[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings

2018-03-12 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings

Commit log since last time:

a5829ae Adjust LPdir_unix.c on VMS for OpenSSL expectations
86a227e CONF inclusion test: Add VMS specific tests
4f7c840 CONF: On VMS, treat VMS syntax inclusion paths correctly
c130c0f Free the correct type in OBJ_add_object()
61cd0c9 Fix enable-ssl-trace
3fa2812 Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb
4718f44 Improve error handling in pk7_doit
e45b4dd Add OIDs for DSTU-4145
6ac Don't negotiate TLSv1.3 with the ossl_shim
df0fed9 Session Ticket app data
f1c00b9 mem_sec.c: portability fixup.

Build log ended with (last 100 lines):

$ CC=clang ../openssl/config -d --strict-warnings
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1-pre3-dev (0x10101003L) for linux-x86_64-clang
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile

**
******
***   If you want to report a building issue, please include the   ***
***   output from this command:***
******
*** perl configdata.pm --dump  ***
******
**
$ make clean
rm -f
rm -f libcrypto.so.1.1
rm -f libcrypto.so
rm -f libssl.so.1.1
rm -f libssl.so
rm -f
rm -f apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
rm -f *.map
rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test 
fuzz/bndiv-test fuzz/client-test fuzz/cms-test fuzz/conf-test fuzz/crl-test 
fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/afalgtest 
test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test 
test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test 
test/bftest test/bio_enc_test test/bioprinttest test/bntest test/buildtest_aes 
test/buildtest_asn1 test/buildtest_asn1err test/buildtest_asn1t 
test/buildtest_async test/buildtest_asyncerr test/buildtest_bio 
test/buildtest_bioerr test/buildtest_blowfish test/buildtest_bn 
test/buildtest_bnerr test/buildtest_buffer test/buildtest_buffererr 
test/buildtest_camellia test/buildtest_cast test/buildtest_cmac 
test/buildtest_cms test/buildtest_cmserr test/buildtest_comp 
test/buildtest_comperr test/buildtest_conf test/buildtest_conf_api 
test/buildtest_conferr test/buildtest_crypto test/buildtest_cryptoerr 
test/buildtest_ct test/buildte
 st_cterr test/buildtest_des test/buildtest_dh test/buildtest_dherr 
test/buildtest_dsa test/buildtest_dsaerr test/buildtest_dtls1 
test/buildtest_e_os2 test/buildtest_ebcdic test/buildtest_ec 
test/buildtest_ecdh test/buildtest_ecdsa test/buildtest_ecerr 
test/buildtest_engine test/buildtest_engineerr test/buildtest_err 
test/buildtest_evp test/buildtest_evperr test/buildtest_hmac 
test/buildtest_idea test/buildtest_kdf test/buildtest_kdferr 
test/buildtest_lhash test/buildtest_md4 test/buildtest_md5 test/buildtest_mdc2 
test/buildtest_modes test/buildtest_obj_mac test/buildtest_objects 
test/buildtest_objectserr test/buildtest_ocsp test/buildtest_ocsperr 
test/buildtest_opensslv test/buildtest_ossl_typ test/buildtest_pem 
test/buildtest_pem2 test/buildtest_pemerr test/buildtest_pkcs12 
test/buildtest_pkcs12err test/buildtest_pkcs7 test/buildtest_pkcs7err 
test/buildtest_rand test/buildtest_randerr test/buildtest_rc2 
test/buildtest_rc4 test/buildtest_ripemd test/buildtest_rsa test/buildtest_rsae
 rr test/buildtest_safestack test/buildtest_seed test/buildtest_sha 
test/buildtest_srp test/buildtest_srtp test/buildtest_ssl test/buildtest_ssl2 
test/buildtest_sslerr test/buildtest_stack test/buildtest_store 
test/buildtest_storeerr test/buildtest_symhacks test/buildtest_tls1 
test/buildtest_ts test/buildtest_tserr test/buildtest_txt_db test/buildtest_ui 
test/buildtest_uierr test/buildtest_whrlpool test/buildtest_x509 
test/buildtest_x509_vfy test/buildtest_x509err test/buildtest_x509v3 
test/buildtest_x509v3err test/casttest test/chacha_internal_test 
test/cipherbytes_test test/cipherlist_test test/ciphername_test 
test/clienthellotest test/conf_include_test test/constant_time_test 
test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test 
test/d2i_test test/danetest test/destest test/dhtest test/drbgtest test/dsatest 
test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ecdsatest 
test/ecstresstest test/ectest test/enginetest test/evp_extra_test test/evp_test 
t
 est/exdatatest test/exptest test/fatalerrtest test/gmdifftest test/hmactest 
test/ideatest test/igetest test/lhash_test test/md2test test/mdc2_internal_test 
test/mdc2test

[openssl-commits] [openssl] master update

2018-03-12 Thread Richard Levitte 
The branch master has been updated
   via  a5829ae282f47c39d1dd0642e4a84c0a6f3d80f4 (commit)
   via  86a227ee1b7cae68dfbe5737bf3193a8f03eb138 (commit)
   via  4f7c840a4dba37d8465137eae6867968e251c13c (commit)
  from  c130c0fe1d386fcc05d5b7accf062fe72b7272e8 (commit)


- Log -
commit a5829ae282f47c39d1dd0642e4a84c0a6f3d80f4
Author: Richard Levitte 
Date:   Sun Mar 11 23:48:04 2018 +0100

Adjust LPdir_unix.c on VMS for OpenSSL expectations

When OPENSSL_DIR_read implemented by LPdir_unix.c gets a Unixy path,
it will return file names like you'd expect them on Unix.

