[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 (commit)
  from  47eaa32d2671c1b608200afb97cc2f0040053686 (commit)


- Log -
commit 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66
Author: Todd Short 
Date:   Tue May 22 10:48:04 2018 -0400

Replace strdup() with OPENSSL_strdup()

It's freed with OPENSSL_free()

Reviewed-by: Andy Polyakov 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/6331)

---

Summary of changes:
 apps/rehash.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/apps/rehash.c b/apps/rehash.c
index 521bf61..de7217c 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -308,7 +308,7 @@ static int do_dir(const char *dirname, enum Hash h)
 size_t i;
 const char *pathsep;
 const char *filename;
-char *buf, *copy;
+char *buf, *copy = NULL;
 STACK_OF(OPENSSL_STRING) *files = NULL;
 
 if (app_access(dirname, W_OK) < 0) {
@@ -325,13 +325,16 @@ static int do_dir(const char *dirname, enum Hash h)
 
 if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
 BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
-exit(1);
+errs = 1;
+goto err;
 }
 while ((filename = OPENSSL_DIR_read(, dirname)) != NULL) {
-if ((copy = strdup(filename)) == NULL
+if ((copy = OPENSSL_strdup(filename)) == NULL
 || sk_OPENSSL_STRING_push(files, copy) == 0) {
+OPENSSL_free(copy);
 BIO_puts(bio_err, "out of memory\n");
-exit(1);
+errs = 1;
+goto err;
 }
 }
 OPENSSL_DIR_end();
@@ -349,7 +352,6 @@ static int do_dir(const char *dirname, enum Hash h)
 continue;
 errs += do_file(filename, buf, h);
 }
-sk_OPENSSL_STRING_pop_free(files, str_free);
 
 for (i = 0; i < OSSL_NELEM(hash_table); i++) {
 for (bp = hash_table[i]; bp; bp = nextbp) {
@@ -417,6 +419,8 @@ static int do_dir(const char *dirname, enum Hash h)
 hash_table[i] = NULL;
 }
 
+ err:
+sk_OPENSSL_STRING_pop_free(files, str_free);
 OPENSSL_free(buf);
 return errs;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  235119f015e46a74040b78b10fd6e954f7f07774 (commit)
  from  d8908c3310240bb0efd9b17c663a8b9e47bf31dc (commit)


- Log -
commit 235119f015e46a74040b78b10fd6e954f7f07774
Author: Matt Caswell 
Date:   Thu May 24 16:12:52 2018 +0100

The result of a ^ 0 mod -1 is 0 not 1

Thanks to Guido Vranken and OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6355)

(cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b)

---

Summary of changes:
 crypto/bn/bn_exp.c | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 40115fc..2eb393d 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
@@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const 
BIGNUM *p,
 }
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -733,8 +733,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, 
const BIGNUM *p,
  */
 bits = p->top * BN_BITS2;
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1247,8 +1247,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1369,9 +1369,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 }
 
 bits = BN_num_bits(p);
-   if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+if (bits == 0) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  ac35f285bd45997ad7d75033f638b01cd77fec6c (commit)
  from  10fe37dd1bb7f75ca68a442406c09ada6735f38b (commit)


- Log -
commit ac35f285bd45997ad7d75033f638b01cd77fec6c
Author: Matt Caswell 
Date:   Thu May 24 16:12:52 2018 +0100

The result of a ^ 0 mod -1 is 0 not 1

Thanks to Guido Vranken and OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6355)

(cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b)

---

Summary of changes:
 crypto/bn/bn_exp.c | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 0d2d1ec..dac3640 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -188,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
@@ -330,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const 
BIGNUM *p,
 }
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -639,8 +639,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, 
const BIGNUM *p,
  */
 bits = p->top * BN_BITS2;
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1151,8 +1151,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1273,9 +1273,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 }
 
 bits = BN_num_bits(p);
-   if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+if (bits == 0) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  adf652436a42a5132e708f8003b7621647f0a404 (commit)
   via  4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b (commit)
  from  3d0dde847eac17bd5deec1397bce38cb43469525 (commit)


- Log -
commit adf652436a42a5132e708f8003b7621647f0a404
Author: Matt Caswell 
Date:   Thu May 24 16:13:43 2018 +0100

