[openssl-commits] Still Failing: openssl/openssl#21895 (OpenSSL_1_1_1-stable - 6aca8d1)
Build Update for openssl/openssl - Build: #21895 Status: Still Failing Duration: 16 mins and 55 secs Commit: 6aca8d1 (OpenSSL_1_1_1-stable) Author: David Woodhouse Message: Honour mandatory digest on private key in has_usable_cert() If the private key says it can only support one specific digest, then don't ask it to perform a different one. Fixes: #7348 Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7609) View the changeset: https://github.com/openssl/openssl/compare/415c4a46695d...6aca8d1a5fb1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/459047016?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via 63262bd2768797e140f7d0328fb6ccf81aba87b0 (commit)
via cf68eb3687e271d02e55af2c132ea7527d76bcac (commit)
from 23bfb5b556a4e534fd61fb30719851d4b7b1fc82 (commit)
- Log -
commit 63262bd2768797e140f7d0328fb6ccf81aba87b0
Author: David Woodhouse
Date: Tue Oct 16 07:59:46 2018 -0700
Honour mandatory digest on private key in tls1_process_sigalgs()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
(cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad
and reworked for 1.0.2)
Reviewed-by: Matt Caswell
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/7610)
commit cf68eb3687e271d02e55af2c132ea7527d76bcac
Author: David Woodhouse
Date: Tue Oct 16 07:41:17 2018 -0700
Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.
Partially fixes #7348
(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)
Reviewed-by: Matt Caswell
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/7610)
---
Summary of changes:
crypto/ec/ec_ameth.c | 2 +-
ssl/t1_lib.c | 20
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index aa5f305..db7e791 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1,
void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
-return 2;
+return 1;
default:
return -2;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 55f918d..8c1f3ae 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3697,6 +3697,12 @@ int tls12_get_sigid(const EVP_PKEY *pk)
sizeof(tls12_sig) / sizeof(tls12_lookup));
}
+static int tls12_get_hash_nid(unsigned char hash_alg)
+{
+return tls12_find_nid(hash_alg, tls12_md,
+ sizeof(tls12_md) / sizeof(tls12_lookup));
+}
+
const EVP_MD *tls12_get_hash(unsigned char hash_alg)
{
switch (hash_alg) {
@@ -3887,6 +3893,8 @@ int tls1_process_sigalgs(SSL *s)
const EVP_MD *md;
CERT *c = s->cert;
TLS_SIGALGS *sigptr;
+int mandatory_mdnid;
+
if (!tls1_set_shared_sigalgs(s))
return 0;
@@ -3918,6 +3926,18 @@ int tls1_process_sigalgs(SSL *s)
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign);
+if (s->cert->pkeys[idx].privatekey) {
+ERR_set_mark();
+if (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+_mdnid) == 2 &&
+mandatory_mdnid != tls12_get_hash_nid(sigptr->rhash))
+continue;
+/*
+ * If EVP_PKEY_get_default_digest_nid() failed, don't pollute
+ * the error stack.
+ */
+ERR_pop_to_mark();
+}
if (idx > 0 && c->pkeys[idx].digest == NULL) {
md = tls12_get_hash(sigptr->rhash);
c->pkeys[idx].digest = md;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 6aca8d1a5fb1fa8b359d0ddeab636174c09bf534 (commit)
via abaa2311add6f19c712655b3d12fea979b774843 (commit)
from 415c4a46695d32c47865c21d11a466f72d647179 (commit)
- Log -
commit 6aca8d1a5fb1fa8b359d0ddeab636174c09bf534
Author: David Woodhouse
Date: Tue Oct 16 07:59:46 2018 -0700
Honour mandatory digest on private key in has_usable_cert()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
Reviewed-by: Nicola Tuveri
Reviewed-by: Richard Levitte
(cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad)
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7609)
commit abaa2311add6f19c712655b3d12fea979b774843
Author: David Woodhouse
Date: Tue Oct 16 07:41:17 2018 -0700
Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.
Partially fixes #7348
Reviewed-by: Nicola Tuveri
Reviewed-by: Richard Levitte
(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7609)
---
Summary of changes:
crypto/ec/ec_ameth.c | 2 +-
ssl/t1_lib.c | 21 ++---
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index a3164b5..8b363e0 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -505,7 +505,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1,
void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
-return 2;
+return 1;
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fc41ed9..68cb237 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2537,7 +2537,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const
SIGALG_LOOKUP *lu)
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
{
const SIGALG_LOOKUP *lu;
-int mdnid, pknid;
+int mdnid, pknid, default_mdnid;
+int mandatory_md = 0;
size_t i;
/* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
@@ -2545,12 +2546,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP
*sig, int idx)
idx = sig->sig_idx;
if (!ssl_has_cert(s, idx))
return 0;
+/* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
+ERR_set_mark();
+switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+_mdnid)) {
+case 2:
+mandatory_md = 1;
+break;
+case 1:
+break;
+default: /* If it didn't report a mandatory NID, for whatever reasons,
+ * just clear the error and allow all hashes to be used. */
+ERR_pop_to_mark();
+}
if (s->s3->tmp.peer_cert_sigalgs != NULL) {
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
if (lu == NULL
|| !X509_get_signature_info(s->cert->pkeys[idx].x509, ,
-, NULL, NULL))
+, NULL, NULL)
+|| (mandatory_md && mdnid != default_mdnid))
continue;
/*
* TODO this does not differentiate between the
@@ -2563,7 +2578,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP
*sig, int idx)
}
return 0;
}
-return 1;
+return !mandatory_md || sig->hash == default_mdnid;
}
/*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.21160
Build openssl master.21160 completed
Commit ae8a94fd69 by Andy Polyakov on 11/23/2018 4:23 PM:
bn/bn_{div|shift}.c: introduce fixed-top interfaces.
Configure your notification preferences
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.21159
Build openssl master.21159 failed Commit 344b65c8ef by Matt Caswell on 11/21/2018 11:57 AM: Preserve errno on dlopen Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 7dac8144a760f0d9780cd7eb0771894874becd78 (commit)
from b97cbe05a3a4bf18b6bd6262dbda04b87256a54c (commit)
- Log -
commit 7dac8144a760f0d9780cd7eb0771894874becd78
Author: Andy Polyakov
Date: Wed Nov 7 22:07:22 2018 +0100
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(cherry picked from commit 2cc3f68cde77af23c61fbad65470602ee86f2575)
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7586)
---
Summary of changes:
crypto/rsa/rsa_ossl.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 23f948f..a485c7e 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -280,6 +280,11 @@ static int rsa_ossl_private_encrypt(int flen, const
unsigned char *from,
goto err;
}
+if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+if (!BN_MONT_CTX_set_locked(>_method_mod_n, rsa->lock,
+rsa->n, ctx))
+goto err;
+
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, _blinding, ctx);
if (blinding == NULL) {
@@ -311,13 +316,6 @@ static int rsa_ossl_private_encrypt(int flen, const
unsigned char *from,
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-if (!BN_MONT_CTX_set_locked(>_method_mod_n, rsa->lock,
-rsa->n, ctx)) {
-BN_free(d);
-goto err;
-}
-
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n)) {
BN_free(d);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#21882 (OpenSSL_1_1_1-stable - 415c4a4)
Build Update for openssl/openssl - Build: #21882 Status: Broken Duration: 24 mins and 21 secs Commit: 415c4a4 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Remove all 'make dist' artifacts Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296) View the changeset: https://github.com/openssl/openssl/compare/a9334a490de0...415c4a46695d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/458769031?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: openssl/openssl#21881 (master - 8d9535e)
Build Update for openssl/openssl - Build: #21881 Status: Failed Duration: 25 mins and 31 secs Commit: 8d9535e (master) Author: Richard Levitte Message: Remove all 'make dist' artifacts Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7692) View the changeset: https://github.com/openssl/openssl/compare/4b801fdcf4c2...8d9535ec3e31 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/458768551?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#21880 (OpenSSL_1_1_1-stable - a9334a4)
Build Update for openssl/openssl - Build: #21880 Status: Broken Duration: 24 mins and 14 secs Commit: a9334a4 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Add an error message test recipes for system error messages This ensures we collected them properly and and as completely as can be tested safely. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7681) (cherry picked from commit 4b801fdcf4c25f44374eb18cb18f36d904975edd) View the changeset: https://github.com/openssl/openssl/compare/5970d48093ec...a9334a490de0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/458766803?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via 23bfb5b556a4e534fd61fb30719851d4b7b1fc82 (commit)
from 8bfde2578ce28f2f24bc5d53c374b14290436c0b (commit)
- Log -
commit 23bfb5b556a4e534fd61fb30719851d4b7b1fc82
Author: Andy Polyakov
Date: Wed Nov 7 22:07:22 2018 +0100
rsa/rsa_eay.c: cache MONT_CTX for public modulus earlier.
Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
Reviewed-by: Matthias St. Pierre
(manually cherry picked from commit
2cc3f68cde77af23c61fbad65470602ee86f2575)
(Merged from https://github.com/openssl/openssl/pull/7586)
---
Summary of changes:
crypto/rsa/rsa_eay.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index be948a4..1155583 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -397,6 +397,11 @@ static int RSA_eay_private_encrypt(int flen, const
unsigned char *from,
goto err;
}
+if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+if (!BN_MONT_CTX_set_locked(>_method_mod_n, CRYPTO_LOCK_RSA,
+rsa->n, ctx))
+goto err;
+
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, _blinding, ctx);
if (blinding == NULL) {
@@ -431,11 +436,6 @@ static int RSA_eay_private_encrypt(int flen, const
unsigned char *from,
} else
d = rsa->d;
-if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-if (!BN_MONT_CTX_set_locked(>_method_mod_n, CRYPTO_LOCK_RSA,
-rsa->n, ctx))
-goto err;
-
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n))
goto err;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via b97cbe05a3a4bf18b6bd6262dbda04b87256a54c (commit)
via f68bfdf62805f1f3af4330754c7f141fa521b6dd (commit)
from 0fbe8491fc05d280a1f00bfc26dd3c3a6c63f04a (commit)
- Log -
commit b97cbe05a3a4bf18b6bd6262dbda04b87256a54c
Author: Richard Levitte
Date: Thu Nov 22 21:29:02 2018 +0100
Remove all 'make dist' artifacts
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
(cherry picked from commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296)
commit f68bfdf62805f1f3af4330754c7f141fa521b6dd
Author: Richard Levitte
Date: Thu Nov 22 21:17:47 2018 +0100
Change tarball making procedure
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.
The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball. After all, the tarball
should now only contain source files that are present even without
configuring.
Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools. Since we
have everything versioned with git, we might as well use the tool that
comes with it.
Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.
This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
(cherry picked from commit 8c209eeef426ded66ce99048f535f35d08b88462)
---
Summary of changes:
.gitattributes| 5 +
.travis-create-release.sh | 10 +-
Configurations/dist.conf | 12
Configurations/unix-Makefile.tmpl | 30 +-
util/mktar.sh | 27 +++
5 files changed, 34 insertions(+), 50 deletions(-)
delete mode 100644 Configurations/dist.conf
create mode 100755 util/mktar.sh
diff --git a/.gitattributes b/.gitattributes
index 15121c8..912b4ae 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,8 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary
+
+# For git archive
+fuzz/corpora/** export-ignore
+Configurations/*.norelease.conf export-ignore
+.* export-ignore
diff --git a/.travis-create-release.sh b/.travis-create-release.sh
index 311cedd..3407de7 100644
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -1,11 +1,3 @@
#! /bin/sh
-# $1 is expected to be $TRAVIS_OS_NAME
-
-./Configure dist
-if [ "$1" == osx ]; then
-make NAME='_srcdist' TARFILE='_srcdist.tar' \
- TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
-else
-make TARFILE='_srcdist.tar' NAME='_srcdist' dist
-fi
+./util/mktar.sh --name=_srcdist
diff --git a/Configurations/dist.conf b/Configurations/dist.conf
deleted file mode 100644
index 4f58dad..000
--- a/Configurations/dist.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-## -*- mode: perl; -*-
-## Build configuration targets for openssl-team members
-
-# This is to support 'make dist'
-%targets = (
-"dist" => {
-inherit_from => [ 'BASE_unix' ],
-cc => "cc",
-cflags => "-O",
-thread_scheme=> "(unknown)",
-},
-);
diff --git a/Configurations/unix-Makefile.tmpl
b/Configurations/unix-Makefile.tmpl
index 7254478..b35db4f 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -665,36 +665,8 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #
-# If your tar command doesn't support --owner and --group, make sure to
-# use one that does, for example GNU tar
-TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
-PREPARE_CMD=:
tar:
- set -e; \
- TMPDIR=/var/tmp/openssl-copy.; \
- DISTDIR=$(NAME); \
- mkdir -p $$TMPDIR/$$DISTDIR; \
- (cd $(SRCDIR); \
-excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf)"; \
-echo "$$excl_re"; \
-git ls-tree -r --name-only --full-tree HEAD \
-| egrep -v "$$excl_re" \
-| while read F; do \
- mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
- cp $$F $$TMPDIR/$$DISTDIR/$$F; \
- done); \
- (cd $$TMPDIR/$$DISTDIR; \
-$(PREPARE_CMD); \
-find . -type d -print | xargs chmod 755; \
-find . -type f -print | xargs chmod a+r; \
-
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 415c4a46695d32c47865c21d11a466f72d647179 (commit)
via 48c813ef3ac28363c355afe4b1594eaacf9886d4 (commit)
from a9334a490de001d9d6ed2251c34dd58a6651ab5b (commit)
- Log -
commit 415c4a46695d32c47865c21d11a466f72d647179
Author: Richard Levitte
Date: Thu Nov 22 21:29:02 2018 +0100
Remove all 'make dist' artifacts
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
(cherry picked from commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296)
commit 48c813ef3ac28363c355afe4b1594eaacf9886d4
Author: Richard Levitte
Date: Thu Nov 22 21:17:47 2018 +0100
Change tarball making procedure
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.
The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball. After all, the tarball
should now only contain source files that are present even without
configuring.
Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools. Since we
have everything versioned with git, we might as well use the tool that
comes with it.
Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.
This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
(cherry picked from commit 8c209eeef426ded66ce99048f535f35d08b88462)
---
Summary of changes:
.gitattributes| 5 +
.travis-create-release.sh | 10 +-
Configurations/dist.conf | 12
Configurations/unix-Makefile.tmpl | 31 +--
util/mktar.sh | 27 +++
5 files changed, 34 insertions(+), 51 deletions(-)
delete mode 100644 Configurations/dist.conf
create mode 100755 util/mktar.sh
diff --git a/.gitattributes b/.gitattributes
index 15121c8..912b4ae 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,8 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary
+
+# For git archive
+fuzz/corpora/** export-ignore
+Configurations/*.norelease.conf export-ignore
+.* export-ignore
diff --git a/.travis-create-release.sh b/.travis-create-release.sh
index b39a001..3407de7 100644
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -1,11 +1,3 @@
#! /bin/sh
-# $1 is expected to be $TRAVIS_OS_NAME
-
-./Configure dist
-if [ "$1" == osx ]; then
-make NAME='_srcdist' TARFILE='_srcdist.tar' \
- TAR_COMMAND='$(TAR) $(TARFLAGS) -cf -' tar
-else
-make TARFILE='_srcdist.tar' NAME='_srcdist' dist
-fi
+./util/mktar.sh --name=_srcdist
diff --git a/Configurations/dist.conf b/Configurations/dist.conf
deleted file mode 100644
index 2a458bc..000
--- a/Configurations/dist.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-## -*- mode: perl; -*-
-## Build configuration targets for openssl-team members
-
-# This is to support 'make dist'
-my %targets = (
-"dist" => {
-inherit_from => [ 'BASE_unix' ],
-CC => "cc",
-CFLAGS => "-O",
-thread_scheme=> "(unknown)",
-},
-);
diff --git a/Configurations/unix-Makefile.tmpl
b/Configurations/unix-Makefile.tmpl
index e712019..003b28a 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -830,37 +830,8 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #
-# If your tar command doesn't support --owner and --group, make sure to
-# use one that does, for example GNU tar
-TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cf -
-PREPARE_CMD=:
tar:
- set -e; \
- TMPDIR=/var/tmp/openssl-copy.; \
- DISTDIR=$(NAME); \
- mkdir -p $$TMPDIR/$$DISTDIR; \
- (cd $(SRCDIR); \
-excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \
-excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo
$$excl_re | sed -e 's/ /$$|/g'`\$$)"; \
-echo "$$excl_re"; \
-git ls-tree -r --name-only --full-tree HEAD \
-| egrep -v "$$excl_re" \
-| while read F; do \
- mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
- cp $$F $$TMPDIR/$$DISTDIR/$$F; \
- done); \
- (cd $$TMPDIR/$$DISTDIR; \
-
[openssl-commits] [openssl] master update
The branch master has been updated
via 8d9535ec3e317641b8e551973c8cfe2ee1c89296 (commit)
via 8c209eeef426ded66ce99048f535f35d08b88462 (commit)
from 4b801fdcf4c25f44374eb18cb18f36d904975edd (commit)
- Log -
commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296
Author: Richard Levitte
Date: Thu Nov 22 21:29:02 2018 +0100
Remove all 'make dist' artifacts
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
commit 8c209eeef426ded66ce99048f535f35d08b88462
Author: Richard Levitte
Date: Thu Nov 22 21:17:47 2018 +0100
Change tarball making procedure
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.
The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball. After all, the tarball
should now only contain source files that are present even without
configuring.
Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools. Since we
have everything versioned with git, we might as well use the tool that
comes with it.
Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.
This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7692)
---
Summary of changes:
.gitattributes| 5 +
.travis-create-release.sh | 10 +-
Configurations/dist.conf | 12
Configurations/unix-Makefile.tmpl | 31 +--
util/mktar.sh | 27 +++
5 files changed, 34 insertions(+), 51 deletions(-)
delete mode 100644 Configurations/dist.conf
create mode 100755 util/mktar.sh
diff --git a/.gitattributes b/.gitattributes
index 15121c8..912b4ae 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,8 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary
+
+# For git archive
+fuzz/corpora/** export-ignore
+Configurations/*.norelease.conf export-ignore
+.* export-ignore
diff --git a/.travis-create-release.sh b/.travis-create-release.sh
index b39a001..3407de7 100644
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -1,11 +1,3 @@
#! /bin/sh
-# $1 is expected to be $TRAVIS_OS_NAME
-
-./Configure dist
-if [ "$1" == osx ]; then
-make NAME='_srcdist' TARFILE='_srcdist.tar' \
- TAR_COMMAND='$(TAR) $(TARFLAGS) -cf -' tar
-else
-make TARFILE='_srcdist.tar' NAME='_srcdist' dist
-fi
+./util/mktar.sh --name=_srcdist
diff --git a/Configurations/dist.conf b/Configurations/dist.conf
deleted file mode 100644
index 2a458bc..000
--- a/Configurations/dist.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-## -*- mode: perl; -*-
-## Build configuration targets for openssl-team members
-
-# This is to support 'make dist'
-my %targets = (
-"dist" => {
-inherit_from => [ 'BASE_unix' ],
-CC => "cc",
-CFLAGS => "-O",
-thread_scheme=> "(unknown)",
-},
-);
diff --git a/Configurations/unix-Makefile.tmpl
b/Configurations/unix-Makefile.tmpl
index c64c154..b5c6991 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -872,37 +872,8 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #
-# If your tar command doesn't support --owner and --group, make sure to
-# use one that does, for example GNU tar
-TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cf -
-PREPARE_CMD=:
tar:
- set -e; \
- TMPDIR=/var/tmp/openssl-copy.; \
- DISTDIR=$(NAME); \
- mkdir -p $$TMPDIR/$$DISTDIR; \
- (cd $(SRCDIR); \
-excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \
-excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo
$$excl_re | sed -e 's/ /$$|/g'`\$$)"; \
-echo "$$excl_re"; \
-git ls-tree -r --name-only --full-tree HEAD \
-| egrep -v "$$excl_re" \
-| while read F; do \
- mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
- cp $$F $$TMPDIR/$$DISTDIR/$$F; \
- done); \
- (cd $$TMPDIR/$$DISTDIR; \
-$(PREPARE_CMD); \
-find . -type d -print | xargs chmod 755; \
-find . -type f -print | xargs chmod a+r; \
-find . -type f -perm -0100 -print | xargs chmod
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via a9334a490de001d9d6ed2251c34dd58a6651ab5b (commit)
via cae2a7ca4289d4bdd5fbbc25406736f36bcfee7a (commit)
from 5970d48093ecf5bc62b398c97e6ed030620dee30 (commit)
- Log -
commit a9334a490de001d9d6ed2251c34dd58a6651ab5b
Author: Richard Levitte
Date: Thu Nov 22 10:52:51 2018 +0100
Add an error message test recipes for system error messages
This ensures we collected them properly and and as completely as can
be tested safely.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7681)
(cherry picked from commit 4b801fdcf4c25f44374eb18cb18f36d904975edd)
commit cae2a7ca4289d4bdd5fbbc25406736f36bcfee7a
Author: Richard Levitte
Date: Wed Nov 21 18:25:53 2018 +0100
Smarter build of system error text database
We stored copies of the system error texts in a fixed line size array,
which is a huge waste. Instead, use a static memory pool and pack all
the string in there. The wasted space at the end, if any, gives us
some leeway for longer strings than we have measured so far.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7681)
(cherry picked from commit 2c5b6bbb6797242f43b5a986e1c018943e5c1305)
---
Summary of changes:
crypto/err/err.c | 19 +
test/recipes/02-test_errstr.t | 66 +++
2 files changed, 80 insertions(+), 5 deletions(-)
create mode 100644 test/recipes/02-test_errstr.t
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 03cbd73..ffdc140 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -181,8 +181,9 @@ static ERR_STRING_DATA *int_err_get_item(const
ERR_STRING_DATA *d)
}
#ifndef OPENSSL_NO_ERR
+/* A measurement on Linux 2018-11-21 showed about 3.5kib */
+# define SPACE_SYS_STR_REASONS 4 * 1024
# define NUM_SYS_STR_REASONS 127
-# define LEN_SYS_STR_REASON 32
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
/*
@@ -198,7 +199,9 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS
+ 1];
static void build_SYS_str_reasons(void)
{
/* OPENSSL_malloc cannot be used here, use static storage instead */
-static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+static char strerror_pool[SPACE_SYS_STR_REASONS];
+char *cur = strerror_pool;
+size_t cnt = 0;
static int init = 1;
int i;
@@ -213,9 +216,15 @@ static void build_SYS_str_reasons(void)
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
if (str->string == NULL) {
-char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-if (openssl_strerror_r(i, *dest, sizeof(*dest)))
-str->string = *dest;
+if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
+size_t l = strlen(cur) + 1;
+
+str->string = cur;
+cnt += l;
+if (cnt > sizeof(strerror_pool))
+cnt = sizeof(strerror_pool);
+cur += l;
+}
}
if (str->string == NULL)
str->string = "unknown";
diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t
new file mode 100644
index 000..3d806f0
--- /dev/null
+++ b/test/recipes/02-test_errstr.t
@@ -0,0 +1,66 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+no strict 'refs'; # To be able to use strings as function refs
+use OpenSSL::Test;
+use Errno qw(:POSIX);
+use POSIX qw(strerror);
+
+# We actually have space for up to 4095 error messages,
+# numerically speaking... but we're currently only using
+# numbers 1 through 127.
+# This constant should correspond to the same constant
+# defined in crypto/err/err.c, or at least must not be
+# assigned a greater number.
+use constant NUM_SYS_STR_REASONS => 127;
+
+setup('test_errstr');
+
+# These are POSIX error names, which Errno implements as functions
+# (this is documented)
+my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}};
+
+plan tests => scalar @posix_errors
++1 # Checking that error 128 gives 'reason(128)'
++1 # Checking that error 0 gives the library name
+;
+
+foreach my $errname (@posix_errors) {
+my $errnum = "Errno::$errname"->();
+
+ SKIP: {
+skip "Error $errname ($errnum) isn't within our range", 1
+if $errnum > NUM_SYS_STR_REASONS;
+
+my $perr = eval {
+
[openssl-commits] [openssl] master update
The branch master has been updated
via 4b801fdcf4c25f44374eb18cb18f36d904975edd (commit)
via 2c5b6bbb6797242f43b5a986e1c018943e5c1305 (commit)
from b92678f4e94eeec468f194333f874906a6fff7f1 (commit)
- Log -
commit 4b801fdcf4c25f44374eb18cb18f36d904975edd
Author: Richard Levitte
Date: Thu Nov 22 10:52:51 2018 +0100
Add an error message test recipes for system error messages
This ensures we collected them properly and and as completely as can
be tested safely.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7681)
commit 2c5b6bbb6797242f43b5a986e1c018943e5c1305
Author: Richard Levitte
Date: Wed Nov 21 18:25:53 2018 +0100
Smarter build of system error text database
We stored copies of the system error texts in a fixed line size array,
which is a huge waste. Instead, use a static memory pool and pack all
the string in there. The wasted space at the end, if any, gives us
some leeway for longer strings than we have measured so far.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7681)
---
Summary of changes:
crypto/err/err.c | 19 +
test/recipes/02-test_errstr.t | 66 +++
2 files changed, 80 insertions(+), 5 deletions(-)
create mode 100644 test/recipes/02-test_errstr.t
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 03cbd73..ffdc140 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -181,8 +181,9 @@ static ERR_STRING_DATA *int_err_get_item(const
ERR_STRING_DATA *d)
}
#ifndef OPENSSL_NO_ERR
+/* A measurement on Linux 2018-11-21 showed about 3.5kib */
+# define SPACE_SYS_STR_REASONS 4 * 1024
# define NUM_SYS_STR_REASONS 127
-# define LEN_SYS_STR_REASON 32
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
/*
@@ -198,7 +199,9 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS
+ 1];
static void build_SYS_str_reasons(void)
{
/* OPENSSL_malloc cannot be used here, use static storage instead */
-static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+static char strerror_pool[SPACE_SYS_STR_REASONS];
+char *cur = strerror_pool;
+size_t cnt = 0;
static int init = 1;
int i;
@@ -213,9 +216,15 @@ static void build_SYS_str_reasons(void)
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
if (str->string == NULL) {
-char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-if (openssl_strerror_r(i, *dest, sizeof(*dest)))
-str->string = *dest;
+if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
+size_t l = strlen(cur) + 1;
+
+str->string = cur;
+cnt += l;
+if (cnt > sizeof(strerror_pool))
+cnt = sizeof(strerror_pool);
+cur += l;
+}
}
if (str->string == NULL)
str->string = "unknown";
diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t
new file mode 100644
index 000..3d806f0
--- /dev/null
+++ b/test/recipes/02-test_errstr.t
@@ -0,0 +1,66 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+no strict 'refs'; # To be able to use strings as function refs
+use OpenSSL::Test;
+use Errno qw(:POSIX);
+use POSIX qw(strerror);
+
+# We actually have space for up to 4095 error messages,
+# numerically speaking... but we're currently only using
+# numbers 1 through 127.
+# This constant should correspond to the same constant
+# defined in crypto/err/err.c, or at least must not be
+# assigned a greater number.
+use constant NUM_SYS_STR_REASONS => 127;
+
+setup('test_errstr');
+
+# These are POSIX error names, which Errno implements as functions
+# (this is documented)
+my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}};
+
+plan tests => scalar @posix_errors
++1 # Checking that error 128 gives 'reason(128)'
++1 # Checking that error 0 gives the library name
+;
+
+foreach my $errname (@posix_errors) {
+my $errnum = "Errno::$errname"->();
+
+ SKIP: {
+skip "Error $errname ($errnum) isn't within our range", 1
+if $errnum > NUM_SYS_STR_REASONS;
+
+my $perr = eval {
+# Set $! to the error number...
+local $! = $errnum;
+# ... and $! will give you the error string back
+$!
+};
+
+#