However, if given a path with VMS syntax, such as "[.foo]", it returns
file names with generation numbers, such as "bar.txt;1", which makes
sense for VMS expectations, but can be surprising for OpenSSL.

Our solution is to simply shave off the generation number if
OPENSSL_DIR_read() expects there should be one, and make sure not to
return the same file name twice.  Note that VMS filesystems are case
insensitive, so the check for duplicate file names are done without
regard to character case.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/5587)

commit 86a227ee1b7cae68dfbe5737bf3193a8f03eb138
Author: Richard Levitte 
Date:   Sun Mar 11 23:47:40 2018 +0100

CONF inclusion test: Add VMS specific tests

We want to see that VMS syntax paths are treated correctly.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/5587)

commit 4f7c840a4dba37d8465137eae6867968e251c13c
Author: Richard Levitte 
Date:   Sun Mar 11 10:14:11 2018 +0100

CONF: On VMS, treat VMS syntax inclusion paths correctly

non-VMS syntax inclusion paths get the same treatment as on Unix.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/5587)

---

Summary of changes:
 crypto/LPdir_unix.c| 39 --
 crypto/conf/conf_def.c | 22 ++--
 test/recipes/90-test_includes.t| 10 +-
 .../{includes.cnf => vms-includes-file.cnf}|  2 +-
 .../{includes.cnf => vms-includes.cnf} |  2 +-
 5 files changed, 67 insertions(+), 8 deletions(-)
 copy test/recipes/90-test_includes_data/{includes.cnf => 
vms-includes-file.cnf} (65%)
 copy test/recipes/90-test_includes_data/{includes.cnf => vms-includes.cnf} 
(65%)

diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
index 6648a60..356089d 100644
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,7 +11,7 @@
  * This file is dual-licensed and is also available under the following
  * terms:
  *
- * Copyright (c) 2004, Richard Levitte 
+ * Copyright (c) 2004, 2018, Richard Levitte 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,9 @@
 #ifndef LPDIR_H
 # include "LPdir.h"
 #endif
+#ifdef __VMS
+# include 
+#endif
 
 /*
  * The POSIXly macro for the maximum number of characters in a file path is
@@ -73,6 +76,10 @@
 struct LP_dir_context_st {
 DIR *dir;
 char entry_name[LP_ENTRY_SIZE + 1];
+#ifdef __VMS
+int expect_file_generations;
+char previous_entry_name[LP_ENTRY_SIZE + 1];
+#endif
 };
 
 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
@@ -93,6 +100,15 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char 
*directory)
 }
 memset(*ctx, 0, sizeof(**ctx));
 
+#ifdef __VMS
+{
+char c = directory[strlen(directory) - 1];
+
+if (c == ']' || c == '>' || c == ':')
+(*ctx)->expect_file_generations = 1;
+}
+#endif
+
 (*ctx)->dir = opendir(directory);
 if ((*ctx)->dir == NULL) {
 int save_errno = errno; /* Probably not needed, but I'm paranoid */
@@ -103,6 +119,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char 
*directory)
 }
 }
 
+#ifdef __VMS
+strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name,
+sizeof((*ctx)->previous_entry_name));
+
+ again:
+#endif
+
 direntry = readdir((*ctx)->dir);
 if (direntry == NULL) {
 return 0;
@@ -111,6 +134,18 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char 
*directory)
 strncpy((*ctx)->entry_name, direntry->d_name,

[openssl-commits] [web] master update

2018-03-12 Thread Richard Levitte 
The branch master has been updated
   via  89540fdb4b0aecc7dcd8a544a97d6a41aec6384e (commit)
  from  a9dd578755eba45264f092b5371dae89b1be7172 (commit)


- Log -
commit 89540fdb4b0aecc7dcd8a544a97d6a41aec6384e
Author: Richard Levitte 
Date:   Mon Mar 12 21:23:40 2018 +0100

Update the release dates according to OMC vote

OMC vote has the following text:

  topic: Push the release of 1.1.1 beta1 (pre3) forward one week

 Reason: we have a number of unreviewed PRs on github marked
 1.1.1 and time is getting short.

 All other current future release dates will be pushed one week as 
well.
 https://www.openssl.org/policies/releasestrat.html will be updated.
 An official announcement should be made.
  Proposed by Richard Levitte

The votes are 6 +1's, no -1's and one not voted

---

Summary of changes:
 policies/releasestrat.html | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 36eb4b2..3f37936 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -80,16 +80,17 @@
  
13th February 2018, alpha release 1 (pre1)
27th February 2018, alpha release 2 (pre2)
-   13th March 2018, beta release 1 (pre3)
+   20th March 2018, beta release 1 (pre3)
   
OpenSSL_1_1_1-stable created (feature freeze)
master becomes basis for 1.1.2 or 1.2.0 (TBD)
  
-   27th March 2018, beta release 2 (pre4)
-   10th April 2018, beta release 3 (pre5)
-   24th April 2018, beta release 4 (pre6)
-   1st May 2018, release readiness check (new release cycles added 
if
-   required, first possible final release date: 8th May 2018)
+   3rd April 2018, beta release 2 (pre4)
+   17th April 2018, beta release 3 (pre5)
+   1st May 2018, beta release 4 (pre6)
+   8th May 2018, release readiness check (new release
+   cycles added if required, first possible final release date:
+   15th May 2018)
  
 
  An alpha release means:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-03-12 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  e56585e3e950e98d7014476bea8bfe71b3ff0a1f (commit)
  from  c46343fe662df971755df6cf66c50e531b032745 (commit)


- Log -
commit e56585e3e950e98d7014476bea8bfe71b3ff0a1f
Author: Matt Caswell 
Date:   Mon Mar 12 15:24:29 2018 +

Free the correct type in OBJ_add_object()

We should be using ASN1_OBJECT_free() not OPENSSL_free().

Fixes #5568

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5599)

---

Summary of changes:
 crypto/objects/obj_dat.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index c43d86e..315afa9 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
 for (i = ADDED_DATA; i <= ADDED_NID; i++)
 if (ao[i] != NULL)
 OPENSSL_free(ao[i]);
-if (o != NULL)
-OPENSSL_free(o);
-return (NID_undef);
+ASN1_OBJECT_free(o);
+return NID_undef;
 }
 
 ASN1_OBJECT *OBJ_nid2obj(int n)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-03-12 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  98e4c100d2cd33f3be24b1210f403ef1a41fa36a (commit)
  from  7e454ca3660af9416dcea0195ebe86fc3ff2fd80 (commit)


- Log -
commit 98e4c100d2cd33f3be24b1210f403ef1a41fa36a
Author: Matt Caswell 
Date:   Mon Mar 12 15:24:29 2018 +

Free the correct type in OBJ_add_object()

We should be using ASN1_OBJECT_free() not OPENSSL_free().

Fixes #5568

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5598)

---

Summary of changes:
 crypto/objects/obj_dat.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 53109ac..9be8a7b 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -213,8 +213,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
  err:
 for (i = ADDED_DATA; i <= ADDED_NID; i++)
 OPENSSL_free(ao[i]);
-OPENSSL_free(o);
-return (NID_undef);
+ASN1_OBJECT_free(o);
+return NID_undef;
 }
 
 ASN1_OBJECT *OBJ_nid2obj(int n)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  c130c0fe1d386fcc05d5b7accf062fe72b7272e8 (commit)
  from  61cd0c946b34b6ae690882b334d77093e063d47c (commit)


- Log -
commit c130c0fe1d386fcc05d5b7accf062fe72b7272e8
Author: Matt Caswell 
Date:   Mon Mar 12 15:24:29 2018 +

Free the correct type in OBJ_add_object()

We should be using ASN1_OBJECT_free() not OPENSSL_free().

Fixes #5568

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5597)

---

Summary of changes:
 crypto/objects/obj_dat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 06a3fb3..f4412f6 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -213,7 +213,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
  err:
 for (i = ADDED_DATA; i <= ADDED_NID; i++)
 OPENSSL_free(ao[i]);
-OPENSSL_free(o);
+ASN1_OBJECT_free(o);
 return NID_undef;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  61cd0c946b34b6ae690882b334d77093e063d47c (commit)
  from  3fa2812f32bdb922d47b84ab7b5a98a807d838c0 (commit)


- Log -
commit 61cd0c946b34b6ae690882b334d77093e063d47c
Author: Matt Caswell 
Date:   Mon Mar 12 16:08:31 2018 +

Fix enable-ssl-trace

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5600)

---

Summary of changes:
 ssl/t1_trce.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 601ab02..3186b98 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -480,12 +480,12 @@ static const ssl_trace_tbl ssl_exts_tbl[] = {
 {TLSEXT_TYPE_cookie, "cookie_ext"},
 {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
 {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"},
-{TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}
-{TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}
+{TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"},
+{TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"},
 {TLSEXT_TYPE_key_share, "key_share"},
-{TLSEXT_TYPE_renegotiate, "renegotiate"}
+{TLSEXT_TYPE_renegotiate, "renegotiate"},
 # ifndef OPENSSL_NO_NEXTPROTONEG
-, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}
+{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
 # endif
 };
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  3fa2812f32bdb922d47b84ab7b5a98a807d838c0 (commit)
  from  4718f449a3ecd5efac62b22d0fa9a759a7895dbc (commit)


- Log -
commit 3fa2812f32bdb922d47b84ab7b5a98a807d838c0
Author: Benjamin Saunders 
Date:   Sun Feb 25 18:39:11 2018 -0800

Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb

These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb,
but used for the application-controlled portion of TLS1.3 stateless
handshake cookies rather than entire DTLSv1 cookies.

