[openssl-commits] [openssl] master update
The branch master has been updated via 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 (commit) from 47eaa32d2671c1b608200afb97cc2f0040053686 (commit) - Log - commit 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 Author: Todd Short Date: Tue May 22 10:48:04 2018 -0400 Replace strdup() with OPENSSL_strdup() It's freed with OPENSSL_free() Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6331) --- Summary of changes: apps/rehash.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/apps/rehash.c b/apps/rehash.c index 521bf61..de7217c 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -308,7 +308,7 @@ static int do_dir(const char *dirname, enum Hash h) size_t i; const char *pathsep; const char *filename; -char *buf, *copy; +char *buf, *copy = NULL; STACK_OF(OPENSSL_STRING) *files = NULL; if (app_access(dirname, W_OK) < 0) { @@ -325,13 +325,16 @@ static int do_dir(const char *dirname, enum Hash h) if ((files = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname); -exit(1); +errs = 1; +goto err; } while ((filename = OPENSSL_DIR_read(, dirname)) != NULL) { -if ((copy = strdup(filename)) == NULL +if ((copy = OPENSSL_strdup(filename)) == NULL || sk_OPENSSL_STRING_push(files, copy) == 0) { +OPENSSL_free(copy); BIO_puts(bio_err, "out of memory\n"); -exit(1); +errs = 1; +goto err; } } OPENSSL_DIR_end(); @@ -349,7 +352,6 @@ static int do_dir(const char *dirname, enum Hash h) continue; errs += do_file(filename, buf, h); } -sk_OPENSSL_STRING_pop_free(files, str_free); for (i = 0; i < OSSL_NELEM(hash_table); i++) { for (bp = hash_table[i]; bp; bp = nextbp) { @@ -417,6 +419,8 @@ static int do_dir(const char *dirname, enum Hash h) hash_table[i] = NULL; } + err: +sk_OPENSSL_STRING_pop_free(files, str_free); OPENSSL_free(buf); return errs; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 235119f015e46a74040b78b10fd6e954f7f07774 (commit) from d8908c3310240bb0efd9b17c663a8b9e47bf31dc (commit) - Log - commit 235119f015e46a74040b78b10fd6e954f7f07774 Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) (cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b) --- Summary of changes: crypto/bn/bn_exp.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 40115fc..2eb393d 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -733,8 +733,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1247,8 +1247,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1369,9 +1369,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +if (bits == 0) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via ac35f285bd45997ad7d75033f638b01cd77fec6c (commit) from 10fe37dd1bb7f75ca68a442406c09ada6735f38b (commit) - Log - commit ac35f285bd45997ad7d75033f638b01cd77fec6c Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) (cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b) --- Summary of changes: crypto/bn/bn_exp.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 0d2d1ec..dac3640 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -188,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -330,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -639,8 +639,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1151,8 +1151,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1273,9 +1273,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +if (bits == 0) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via adf652436a42a5132e708f8003b7621647f0a404 (commit) via 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b (commit) from 3d0dde847eac17bd5deec1397bce38cb43469525 (commit) - Log - commit adf652436a42a5132e708f8003b7621647f0a404 Author: Matt Caswell Date: Thu May 24 16:13:43 2018 +0100 Test that a ^ 0 mod -1 is always 0 Check all functions that do this. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) --- Summary of changes: crypto/bn/bn_exp.c | 20 ++-- test/bntest.c | 48 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 9b2042d..258e901 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -178,8 +178,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -320,8 +320,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -629,8 +629,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1143,8 +1143,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1265,8 +1265,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { -/* x**0 mod 1 is still zero. */ -if (BN_is_one(m)) { +/* x**0 mod 1, or x**0 mod -1 is still zero. */ +if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/test/bntest.c b/test/bntest.c index 629707a..3558778 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2063,6 +2063,53 @@ err: return st; } +static int test_expmodone(void) +{ +int ret = 0, i; +BIGNUM *r = BN_new(); +BIGNUM *a = BN_new(); +BIGNUM *p = BN_new(); +BIGNUM *m = BN_new(); + +if (!TEST_ptr(r) +|| !TEST_ptr(a) +|| !TEST_ptr(p) +|| !TEST_ptr(p) +|| !TEST_ptr(m) +|| !TEST_true(BN_set_word(a, 1)) +|| !TEST_true(BN_set_word(p, 0)) +|| !TEST_true(BN_set_word(m, 1))) +goto err; + +/* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ +for (i = 0; i < 2; i++) { +if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) +|| !TEST_BN_eq_zero(r) +|| !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) +|| !TEST_BN_eq_zero(r) +|| !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) +|| !TEST_BN_eq_zero(r) +|| !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) +|| !TEST_BN_eq_zero(r) +|| !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) +|| !TEST_BN_eq_zero(r) +|| !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) +|| !TEST_BN_eq_zero(r)) +goto err; +/* Repeat for r = 1 ^ 0 mod -1 */ +if (i == 0) +BN_set_negative(m, 1); +} + +ret = 1; +err: +BN_free(r); +BN_free(a); +BN_free(p); +BN_free(m); +return ret; +} + static int test_smallprime(void) { static const int kBits = 10; @@ -2189,6 +2236,7 @@ int setup_tests(void) ADD_TEST(test_negzero); ADD_TEST(test_badmod);
[openssl-commits] [openssl] master update
The branch master has been updated via 3d0dde847eac17bd5deec1397bce38cb43469525 (commit) from fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit) - Log - commit 3d0dde847eac17bd5deec1397bce38cb43469525 Author: Matt Caswell Date: Tue May 22 15:18:01 2018 +0100 Update the "Connected Commands" section of s_client/s_server docs Fixes #6307 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6330) --- Summary of changes: doc/man1/s_client.pod | 33 + doc/man1/s_server.pod | 26 ++ 2 files changed, 51 insertions(+), 8 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 19a8139..373b2d7 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -667,10 +667,35 @@ on port 4433. If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the -server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> -have been given), the session will be renegotiated if the line begins with an -B, and if the line begins with a B or if end of file is reached, the -connection will be closed down. +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither B<-quiet> nor B<-ign_eof> have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. + +=over 4 + +=item B + +End the current SSL connection and exit. + +=item B + +Renegotiate the SSL session (TLSv1.2 and below only). + +=item B + +Send a heartbeat message to the server (DTLS only) + +=item B + +Send a key update message to the server (TLSv1.3 only) + +=item B + +Send a key update message to the server and request one back (TLSv1.3 only) + +=back =head1 NOTES diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index e577af8..f89d4de 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -673,8 +673,9 @@ If a connection request is established with an SSL client and neither the B<-www> nor the B<-WWW> option has been used then normally any data received from the client is displayed and any key presses will be sent to the client. -Certain single letter commands are also recognized which perform special -operations: these are listed below. +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. =over 4 @@ -688,11 +689,12 @@ End the current SSL connection and exit. =item B -Renegotiate the SSL session. +Renegotiate the SSL session (TLSv1.2 and below only). =item B -Renegotiate the SSL session and request a client certificate. +Renegotiate the SSL session and request a client certificate (TLSv1.2 and below +only). =item B @@ -703,6 +705,22 @@ cause the client to disconnect due to a protocol violation. Print out some session cache status information. +=item B + +Send a heartbeat message to the client (DTLS only) + +=item B + +Send a key update message to the client (TLSv1.3 only) + +=item B + +Send a key update message to the client and request one back (TLSv1.3 only) + +=item B + +Send a certificate request to the client (TLSv1.3 only) + =back =head1 NOTES _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) from 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) - Log - commit 62df8cc9ba93dd099b4f5622e331f935643b6790 Author: Matt Caswell Date: Tue May 29 09:21:53 2018 +0100 Update the release strategy Updates in line with the following votes: "The next LTS release will be 1.1.1 and the LTS expiry date for 1.0.2 will not be changed." and "1.1.1 beta release schedule changed so that the next two beta releases are now 29th May, 19 June and we will re-review release readiness after that. We will also ensure that there is at least one beta release post TLS-1.3 RFC publication prior to the final release." Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/55) --- Summary of changes: policies/releasestrat.html | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..9d0e3c3 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -13,7 +13,7 @@ Release Strategy First issued 23rd December 2014 - Last modified 6th February 2018 + Last modified 29th May 2018 @@ -69,10 +69,10 @@ fixes. Before that, bug and security fixes will be applied as appropriate. - The next version of OpenSSL will be 1.1.1. This is currently in - development and has a primary focus of implementing TLSv1.3. The - RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened. + The next version of OpenSSL will be 1.1.1 which will be an LTS release. + This is currently in development and has a primary focus of implementing + TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. + OpenSSL 1.1.1 will not have its final release until that has happened. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -88,9 +88,10 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) - 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018) + 29th May 2018, beta release 5 (pre7) + 19th June 2018, beta release 6 (pre8) + Release readiness check following pre8 release (new release + cycles added if required) An alpha release means: @@ -113,7 +114,7 @@ Clean builds in Travis and Appveyor for two days run-checker.sh to be showing as clean 2 days before release No open Coverity issues (not flagged as "False Positive" or "Ignore") - TLSv1.3 RFC published + TLSv1.3 RFC published (with at least one beta release after the publicaction) Valid reasons for closing an issue/PR with a 1.1.1 milestone might be: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) from c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) - Log - commit 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 Author: Matt Caswell Date: Tue May 29 13:26:20 2018 +0100 Updates to newsflash for pre7 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/56) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 202f95c..cba57e2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-pre7 create
The annotated tag OpenSSL_1_1_1-pre7 has been created at adaec2127242c947faae55f4326893bf1e47d9c3 (tag) tagging 77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit) replaces OpenSSL_1_1_1-pre6 tagged by Matt Caswell on Tue May 29 13:20:01 2018 +0100 - Log - OpenSSL 1.1.1-pre7 release tag -BEGIN PGP SIGNATURE- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsNRXERHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHk5gf+Im90MzzBEZbwCk55RR9X47fO9zP0tHtE 1GW/8U/7W4RJAK8jc8uKhZs0NxoRHlZo9pKVE3ZQCy6AErwjro6BBv/+5qXyOjJA OKFu9RlUMNdMx9SpDpR61BxZpgUWibY/LPLfbCRneaWej+lnV41GQfYAL9PgDYjG V8ZlVp0uC8SndulKnU/bnID2U3uK4nhU6a/PY/NshnVL1TyPkOTQmRo5U0aHPUec gWYunSc3tS6Ydg889B8fRuM1FZ5srD/+KH5JxSLbgm/DIzIfttzbxRHbjCHNv09/ MRJ9lAoDUkwjv3lQqguIEdC1K9m7LKDH4ja9oQ5i1YiJiTyD77d5BQ== =EsTs -END PGP SIGNATURE- Andy Polyakov (10): bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word. Configure: move --noexecstack probe to Configure. Configure: pass more suitable argument to compiler_predefined(). .travis.yml: minor facelift .travis.yml: temporarily mask gcc-5 ubsan build. ec/ec_mult.c: get BN_CTX_start,end sequence right. .travis.yml: add pair of linux-ppc64le targets. PPC assembly pack: add POWER9 results. windows-makefile.tmpl: delete export library prior link. apps/s_socket.c: address rare TLSProxy failures on Windows. Benjamin Kaduk (1): Fix regression with session cache use by clients Bernd Edlinger (4): Improve error handling in rand_init function Fix --strict-warnings build of ppc-linux target Fix array bounds violation in ssl_session_dup Try to work around ubuntu gcc-5 ubsan build failure Billy Brumley (3): ECDSA: remove nonce padding (delegated to EC_POINT_mul) ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c Add blinding in BN_GF2m_mod_inv for binary field inversions David Benjamin (3): Fix explicit EC curve encoding. Use OPENSSL_EC_EXPLICIT_CURVE constant. Save and restore the Windows error around TlsGetValue. Dr. Matthias St. Pierre (12): a_strex.c: prevent out of bound read in do_buf() v3_purp.c: add locking to x509v3_cache_extensions() Fix typos in x509 documentation Fix typo: 'is an error occurred' in documentation DH: add simple getters for commonly used DH struct members DH: add some basic tests (and comments) util/libcrypto.num: fix symbol collision between 1.1.0 and master DH: fix: add simple getters for commonly used struct members DSA: add simple getters for commonly used struct members RSA: add simple getters for commonly used struct members ECDSA_SIG: add simple getters for commonly used struct members ECDSA_SIG: restore doc comments which were deleted accidentally FdaSilvaYY (5): apps/speed.c: merge parameters defining EC curves to test ... opensslconf.h inclusion cleanup No need to buildtest on opensslconf.h windows-makefile.tmpl: rearrange cleanup commands to avoid ... apps/speed: fix possible OOB access in some EC arrays apps/speed: Add brainpool curves support Gregor Jasny (1): NOTES.ANDROID: fix typo in build notes Kurt Roeckx (4): rsaz_avx2_eligible doesn't take parameters Use void in all function definitions that do not take any arguments Set sess to NULL after freeing it. Enable SSL_MODE_AUTO_RETRY by default Matt Caswell (55): Prepare for 1.1.1-pre7-dev Fix some errors and missing info in the CMS docs Clarify BN_mod_exp docs Add getter for X509_VERIFY_PARAM_get_hostflags Add a note about Nagle's algorithm on the SSL_connect man page Fix SSL_get_shared_ciphers() Fix comment in ssl_locl.h Add some documentation for SSL_get_shared_ciphers() Fix a bug in create_ssl_ctx_pair() Add a test for SSL_get_shared_ciphers() Make X509_VERIFY_PARAM_get_hostflags() take a const arg Return an error from BN_mod_inverse if n is 1 (or -1) Fix a mem leak in CMS Add a CMS API test Don't fail on an out-of-order CCS in DTLS Fix s_client and s_server so that they correctly handle the DTLS timer Only auto-retry for DTLS if configured to do so Keep the DTLS timer running after the end of the handshake if appropriate Add a DTLS test for dropped records Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 Fix no-cms Set the ossl_shim to auto retry if not running asynchronously Prefer SHA-256 ciphersuites if using old style PSKs Provide documentation for the -psk_session option Test an old style PSK callback with no cert will prefer SHA-256 Mark DTLS records as read when we have finished with them Don't set TCP_NODELAY on a UDP socket Add some more SSL_pending() and
[openssl-commits] [openssl] master update
The branch master has been updated via fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit) via 77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit) from 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit) - Log - commit fa9a08780a20c9801fee2b7767c2851f5ab9c16c Author: Matt Caswell Date: Tue May 29 13:22:05 2018 +0100 Prepare for 1.1.1-pre8-dev Reviewed-by: Richard Levitte commit 77cdad318446ca8ea2ba8294d9e70891b59503e2 Author: Matt Caswell Date: Tue May 29 13:20:01 2018 +0100 Prepare for 1.1.1-pre7 release Reviewed-by: Richard Levitte --- Summary of changes: README | 2 +- include/openssl/opensslv.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 1942f7b..b1b615b 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1-pre7-dev + OpenSSL 1.1.1-pre8-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index c970c18..dd95416 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101007L -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre7-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10101008L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre8-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit) from a0cef658d6e15c0711c6e27c5969281a76acf20f (commit) - Log - commit 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 Author: Matt Caswell Date: Tue May 29 13:07:08 2018 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6371) --- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 2 +- crypto/bio/bss_mem.c| 2 +- crypto/bn/asm/alpha-mont.pl | 2 +- crypto/bn/asm/armv4-mont.pl | 2 +- crypto/bn/asm/ia64-mont.pl | 2 +- crypto/bn/asm/mips-mont.pl | 2 +- crypto/bn/asm/parisc-mont.pl| 2 +- crypto/bn/asm/ppc-mont.pl | 2 +- crypto/bn/asm/ppc64-mont.pl | 2 +- crypto/bn/asm/s390x-mont.pl | 2 +- crypto/bn/asm/sparct4-mont.pl | 2 +- crypto/bn/asm/sparcv9-mont.pl | 2 +- crypto/bn/asm/via-mont.pl | 2 +- crypto/bn/asm/vis3-mont.pl | 2 +- crypto/bn/asm/x86-mont.pl | 2 +- crypto/bn/asm/x86_64-mont.pl| 2 +- crypto/bn/asm/x86_64-mont5.pl | 2 +- crypto/bn/bn_gcd.c | 2 +- crypto/bn/bn_gf2m.c | 2 +- crypto/bn/rsaz_exp.h| 2 +- crypto/chacha/asm/chacha-ppc.pl | 2 +- crypto/cms/cms_env.c| 2 +- crypto/cms/cms_smime.c | 2 +- crypto/conf/conf_api.c | 2 +- crypto/ct/ct_log.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_lib.c| 2 +- crypto/ec/ec2_smpl.c| 2 +- crypto/ec/ecp_smpl.c| 2 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c| 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/modes/asm/ghashp8-ppc.pl | 2 +- crypto/pem/pem_pk8.c| 2 +- crypto/poly1305/asm/poly1305-ppc.pl | 2 +- crypto/poly1305/asm/poly1305-ppcfp.pl | 2 +- crypto/ppccap.c | 2 +- crypto/rand/rand_egd.c | 2 +- crypto/rsa/rsa_lib.c| 2 +- crypto/sha/asm/keccak1600-ppc64.pl | 2 +- crypto/sha/asm/keccak1600p8-ppc.pl | 2 +- crypto/sha/asm/sha512p8-ppc.pl | 2 +- crypto/store/store_init.c | 2 +- crypto/ui/ui_openssl.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509v3/v3_ncons.c| 2 +- doc/man1/cms.pod| 2 +- doc/man3/BN_add.pod | 2 +- doc/man3/CMS_encrypt.pod| 2 +- doc/man3/CMS_get0_SignerInfos.pod | 2 +- doc/man3/CMS_get1_ReceiptRequest.pod| 2 +- doc/man3/DH_get0_pqg.pod| 2 +- doc/man3/DSA_get0_pqg.pod | 2 +- doc/man3/ECDSA_SIG_new.pod | 2 +- doc/man3/EC_POINT_add.pod | 2 +- doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 2 +- doc/man3/OBJ_nid2obj.pod| 2 +- doc/man3/PEM_bytes_read_bio.pod | 2 +- doc/man3/PEM_read.pod | 2 +- doc/man3/PEM_read_CMS.pod | 2 +- doc/man3/PKCS12_newpass.pod | 2 +- doc/man3/PKCS12_parse.pod | 2 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/man3/RSA_get0_key.pod | 2 +- doc/man3/SMIME_read_PKCS7.pod | 2 +- doc/man3/SSL_connect.pod| 2 +- doc/man3/SSL_get_ciphers.pod| 2 +- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/X509_NAME_get_index_by_NID.pod | 2 +- doc/man3/X509_cmp_time.pod | 2 +- include/openssl/x509_vfy.h | 2 +- ssl/ssl_txt.c | 2 +- test/asynctest.c| 2 +- test/dhtest.c | 2 +- test/dtls_mtu_test.c| 2 +- test/dtlsv1listentest.c | 2 +- test/exdatatest.c | 2 +- test/generate_buildtest.pl | 2 +- test/mdc2_internal_test.c | 2 +- test/pkey_meth_kdf_test.c | 2 +- test/pkey_meth_test.c | 2 +- test/recipes/25-test_verify.t | 2 +- test/time_offset_test.c | 2 +- test/x509_internal_test.c | 2 +- test/x509_time_test.c | 2 +- util/copy.pl| 2 +- util/process_docs.pl| 4 ++-- 92 files