[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  d8278dac47996a442a480958702d913f2eff7b93 (commit)
  from  a53d19cd0c4f28ed8c6ef708dcdd0599d1cbea27 (commit)


- Log -
commit d8278dac47996a442a480958702d913f2eff7b93
Author: Richard Levitte 
Date:   Tue Mar 27 11:10:15 2018 +0200

Copy the produced .dll files to fuzz/ as well (Cygwin & mingw)

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/5759)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 07e2036..40cf2c3 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -927,8 +927,10 @@ EOF
  . (windowsdll() ? <<"EOF" : "");
rm -f apps/$shlib$shlibext
rm -f test/$shlib$shlibext
+   rm -f fuzz/$shlib$shlibext
cp -p $shlib$shlibext apps/
cp -p $shlib$shlibext test/
+   cp -p $shlib$shlibext fuzz/
 EOF
   }
   sub obj2dso {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  9b9a6e181f1e52b5b9eaef975c31885324db4ece (commit)
  from  ab0c22d2655c626cbc93835d9f3042be28efa64c (commit)


- Log -
commit 9b9a6e181f1e52b5b9eaef975c31885324db4ece
Author: Richard Levitte 
Date:   Tue Mar 27 15:18:00 2018 +0200

release-tools: More precise extraction of version number, avoiding fips 
version

---

Summary of changes:
 release-tools/release-check.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index cac5918..42fbbfc 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -112,7 +112,7 @@ sub openssl_check_version_h {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
 } elsif (
-/OPENSSL_VERSION_TEXT\s+\"OpenSSL (\S*)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
+/OPENSSL_VERSION_TEXT\s+\"OpenSSL 
([^-\s]+(?:-[^-\s]*)?)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
   )
 {
 check_str( "opensslv.h: version", $version, $1, \$ok );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  3c38191688d11d556dee96ddf3c9edf87491d52b (commit)
  from  d54658dd5fd7d7de0f967055b8933f1a5eb2c88e (commit)


- Log -
commit 3c38191688d11d556dee96ddf3c9edf87491d52b
Author: Matt Caswell 
Date:   Tue Mar 27 15:54:17 2018 +0100

Correct the notes for doing a release

---

Summary of changes:
 release-tools/README.md | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index acdceb3..93888cf 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -54,6 +54,9 @@ the directory where this README is):
 
 $HERE/do-copyright-year
 
+Obtain approval for these commits from the reviewer and add the reviewed-by
+headers as required.
+
 Perform the local automated release steps. This can normally be done with:
 
 perl $HERE/mkrelease.pl --reviewer=NAME
@@ -199,7 +202,7 @@ openssl user home directory, and then do the following
 
 sudo -u openssl gpg -u 8B3D79F5 --clearsign secadv_FILENAME
 sudo -u openssl mutt -s "OpenSSL Security Advisory" \
-openssl-project openssl-users openssl-announce
+openssl-project openssl-users openssl-announce \
 <~openssl/secadv_FILENAME.txt.asc
 
 Approve the openssl-announce email.  Go to
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 (commit)
  from  53c9818e970fc0c22d77e19fda3b3e6f6c9e759d (commit)


- Log -
commit 9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66
Author: Matt Caswell 
Date:   Wed Mar 21 20:19:37 2018 +

Assert that alpn_selected is NULL before we assign it

The alpn_selected value in the session should be NULL before we first
populate it if this is a new session. We assert to make sure it is.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5715)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 10 +-
 ssl/statem/statem_srvr.c | 12 +++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 5c36004..e4a5b3c 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1679,7 +1679,15 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned 
int context, X509 *x,
 s->ext.early_data_ok = 0;
 }
 if (!s->hit) {
-/* If a new session then update it with the selected ALPN */
+/*
+ * This is a new session and so alpn_selected should have been
+ * initialised to NULL. We should update it with the selected ALPN.
+ */
+if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+ ERR_R_INTERNAL_ERROR);
+return 0;
+}
 s->session->ext.alpn_selected =
 OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
 if (s->session->ext.alpn_selected == NULL) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4985cdc..1313847 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2100,7 +2100,17 @@ int tls_handle_alpn(SSL *s)
 s->ext.early_data_ok = 0;
 
 if (!s->hit) {
-/* If a new session update it with the new ALPN value */
+/*
+ * This is a new session and so alpn_selected should have
+ * been initialised to NULL. We should update it with the
+ * selected ALPN.
+ */
+if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+return 0;
+}
 s->session->ext.alpn_selected = OPENSSL_memdup(selected,

selected_len);
 if (s->session->ext.alpn_selected == NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f6c024c2e7f33e9d26c62cf19d519e5ef7fa4a09 (commit)
   via  75a8f1eff03a1c91c22683b022e2145628962157 (commit)
   via  0b020b14882173918b9cc3e8e3bd85fb9ffac948 (commit)
   via  273f7fe16a6e4b2a443fb16846beaffd70461750 (commit)
   via  4cabbb9f485ba7d1edcfbbd2aa8610159f94543e (commit)
  from  faec5c4a8aa3943d835bdad26800a103426b0eda (commit)


- Log -
commit f6c024c2e7f33e9d26c62cf19d519e5ef7fa4a09
Author: Matt Caswell 
Date:   Tue Mar 27 10:58:34 2018 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit 75a8f1eff03a1c91c22683b022e2145628962157
Author: Andy Polyakov 
Date:   Mon Mar 26 10:55:35 2018 +0200

test/test_test.c: add CRYPTO_memcmp regression test.

Reviewed-by: Matt Caswell 

commit 0b020b14882173918b9cc3e8e3bd85fb9ffac948
Author: Andy Polyakov 
Date:   Wed Mar 21 23:48:10 2018 +0100

pariscid.pl: fix nasty typo in CRYPTO_memcmp.

Comparison was effectively reduced to least significant bits.

CVE-2018-0733

Reviewed-by: Matt Caswell 

commit 273f7fe16a6e4b2a443fb16846beaffd70461750
Author: Matt Caswell 
Date:   Fri Jan 26 16:23:03 2018 +

Add fuzz corpora file that found the ASN.1 stack depth issue

Reviewed-by: Rich Salz 

commit 4cabbb9f485ba7d1edcfbbd2aa8610159f94543e
Author: Matt Caswell 
Date:   Thu Mar 22 09:39:53 2018 +

Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES|  46 
 NEWS   |   5 ++-
 crypto/asn1/asn1_err.c |   3 +-
 crypto/asn1/tasn_dec.c |  48 ++---
 crypto/err/openssl.txt |   1 +
 crypto/pariscid.pl |   2 +-
 .../asn1/eba5151118ff75ce6a86438a3a6f819c41d8be40  | Bin 0 -> 73846 bytes
 include/openssl/asn1err.h  |   1 +
 test/test_test.c   |   5 +++
 9 files changed, 93 insertions(+), 18 deletions(-)
 create mode 100644 fuzz/corpora/asn1/eba5151118ff75ce6a86438a3a6f819c41d8be40

diff --git a/CHANGES b/CHANGES
index 3f6c8de..462394c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -292,6 +292,52 @@
 
  Changes between 1.1.0g and 1.1.0h [xx XXX ]
 
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. 
There
+ are no such structures used within SSL/TLS that come from untrusted 
sources
+ so this is considered safe.
+
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ project.
+ (CVE-2018-0739)
+ [Matt Caswell]
+
+  *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
+
+ Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+ effectively reduced to only comparing the least significant bit of each
+ byte. This allows an attacker to forge messages that would be considered 
as
+ authenticated in an amount of tries lower than that guaranteed by the
+ security claims of the scheme. The module can only be compiled by the
+ HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
+
+ This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
+ (IBM).
+ (CVE-2018-0733)
+ [Andy Polyakov]
+
+  *) Add a build target 'build_all_generated', to build all generated files
+ and only that.  This can be used to prepare everything that requires
+ things like perl for a system that lacks perl and then move everything
+ to that system and do the rest of the build there.
+ [Richard Levitte]
+
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+ OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+ (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+ changes this is no longer possible in 1.1.0. Therefore the new
+ SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+ 1.1.0 to provide equivalent functionality.
+
+ 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  f3f8e72f494b36d05e0d04fe418f92b692fbb261 (commit)
  from  69a61c26f2148d04c9d529c67064a9c36dacf69b (commit)


- Log -
commit f3f8e72f494b36d05e0d04fe418f92b692fbb261
Author: Matt Caswell 
Date:   Thu Mar 22 14:33:05 2018 +

Don't write out a bad OID

If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.

Fixes #5723

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5725)

(cherry picked from commit 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d)

---

Summary of changes:
 crypto/asn1/tasn_enc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 081a9d5..1f534df 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int 
*putype,
 otmp = (ASN1_OBJECT *)*pval;
 cont = otmp->data;
 len = otmp->length;
+if (cont == NULL || len == 0)
+return -1;
 break;
 
 case V_ASN1_NULL:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  b403cc386cb927f6838a2fc300cd1d872007ba65 (commit)
   via  d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 (commit)
   via  f520f134d17c8022f684505b937522dcda8b61e1 (commit)
   via  bcbde69b87584ce5b21f3c959c90a7808ef0c13d (commit)
   via  56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f (commit)
   via  e25aef64a5f2874cc4903d3e4bd447983a7eff9e (commit)
   via  2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 (commit)
  from  d8278dac47996a442a480958702d913f2eff7b93 (commit)


- Log -
commit b403cc386cb927f6838a2fc300cd1d872007ba65
Author: Matt Caswell 
Date:   Tue Mar 27 14:51:46 2018 +0100

Prepare for 1.1.0i-dev

Reviewed-by: Richard Levitte 

commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
Author: Matt Caswell 
Date:   Tue Mar 27 14:50:36 2018 +0100

Prepare for 1.1.0h release

Reviewed-by: Richard Levitte 

commit f520f134d17c8022f684505b937522dcda8b61e1
Author: Matt Caswell 
Date:   Tue Mar 27 13:43:23 2018 +0100

Update copyright year

Reviewed-by: Richard Levitte 

commit bcbde69b87584ce5b21f3c959c90a7808ef0c13d
Author: Matt Caswell 
Date:   Tue Mar 27 10:58:34 2018 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit 56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f
Author: Andy Polyakov 
Date:   Wed Mar 21 23:48:10 2018 +0100

pariscid.pl: fix nasty typo in CRYPTO_memcmp.

Comparison was effectively reduced to least significant bits.

CVE-2018-0733

Reviewed-by: Matt Caswell 

commit e25aef64a5f2874cc4903d3e4bd447983a7eff9e
Author: Matt Caswell 
Date:   Fri Jan 26 16:23:03 2018 +

Add fuzz corpora file that found the ASN.1 stack depth issue

Reviewed-by: Rich Salz 

commit 2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
Author: Matt Caswell 
Date:   Thu Mar 22 09:39:53 2018 +

Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES|  33 +-
 Configure  |   2 +-
 NEWS   |   9 +++-
 README |   2 +-
 apps/apps.h|   2 +-
 apps/ca.c  |   2 +-
 apps/dsaparam.c|   2 +-
 apps/ecparam.c |   2 +-
 apps/enc.c |   2 +-
 apps/genrsa.c  |   2 +-
 apps/openssl.c |   2 +-
 apps/pkeyutl.c |   2 +-
 apps/prime.c   |   2 +-
 apps/progs.pl  |   4 +-
 apps/rand.c|   2 +-
 apps/s_client.c|   2 +-
 apps/s_server.c|   2 +-
 apps/s_socket.c|   2 +-
 apps/s_time.c  |   2 +-
 apps/speed.c   |   2 +-
 apps/srp.c |   2 +-
 apps/version.c |   2 +-
 apps/x509.c|   2 +-
 config.com |   2 +-
 crypto/aes/asm/aes-armv4.pl|   2 +-
 crypto/aes/asm/bsaes-armv7.pl  |   2 +-
 crypto/asn1/ameth_lib.c|   2 +-
 crypto/asn1/asn1_err.c |   3 +-
 crypto/asn1/asn_mime.c |   2 +-
 crypto/asn1/tasn_dec.c |  49 ++---
 crypto/async/arch/async_posix.h|   2 +-
 crypto/bio/b_dump.c|   2 +-
 crypto/bio/b_sock2.c   |   2 +-
 crypto/bio/bf_lbuf.c   |   2 +-
 crypto/bio/bf_null.c   |   2 +-
 crypto/bio/bio_lib.c   |   2 +-
 crypto/bio/bio_meth.c  |   2 +-
 

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  d54658dd5fd7d7de0f967055b8933f1a5eb2c88e (commit)
  from  9b9a6e181f1e52b5b9eaef975c31885324db4ece (commit)


- Log -
commit d54658dd5fd7d7de0f967055b8933f1a5eb2c88e
Author: Richard Levitte 
Date:   Tue Mar 27 15:18:00 2018 +0200

release-tools: More precise extraction of version number, avoiding fips 
version

---

Summary of changes:
 release-tools/release-check.pl | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index 42fbbfc..2eac1e3 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -111,8 +111,12 @@ sub openssl_check_version_h {
 if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)L/) {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
-} elsif (
-/OPENSSL_VERSION_TEXT\s+\"OpenSSL 
([^-\s]+(?:-[^-\s]*)?)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
+} elsif (/OPENSSL_VERSION_TEXT\s+\"OpenSSL\s
+ ([^-\s]+(?!-fips)(?:-[^-\s]*)?)   # version without -fips
+ \s+
+ (\([[:alpha:]]+\)\s+)?# Possible lable
+ (.*)\"# The rest (date)
+/x
   )
 {
 check_str( "opensslv.h: version", $version, $1, \$ok );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0h create

[Matt Caswell]

The annotated tag OpenSSL_1_1_0h has been created
at  09deb2c8c8b843c3a5b28c5c7ee021bb0487c6f9 (tag)
   tagging  d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 (commit)
  replaces  OpenSSL_1_1_0g
 tagged by  Matt Caswell
on  Tue Mar 27 14:50:36 2018 +0100

- Log -
OpenSSL 1.1.0h release tag
-BEGIN PGP SIGNATURE-

iQEuBAABCAAYBQJaukwsERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESR/OEH
+wc9X6juNCIN1lz+k0ot/iE4ZihHzbYobC6Et8PxUsmDUgA1oyL5ivvhHoq+bgGr
rVv5Qs28YVbltEboONOl+6Sjlj/HsPHZcdQsuF1thREZUwnyN3ZiU72+C/KgsDop
ZtgNbYm3XWXZjTi0w3ZRupUGNGy/CmqgvVXcFz3MRYArphZzWNDR+HQ8IJjx6AyN
64nigsv4gkdm1uCxgECt90vmtFK/QCVjFQ4V5QoA3QnMAvWuyUiKWH3D+17d6wu5
balkRq/Jx8+s1iCXN6kwUKAEpRossTiMfAPkvPqYISXVtDeuf4OZgYi2U7BoXdEP
prJuDc+TJ/KdSoVQ9ryQcS4=
=T1WG
-END PGP SIGNATURE-

Alex Gaynor (1):
  Fixed a typo in a man page

Andy Polyakov (14):
  aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
  rc4/build.info: fix HP-UX rc4-ia64 rule.
  Configurations/unix-Makefile.tmpl: fix HP-UX build.
  util/copy.pl: work around glob quirk in some of earlier 5.1x Perl 
versions.
  asn1/a_strex.c: fix flags truncation in do_esc_char.
  bn/bn_add.c: address performance regression.
  bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
  ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
  test/recipes/80-test_pkcs12.t: handle lack of Win32::API.
  mem_sec.c: relax POSIX requirement.
  mem_sec.c: portability fixup.
  Configurations/10-main.conf: add -fno-common back to darwin-ppc-cc.
  Configurations/unix-Makefile.tmpl: overhaul assembler make rules.
  pariscid.pl: fix nasty typo in CRYPTO_memcmp.

Ben Kaduk (2):
  make update
  Fix more OCSP_resp_get0_signer() nits

Benjamin Kaduk (7):
  Fix typo in comment
  Add an API to get the signer of an OCSP response
  Add OCSP API test executable
  Fix coverity-reported errors in ocspapitest
  Wrap more of ocspapitest.c in OPENSSL_NO_OCSP
  Fix strict-warnings build on FreeBSD
  Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER

Bernd Edlinger (24):
  Remove test-runs dir
  Fix a gcc fallthru warning
  Fix invalid function type casts. Rename bio_info_cb to BIO_info_cb.
  Stop using unimplemented cipher classes. Add comments to no longer 
usable ciphers.
  Catch SIGPIPE in TLSProxy::Proxy::clientstart
  Explicitly shut the socket down in s_client
  Use constant value 1 instead of SHUT_WR in do_server
  Set OPENSSL_ENGINES for Windows
  Add a configure option to opt-out secure memory
  Fix setting of IPV6_V6ONLY on Windows
  Make the s_server command listen on IPv6 only when requested
  Fix some style nits in commit eee8a40
  Swap the check in ssl3_write_pending to avoid using the possibly 
indeterminate pointer value in wpend_buf.
  Remove code that prints "" in hexdumps when the data 
block ends with SPACEs or NULs.
  Fix some bugs with the cfb1 bitsize handling
  Fix a possible memory leak in engine_table_register
  Fix error handling in b2i_dss and b2i_rsa
  Fix a memory leak in n_ssl3_mac
  Fix a memory leak in tls1_mac
  Cleanup the s_time command.
  Handle partial messages in TLSProxy
  Fix ecparam -genkey with point compression or DER outform
  Fix dsaparam -genkey with DER outform
  Previously this x509 command line was working, restore that

Brad Spencer (1):
  Test the result of CMS_RecipientInfo_ktri_get0_algs() before using its 
output in rsa_cms_encrypt().

Christian Heimes (1):
  Fix signature of min/max proto getter

Daniel Bevenius (3):
  Correct minor typo in ssl_locl.h comment
  Make BIO_METHOD struct definitions consistent
  Add comments to NULL func ptrs in bio_method_st

David Benjamin (5):
  Pretty-print large INTEGERs and ENUMERATEDs in hex.
  Make BN_num_bits_word constant-time.
  Don't leak the exponent bit width in BN_mod_exp_mont_consttime.
  Fix timing leak in BN_from_montgomery_word.
  Always use adr with __thumb2__.

David von Oheimb (1):
  Various small build improvements on mkdef.pl, progs.pl

Dr. Matthias St. Pierre (3):
  bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
  d2i_X509.pod: clarify usage of the 'pp' function parameter
  BIO_s_mem.pod: fix indirection for out parameter **pp

FdaSilvaYY (5):
  Spelling doc #3580 Duplicated tests descriptions
  Fix possible leaks on sk_X509_EXTENSION_push() failure ...
  Fix docs for EVP_EncryptUpdate and EVP_DecryptUpdate
  Fix an incoherent test.
  Useless conf != NULL test

Ivan Filenko (1):
  Fix typo in ASN1_STRING_length doc

Johannes Bauer (1):
  Make pkeyutl a bit more user-friendly

Konstantin Shemyak (1):
  Corrected 'cms' exit status when key or 

[openssl-commits] [openssl] OpenSSL_1_0_2o create

[Matt Caswell]

The annotated tag OpenSSL_1_0_2o has been created
at  d891c9c53470048f5a4ff334bcd2036f9070d3aa (tag)
   tagging  3ce7bc40a3c48da1c96c2d04c10045bd797c6aa3 (commit)
  replaces  OpenSSL_1_0_2n
 tagged by  Matt Caswell
on  Tue Mar 27 14:55:22 2018 +0100

- Log -
OpenSSL 1.0.2o release tag
-BEGIN PGP SIGNATURE-

iQEuBAABCAAYBQJauk1KERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRWP0I
AIze+GYMM6xnkVgogSCBcFGeYA06M0KRyHMc/P6CG4EvIlj4U8Wl3ru+WCdIhco+
iQIHa3V7vrO6TXMvh3x7Cj/y/SZYQRlCFvAB39iucorQTtxnsJcMcqD7UxLIoKSI
6Yxc/jVPRRIK1WIO0UtOscm5CjysBswfxnLiDmFCfpHq3C8cG1/3JxpdBdKzSA1X
OQyGbWMJlBhTMepxgbPn/UC7zysVegE59aW38bYUXC/UnsAbgHB23sqQDYY6Ae4T
S857Mq9s59x4SRTop2dK9+412R4gKgoQeAoiaVnTYgvp+KefhV3YFuQpPtaNcN3X
N66Zi91pjiBjFv0Vws4Igeg=
=vDy1
-END PGP SIGNATURE-

Andy Polyakov (2):
  ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
  Fix timing leak in BN_from_montgomery_word.

Bernd Edlinger (7):
  Swap the check in ssl3_write_pending to avoid using the possibly 
indeterminate pointer value in wpend_buf.
  Remove code that prints "" in hexdumps when the data 
block ends with SPACEs or NULs.
  Fix a possible memory leak in engine_table_register
  Minor style fixup on recent commit 99bb59d at 
ssl_scan_clienthello_tlsext
  Fix some bugs with the cfb1 bitsize handling
  Fix ecparam -genkey with point compression or DER outform
  Fix dsaparam -genkey with DER outform

Cristian Stoica (2):
  merge two mutual exclusive #ifdefs to improve clarity
  fix several typos in README.gost

David Benjamin (2):
  Make BN_num_bits_word constant-time.
  Don't leak the exponent bit width in BN_mod_exp_mont_consttime.

Dr. Matthias St. Pierre (3):
  Add missing prototype for FIPS callback
  bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
  BIO_s_mem.pod: fix indirection for out parameter **pp

FdaSilvaYY (1):
  Fix an incoherent test.

Ivan Filenko (1):
  Fix typo in ASN1_STRING_length doc

J Mohan Rao Arisankala (1):
  Cleanup ctxs if callback fail to retrieve session ticket

Jonathan Scalise (1):
  Changed OPENSSL_gmtime so macOS uses threadsafe gmtime_r instead of 
gmtime.

Konstantin Shemyak (1):
  Corrected 'cms' exit status when key or certificate cannot be opened

Kurt Roeckx (1):
  Fix propotype to include the const qualifier

Matt Caswell (23):
  Prepare for 1.0.2o-dev
  Fix initialisation in fatalerrtest
  Fix the buffer sizing in the fatalerrtest
  Fix a switch statement fallthrough
  Tolerate DTLS alerts with an incorrect version number
  Revert BN_copy() flag copy semantics change
  Don't allow an empty Subject when creating a Certificate
  Don't crash on a missing Subject in index.txt
  Make sure we check an incoming reneg ClientHello in DTLS
  Sanity check the ticket length before using key name/IV
  Improve error handling in pk7_doit
  Free the correct type in OBJ_add_object()
  Revert "Don't allow an empty Subject when creating a Certificate"
  Revert "Don't crash on a missing Subject in index.txt"
  Report a readable error on a duplicate cert in ca app
  Allow multiple entries without a Subject even if unique_subject == yes
  Fix a memory leak in the ca application
  The default conv_form is uncompressed
  Limit ASN.1 constructed types recursive definition depth
  Update CHANGES and NEWS for the new release
  Update copyright year
  make update
  Prepare for 1.0.2o release

Pavel Kopyl (2):
  X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
  do_body: fix heap-use-after-free.

Philippe Antoine (1):
  Checks ec_points_format extension size

Rich Salz (5):
  Standardize syntax around sizeof(foo)
  Add fingerprint text, remove MD5
  Fix BN doc
  Add warnings to thread doc.
  Fix credit for SRP code

Richard Levitte (8):
  Remove unicode characters from source
  Remove three test programs that snuck in
  Configure: use a better method to identify gcc and derivates
  Add missing tests to the VMS test scripts
  test/maketests.com: remove irrelevant comment
  Update the license end year
  Remove useless -D_ENDIAN from MPE/iX-gcc config
  crypto/engine/eng_cryptodev.c: don't treat a void* like an array

Samuel Weiser (3):
  Replaced variable-time GCD with consttime inversion to avoid side-channel 
attacks on RSA key generation
  used ERR set/pop mark
  consttime flag changed

Todd Short (1):
  Fix error-path memory leak in asn_mime.c

Viktor Dukhovni (3):
  Document the X509_V_FLAG_PARTIAL_CHAIN flag
  Add missing comma between references
  Fix wrong case in documentation of -CRLfile option

White_Rabbit (1):
  Update s_client doc adding xmpp as value for -starttls

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  69a61c26f2148d04c9d529c67064a9c36dacf69b (commit)
   via  3ce7bc40a3c48da1c96c2d04c10045bd797c6aa3 (commit)
   via  699a72a5e99f7da8825136f307e0b1831bc2d38a (commit)
   via  f8e9126449c37a4e4cb52eb8141ac875e14d6d3f (commit)
   via  b621f604e9b52ce8f568b6d3677a19b1e862613a (commit)
   via  9310d45087ae546e27e61ddf8f6367f29848220d (commit)
  from  3ffc95b1a9d14d8833f6f116a0afe0fb83eeaa17 (commit)


- Log -
commit 69a61c26f2148d04c9d529c67064a9c36dacf69b
Author: Matt Caswell 
Date:   Tue Mar 27 14:56:15 2018 +0100

Prepare for 1.0.2p-dev

Reviewed-by: Richard Levitte 

commit 3ce7bc40a3c48da1c96c2d04c10045bd797c6aa3
Author: Matt Caswell 
Date:   Tue Mar 27 14:55:22 2018 +0100

Prepare for 1.0.2o release

Reviewed-by: Richard Levitte 

commit 699a72a5e99f7da8825136f307e0b1831bc2d38a
Author: Matt Caswell 
Date:   Tue Mar 27 14:55:22 2018 +0100

make update

Reviewed-by: Richard Levitte 

commit f8e9126449c37a4e4cb52eb8141ac875e14d6d3f
Author: Matt Caswell 
Date:   Tue Mar 27 13:46:45 2018 +0100

Update copyright year

Reviewed-by: Richard Levitte 

commit b621f604e9b52ce8f568b6d3677a19b1e862613a
Author: Matt Caswell 
Date:   Tue Mar 27 10:58:34 2018 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit 9310d45087ae546e27e61ddf8f6367f29848220d
Author: Matt Caswell 
Date:   Thu Mar 22 10:05:40 2018 +

Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   | 17 -
 NEWS  |  7 +-
 README|  2 +-
 apps/cms.c|  2 +-
 apps/ecparam.c|  2 +-
 crypto/asn1/asn1.h|  1 +
 crypto/asn1/asn1_err.c|  3 ++-
 crypto/asn1/asn_mime.c|  2 +-
 crypto/asn1/tasn_dec.c| 64 +++
 crypto/bn/bn_exp.c|  2 +-
 crypto/bn/bn_mont.c   |  2 +-
 crypto/engine/eng_table.c |  2 +-
 crypto/evp/e_aes.c|  2 +-
 crypto/evp/e_camellia.c   |  2 +-
 crypto/evp/evp_locl.h |  2 +-
 crypto/mem_dbg.c  |  2 +-
 crypto/o_time.c   |  2 +-
 crypto/opensslv.h |  6 ++---
 crypto/ts/Makefile|  3 ++-
 crypto/ts/ts_rsp_sign.c   |  2 +-
 crypto/x509v3/v3_conf.c   |  2 +-
 openssl.spec  |  2 +-
 ssl/Makefile  |  2 +-
 ssl/d1_pkt.c  |  2 +-
 ssl/kssl.c|  2 +-
 ssl/s3_pkt.c  |  2 +-
 ssl/t1_lib.c  |  2 +-
 27 files changed, 92 insertions(+), 49 deletions(-)

diff --git a/CHANGES b/CHANGES
index f2bc2b3..1da1a42 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,10 +7,25 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
- Changes between 1.0.2n and 1.0.2o [xx XXX ]
+ Changes between 1.0.2o and 1.0.2p [xx XXX ]
 
   *)
 
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. 
There
+ are no such structures used within SSL/TLS that come from untrusted 
sources
+ so this is considered safe.
+
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ project.
+ (CVE-2018-0739)
+ [Matt Caswell]
+
  Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
 
   *) Read/write after SSL object in error state
diff --git a/NEWS b/NEWS
index f688c5a..0fb4724 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [under development]
+  Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [under development]
 
   o
 
+  Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
+
+  o Constructed ASN.1 types with a recursive definition could exceed the
+stack (CVE-2018-0739)
+
   Major changes between OpenSSL 

[openssl-commits] [web] master update

[Matt Caswell]

The branch master has been updated
   via  b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit)
   via  8af698d4de2c19b45f702d03560c8045fc1bbec5 (commit)
  from  ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit)


- Log -
commit b142b6fc2b1787bac79b0823c7a1cc37c301c68c
Author: Matt Caswell <m...@openssl.org>
Date:   Tue Mar 27 14:25:09 2018 +0100

Publish security advisory

commit 8af698d4de2c19b45f702d03560c8045fc1bbec5
Author: Matt Caswell <m...@openssl.org>
Date:   Tue Mar 27 14:10:47 2018 +0100

Update news for new release

---

Summary of changes:
 news/newsflash.txt   |  2 ++
 news/secadv/20180327.txt | 82 
 news/vulnerabilities.xml | 73 --
 3 files changed, 155 insertions(+), 2 deletions(-)
 create mode 100644 news/secadv/20180327.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 572c8db..f7fd9a1 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
+27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security
 release due on 27th March 2018
 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and 
test it
 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last 
Group of Contributors
diff --git a/news/secadv/20180327.txt b/news/secadv/20180327.txt
new file mode 100644
index 000..bddf0a6
--- /dev/null
+++ b/news/secadv/20180327.txt
@@ -0,0 +1,82 @@
+
+OpenSSL Security Advisory [27 Mar 2018]
+
+
+Constructed ASN.1 types with a recursive definition could exceed the stack 
(CVE-2018-0739)
+==
+
+Severity: Moderate
+
+Constructed ASN.1 types with a recursive definition (such as can be found in
+PKCS7) could eventually exceed the stack given malicious input with
+excessive recursion. This could result in a Denial Of Service attack. There are
+no such structures used within SSL/TLS that come from untrusted sources so this
+is considered safe.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 users should upgrade to 1.0.2o
+
+This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
+The fix was developed by Matt Caswell of the OpenSSL development team.
+
+Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+
+
+Severity: Moderate
+
+Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+effectively reduced to only comparing the least significant bit of each byte.
+This allows an attacker to forge messages that would be considered as
+authenticated in an amount of tries lower than that guaranteed by the security
+claims of the scheme. The module can only be compiled by the HP-UX assembler, 
so
+that only HP-UX PA-RISC targets are affected.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+
+This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
+The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+=
+
+Severity: Low
+
+This issue has been reported in a previous OpenSSL security advisory and a fix
+was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at
+that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h.
+
+There is an overflow bug in the AVX2 Montgomery multiplication procedure
+used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+Analysis suggests that attacks against RSA and DSA as a result of this defect
+would be very difficult to perform and are not believed likely. Attacks
+against DH1024 are considered just feasible, because most of the work
+necessary to deduce information about a private key may be performed offline.
+The amount of resources required for such an attack would be significant.
+However, for an attack on TLS to be meaningful, the server would have to share
+the DH1024 private key among multiple clients, which is no longer an option
+since CVE-2016-0701.
+
+This only affects processors that support the AVX2 but not ADX extensions
+like Intel Haswell (4th generation).
+
+Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
+and CVE-2015-3193.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 us

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  53c9818e970fc0c22d77e19fda3b3e6f6c9e759d (commit)
  from  f6c024c2e7f33e9d26c62cf19d519e5ef7fa4a09 (commit)


- Log -
commit 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d
Author: Matt Caswell 
Date:   Thu Mar 22 14:33:05 2018 +

Don't write out a bad OID

If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.

Fixes #5723

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5725)

---

Summary of changes:
 crypto/asn1/tasn_enc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index caa4869..8b562ba 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char 
*cout, int *putype,
 otmp = (ASN1_OBJECT *)*pval;
 cont = otmp->data;
 len = otmp->length;
+if (cont == NULL || len == 0)
+return -1;
 break;
 
 case V_ASN1_NULL:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  68f04fa1ddc71c67822796bee7abaf32a87203a8 (commit)
  from  b403cc386cb927f6838a2fc300cd1d872007ba65 (commit)


- Log -
commit 68f04fa1ddc71c67822796bee7abaf32a87203a8
Author: Matt Caswell 
Date:   Thu Mar 22 14:33:05 2018 +

Don't write out a bad OID

If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.

Fixes #5723

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5725)

(cherry picked from commit 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d)

---

Summary of changes:
 crypto/asn1/tasn_enc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index caa4869..8b562ba 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char 
*cout, int *putype,
 otmp = (ASN1_OBJECT *)*pval;
 cont = otmp->data;
 len = otmp->length;
+if (cont == NULL || len == 0)
+return -1;
 break;
 
 case V_ASN1_NULL:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  b1eaed1c996da382efcbd44611a8917a68188dbf (commit)
  from  68f04fa1ddc71c67822796bee7abaf32a87203a8 (commit)


- Log -
commit b1eaed1c996da382efcbd44611a8917a68188dbf
Author: Rich Salz 
Date:   Mon Apr 24 20:24:38 2017 -0400

Fix typo in OPENSSL_LH_new compat API

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/3292)
(cherry picked from commit b3c42fc2503a685a9e51427c1a83c8f09487389d)

---

Summary of changes:
 include/openssl/lhash.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
index 82d40c1..88d7d97 100644
--- a/include/openssl/lhash.h
+++ b/include/openssl/lhash.h
@@ -95,7 +95,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, 
BIO *out);
 #  define _LHASH OPENSSL_LHASH
 #  define LHASH_NODE OPENSSL_LH_NODE
 #  define lh_error OPENSSL_LH_error
-#  define lh_new OPENSSL_lh_new
+#  define lh_new OPENSSL_LH_new
 #  define lh_free OPENSSL_LH_free
 #  define lh_insert OPENSSL_LH_insert
 #  define lh_delete OPENSSL_LH_delete
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  37a385956461ab526ecea2739a8a40364a8db259 (commit)
   via  320a81277e402f393289ae7229b2320324321fb1 (commit)
  from  9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 (commit)


- Log -
commit 37a385956461ab526ecea2739a8a40364a8db259
Author: Matt Caswell 
Date:   Mon Mar 26 23:36:37 2018 +0100

Temporarily disable some tests that hang

The previous commit causes some tests to hang so we temporarily disable 
them.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5757)

commit 320a81277e402f393289ae7229b2320324321fb1
Author: Matt Caswell 
Date:   Mon Mar 26 19:12:25 2018 +0100

Remove some code for a contributor that we cannot find

This removes some code because we cannot trace the original contributor
to get their agreement for the licence change (original commit e03ddfae).

After this change there will be numerous failures in the test cases until
someone rewrites the missing code.

All *_free functions should accept a NULL parameter. After this change
the following *_free functions will fail if a NULL parameter is passed:

BIO_ACCEPT_free()
BIO_CONNECT_free()
BN_BLINDING_free()
BN_CTX_free()
BN_MONT_CTX_free()
BN_RECP_CTX_free()
BUF_MEM_free()
COMP_CTX_free()
ERR_STATE_free()
TXT_DB_free()
X509_STORE_free()
ssl3_free()
ssl_cert_free()
SSL_SESSION_free()
SSL_free()

[skip ci]

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5757)

---

Summary of changes:
 crypto/bio/bss_acpt.c   | 3 ---
 crypto/bio/bss_conn.c   | 3 ---
 crypto/bn/bn_blind.c| 3 ---
 crypto/bn/bn_ctx.c  | 2 --
 crypto/bn/bn_mont.c | 3 ---
 crypto/bn/bn_recp.c | 3 ---
 crypto/buffer/buffer.c  | 3 ---
 crypto/comp/comp_lib.c  | 3 ---
 crypto/err/err.c| 3 ---
 crypto/txt_db/txt_db.c  | 3 ---
 crypto/x509/x509_lu.c   | 3 ---
 ssl/s3_lib.c| 2 +-
 ssl/ssl_cert.c  | 3 ---
 ssl/ssl_lib.c   | 3 ---
 ssl/ssl_sess.c  | 3 ---
 test/recipes/99-test_fuzz.t | 4 
 util/perl/TLSProxy/Proxy.pm | 5 +
 17 files changed, 10 insertions(+), 42 deletions(-)

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index b7ec0c0..0171c49 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -101,9 +101,6 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void)
 
 static void BIO_ACCEPT_free(BIO_ACCEPT *a)
 {
-if (a == NULL)
-return;
-
 OPENSSL_free(a->param_addr);
 OPENSSL_free(a->param_serv);
 BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 5c461ae..0fad02f 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -232,9 +232,6 @@ BIO_CONNECT *BIO_CONNECT_new(void)
 
 void BIO_CONNECT_free(BIO_CONNECT *a)
 {
-if (a == NULL)
-return;
-
 OPENSSL_free(a->param_hostname);
 OPENSSL_free(a->param_service);
 BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 006ad6e..8bd6156 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -80,9 +80,6 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM 
*Ai, BIGNUM *mod)
 
 void BN_BLINDING_free(BN_BLINDING *r)
 {
-if (r == NULL)
-return;
-
 BN_free(r->A);
 BN_free(r->Ai);
 BN_free(r->e);
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 68c0468..7202aef 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -156,8 +156,6 @@ BN_CTX *BN_CTX_secure_new(void)
 
 void BN_CTX_free(BN_CTX *ctx)
 {
-if (ctx == NULL)
-return;
 #ifdef BN_CTX_DEBUG
 {
 BN_POOL_ITEM *pool = ctx->pool.head;
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 6357c60..bae7d23 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -217,9 +217,6 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 
 void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 {
-if (mont == NULL)
-return;
-
 BN_clear_free(&(mont->RR));
 BN_clear_free(&(mont->N));
 BN_clear_free(&(mont->Ni));
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index e873699..923a9b3 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -32,9 +32,6 @@ BN_RECP_CTX *BN_RECP_CTX_new(void)
 
 void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 {
-if (recp == NULL)
-return;
-
 BN_free(&(recp->N));
 BN_free(&(recp->Nr));
 if (recp->flags & BN_FLG_MALLOCED)
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index cbd2e53..dfa5c23 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -42,9 +42,6 @@ BUF_MEM 

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  242fcd695db6225ef98c5ad084e6f15ec5953158 (commit)
  from  f770d75b1cac264d6280ec7326277daff6965cbb (commit)


- Log -
commit 242fcd695db6225ef98c5ad084e6f15ec5953158
Author: Andy Polyakov 
Date:   Fri Mar 23 15:12:20 2018 +0100

rand/randfile.c: permit non-regular files in RAND_load_file.

Apparently applications rely on RAND_load_file's ability to work with
non-regular files, customarily with /dev/urandom, so that the ban was
not exactly appropriate.

Reviewed-by: Rich Salz 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Paul Dale 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/5737)

---

Summary of changes:
 crypto/rand/randfile.c  | 34 +++---
 doc/man3/RAND_load_file.pod | 10 +++---
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index a979eb9..fa6f49e 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -32,6 +32,8 @@
 #  define chmod   _chmod
 #  define open_open
 #  define fdopen  _fdopen
+#  define fstat   _fstat
+#  define fileno  _fileno
 # endif
 #endif
 
@@ -82,27 +84,45 @@ int RAND_load_file(const char *file, long bytes)
 if (bytes == 0)
 return 0;
 
-#ifndef OPENSSL_NO_POSIX_IO
-if (stat(file, ) < 0 || !S_ISREG(sb.st_mode)) {
-RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_NOT_A_REGULAR_FILE);
+if ((in = openssl_fopen(file, "rb")) == NULL) {
+RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
 ERR_add_error_data(2, "Filename=", file);
 return -1;
 }
-#endif
-if ((in = openssl_fopen(file, "rb")) == NULL) {
-RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+
+#ifndef OPENSSL_NO_POSIX_IO
+if (fstat(fileno(in), ) < 0) {
+RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
 ERR_add_error_data(2, "Filename=", file);
 return -1;
 }
 
+if (!S_ISREG(sb.st_mode) && bytes < 0)
+bytes = 256;
+#endif
+/*
+ * Don't buffer, because even if |file| is regular file, we have
+ * no control over the buffer, so why would we want a copy of its
+ * contents lying around?
+ */
+setbuf(in, NULL);
+
 for ( ; ; ) {
 if (bytes > 0)
 n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
 else
 n = RAND_FILE_SIZE;
 i = fread(buf, 1, n, in);
-if (i <= 0)
+#ifdef EINTR
+if (ferror(in) && errno == EINTR){
+clearerr(in);
+if (i == 0)
+continue;
+}
+#endif
+if (i == 0)
 break;
+
 RAND_add(buf, i, (double)i);
 ret += i;
 
diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod
index 2fe932f..489ff2d 100644
--- a/doc/man3/RAND_load_file.pod
+++ b/doc/man3/RAND_load_file.pod
@@ -24,6 +24,9 @@ Do not load the same file multiple times unless its contents 
have
 been updated by RAND_write_file() between reads.
 Also, note that B should be adequately protected so that an
 attacker cannot replace or examine the contents.
+If B is not a regular file, then user is considered to be
+responsible for any side effects, e.g. non-anticipated blocking or
+capture of controlling terminal.
 
 RAND_write_file() writes a number of random bytes (currently 128) to
 file B which can be used to initialize the PRNG by calling
@@ -70,13 +73,6 @@ error.
 
 L, L
 
-=head1 HISTORY
-
-A comment in the source since at least OpenSSL 1.0.2 said that
-RAND_load_file() and RAND_write_file() were only intended for regular files,
-and not really device special files such as C.  This was
-poorly enforced before OpenSSL 1.1.1.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Andy Polyakov]

The branch OpenSSL_1_1_0-stable has been updated
   via  ae43c92a337db1756c42e4d9f53f0ab92b40c04f (commit)
  from  b1eaed1c996da382efcbd44611a8917a68188dbf (commit)


- Log -
commit ae43c92a337db1756c42e4d9f53f0ab92b40c04f
Author: Miroslav Suk 
Date:   Thu Mar 22 09:20:43 2018 +0100

o_time.c: use gmtime_s with MSVC
ts/ts_rsp_sign.c: change to OPENSSL_gmtime.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5720)

(cherry picked from commit 98c03302fb7b855647aa14022f61f5fb272e514a)

---

Summary of changes:
 crypto/o_time.c | 4 
 crypto/ts/ts_rsp_sign.c | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/o_time.c b/crypto/o_time.c
index b2fb38a..30b8155 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -41,6 +41,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm 
*result)
 if (gmtime_r(timer, result) == NULL)
 return NULL;
 ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
+if (gmtime_s(result, timer))
+return NULL;
+ts = result;
 #else
 ts = gmtime(timer);
 if (ts == NULL)
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index aea7b92..91c4a42 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -16,6 +16,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "ts_lcl.h"
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
@@ -840,7 +841,7 @@ static ASN1_GENERALIZEDTIME
 long sec, long usec, unsigned precision)
 {
 time_t time_sec = (time_t)sec;
-struct tm *tm = NULL;
+struct tm *tm = NULL, tm_result;
 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
 char *p = genTime_str;
 char *p_end = genTime_str + sizeof(genTime_str);
@@ -848,7 +849,7 @@ static ASN1_GENERALIZEDTIME
 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
 goto err;
 
-if ((tm = gmtime(_sec)) == NULL)
+if ((tm = OPENSSL_gmtime(_sec, _result)) == NULL)
 goto err;
 
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  dee0cc108fa92952df1f0a246e9e86bb660f1211 (commit)
  from  242fcd695db6225ef98c5ad084e6f15ec5953158 (commit)


- Log -
commit dee0cc108fa92952df1f0a246e9e86bb660f1211
Author: Philippe Antoine 
Date:   Mon Mar 26 10:29:56 2018 +0200

statem/statem_clnt.c: omit redundant check in tls_construct_client_hello.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5729)

---

Summary of changes:
 ssl/statem/statem_clnt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 86cf5b6..e940fc8 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -11,6 +11,7 @@
 
 #include 
 #include 
+#include 
 #include "../ssl_locl.h"
 #include "statem_locl.h"
 #include 
@@ -1198,14 +1199,14 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
 sess_id_len = 0;
 }
 } else {
+assert(s->session->session_id_length <= 
sizeof(s->session->session_id));
 sess_id_len = s->session->session_id_length;
 if (s->version == TLS1_3_VERSION) {
 s->tmp_session_id_len = sess_id_len;
 memcpy(s->tmp_session_id, s->session->session_id, sess_id_len);
 }
 }
-if (sess_id_len > sizeof(s->session->session_id)
-|| !WPACKET_start_sub_packet_u8(pkt)
+if (!WPACKET_start_sub_packet_u8(pkt)
 || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,
 sess_id_len))
 || !WPACKET_close(pkt)) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  c4eec78d221c6aa8d96d4d0ea9e7525490ffe222 (commit)
  from  dee0cc108fa92952df1f0a246e9e86bb660f1211 (commit)


- Log -
commit c4eec78d221c6aa8d96d4d0ea9e7525490ffe222
Author: Konstantin Shemyak 
Date:   Thu Mar 22 19:53:59 2018 +0200

doc/man1/x509.pod: corrected "S/MIME signing" requirements

When the "certificate purpose" is checked and KeyUsage extension is present,
either 'digitalSignature' or 'nonRepudiation' is accepted.

Manual page corrected to reflect the above.

Signed-off-by: Konstantin Shemyak 

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5727)

---

Summary of changes:
 doc/man1/x509.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 81ce560..c375b3b 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -871,8 +871,8 @@ this is because some Verisign certificates don't set the 
S/MIME bit.
 
 =item B
 
-In addition to the common S/MIME client tests the digitalSignature bit must
-be set if the keyUsage extension is present.
+In addition to the common S/MIME client tests the digitalSignature bit or
+the nonRepudiation bit must be set if the keyUsage extension is present.
 
 =item B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.16789

[AppVeyor]

Build openssl master.16789 failed


Commit 98c03302fb by Miroslav Suk on 3/27/2018 6:12 PM:

o_time.c: use gmtime_s with MSVC


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[bernd . edlinger]

The branch OpenSSL_1_1_0-stable has been updated
   via  cdabf89acf65040560e0242cb70d945f3f3bdd5c (commit)
  from  ae43c92a337db1756c42e4d9f53f0ab92b40c04f (commit)


- Log -
commit cdabf89acf65040560e0242cb70d945f3f3bdd5c
Author: Philippe Antoine 
Date:   Mon Mar 26 10:23:51 2018 +0200

Adds multiple checks to avoid buffer over reads

Reviewed-by: Rich Salz 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5686)

---

Summary of changes:
 ssl/t1_trce.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 76bdf79..e5b4085 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -725,6 +725,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int 
server,
 BIO_puts(bio, "No Extensions\n");
 return 1;
 }
+if (msglen < 2)
+return 0;
 extslen = (msg[0] << 8) | msg[1];
 if (extslen != msglen - 2)
 return 0;
@@ -1092,6 +1094,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, 
SSL *s,
 msglen -= xlen + 2;
 
  skip_sig:
+if (msglen < 2)
+return 0;
 xlen = (msg[0] << 8) | msg[1];
 BIO_indent(bio, indent, 80);
 if (msglen < xlen + 2)
@@ -1271,7 +1275,15 @@ void SSL_trace(int write_p, int version, int 
content_type,
 switch (content_type) {
 case SSL3_RT_HEADER:
 {
-int hvers = msg[1] << 8 | msg[2];
+int hvers;
+
+/* avoid overlapping with length at the end of buffer */
+if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) {
+BIO_puts(bio, write_p ? "Sent" : "Received");
+ssl_print_hex(bio, 0, " too short message", msg, msglen);
+break;
+}
+hvers = msg[1] << 8 | msg[2];
 BIO_puts(bio, write_p ? "Sent" : "Received");
 BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  f770d75b1cac264d6280ec7326277daff6965cbb (commit)
  from  37a385956461ab526ecea2739a8a40364a8db259 (commit)


- Log -
commit f770d75b1cac264d6280ec7326277daff6965cbb
Author: Andy Polyakov 
Date:   Mon Mar 26 12:35:57 2018 +0200

Configure: make LIST command work with dynamic 15-android.conf.

This is quick-n-dirty ad-hoc solution, the problem asks for more
elegant one...

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5755)

---

Summary of changes:
 Configurations/15-android.conf |  4 
 Configure  | 12 
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index 551f71b..d117386 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -16,6 +16,10 @@
 
 sub android_ndk {
 unless (%$android_ndk) {
+if ($now_printing =~ m|^android|) {
+return $android_ndk = { bn_ops => "BN_AUTO" };
+}
+
 my $ndk = $ENV{ANDROID_NDK};
 die "\$ANDROID_NDK is not defined"  if (!$ndk);
 die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
diff --git a/Configure b/Configure
index 7a2ef9b..8770090 100755
--- a/Configure
+++ b/Configure
@@ -179,6 +179,10 @@ my $apitable = {
 our %table = ();
 our %config = ();
 our %withargs = ();
+our $now_printing;  # set to current entry's name in print_table_entry
+# (todo: right thing would be to encapsulate name
+# into %target [class] and make print_table_entry
+# a method)
 
 # Forward declarations ###
 
@@ -3108,8 +3112,8 @@ sub env
 
 sub print_table_entry
 {
-my $target = shift;
-my %target = resolve_config($target);
+local $now_printing = shift;
+my %target = resolve_config($now_printing);
 my $type = shift;
 
 # Don't print the templates
@@ -3178,7 +3182,7 @@ sub print_table_entry
 
 if ($type eq "TABLE") {
print "\n";
-   print "*** $target\n";
+   print "*** $now_printing\n";
 foreach (@sequence) {
 if (ref($target{$_}) eq "ARRAY") {
 printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}});
@@ -3189,7 +3193,7 @@ sub print_table_entry
 } elsif ($type eq "HASH") {
my $largest =
length((sort { length($a) <=> length($b) } @sequence)[-1]);
-   print "'$target' => {\n";
+   print "'$now_printing' => {\n";
foreach (@sequence) {
if ($target{$_}) {
 if (ref($target{$_}) eq "ARRAY") {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  98c03302fb7b855647aa14022f61f5fb272e514a (commit)
  from  c4eec78d221c6aa8d96d4d0ea9e7525490ffe222 (commit)


- Log -
commit 98c03302fb7b855647aa14022f61f5fb272e514a
Author: Miroslav Suk 
Date:   Thu Mar 22 09:20:43 2018 +0100

o_time.c: use gmtime_s with MSVC
ts/ts_rsp_sign.c: change to OPENSSL_gmtime.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5720)

---

Summary of changes:
 crypto/o_time.c | 4 
 crypto/ts/ts_rsp_sign.c | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/o_time.c b/crypto/o_time.c
index b2fb38a..30b8155 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -41,6 +41,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm 
*result)
 if (gmtime_r(timer, result) == NULL)
 return NULL;
 ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
+if (gmtime_s(result, timer))
+return NULL;
+ts = result;
 #else
 ts = gmtime(timer);
 if (ts == NULL)
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index eac40ab..ed45c00 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -13,6 +13,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "ts_lcl.h"
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
@@ -986,7 +987,7 @@ static ASN1_GENERALIZEDTIME 
*TS_RESP_set_genTime_with_precision(
 unsigned precision)
 {
 time_t time_sec = (time_t)sec;
-struct tm *tm = NULL;
+struct tm *tm = NULL, tm_result;
 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
 char *p = genTime_str;
 char *p_end = genTime_str + sizeof(genTime_str);
@@ -994,7 +995,7 @@ static ASN1_GENERALIZEDTIME 
*TS_RESP_set_genTime_with_precision(
 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
 goto err;
 
-if ((tm = gmtime(_sec)) == NULL)
+if ((tm = OPENSSL_gmtime(_sec, _result)) == NULL)
 goto err;
 
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[bernd . edlinger]

The branch OpenSSL_1_0_2-stable has been updated
   via  46c815a97d21135561d2204574bbd7c184b1f0b5 (commit)
  from  f3f8e72f494b36d05e0d04fe418f92b692fbb261 (commit)


- Log -
commit 46c815a97d21135561d2204574bbd7c184b1f0b5
Author: Philippe Antoine 
Date:   Mon Mar 26 10:25:55 2018 +0200

Adds multiple checks to avoid buffer over reads

Reviewed-by: Rich Salz 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5687)

---

Summary of changes:
 ssl/t1_trce.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index dc62df8..8a5707a 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -645,6 +645,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int 
server,
 BIO_puts(bio, "No Extensions\n");
 return 1;
 }
+if (msglen < 2)
+return 0;
 extslen = (msg[0] << 8) | msg[1];
 if (extslen != msglen - 2)
 return 0;
@@ -1021,6 +1023,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, 
SSL *s,
 msglen -= xlen + 2;
 
  skip_sig:
+if (msglen < 2)
+return 0;
 xlen = (msg[0] << 8) | msg[1];
 BIO_indent(bio, indent, 80);
 if (msglen < xlen + 2)
@@ -1209,7 +1213,15 @@ void SSL_trace(int write_p, int version, int 
content_type,
 switch (content_type) {
 case SSL3_RT_HEADER:
 {
-int hvers = msg[1] << 8 | msg[2];
+int hvers;
+
+/* avoid overlapping with length at the end of buffer */
+if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) {
+BIO_puts(bio, write_p ? "Sent" : "Received");
+ssl_print_hex(bio, 0, " too short message", msg, 
msglen);
+break;
+}
+hvers = msg[1] << 8 | msg[2];
 BIO_puts(bio, write_p ? "Sent" : "Received");
 BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  e6e9170d6e28038768895e1af18e3aad8093bf4b (commit)
  from  98c03302fb7b855647aa14022f61f5fb272e514a (commit)


- Log -
commit e6e9170d6e28038768895e1af18e3aad8093bf4b
Author: Rich Salz 
Date:   Tue Mar 27 16:25:08 2018 -0400

Allow NULL for some _free routines.

Based on the description in https://github.com/openssl/openssl/pull/5757,
this re-implements the "allow NULL to be passed" behavior of a number of
xxx_free routines.  I also fixed up some egregious formatting errors
that were nearby.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5761)

---

Summary of changes:
 crypto/bio/bss_acpt.c  |  2 ++
 crypto/bio/bss_conn.c  |  2 ++
 crypto/bn/bn_blind.c   |  2 ++
 crypto/bn/bn_ctx.c |  2 ++
 crypto/bn/bn_mont.c| 14 --
 crypto/bn/bn_recp.c|  6 --
 crypto/buffer/buffer.c |  2 ++
 crypto/comp/comp_lib.c |  2 ++
 crypto/err/err.c   | 29 +++--
 crypto/txt_db/txt_db.c |  2 ++
 crypto/x509/x509_lu.c  |  2 ++
 ssl/s3_lib.c   |  2 +-
 ssl/ssl_cert.c |  2 ++
 ssl/ssl_lib.c  |  2 ++
 ssl/ssl_sess.c |  2 ++
 15 files changed, 50 insertions(+), 23 deletions(-)

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 0171c49..64cc452 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -101,6 +101,8 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void)
 
 static void BIO_ACCEPT_free(BIO_ACCEPT *a)
 {
+if (a == NULL)
+return;
 OPENSSL_free(a->param_addr);
 OPENSSL_free(a->param_serv);
 BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 0fad02f..cc245ab 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -232,6 +232,8 @@ BIO_CONNECT *BIO_CONNECT_new(void)
 
 void BIO_CONNECT_free(BIO_CONNECT *a)
 {
+if (a == NULL)
+return;
 OPENSSL_free(a->param_hostname);
 OPENSSL_free(a->param_service);
 BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 8bd6156..985d3ef 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -80,6 +80,8 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM 
*Ai, BIGNUM *mod)
 
 void BN_BLINDING_free(BN_BLINDING *r)
 {
+if (r == NULL)
+return;
 BN_free(r->A);
 BN_free(r->Ai);
 BN_free(r->e);
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 7202aef..68c0468 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -156,6 +156,8 @@ BN_CTX *BN_CTX_secure_new(void)
 
 void BN_CTX_free(BN_CTX *ctx)
 {
+if (ctx == NULL)
+return;
 #ifdef BN_CTX_DEBUG
 {
 BN_POOL_ITEM *pool = ctx->pool.head;
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index bae7d23..c882891 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -208,18 +208,20 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 {
 ctx->ri = 0;
-bn_init(&(ctx->RR));
-bn_init(&(ctx->N));
-bn_init(&(ctx->Ni));
+bn_init(>RR);
+bn_init(>N);
+bn_init(>Ni);
 ctx->n0[0] = ctx->n0[1] = 0;
 ctx->flags = 0;
 }
 
 void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 {
-BN_clear_free(&(mont->RR));
-BN_clear_free(&(mont->N));
-BN_clear_free(&(mont->Ni));
+if (mont == NULL)
+return;
+BN_clear_free(>RR);
+BN_clear_free(>N);
+BN_clear_free(>Ni);
 if (mont->flags & BN_FLG_MALLOCED)
 OPENSSL_free(mont);
 }
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 923a9b3..8eb500b 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -32,8 +32,10 @@ BN_RECP_CTX *BN_RECP_CTX_new(void)
 
 void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 {
-BN_free(&(recp->N));
-BN_free(&(recp->Nr));
+if (recp == NULL)
+return;
+BN_free(>N);
+BN_free(>Nr);
 if (recp->flags & BN_FLG_MALLOCED)
 OPENSSL_free(recp);
 }
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index dfa5c23..48618a4 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -42,6 +42,8 @@ BUF_MEM *BUF_MEM_new(void)
 
 void BUF_MEM_free(BUF_MEM *a)
 {
+if (a == NULL)
+return;
 if (a->data != NULL) {
 if (a->flags & BUF_MEM_FLAG_SECURE)
 OPENSSL_secure_clear_free(a->data, a->max);
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index 5bed187..c199bb3 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -45,6 +45,8 @@ const char *COMP_get_name(const COMP_METHOD *meth)
 
 void COMP_CTX_free(COMP_CTX *ctx)
 {
+if (ctx == NULL)
+return;
 if (ctx->meth->finish != NULL)
 ctx->meth->finish(ctx);
 
diff --git a/crypto/err/err.c b/crypto/err/err.c
index