Test that a ^ 0 mod -1 is always 0

Check all functions that do this.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6355)

commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b
Author: Matt Caswell 
Date:   Thu May 24 16:12:52 2018 +0100

The result of a ^ 0 mod -1 is 0 not 1

Thanks to Guido Vranken and OSSFuzz for finding this issue.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6355)

---

Summary of changes:
 crypto/bn/bn_exp.c | 20 ++--
 test/bntest.c  | 48 
 2 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 9b2042d..258e901 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -178,8 +178,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
@@ -320,8 +320,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const 
BIGNUM *p,
 }
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -629,8 +629,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, 
const BIGNUM *p,
  */
 bits = p->top * BN_BITS2;
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1143,8 +1143,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(rr);
 } else {
@@ -1265,8 +1265,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const 
BIGNUM *p,
 
 bits = BN_num_bits(p);
 if (bits == 0) {
-/* x**0 mod 1 is still zero. */
-if (BN_is_one(m)) {
+/* x**0 mod 1, or x**0 mod -1 is still zero. */
+if (BN_abs_is_word(m, 1)) {
 ret = 1;
 BN_zero(r);
 } else {
diff --git a/test/bntest.c b/test/bntest.c
index 629707a..3558778 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -2063,6 +2063,53 @@ err:
 return st;
 }
 
+static int test_expmodone(void)
+{
+int ret = 0, i;
+BIGNUM *r = BN_new();
+BIGNUM *a = BN_new();
+BIGNUM *p = BN_new();
+BIGNUM *m = BN_new();
+
+if (!TEST_ptr(r)
+|| !TEST_ptr(a)
+|| !TEST_ptr(p)
+|| !TEST_ptr(p)
+|| !TEST_ptr(m)
+|| !TEST_true(BN_set_word(a, 1))
+|| !TEST_true(BN_set_word(p, 0))
+|| !TEST_true(BN_set_word(m, 1)))
+goto err;
+
+/* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */
+for (i = 0; i < 2; i++) {
+if (!TEST_true(BN_mod_exp(r, a, p, m, NULL))
+|| !TEST_BN_eq_zero(r)
+|| !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL))
+|| !TEST_BN_eq_zero(r)
+|| !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, 
NULL))
+|| !TEST_BN_eq_zero(r)
+|| !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL))
+|| !TEST_BN_eq_zero(r)
+|| !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL))
+|| !TEST_BN_eq_zero(r)
+|| !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL))
+|| !TEST_BN_eq_zero(r))
+goto err;
+/* Repeat for r = 1 ^ 0 mod -1 */
+if (i == 0)
+BN_set_negative(m, 1);
+}
+
+ret = 1;
+err:
+BN_free(r);
+BN_free(a);
+BN_free(p);
+BN_free(m);
+return ret;
+}
+
 static int test_smallprime(void)
 {
 static const int kBits = 10;
@@ -2189,6 +2236,7 @@ int setup_tests(void)
 ADD_TEST(test_negzero);
 ADD_TEST(test_badmod);
 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  3d0dde847eac17bd5deec1397bce38cb43469525 (commit)
  from  fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit)


- Log -
commit 3d0dde847eac17bd5deec1397bce38cb43469525
Author: Matt Caswell 
Date:   Tue May 22 15:18:01 2018 +0100

Update the "Connected Commands" section of s_client/s_server docs

Fixes #6307

Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/6330)

---

Summary of changes:
 doc/man1/s_client.pod | 33 +
 doc/man1/s_server.pod | 26 ++
 2 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 19a8139..373b2d7 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -667,10 +667,35 @@ on port 4433.
 
 If a connection is established with an SSL server then any data received
 from the server is displayed and any key presses will be sent to the
-server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
-have been given), the session will be renegotiated if the line begins with an
-B, and if the line begins with a B or if end of file is reached, the
-connection will be closed down.
+server. If end of file is reached then the connection will be closed down. When
+used interactively (which means neither B<-quiet> nor B<-ign_eof> have been
+given), then certain commands are also recognized which perform special
+operations. These commands are a letter which must appear at the start of a
+line. They are listed below.
+
+=over 4
+
+=item B
+
+End the current SSL connection and exit.
+
+=item B
+
+Renegotiate the SSL session (TLSv1.2 and below only).
+
+=item B
+
+Send a heartbeat message to the server (DTLS only)
+
+=item B
+
+Send a key update message to the server (TLSv1.3 only)
+
+=item B
+
+Send a key update message to the server and request one back (TLSv1.3 only)
+
+=back
 
 =head1 NOTES
 
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index e577af8..f89d4de 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -673,8 +673,9 @@ If a connection request is established with an SSL client 
and neither the
 B<-www> nor the B<-WWW> option has been used then normally any data received
 from the client is displayed and any key presses will be sent to the client.
 
-Certain single letter commands are also recognized which perform special
-operations: these are listed below.
+Certain commands are also recognized which perform special operations. These
+commands are a letter which must appear at the start of a line. They are listed
+below.
 
 =over 4
 
@@ -688,11 +689,12 @@ End the current SSL connection and exit.
 
 =item B
 
-Renegotiate the SSL session.
+Renegotiate the SSL session (TLSv1.2 and below only).
 
 =item B
 
-Renegotiate the SSL session and request a client certificate.
+Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
+only).
 
 =item B
 
@@ -703,6 +705,22 @@ cause the client to disconnect due to a protocol violation.
 
 Print out some session cache status information.
 
+=item B
+
+Send a heartbeat message to the client (DTLS only)
+
+=item B
+
+Send a key update message to the client (TLSv1.3 only)
+
+=item B
+
+Send a key update message to the client and request one back (TLSv1.3 only)
+
+=item B
+
+Send a certificate request to the client (TLSv1.3 only)
+
 =back
 
 =head1 NOTES
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Matt Caswell]

The branch master has been updated
   via  62df8cc9ba93dd099b4f5622e331f935643b6790 (commit)
  from  0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit)


- Log -
commit 62df8cc9ba93dd099b4f5622e331f935643b6790
Author: Matt Caswell 
Date:   Tue May 29 09:21:53 2018 +0100

Update the release strategy

Updates in line with the following votes:

"The next LTS release will be 1.1.1 and the LTS expiry date for 1.0.2 will
not be changed."

and

"1.1.1 beta release schedule changed so that the next two beta releases
are now 29th May, 19 June and we will re-review release readiness after
that. We will also ensure that there is at least one beta release post
TLS-1.3 RFC publication prior to the final release."

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/55)

---

Summary of changes:
 policies/releasestrat.html | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 3f37936..9d0e3c3 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -13,7 +13,7 @@
  Release Strategy
  
First issued 23rd December 2014
-   Last modified 6th February 2018
+   Last modified 29th May 2018
  

 
@@ -69,10 +69,10 @@
  fixes. Before that, bug and security fixes will be applied
  as appropriate.
 
- The next version of OpenSSL will be 1.1.1. This is currently in
- development and has a primary focus of implementing TLSv1.3. The
- RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1
- will not have its final release until that has happened.
+ The next version of OpenSSL will be 1.1.1 which will be an LTS 
release.
+ This is currently in development and has a primary focus of 
implementing
+ TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF.
+ OpenSSL 1.1.1 will not have its final release until that has 
happened.
 
  The draft release timetable for 1.1.1 is as follows. This may be
   amended at any time as the need arises.
@@ -88,9 +88,10 @@
3rd April 2018, beta release 2 (pre4)
17th April 2018, beta release 3 (pre5)
1st May 2018, beta release 4 (pre6)
-   8th May 2018, release readiness check (new release
-   cycles added if required, first possible final release date:
-   15th May 2018)
+   29th May 2018, beta release 5 (pre7)
+   19th June 2018, beta release 6 (pre8)
+   Release readiness check following pre8 release (new release
+   cycles added if required)
  
 
  An alpha release means:
@@ -113,7 +114,7 @@
Clean builds in Travis and Appveyor for two days
run-checker.sh to be showing as clean 2 days before release
No open Coverity issues (not flagged as "False Positive" or 
"Ignore")
-   TLSv1.3 RFC published
+   TLSv1.3 RFC published (with at least one beta release after the 
publicaction)
  
 
  Valid reasons for closing an issue/PR with a 1.1.1 milestone might 
be:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Matt Caswell]

The branch master has been updated
   via  0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit)
  from  c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit)


- Log -
commit 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48
Author: Matt Caswell 
Date:   Tue May 29 13:26:20 2018 +0100

Updates to newsflash for pre7 release

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/56)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 202f95c..cba57e2 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please 
download and test it
 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and 
test it
 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-pre7 create

[Matt Caswell]

The annotated tag OpenSSL_1_1_1-pre7 has been created
at  adaec2127242c947faae55f4326893bf1e47d9c3 (tag)
   tagging  77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit)
  replaces  OpenSSL_1_1_1-pre6
 tagged by  Matt Caswell
on  Tue May 29 13:20:01 2018 +0100

- Log -
OpenSSL 1.1.1-pre7 release tag
-BEGIN PGP SIGNATURE-

iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsNRXERHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHk5gf+Im90MzzBEZbwCk55RR9X47fO9zP0tHtE
1GW/8U/7W4RJAK8jc8uKhZs0NxoRHlZo9pKVE3ZQCy6AErwjro6BBv/+5qXyOjJA
OKFu9RlUMNdMx9SpDpR61BxZpgUWibY/LPLfbCRneaWej+lnV41GQfYAL9PgDYjG
V8ZlVp0uC8SndulKnU/bnID2U3uK4nhU6a/PY/NshnVL1TyPkOTQmRo5U0aHPUec
gWYunSc3tS6Ydg889B8fRuM1FZ5srD/+KH5JxSLbgm/DIzIfttzbxRHbjCHNv09/
MRJ9lAoDUkwjv3lQqguIEdC1K9m7LKDH4ja9oQ5i1YiJiTyD77d5BQ==
=EsTs
-END PGP SIGNATURE-

Andy Polyakov (10):
  bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
  Configure: move --noexecstack probe to Configure.
  Configure: pass more suitable argument to compiler_predefined().
  .travis.yml: minor facelift
  .travis.yml: temporarily mask gcc-5 ubsan build.
  ec/ec_mult.c: get BN_CTX_start,end sequence right.
  .travis.yml: add pair of linux-ppc64le targets.
  PPC assembly pack: add POWER9 results.
  windows-makefile.tmpl: delete export library prior link.
  apps/s_socket.c: address rare TLSProxy failures on Windows.

Benjamin Kaduk (1):
  Fix regression with session cache use by clients

Bernd Edlinger (4):
  Improve error handling in rand_init function
  Fix --strict-warnings build of ppc-linux target
  Fix array bounds violation in ssl_session_dup
  Try to work around ubuntu gcc-5 ubsan build failure

Billy Brumley (3):
  ECDSA: remove nonce padding (delegated to EC_POINT_mul)
  ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c
  Add blinding in BN_GF2m_mod_inv for binary field inversions

David Benjamin (3):
  Fix explicit EC curve encoding.
  Use OPENSSL_EC_EXPLICIT_CURVE constant.
  Save and restore the Windows error around TlsGetValue.

Dr. Matthias St. Pierre (12):
  a_strex.c: prevent out of bound read in do_buf()
  v3_purp.c: add locking to x509v3_cache_extensions()
  Fix typos in x509 documentation
  Fix typo: 'is an error occurred' in documentation
  DH: add simple getters for commonly used DH struct members
  DH: add some basic tests (and comments)
  util/libcrypto.num: fix symbol collision between 1.1.0 and master
  DH: fix: add simple getters for commonly used struct members
  DSA: add simple getters for commonly used struct members
  RSA: add simple getters for commonly used struct members
  ECDSA_SIG: add simple getters for commonly used struct members
  ECDSA_SIG: restore doc comments which were deleted accidentally

FdaSilvaYY (5):
  apps/speed.c: merge parameters defining EC curves to test ...
  opensslconf.h inclusion cleanup No need to buildtest on opensslconf.h
  windows-makefile.tmpl: rearrange cleanup commands to avoid ...
  apps/speed: fix possible OOB access in some EC arrays
  apps/speed: Add brainpool curves support

Gregor Jasny (1):
  NOTES.ANDROID: fix typo in build notes

Kurt Roeckx (4):
  rsaz_avx2_eligible doesn't take parameters
  Use void in all function definitions that do not take any arguments
  Set sess to NULL after freeing it.
  Enable SSL_MODE_AUTO_RETRY by default

Matt Caswell (55):
  Prepare for 1.1.1-pre7-dev
  Fix some errors and missing info in the CMS docs
  Clarify BN_mod_exp docs
  Add getter for X509_VERIFY_PARAM_get_hostflags
  Add a note about Nagle's algorithm on the SSL_connect man page
  Fix SSL_get_shared_ciphers()
  Fix comment in ssl_locl.h
  Add some documentation for SSL_get_shared_ciphers()
  Fix a bug in create_ssl_ctx_pair()
  Add a test for SSL_get_shared_ciphers()
  Make X509_VERIFY_PARAM_get_hostflags() take a const arg
  Return an error from BN_mod_inverse if n is 1 (or -1)
  Fix a mem leak in CMS
  Add a CMS API test
  Don't fail on an out-of-order CCS in DTLS
  Fix s_client and s_server so that they correctly handle the DTLS timer
  Only auto-retry for DTLS if configured to do so
  Keep the DTLS timer running after the end of the handshake if appropriate
  Add a DTLS test for dropped records
  Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305
  Fix no-cms
  Set the ossl_shim to auto retry if not running asynchronously
  Prefer SHA-256 ciphersuites if using old style PSKs
  Provide documentation for the -psk_session option
  Test an old style PSK callback with no cert will prefer SHA-256
  Mark DTLS records as read when we have finished with them
  Don't set TCP_NODELAY on a UDP socket
  Add some more SSL_pending() and 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit)
   via  77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit)
  from  83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit)


- Log -
commit fa9a08780a20c9801fee2b7767c2851f5ab9c16c
Author: Matt Caswell 
Date:   Tue May 29 13:22:05 2018 +0100

Prepare for 1.1.1-pre8-dev

Reviewed-by: Richard Levitte 

commit 77cdad318446ca8ea2ba8294d9e70891b59503e2
Author: Matt Caswell 
Date:   Tue May 29 13:20:01 2018 +0100

Prepare for 1.1.1-pre7 release

Reviewed-by: Richard Levitte 

---

Summary of changes:
 README | 2 +-
 include/openssl/opensslv.h | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README b/README
index 1942f7b..b1b615b 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1-pre7-dev
+ OpenSSL 1.1.1-pre8-dev
 
  Copyright (c) 1998-2018 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index c970c18..dd95416 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x10101007L
-# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre7-dev  xx XXX "
+# define OPENSSL_VERSION_NUMBER  0x10101008L
+# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre8-dev  xx XXX "
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit)
  from  a0cef658d6e15c0711c6e27c5969281a76acf20f (commit)


- Log -
commit 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63
Author: Matt Caswell 
Date:   Tue May 29 13:07:08 2018 +0100

Update copyright year

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/6371)

---

Summary of changes:
 crypto/aes/asm/aesp8-ppc.pl | 2 +-
 crypto/bio/bss_mem.c| 2 +-
 crypto/bn/asm/alpha-mont.pl | 2 +-
 crypto/bn/asm/armv4-mont.pl | 2 +-
 crypto/bn/asm/ia64-mont.pl  | 2 +-
 crypto/bn/asm/mips-mont.pl  | 2 +-
 crypto/bn/asm/parisc-mont.pl| 2 +-
 crypto/bn/asm/ppc-mont.pl   | 2 +-
 crypto/bn/asm/ppc64-mont.pl | 2 +-
 crypto/bn/asm/s390x-mont.pl | 2 +-
 crypto/bn/asm/sparct4-mont.pl   | 2 +-
 crypto/bn/asm/sparcv9-mont.pl   | 2 +-
 crypto/bn/asm/via-mont.pl   | 2 +-
 crypto/bn/asm/vis3-mont.pl  | 2 +-
 crypto/bn/asm/x86-mont.pl   | 2 +-
 crypto/bn/asm/x86_64-mont.pl| 2 +-
 crypto/bn/asm/x86_64-mont5.pl   | 2 +-
 crypto/bn/bn_gcd.c  | 2 +-
 crypto/bn/bn_gf2m.c | 2 +-
 crypto/bn/rsaz_exp.h| 2 +-
 crypto/chacha/asm/chacha-ppc.pl | 2 +-
 crypto/cms/cms_env.c| 2 +-
 crypto/cms/cms_smime.c  | 2 +-
 crypto/conf/conf_api.c  | 2 +-
 crypto/ct/ct_log.c  | 2 +-
 crypto/dh/dh_lib.c  | 2 +-
 crypto/dsa/dsa_lib.c| 2 +-
 crypto/ec/ec2_smpl.c| 2 +-
 crypto/ec/ecp_smpl.c| 2 +-
 crypto/engine/tb_cipher.c   | 2 +-
 crypto/engine/tb_dh.c   | 2 +-
 crypto/engine/tb_digest.c   | 2 +-
 crypto/engine/tb_dsa.c  | 2 +-
 crypto/engine/tb_eckey.c| 2 +-
 crypto/engine/tb_pkmeth.c   | 2 +-
 crypto/engine/tb_rand.c | 2 +-
 crypto/engine/tb_rsa.c  | 2 +-
 crypto/modes/asm/ghashp8-ppc.pl | 2 +-
 crypto/pem/pem_pk8.c| 2 +-
 crypto/poly1305/asm/poly1305-ppc.pl | 2 +-
 crypto/poly1305/asm/poly1305-ppcfp.pl   | 2 +-
 crypto/ppccap.c | 2 +-
 crypto/rand/rand_egd.c  | 2 +-
 crypto/rsa/rsa_lib.c| 2 +-
 crypto/sha/asm/keccak1600-ppc64.pl  | 2 +-
 crypto/sha/asm/keccak1600p8-ppc.pl  | 2 +-
 crypto/sha/asm/sha512p8-ppc.pl  | 2 +-
 crypto/store/store_init.c   | 2 +-
 crypto/ui/ui_openssl.c  | 2 +-
 crypto/x509/x509_cmp.c  | 2 +-
 crypto/x509v3/v3_ncons.c| 2 +-
 doc/man1/cms.pod| 2 +-
 doc/man3/BN_add.pod | 2 +-
 doc/man3/CMS_encrypt.pod| 2 +-
 doc/man3/CMS_get0_SignerInfos.pod   | 2 +-
 doc/man3/CMS_get1_ReceiptRequest.pod| 2 +-
 doc/man3/DH_get0_pqg.pod| 2 +-
 doc/man3/DSA_get0_pqg.pod   | 2 +-
 doc/man3/ECDSA_SIG_new.pod  | 2 +-
 doc/man3/EC_POINT_add.pod   | 2 +-
 doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod   | 2 +-
 doc/man3/OBJ_nid2obj.pod| 2 +-
 doc/man3/PEM_bytes_read_bio.pod | 2 +-
 doc/man3/PEM_read.pod   | 2 +-
 doc/man3/PEM_read_CMS.pod   | 2 +-
 doc/man3/PKCS12_newpass.pod | 2 +-
 doc/man3/PKCS12_parse.pod   | 2 +-
 doc/man3/PKCS5_PBKDF2_HMAC.pod  | 2 +-
 doc/man3/RSA_get0_key.pod   | 2 +-
 doc/man3/SMIME_read_PKCS7.pod   | 2 +-
 doc/man3/SSL_connect.pod| 2 +-
 doc/man3/SSL_get_ciphers.pod| 2 +-
 doc/man3/SSL_set1_host.pod  | 2 +-
 doc/man3/X509_NAME_get_index_by_NID.pod | 2 +-
 doc/man3/X509_cmp_time.pod  | 2 +-
 include/openssl/x509_vfy.h  | 2 +-
 ssl/ssl_txt.c   | 2 +-
 test/asynctest.c| 2 +-
 test/dhtest.c   | 2 +-
 test/dtls_mtu_test.c| 2 +-
 test/dtlsv1listentest.c | 2 +-
 test/exdatatest.c   | 2 +-
 test/generate_buildtest.pl  | 2 +-
 test/mdc2_internal_test.c   | 2 +-
 test/pkey_meth_kdf_test.c   | 2 +-
 test/pkey_meth_test.c   | 2 +-
 test/recipes/25-test_verify.t   | 2 +-
 test/time_offset_test.c | 2 +-
 test/x509_internal_test.c   | 2 +-
 test/x509_time_test.c   | 2 +-
 util/copy.pl| 2 +-
 util/process_docs.pl| 4 ++--
 92 files