Reviewed-by: Ben Kaduk 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/5463)

---

Summary of changes:
 apps/s_apps.h  |  5 ++
 apps/s_cb.c| 16 ++
 apps/s_server.c|  4 ++
 doc/man3/DTLSv1_listen.pod |  5 +-
 .../SSL_CTX_set_stateless_cookie_generate_cb.pod   | 58 ++
 include/openssl/ssl.h  | 15 +-
 ssl/ssl_locl.h |  8 +++
 ssl/ssl_sess.c | 18 +++
 ssl/statem/extensions_srvr.c   | 11 ++--
 test/sslapitest.c  | 19 ++-
 util/libssl.num|  2 +
 11 files changed, 149 insertions(+), 12 deletions(-)
 create mode 100644 doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod

diff --git a/apps/s_apps.h b/apps/s_apps.h
index 614aab8..1ca8ff9 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -58,6 +58,11 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len);
 
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+   size_t *cookie_len);
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len);
+
 typedef struct ssl_excert_st SSL_EXCERT;
 
 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 412442d..820491a 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -755,6 +755,22 @@ int verify_cookie_callback(SSL *ssl, const unsigned char 
*cookie,
 
 return 0;
 }
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+   size_t *cookie_len)
+{
+unsigned int temp;
+int res = generate_cookie_callback(ssl, cookie, );
+*cookie_len = temp;
+return res;
+}
+
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len)
+{
+return verify_cookie_callback(ssl, cookie, cookie_len);
+}
+
 #endif
 
 /*
diff --git a/apps/s_server.c b/apps/s_server.c
index bc1d1e5..d21631e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2038,6 +2038,10 @@ int s_server_main(int argc, char *argv[])
 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
 
+/* Set TLS1.3 cookie generation and verification callbacks */
+SSL_CTX_set_stateless_cookie_generate_cb(ctx, 
generate_stateless_cookie_callback);
+SSL_CTX_set_stateless_cookie_verify_cb(ctx, 
verify_stateless_cookie_callback);
+
 if (ctx2 != NULL) {
 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
 if (!SSL_CTX_set_session_id_context(ctx2,
diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod
index 70f6a25..858e393 100644
--- a/doc/man3/DTLSv1_listen.pod
+++ b/doc/man3/DTLSv1_listen.pod
@@ -64,10 +64,11 @@ does not support this), then B<*peer> will be cleared and 
the family set to
 AF_UNSPEC. Typically user code is expected to "connect" the underlying socket 
to
 the peer and continue the handshake in a connected state.
 
-Prior to calling these functions user code must ensure that cookie generation
+Prior to calling DTLSv1_listen() user code must ensure that cookie generation
 and verification callbacks have been set up using
 SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb()
-respectively.
+respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb()
+and SSL_CTX_set_stateless_cookie_verify_cb() must be used instead.
 
 Since DTLSv1_listen() operates entirely statelessly whilst processing incoming
 ClientHellos it is unable to process fragmented messages (since this would
diff --git a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod 
b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod
new file mode 100644
index 000..f29153e
---

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-03-12 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  7e454ca3660af9416dcea0195ebe86fc3ff2fd80 (commit)
  from  cd70b642322a78eb9f2e6e09185326498eebe2d0 (commit)


- Log -
commit 7e454ca3660af9416dcea0195ebe86fc3ff2fd80
Author: Matt Caswell 
Date:   Mon Mar 12 13:56:34 2018 +

Improve error handling in pk7_doit

If a mem allocation failed we would ignore it. This commit fixes it to
always check.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5596)

(cherry picked from commit 4718f449a3ecd5efac62b22d0fa9a759a7895dbc)

---

Summary of changes:
 crypto/pkcs7/pk7_doit.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index bc6bd30..e4bb5f1 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -316,16 +316,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 }
 
 if (bio == NULL) {
-if (PKCS7_is_detached(p7))
+if (PKCS7_is_detached(p7)) {
 bio = BIO_new(BIO_s_null());
-else if (os && os->length > 0)
+} else if (os && os->length > 0) {
 bio = BIO_new_mem_buf(os->data, os->length);
-if (bio == NULL) {
+} else {
 bio = BIO_new(BIO_s_mem());
 if (bio == NULL)
 goto err;
 BIO_set_mem_eof_return(bio, 0);
 }
+if (bio == NULL)
+goto err;
 }
 if (out)
 BIO_push(out, bio);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-03-12 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  c46343fe662df971755df6cf66c50e531b032745 (commit)
  from  d777ca4900e0de94df5590f2957962cdd231c18c (commit)


- Log -
commit c46343fe662df971755df6cf66c50e531b032745
Author: Matt Caswell 
Date:   Mon Mar 12 13:56:34 2018 +

Improve error handling in pk7_doit

If a mem allocation failed we would ignore it. This commit fixes it to
always check.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5596)

(cherry picked from commit 4718f449a3ecd5efac62b22d0fa9a759a7895dbc)

---

Summary of changes:
 crypto/pkcs7/pk7_doit.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 6cf8253..6a46368 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -375,16 +375,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 }
 
 if (bio == NULL) {
-if (PKCS7_is_detached(p7))
+if (PKCS7_is_detached(p7)) {
 bio = BIO_new(BIO_s_null());
-else if (os && os->length > 0)
+} else if (os && os->length > 0) {
 bio = BIO_new_mem_buf(os->data, os->length);
-if (bio == NULL) {
+} else {
 bio = BIO_new(BIO_s_mem());
 if (bio == NULL)
 goto err;
 BIO_set_mem_eof_return(bio, 0);
 }
+if (bio == NULL)
+goto err;
 }
 if (out)
 BIO_push(out, bio);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  4718f449a3ecd5efac62b22d0fa9a759a7895dbc (commit)
  from  e45b4dd292d8cd2a9f71c88784b72d831b3b6212 (commit)


- Log -
commit 4718f449a3ecd5efac62b22d0fa9a759a7895dbc
Author: Matt Caswell 
Date:   Mon Mar 12 13:56:34 2018 +

Improve error handling in pk7_doit

If a mem allocation failed we would ignore it. This commit fixes it to
always check.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5596)

---

Summary of changes:
 crypto/pkcs7/pk7_doit.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index c5baf04..4585031 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -316,16 +316,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 }
 
 if (bio == NULL) {
-if (PKCS7_is_detached(p7))
+if (PKCS7_is_detached(p7)) {
 bio = BIO_new(BIO_s_null());
-else if (os && os->length > 0)
+} else if (os && os->length > 0) {
 bio = BIO_new_mem_buf(os->data, os->length);
-if (bio == NULL) {
+} else {
 bio = BIO_new(BIO_s_mem());
 if (bio == NULL)
 goto err;
 BIO_set_mem_eof_return(bio, 0);
 }
+if (bio == NULL)
+goto err;
 }
 if (out)
 BIO_push(out, bio);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Rich Salz 
The branch master has been updated
   via  e45b4dd292d8cd2a9f71c88784b72d831b3b6212 (commit)
  from  6ac11bdffb02eda132973c9740b4a45a3242 (commit)


- Log -
commit e45b4dd292d8cd2a9f71c88784b72d831b3b6212
Author: gmile 
Date:   Sun Mar 11 20:52:13 2018 -0400

Add OIDs for DSTU-4145

Original source:

https://github.com/dstucrypt/openssl-dstu/commit/2c5fc4c92b8244c5026f4f871eb9497f9c28d5af

Full list of OIDs is available on related enactment page
at http://zakon2.rada.gov.ua/laws/show/z0423-17

CLA: trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5216)

---

Summary of changes:
 crypto/objects/obj_dat.h   | 110 ++---
 crypto/objects/obj_mac.num |  20 +
 crypto/objects/objects.txt |  30 +
 fuzz/oids.txt  |  20 +
 include/openssl/obj_mac.h  |  98 
 5 files changed, 273 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index c62f4ea..8aa6b8b 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[7368] = {
+static const unsigned char so[7595] = {
 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,/* [6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,   /* [   13] OBJ_md2 */
@@ -1035,9 +1035,29 @@ static const unsigned char so[7368] = {
 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,   /* [ 7341] 
OBJ_id_tc26_gost_3410_2012_256_constants */
 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01,  /* [ 7349] 
OBJ_id_tc26_gost_3410_2012_256_paramSetA */
 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,  /* [ 7358] 
OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+0x2A,0x86,0x24,/* [ 7367] OBJ_ISO_UA */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,/* [ 7370] OBJ_ua_pki */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,  /* [ 7377] 
OBJ_dstu28147 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7387] 
OBJ_dstu28147_ofb */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03,  /* [ 7398] 
OBJ_dstu28147_cfb */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05,  /* [ 7409] 
OBJ_dstu28147_wrap */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7420] 
OBJ_hmacWithDstu34311 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01,  /* [ 7430] 
OBJ_dstu34311 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,  /* [ 7440] 
OBJ_dstu4145le */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01,  /* [ 
7451] OBJ_dstu4145be */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00,  /* [ 
7464] OBJ_uacurve0 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01,  /* [ 
7477] OBJ_uacurve1 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02,  /* [ 
7490] OBJ_uacurve2 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03,  /* [ 
7503] OBJ_uacurve3 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04,  /* [ 
7516] OBJ_uacurve4 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05,  /* [ 
7529] OBJ_uacurve5 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06,  /* [ 
7542] OBJ_uacurve6 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07,  /* [ 
7555] OBJ_uacurve7 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08,  /* [ 
7568] OBJ_uacurve8 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 
7581] OBJ_uacurve9 */
 };
 
-#define NUM_NID 1150
+#define NUM_NID 1170
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
 {"UNDEF", "undefined", NID_undef},
 {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, [0]},
@@ -2189,9 +2209,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
 {"id-tc26-gost-3410-2012-256-constants", 
"id-tc26-gost-3410-2012-256-constants", 
NID_id_tc26_gost_3410_2012_256_constants, 8, [7341]},
 {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) 
ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, [7349]},
 {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) 
ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, [7358]},
+{"ISO-UA", "ISO-UA", NID_ISO_UA, 3, [7367]},
+{"ua-pki", "ua-pki", NID_ua_pki, 7, [7370]},
+{"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, [7377]},
+{"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11,

[openssl-commits] Fixed: openssl/openssl#17032 (master - aaaa6ac)

2018-03-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #17032
Status: Fixed

Duration: 32 minutes and 22 seconds
Commit: 6ac (master)
Author: Matt Caswell
Message: Don't negotiate TLSv1.3 with the ossl_shim

The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5593)

View the changeset: 
https://github.com/openssl/openssl/compare/df0fed9aab23...6ac11bdf

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/352385607?utm_source=email_medium=notification

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications







This email was sent to openssl-commits@openssl.org 
(mailto:openssl-commits@openssl.org)
unsubscribe from this list 
(http://clicks.travis-ci.com/track/unsub.php?u=14313403=745e0e962bf043dfb24fee6963865b65.S4RW6Clmvqc3YBhWrklxhpwfgC8%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dopenssl-commits%2540openssl.org)_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  6ac11bdffb02eda132973c9740b4a45a3242 (commit)
  from  df0fed9aab239e2e9a269d06637a6442051dee3b (commit)


- Log -
commit 6ac11bdffb02eda132973c9740b4a45a3242
Author: Matt Caswell 
Date:   Mon Mar 12 11:42:00 2018 +

Don't negotiate TLSv1.3 with the ossl_shim

The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5593)

---

Summary of changes:
 test/ossl_shim/ossl_shim.cc | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index fd6fa06..739d1bd 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -533,6 +533,12 @@ static bssl::UniquePtr SetupCtx(const TestConfig 
*config) {
   !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
 return nullptr;
   }
+#else
+  /* Ensure we don't negotiate TLSv1.3 until we can handle it */
+  if (!config->is_dtls &&
+  !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
+return nullptr;
+  }
 #endif
 
   std::string cipher_list = "ALL";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_noec #425

2018-03-12 Thread osslsanity 
See 


Changes:

[appro] mem_sec.c: portability fixup.

[matt] Session Ticket app data

--
[...truncated 523.73 KB...]
rm -f test/tls13encryptiontest
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/tls13encryptiontest test/tls13encryptiontest.o \
 libssl.a test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -I. -Iinclude -Iapps -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  
-MMD -MF test/uitest.d.tmp -MT test/uitest.o -c -o test/uitest.o test/uitest.c
rm -f test/uitest
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/uitest test/uitest.o \
 apps/libapps.a -lssl test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/v3ext.d.tmp -MT test/v3ext.o -c -o test/v3ext.o test/v3ext.c
rm -f test/v3ext
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/v3ext test/v3ext.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o 
test/v3nametest.c
rm -f test/v3nametest
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/v3nametest test/v3nametest.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o 
test/verify_extra_test.o test/verify_extra_test.c
rm -f test/verify_extra_test
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/verify_extra_test test/verify_extra_test.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o 
test/wpackettest.c
rm -f test/wpackettest
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/wpackettest test/wpackettest.o \
 libssl.a test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o 
test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c
rm -f test/x509_check_cert_pkey_test
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/x509_check_cert_pkey_test 
test/x509_check_cert_pkey_test.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o 
test/x509_dup_cert_test.o test/x509_dup_cert_test.c
rm -f test/x509_dup_cert_test
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/x509_dup_cert_test test/x509_dup_cert_test.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -I. -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD 
-MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o 
test/x509_internal_test.o test/x509_internal_test.c
rm -f test/x509_internal_test
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/x509_internal_test test/x509_internal_test.o \
 test/libtestutil.a libcrypto.a -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o 
test/x509_time_test.c
rm -f test/x509_time_test
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/x509_time_test test/x509_time_test.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
gcc  -Iinclude -pthread -m64  -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF 
test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c
rm -f test/x509aux
${LDCMD:-gcc} -pthread -m64  -Wa,--noexecstack -Wall -O3 -L.   \
-o test/x509aux test/x509aux.o \
 test/libtestutil.a -lcrypto -ldl -pthread 
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/CA.pl.in > "apps/CA.pl"
chmod a+x apps/CA.pl
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/tsget.in > "apps/tsget"
chmod a+x apps/tsget
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" tools/c_rehash.in > "tools/c_rehash"
chmod a+x tools/c_rehash
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
make[1]:

[openssl-commits] Still Failing: openssl/openssl#17021 (master - df0fed9)

2018-03-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #17021
Status: Still Failing

Duration: 33 minutes and 37 seconds
Commit: df0fed9 (master)
Author: Todd Short
Message: Session Ticket app data

Adds application data into the encrypted session ticket

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/3802)

View the changeset: 
https://github.com/openssl/openssl/compare/f1c00b93e213...df0fed9aab23

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/352264181?utm_source=email_medium=notification

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications







This email was sent to openssl-commits@openssl.org 
(mailto:openssl-commits@openssl.org)
unsubscribe from this list 
(http://clicks.travis-ci.com/track/unsub.php?u=14313403=5557a573480e4a7ba2ad1c3c5d84d1cf.S4RW6Clmvqc3YBhWrklxhpwfgC8%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dopenssl-commits%2540openssl.org)_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#17019 (master - f1c00b9)

2018-03-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #17019
Status: Still Failing

Duration: 37 minutes and 51 seconds
Commit: f1c00b9 (master)
Author: Andy Polyakov
Message: mem_sec.c: portability fixup.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/b38fa9855f65...f1c00b93e213

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/352254010?utm_source=email_medium=notification

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications







This email was sent to openssl-commits@openssl.org 
(mailto:openssl-commits@openssl.org)
unsubscribe from this list 
(http://clicks.travis-ci.com/track/unsub.php?u=14313403=0e88981661ca41ea96c1e1a4d7c3b878.S4RW6Clmvqc3YBhWrklxhpwfgC8%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dopenssl-commits%2540openssl.org)_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.16314

2018-03-12 Thread AppVeyor 


Build openssl master.16314 completed



Commit dda24677bf by Andy Polyakov on 3/12/2018 9:46 AM:

ec/curve25519.c: resolve regression with Android NDK's arm64 gcc.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Matt Caswell 
The branch master has been updated
   via  df0fed9aab239e2e9a269d06637a6442051dee3b (commit)
  from  f1c00b93e2138e5a45e8b500dec6bb3b2e035771 (commit)


- Log -
commit df0fed9aab239e2e9a269d06637a6442051dee3b
Author: Todd Short 
Date:   Wed Mar 15 13:25:55 2017 -0400

Session Ticket app data

Adds application data into the encrypted session ticket

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/3802)

---

Summary of changes:
 doc/man3/SSL_CTX_set_session_ticket_cb.pod | 149 +
 include/openssl/ssl.h  |  32 +++
 ssl/ssl_asn1.c |  20 +++-
 ssl/ssl_lib.c  |  11 +++
 ssl/ssl_locl.h |  37 +++
 ssl/ssl_sess.c |  48 --
 ssl/statem/extensions_srvr.c   |   6 +-
 ssl/statem/statem_srvr.c   |   4 +
 ssl/t1_lib.c   |  84 ++--
 test/handshake_helper.c|  44 +
 test/handshake_helper.h|   2 +
 test/recipes/80-test_ssl_new.t |   2 +-
 test/ssl-tests/27-ticket-appdata.conf  | 146 
 test/ssl-tests/27-ticket-appdata.conf.in   |  99 +++
 test/ssl_test.c|  22 +
 test/ssl_test_ctx.c|  10 ++
 test/ssl_test_ctx.h|   3 +
 test/ssl_test_ctx_test.c   |   4 +
 util/libssl.num|   3 +
 util/private.num   |   2 +
 20 files changed, 661 insertions(+), 67 deletions(-)
 create mode 100644 doc/man3/SSL_CTX_set_session_ticket_cb.pod
 create mode 100644 test/ssl-tests/27-ticket-appdata.conf
 create mode 100644 test/ssl-tests/27-ticket-appdata.conf.in

diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod 
b/doc/man3/SSL_CTX_set_session_ticket_cb.pod
new file mode 100644
index 000..e9aeb90
--- /dev/null
+++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod
@@ -0,0 +1,149 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_session_ticket_cb,
+SSL_SESSION_get0_ticket_appdata,
+SSL_SESSION_set1_ticket_appdata,
+SSL_CTX_generate_session_ticket_fn,
+SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data
+
+=head1 SYNOPSIS
+
+ #include 
+
+ typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+ typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, 
SSL_SESSION *ss,
+const unsigned 
char *keyname,
+size_t 
keyname_len,
+
SSL_TICKET_RETURN retv,
+void *arg);
+ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+   SSL_CTX_generate_session_ticket_fn gen_cb,
+   SSL_CTX_decrypt_session_ticket_fn dec_cb,
+   void *arg);
+ int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t 
len);
+ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t 
*len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_set_session_ticket_cb() sets the application callbacks B
+and B that are used by a server to set and get application data stored
+with a session, and placed into a session ticket. Either callback function may
+be set to NULL. The value of B is passed to the callbacks.
+
+B is the application defined callback invoked when a session ticket is
+about to be created. The application can call SSL_SESSION_set1_ticket_appdata()
+at this time to add application data to the session ticket. The value of B
+is the same as that given to SSL_CTX_set_session_ticket_cb(). The B
+callback is defined as type B.
+
+B is the application defined callback invoked after session ticket
+decryption has been attempted and any session ticket application data is 
available.
+The application can call SSL_SESSION_get_ticket_appdata() at this time to 
retrieve
+the application data. The value of B is the same as that given to
+SSL_CTX_set_session_ticket_cb(). The B arguement is the result of the 
ticket
+decryption. The B and B identify the key used to decrypt 
the
+session ticket. The B callback is defined as type
+B.
+
+SSL_SESSION_set1_ticket_appdata() sets the application data specified by
+B and B into B which is then placed into any generated session
+tickets. It can be called at any time before a session ticket is created to
+update the data placed into the session ticket. However, given that sessions
+and

[openssl-commits] Build failed: openssl master.16313

2018-03-12 Thread AppVeyor 



Build openssl master.16313 failed


Commit 8e5d99bb57 by Dr. Matthias St. Pierre on 3/11/2018 12:17 AM:

libcrypto.num: renumber exports after removal of RAND_POOL api  [fixup]


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-03-12 Thread Andy Polyakov 
The branch OpenSSL_1_1_0-stable has been updated
   via  cd70b642322a78eb9f2e6e09185326498eebe2d0 (commit)
  from  283b12036f2a7dbda8c9fe1016653d38a7a1d4a8 (commit)


- Log -
commit cd70b642322a78eb9f2e6e09185326498eebe2d0
Author: Andy Polyakov 
Date:   Sat Mar 10 16:19:33 2018 +0100

Configurations/unix-Makefile.tmpl: overhaul assembler make rules.

So far assembly modules were built as .pl->.S->.s followed by .s->.o.
This posed a problem in build_all_generated rule if it was executed
on another computer. So we change rule sequence to .pl->.S and then
.S->.s->.o.

(backport of a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a)

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5581)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 48 +++
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index d7e4ad1..07e2036 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -98,8 +98,7 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
 {- output_on() if $disabled{makedepend}; "" -}
 GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
 GENERATED={- join(" ",
-  ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
-grep { defined $unified_info{generate}->{$_} }
+  ( grep { defined $unified_info{generate}->{$_} }
 map { @{$unified_info{sources}->{$_}} }
 grep { /\.o$/ } keys %{$unified_info{sources}} ),
   ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
@@ -800,20 +799,6 @@ EOF
   }
 
   if (defined($generator)) {
-  # If the target is named foo.S in build.info, we want to
-  # end up generating foo.s in two steps.
-  if ($args{src} =~ /\.S$/) {
-   (my $target = $args{src}) =~ s|\.S$|.s|;
-   return <<"EOF";
-$target: $args{generator}->[0] $deps
-   ( trap "rm -f \$@.*" INT 0; \\
- $generator \$@.S; \\
- \$(CC) $incs \$(CFLAGS) -E \$@.S | \\
- \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
- mv -f \$@.i \$@ )
-EOF
-  }
-  # Otherwise
   return <<"EOF";
 $args{src}: $args{generator}->[0] $deps
$generator \$@
@@ -833,12 +818,7 @@ EOF
   sub src2obj {
   my %args = @_;
   my $obj = $args{obj};
-  my @srcs = map { if ($unified_info{generate}->{$_}) {
-   (my $x = $_) =~ s/\.S$/.s/; $x
-   } else {
-   $_
-   }
- } ( @{$args{srcs}} );
+  my @srcs = @{$args{srcs}};
   my $srcs = join(" ",  @srcs);
   my $deps = join(" ", @srcs, @{$args{deps}});
   my $incs = join("", map { " -I".$_ } @{$args{incs}});
@@ -851,11 +831,30 @@ EOF
   dso => '$(DSO_CFLAGS)',
   bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
   my $makedepprog = $config{makedepprog};
-  my $recipe = <<"EOF";
+  my $recipe;
+  # extension-specific rules
+  if (grep /\.s$/, @srcs) {
+  $recipe .= <<"EOF";
+$obj$objext: $deps
+   \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs
+EOF
+  } elsif (grep /\.S$/, @srcs) {
+  # In case one wonders why not just $(CC) -c file.S. While it
+  # does work with contemporary compilers, there are some legacy
+  # ones that get it wrong. Hence the elaborate scheme... We
+  # don't care to maintain dependecy lists, because dependency
+  # is rather weak, at most one header file that lists constants
+  # which are assigned in ascending order.
+  $recipe .= <<"EOF";
 $obj$objext: $deps
+   ( trap "rm -f \$@.*" INT 0; \\
+ \$(CPP) $incs \$(CFLAGS) $ecflags $srcs | \\
+ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
+ \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
 EOF
-  if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
+  } elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
   $recipe .= <<"EOF";
+$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c 
-o \$\@ $srcs
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
@@ -866,6 +865,7 @@ EOF
 EOF
   } else {
   $recipe .= <<"EOF";
+$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
 EOF
   if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
_
openssl-commits

[openssl-commits] [openssl] master update

2018-03-12 Thread Andy Polyakov 
The branch master has been updated
   via  f1c00b93e2138e5a45e8b500dec6bb3b2e035771 (commit)
  from  b38fa9855f65477fb4a6ef943276be8237468e3b (commit)


- Log -
commit f1c00b93e2138e5a45e8b500dec6bb3b2e035771
Author: Andy Polyakov 
Date:   Sat Mar 10 19:38:28 2018 +0100

mem_sec.c: portability fixup.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/mem_sec.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index ab4d137..1c13270 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -33,8 +33,10 @@
 # include 
 # if defined(OPENSSL_SYS_LINUX)
 #  include 
-#  include 
-#  include 
+#  if defined(SYS_mlock2)
+#   include 
+#   include 
+#  endif
 # endif
 # include 
 # include 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits