[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 10e60f26cef02a6310d20cc2c918184fc9100d14 (commit) from 1c6aab6a527b057133b470fa8c778e3d45f1605a (commit) - Log - commit 10e60f26cef02a6310d20cc2c918184fc9100d14 Author: Richard LevitteDate: Wed Oct 19 22:54:06 2016 +0200 Fix no-des Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1748) --- Summary of changes: apps/pkcs12.c | 2 ++ crypto/cms/cms_kari.c | 5 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82182c2..4e7de43 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1110,4 +1110,6 @@ static int set_pbe(BIO *err, int *ppbe, const char *str) return 1; } +#else +static void *dummy = #endif diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 2cfcdb2..ee28317 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, * Pick a cipher based on content encryption cipher. If it is DES3 use * DES3 wrap otherwise use AES wrap similar to key size. */ +#ifndef OPENSSL_NO_DES if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) kekcipher = EVP_des_ede3_wrap(); -else if (keylen <= 16) +else +#endif +if (keylen <= 16) kekcipher = EVP_aes_128_wrap(); else if (keylen <= 24) kekcipher = EVP_aes_192_wrap(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via ec7b16ddbb020b2f49ff7394901cd2b2bed5234b (commit) via a55b3959374161e33c68542d27c0fe93c6b7fe81 (commit) via 233bcb95dd7299d98ad235d6ba16c1b5726c9276 (commit) from e7a5f50da09324aeb77386f30cd1110eb5e917f2 (commit) - Log - commit ec7b16ddbb020b2f49ff7394901cd2b2bed5234b Author: Richard LevitteDate: Wed Oct 19 19:49:43 2016 +0200 apps: remove some #ifndef clutter Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) (cherry picked from commit b85bf6395251dc28457b95de586a2f0a5faae4af) commit a55b3959374161e33c68542d27c0fe93c6b7fe81 Author: Richard Levitte Date: Wed Oct 19 19:49:22 2016 +0200 apps: instead of varying implementation, make setup_engine a function always Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) (cherry picked from commit 907c6c86331243897b80f37895a14de1e7957541) commit 233bcb95dd7299d98ad235d6ba16c1b5726c9276 Author: Richard Levitte Date: Wed Sep 28 23:39:18 2016 +0200 If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) (cherry picked from commit dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191) --- Summary of changes: apps/apps.c | 14 +++--- apps/apps.h | 6 ++ apps/ca.c| 1 + apps/cms.c | 1 + apps/dgst.c | 1 + apps/dhparam.c | 4 +++- apps/dsa.c | 1 + apps/dsaparam.c | 4 +++- apps/ec.c| 1 + apps/ecparam.c | 6 -- apps/enc.c | 4 +++- apps/gendsa.c| 4 +++- apps/genpkey.c | 2 +- apps/genrsa.c| 1 + apps/pkcs12.c| 1 + apps/pkcs7.c | 4 +++- apps/pkcs8.c | 1 + apps/pkey.c | 1 + apps/pkeyparam.c | 4 +++- apps/pkeyutl.c | 1 + apps/rand.c | 4 +++- apps/req.c | 1 + apps/rsa.c | 1 + apps/rsautl.c| 1 + apps/s_client.c | 1 + apps/s_server.c | 1 + apps/smime.c | 1 + apps/speed.c | 8 +++- apps/spkac.c | 1 + apps/srp.c | 4 +++- apps/verify.c| 4 +++- apps/x509.c | 1 + 32 files changed, 66 insertions(+), 24 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 96184a6..cc557e5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1243,11 +1243,13 @@ static ENGINE *try_load_engine(const char *engine) } return e; } +#endif ENGINE *setup_engine(const char *engine, int debug) { ENGINE *e = NULL; +#ifndef OPENSSL_NO_ENGINE if (engine) { if (strcmp(engine, "auto") == 0) { BIO_printf(bio_err, "enabling auto ENGINE support\n"); @@ -1272,13 +1274,19 @@ ENGINE *setup_engine(const char *engine, int debug) } BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e)); - -/* Free our "structural" reference. */ -ENGINE_free(e); } +#endif return e; } + +void release_engine(ENGINE *e) +{ +#ifndef OPENSSL_NO_ENGINE +if (e != NULL) +/* Free our "structural" reference. */ +ENGINE_free(e); #endif +} static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) { diff --git a/apps/apps.h b/apps/apps.h index 27e182c..926a6d6 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -430,11 +430,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); #endif -# ifdef OPENSSL_NO_ENGINE -# define setup_engine(engine, debug) NULL -# else ENGINE *setup_engine(const char *engine, int debug); -# endif +void release_engine(ENGINE *e); + # ifndef OPENSSL_NO_OCSP OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, const char *path, diff --git a/apps/ca.c b/apps/ca.c index 34dfd9b..03e08b4 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1236,6 +1236,7 @@ end_of_options: X509_CRL_free(crl); NCONF_free(conf); NCONF_free(extconf); +release_engine(e); return (ret); } diff --git a/apps/cms.c b/apps/cms.c index 133dc02..579b227 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1109,6 +1109,7 @@ int cms_main(int argc, char **argv) EVP_PKEY_free(key); CMS_ContentInfo_free(cms); CMS_ContentInfo_free(rcms); +release_engine(e);
[openssl-commits] [openssl] master update
The branch master has been updated via b85bf6395251dc28457b95de586a2f0a5faae4af (commit) via 907c6c86331243897b80f37895a14de1e7957541 (commit) via dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191 (commit) from e972273194303e15f8dd7ce69dbcfa27cc024e9f (commit) - Log - commit b85bf6395251dc28457b95de586a2f0a5faae4af Author: Richard LevitteDate: Wed Oct 19 19:49:43 2016 +0200 apps: remove some #ifndef clutter Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) commit 907c6c86331243897b80f37895a14de1e7957541 Author: Richard Levitte Date: Wed Oct 19 19:49:22 2016 +0200 apps: instead of varying implementation, make setup_engine a function always Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) commit dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191 Author: Richard Levitte Date: Wed Sep 28 23:39:18 2016 +0200 If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1643) --- Summary of changes: apps/apps.c | 14 +++--- apps/apps.h | 6 ++ apps/ca.c| 1 + apps/cms.c | 1 + apps/dgst.c | 1 + apps/dhparam.c | 4 +++- apps/dsa.c | 1 + apps/dsaparam.c | 4 +++- apps/ec.c| 1 + apps/ecparam.c | 6 -- apps/enc.c | 4 +++- apps/gendsa.c| 4 +++- apps/genpkey.c | 2 +- apps/genrsa.c| 1 + apps/pkcs12.c| 1 + apps/pkcs7.c | 4 +++- apps/pkcs8.c | 1 + apps/pkey.c | 1 + apps/pkeyparam.c | 4 +++- apps/pkeyutl.c | 1 + apps/rand.c | 4 +++- apps/req.c | 1 + apps/rsa.c | 1 + apps/rsautl.c| 1 + apps/s_client.c | 1 + apps/s_server.c | 1 + apps/smime.c | 1 + apps/speed.c | 8 +++- apps/spkac.c | 1 + apps/srp.c | 4 +++- apps/verify.c| 4 +++- apps/x509.c | 1 + 32 files changed, 66 insertions(+), 24 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 68f2f27..dd6fb08 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1251,11 +1251,13 @@ static ENGINE *try_load_engine(const char *engine) } return e; } +#endif ENGINE *setup_engine(const char *engine, int debug) { ENGINE *e = NULL; +#ifndef OPENSSL_NO_ENGINE if (engine) { if (strcmp(engine, "auto") == 0) { BIO_printf(bio_err, "enabling auto ENGINE support\n"); @@ -1280,13 +1282,19 @@ ENGINE *setup_engine(const char *engine, int debug) } BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e)); - -/* Free our "structural" reference. */ -ENGINE_free(e); } +#endif return e; } + +void release_engine(ENGINE *e) +{ +#ifndef OPENSSL_NO_ENGINE +if (e != NULL) +/* Free our "structural" reference. */ +ENGINE_free(e); #endif +} static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) { diff --git a/apps/apps.h b/apps/apps.h index 6083780..9dc4737 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -430,11 +430,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); #endif -# ifdef OPENSSL_NO_ENGINE -# define setup_engine(engine, debug) NULL -# else ENGINE *setup_engine(const char *engine, int debug); -# endif +void release_engine(ENGINE *e); + # ifndef OPENSSL_NO_OCSP OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, const char *path, diff --git a/apps/ca.c b/apps/ca.c index 39de2db..b95f2ef 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1231,6 +1231,7 @@ end_of_options: X509_CRL_free(crl); NCONF_free(conf); NCONF_free(extconf); +release_engine(e); return (ret); } diff --git a/apps/cms.c b/apps/cms.c index 306e159..3db36fe 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1109,6 +1109,7 @@ int cms_main(int argc, char **argv) EVP_PKEY_free(key); CMS_ContentInfo_free(cms); CMS_ContentInfo_free(rcms); +release_engine(e); BIO_free(rctin); BIO_free(in); BIO_free(indata); diff --git a/apps/dgst.c b/apps/dgst.c index 2fb5a75..48ab549 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -398,6 +398,7 @@ int dgst_main(int argc, char **argv)
[openssl-commits] Build failed: openssl master.5864
Build openssl master.5864 failed Commit b85bf63952 by Richard Levitte on 10/19/2016 5:49 PM: apps: remove some #ifndef clutter Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 0df1caa77b793d055714f4d78d9aac7a985babb8 (commit) via aa01b82c69eeb0cfd255174111fc34a7ed5f8429 (commit) from 10e60f26cef02a6310d20cc2c918184fc9100d14 (commit) - Log - commit 0df1caa77b793d055714f4d78d9aac7a985babb8 Author: Richard LevitteDate: Wed Oct 19 19:46:38 2016 +0200 apps: make setup_engine() and release_engine() available always This removes some #ifndef clutter. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1644) commit aa01b82c69eeb0cfd255174111fc34a7ed5f8429 Author: Richard Levitte Date: Thu Sep 29 00:40:20 2016 +0200 If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it has registered at least one cipher or digest algorithm method, and therefore gets a functional reference through the ENGINE_set_default() call), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Originally, the ENGINE API wasn't designed for this to happen, an engine had to register at least one algorithm method, and was especially expected to register the algorithms corresponding to the key types that could be stored and hidden in hardware. However, it turns out that some engines will not register those algorithms with the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest functions, as they only want the methods to be used for keys, not as general crypto accelerator methods. That may cause ENGINE_set_default() to do nothing, and no functional reference is therefore made, leading to a premature deallocation of the engine and it thereby becoming unavailable when trying to fetch a key. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1644) --- Summary of changes: apps/apps.c | 14 +++--- apps/apps.h | 4 ++-- apps/ca.c| 5 + apps/cms.c | 5 + apps/dgst.c | 1 + apps/dh.c| 6 -- apps/dhparam.c | 8 +++- apps/dsa.c | 7 +-- apps/dsaparam.c | 8 +++- apps/ec.c| 6 +++--- apps/ecparam.c | 10 +- apps/enc.c | 8 +++- apps/gendh.c | 4 apps/gendsa.c| 8 +++- apps/genpkey.c | 2 +- apps/genrsa.c| 7 +-- apps/pkcs12.c| 5 + apps/pkcs7.c | 8 +++- apps/pkcs8.c | 5 + apps/pkey.c | 5 + apps/pkeyparam.c | 8 +++- apps/pkeyutl.c | 1 + apps/rand.c | 8 +++- apps/req.c | 5 + apps/rsa.c | 5 + apps/rsautl.c| 5 + apps/s_client.c | 7 --- apps/s_server.c | 7 +-- apps/smime.c | 5 + apps/speed.c | 4 +++- apps/spkac.c | 5 + apps/srp.c | 8 +++- apps/verify.c| 5 + apps/x509.c | 5 + 34 files changed, 70 insertions(+), 134 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index ff17b35..c487bd9 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1535,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) } return e; } +#endif ENGINE *setup_engine(BIO *err, const char *engine, int debug) { ENGINE *e = NULL; +#ifndef OPENSSL_NO_ENGINE if (engine) { if (strcmp(engine, "auto") == 0) { BIO_printf(err, "enabling auto ENGINE support\n"); @@ -1564,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e)); - -/* Free our "structural" reference. */ -ENGINE_free(e); } +#endif return e; } + +void release_engine(ENGINE *e) +{ +#ifndef OPENSSL_NO_ENGINE +if (e != NULL) +/* Free our "structural" reference. */ +ENGINE_free(e); #endif +} int load_config(BIO *err, CONF *cnf) { diff --git a/apps/apps.h b/apps/apps.h index c6c3881..268863c 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); -# ifndef OPENSSL_NO_ENGINE + ENGINE *setup_engine(BIO *err, const char *engine, int debug); -# endif +void release_engine(ENGINE *e); # ifndef OPENSSL_NO_OCSP
[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.5863
Build openssl OpenSSL_1_0_2-stable.5863 failed Commit 10e60f26ce by Richard Levitte on 10/19/2016 8:54 PM: Fix no-des Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.5865
Build openssl OpenSSL_1_1_0-stable.5865 failed Commit ec7b16ddbb by Richard Levitte on 10/20/2016 6:59 AM: apps: remove some #ifndef clutter Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6524 (OpenSSL_1_0_2-stable - 10e60f2)
Build Update for openssl/openssl - Build: #6524 Status: Still Failing Duration: 14 minutes and 37 seconds Commit: 10e60f2 (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: Fix no-des Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/1748) View the changeset: https://github.com/openssl/openssl/compare/1c6aab6a527b...10e60f26cef0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/169143524 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#6531 (OpenSSL_1_1_0-stable - 8afb974)
Build Update for openssl/openssl - Build: #6531 Status: Broken Duration: 43 minutes and 56 seconds Commit: 8afb974 (OpenSSL_1_1_0-stable) Author: David Woodhouse Message: Disable encrypt_then_mac negotiation for DTLS. I use the word 'negotiation' advisedly. Because that's all we were doing. We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data structure, and then utterly ignored it in both dtls_process_record() and do_dtls1_write(). Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's released, hopefully 1.1.0b will be ancient history. Reviewed-by: Rich SalzReviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/ec7b16ddbb02...8afb9742aedc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/169168862 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via cdb203f49a555cbc94431e9d83df6c93208fb610 (commit) from 0df1caa77b793d055714f4d78d9aac7a985babb8 (commit) - Log - commit cdb203f49a555cbc94431e9d83df6c93208fb610 Author: Richard LevitteDate: Thu Oct 20 09:07:06 2016 +0200 %p takes void*, so make sure to cast arguments to void* This avoids failures when configuring with --strict-warnings Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1749) --- Summary of changes: apps/s_cb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index d1a99a7..7d71954 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -548,12 +548,12 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio, argp, (unsigned long)argi, ret, ret); + (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); return (ret); } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio, argp, (unsigned long)argi, ret, ret); + (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); } return (ret); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.5867
Build openssl master.5867 completed Commit b85bf63952 by Richard Levitte on 10/19/2016 5:49 PM: apps: remove some #ifndef clutter Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: openssl/openssl#6529 (OpenSSL_1_0_2-stable - cdb203f)
Build Update for openssl/openssl - Build: #6529 Status: Fixed Duration: 20 minutes and 28 seconds Commit: cdb203f (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: %p takes void*, so make sure to cast arguments to void* This avoids failures when configuring with --strict-warnings Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/1749) View the changeset: https://github.com/openssl/openssl/compare/0df1caa77b79...cdb203f49a55 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/169153383 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 8afb9742aedc07e26f9930c1f859f8c0f204e77f (commit) from ec7b16ddbb020b2f49ff7394901cd2b2bed5234b (commit) - Log - commit 8afb9742aedc07e26f9930c1f859f8c0f204e77f Author: David WoodhouseDate: Wed Oct 12 23:10:37 2016 +0100 Disable encrypt_then_mac negotiation for DTLS. I use the word 'negotiation' advisedly. Because that's all we were doing. We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data structure, and then utterly ignored it in both dtls_process_record() and do_dtls1_write(). Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's released, hopefully 1.1.0b will be ancient history. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- Summary of changes: ssl/t1_lib.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86833d8..a3fb28e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1358,8 +1358,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, , limit, al)) return NULL; -s2n(TLSEXT_TYPE_encrypt_then_mac, ret); -s2n(0, ret); +/* + * In 1.1.0 before 1.1.0c we negotiated EtM with DTLS, then just + * silently failed to actually do it. It is fixed in 1.1.1 but to + * ease the transition especially from 1.1.0b to 1.1.0c, we just + * disable it in 1.1.0. + */ +if (!SSL_IS_DTLS(s)) { +s2n(TLSEXT_TYPE_encrypt_then_mac, ret); +s2n(0, ret); +} + #ifndef OPENSSL_NO_CT if (s->ct_validation_callback != NULL) { s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret); @@ -1596,7 +1605,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * Don't use encrypt_then_mac if AEAD or RC4 might want to disable * for other cases too. */ -if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD +if (SSL_IS_DTLS(s) || s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: FdaSilvaYY/openssl#2195 (indent-ssl-header - 897a2c6)
Build Update for FdaSilvaYY/openssl - Build: #2195 Status: Fixed Duration: 3 minutes and 27 seconds Commit: 897a2c6 (indent-ssl-header) Author: FdaSilvaYY Message: Add typedef on callback method pointers View the changeset: https://github.com/FdaSilvaYY/openssl/compare/4ddabecf16fc...897a2c67c493 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/169071060 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#6527 (OpenSSL_1_0_2-stable - 0df1caa)
Build Update for openssl/openssl - Build: #6527 Status: Still Failing Duration: 19 minutes and 10 seconds Commit: 0df1caa (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: apps: make setup_engine() and release_engine() available always This removes some #ifndef clutter. Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/1644) View the changeset: https://github.com/openssl/openssl/compare/10e60f26cef0...0df1caa77b79 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/169146965 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit) from cdb203f49a555cbc94431e9d83df6c93208fb610 (commit) - Log - commit 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 Author: Cristian StoicaDate: Wed Aug 17 14:55:57 2016 +0300 remove redundant zero assignments The structure has already been initialized to zero with memset. See also commit 64b25758edca688a30f02c260262150f7ad0bc7d (remove 0 assignments) Signed-off-by: Cristian Stoica CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1463) --- Summary of changes: crypto/evp/pmeth_lib.c | 28 +--- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9668b3a..d066862 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -199,6 +199,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; + pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); if (!pmeth) return NULL; @@ -207,33 +208,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - -pmeth->init = 0; -pmeth->copy = 0; -pmeth->cleanup = 0; -pmeth->paramgen_init = 0; -pmeth->paramgen = 0; -pmeth->keygen_init = 0; -pmeth->keygen = 0; -pmeth->sign_init = 0; -pmeth->sign = 0; -pmeth->verify_init = 0; -pmeth->verify = 0; -pmeth->verify_recover_init = 0; -pmeth->verify_recover = 0; -pmeth->signctx_init = 0; -pmeth->signctx = 0; -pmeth->verifyctx_init = 0; -pmeth->verifyctx = 0; -pmeth->encrypt_init = 0; -pmeth->encrypt = 0; -pmeth->decrypt_init = 0; -pmeth->decrypt = 0; -pmeth->derive_init = 0; -pmeth->derive = 0; -pmeth->ctrl = 0; -pmeth->ctrl_str = 0; - return pmeth; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.5889
Build openssl master.5889 completed Commit a60485ff18 by FdaSilvaYY on 9/27/2016 9:36 PM: Allow null in X509_CRL_METHOD_free Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: FdaSilvaYY/openssl#2203 (fix-ca-buf-usage - 562d973)
Build Update for FdaSilvaYY/openssl - Build: #2203 Status: Broken Duration: 17 minutes and 42 seconds Commit: 562d973 (fix-ca-buf-usage) Author: FdaSilvaYY Message: Introduce PATH_MAX and NAME_MAX to define the certificate filename storage buffer. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/8a83936e0c30...562d973f7684 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/169367495 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: mouse07410/openssl#61 (OpenSSL_1_0_2-stable - 45f4761)
Build Update for mouse07410/openssl - Build: #61 Status: Fixed Duration: 46 minutes and 16 seconds Commit: 45f4761 (OpenSSL_1_0_2-stable) Author: Cristian Stoica Message: remove redundant zero assignments The structure has already been initialized to zero with memset. See also commit 64b25758edca688a30f02c260262150f7ad0bc7d (remove 0 assignments) Signed-off-by: Cristian StoicaCLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1463) View the changeset: https://github.com/mouse07410/openssl/compare/1c6aab6a527b...45f4761fdbb7 View the full build log and details: https://travis-ci.org/mouse07410/openssl/builds/169210967 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits