[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  10e60f26cef02a6310d20cc2c918184fc9100d14 (commit)
  from  1c6aab6a527b057133b470fa8c778e3d45f1605a (commit)


- Log -
commit 10e60f26cef02a6310d20cc2c918184fc9100d14
Author: Richard Levitte 
Date:   Wed Oct 19 22:54:06 2016 +0200

Fix no-des

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1748)

---

Summary of changes:
 apps/pkcs12.c | 2 ++
 crypto/cms/cms_kari.c | 5 -
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 82182c2..4e7de43 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1110,4 +1110,6 @@ static int set_pbe(BIO *err, int *ppbe, const char *str)
 return 1;
 }
 
+#else
+static void *dummy = 
 #endif
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 2cfcdb2..ee28317 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
  * Pick a cipher based on content encryption cipher. If it is DES3 use
  * DES3 wrap otherwise use AES wrap similar to key size.
  */
+#ifndef OPENSSL_NO_DES
 if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
 kekcipher = EVP_des_ede3_wrap();
-else if (keylen <= 16)
+else
+#endif
+if (keylen <= 16)
 kekcipher = EVP_aes_128_wrap();
 else if (keylen <= 24)
 kekcipher = EVP_aes_192_wrap();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  ec7b16ddbb020b2f49ff7394901cd2b2bed5234b (commit)
   via  a55b3959374161e33c68542d27c0fe93c6b7fe81 (commit)
   via  233bcb95dd7299d98ad235d6ba16c1b5726c9276 (commit)
  from  e7a5f50da09324aeb77386f30cd1110eb5e917f2 (commit)


- Log -
commit ec7b16ddbb020b2f49ff7394901cd2b2bed5234b
Author: Richard Levitte 
Date:   Wed Oct 19 19:49:43 2016 +0200

apps: remove some #ifndef clutter

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)
(cherry picked from commit b85bf6395251dc28457b95de586a2f0a5faae4af)

commit a55b3959374161e33c68542d27c0fe93c6b7fe81
Author: Richard Levitte 
Date:   Wed Oct 19 19:49:22 2016 +0200

apps: instead of varying implementation, make setup_engine a function always

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)
(cherry picked from commit 907c6c86331243897b80f37895a14de1e7957541)

commit 233bcb95dd7299d98ad235d6ba16c1b5726c9276
Author: Richard Levitte 
Date:   Wed Sep 28 23:39:18 2016 +0200

If an engine comes up explicitely, it must also come down explicitely

In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it's a built in engine), we end up returning
an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)
(cherry picked from commit dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191)

---

Summary of changes:
 apps/apps.c  | 14 +++---
 apps/apps.h  |  6 ++
 apps/ca.c|  1 +
 apps/cms.c   |  1 +
 apps/dgst.c  |  1 +
 apps/dhparam.c   |  4 +++-
 apps/dsa.c   |  1 +
 apps/dsaparam.c  |  4 +++-
 apps/ec.c|  1 +
 apps/ecparam.c   |  6 --
 apps/enc.c   |  4 +++-
 apps/gendsa.c|  4 +++-
 apps/genpkey.c   |  2 +-
 apps/genrsa.c|  1 +
 apps/pkcs12.c|  1 +
 apps/pkcs7.c |  4 +++-
 apps/pkcs8.c |  1 +
 apps/pkey.c  |  1 +
 apps/pkeyparam.c |  4 +++-
 apps/pkeyutl.c   |  1 +
 apps/rand.c  |  4 +++-
 apps/req.c   |  1 +
 apps/rsa.c   |  1 +
 apps/rsautl.c|  1 +
 apps/s_client.c  |  1 +
 apps/s_server.c  |  1 +
 apps/smime.c |  1 +
 apps/speed.c |  8 +++-
 apps/spkac.c |  1 +
 apps/srp.c   |  4 +++-
 apps/verify.c|  4 +++-
 apps/x509.c  |  1 +
 32 files changed, 66 insertions(+), 24 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 96184a6..cc557e5 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1243,11 +1243,13 @@ static ENGINE *try_load_engine(const char *engine)
 }
 return e;
 }
+#endif
 
 ENGINE *setup_engine(const char *engine, int debug)
 {
 ENGINE *e = NULL;
 
+#ifndef OPENSSL_NO_ENGINE
 if (engine) {
 if (strcmp(engine, "auto") == 0) {
 BIO_printf(bio_err, "enabling auto ENGINE support\n");
@@ -1272,13 +1274,19 @@ ENGINE *setup_engine(const char *engine, int debug)
 }
 
 BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-/* Free our "structural" reference. */
-ENGINE_free(e);
 }
+#endif
 return e;
 }
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+if (e != NULL)
+/* Free our "structural" reference. */
+ENGINE_free(e);
 #endif
+}
 
 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
 {
diff --git a/apps/apps.h b/apps/apps.h
index 27e182c..926a6d6 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -430,11 +430,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const 
char *path);
 
 #endif
 
-# ifdef OPENSSL_NO_ENGINE
-#  define setup_engine(engine, debug) NULL
-# else
 ENGINE *setup_engine(const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
  const char *host, const char *path,
diff --git a/apps/ca.c b/apps/ca.c
index 34dfd9b..03e08b4 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1236,6 +1236,7 @@ end_of_options:
 X509_CRL_free(crl);
 NCONF_free(conf);
 NCONF_free(extconf);
+release_engine(e);
 return (ret);
 }
 
diff --git a/apps/cms.c b/apps/cms.c
index 133dc02..579b227 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1109,6 +1109,7 @@ int cms_main(int argc, char **argv)
 EVP_PKEY_free(key);
 CMS_ContentInfo_free(cms);
 CMS_ContentInfo_free(rcms);
+release_engine(e);

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  b85bf6395251dc28457b95de586a2f0a5faae4af (commit)
   via  907c6c86331243897b80f37895a14de1e7957541 (commit)
   via  dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191 (commit)
  from  e972273194303e15f8dd7ce69dbcfa27cc024e9f (commit)


- Log -
commit b85bf6395251dc28457b95de586a2f0a5faae4af
Author: Richard Levitte 
Date:   Wed Oct 19 19:49:43 2016 +0200

apps: remove some #ifndef clutter

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)

commit 907c6c86331243897b80f37895a14de1e7957541
Author: Richard Levitte 
Date:   Wed Oct 19 19:49:22 2016 +0200

apps: instead of varying implementation, make setup_engine a function always

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)

commit dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191
Author: Richard Levitte 
Date:   Wed Sep 28 23:39:18 2016 +0200

If an engine comes up explicitely, it must also come down explicitely

In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it's a built in engine), we end up returning
an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1643)

---

Summary of changes:
 apps/apps.c  | 14 +++---
 apps/apps.h  |  6 ++
 apps/ca.c|  1 +
 apps/cms.c   |  1 +
 apps/dgst.c  |  1 +
 apps/dhparam.c   |  4 +++-
 apps/dsa.c   |  1 +
 apps/dsaparam.c  |  4 +++-
 apps/ec.c|  1 +
 apps/ecparam.c   |  6 --
 apps/enc.c   |  4 +++-
 apps/gendsa.c|  4 +++-
 apps/genpkey.c   |  2 +-
 apps/genrsa.c|  1 +
 apps/pkcs12.c|  1 +
 apps/pkcs7.c |  4 +++-
 apps/pkcs8.c |  1 +
 apps/pkey.c  |  1 +
 apps/pkeyparam.c |  4 +++-
 apps/pkeyutl.c   |  1 +
 apps/rand.c  |  4 +++-
 apps/req.c   |  1 +
 apps/rsa.c   |  1 +
 apps/rsautl.c|  1 +
 apps/s_client.c  |  1 +
 apps/s_server.c  |  1 +
 apps/smime.c |  1 +
 apps/speed.c |  8 +++-
 apps/spkac.c |  1 +
 apps/srp.c   |  4 +++-
 apps/verify.c|  4 +++-
 apps/x509.c  |  1 +
 32 files changed, 66 insertions(+), 24 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 68f2f27..dd6fb08 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1251,11 +1251,13 @@ static ENGINE *try_load_engine(const char *engine)
 }
 return e;
 }
+#endif
 
 ENGINE *setup_engine(const char *engine, int debug)
 {
 ENGINE *e = NULL;
 
+#ifndef OPENSSL_NO_ENGINE
 if (engine) {
 if (strcmp(engine, "auto") == 0) {
 BIO_printf(bio_err, "enabling auto ENGINE support\n");
@@ -1280,13 +1282,19 @@ ENGINE *setup_engine(const char *engine, int debug)
 }
 
 BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-/* Free our "structural" reference. */
-ENGINE_free(e);
 }
+#endif
 return e;
 }
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+if (e != NULL)
+/* Free our "structural" reference. */
+ENGINE_free(e);
 #endif
+}
 
 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
 {
diff --git a/apps/apps.h b/apps/apps.h
index 6083780..9dc4737 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -430,11 +430,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const 
char *path);
 
 #endif
 
-# ifdef OPENSSL_NO_ENGINE
-#  define setup_engine(engine, debug) NULL
-# else
 ENGINE *setup_engine(const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
  const char *host, const char *path,
diff --git a/apps/ca.c b/apps/ca.c
index 39de2db..b95f2ef 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1231,6 +1231,7 @@ end_of_options:
 X509_CRL_free(crl);
 NCONF_free(conf);
 NCONF_free(extconf);
+release_engine(e);
 return (ret);
 }
 
diff --git a/apps/cms.c b/apps/cms.c
index 306e159..3db36fe 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1109,6 +1109,7 @@ int cms_main(int argc, char **argv)
 EVP_PKEY_free(key);
 CMS_ContentInfo_free(cms);
 CMS_ContentInfo_free(rcms);
+release_engine(e);
 BIO_free(rctin);
 BIO_free(in);
 BIO_free(indata);
diff --git a/apps/dgst.c b/apps/dgst.c
index 2fb5a75..48ab549 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -398,6 +398,7 @@ int dgst_main(int argc, char **argv)
 

[openssl-commits] Build failed: openssl master.5864

[AppVeyor]

Build openssl master.5864 failed


Commit b85bf63952 by Richard Levitte on 10/19/2016 5:49 PM:

apps: remove some #ifndef clutter


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  0df1caa77b793d055714f4d78d9aac7a985babb8 (commit)
   via  aa01b82c69eeb0cfd255174111fc34a7ed5f8429 (commit)
  from  10e60f26cef02a6310d20cc2c918184fc9100d14 (commit)


- Log -
commit 0df1caa77b793d055714f4d78d9aac7a985babb8
Author: Richard Levitte 
Date:   Wed Oct 19 19:46:38 2016 +0200

apps: make setup_engine() and release_engine() available always

This removes some #ifndef clutter.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1644)

commit aa01b82c69eeb0cfd255174111fc34a7ed5f8429
Author: Richard Levitte 
Date:   Thu Sep 29 00:40:20 2016 +0200

If an engine comes up explicitely, it must also come down explicitely

In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it has registered at least one cipher or digest
algorithm method, and therefore gets a functional reference through the
ENGINE_set_default() call), we end up returning an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Originally, the ENGINE API wasn't designed for this to happen, an
engine had to register at least one algorithm method, and was
especially expected to register the algorithms corresponding to the
key types that could be stored and hidden in hardware.  However, it
turns out that some engines will not register those algorithms with
the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest
functions, as they only want the methods to be used for keys, not as
general crypto accelerator methods.  That may cause ENGINE_set_default()
to do nothing, and no functional reference is therefore made, leading
to a premature deallocation of the engine and it thereby becoming
unavailable when trying to fetch a key.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1644)

---

Summary of changes:
 apps/apps.c  | 14 +++---
 apps/apps.h  |  4 ++--
 apps/ca.c|  5 +
 apps/cms.c   |  5 +
 apps/dgst.c  |  1 +
 apps/dh.c|  6 --
 apps/dhparam.c   |  8 +++-
 apps/dsa.c   |  7 +--
 apps/dsaparam.c  |  8 +++-
 apps/ec.c|  6 +++---
 apps/ecparam.c   | 10 +-
 apps/enc.c   |  8 +++-
 apps/gendh.c |  4 
 apps/gendsa.c|  8 +++-
 apps/genpkey.c   |  2 +-
 apps/genrsa.c|  7 +--
 apps/pkcs12.c|  5 +
 apps/pkcs7.c |  8 +++-
 apps/pkcs8.c |  5 +
 apps/pkey.c  |  5 +
 apps/pkeyparam.c |  8 +++-
 apps/pkeyutl.c   |  1 +
 apps/rand.c  |  8 +++-
 apps/req.c   |  5 +
 apps/rsa.c   |  5 +
 apps/rsautl.c|  5 +
 apps/s_client.c  |  7 ---
 apps/s_server.c  |  7 +--
 apps/smime.c |  5 +
 apps/speed.c |  4 +++-
 apps/spkac.c |  5 +
 apps/srp.c   |  8 +++-
 apps/verify.c|  5 +
 apps/x509.c  |  5 +
 34 files changed, 70 insertions(+), 134 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index ff17b35..c487bd9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1535,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char 
*engine, int debug)
 }
 return e;
 }
+#endif
 
 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 {
 ENGINE *e = NULL;
 
+#ifndef OPENSSL_NO_ENGINE
 if (engine) {
 if (strcmp(engine, "auto") == 0) {
 BIO_printf(err, "enabling auto ENGINE support\n");
@@ -1564,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int 
debug)
 }
 
 BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-/* Free our "structural" reference. */
-ENGINE_free(e);
 }
+#endif
 return e;
 }
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+if (e != NULL)
+/* Free our "structural" reference. */
+ENGINE_free(e);
 #endif
+}
 
 int load_config(BIO *err, CONF *cnf)
 {
diff --git a/apps/apps.h b/apps/apps.h
index c6c3881..268863c 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, 
int format,
   const char *pass, ENGINE *e,
   const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-# ifndef OPENSSL_NO_ENGINE
+
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
 
 # ifndef OPENSSL_NO_OCSP
 

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.5863

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.5863 failed


Commit 10e60f26ce by Richard Levitte on 10/19/2016 8:54 PM:

Fix no-des


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.5865

[AppVeyor]

Build openssl OpenSSL_1_1_0-stable.5865 failed


Commit ec7b16ddbb by Richard Levitte on 10/20/2016 6:59 AM:

apps: remove some #ifndef clutter


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6524 (OpenSSL_1_0_2-stable - 10e60f2)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6524
Status: Still Failing

Duration: 14 minutes and 37 seconds
Commit: 10e60f2 (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: Fix no-des

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1748)

View the changeset: 
https://github.com/openssl/openssl/compare/1c6aab6a527b...10e60f26cef0

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/169143524

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#6531 (OpenSSL_1_1_0-stable - 8afb974)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6531
Status: Broken

Duration: 43 minutes and 56 seconds
Commit: 8afb974 (OpenSSL_1_1_0-stable)
Author: David Woodhouse
Message: Disable encrypt_then_mac negotiation for DTLS.

I use the word 'negotiation' advisedly. Because that's all we were doing.
We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data
structure, and then utterly ignored it in both dtls_process_record()
and do_dtls1_write().

Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's
released, hopefully 1.1.0b will be ancient history.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/ec7b16ddbb02...8afb9742aedc

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/169168862

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  cdb203f49a555cbc94431e9d83df6c93208fb610 (commit)
  from  0df1caa77b793d055714f4d78d9aac7a985babb8 (commit)


- Log -
commit cdb203f49a555cbc94431e9d83df6c93208fb610
Author: Richard Levitte 
Date:   Thu Oct 20 09:07:06 2016 +0200

%p takes void*, so make sure to cast arguments to void*

This avoids failures when configuring with --strict-warnings

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1749)

---

Summary of changes:
 apps/s_cb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index d1a99a7..7d71954 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -548,12 +548,12 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, 
const char *argp,
 
 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
 BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
-   (void *)bio, argp, (unsigned long)argi, ret, ret);
+   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
 BIO_dump(out, argp, (int)ret);
 return (ret);
 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
 BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
-   (void *)bio, argp, (unsigned long)argi, ret, ret);
+   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
 BIO_dump(out, argp, (int)ret);
 }
 return (ret);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.5867

[AppVeyor]

Build openssl master.5867 completed



Commit b85bf63952 by Richard Levitte on 10/19/2016 5:49 PM:

apps: remove some #ifndef clutter


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6529 (OpenSSL_1_0_2-stable - cdb203f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6529
Status: Fixed

Duration: 20 minutes and 28 seconds
Commit: cdb203f (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: %p takes void*, so make sure to cast arguments to void*

This avoids failures when configuring with --strict-warnings

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1749)

View the changeset: 
https://github.com/openssl/openssl/compare/0df1caa77b79...cdb203f49a55

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/169153383

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  8afb9742aedc07e26f9930c1f859f8c0f204e77f (commit)
  from  ec7b16ddbb020b2f49ff7394901cd2b2bed5234b (commit)


- Log -
commit 8afb9742aedc07e26f9930c1f859f8c0f204e77f
Author: David Woodhouse 
Date:   Wed Oct 12 23:10:37 2016 +0100

Disable encrypt_then_mac negotiation for DTLS.

I use the word 'negotiation' advisedly. Because that's all we were doing.
We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data
structure, and then utterly ignored it in both dtls_process_record()
and do_dtls1_write().

Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's
released, hopefully 1.1.0b will be ancient history.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/t1_lib.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 86833d8..a3fb28e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1358,8 +1358,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 /* Add custom TLS Extensions to ClientHello */
 if (!custom_ext_add(s, 0, , limit, al))
 return NULL;
-s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
-s2n(0, ret);
+/*
+ * In 1.1.0 before 1.1.0c we negotiated EtM with DTLS, then just
+ * silently failed to actually do it. It is fixed in 1.1.1 but to
+ * ease the transition especially from 1.1.0b to 1.1.0c, we just
+ * disable it in 1.1.0.
+ */
+if (!SSL_IS_DTLS(s)) {
+s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
+s2n(0, ret);
+}
+
 #ifndef OPENSSL_NO_CT
 if (s->ct_validation_callback != NULL) {
 s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
@@ -1596,7 +1605,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, 
unsigned char *buf,
  * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
  * for other cases too.
  */
-if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+if (SSL_IS_DTLS(s) || s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
 || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
 || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
 || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#2195 (indent-ssl-header - 897a2c6)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2195
Status: Fixed

Duration: 3 minutes and 27 seconds
Commit: 897a2c6 (indent-ssl-header)
Author: FdaSilvaYY
Message: Add typedef on callback method pointers

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/4ddabecf16fc...897a2c67c493

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/169071060

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6527 (OpenSSL_1_0_2-stable - 0df1caa)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6527
Status: Still Failing

Duration: 19 minutes and 10 seconds
Commit: 0df1caa (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: apps: make setup_engine() and release_engine() available always

This removes some #ifndef clutter.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1644)

View the changeset: 
https://github.com/openssl/openssl/compare/10e60f26cef0...0df1caa77b79

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/169146965

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit)
  from  cdb203f49a555cbc94431e9d83df6c93208fb610 (commit)


- Log -
commit 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5
Author: Cristian Stoica 
Date:   Wed Aug 17 14:55:57 2016 +0300

remove redundant zero assignments

The structure has already been initialized to zero with memset.
See also commit 64b25758edca688a30f02c260262150f7ad0bc7d (remove 0 
assignments)

Signed-off-by: Cristian Stoica 
CLA: trivial
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1463)

---

Summary of changes:
 crypto/evp/pmeth_lib.c | 28 +---
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9668b3a..d066862 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -199,6 +199,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, 
int id)
 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 {
 EVP_PKEY_METHOD *pmeth;
+
 pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
 if (!pmeth)
 return NULL;
@@ -207,33 +208,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 
 pmeth->pkey_id = id;
 pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
-
-pmeth->init = 0;
-pmeth->copy = 0;
-pmeth->cleanup = 0;
-pmeth->paramgen_init = 0;
-pmeth->paramgen = 0;
-pmeth->keygen_init = 0;
-pmeth->keygen = 0;
-pmeth->sign_init = 0;
-pmeth->sign = 0;
-pmeth->verify_init = 0;
-pmeth->verify = 0;
-pmeth->verify_recover_init = 0;
-pmeth->verify_recover = 0;
-pmeth->signctx_init = 0;
-pmeth->signctx = 0;
-pmeth->verifyctx_init = 0;
-pmeth->verifyctx = 0;
-pmeth->encrypt_init = 0;
-pmeth->encrypt = 0;
-pmeth->decrypt_init = 0;
-pmeth->decrypt = 0;
-pmeth->derive_init = 0;
-pmeth->derive = 0;
-pmeth->ctrl = 0;
-pmeth->ctrl_str = 0;
-
 return pmeth;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.5889

[AppVeyor]

Build openssl master.5889 completed



Commit a60485ff18 by FdaSilvaYY on 9/27/2016 9:36 PM:

Allow null in  X509_CRL_METHOD_free


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: FdaSilvaYY/openssl#2203 (fix-ca-buf-usage - 562d973)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2203
Status: Broken

Duration: 17 minutes and 42 seconds
Commit: 562d973 (fix-ca-buf-usage)
Author: FdaSilvaYY
Message: Introduce PATH_MAX and NAME_MAX

 to define the certificate filename storage buffer.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/8a83936e0c30...562d973f7684

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/169367495

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: mouse07410/openssl#61 (OpenSSL_1_0_2-stable - 45f4761)

[Travis CI]

Build Update for mouse07410/openssl
-

Build: #61
Status: Fixed

Duration: 46 minutes and 16 seconds
Commit: 45f4761 (OpenSSL_1_0_2-stable)
Author: Cristian Stoica
Message: remove redundant zero assignments

The structure has already been initialized to zero with memset.
See also commit 64b25758edca688a30f02c260262150f7ad0bc7d (remove 0 assignments)

Signed-off-by: Cristian Stoica 
CLA: trivial
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1463)

View the changeset: 
https://github.com/mouse07410/openssl/compare/1c6aab6a527b...45f4761fdbb7

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/169210967

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits