(l);
 
 if (bin == NULL)
-return NULL;
+return;
 hashlength(sha, l);
 BN_bn2bin(bn, bin);
 SHA1_Update(sha, bin, l);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  ff5537c25565ad288ef00d67120b479c615bc6d3 (commit)
  from  a03f81f4ead24c234dc26e388d86a352685f3948 (commit)


- Log -
commit ff5537c25565ad288ef00d67120b479c615bc6d3
Author: Rich Salz 
Date:   Sat Aug 13 10:47:50 2016 -0400

RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit 2a9afa4046592d44af84644cd89fe1a0d6d46889)

---

Summary of changes:
 doc/apps/cms.pod   | 3 +++
 doc/apps/smime.pod | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 4eaedbc..ac69804 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -86,6 +86,9 @@ encrypt mail for the given recipient certificates. Input file 
is the message
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is EnvelopedData.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index d5618c8..04a83ca 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -53,6 +53,9 @@ The meaning of the other options varies according to the 
operation type.
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  a03f81f4ead24c234dc26e388d86a352685f3948 (commit)
  from  66e708326524929a0e1631f8d1ef6e63c153922c (commit)


- Log -
commit a03f81f4ead24c234dc26e388d86a352685f3948
Author: Rich Salz 
Date:   Fri Aug 19 10:31:03 2016 -0400

Fix NULL-return checks in 1.0.2

RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences

Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/apps.c|  3 ++-
 apps/ca.c  | 20 
 apps/speed.c   |  4 
 crypto/asn1/asn_mime.c |  2 ++
 crypto/bio/bss_rtcp.c  |  2 ++
 crypto/conf/conf_mod.c |  4 
 crypto/engine/eng_cryptodev.c  |  6 +-
 crypto/evp/openbsd_hw.c| 22 ++
 crypto/evp/pmeth_gn.c  |  5 +
 crypto/jpake/jpake.c   |  4 
 crypto/pkcs7/pk7_doit.c|  2 ++
 crypto/ui/ui_lib.c |  2 ++
 crypto/x509/by_dir.c   |  4 
 crypto/x509v3/v3_alt.c |  2 ++
 doc/crypto/OBJ_nid2obj.pod |  4 +++-
 engines/ccgost/gost2001.c  |  6 ++
 engines/ccgost/gost2001_keyx.c |  2 ++
 engines/ccgost/gost94_keyx.c   |  2 ++
 engines/ccgost/gost_ameth.c| 14 ++
 engines/ccgost/gost_pmeth.c|  4 
 engines/e_4758cca.c|  8 
 engines/e_aep.c|  3 ++-
 engines/e_capi.c   | 13 +
 engines/e_chil.c   | 33 -
 ssl/d1_both.c  |  2 ++
 ssl/s3_clnt.c  |  4 
 ssl/s3_enc.c   |  4 
 ssl/ssl_ciph.c |  5 +
 ssl/ssl_sess.c |  4 
 ssl/t1_lib.c   |  2 ++
 30 files changed, 171 insertions(+), 21 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 0385490..08ddbc4 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -215,7 +215,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 if (arg != NULL)
 OPENSSL_free(arg);
 arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
-
+if (arg == NULL)
+return 0;
 *argv = arg;
 num = 0;
 p = buf;
diff --git a/apps/ca.c b/apps/ca.c
index 0b66095..0ad7be3 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2103,25 +2103,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 goto err;
 
 /* We now just add it to the database */
-row[DB_type] = (char *)OPENSSL_malloc(2);
-
 tm = X509_get_notAfter(ret);
-row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
-memcpy(row[DB_exp_date], tm->data, tm->length);
-row[DB_exp_date][tm->length] = '\0';
-
-row[DB_rev_date] = NULL;
-
-/* row[DB_serial] done already */
-row[DB_file] = (char *)OPENSSL_malloc(8);
+row[DB_type] = OPENSSL_malloc(2);
+row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
+row[DB_file] = OPENSSL_malloc(8);
 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
-
 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
 (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
 goto err;
 }
-BUF_strlcpy(row[DB_file], "unknown", 8);
+
+memcpy(row[DB_exp_date], tm->data, tm->length);
+row[DB_exp_date][tm->length] = '\0';
+row[DB_rev_date] = '\0';
+strcpy(row[DB_file], "unknown");
 row[DB_type][0] = 'V';
 row[DB_type][1] = '\0';
 
diff --git a/apps/speed.c b/apps/speed.c
index 95adcc1..b862868 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2614,6 +2614,10 @@ static int do_multi(int multi)
 static char sep[] = ":";
 
 fds = malloc(multi * sizeof *fds);
+if (fds == NULL) {
+fprintf(stderr, "Out of memory in speed (do_multi)\n");
+exit(1);
+}
 for (n = 0; n < multi; ++n) {
 if (pipe(fd) == -1) {
 fprintf(stderr, "pipe failure\n");
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 9fd5bef..5170906 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -623,6 +623,8 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  8a2ce3a31365f6179f126912a4df85d07a59ca85 (commit)
  from  a1be17a72f6e0fe98275dc113cddd799bf55df44 (commit)


- Log -
commit 8a2ce3a31365f6179f126912a4df85d07a59ca85
Author: Richard Levitte 
Date:   Thu Aug 18 15:42:42 2016 +0200

VMS: synchronise tests with Unix

Reviewed-by: Rich Salz 

---

Summary of changes:
 test/maketests.com |  9 +++--
 test/tests.com | 24 +---
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/test/maketests.com b/test/maketests.com
index 7e2d939..3d16443 100644
--- a/test/maketests.com
+++ b/test/maketests.com
@@ -147,9 +147,10 @@ $ TEST_FILES = 
"BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
   "MDC2TEST,RMDTEST,"+ -
   "RANDTEST,DHTEST,ENGINETEST,"+ -
   "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-  "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
+  "EVP_TEST,EVP_EXTRA_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
   "ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ -
-  "CONSTANT_TIME_TEST"
+  "CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ -
+   "CLIENTHELLOTEST,SSLV2CONFTEST"
 $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
 $!
 $! Additional directory information.
@@ -183,6 +184,7 @@ $ T_D_EXPTEST:= [-.crypto.bn]
 $ T_D_DSATEST:= [-.crypto.dsa]
 $ T_D_RSA_TEST   := [-.crypto.rsa]
 $ T_D_EVP_TEST   := [-.crypto.evp]
+$ T_D_EVP_EXTRA_TEST := [-.crypto.evp]
 $ T_D_IGETEST:= [-.test]
 $ T_D_JPAKETEST  := [-.crypto.jpake]
 $ T_D_SRPTEST:= [-.crypto.srp]
@@ -190,6 +192,9 @@ $ T_D_V3NAMETEST := [-.crypto.x509v3]
 $ T_D_ASN1TEST   := [-.test]
 $ T_D_HEARTBEAT_TEST := [-.ssl]
 $ T_D_CONSTANT_TIME_TEST := [-.crypto]
+$ T_D_VERIFY_EXTRA_TEST := [-.crypto.x509]
+$ T_D_CLIENTHELLOTEST := [-.ssl]
+$ T_D_SSLV2CONFTEST := [-.ssl]
 $!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
diff --git a/test/tests.com b/test/tests.com
index 6e1c818..9361659 100644
--- a/test/tests.com
+++ b/test/tests.com
@@ -55,9 +55,9 @@ $ tests := -
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-   test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
+   
test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,-
test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,-
-   test_constant_time
+   test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest
 $  endif
 $  tests = f$edit(tests,"COLLAPSE")
 $
@@ -92,6 +92,7 @@ $ SSLTEST :=  ssltest
 $  RSATEST :=  rsa_test
 $  ENGINETEST :=   enginetest
 $  EVPTEST :=  evp_test
+$  EVPEXTRATEST := evp_extra_test
 $  IGETEST :=  igetest
 $  JPAKETEST :=jpaketest
 $  SRPTEST :=  srptest
@@ -99,6 +100,9 @@ $V3NAMETEST :=   v3nametest
 $  ASN1TEST := asn1test
 $  HEARTBEATTEST :=heartbeat_test
 $  CONSTTIMETEST :=constant_time_test
+$  VERIFYEXTRATEST :=  verify_extra_test
+$  CLIENTHELLOTEST :=  clienthellotest
+$  SSLV2CONFTEST :=sslv2conftest
 $!
 $  tests_i = 0
 $ loop_tests:
@@ -112,6 +116,9 @@ $
 $ test_evp:
 $  mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
 $  return
+$ test_evp_extra:
+$  mcr 'texe_dir''evpextratest'
+$  return
 $ test_des:
 $  mcr 'texe_dir''destest'
 $  return
@@ -386,7 +393,18 @@ $ test_constant_time:
 $   write sys$output "Test constant time utilities"
 $   mcr 'texe_dir''consttimetest'
 $   return
-$
+$ test_verify_extra:
+$  write sys$output "''START' test_verify_extra"
+$  mcr 'texe_dir''verifyextratest'
+$   return
+$ test_clienthello:
+$  write sys$output "''START' test_clienthello"
+$  mcr 'texe_dir''clienthellotest'
+$   return
+$ test_sslv2conftest:
+$  write sys$output "''START' test_sslv2conftest"
+$  mcr 'texe_dir''sslv2conftest'
+$   return
 $
 $ exit:
 $  on error then goto exit2 ! In case openssl.exe didn't build.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  b552f32dcb9826c7d08980bc1acf52aa52abb8a1 (commit)
  from  e36f27ddb80a48e579783bc29fb3758988342b71 (commit)


- Log -
commit b552f32dcb9826c7d08980bc1acf52aa52abb8a1
Author: Dr. Stephen Henson 
Date:   Mon Aug 15 16:52:21 2016 +0100

Limit reads in do_b2i_bio()

Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz 
(cherry picked from commit 66bcba145740e4f1210499ba6e5033035a2a4647)

---

Summary of changes:
 crypto/pem/pvkfmt.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 6186446..1ce5a1e 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -127,6 +127,9 @@ static int read_lebn(const unsigned char **in, unsigned int 
nbyte, BIGNUM **r)
 # define MS_KEYTYPE_KEYX 0x1
 # define MS_KEYTYPE_SIGN 0x2
 
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH  102400
+
 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
 # define MS_PVKMAGIC 0xb0b5f11eL
 /* Salt length for PVK files */
@@ -272,6 +275,10 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
 return NULL;
 
 length = blob_length(bitlen, isdss, ispub);
+if (length > BLOB_MAX_LENGTH) {
+PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+return NULL;
+}
 buf = OPENSSL_malloc(length);
 if (!buf) {
 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  e36f27ddb80a48e579783bc29fb3758988342b71 (commit)
   via  d871284aca5524c85a6460119ac1b1e38f7e19c6 (commit)
  from  657566ead90132f68aa2c9a407c9d3920476446c (commit)


- Log -
commit e36f27ddb80a48e579783bc29fb3758988342b71
Author: Dr. Stephen Henson 
Date:   Fri Aug 5 14:26:03 2016 +0100

Check for errors in BN_bn2dec()

If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson 
(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)

Conflicts:
crypto/bn/bn_print.c

commit d871284aca5524c85a6460119ac1b1e38f7e19c6
Author: Dr. Stephen Henson 
Date:   Fri Aug 5 14:33:03 2016 +0100

Check for errors in a2d_ASN1_OBJECT()

Check for error return in BN_div_word().

Reviewed-by: Tim Hudson 
(cherry picked from commit 8b9afbc0fc7f8be0049d389d34d9416fa377e2aa)

---

Summary of changes:
 crypto/asn1/a_object.c |  8 ++--
 crypto/bn/bn_print.c   | 11 ---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index fba9f66..229a40f 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -174,8 +174,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const 
char *buf, int num)
 if (!tmp)
 goto err;
 }
-while (blsize--)
-tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+while (blsize--) {
+BN_ULONG t = BN_div_word(bl, 0x80L);
+if (t == (BN_ULONG)-1)
+goto err;
+tmp[i++] = (unsigned char)t;
+}
 } else {
 
 for (;;) {
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index bfa31ef..b44403e 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
 char *p;
 BIGNUM *t = NULL;
 BN_ULONG *bn_data = NULL, *lp;
+int bn_data_num;
 
 /*-
  * get an upper bound for the length of the decimal integer
@@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a)
  */
 i = BN_num_bits(a) * 3;
 num = (i / 10 + i / 1000 + 1) + 1;
-bn_data =
-(BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
-buf = (char *)OPENSSL_malloc(num + 3);
+bn_data_num = num / BN_DEC_NUM + 1;
+bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+buf = OPENSSL_malloc(num + 3);
 if ((buf == NULL) || (bn_data == NULL)) {
 BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
 goto err;
@@ -143,7 +144,11 @@ char *BN_bn2dec(const BIGNUM *a)
 i = 0;
 while (!BN_is_zero(t)) {
 *lp = BN_div_word(t, BN_DEC_CONV);
+if (*lp == (BN_ULONG)-1)
+goto err;
 lp++;
+if (lp - bn_data >= bn_data_num)
+goto err;
 }
 lp--;
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  657566ead90132f68aa2c9a407c9d3920476446c (commit)
  from  13bacff9aa9a457218ccdcf83224357c9464676e (commit)


- Log -
commit 657566ead90132f68aa2c9a407c9d3920476446c
Author: Andy Polyakov 
Date:   Sun Jul 31 21:19:57 2016 +0200

sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.

RT#4530

Reviewed-by: Tim Hudson 
(cherry picked from commit 7123aa81e9fb19afb11fdf3850662c5f7ff1f19c)

---

Summary of changes:
 crypto/sha/asm/sha1-x86_64.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
index 5f375fc..752138b 100755
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
@@ -372,9 +372,9 @@ $code.=<<___;
 .align 16
 .Loop_shaext:
dec $num
-   lea 0x40($inp),%rax # next input block
+   lea 0x40($inp),%r8  # next input block
paddd   @MSG[0],$E
-   cmovne  %rax,$inp
+   cmovne  %r8,$inp
movdqa  $ABCD,$ABCD_SAVE# offload $ABCD
 ___
 for($i=0;$i<20-4;$i+=2) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  13bacff9aa9a457218ccdcf83224357c9464676e (commit)
  from  e1be1dce7722ee40ced16b1b91d5e1b9fce13d08 (commit)


- Log -
commit 13bacff9aa9a457218ccdcf83224357c9464676e
Author: Dr. Stephen Henson 
Date:   Fri Aug 5 17:59:32 2016 +0100

Sanity check input length in OPENSSL_uni2asc().

Thanks to Hanno Böck for reporting this bug.

Reviewed-by: Rich Salz 
(cherry picked from commit 39a43280316f1b9c45be5ac5b04f4f5c3f923686)

Conflicts:
crypto/pkcs12/p12_utl.c

---

Summary of changes:
 crypto/pkcs12/p12_utl.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index a0b992e..e466f76 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -91,6 +91,10 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
 {
 int asclen, i;
 char *asctmp;
+
+/* string must contain an even number of bytes */
+if (unilen & 1)
+return NULL;
 asclen = unilen / 2;
 /* If no terminating zero allow for one */
 if (!unilen || uni[unilen - 1])
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits