[openssl-commits] Passed: mouse07410/openssl#57 (OpenSSL_1_0_2-stable - 4badd2b)

[Travis CI]

Build Update for mouse07410/openssl
-

Build: #57
Status: Passed

Duration: 1 hour, 14 minutes, and 25 seconds
Commit: 4badd2b (OpenSSL_1_0_2-stable)
Author: David Woodhouse
Message: Call ENGINE_init() before trying to use keys from engine

Things like 'openssl s_client' only ever worked with keys from an engine
which provided a default generic method for some key type — because it
called ENGINE_set_default() and that ended up being an implicit
initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get
initialised, and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1640)

View the changeset: 
https://github.com/mouse07410/openssl/compare/9702bf5fa269...4badd2b3c29c

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/163454269

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  0a72002993b8619fd0642d19af3364bafbd9a06c (commit)
   via  a6972f346248fbc37e42056bb943fae0896a2967 (commit)
  from  f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit)


- Log -
commit 0a72002993b8619fd0642d19af3364bafbd9a06c
Author: David Woodhouse 
Date:   Wed Sep 28 13:08:45 2016 +0100

Call ENGINE_init() before trying to use keys from engine

When I said before that s_client "used to work in 1.0.2" that was only
partly true. It worked for engines which provided a default generic
method for some key type, because it called ENGINE_set_default() and
that ended up being an implicit initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get initialised,
and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1639)

commit a6972f346248fbc37e42056bb943fae0896a2967
Author: David Woodhouse 
Date:   Wed Sep 28 13:07:52 2016 +0100

Restore '-keyform engine' support for s_client

This used to work in 1.0.2 but disappeared when the argument parsing was
revamped.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1639)

---

Summary of changes:
 apps/apps.c | 2 +-
 apps/s_client.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index b287748..9a58f17 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1269,7 +1269,7 @@ ENGINE *setup_engine(const char *engine, int debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(bio_err, "can't use that engine\n");
 ERR_print_errors(bio_err);
 ENGINE_free(e);
diff --git a/apps/s_client.c b/apps/s_client.c
index 41f6d48..10ea1f1 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -577,8 +577,8 @@ OPTIONS s_client_options[] = {
 {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
 {"certform", OPT_CERTFORM, 'F',
  "Certificate format (PEM or DER) PEM default"},
-{"key", OPT_KEY, '<', "Private key file to use, if not in -cert file"},
-{"keyform", OPT_KEYFORM, 'F', "Key format (PEM or DER) PEM default"},
+{"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"},
+{"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM 
default"},
 {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
 {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
 {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
@@ -1202,7 +1202,7 @@ int s_client_main(int argc, char **argv)
 fallback_scsv = 1;
 break;
 case OPT_KEYFORM:
-if (!opt_format(opt_arg(), OPT_FMT_PEMDER, _format))
+if (!opt_format(opt_arg(), OPT_FMT_PDE, _format))
 goto opthelp;
 break;
 case OPT_PASS:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6196 (master - 0a72002)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6196
Status: Still Failing

Duration: 1 hour, 15 minutes, and 22 seconds
Commit: 0a72002 (master)
Author: David Woodhouse
Message: Call ENGINE_init() before trying to use keys from engine

When I said before that s_client "used to work in 1.0.2" that was only
partly true. It worked for engines which provided a default generic
method for some key type, because it called ENGINE_set_default() and
that ended up being an implicit initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get initialised,
and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1639)

View the changeset: 
https://github.com/openssl/openssl/compare/f9b1b6644a3a...0a72002993b8

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163455144

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  56e36bdaef442536681bce2a1579385c0279bec8 (commit)
  from  0a72002993b8619fd0642d19af3364bafbd9a06c (commit)


- Log -
commit 56e36bdaef442536681bce2a1579385c0279bec8
Author: Rich Salz 
Date:   Wed Sep 28 14:40:25 2016 -0400

Revert "Call ENGINE_init() before trying to use keys from engine"

This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c.
This fails to call ENGINE_finish; an alternate fix is forthcoming.

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 apps/apps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9a58f17..b287748 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1269,7 +1269,7 @@ ENGINE *setup_engine(const char *engine, int debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(bio_err, "can't use that engine\n");
 ERR_print_errors(bio_err);
 ENGINE_free(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit)
  from  4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit)


- Log -
commit a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74
Author: Rich Salz 
Date:   Wed Sep 28 14:39:32 2016 -0400

Revert "Call ENGINE_init() before trying to use keys from engine"

This reverts commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d.
This fails to call ENGINE_finish; an alternate fix is coming.

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 apps/apps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 40401c1..9fdc3e0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(err, "can't use that engine\n");
 ERR_print_errors(err);
 ENGINE_free(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#6195 (OpenSSL_1_0_2-stable - 4badd2b)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6195
Status: Passed

Duration: 1 hour, 1 minute, and 40 seconds
Commit: 4badd2b (OpenSSL_1_0_2-stable)
Author: David Woodhouse
Message: Call ENGINE_init() before trying to use keys from engine

Things like 'openssl s_client' only ever worked with keys from an engine
which provided a default generic method for some key type — because it
called ENGINE_set_default() and that ended up being an implicit
initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get
initialised, and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1640)

View the changeset: 
https://github.com/openssl/openssl/compare/9702bf5fa269...4badd2b3c29c

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163449098

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: FdaSilvaYY/openssl#2076 (sk_num_alloc - 64035c8)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2076
Status: Failed

Duration: 49 minutes and 11 seconds
Commit: 64035c8 (sk_num_alloc)
Author: FdaSilvaYY
Message: Introduce some pre-allocation

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/d7299043aa8e...64035c8ecb62

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163496353

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  4badd2b3c29c2c6c551c737c07a429a53d9d1a0d (commit)
  from  9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e (commit)


- Log -
commit 4badd2b3c29c2c6c551c737c07a429a53d9d1a0d
Author: David Woodhouse 
Date:   Wed Sep 28 14:31:22 2016 +0100

Call ENGINE_init() before trying to use keys from engine

Things like 'openssl s_client' only ever worked with keys from an engine
which provided a default generic method for some key type — because it
called ENGINE_set_default() and that ended up being an implicit
initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get
initialised, and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1640)

---

Summary of changes:
 apps/apps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..40401c1 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1553,7 +1553,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
 }
 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+if (!ENGINE_init(e) || !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 BIO_printf(err, "can't use that engine\n");
 ERR_print_errors(err);
 ENGINE_free(e);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: FdaSilvaYY/openssl#2074 (check_bn_wexpand_retcode - 4ae28d9)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2074
Status: Failed

Duration: 58 minutes and 57 seconds
Commit: 4ae28d9 (check_bn_wexpand_retcode)
Author: FdaSilvaYY
Message: Add missing checks on some conditional BN_copy return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/86fca028058b...4ae28d9c87e9

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163496069

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  49e476a5382602d0bad1139d6f1f66ddbc7959d6 (commit)
  from  56e36bdaef442536681bce2a1579385c0279bec8 (commit)


- Log -
commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6
Author: Richard Levitte 
Date:   Wed Sep 28 21:28:00 2016 +0200

apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 

---

Summary of changes:
 apps/apps.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index b287748..68f2f27 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -700,7 +700,10 @@ EVP_PKEY *load_key(const char *file, int format, int 
maybe_stdin,
 BIO_printf(bio_err, "no engine specified\n");
 else {
 #ifndef OPENSSL_NO_ENGINE
-pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+if (ENGINE_init(e)) {
+pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+ENGINE_finish(e);
+}
 if (pkey == NULL) {
 BIO_printf(bio_err, "cannot load %s from engine\n", 
key_descrip);
 ERR_print_errors(bio_err);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#2073 (prn_nit - 4117270)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2073
Status: Broken

Duration: 1 hour, 0 minutes, and 57 seconds
Commit: 4117270 (prn_nit)
Author: FdaSilvaYY
Message: Add error checking, small nit on ouput

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/a99ffe34efa4...41172709f812

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163495931

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  a1b791225f2913ace014071bfb9099790ef468e5 (commit)
  from  8061fdc8d3048220a758ad1304669944810ac386 (commit)


- Log -
commit a1b791225f2913ace014071bfb9099790ef468e5
Author: Richard Levitte 
Date:   Wed Sep 28 21:28:00 2016 +0200

apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 
(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6)

---

Summary of changes:
 apps/apps.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index aa564b8..96184a6 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -692,7 +692,10 @@ EVP_PKEY *load_key(const char *file, int format, int 
maybe_stdin,
 BIO_printf(bio_err, "no engine specified\n");
 else {
 #ifndef OPENSSL_NO_ENGINE
-pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+if (ENGINE_init(e)) {
+pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+ENGINE_finish(e);
+}
 if (pkey == NULL) {
 BIO_printf(bio_err, "cannot load %s from engine\n", 
key_descrip);
 ERR_print_errors(bio_err);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  53a71b7429a4315f7761bea1be20a6d0b9c9a502 (commit)
  from  a269e5f09a6e8f5b7a1f5ab92a90a41e61631e74 (commit)


- Log -
commit 53a71b7429a4315f7761bea1be20a6d0b9c9a502
Author: Richard Levitte 
Date:   Wed Sep 28 21:28:00 2016 +0200

apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 
(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6)

---

Summary of changes:
 apps/apps.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..ff17b35 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, 
int maybe_stdin,
 if (!e)
 BIO_printf(err, "no engine specified\n");
 else {
-pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+if (ENGINE_init(e)) {
+pkey = ENGINE_load_private_key(e, file, ui_method, _data);
+ENGINE_finish(e);
+}
 if (!pkey) {
 BIO_printf(err, "cannot load %s from engine\n", key_descrip);
 ERR_print_errors(err);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6198 (master - 56e36bd)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6198
Status: Still Failing

Duration: 1 hour, 6 minutes, and 42 seconds
Commit: 56e36bd (master)
Author: Rich Salz
Message: Revert "Call ENGINE_init() before trying to use keys from engine"

This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c.
This fails to call ENGINE_finish; an alternate fix is forthcoming.

Reviewed-by: Dr. Stephen Henson 

View the changeset: 
https://github.com/openssl/openssl/compare/0a72002993b8...56e36bdaef44

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163488994

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#2072 (master - 56e36bd)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2072
Status: Still Failing

Duration: 1 hour, 6 minutes, and 2 seconds
Commit: 56e36bd (master)
Author: Rich Salz
Message: Revert "Call ENGINE_init() before trying to use keys from engine"

This reverts commit 0a72002993b8619fd0642d19af3364bafbd9a06c.
This fails to call ENGINE_finish; an alternate fix is forthcoming.

Reviewed-by: Dr. Stephen Henson 

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/0a72002993b8...56e36bdaef44

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163494897

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#2071 (master - 0a72002)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2071
Status: Still Failing

Duration: 1 hour, 7 minutes, and 17 seconds
Commit: 0a72002 (master)
Author: David Woodhouse
Message: Call ENGINE_init() before trying to use keys from engine

When I said before that s_client "used to work in 1.0.2" that was only
partly true. It worked for engines which provided a default generic
method for some key type, because it called ENGINE_set_default() and
that ended up being an implicit initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get initialised,
and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1639)

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/243ecf19ddc0...0a72002993b8

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163486440

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#2077 (reduce_array - 4bb8bd6)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2077
Status: Broken

Duration: 43 minutes and 35 seconds
Commit: 4bb8bd6 (reduce_array)
Author: FdaSilvaYY
Message: Discard last useless array item

only  _ns_ia5_list[0...6 ] are used

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/22dde9570294...4bb8bd6e01f2

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163496553

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#2080 (apps-speed-rework - 2103c74)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2080
Status: Still Failing

Duration: 39 minutes and 57 seconds
Commit: 2103c74 (apps-speed-rework)
Author: FdaSilvaYY
Message: Reduce number of allocations

Simpilify misalignment limits

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/9abc264152de...2103c7437c30

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163497741

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6206 (OpenSSL_1_1_0-stable - a1b7912)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6206
Status: Still Failing

Duration: 42 minutes and 27 seconds
Commit: a1b7912 (OpenSSL_1_1_0-stable)
Author: Richard Levitte
Message: apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 
(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6)

View the changeset: 
https://github.com/openssl/openssl/compare/8061fdc8d304...a1b791225f29

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163509154

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6205 (master - 49e476a)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6205
Status: Still Failing

Duration: 38 minutes and 43 seconds
Commit: 49e476a (master)
Author: Richard Levitte
Message: apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 

View the changeset: 
https://github.com/openssl/openssl/compare/56e36bdaef44...49e476a53826

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163508144

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#2079 (x509_crl_method-fix - 280cd17)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2079
Status: Broken

Duration: 42 minutes and 13 seconds
Commit: 280cd17 (x509_crl_method-fix)
Author: FdaSilvaYY
Message: Allow null in  X509_CRL_METHOD_free

and fix documentation.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/16923d231765...280cd179c1e3

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163497029

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#2078 (fix-ca-buf-usage - 99846cd)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2078
Status: Broken

Duration: 40 minutes and 37 seconds
Commit: 99846cd (fix-ca-buf-usage)
Author: FdaSilvaYY
Message: Introduce PATH_MAX and NAME_MAX

 to define the certificate filename storage buffer.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/350bf5cab7c7...99846cd6ea77

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163496643

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: FdaSilvaYY/openssl#2081 (style_n_nit's - f267cd2)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2081
Status: Failed

Duration: 23 minutes and 24 seconds
Commit: f267cd2 (style_n_nit's)
Author: FdaSilvaYY
Message: Fix some style and indent issue

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/8d481e8985c0...f267cd272eb4

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163499507

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#6191 (master - f9b1b66)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6191
Status: Broken

Duration: 42 minutes and 27 seconds
Commit: f9b1b66 (master)
Author: Matt Caswell
Message: Add DTLS renegotiation tests

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/243ecf19ddc0...f9b1b6644a3a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163334122

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#6192 (OpenSSL_1_1_0-stable - 8061fdc)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6192
Status: Broken

Duration: 45 minutes and 45 seconds
Commit: 8061fdc (OpenSSL_1_1_0-stable)
Author: Matt Caswell
Message: Add DTLS renegotiation tests

Reviewed-by: Rich Salz 
(cherry picked from commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381)

View the changeset: 
https://github.com/openssl/openssl/compare/a7511d72a32e...8061fdc8d304

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163334173

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  8061fdc8d3048220a758ad1304669944810ac386 (commit)
   via  f1522af442d4154db28928ab178c258f07ed4c5e (commit)
   via  d17300093cfc1994891cc50909bb2bc88237de7d (commit)
   via  cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5 (commit)
  from  a7511d72a32e13ab007f2f02fa1433965cbfe6ed (commit)


- Log -
commit 8061fdc8d3048220a758ad1304669944810ac386
Author: Matt Caswell 
Date:   Tue Sep 27 12:24:47 2016 +0100

Add DTLS renegotiation tests

Reviewed-by: Rich Salz 
(cherry picked from commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381)

commit f1522af442d4154db28928ab178c258f07ed4c5e
Author: Matt Caswell 
Date:   Tue Sep 27 11:50:43 2016 +0100

Extend the renegotiation tests

Add the ability to test both server initiated and client initiated reneg.

Reviewed-by: Rich Salz 
(cherry picked from commit fe7dd5534176d1b04be046fcbaad24430c8727e0)

commit d17300093cfc1994891cc50909bb2bc88237de7d
Author: Matt Caswell 
Date:   Tue Sep 27 10:18:00 2016 +0100

Update README.ssltest.md

Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.

Reviewed-by: Rich Salz 
(cherry picked from commit 1329b952a675c3c445b73b34bf9f09483fbc759c)

commit cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5
Author: Matt Caswell 
Date:   Mon Sep 26 17:25:43 2016 +0100

Add support for testing renegotiation

Reviewed-by: Rich Salz 
(cherry picked from commit e42c4544c88046a01c53a81aeb9d48685d708cf9)

---

Summary of changes:
 test/README.ssltest.md |  14 ++--
 test/handshake_helper.c| 116 +++--
 test/recipes/80-test_ssl_new.t |   3 +-
 test/ssl-tests/17-renegotiate.conf | 114 
 test/ssl-tests/17-renegotiate.conf.in  |  67 +
 test/ssl-tests/18-dtls-renegotiate.conf|  86 +
 test/ssl-tests/18-dtls-renegotiate.conf.in |  63 
 test/ssl_test_ctx.c|   3 +-
 test/ssl_test_ctx.h|   4 +-
 9 files changed, 450 insertions(+), 20 deletions(-)
 create mode 100644 test/ssl-tests/17-renegotiate.conf
 create mode 100644 test/ssl-tests/17-renegotiate.conf.in
 create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf
 create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in

diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 8923578..e28d4b0 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -38,7 +38,8 @@ The test section supports the following options
 * HandshakeMode - which handshake flavour to test:
   - Simple - plain handshake (default)
   - Resume - test resumption
-  - (Renegotiate - test renegotiation, not yet implemented)
+  - RenegotiateServer - test server initiated renegotiation
+  - RenegotiateClient - test client initiated renegotiation
 
 When HandshakeMode is Resume or Renegotiate, the original handshake is expected
 to succeed. All configured test expectations are verified against the second
@@ -245,20 +246,17 @@ environment variable to point to the location of the 
certs. E.g., from the root
 OpenSSL directory, do
 
 ```
-$ TEST_CERTS_DIR=test/certs test/ssl_test test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
+  test/ssl-tests/01-simple.conf
 ```
 
 or for shared builds
 
 ```
-$ TEST_CERTS_DIR=test/certs util/shlib_wrap.sh test/ssl_test \
-  test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
+  util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf
 ```
 
-Some tests also need additional environment variables; for example, Certificate
-Transparency tests need a `CTLOG_FILE`. See `test/recipes/80-test_ssl_new.t` 
for
-details.
-
 Note that the test expectations sometimes depend on the Configure settings. For
 example, the negotiated protocol depends on the set of available (enabled)
 protocols: a build with `enable-ssl3` has different test expectations than a
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 90e18fc..c14d8e3 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -583,6 +583,85 @@ static void do_app_data_step(PEER *peer)
 }
 }
 
+static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
+{
+int ret;
+char buf;
+
+TEST_check(peer->status == PEER_RETRY);
+TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
+|| test_ctx->handshake_mode == 
SSL_TEST_HANDSHAKE_RENEG_CLIENT);
+
+  

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit)
   via  fe7dd5534176d1b04be046fcbaad24430c8727e0 (commit)
   via  1329b952a675c3c445b73b34bf9f09483fbc759c (commit)
   via  e42c4544c88046a01c53a81aeb9d48685d708cf9 (commit)
   via  2f97192c78928ab2b2d44ac2f4859c321f57fd1f (commit)
   via  0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f (commit)
  from  243ecf19ddc0dc2366de1be5c404d66d483b196d (commit)


- Log -
commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381
Author: Matt Caswell 
Date:   Tue Sep 27 12:24:47 2016 +0100

Add DTLS renegotiation tests

Reviewed-by: Rich Salz 

commit fe7dd5534176d1b04be046fcbaad24430c8727e0
Author: Matt Caswell 
Date:   Tue Sep 27 11:50:43 2016 +0100

Extend the renegotiation tests

Add the ability to test both server initiated and client initiated reneg.

Reviewed-by: Rich Salz 

commit 1329b952a675c3c445b73b34bf9f09483fbc759c
Author: Matt Caswell 
Date:   Tue Sep 27 10:18:00 2016 +0100

Update README.ssltest.md

Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.

Reviewed-by: Rich Salz 

commit e42c4544c88046a01c53a81aeb9d48685d708cf9
Author: Matt Caswell 
Date:   Mon Sep 26 17:25:43 2016 +0100

Add support for testing renegotiation

Reviewed-by: Rich Salz 

commit 2f97192c78928ab2b2d44ac2f4859c321f57fd1f
Author: Matt Caswell 
Date:   Mon Sep 26 15:31:20 2016 +0100

Fix a bug in Renegotiation extension construction

The conversion to WPACKET broke the construction of the renegotiation
extension.

Reviewed-by: Rich Salz 

commit 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f
Author: Matt Caswell 
Date:   Mon Sep 26 14:59:08 2016 +0100

Convert HelloRequest construction to WPACKET

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/statem/statem_srvr.c   |   7 +-
 ssl/t1_lib.c   |   6 +-
 test/README.ssltest.md |  14 ++--
 test/handshake_helper.c| 116 +++--
 test/recipes/80-test_ssl_new.t |   3 +-
 test/ssl-tests/17-renegotiate.conf | 114 
 test/ssl-tests/17-renegotiate.conf.in  |  67 +
 test/ssl-tests/18-dtls-renegotiate.conf|  86 +
 test/ssl-tests/18-dtls-renegotiate.conf.in |  63 
 test/ssl_test_ctx.c|   3 +-
 test/ssl_test_ctx.h|   4 +-
 11 files changed, 460 insertions(+), 23 deletions(-)
 create mode 100644 test/ssl-tests/17-renegotiate.conf
 create mode 100644 test/ssl-tests/17-renegotiate.conf.in
 create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf
 create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index fbca5a1..8a2791a 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -831,9 +831,14 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
 
 int tls_construct_hello_request(SSL *s)
 {
-if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) {
+WPACKET pkt;
+
+if (!WPACKET_init(, s->init_buf)
+|| !ssl_set_handshake_header2(s, , SSL3_MT_HELLO_REQUEST)
+|| !ssl_close_construct_packet(s, )) {
 SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
 ossl_statem_set_error(s);
+WPACKET_cleanup();
 return 0;
 }
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4733bff..40932fa 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1040,8 +1040,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int 
*al)
 /* Add RI if renegotiating */
 if (s->renegotiate) {
 if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
-|| !WPACKET_sub_memcpy_u16(pkt, 
s->s3->previous_client_finished,
-   s->s3->previous_client_finished_len)) {
+|| !WPACKET_start_sub_packet_u16(pkt)
+|| !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
+   s->s3->previous_client_finished_len)
+|| !WPACKET_close(pkt)) {
 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
 return 0;
 }
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 8923578..e28d4b0 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -38,7 +38,8 @@ The test section supports the 

[openssl-commits] Still Failing: FdaSilvaYY/openssl#2075 (1.1.1-internal-constification - 8389e3f)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2075
Status: Still Failing

Duration: 19 minutes and 17 seconds
Commit: 8389e3f (1.1.1-internal-constification)
Author: FdaSilvaYY
Message: Add  more constify-ed API using get0 pattern

- X509_NAME_get0_entry
- X509_NAME_ENTRY_get0_data
- X509_NAME_ENTRY_get0_data

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/6df26df50a8e...8389e3f22fb9

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163496232

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits