[openssl-commits] Passed: mouse07410/openssl#57 (OpenSSL_1_0_2-stable - 4badd2b)
Build Update for mouse07410/openssl - Build: #57 Status: Passed Duration: 1 hour, 14 minutes, and 25 seconds Commit: 4badd2b (OpenSSL_1_0_2-stable) Author: David Woodhouse Message: Call ENGINE_init() before trying to use keys from engine Things like 'openssl s_client' only ever worked with keys from an engine which provided a default generic method for some key type — because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Richard LevitteReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1640) View the changeset: https://github.com/mouse07410/openssl/compare/9702bf5fa269...4badd2b3c29c View the full build log and details: https://travis-ci.org/mouse07410/openssl/builds/163454269 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0a72002993b8619fd0642d19af3364bafbd9a06c (commit) via a6972f346248fbc37e42056bb943fae0896a2967 (commit) from f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit) - Log - commit 0a72002993b8619fd0642d19af3364bafbd9a06c Author: David WoodhouseDate: Wed Sep 28 13:08:45 2016 +0100 Call ENGINE_init() before trying to use keys from engine When I said before that s_client "used to work in 1.0.2" that was only partly true. It worked for engines which provided a default generic method for some key type, because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1639) commit a6972f346248fbc37e42056bb943fae0896a2967 Author: David Woodhouse Date: Wed Sep 28 13:07:52 2016 +0100 Restore '-keyform engine' support for s_client This used to work in 1.0.2 but disappeared when the argument parsing was revamped. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1639) --- Summary of changes: apps/apps.c | 2 +- apps/s_client.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index b287748..9a58f17 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1269,7 +1269,7 @@ ENGINE *setup_engine(const char *engine, int debug) ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); } ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); -if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { +if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) { BIO_printf(bio_err, "can't use that engine\n"); ERR_print_errors(bio_err); ENGINE_free(e); diff --git a/apps/s_client.c b/apps/s_client.c index 41f6d48..10ea1f1 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -577,8 +577,8 @@ OPTIONS s_client_options[] = { {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"}, {"certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default"}, -{"key", OPT_KEY, '<', "Private key file to use, if not in -cert file"}, -{"keyform", OPT_KEYFORM, 'F', "Key format (PEM or DER) PEM default"}, +{"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"}, +{"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, @@ -1202,7 +1202,7 @@ int s_client_main(int argc, char **argv) fallback_scsv = 1; break; case OPT_KEYFORM: -if (!opt_format(opt_arg(), OPT_FMT_PEMDER, _format)) +if (!opt_format(opt_arg(), OPT_FMT_PDE, _format)) goto opthelp; break; case OPT_PASS: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6196 (master - 0a72002)
Build Update for openssl/openssl - Build: #6196 Status: Still Failing Duration: 1 hour, 15 minutes, and 22 seconds Commit: 0a72002 (master) Author: David Woodhouse Message: Call ENGINE_init() before trying to use keys from engine When I said before that s_client "used to work in 1.0.2" that was only partly true. It worked for engines which provided a default generic method for some key type, because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Rich SalzReviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1639) View the changeset: https://github.com/openssl/openssl/compare/f9b1b6644a3a...0a72002993b8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163455144 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 56e36bdaef442536681bce2a1579385c0279bec8 (commit) from 0a72002993b8619fd0642d19af3364bafbd9a06c (commit) - Log - commit 56e36bdaef442536681bce2a1579385c0279bec8 Author: Rich SalzDate: Wed Sep 28 14:40:25 2016 -0400 Revert "Call ENGINE_init() before trying to use keys from engine" This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c. This fails to call ENGINE_finish; an alternate fix is forthcoming. Reviewed-by: Dr. Stephen Henson --- Summary of changes: apps/apps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 9a58f17..b287748 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1269,7 +1269,7 @@ ENGINE *setup_engine(const char *engine, int debug) ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); } ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); -if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) { +if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { BIO_printf(bio_err, "can't use that engine\n"); ERR_print_errors(bio_err); ENGINE_free(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit) from 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit) - Log - commit a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 Author: Rich SalzDate: Wed Sep 28 14:39:32 2016 -0400 Revert "Call ENGINE_init() before trying to use keys from engine" This reverts commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d. This fails to call ENGINE_finish; an alternate fix is coming. Reviewed-by: Dr. Stephen Henson --- Summary of changes: apps/apps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 40401c1..9fdc3e0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0); } ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); -if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) { +if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { BIO_printf(err, "can't use that engine\n"); ERR_print_errors(err); ENGINE_free(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#6195 (OpenSSL_1_0_2-stable - 4badd2b)
Build Update for openssl/openssl - Build: #6195 Status: Passed Duration: 1 hour, 1 minute, and 40 seconds Commit: 4badd2b (OpenSSL_1_0_2-stable) Author: David Woodhouse Message: Call ENGINE_init() before trying to use keys from engine Things like 'openssl s_client' only ever worked with keys from an engine which provided a default generic method for some key type — because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Richard LevitteReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1640) View the changeset: https://github.com/openssl/openssl/compare/9702bf5fa269...4badd2b3c29c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163449098 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: FdaSilvaYY/openssl#2076 (sk_num_alloc - 64035c8)
Build Update for FdaSilvaYY/openssl - Build: #2076 Status: Failed Duration: 49 minutes and 11 seconds Commit: 64035c8 (sk_num_alloc) Author: FdaSilvaYY Message: Introduce some pre-allocation View the changeset: https://github.com/FdaSilvaYY/openssl/compare/d7299043aa8e...64035c8ecb62 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163496353 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit) from 9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e (commit) - Log - commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d Author: David WoodhouseDate: Wed Sep 28 14:31:22 2016 +0100 Call ENGINE_init() before trying to use keys from engine Things like 'openssl s_client' only ever worked with keys from an engine which provided a default generic method for some key type — because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1640) --- Summary of changes: apps/apps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 9fdc3e0..40401c1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0); } ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); -if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { +if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) { BIO_printf(err, "can't use that engine\n"); ERR_print_errors(err); ENGINE_free(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: FdaSilvaYY/openssl#2074 (check_bn_wexpand_retcode - 4ae28d9)
Build Update for FdaSilvaYY/openssl - Build: #2074 Status: Failed Duration: 58 minutes and 57 seconds Commit: 4ae28d9 (check_bn_wexpand_retcode) Author: FdaSilvaYY Message: Add missing checks on some conditional BN_copy return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/86fca028058b...4ae28d9c87e9 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163496069 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 49e476a5382602d0bad1139d6f1f66ddbc7959d6 (commit) from 56e36bdaef442536681bce2a1579385c0279bec8 (commit) - Log - commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6 Author: Richard LevitteDate: Wed Sep 28 21:28:00 2016 +0200 apps/apps.c: initialize and de-initialize engine around key loading Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by: Stephen Henson --- Summary of changes: apps/apps.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index b287748..68f2f27 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -700,7 +700,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no engine specified\n"); else { #ifndef OPENSSL_NO_ENGINE -pkey = ENGINE_load_private_key(e, file, ui_method, _data); +if (ENGINE_init(e)) { +pkey = ENGINE_load_private_key(e, file, ui_method, _data); +ENGINE_finish(e); +} if (pkey == NULL) { BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(bio_err); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: FdaSilvaYY/openssl#2073 (prn_nit - 4117270)
Build Update for FdaSilvaYY/openssl - Build: #2073 Status: Broken Duration: 1 hour, 0 minutes, and 57 seconds Commit: 4117270 (prn_nit) Author: FdaSilvaYY Message: Add error checking, small nit on ouput View the changeset: https://github.com/FdaSilvaYY/openssl/compare/a99ffe34efa4...41172709f812 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163495931 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via a1b791225f2913ace014071bfb9099790ef468e5 (commit) from 8061fdc8d3048220a758ad1304669944810ac386 (commit) - Log - commit a1b791225f2913ace014071bfb9099790ef468e5 Author: Richard LevitteDate: Wed Sep 28 21:28:00 2016 +0200 apps/apps.c: initialize and de-initialize engine around key loading Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by: Stephen Henson (cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6) --- Summary of changes: apps/apps.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index aa564b8..96184a6 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -692,7 +692,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no engine specified\n"); else { #ifndef OPENSSL_NO_ENGINE -pkey = ENGINE_load_private_key(e, file, ui_method, _data); +if (ENGINE_init(e)) { +pkey = ENGINE_load_private_key(e, file, ui_method, _data); +ENGINE_finish(e); +} if (pkey == NULL) { BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(bio_err); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 53a71b7429a4315f7761bea1be20a6d0b9c9a502 (commit) from a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit) - Log - commit 53a71b7429a4315f7761bea1be20a6d0b9c9a502 Author: Richard LevitteDate: Wed Sep 28 21:28:00 2016 +0200 apps/apps.c: initialize and de-initialize engine around key loading Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by: Stephen Henson (cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6) --- Summary of changes: apps/apps.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 9fdc3e0..ff17b35 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, if (!e) BIO_printf(err, "no engine specified\n"); else { -pkey = ENGINE_load_private_key(e, file, ui_method, _data); +if (ENGINE_init(e)) { +pkey = ENGINE_load_private_key(e, file, ui_method, _data); +ENGINE_finish(e); +} if (!pkey) { BIO_printf(err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(err); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6198 (master - 56e36bd)
Build Update for openssl/openssl - Build: #6198 Status: Still Failing Duration: 1 hour, 6 minutes, and 42 seconds Commit: 56e36bd (master) Author: Rich Salz Message: Revert "Call ENGINE_init() before trying to use keys from engine" This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c. This fails to call ENGINE_finish; an alternate fix is forthcoming. Reviewed-by: Dr. Stephen HensonView the changeset: https://github.com/openssl/openssl/compare/0a72002993b8...56e36bdaef44 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163488994 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: FdaSilvaYY/openssl#2072 (master - 56e36bd)
Build Update for FdaSilvaYY/openssl - Build: #2072 Status: Still Failing Duration: 1 hour, 6 minutes, and 2 seconds Commit: 56e36bd (master) Author: Rich Salz Message: Revert "Call ENGINE_init() before trying to use keys from engine" This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c. This fails to call ENGINE_finish; an alternate fix is forthcoming. Reviewed-by: Dr. Stephen HensonView the changeset: https://github.com/FdaSilvaYY/openssl/compare/0a72002993b8...56e36bdaef44 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163494897 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: FdaSilvaYY/openssl#2071 (master - 0a72002)
Build Update for FdaSilvaYY/openssl - Build: #2071 Status: Still Failing Duration: 1 hour, 7 minutes, and 17 seconds Commit: 0a72002 (master) Author: David Woodhouse Message: Call ENGINE_init() before trying to use keys from engine When I said before that s_client "used to work in 1.0.2" that was only partly true. It worked for engines which provided a default generic method for some key type, because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by: Rich SalzReviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1639) View the changeset: https://github.com/FdaSilvaYY/openssl/compare/243ecf19ddc0...0a72002993b8 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163486440 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: FdaSilvaYY/openssl#2077 (reduce_array - 4bb8bd6)
Build Update for FdaSilvaYY/openssl - Build: #2077 Status: Broken Duration: 43 minutes and 35 seconds Commit: 4bb8bd6 (reduce_array) Author: FdaSilvaYY Message: Discard last useless array item only _ns_ia5_list[0...6 ] are used View the changeset: https://github.com/FdaSilvaYY/openssl/compare/22dde9570294...4bb8bd6e01f2 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163496553 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: FdaSilvaYY/openssl#2080 (apps-speed-rework - 2103c74)
Build Update for FdaSilvaYY/openssl - Build: #2080 Status: Still Failing Duration: 39 minutes and 57 seconds Commit: 2103c74 (apps-speed-rework) Author: FdaSilvaYY Message: Reduce number of allocations Simpilify misalignment limits View the changeset: https://github.com/FdaSilvaYY/openssl/compare/9abc264152de...2103c7437c30 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163497741 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6206 (OpenSSL_1_1_0-stable - a1b7912)
Build Update for openssl/openssl - Build: #6206 Status: Still Failing Duration: 42 minutes and 27 seconds Commit: a1b7912 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: apps/apps.c: initialize and de-initialize engine around key loading Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by: Stephen Henson(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6) View the changeset: https://github.com/openssl/openssl/compare/8061fdc8d304...a1b791225f29 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163509154 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6205 (master - 49e476a)
Build Update for openssl/openssl - Build: #6205 Status: Still Failing Duration: 38 minutes and 43 seconds Commit: 49e476a (master) Author: Richard Levitte Message: apps/apps.c: initialize and de-initialize engine around key loading Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by: Stephen HensonView the changeset: https://github.com/openssl/openssl/compare/56e36bdaef44...49e476a53826 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163508144 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: FdaSilvaYY/openssl#2079 (x509_crl_method-fix - 280cd17)
Build Update for FdaSilvaYY/openssl - Build: #2079 Status: Broken Duration: 42 minutes and 13 seconds Commit: 280cd17 (x509_crl_method-fix) Author: FdaSilvaYY Message: Allow null in X509_CRL_METHOD_free and fix documentation. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/16923d231765...280cd179c1e3 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163497029 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: FdaSilvaYY/openssl#2078 (fix-ca-buf-usage - 99846cd)
Build Update for FdaSilvaYY/openssl - Build: #2078 Status: Broken Duration: 40 minutes and 37 seconds Commit: 99846cd (fix-ca-buf-usage) Author: FdaSilvaYY Message: Introduce PATH_MAX and NAME_MAX to define the certificate filename storage buffer. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/350bf5cab7c7...99846cd6ea77 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163496643 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: FdaSilvaYY/openssl#2081 (style_n_nit's - f267cd2)
Build Update for FdaSilvaYY/openssl - Build: #2081 Status: Failed Duration: 23 minutes and 24 seconds Commit: f267cd2 (style_n_nit's) Author: FdaSilvaYY Message: Fix some style and indent issue View the changeset: https://github.com/FdaSilvaYY/openssl/compare/8d481e8985c0...f267cd272eb4 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163499507 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#6191 (master - f9b1b66)
Build Update for openssl/openssl - Build: #6191 Status: Broken Duration: 42 minutes and 27 seconds Commit: f9b1b66 (master) Author: Matt Caswell Message: Add DTLS renegotiation tests Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/243ecf19ddc0...f9b1b6644a3a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163334122 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#6192 (OpenSSL_1_1_0-stable - 8061fdc)
Build Update for openssl/openssl - Build: #6192 Status: Broken Duration: 45 minutes and 45 seconds Commit: 8061fdc (OpenSSL_1_1_0-stable) Author: Matt Caswell Message: Add DTLS renegotiation tests Reviewed-by: Rich Salz(cherry picked from commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381) View the changeset: https://github.com/openssl/openssl/compare/a7511d72a32e...8061fdc8d304 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/163334173 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 8061fdc8d3048220a758ad1304669944810ac386 (commit) via f1522af442d4154db28928ab178c258f07ed4c5e (commit) via d17300093cfc1994891cc50909bb2bc88237de7d (commit) via cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5 (commit) from a7511d72a32e13ab007f2f02fa1433965cbfe6ed (commit) - Log - commit 8061fdc8d3048220a758ad1304669944810ac386 Author: Matt CaswellDate: Tue Sep 27 12:24:47 2016 +0100 Add DTLS renegotiation tests Reviewed-by: Rich Salz (cherry picked from commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381) commit f1522af442d4154db28928ab178c258f07ed4c5e Author: Matt Caswell Date: Tue Sep 27 11:50:43 2016 +0100 Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz (cherry picked from commit fe7dd5534176d1b04be046fcbaad24430c8727e0) commit d17300093cfc1994891cc50909bb2bc88237de7d Author: Matt Caswell Date: Tue Sep 27 10:18:00 2016 +0100 Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz (cherry picked from commit 1329b952a675c3c445b73b34bf9f09483fbc759c) commit cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5 Author: Matt Caswell Date: Mon Sep 26 17:25:43 2016 +0100 Add support for testing renegotiation Reviewed-by: Rich Salz (cherry picked from commit e42c4544c88046a01c53a81aeb9d48685d708cf9) --- Summary of changes: test/README.ssltest.md | 14 ++-- test/handshake_helper.c| 116 +++-- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/17-renegotiate.conf | 114 test/ssl-tests/17-renegotiate.conf.in | 67 + test/ssl-tests/18-dtls-renegotiate.conf| 86 + test/ssl-tests/18-dtls-renegotiate.conf.in | 63 test/ssl_test_ctx.c| 3 +- test/ssl_test_ctx.h| 4 +- 9 files changed, 450 insertions(+), 20 deletions(-) create mode 100644 test/ssl-tests/17-renegotiate.conf create mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8923578..e28d4b0 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -38,7 +38,8 @@ The test section supports the following options * HandshakeMode - which handshake flavour to test: - Simple - plain handshake (default) - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) + - RenegotiateServer - test server initiated renegotiation + - RenegotiateClient - test client initiated renegotiation When HandshakeMode is Resume or Renegotiate, the original handshake is expected to succeed. All configured test expectations are verified against the second @@ -245,20 +246,17 @@ environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do ``` -$ TEST_CERTS_DIR=test/certs test/ssl_test test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.conf ``` or for shared builds ``` -$ TEST_CERTS_DIR=test/certs util/shlib_wrap.sh test/ssl_test \ - test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ + util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf ``` -Some tests also need additional environment variables; for example, Certificate -Transparency tests need a `CTLOG_FILE`. See `test/recipes/80-test_ssl_new.t` for -details. - Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) protocols: a build with `enable-ssl3` has different test expectations than a diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 90e18fc..c14d8e3 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -583,6 +583,85 @@ static void do_app_data_step(PEER *peer) } } +static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) +{ +int ret; +char buf; + +TEST_check(peer->status == PEER_RETRY); +TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER +|| test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT); + +
[openssl-commits] [openssl] master update
The branch master has been updated via f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit) via fe7dd5534176d1b04be046fcbaad24430c8727e0 (commit) via 1329b952a675c3c445b73b34bf9f09483fbc759c (commit) via e42c4544c88046a01c53a81aeb9d48685d708cf9 (commit) via 2f97192c78928ab2b2d44ac2f4859c321f57fd1f (commit) via 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f (commit) from 243ecf19ddc0dc2366de1be5c404d66d483b196d (commit) - Log - commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381 Author: Matt CaswellDate: Tue Sep 27 12:24:47 2016 +0100 Add DTLS renegotiation tests Reviewed-by: Rich Salz commit fe7dd5534176d1b04be046fcbaad24430c8727e0 Author: Matt Caswell Date: Tue Sep 27 11:50:43 2016 +0100 Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz commit 1329b952a675c3c445b73b34bf9f09483fbc759c Author: Matt Caswell Date: Tue Sep 27 10:18:00 2016 +0100 Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz commit e42c4544c88046a01c53a81aeb9d48685d708cf9 Author: Matt Caswell Date: Mon Sep 26 17:25:43 2016 +0100 Add support for testing renegotiation Reviewed-by: Rich Salz commit 2f97192c78928ab2b2d44ac2f4859c321f57fd1f Author: Matt Caswell Date: Mon Sep 26 15:31:20 2016 +0100 Fix a bug in Renegotiation extension construction The conversion to WPACKET broke the construction of the renegotiation extension. Reviewed-by: Rich Salz commit 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f Author: Matt Caswell Date: Mon Sep 26 14:59:08 2016 +0100 Convert HelloRequest construction to WPACKET Reviewed-by: Rich Salz --- Summary of changes: ssl/statem/statem_srvr.c | 7 +- ssl/t1_lib.c | 6 +- test/README.ssltest.md | 14 ++-- test/handshake_helper.c| 116 +++-- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/17-renegotiate.conf | 114 test/ssl-tests/17-renegotiate.conf.in | 67 + test/ssl-tests/18-dtls-renegotiate.conf| 86 + test/ssl-tests/18-dtls-renegotiate.conf.in | 63 test/ssl_test_ctx.c| 3 +- test/ssl_test_ctx.h| 4 +- 11 files changed, 460 insertions(+), 23 deletions(-) create mode 100644 test/ssl-tests/17-renegotiate.conf create mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index fbca5a1..8a2791a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -831,9 +831,14 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) int tls_construct_hello_request(SSL *s) { -if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { +WPACKET pkt; + +if (!WPACKET_init(, s->init_buf) +|| !ssl_set_handshake_header2(s, , SSL3_MT_HELLO_REQUEST) +|| !ssl_close_construct_packet(s, )) { SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR); ossl_statem_set_error(s); +WPACKET_cleanup(); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4733bff..40932fa 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1040,8 +1040,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) /* Add RI if renegotiating */ if (s->renegotiate) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) -|| !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { +|| !WPACKET_start_sub_packet_u16(pkt) +|| !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) +|| !WPACKET_close(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8923578..e28d4b0 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -38,7 +38,8 @@ The test section supports the
[openssl-commits] Still Failing: FdaSilvaYY/openssl#2075 (1.1.1-internal-constification - 8389e3f)
Build Update for FdaSilvaYY/openssl - Build: #2075 Status: Still Failing Duration: 19 minutes and 17 seconds Commit: 8389e3f (1.1.1-internal-constification) Author: FdaSilvaYY Message: Add more constify-ed API using get0 pattern - X509_NAME_get0_entry - X509_NAME_ENTRY_get0_data - X509_NAME_ENTRY_get0_data View the changeset: https://github.com/FdaSilvaYY/openssl/compare/6df26df50a8e...8389e3f22fb9 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/163496232 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits