[openssl-commits] [openssl] master update
The branch master has been updated
via fa1f03061037cbdac5369849a885c1191a2550d9 (commit)
from 48fe4ce104df060dd5d2b4188a56eb554d94d819 (commit)
- Log -
commit fa1f03061037cbdac5369849a885c1191a2550d9
Author: David Asraf
Date: Thu Feb 7 11:51:39 2019 +0200
Add EC_GROUP_get0_field
New function to return internal pointer for field.
Reviewed-by: Nicola Tuveri
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8195)
---
Summary of changes:
crypto/ec/ec_lib.c | 5 +
doc/man3/EC_GROUP_copy.pod | 5 -
include/openssl/ec.h | 6 ++
test/ectest.c | 38 ++
util/libcrypto.num | 1 +
5 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index c14d1a1..2623b53 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -364,6 +364,11 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group)
return group->curve_name;
}
+const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group)
+{
+return group->field;
+}
+
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
{
group->asn1_flag = flag;
diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod
index 453825a..3f7108d 100644
--- a/doc/man3/EC_GROUP_copy.pod
+++ b/doc/man3/EC_GROUP_copy.pod
@@ -11,7 +11,7 @@ EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed,
EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree,
EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp,
EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis,
-EC_GROUP_get_pentanomial_basis
+EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field
- Functions for manipulating EC_GROUP objects
=head1 SYNOPSIS
@@ -32,6 +32,7 @@ EC_GROUP_get_pentanomial_basis
int EC_GROUP_order_bits(const EC_GROUP *group);
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX
*ctx);
const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+ const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group);
void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
int EC_GROUP_get_curve_name(const EC_GROUP *group);
@@ -177,6 +178,8 @@ specified curve respectively. If there is no curve name
associated with a curve
EC_GROUP_get0_order() returns an internal pointer to the group order.
EC_GROUP_order_bits() returns the number of bits in the group order.
EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.
+EC_GROUP_get0_field() returns an internal pointer to the group field. For
curves over GF(p), this is the modulus; for curves
+over GF(2^m), this is the irreducible polynomial defining the field.
EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the
parameter b, or NULL if the seed is not
specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the
seed is not specified.
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 4afaad4..7c15368 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -212,6 +212,12 @@ void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
*/
int EC_GROUP_get_curve_name(const EC_GROUP *group);
+/** Gets the field of an EC_GROUP
+ * \param group EC_GROUP object
+ * \return the group field
+ */
+const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group);
+
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
diff --git a/test/ectest.c b/test/ectest.c
index cdfaeb6..0f42597 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1159,6 +1159,43 @@ static int internal_curve_test_method(int n)
return r;
}
+static int group_field_test(void)
+{
+int r = 1;
+BIGNUM *secp521r1_field = NULL;
+BIGNUM *sect163r2_field = NULL;
+EC_GROUP *secp521r1_group = NULL;
+EC_GROUP *sect163r2_group = NULL;
+
+BN_hex2bn(_field,
+"01FF"
+""
+""
+""
+"");
+
+
+BN_hex2bn(_field,
+"0800"
+"C9");
+
+secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1);
+if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group)))
+ r = 0;
+
+# ifndef OPENSSL_NO_EC2M
+sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2);
+if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group)))
+ r = 0;
+# endif
+
+EC_GROUP_free(secp521r1_group);
+EC_GROUP_free(sect163r2_group);
+BN_free(secp521r1_field);
+BN_free(sect163r2_field);
+return r;
+}
+
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/*
* nistp_test_params
[openssl-commits] [openssl] master update
The branch master has been updated
via 48fe4ce104df060dd5d2b4188a56eb554d94d819 (commit)
from 088dfa133561d7613b9391a56ddbce58f32c934a (commit)
- Log -
commit 48fe4ce104df060dd5d2b4188a56eb554d94d819
Author: Richard Levitte
Date: Fri Feb 15 08:06:36 2019 +0100
Mark generated functions unused (applies to safestack, lhash, sparse_array)
safestack.h, lhash.h and sparse_array.h all define macros to generate
a full API for the containers as static inline functions. This
potentially generates unused code, which some compilers may complain
about.
We therefore need to mark those generated functions as unused, so the
compiler knows that we know, and stops complaining about it.
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/8246)
---
Summary of changes:
crypto/include/internal/sparse_array.h | 25 +-
include/openssl/e_os2.h| 7 +
include/openssl/lhash.h| 28 ++--
include/openssl/safestack.h| 48 +-
4 files changed, 58 insertions(+), 50 deletions(-)
diff --git a/crypto/include/internal/sparse_array.h
b/crypto/include/internal/sparse_array.h
index 839fced..648e41a 100644
--- a/crypto/include/internal/sparse_array.h
+++ b/crypto/include/internal/sparse_array.h
@@ -11,6 +11,8 @@
#ifndef HEADER_SPARSE_ARRAY_H
# define HEADER_SPARSE_ARRAY_H
+# include
+
# ifdef __cplusplus
extern "C" {
# endif
@@ -19,43 +21,42 @@ extern "C" {
# define DEFINE_SPARSE_ARRAY_OF(type) \
SPARSE_ARRAY_OF(type); \
-static ossl_inline SPARSE_ARRAY_OF(type) * \
+static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * \
ossl_sa_##type##_new(void) \
{ \
return (SPARSE_ARRAY_OF(type) *)OPENSSL_SA_new(); \
} \
-static ossl_inline void ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \
+static ossl_unused ossl_inline void
ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \
{ \
OPENSSL_SA_free((OPENSSL_SA *)sa); \
} \
-static ossl_inline void ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type)
*sa) \
+static ossl_unused ossl_inline void
ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \
{ \
OPENSSL_SA_free_leaves((OPENSSL_SA *)sa); \
} \
-static ossl_inline size_t ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type)
*sa) \
+static ossl_unused ossl_inline size_t ossl_sa_##type##_num(const
SPARSE_ARRAY_OF(type) *sa) \
{ \
return OPENSSL_SA_num((OPENSSL_SA *)sa); \
} \
-static ossl_inline void ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type)
*sa, \
+static ossl_unused ossl_inline void ossl_sa_##type##_doall(const
SPARSE_ARRAY_OF(type) *sa, \
void (*leaf)(size_t, type
*)) \
{ \
OPENSSL_SA_doall((OPENSSL_SA *)sa, (void (*)(size_t, void *))leaf); \
} \
-static ossl_inline void ossl_sa_##type##_doall_arg(const
SPARSE_ARRAY_OF(type) *sa, \
- void (*leaf)(size_t, \
-type *, \
- void *),\
- void *arg) \
+static ossl_unused ossl_inline \
+void ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \
+void (*leaf)(size_t, type *, void *), \
+void *arg) \
{ \
OPENSSL_SA_doall_arg((OPENSSL_SA *)sa, (void (*)(size_t, void *, void
*))leaf, \
arg); \
} \
-static ossl_inline type *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type)
*sa, \
+static ossl_unused ossl_inline type *ossl_sa_##type##_get(const
SPARSE_ARRAY_OF(type) *sa, \
size_t n) \
{ \
return (type *)OPENSSL_SA_get((OPENSSL_SA *)sa, n); \
} \
-static ossl_inline int ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \
+static ossl_unused ossl_inline int
ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \
size_t n, type *val) \
{ \
return OPENSSL_SA_set((OPENSSL_SA *)sa, n, (void *)val); \
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 002cea3..b88abc1 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -287,6 +287,13 @@ typedef unsigned __int64 uint64_t;
# define ossl_noreturn
# endif
+/* ossl_unused: portable unused attribute for use in public headers */
+# if defined(__GNUC__)
+# define ossl_unused __attribute__((unused))
+# else
+# define ossl_unused
+# endif
+
#ifdef
[openssl-commits] [openssl] master update
The branch master has been updated
via 088dfa133561d7613b9391a56ddbce58f32c934a (commit)
from 9fc8f18f59f4a4c853466dca64a23b8af681bf1c (commit)
- Log -
commit 088dfa133561d7613b9391a56ddbce58f32c934a
Author: Todd Short
Date: Mon Jul 10 13:28:35 2017 -0400
Add option to disable Extended Master Secret
Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION. Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.
Reviewed-by: Paul Dale
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/3910)
---
Summary of changes:
doc/man3/SSL_CONF_cmd.pod | 4 +
doc/man3/SSL_CTX_set_options.pod | 12 +-
include/openssl/ssl.h | 21 ++-
ssl/ssl_conf.c | 3 +-
ssl/statem/extensions.c| 3 +-
ssl/statem/extensions_clnt.c | 5 +
ssl/statem/extensions_srvr.c | 3 +
test/recipes/80-test_ssl_new.t | 3 +-
test/ssl-tests/16-certstatus.conf | 0
test/ssl-tests/30-extended-master-secret.conf | 203 +
...t.conf.in => 30-extended-master-secret.conf.in} | 58 --
test/sslapitest.c | 46 +
12 files changed, 328 insertions(+), 33 deletions(-)
delete mode 100644 test/ssl-tests/16-certstatus.conf
create mode 100644 test/ssl-tests/30-extended-master-secret.conf
copy test/ssl-tests/{19-mac-then-encrypt.conf.in =>
30-extended-master-secret.conf.in} (56%)
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 0a51e9e..b8c2a35 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -486,6 +486,10 @@ specification. Some applications may be able to mitigate
the replay risks in
other ways and in such cases the built-in OpenSSL functionality is not
required.
Disabling anti-replay is equivalent to setting B.
+B: use extended master secret extension, enabled by
+default. Inverse of B: that is,
+B<-ExtendedMasterSecret> is the same as setting
B.
+
=item B
The B argument is a comma separated list of flags to set.
diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index 63d3aae..7626bd3 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -198,6 +198,14 @@ RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
If this option is set, Encrypt-then-MAC is disabled. Clients will not
propose, and servers will not accept the extension.
+=item SSL_OP_NO_EXTENDED_MASTER_SECRET
+
+Normally clients and servers will transparently attempt to negotiate the
+RFC7627 Extended Master Secret option on TLS and DTLS connection.
+
+If this option is set, Extended Master Secret is disabled. Clients will
+not propose, and servers will not accept the extension.
+
=item SSL_OP_NO_RENEGOTIATION
Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
@@ -366,9 +374,11 @@ OpenSSL 0.9.8m.
The B and B options
were added in OpenSSL 1.1.1.
+The B option was added in OpenSSL 3.0.0.
+
=head1 COPYRIGHT
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 35311ac..9d6e1c5 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -297,23 +297,26 @@ typedef int (*SSL_verify_cb)(int preverify_ok,
X509_STORE_CTX *x509_ctx);
typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
/*
- * Some values are reserved until OpenSSL 1.2.0 because they were previously
+ * Some values are reserved until OpenSSL 3.0.0 because they were previously
* included in SSL_OP_ALL in a 1.1.x release.
- *
- * Reserved value (until OpenSSL 1.2.0) 0x0001U
- * Reserved value (until OpenSSL 1.2.0) 0x0002U
*/
+
+/* Disable Extended master secret */
+# define SSL_OP_NO_EXTENDED_MASTER_SECRET0x0001U
+
+/* Reserved value (until OpenSSL 3.0.0) 0x0002U */
+
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT0x0004U
-/* Reserved value (until OpenSSL 1.2.0)
[openssl-commits] [openssl] master update
The branch master has been updated
via 9fc8f18f59f4a4c853466dca64a23b8af681bf1c (commit)
from 0cf5c6a9a06b58a85d93aafefbc07039773b5b43 (commit)
- Log -
commit 9fc8f18f59f4a4c853466dca64a23b8af681bf1c
Author: Matt Caswell
Date: Thu Feb 14 12:21:20 2019 +
Use order not degree to calculate a buffer size in ecdsatest
Otherwise this can result in an incorrect calculation of the maximum
encoded integer length, meaning an insufficient buffer size is allocated.
Thanks to Billy Brumley for helping to track this down.
Fixes #8209
Reviewed-by: Nicola Tuveri
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8237)
---
Summary of changes:
test/ecdsatest.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index 004f39e..bc3adc0 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -223,7 +223,7 @@ static int test_builtin(void)
const BIGNUM *sig_r, *sig_s;
BIGNUM *modified_r = NULL, *modified_s = NULL;
BIGNUM *unmodified_r = NULL, *unmodified_s = NULL;
-unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+unsigned int sig_len, order, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
@@ -251,7 +251,7 @@ static int test_builtin(void)
|| !TEST_true(EC_KEY_set_group(eckey, group)))
goto builtin_err;
EC_GROUP_free(group);
-degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+order = EC_GROUP_order_bits(EC_KEY_get0_group(eckey));
TEST_info("testing %s", OBJ_nid2sn(nid));
@@ -316,7 +316,7 @@ static int test_builtin(void)
/* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(sig_r);
s_len = BN_num_bytes(sig_s);
-bn_len = (degree + 7) / 8;
+bn_len = (order + 7) / 8;
if (!TEST_false(r_len > bn_len)
|| !TEST_false(s_len > bn_len))
goto builtin_err;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0cf5c6a9a06b58a85d93aafefbc07039773b5b43 (commit) from fcee53948b7f9a5951d42f4ee321e706ea6b4b84 (commit) - Log - commit 0cf5c6a9a06b58a85d93aafefbc07039773b5b43 Author: Matt Caswell Date: Thu Feb 14 15:22:59 2019 + Fix no-stdio Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8238) --- Summary of changes: include/openssl/kdf.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 0f39a14..663ba90 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -10,6 +10,8 @@ #ifndef HEADER_KDF_H # define HEADER_KDF_H +# include +# include # include # include # ifdef __cplusplus _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via fcee53948b7f9a5951d42f4ee321e706ea6b4b84 (commit)
from 78021171dbcb05ddab1b5daffbfc62504ea709a4 (commit)
- Log -
commit fcee53948b7f9a5951d42f4ee321e706ea6b4b84
Author: Richard Levitte
Date: Thu Feb 14 16:26:40 2019 +0100
Configure: make --strict-warnings a regular user provided compiler option
This makes `--strict-warnings` into a compiler pseudo-option, i.e. it
gets treated the same way as any other compiler option given on the
configuration command line, but is retroactively replaced by actual
compiler warning options, depending on what compiler is used.
This makes it easier to see in what order options are given to the
compiler from the configuration command line, i.e. this:
./config -Wall --strict-warnings
would give the compiler flags in the same order as they're given,
i.e.:
-Wall -Werror -Wno-whatever ...
instead of what we got previously:
-Werror -Wno-whatever ... -Wall
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8239)
---
Summary of changes:
Configure | 36
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/Configure b/Configure
index 0f5807c..03053bc 100755
--- a/Configure
+++ b/Configure
@@ -752,7 +752,11 @@ while (@argvcopy)
}
elsif (/^--strict-warnings$/)
{
- $strict_warnings = 1;
+ # Pretend that our strict flags is a C flag, and replace it
+ # with the proper flags later on
+ push @{$useradd{CFLAGS}}, '--ossl-strict-warnings';
+ push @{$useradd{CXXFLAGS}}, '--ossl-strict-warnings';
+ $strict_warnings=1;
}
elsif (/^--debug$/)
{
@@ -1503,6 +1507,7 @@ $config{openssl_api_defines} = [
"OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1)
];
+my @strict_warnings_collection=();
if ($strict_warnings)
{
my $wopt;
@@ -1510,26 +1515,17 @@ if ($strict_warnings)
die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike"
unless $gccver >= 4;
- foreach $wopt (split /\s+/, $gcc_devteam_warn)
- {
- push @{$config{cflags}}, $wopt
- unless grep { $_ eq $wopt } @{$config{cflags}};
- push @{$config{cxxflags}}, $wopt
- if ($config{CXX}
- && !grep { $_ eq $wopt } @{$config{cxxflags}});
- }
- if (defined($predefined{__clang__}))
- {
- foreach $wopt (split /\s+/, $clang_devteam_warn)
- {
- push @{$config{cflags}}, $wopt
- unless grep { $_ eq $wopt } @{$config{cflags}};
- push @{$config{cxxflags}}, $wopt
- if ($config{CXX}
- && !grep { $_ eq $wopt }
@{$config{cxxflags}});
- }
- }
+ push @strict_warnings_collection, (split /\s+/, $gcc_devteam_warn);
+ push @strict_warnings_collection, (split /\s+/, $clang_devteam_warn)
+ if (defined($predefined{__clang__}));
}
+foreach (qw(CFLAGS CXXFLAGS))
+{
+$useradd{$_} = [ map { $_ eq '--ossl-strict-warnings'
+ ? @strict_warnings_collection
+ : ( $_ ) }
+@{$useradd{$_}} ];
+}
unless ($disabled{"crypto-mdebug-backtrace"})
{
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 78021171dbcb05ddab1b5daffbfc62504ea709a4 (commit)
from 4af5836b55442f31795eff6c8c81ea7a1b8cf94b (commit)
- Log -
commit 78021171dbcb05ddab1b5daffbfc62504ea709a4
Author: Matt Caswell
Date: Thu Jan 24 12:21:39 2019 +
Fix -verify_return_error in s_client
The "verify_return_error" option in s_client is documented as:
Return verification errors instead of continuing. This will typically
abort the handshake with a fatal error.
In practice this option was ignored unless also accompanied with the
"-verify" option. It's unclear what the original intention was. One fix
could have been to change the documentation to match the actual behaviour.
However it seems unecessarily complex and unexpected that you should need
to have both options. Instead the fix implemented here is make the option
match the documentation so that "-verify" is not also required.
Note that s_server has a similar option where "-verify" (or "-Verify") is
still required. This makes more sense because those options additionally
request a certificate from the client. Without a certificate there is no
possibility of a verification failing, and so "-verify_return_error" doing
nothing seems ok.
Fixes #8079
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/8080)
---
Summary of changes:
apps/s_cb.c | 4 ++--
apps/s_client.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index af57c34..705550b 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -24,7 +24,7 @@
#define COOKIE_SECRET_LENGTH16
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
-if (verify_args.depth >= depth) {
+if (verify_args.depth < 0 || verify_args.depth >= depth) {
if (!verify_args.return_error)
ok = 1;
verify_args.error = err;
diff --git a/apps/s_client.c b/apps/s_client.c
index 2a8313d..a30dff4 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1138,6 +1138,7 @@ int s_client_main(int argc, char **argv)
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
+verify = SSL_VERIFY_PEER;
verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 4af5836b55442f31795eff6c8c81ea7a1b8cf94b (commit)
from 3c83c5ba4f6502c708b7a5f55c98a10e312668da (commit)
- Log -
commit 4af5836b55442f31795eff6c8c81ea7a1b8cf94b
Author: Matt Caswell
Date: Sun Jan 27 11:00:16 2019 +
Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages
The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
exchange in TLSv1.3. Unfortunately experience has shown that this confuses
some applications who mistake it for a TLSv1.2 renegotiation. This means
that KeyUpdate messages are not handled properly.
This commit removes the use of SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
message exchange. Individual post-handshake messages are still signalled in
the normal way.
This is a potentially breaking change if there are any applications already
written that expect to see these TLSv1.3 events. However, without it,
KeyUpdate is not currently usable for many applications.
Fixes #8069
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8096)
---
Summary of changes:
CHANGES| 13 +
doc/man3/SSL_CTX_set_info_callback.pod | 14 --
ssl/statem/statem.c| 6 +++--
ssl/statem/statem_lib.c| 11 +---
ssl/statem/statem_srvr.c | 19 -
test/sslapitest.c | 49 +++---
6 files changed, 51 insertions(+), 61 deletions(-)
diff --git a/CHANGES b/CHANGES
index d9a2e1b..2fbe89f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -119,6 +119,19 @@
applications with zero-copy system calls such as sendfile and splice.
[Boris Pismenny]
+ Changes between 1.1.1a and 1.1.1b [xx XXX ]
+
+ *) Change the info callback signals for the start and end of a post-handshake
+ message exchange in TLSv1.3. In 1.1.1/1.1.1a we used
SSL_CB_HANDSHAKE_START
+ and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+ confused by this and assume that a TLSv1.2 renegotiation has started. This
+ can break KeyUpdate handling. Instead we no longer signal the start and
end
+ of a post handshake message exchange (although the messages themselves are
+ still signalled). This could break some applications that were expecting
+ the old signals. However without this KeyUpdate is not usable for many
+ applications.
+ [Matt Caswell]
+
Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
*) Timing vulnerability in DSA signature generation
diff --git a/doc/man3/SSL_CTX_set_info_callback.pod
b/doc/man3/SSL_CTX_set_info_callback.pod
index cb8f996..3248e10 100644
--- a/doc/man3/SSL_CTX_set_info_callback.pod
+++ b/doc/man3/SSL_CTX_set_info_callback.pod
@@ -92,17 +92,13 @@ Callback has been called due to an alert being sent or
received.
=item SSL_CB_HANDSHAKE_START
-Callback has been called because a new handshake is started. In TLSv1.3 this is
-also used for the start of post-handshake message exchanges such as for the
-exchange of session tickets, or for key updates. It also occurs when resuming a
-handshake following a pause to handle early data.
+Callback has been called because a new handshake is started. It also occurs
when
+resuming a handshake following a pause to handle early data.
-=item SSL_CB_HANDSHAKE_DONE 0x20
+=item SSL_CB_HANDSHAKE_DONE
-Callback has been called because a handshake is finished. In TLSv1.3 this is
-also used at the end of an exchange of post-handshake messages such as for
-session tickets or key updates. It also occurs if the handshake is paused to
-allow the exchange of early data.
+Callback has been called because a handshake is finished. It also occurs if
the
+handshake is paused to allow the exchange of early data.
=back
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index ebe471b..24c7e94 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -342,8 +342,10 @@ static int state_machine(SSL *s, int server)
}
s->server = server;
-if (cb != NULL)
-cb(s, SSL_CB_HANDSHAKE_START, 1);
+if (cb != NULL) {
+if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s))
+cb(s, SSL_CB_HANDSHAKE_START, 1);
+}
/*
* Fatal errors in this block don't send an alert because we have
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 2f78a3f..8a7ada8 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1030,6 +1030,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET
*pkt, CERT_PKEY *cpk)
[openssl-commits] [openssl] master update
The branch master has been updated
via 3c83c5ba4f6502c708b7a5f55c98a10e312668da (commit)
from f11ffa505f8a9345145a26a05bf77b012b6941bd (commit)
- Log -
commit 3c83c5ba4f6502c708b7a5f55c98a10e312668da
Author: Sam Roberts
Date: Mon Nov 26 13:58:52 2018 -0800
Ignore cipher suites when setting cipher list
set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
failure should not depend on whether set_ciphersuites() has been used to
setup TLSv1.3 ciphers.
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7759)
---
Summary of changes:
ssl/ssl_lib.c | 24 ++--
test/cipherlist_test.c | 35 ++
test/clienthellotest.c | 3 ++-
test/ssltest_old.c | 51 +-
4 files changed, 105 insertions(+), 8 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b001da7..322a438 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2579,6 +2579,26 @@ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX
*ctx)
return NULL;
}
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+int i, num = 0;
+const SSL_CIPHER *c;
+
+if (sk == NULL)
+return 0;
+for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+c = sk_SSL_CIPHER_value(sk, i);
+if (c->min_tls >= TLS1_3_VERSION)
+continue;
+num++;
+}
+return num;
+}
+
/** specify the ciphers to be used by default by the SSL_CTX */
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{
@@ -2596,7 +2616,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
*/
if (sk == NULL)
return 0;
-else if (sk_SSL_CIPHER_num(sk) == 0) {
+else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
@@ -2614,7 +2634,7 @@ int SSL_set_cipher_list(SSL *s, const char *str)
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
return 0;
-else if (sk_SSL_CIPHER_num(sk) == 0) {
+else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 89ef1b1..b950411 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -215,9 +215,44 @@ static int test_default_cipherlist_explicit(void)
return result;
}
+/* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
+static int test_default_cipherlist_clear(void)
+{
+SETUP_CIPHERLIST_TEST_FIXTURE();
+SSL *s = NULL;
+
+if (fixture == NULL)
+return 0;
+
+if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
+goto end;
+
+if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
+goto end;
+
+s = SSL_new(fixture->client);
+
+if (!TEST_ptr(s))
+ goto end;
+
+if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
+goto end;
+
+if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
+SSL_R_NO_CIPHER_MATCH))
+goto end;
+
+result = 1;
+end:
+SSL_free(s);
+tear_down(fixture);
+return result;
+}
+
int setup_tests(void)
{
ADD_TEST(test_default_cipherlist_implicit);
ADD_TEST(test_default_cipherlist_explicit);
+ADD_TEST(test_default_cipherlist_clear);
return 1;
}
diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 2c1110b..7fdb5bc 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -99,8 +99,9 @@ static int test_client_hello(int currtest)
* ClientHello is already going to be quite long. To avoid getting one
* that is too long for this test we use a restricted ciphersuite list
*/
-if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "")))
+if (!TEST_false(SSL_CTX_set_cipher_list(ctx, "")))
goto end;
+ERR_clear_error();
/* Fall through */
case TEST_ADD_PADDING:
case TEST_PADDING_NOT_NEEDED:
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index f26bf85..390ca88 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1382,11 +1382,52 @@ int main(int argc, char *argv[])
goto end;
if (cipher != NULL) {
-if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
-|| !SSL_CTX_set_cipher_list(s_ctx, cipher)
-|| !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
-ERR_print_errors(bio_err);
-goto end;
+if (strcmp(cipher, "") == 0) {
+
[openssl-commits] [openssl] master update
The branch master has been updated via f11ffa505f8a9345145a26a05bf77b012b6941bd (commit) from 008b4ff92f785cf3808df26ac5b23f25a691b23c (commit) - Log - commit f11ffa505f8a9345145a26a05bf77b012b6941bd Author: Richard Levitte Date: Thu Feb 14 09:25:40 2019 +0100 Configure: stop forcing use of DEFINE macros in headers There are times when one might want to use something like DEFINE_STACK_OF in a .c file, because it defines a stack for a type defined in that .c file. Unfortunately, when configuring with `--strict-warnings`, clang aggressively warn about unused functions in such cases, which forces the use of such DEFINE macros to header files. We therefore disable this warning from the `--strict-warnings` definition for clang. (note for the curious: `-Wunused-function` is enabled via `-Wall`) Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8234) --- Summary of changes: Configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Configure b/Configure index d6ae2be..0f5807c 100755 --- a/Configure +++ b/Configure @@ -145,6 +145,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code +# -Wunused-function -- no, it forces header use of safestack et al +#DEFINE macros my $clang_devteam_warn = "" . " -Wswitch-default" . " -Wno-parentheses-equality" @@ -154,6 +156,7 @@ my $clang_devteam_warn = "" . " -Wincompatible-pointer-types-discards-qualifiers" . " -Wmissing-variable-declarations" . " -Wno-unknown-warning-option" +. " -Wno-unused-function" ; # This adds backtrace information to the memory leak info. Is only used _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 008b4ff92f785cf3808df26ac5b23f25a691b23c (commit)
from fa63e45262971b9c2a6aeb33db8c52a5a84fc8b5 (commit)
- Log -
commit 008b4ff92f785cf3808df26ac5b23f25a691b23c
Author: Pauli
Date: Thu Feb 14 08:13:58 2019 +1000
Sparse array iterators include index position.
Iterators over the sparse array structures have gained an initial argument
which indicates the index into the array of the element. This can be used,
e.g., to delete or modify the associated value.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8229)
---
Summary of changes:
crypto/include/internal/sparse_array.h | 15 +++--
crypto/sparse_array.c| 22 ---
doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod | 20 --
test/sparse_array_test.c | 95
4 files changed, 129 insertions(+), 23 deletions(-)
diff --git a/crypto/include/internal/sparse_array.h
b/crypto/include/internal/sparse_array.h
index bf0a996..839fced 100644
--- a/crypto/include/internal/sparse_array.h
+++ b/crypto/include/internal/sparse_array.h
@@ -37,16 +37,17 @@ extern "C" {
return OPENSSL_SA_num((OPENSSL_SA *)sa); \
} \
static ossl_inline void ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type)
*sa, \
- void (*leaf)(type *)) \
+ void (*leaf)(size_t, type
*)) \
{ \
-OPENSSL_SA_doall((OPENSSL_SA *)sa, (void (*)(void *))leaf); \
+OPENSSL_SA_doall((OPENSSL_SA *)sa, (void (*)(size_t, void *))leaf); \
} \
static ossl_inline void ossl_sa_##type##_doall_arg(const
SPARSE_ARRAY_OF(type) *sa, \
- void (*leaf)(type *, \
+ void (*leaf)(size_t, \
+type *, \
void *),\
void *arg) \
{ \
-OPENSSL_SA_doall_arg((OPENSSL_SA *)sa, (void (*)(void *, void *))leaf,
\
+OPENSSL_SA_doall_arg((OPENSSL_SA *)sa, (void (*)(size_t, void *, void
*))leaf, \
arg); \
} \
static ossl_inline type *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type)
*sa, \
@@ -66,9 +67,9 @@ OPENSSL_SA *OPENSSL_SA_new(void);
void OPENSSL_SA_free(OPENSSL_SA *sa);
void OPENSSL_SA_free_leaves(OPENSSL_SA *sa);
size_t OPENSSL_SA_num(const OPENSSL_SA *sa);
-void OPENSSL_SA_doall(const OPENSSL_SA *sa, void (*leaf)(void *));
-void OPENSSL_SA_doall_arg(const OPENSSL_SA *sa, void (*leaf)(void *, void *),
- void *);
+void OPENSSL_SA_doall(const OPENSSL_SA *sa, void (*leaf)(size_t, void *));
+void OPENSSL_SA_doall_arg(const OPENSSL_SA *sa,
+ void (*leaf)(size_t, void *, void *), void *);
void *OPENSSL_SA_get(const OPENSSL_SA *sa, size_t n);
int OPENSSL_SA_set(OPENSSL_SA *sa, size_t n, void *val);
diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c
index 8c9efed..796d35e 100644
--- a/crypto/sparse_array.c
+++ b/crypto/sparse_array.c
@@ -68,10 +68,11 @@ OPENSSL_SA *OPENSSL_SA_new(void)
}
static void sa_doall(const OPENSSL_SA *sa, void (*node)(void **),
- void (*leaf)(void *, void *), void *arg)
+ void (*leaf)(size_t, void *, void *), void *arg)
{
int i[SA_BLOCK_MAX_LEVELS];
void *nodes[SA_BLOCK_MAX_LEVELS];
+size_t idx = 0;
int l = 0;
i[0] = 0;
@@ -84,14 +85,17 @@ static void sa_doall(const OPENSSL_SA *sa, void
(*node)(void **),
if (p != NULL && node != NULL)
(*node)(p);
l--;
+idx >>= OPENSSL_SA_BLOCK_BITS;
} else {
i[l] = n + 1;
if (p != NULL && p[n] != NULL) {
+idx = (idx & ~SA_BLOCK_MASK) | n;
if (l < sa->levels - 1) {
i[++l] = 0;
nodes[l] = p[n];
+idx <<= OPENSSL_SA_BLOCK_BITS;
} else if (leaf != NULL) {
-(*leaf)(p[n], arg);
+(*leaf)(idx, p[n], arg);
}
}
}
@@ -103,7 +107,7 @@ static void sa_free_node(void **p)
OPENSSL_free(p);
}
-static void sa_free_leaf(void *p, void *arg)
+static void sa_free_leaf(size_t n, void *p, void *arg)
{
OPENSSL_free(p);
}
@@ -122,15 +126,15 @@ void OPENSSL_SA_free_leaves(OPENSSL_SA *sa)
/* Wrap this in a structure to avoid compiler warnings */
struct trampoline_st {
-void (*func)(void *);
+void (*func)(size_t, void *);
};
-static void
[openssl-commits] [openssl] master update
The branch master has been updated
via 953315ae60e135057e308ebd0778ed823d620970 (commit)
from 5a285addbf39f91d567f95f04b2b41764127950d (commit)
- Log -
commit 953315ae60e135057e308ebd0778ed823d620970
Author: Richard Levitte
Date: Wed Feb 13 18:59:13 2019 +0100
test/build.info: add missing ../apps/include
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/8227)
---
Summary of changes:
test/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/build.info b/test/build.info
index 5904267..231d362 100644
--- a/test/build.info
+++ b/test/build.info
@@ -332,7 +332,7 @@ IF[{- !$disabled{tests} -}]
DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
SOURCE[evp_kdf_test]=evp_kdf_test.c
- INCLUDE[evp_kdf_test]=../include
+ INCLUDE[evp_kdf_test]=../include ../apps/include
DEPEND[evp_kdf_test]=../libcrypto libtestutil.a
SOURCE[x509_time_test]=x509_time_test.c
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e0ae0585bee898184cbbe8144d2fa8ce25e8ca72 (commit) from b754a8a1590b8c5c9662c8a0ba49573991488b20 (commit) - Log - commit e0ae0585bee898184cbbe8144d2fa8ce25e8ca72 Author: Pauli Date: Wed Feb 13 16:11:16 2019 +1000 Sparse array limit testing: reduce the range limit for the number of bits in a sparse array pointer block. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8221) --- Summary of changes: crypto/sparse_array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c index 9255f9d..8c9efed 100644 --- a/crypto/sparse_array.c +++ b/crypto/sparse_array.c @@ -37,7 +37,7 @@ # else # define OPENSSL_SA_BLOCK_BITS 12 # endif -#elif OPENSSL_SA_BLOCK_BITS < 2 || OPENSSL_SA_BLOCK_BITS > BN_BITS2 +#elif OPENSSL_SA_BLOCK_BITS < 2 || OPENSSL_SA_BLOCK_BITS > (BN_BITS2 - 1) # error OPENSSL_SA_BLOCK_BITS is out of range #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b754a8a1590b8c5c9662c8a0ba49573991488b20 (commit)
from 5674466e007d892ec55441059b3763abd5dd5440 (commit)
- Log -
commit b754a8a1590b8c5c9662c8a0ba49573991488b20
Author: Daniel DeFreez
Date: Wed Feb 13 14:26:14 2019 +0800
Fix null pointer dereference in cms_RecipientInfo_kari_init
CLA: trivial
Reviewed-by: Bernd Edlinger
Reviewed-by: Paul Yang
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8137)
---
Summary of changes:
crypto/cms/cms_kari.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 4ee7017..9f1f5d5 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -282,7 +282,7 @@ static int
cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
return rv;
}
-/* Initialise a ktri based on passed certificate and key */
+/* Initialise a kari based on passed certificate and key */
int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
EVP_PKEY *pk, unsigned int flags)
@@ -299,6 +299,9 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509
*recip,
kari->version = 3;
rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
+if (rek == NULL)
+return 0;
+
if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek))
{
M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5674466e007d892ec55441059b3763abd5dd5440 (commit)
from 7f4268bff3cf49b96d25bfd83013ee310c31520b (commit)
- Log -
commit 5674466e007d892ec55441059b3763abd5dd5440
Author: Richard Levitte
Date: Tue Feb 12 11:37:43 2019 +0100
Move libapps headers into their own directory
This got triggered by test/testutil.h including ../apps/opt.h.
Some compilers do all inclusions from the directory of the C file
being compiled, so when a C file includes a header file with a
relative file spec, and that header file also includes another header
file with a relative file spec, the compiler no longer follows.
As a specific example, test/testutil/basic_output.c included
../testutil.h. Fine so far, but then, test/testutil.h includes
../apps/opt.h, and the compiler ends up trying to include (seen from
the source top) test/apps/opt.h rather than apps/opt.h, and fails.
The solution could have been to simply add apps/ as an inclusion
directory. However, that directory also has header files that have
nothing to do with libapps, so we take this a bit further, create
apps/include and move libapps specific headers there, and then add
apps/include as inclusion directory in the build.info files where
needed.
Reviewed-by: Paul Yang
(Merged from https://github.com/openssl/openssl/pull/8210)
---
Summary of changes:
apps/build.info | 4 +-
apps/{ => include}/apps.h| 0
apps/{ => include}/apps_ui.h | 0
apps/{ => include}/fmt.h | 0
apps/{ => include}/opt.h | 0
apps/{ => include}/s_apps.h | 0
test/build.info | 226 +--
test/testutil.h | 2 +-
8 files changed, 116 insertions(+), 116 deletions(-)
rename apps/{ => include}/apps.h (100%)
rename apps/{ => include}/apps_ui.h (100%)
rename apps/{ => include}/fmt.h (100%)
rename apps/{ => include}/opt.h (100%)
rename apps/{ => include}/s_apps.h (100%)
diff --git a/apps/build.info b/apps/build.info
index 7a5e876..9b77c46 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -15,12 +15,12 @@
IF[{- !$disabled{apps} -}]
LIBS{noinst}=libapps.a
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
- INCLUDE[libapps.a]=.. ../include
+ INCLUDE[libapps.a]=.. ../include include
PROGRAMS=openssl
SOURCE[openssl]={- join(" ", @apps_init_src) -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
- INCLUDE[openssl]=.. ../include
+ INCLUDE[openssl]=.. ../include include
DEPEND[openssl]=libapps.a ../libssl
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
diff --git a/apps/apps.h b/apps/include/apps.h
similarity index 100%
rename from apps/apps.h
rename to apps/include/apps.h
diff --git a/apps/apps_ui.h b/apps/include/apps_ui.h
similarity index 100%
rename from apps/apps_ui.h
rename to apps/include/apps_ui.h
diff --git a/apps/fmt.h b/apps/include/fmt.h
similarity index 100%
rename from apps/fmt.h
rename to apps/include/fmt.h
diff --git a/apps/opt.h b/apps/include/opt.h
similarity index 100%
rename from apps/opt.h
rename to apps/include/opt.h
diff --git a/apps/s_apps.h b/apps/include/s_apps.h
similarity index 100%
rename from apps/s_apps.h
rename to apps/include/s_apps.h
diff --git a/test/build.info b/test/build.info
index b2b7375..7d4f953 100644
--- a/test/build.info
+++ b/test/build.info
@@ -15,7 +15,7 @@ IF[{- !$disabled{tests} -}]
testutil/format_output.c testutil/tap_bio.c \
testutil/test_cleanup.c testutil/main.c testutil/init.c \
testutil/options.c testutil/test_options.c ../apps/opt.c
- INCLUDE[libtestutil.a]=../include ..
+ INCLUDE[libtestutil.a]=../include ../apps/include ..
DEPEND[libtestutil.a]=../libcrypto
PROGRAMS{noinst}=\
@@ -48,234 +48,234 @@ IF[{- !$disabled{tests} -}]
sysdefaulttest errtest gosttest
SOURCE[versions]=versions.c
- INCLUDE[versions]=../include
+ INCLUDE[versions]=../include ../apps/include
DEPEND[versions]=../libcrypto
SOURCE[aborttest]=aborttest.c
- INCLUDE[aborttest]=../include
+ INCLUDE[aborttest]=../include ../apps/include
DEPEND[aborttest]=../libcrypto
SOURCE[sanitytest]=sanitytest.c
- INCLUDE[sanitytest]=../include
+ INCLUDE[sanitytest]=../include ../apps/include
DEPEND[sanitytest]=../libcrypto libtestutil.a
SOURCE[rsa_complex]=rsa_complex.c
- INCLUDE[rsa_complex]=../include
+ INCLUDE[rsa_complex]=../include ../apps/include
SOURCE[test_test]=test_test.c
- INCLUDE[test_test]=../include
+ INCLUDE[test_test]=../include ../apps/include
DEPEND[test_test]=../libcrypto libtestutil.a
SOURCE[exdatatest]=exdatatest.c
- INCLUDE[exdatatest]=../include
+ INCLUDE[exdatatest]=../include ../apps/include
DEPEND[exdatatest]=../libcrypto libtestutil.a
[openssl-commits] [openssl] master update
The branch master has been updated
via 7f4268bff3cf49b96d25bfd83013ee310c31520b (commit)
from 583fd0c1085c6297e3dd632ac588afee723aae5a (commit)
- Log -
commit 7f4268bff3cf49b96d25bfd83013ee310c31520b
Author: Pauli
Date: Wed Feb 13 09:30:20 2019 +1000
Fix master build.
The recent change from ENGINES to MODULES broke the configure it seems.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/8219)
---
Summary of changes:
engines/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/engines/build.info b/engines/build.info
index f94e620..e493ced 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -43,7 +43,7 @@ IF[{- !$disabled{"engine"} -}]
ENDIF
ENDIF
IF[{- !$disabled{"devcryptoeng"} -}]
- ENGINES=devcrypto
+ MODULES=devcrypto
SOURCE[devcrypto]=e_devcrypto.c
DEPEND[devcrypto]=../libcrypto
INCLUDE[devcrypto]=../include
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e5fee28f0e49fe2e07b2088985eee2d0ffaaf17e (commit) from 54b5fb2dab8b216c11adfbe6320c27e18a44ffb3 (commit) - Log - commit e5fee28f0e49fe2e07b2088985eee2d0ffaaf17e Author: Pauli Date: Wed Feb 13 09:22:36 2019 +1000 Fix typo in comment Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/8218) --- Summary of changes: crypto/sparse_array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c index b256478..9255f9d 100644 --- a/crypto/sparse_array.c +++ b/crypto/sparse_array.c @@ -44,7 +44,7 @@ /* * From the number of bits, work out: *the number of pointers in a tree node; - *a bit mask to quickly extra an index and + *a bit mask to quickly extract an index and *the maximum depth of the tree structure. */ #define SA_BLOCK_MAX(1 << OPENSSL_SA_BLOCK_BITS) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 54b5fb2dab8b216c11adfbe6320c27e18a44ffb3 (commit) from c703a808a1394fea7f77067db20c9508e6964d0b (commit) - Log - commit 54b5fb2dab8b216c11adfbe6320c27e18a44ffb3 Author: Richard Levitte Date: Tue Feb 12 19:54:08 2019 +0100 To use BN_BITS2, we'd better include openssl/bn.h Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8212) --- Summary of changes: crypto/sparse_array.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c index 8b56b25..b256478 100644 --- a/crypto/sparse_array.c +++ b/crypto/sparse_array.c @@ -9,6 +9,7 @@ */ #include +#include #include "internal/sparse_array.h" /* _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via c703a808a1394fea7f77067db20c9508e6964d0b (commit)
via c244aa7bdac4eb26504b68e430557ed3e5a12ae9 (commit)
via 2afebe0bab5e03c9ae1555fd79044940245d7235 (commit)
from 9a18aae5f21efc59da8b697ad67d5d37b95ab322 (commit)
- Log -
commit c703a808a1394fea7f77067db20c9508e6964d0b
Author: Eneas U de Queiroz
Date: Tue Feb 12 10:44:19 2019 -0200
eng_devcrypto.c: close open session on init
cipher_init may be called on an already initialized context, without a
necessary cleanup. This separates cleanup from initialization, closing
an eventual open session before creating a new one.
Signed-off-by: Eneas U de Queiroz
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7859)
commit c244aa7bdac4eb26504b68e430557ed3e5a12ae9
Author: Eneas U de Queiroz
Date: Thu Nov 8 11:07:44 2018 -0200
CHANGES: add note about building devcrypto dynamic
Signed-off-by: Eneas U de Queiroz
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7859)
commit 2afebe0bab5e03c9ae1555fd79044940245d7235
Author: Eneas U de Queiroz
Date: Tue Nov 6 10:57:03 2018 -0200
e_devcrypto: make the /dev/crypto engine dynamic
Engine has been moved from crypto/engine/eng_devcrypto.c to
engines/e_devcrypto.c.
Signed-off-by: Eneas U de Queiroz
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7859)
---
Summary of changes:
CHANGES| 3 +
crypto/engine/build.info | 3 -
crypto/init.c | 34 ++---
engines/build.info | 13 ++
.../eng_devcrypto.c => engines/e_devcrypto.c | 160 ++---
5 files changed, 144 insertions(+), 69 deletions(-)
rename crypto/engine/eng_devcrypto.c => engines/e_devcrypto.c (94%)
diff --git a/CHANGES b/CHANGES
index 9d712f0..02258ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,9 @@
Changes between 1.1.1 and 3.0.0 [xx XXX ]
+ *) Build devcrypto engine as a dynamic engine.
+ [Eneas U de Queiroz]
+
*) Add keyed BLAKE2 to EVP_MAC.
[Antoine Salon]
diff --git a/crypto/engine/build.info b/crypto/engine/build.info
index e00802a..47fe948 100644
--- a/crypto/engine/build.info
+++ b/crypto/engine/build.info
@@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
eng_openssl.c eng_cnf.c eng_dyn.c \
eng_rdrand.c
-IF[{- !$disabled{devcryptoeng} -}]
- SOURCE[../../libcrypto]=eng_devcrypto.c
-ENDIF
diff --git a/crypto/init.c b/crypto/init.c
index 22d28a9..ddea63a 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -353,18 +353,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
engine_load_openssl_int();
return 1;
}
-# ifndef OPENSSL_NO_DEVCRYPTOENG
-static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
-{
-# ifdef OPENSSL_INIT_DEBUG
-fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
-"engine_load_devcrypto_int()\n");
-# endif
-engine_load_devcrypto_int();
-return 1;
-}
-# endif
# ifndef OPENSSL_NO_RDRAND
static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
@@ -389,6 +377,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
return 1;
}
# ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+# ifdef OPENSSL_INIT_DEBUG
+fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+"engine_load_devcrypto_int()\n");
+# endif
+engine_load_devcrypto_int();
+return 1;
+}
+# endif
# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
@@ -747,11 +747,6 @@ int OPENSSL_init_crypto(uint64_t opts, const
OPENSSL_INIT_SETTINGS *settings)
if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
&& !RUN_ONCE(_openssl, ossl_init_engine_openssl))
return 0;
-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
-if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
-&& !RUN_ONCE(_devcrypto, ossl_init_engine_devcrypto))
-return 0;
-# endif
# ifndef OPENSSL_NO_RDRAND
if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
&& !RUN_ONCE(_rdrand, ossl_init_engine_rdrand))
@@ -761,6 +756,11 @@ int OPENSSL_init_crypto(uint64_t opts, const
OPENSSL_INIT_SETTINGS
[openssl-commits] [openssl] master update
The branch master has been updated
via 9a18aae5f21efc59da8b697ad67d5d37b95ab322 (commit)
from a40f0f6475711f01d32c4cdc39e54311b7e9c876 (commit)
- Log -
commit 9a18aae5f21efc59da8b697ad67d5d37b95ab322
Author: Andy Polyakov
Date: Mon Feb 11 15:33:43 2019 +0100
AArch64 assembly pack: authenticate return addresses.
ARMv8.3 adds pointer authentication extension, which in this case allows
to ensure that, when offloaded to stack, return address is same at return
as at entry to the subroutine. The new instructions are nops on processors
that don't implement the extension, so that the vetification is backward
compatible.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8205)
---
Summary of changes:
crypto/aes/asm/aesv8-armx.pl | 2 ++
crypto/aes/asm/vpaes-armv8.pl | 18 ++
crypto/bn/asm/armv8-mont.pl | 4
crypto/chacha/asm/chacha-armv8.pl | 8
crypto/ec/asm/ecp_nistz256-armv8.pl | 28 +++-
crypto/poly1305/asm/poly1305-armv8.pl | 2 ++
crypto/sha/asm/keccak1600-armv8.pl| 14 ++
crypto/sha/asm/sha512-armv8.pl| 2 ++
8 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index b61bdba..9ab2158 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -262,6 +262,7 @@ $code.=<<___;
${prefix}_set_decrypt_key:
___
$code.=<<___ if ($flavour =~ /64/);
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
@@ -305,6 +306,7 @@ $code.=<<___if ($flavour !~ /64/);
___
$code.=<<___ if ($flavour =~ /64/);
ldp x29,x30,[sp],#16
+ .inst 0xd50323bf // autiasp
ret
___
$code.=<<___;
diff --git a/crypto/aes/asm/vpaes-armv8.pl b/crypto/aes/asm/vpaes-armv8.pl
index 1fce0c5..ece9f20 100755
--- a/crypto/aes/asm/vpaes-armv8.pl
+++ b/crypto/aes/asm/vpaes-armv8.pl
@@ -255,6 +255,7 @@ _vpaes_encrypt_core:
.type vpaes_encrypt,%function
.align 4
vpaes_encrypt:
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
@@ -264,6 +265,7 @@ vpaes_encrypt:
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
+ .inst 0xd50323bf // autiasp
ret
.size vpaes_encrypt,.-vpaes_encrypt
@@ -486,6 +488,7 @@ _vpaes_decrypt_core:
.type vpaes_decrypt,%function
.align 4
vpaes_decrypt:
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
@@ -495,6 +498,7 @@ vpaes_decrypt:
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
+ .inst 0xd50323bf // autiasp
ret
.size vpaes_decrypt,.-vpaes_decrypt
@@ -665,6 +669,7 @@ _vpaes_key_preheat:
.type _vpaes_schedule_core,%function
.align 4
_vpaes_schedule_core:
+ .inst 0xd503233f // paciasp
stp x29, x30, [sp,#-16]!
add x29,sp,#0
@@ -829,6 +834,7 @@ _vpaes_schedule_core:
eor v6.16b, v6.16b, v6.16b // vpxor%xmm6, %xmm6,
%xmm6
eor v7.16b, v7.16b, v7.16b // vpxor%xmm7, %xmm7,
%xmm7
ldp x29, x30, [sp],#16
+ .inst 0xd50323bf // autiasp
ret
.size _vpaes_schedule_core,.-_vpaes_schedule_core
@@ -1041,6 +1047,7 @@ _vpaes_schedule_mangle:
.type vpaes_set_encrypt_key,%function
.align 4
vpaes_set_encrypt_key:
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]!// ABI spec says so
@@ -1056,6 +1063,7 @@ vpaes_set_encrypt_key:
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
+ .inst 0xd50323bf // autiasp
ret
.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
@@ -1063,6 +1071,7 @@ vpaes_set_encrypt_key:
.type vpaes_set_decrypt_key,%function
.align 4
vpaes_set_decrypt_key:
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]!// ABI spec says so
@@ -1082,6 +1091,7 @@ vpaes_set_decrypt_key:
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
+ .inst 0xd50323bf // autiasp
ret
.size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
___
@@ -1098,6 +1108,7 @@ vpaes_cbc_encrypt:
cmp w5, #0 // check direction
b.eqvpaes_cbc_decrypt
+ .inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
[openssl-commits] [openssl] master update
The branch master has been updated
via a40f0f6475711f01d32c4cdc39e54311b7e9c876 (commit)
from dff298135b9b8bbaac1f452a219bb446e50728d1 (commit)
- Log -
commit a40f0f6475711f01d32c4cdc39e54311b7e9c876
Author: Pauli
Date: Thu Jan 24 12:15:54 2019 +1000
Add sparse array data type.
This commit adds a space and time efficient sparse array data structure.
The structure's raw API is wrapped by inline functions which provide type
safety.
Reviewed-by: Richard Levitte
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/8197)
---
Summary of changes:
crypto/README.sparse_array | 155 +++
crypto/build.info | 4 +-
crypto/include/internal/sparse_array.h | 78
crypto/sparse_array.c | 213 +
doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod | 112 +++
test/build.info| 6 +-
.../{02-test_lhash.t => 02-test_sparse_array.t}| 6 +-
test/sparse_array_test.c | 103 ++
8 files changed, 671 insertions(+), 6 deletions(-)
create mode 100644 crypto/README.sparse_array
create mode 100644 crypto/include/internal/sparse_array.h
create mode 100644 crypto/sparse_array.c
create mode 100644 doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod
copy test/recipes/{02-test_lhash.t => 02-test_sparse_array.t} (63%)
create mode 100644 test/sparse_array_test.c
diff --git a/crypto/README.sparse_array b/crypto/README.sparse_array
new file mode 100644
index 000..947c34d
--- /dev/null
+++ b/crypto/README.sparse_array
@@ -0,0 +1,155 @@
+The sparse_array.c file contains an implementation of a sparse array that
+attempts to be both space and time efficient.
+
+The sparse array is represented using a tree structure. Each node in the
+tree contains a block of pointers to either the user supplied leaf values or
+to another node.
+
+There are a number of parameters used to define the block size:
+
+OPENSSL_SA_BLOCK_BITS Specifies the number of bits covered by each block
+SA_BLOCK_MAXSpecifies the number of pointers in each block
+SA_BLOCK_MASK Specifies a bit mask to perform modulo block size
+SA_BLOCK_MAX_LEVELS Indicates the maximum possible height of the tree
+
+These constants are inter-related:
+SA_BLOCK_MAX= 2 ^ OPENSSL_SA_BLOCK_BITS
+SA_BLOCK_MASK = SA_BLOCK_MAX - 1
+SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
+ OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
+ of OPENSSL_SA_BLOCK_BITS
+
+OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
+built in setting.
+
+As a space and performance optimisation, the height of the tree is usually
+less than the maximum possible height. Only sufficient height is allocated to
+accommodate the largest index added to the data structure.
+
+The largest index used to add a value to the array determines the tree height:
+
++--+-+
+| Largest Added Index | Height of Tree|
++--+-+
+| SA_BLOCK_MAX - 1 | 1 |
+| SA_BLOCK_MAX ^ 2 - 1 | 2 |
+| SA_BLOCK_MAX ^ 3 - 1 | 3 |
+| ... | ...|
+| size_t max | SA_BLOCK_MAX_LEVELS |
++--+-+
+
+The tree height is dynamically increased as needed based on additions.
+
+An empty tree is represented by a NULL root pointer. Inserting a value at
+index 0 results in the allocation of a top level node full of null pointers
+except for the single pointer to the user's data (N = SA_BLOCK_MAX for
+breviety):
+
+++
+|Root|
+|Node|
++-+--+
+ |
+ |
+ |
+ v
++-+-+---+---+---+---+
+| 0 | 1 | 2 |...|N-1|
+| |nil|nil|...|nil|
++-+-+---+---+---+---+
+ |
+ |
+ |
+ v
++-+--+
+|User|
+|Data|
+++
+Index 0
+
+
+Inserting at element 2N+1 creates a new root node and pushes down the old root
+node. It then creates a second second level node to hold the pointer to the
+user's new data:
+
+++
+|Root|
+|Node|
++-+--+
+ |
+ |
+ |
+ v
++-+-+---+---+---+---+
+| 0 | 1 | 2 |...|N-1|
+| |nil| |...|nil|
++-+-+---+-+-+---+---+
+ | |
+ | +--+
+ | |
+
[openssl-commits] [openssl] master update
The branch master has been updated via ca811248d838058c13236a6c3b688e0ac98c02c8 (commit) from 6e68f244f48bd7118b9262ff5905da1c3b15cae9 (commit) - Log - commit ca811248d838058c13236a6c3b688e0ac98c02c8 Author: Richard Levitte Date: Mon Nov 12 18:16:27 2018 +0100 apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c This allows the user to override our defaults if needed, and in a consistent manner. Partial fix for #7607 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7624) --- Summary of changes: apps/ocsp.c | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 7c2a904..09eeb9c 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \ +#ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +# else +# define HAVE_FORK 1 +# endif +#endif + +#if HAVE_FORK +# undef NO_FORK +#else +# define NO_FORK +#endif + +# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) # define OCSP_DAEMON # include _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 6e68f244f48bd7118b9262ff5905da1c3b15cae9 (commit)
from 61db9961417e74cbd4a285fe482f1f2b30c5536b (commit)
- Log -
commit 6e68f244f48bd7118b9262ff5905da1c3b15cae9
Author: Richard Levitte
Date: Fri Jan 25 23:57:09 2019 +0100
test/recipes/02-err_errstr: skip errors that may not be loaded on Windows
Fixes #8091
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8094)
(cherry picked from commit 0e1b0e510dfe078b3fb2586d987d7b49ff8ef0b2)
---
Summary of changes:
test/recipes/02-test_errstr.t | 37 +
1 file changed, 37 insertions(+)
diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t
index ce2792b..a9e8ed4 100644
--- a/test/recipes/02-test_errstr.t
+++ b/test/recipes/02-test_errstr.t
@@ -38,6 +38,43 @@ plan skip_all => 'OpenSSL is configured "no-autoerrinit" or
"no-err"'
# (this is documented)
my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}};
+if ($^O eq 'MSWin32') {
+# On Windows, these errors have been observed to not always be loaded by
+# apps/openssl, while they are in perl, which causes a difference that we
+# consider a false alarm. So we skip checking these errors.
+# Because we can't know exactly what symbols exist in a perticular perl
+# version, we resort to discovering them directly in the Errno package
+# symbol table.
+my @error_skiplist = qw(
+ENETDOWN
+ENETUNREACH
+ENETRESET
+ECONNABORTED
+EISCONN
+ENOTCONN
+ESHUTDOWN
+ETOOMANYREFS
+ETIMEDOUT
+EHOSTDOWN
+EHOSTUNREACH
+EALREADY
+EINPROGRESS
+ESTALE
+EUCLEAN
+ENOTNAM
+ENAVAIL
+ENOMEDIUM
+ENOKEY
+);
+@posix_errors =
+grep {
+my $x = $_;
+! grep {
+exists $Errno::{$_} && $x == $Errno::{$_}
+} @error_skiplist
+} @posix_errors;
+}
+
plan tests => scalar @posix_errors
+1 # Checking that error 128 gives 'reason(128)'
+1 # Checking that error 0 gives the library name
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 61db9961417e74cbd4a285fe482f1f2b30c5536b (commit)
from 1842f369e5541d8ed9b2716cdd7d516005994733 (commit)
- Log -
commit 61db9961417e74cbd4a285fe482f1f2b30c5536b
Author: Richard Levitte
Date: Sat Feb 2 09:47:16 2019 +0100
Build: correct BASE shlib_version_as_filename
This function is designed to use $config{shlib_version} directly
instead of taking an input argument, yet the BASE variant didn't do
this.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8146)
---
Summary of changes:
Configurations/platform/BASE.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Configurations/platform/BASE.pm b/Configurations/platform/BASE.pm
index b7fec11..fcd7b70 100644
--- a/Configurations/platform/BASE.pm
+++ b/Configurations/platform/BASE.pm
@@ -28,8 +28,8 @@ sub sharedname { return __isshared($_[1]) ? $_[1] : undef }
# Name of shared li
sub staticname { return __base($_[1], '.a') } # Name of static lib
# Convenience function to convert the shlib version to an acceptable part
-# of a file or directory name.
-sub shlib_version_as_filename { return $_[1] }
+# of a file or directory name. By default, we consider it acceptable as is.
+sub shlib_version_as_filename { return $config{shlib_version} }
# Convenience functions to convert the possible extension of an input file name
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1842f369e5541d8ed9b2716cdd7d516005994733 (commit) from a43ce58f5569a160272c492c680f2e42d38ec769 (commit) - Log - commit 1842f369e5541d8ed9b2716cdd7d516005994733 Author: Richard Levitte Date: Thu Jan 31 00:06:50 2019 +0100 ENGINE modules aren't special, so call them MODULES The only thing that makes an ENGINE module special is its entry points. Other than that, it's a normal dynamically loadable module, nothing special about it. This change has us stop pretending anything else. We retain using ENGINE as a term for installation, because it's related to a specific installation directory, and we therefore also mark ENGINE modules specifically as such with an attribute in the build.info files. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/8147) --- Summary of changes: Configurations/README| 8 Configurations/README.design | 36 ++-- Configurations/common.tmpl | 8 Configurations/descrip.mms.tmpl | 29 +++-- Configurations/unix-Makefile.tmpl| 23 --- Configurations/windows-makefile.tmpl | 32 +--- Configure| 27 +++ doc/man1/version.pod | 2 +- engines/build.info | 8 9 files changed, 90 insertions(+), 83 deletions(-) diff --git a/Configurations/README b/Configurations/README index a106f8c..8efabb3 100644 --- a/Configurations/README +++ b/Configurations/README @@ -159,7 +159,7 @@ In each table entry, the following keys are significant: below [2]. dso_scheme => The type of dynamic shared objects to build for. This mostly comes into play with - engines, but can be used for other purposes + modules, but can be used for other purposes as well. Valid values are "DLFCN" (dlopen() et al), "DLFCN_NO_H" (for systems that use dlopen() et al but do not have @@ -350,7 +350,7 @@ In each table entry, the following keys are significant: - shared libraries; that would be libcrypto and libssl. - shared objects (sometimes called dynamic libraries); that would - be the engines. + be the modules. - applications; those are apps/openssl and all the test apps. Very roughly speaking, linking is done like this (words in braces @@ -411,10 +411,10 @@ variables: PROGRAMS=foo bar LIBS=libsomething -ENGINES=libeng +MODULES=libeng SCRIPTS=myhack -Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be +Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be without extensions. The build file templates will figure them out. For each thing to be built, it is then possible to say what sources diff --git a/Configurations/README.design b/Configurations/README.design index 75c19a6..b79d0b2 100644 --- a/Configurations/README.design +++ b/Configurations/README.design @@ -36,7 +36,7 @@ in build.info. Their file name extensions will be inferred by the build-file templates, adapted for the platform they are meant for (see sections on %unified_info and build-file templates further down). -The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare +The variables PROGRAMS, LIBS, MODULES and SCRIPTS are used to declare end products. There are variants for them with '_NO_INST' as suffix (PROGRAM_NO_INST etc) to specify end products that shouldn't get installed. @@ -47,12 +47,12 @@ particular produced file, extra dependencies, include directories needed, or C macros to be defined. All their values in all the build.info throughout the source tree are -collected together and form a set of programs, libraries, engines and +collected together and form a set of programs, libraries, modules and scripts to be produced, source files, dependencies, etc etc etc. Let's have a pretend example, a very limited contraption of OpenSSL, composed of the program 'apps/openssl', the libraries 'libssl' and -'libcrypto', an engine 'engines/ossltest' and their sources and +'libcrypto', an module 'engines/ossltest' and their sources and dependencies. # build.info @@ -120,22 +120,22 @@ This is the build.info file in 'ssl/', and it tells us that the library 'libssl' is built from the source file 'ssl/tls.c'. # engines/build.info -ENGINES=dasync +MODULES=dasync SOURCE[dasync]=e_dasync.c DEPEND[dasync]=../libcrypto INCLUDE[dasync]=../include -
[openssl-commits] [openssl] master update
The branch master has been updated
via a43ce58f5569a160272c492c680f2e42d38ec769 (commit)
from 9d5560331d86c6463e965321f774e4eed582ce0b (commit)
- Log -
commit a43ce58f5569a160272c492c680f2e42d38ec769
Author: Shane Lontis
Date: Thu Aug 16 12:36:01 2018 +1000
Updated test command line parsing to support commmon commands
Reviewed-by: Paul Dale
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6975)
---
Summary of changes:
apps/apps.c | 270 --
apps/apps.h | 362 +--
apps/apps_ui.c | 197 +++
apps/apps_ui.h | 28 +++
apps/build.info | 3 +-
crypto/conf/conf_lcl.h => apps/fmt.c | 8 +-
apps/fmt.h | 44 +
apps/opt.c | 190 +++---
apps/{apps.h => opt.h} | 316 ++
test/asynciotest.c | 2 +
test/bftest.c| 47 +++--
test/bioprinttest.c | 33 +++-
test/bntest.c| 11 ++
test/build.info | 11 +-
test/clienthellotest.c | 2 +
test/cmsapitest.c| 11 ++
test/conf_include_test.c | 36 +++-
test/curve448_internal_test.c| 52 +++--
test/d2i_test.c | 6 +-
test/danetest.c | 6 +-
test/dtlstest.c | 2 +
test/ecstresstest.c | 62 +++---
test/evp_test.c | 6 +-
test/fatalerrtest.c | 2 +
test/gosttest.c | 2 +
test/ocspapitest.c | 4 +-
test/recipes/90-test_includes.t | 2 +-
test/recordlentest.c | 2 +
test/ssl_test.c | 2 +
test/ssl_test_ctx_test.c | 6 +-
test/sslapitest.c| 3 +
test/sslbuffertest.c | 2 +
test/sslcorrupttest.c| 6 +-
test/testutil.h | 95 +++--
test/testutil/driver.c | 179 +++--
test/testutil/main.c | 86 +
test/testutil/options.c | 64 +++
test/testutil/test_options.c | 21 ++
test/testutil/tu_local.h | 12 +-
test/tls13ccstest.c | 2 +
test/uitest.c| 6 +-
test/v3ext.c | 4 +-
test/verify_extra_test.c | 6 +-
test/x509_check_cert_pkey_test.c | 17 +-
test/x509_dup_cert_test.c| 8 +-
test/x509aux.c | 7 +-
46 files changed, 1061 insertions(+), 1182 deletions(-)
create mode 100644 apps/apps_ui.c
create mode 100644 apps/apps_ui.h
copy crypto/conf/conf_lcl.h => apps/fmt.c (59%)
create mode 100644 apps/fmt.h
copy apps/{apps.h => opt.h} (56%)
create mode 100644 test/testutil/options.c
create mode 100644 test/testutil/test_options.c
diff --git a/apps/apps.c b/apps/apps.c
index 39535e9..44a90a3 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -54,9 +54,6 @@ typedef struct {
unsigned long mask;
} NAME_EX_TBL;
-static UI_METHOD *ui_method = NULL;
-static const UI_METHOD *ui_fallback_method = NULL;
-
static int set_table_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg,
@@ -173,179 +170,12 @@ int dump_cert_text(BIO *out, X509 *x)
return 0;
}
-static int ui_open(UI *ui)
-{
-int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
-
-if (opener)
-return opener(ui);
-return 1;
-}
-
-static int ui_read(UI *ui, UI_STRING *uis)
-{
-int (*reader)(UI *ui, UI_STRING *uis) = NULL;
-
-if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
-&& UI_get0_user_data(ui)) {
-switch (UI_get_string_type(uis)) {
-case UIT_PROMPT:
-case UIT_VERIFY:
-{
-const char *password =
-((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-if (password && password[0] != '\0') {
-UI_set_result(ui, uis, password);
-return 1;
-}
-}
-break;
-case UIT_NONE:
-case UIT_BOOLEAN:
-case UIT_INFO:
-case UIT_ERROR:
-break;
-}
-}
-
-reader = UI_method_get_reader(ui_fallback_method);
-if (reader)
-return reader(ui, uis);
-return 1;
-}
-
-static int ui_write(UI *ui, UI_STRING *uis)
-{
-int (*writer)(UI *ui, UI_STRING *uis) = NULL;
-
-if
[openssl-commits] [openssl] master update
The branch master has been updated
via 9d5560331d86c6463e965321f774e4eed582ce0b (commit)
from 2beb004b24ff524d1f27e71994cdcfffb85d7075 (commit)
- Log -
commit 9d5560331d86c6463e965321f774e4eed582ce0b
Author: Tomas Mraz
Date: Fri Feb 1 14:32:36 2019 +0100
Allow the syntax of the .include directive to optionally have '='
If the old openssl versions not supporting the .include directive
load a config file with it, they will bail out with error.
This change allows using the .include = syntax which
is interpreted as variable assignment by the old openssl
config file parser.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8141)
---
Summary of changes:
crypto/conf/conf_def.c | 7 ++-
doc/man5/config.pod| 7 +++
test/recipes/90-test_includes.t| 4 +++-
.../{includes-file.cnf => includes-eq-ws.cnf} | 2 +-
.../90-test_includes_data/{includes-file.cnf => includes-eq.cnf} | 2 +-
5 files changed, 18 insertions(+), 4 deletions(-)
copy test/recipes/90-test_includes_data/{includes-file.cnf =>
includes-eq-ws.cnf} (66%)
copy test/recipes/90-test_includes_data/{includes-file.cnf => includes-eq.cnf}
(68%)
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 8a34218..594f7c5 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
psection = section;
}
p = eat_ws(conf, end);
-if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+if (strncmp(pname, ".include", 8) == 0
+&& (p != pname + 8 || *p == '=')) {
char *include = NULL;
BIO *next;
+if (*p == '=') {
+p++;
+p = eat_ws(conf, p);
+}
trim_ws(conf, p);
if (!str_copy(conf, psection, , p))
goto err;
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 275d96c..3d0842c 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -42,6 +42,13 @@ working directory so unless the configuration file
containing the
B<.include> directive is application specific the inclusion will not
work as expected.
+There can be optional B<=> character and whitespace characters between
+B<.include> directive and the path which can be useful in cases the
+configuration file needs to be loaded by old OpenSSL versions which do
+not support the B<.include> syntax. They would bail out with error
+if the B<=> character is not present but with it they just ignore
+the include.
+
Each section in a configuration file consists of a number of name and
value pairs of the form B
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index 5169700..c6a86fc 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -11,11 +11,13 @@ plan skip_all => "test_includes doesn't work without
posix-io"
if disabled("posix-io");
plan tests => # The number of tests being performed
-3
+5
+ ($^O eq "VMS" ? 2 : 0);
ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test
directory includes");
ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test
file includes");
+ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test
includes with equal character");
+ok(run(test(["conf_include_test", data_file("includes-eq-ws.cnf")])), "test
includes with equal and whitespaces");
if ($^O eq "VMS") {
ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])),
"test directory includes, VMS syntax");
diff --git a/test/recipes/90-test_includes_data/includes-file.cnf
b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
similarity index 66%
copy from test/recipes/90-test_includes_data/includes-file.cnf
copy to test/recipes/90-test_includes_data/includes-eq-ws.cnf
index 1737b70..38109a7 100644
--- a/test/recipes/90-test_includes_data/includes-file.cnf
+++ b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
@@ -2,4 +2,4 @@
# Example configuration file using includes.
#
-.include includes.cnf
+.include = conf-includes
diff --git a/test/recipes/90-test_includes_data/includes-file.cnf
b/test/recipes/90-test_includes_data/includes-eq.cnf
similarity index 68%
copy from test/recipes/90-test_includes_data/includes-file.cnf
copy to test/recipes/90-test_includes_data/includes-eq.cnf
index 1737b70..9d37158 100644
--- a/test/recipes/90-test_includes_data/includes-file.cnf
+++
[openssl-commits] [openssl] master update
The branch master has been updated
via 758229f7d22775d7547e3b3b886b7f6a289c6897 (commit)
from 1980ce45d6bdd2b57df7003d6b56b5df560b9064 (commit)
- Log -
commit 758229f7d22775d7547e3b3b886b7f6a289c6897
Author: Daniel DeFreez
Date: Thu Feb 7 09:55:14 2019 -0800
Fix null pointer dereference in ssl_module_init
CLA: Trivial
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8183)
---
Summary of changes:
crypto/conf/conf_ssl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c
index a1b24b2..d703f73 100644
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -78,6 +78,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
cnt = sk_CONF_VALUE_num(cmd_lists);
ssl_module_free(md);
ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+if (ssl_names == NULL)
+goto err;
ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name_st *ssl_name = ssl_names + i;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2beb004b24ff524d1f27e71994cdcfffb85d7075 (commit)
from 758229f7d22775d7547e3b3b886b7f6a289c6897 (commit)
- Log -
commit 2beb004b24ff524d1f27e71994cdcfffb85d7075
Author: Pauli
Date: Thu Jan 24 12:22:48 2019 +1000
Fix comment typo
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8196)
---
Summary of changes:
crypto/rsa/rsa_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 994978b..0848936 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -181,7 +181,7 @@ static const unsigned int c1_923 = 0x07b126;/* scale *
1.923 */
static const unsigned int c4_690 = 0x12c28f;/* scale * 4.690 */
/*
- * Multiply two scale integers together and rescale the result.
+ * Multiply two scaled integers together and rescale the result.
*/
static ossl_inline uint64_t mul2(uint64_t a, uint64_t b)
{
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 1980ce45d6bdd2b57df7003d6b56b5df560b9064 (commit)
via 2aa2beb06cc25c1f8accdc3d87b946205becfd86 (commit)
from b1522fa5ef676b7af0128eab3eee608af3416182 (commit)
- Log -
commit 1980ce45d6bdd2b57df7003d6b56b5df560b9064
Author: Todd Short
Date: Wed Feb 6 09:28:22 2019 -0500
Update d2i_PrivateKey documentation
Reviewed-by: Paul Yang
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8168)
commit 2aa2beb06cc25c1f8accdc3d87b946205becfd86
Author: Todd Short
Date: Mon Feb 4 16:04:11 2019 -0500
Fix d2i_PublicKey() for EC keys
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.
o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.
However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.
This means you can't d2i_PublicKey() for an EC key...
The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().
Reviewed-by: Paul Yang
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8168)
---
Summary of changes:
crypto/asn1/d2i_pu.c| 2 +-
doc/man3/d2i_PrivateKey.pod | 18 +++---
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 73093a6..8876878 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const
unsigned char **pp,
} else
ret = *a;
-if (!EVP_PKEY_set_type(ret, type)) {
+if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
goto err;
}
diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod
index 87ac8a8..eab98b3 100644
--- a/doc/man3/d2i_PrivateKey.pod
+++ b/doc/man3/d2i_PrivateKey.pod
@@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or
d2i_AutoPrivateKey()
(i.e. an existing structure is being reused) and the key format is PKCS#8
then B<*a> will be freed and replaced on a successful call.
+To decode a key with type B, d2i_PublicKey() requires B<*a> to be
+a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the
proper
+EC_GROUP.
+
=head1 RETURN VALUES
-d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B structure
-or B if an error occurs. The error code can be obtained by calling
-L.
+The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(),
d2i_PrivateKey_fp(),
+and d2i_PublicKey() functions return a valid B structure or B
if an
+error occurs. The error code can be obtained by calling L.
-i2d_PrivateKey() returns the number of bytes successfully encoded or a
-negative value if an error occurs. The error code can be obtained by calling
-L.
+i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully
+encoded or a negative value if an error occurs. The error code can be obtained
+by calling L.
=head1 SEE ALSO
@@ -67,7 +71,7 @@ L
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b1522fa5ef676b7af0128eab3eee608af3416182 (commit) from 03cdfe1efaf2a3b5192b8cb3ef331939af7bfeb8 (commit) - Log - commit b1522fa5ef676b7af0128eab3eee608af3416182 Author: Pauli Date: Fri Dec 21 12:03:19 2018 +1000 Address a bug in the DRBG tests where the reseeding wasn't properly reinstantiating the DRBG. Bug reported by Doug Gibbons. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/8184) --- Summary of changes: test/drbgtest.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/drbgtest.c b/test/drbgtest.c index c788f19..362a1d2 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -429,7 +429,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) */ /* Test explicit reseed with too large additional input */ -if (!init(drbg, td, ) +if (!instantiate(drbg, td, ) || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0) goto err; @@ -440,7 +440,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test explicit reseed with too much entropy */ -if (!init(drbg, td, )) +if (!instantiate(drbg, td, )) goto err; t.entropylen = drbg->max_entropylen + 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) @@ -448,7 +448,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test explicit reseed with too little entropy */ -if (!init(drbg, td, )) +if (!instantiate(drbg, td, )) goto err; t.entropylen = drbg->min_entropylen - 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 03cdfe1efaf2a3b5192b8cb3ef331939af7bfeb8 (commit)
from ef45aa14c5af024fcb8bef1c9007f3d1c115bd85 (commit)
- Log -
commit 03cdfe1efaf2a3b5192b8cb3ef331939af7bfeb8
Author: Richard Levitte
Date: Wed Feb 6 20:51:47 2019 +0100
test/drbgtest.c: call OPENSSL_thread_stop() explicitly
The manual says this in its notes:
... and therefore applications using static linking should also call
OPENSSL_thread_stop() on each thread. ...
Fixes #8171
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/8173)
---
Summary of changes:
test/drbgtest.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 4546f63..c788f19 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -839,6 +839,11 @@ typedef HANDLE thread_t;
static DWORD WINAPI thread_run(LPVOID arg)
{
run_multi_thread_test();
+/*
+ * Because we're linking with a static library, we must stop each
+ * thread explicitly, or so says OPENSSL_thread_stop(3)
+ */
+OPENSSL_thread_stop();
return 0;
}
@@ -860,6 +865,11 @@ typedef pthread_t thread_t;
static void *thread_run(void *arg)
{
run_multi_thread_test();
+/*
+ * Because we're linking with a static library, we must stop each
+ * thread explicitly, or so says OPENSSL_thread_stop(3)
+ */
+OPENSSL_thread_stop();
return NULL;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ef45aa14c5af024fcb8bef1c9007f3d1c115bd85 (commit) from f2ed96dac01421f1e660e353e8e257f2d0b7424a (commit) - Log - commit ef45aa14c5af024fcb8bef1c9007f3d1c115bd85 Author: Matt Caswell Date: Tue Feb 5 14:25:18 2019 + Make OPENSSL_malloc_init() a no-op Making this a no-op removes a potential infinite loop than can occur in some situations. Fixes #2865 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8167) --- Summary of changes: doc/man3/OPENSSL_malloc.pod | 6 ++ include/openssl/crypto.h| 9 ++--- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index e17ff63..f1de27a 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -90,10 +90,8 @@ generally macro's that add the standard C B<__FILE__> and B<__LINE__> parameters and call a lower-level B API. Some functions do not add those parameters, but exist for consistency. -OPENSSL_malloc_init() sets the lower-level memory allocation functions -to their default implementation. -It is generally not necessary to call this, except perhaps in certain -shared-library situations. +OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index f912302..cbde3d5 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -109,13 +109,8 @@ DEFINE_STACK_OF(void) # define CRYPTO_EX_INDEX_DRBG15 # define CRYPTO_EX_INDEX__COUNT 16 -/* - * This is the default callbacks, but we can have others as well: this is - * needed in Win32 where the application malloc and the library malloc may - * not be the same. - */ -#define OPENSSL_malloc_init() \ -CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free) +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue int CRYPTO_mem_ctrl(int mode); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f2ed96dac01421f1e660e353e8e257f2d0b7424a (commit) from 8269e44f9e40831a497fe9f31ba1d65aeb49a5c1 (commit) - Log - commit f2ed96dac01421f1e660e353e8e257f2d0b7424a Author: Antoine Salon Date: Wed Feb 6 11:49:19 2019 -0800 Add CHANGES entry for blake2mac Signed-off-by: Antoine Salon Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8172) --- Summary of changes: CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 7c678b4..9d712f0 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes between 1.1.1 and 3.0.0 [xx XXX ] + *) Add keyed BLAKE2 to EVP_MAC. + [Antoine Salon] + *) Fix a bug in the computation of the endpoint-pair shared secret used by DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 8269e44f9e40831a497fe9f31ba1d65aeb49a5c1 (commit)
via b215db236c6668c785bd99787b3fd07d5b2e6a10 (commit)
via 33e113b0cbd9a0845f6f8a63e8aad558a897cac6 (commit)
via 13b3cd7bc77d5d9297a755727100aee22d3e22b6 (commit)
via d1ad7c834e10543b3d1ecb36ccbd110384063b8f (commit)
via c3a261f8d31c1d04db01de36eccfe001b4ca0368 (commit)
via fc3c0223e8a70bfe8f8aefc98b819f7d852f3594 (commit)
via 18568864169d970bcbda300e76f6fb1a1015a0d5 (commit)
from df4439186fb70ce72668d472943dbcd057df8f30 (commit)
- Log -
commit 8269e44f9e40831a497fe9f31ba1d65aeb49a5c1
Author: Antoine Salon
Date: Mon Jan 7 15:09:55 2019 -0800
blake2: avoid writing to output buffer when using default digest length
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit b215db236c6668c785bd99787b3fd07d5b2e6a10
Author: Antoine Salon
Date: Thu Dec 20 15:36:40 2018 -0800
blake2: add evpmac test vectors
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit 33e113b0cbd9a0845f6f8a63e8aad558a897cac6
Author: Antoine Salon
Date: Thu Dec 20 15:36:07 2018 -0800
blake2: backport changes to blake2s
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit 13b3cd7bc77d5d9297a755727100aee22d3e22b6
Author: Antoine Salon
Date: Thu Dec 20 15:34:22 2018 -0800
blake2: add EVP_MAC man page
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit d1ad7c834e10543b3d1ecb36ccbd110384063b8f
Author: Antoine Salon
Date: Thu Dec 20 15:32:58 2018 -0800
blake2: register MAC objects
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit c3a261f8d31c1d04db01de36eccfe001b4ca0368
Author: Antoine Salon
Date: Thu Dec 20 15:28:10 2018 -0800
blake2b: add EVP_MAC API
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit fc3c0223e8a70bfe8f8aefc98b819f7d852f3594
Author: Antoine Salon
Date: Thu Dec 20 15:20:00 2018 -0800
blake2b: add support for parameter setting and keyed hash
The param block structure is used as a container for parameter values
Added blake2b keyed init
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
commit 18568864169d970bcbda300e76f6fb1a1015a0d5
Author: Antoine Salon
Date: Thu Dec 20 15:08:23 2018 -0800
blake2: add implementation support for variable digest length
Signed-off-by: Antoine Salon
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7726)
---
Summary of changes:
crypto/blake2/blake2_locl.h | 27 ++-
crypto/blake2/blake2b.c | 78 +++-
crypto/blake2/blake2b_mac.c | 190 ++
crypto/blake2/blake2s.c | 81 ++--
crypto/blake2/blake2s_mac.c | 190 ++
crypto/blake2/build.info | 2 +-
crypto/blake2/m_blake2b.c | 8 +-
crypto/blake2/m_blake2s.c | 8 +-
crypto/err/openssl.txt| 5 +
crypto/evp/c_allm.c | 4 +
crypto/evp/evp_err.c | 6 +
crypto/include/internal/evp_int.h | 2 +
crypto/objects/obj_dat.h | 12 +-
crypto/objects/obj_mac.num| 2 +
crypto/objects/objects.txt| 2 +
doc/man3/EVP_MAC.pod | 17 +-
doc/man7/{EVP_MAC_KMAC.pod => EVP_MAC_BLAKE2.pod} | 52 +++--
include/openssl/evp.h | 3 +
include/openssl/evperr.h | 5 +
include/openssl/obj_mac.h | 8 +
test/evp_test.c | 26 ++-
test/recipes/30-test_evp_data/evpmac.txt | 230 ++
22 files changed, 897 insertions(+), 61 deletions(-)
create mode 100644 crypto/blake2/blake2b_mac.c
[openssl-commits] [openssl] master update
The branch master has been updated via df4439186fb70ce72668d472943dbcd057df8f30 (commit) from d6f4b0a8bfbe901c72294d8923eb5b6f54ca7732 (commit) - Log - commit df4439186fb70ce72668d472943dbcd057df8f30 Author: Sam Roberts Date: Thu Jan 31 09:55:30 2019 -0800 Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8092) --- Summary of changes: CHANGES | 2 +- CONTRIBUTING | 2 +- Configurations/00-base-templates.conf| 2 +- Configurations/50-win-onecore.conf | 2 +- Configurations/README| 2 +- Configurations/README.design | 8 Configurations/descrip.mms.tmpl | 2 +- Configurations/unix-Makefile.tmpl| 2 +- NOTES.ANDROID| 2 +- NOTES.DJGPP | 4 ++-- NOTES.VMS| 2 +- apps/ct_log_list.cnf | 4 ++-- apps/demoSRP/srp_verifier.txt| 2 +- apps/dh1024.pem | 2 +- apps/dh2048.pem | 4 ++-- apps/dh4096.pem | 4 ++-- apps/openssl-vms.cnf | 4 ++-- apps/openssl.cnf | 4 ++-- apps/s_client.c | 4 ++-- config | 16 crypto/bn/asm/ia64.S | 4 ++-- crypto/bn/asm/sparcv8plus.S | 4 ++-- crypto/bn/bn_ctx.c | 4 ++-- crypto/cryptlib.c| 6 +++--- crypto/des/asm/des_enc.m4| 4 ++-- crypto/ec/curve448/point_448.h | 14 +++--- crypto/engine/README | 2 +- crypto/engine/eng_lib.c | 2 +- crypto/evp/e_aes.c | 2 +- crypto/objects/objects.txt | 2 +- crypto/pem/pem_info.c| 2 +- crypto/srp/srp_vfy.c | 2 +- demos/bio/accept.cnf | 2 +- demos/bio/connect.cnf| 2 +- demos/bio/descrip.mms| 2 +- demos/certs/README | 2 +- demos/certs/apps/mkxcerts.sh | 2 +- demos/certs/mkcerts.sh | 2 +- doc/HOWTO/certificates.txt | 2 +- doc/HOWTO/proxy_certificates.txt | 2 +- doc/fingerprints.txt | 2 +- doc/man1/ca.pod | 2 +- doc/man1/s_server.pod| 2 +- doc/man3/EVP_PKEY_asn1_get_count.pod | 2 +- doc/man3/HMAC.pod| 2 +- doc/man3/SSL_CTX_set0_CA_list.pod| 2 +- doc/man3/SSL_CTX_set_ctlog_list_file.pod | 2 +- doc/man3/SSL_read_early_data.pod | 2 +- include/internal/thread_once.h | 12 ++-- include/internal/tsan_assist.h | 2 +- test/README.external | 2 +- test/build.info | 2 +- test/rdrand_sanitytest.c | 4 ++-- test/servername_test.c | 2 +- test/testutil/main.c | 2 +- test/tls13secretstest.c | 2 +- util/indent.pro | 2 +- util/openssl-format-source | 28 ++-- util/perl/TLSProxy/Alert.pm | 2 +- util/perl/TLSProxy/Message.pm| 4 ++-- util/perl/TLSProxy/Record.pm | 2 +- util/perl/TLSProxy/ServerHello.pm| 4 ++-- util/perl/TLSProxy/ServerKeyExchange.pm | 2 +- 63 files changed, 113 insertions(+), 113 deletions(-) diff --git a/CHANGES b/CHANGES index a72daba..7c678b4 100644 --- a/CHANGES +++ b/CHANGES @@ -74,7 +74,7 @@ implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued use of MACs through raw private keys in functionality such as EVP_DigestSign* and EVP_DigestVerify*. - [Richard Levitte] + [Richard Levitte] *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). diff --git a/CONTRIBUTING b/CONTRIBUTING index 639c3cf..250bbdb 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -57,7 +57,7 @@ guidelines: 7. For user visible changes (API changes, behaviour changes, ...), consider adding a note in CHANGES. This could be a summarising description of the
[openssl-commits] [openssl] master update
The branch master has been updated
via d6f4b0a8bfbe901c72294d8923eb5b6f54ca7732 (commit)
from 3499327bad401eb510d76266428923d06c9c7bb7 (commit)
- Log -
commit d6f4b0a8bfbe901c72294d8923eb5b6f54ca7732
Author: Patrick Steuer
Date: Mon Feb 6 10:54:54 2017 +0100
crypto/poly1305/asm/poly1305-s390x.pl: add vx code path.
Signed-off-by: Patrick Steuer
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7991)
---
Summary of changes:
crypto/poly1305/asm/poly1305-s390x.pl | 944 --
1 file changed, 780 insertions(+), 164 deletions(-)
diff --git a/crypto/poly1305/asm/poly1305-s390x.pl
b/crypto/poly1305/asm/poly1305-s390x.pl
index 21ca860..390f9ee 100755
--- a/crypto/poly1305/asm/poly1305-s390x.pl
+++ b/crypto/poly1305/asm/poly1305-s390x.pl
@@ -24,204 +24,820 @@
#
# On side note, z13 enables vector base 2^26 implementation...
-$flavour = shift;
+#
+# January 2019
+#
+# Add vx code path (base 2^26).
+#
+# Copyright IBM Corp. 2019
+# Author: Patrick Steuer
+use strict;
+use FindBin qw($Bin);
+use lib "$Bin/../..";
+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL);
+
+my $flavour = shift;
+
+my ($z,$SIZE_T);
if ($flavour =~ /3[12]/) {
+ $z=0; # S/390 ABI
$SIZE_T=4;
- $g="";
} else {
+ $z=1; # zSeries ABI
$SIZE_T=8;
- $g="g";
}
+my $output;
while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-$sp="%r15";
+my $sp="%r15";
+
+# novx code path ctx layout
+# -
+# var value baseoff
+# -
+# u64 h[3] hash2^64 0
+# u32 pad[2]
+# u64 r[2] key 2^64 32
+
+# vx code path ctx layout
+# -
+# var value baseoff
+# -
+# u32 acc1[5] r^2-acc 2^26 0
+# u32 pad
+# u32 acc2[5] r-acc 2^26 24
+# u32 pad
+# u32 r1[5]r 2^26 48
+# u32 r15[5] 5*r 2^26 68
+# u32 r2[5]r^2 2^26 88
+# u32 r25[5] 5*r^2 2^26108
+# u32 r4[5]r^4 2^26128
+# u32 r45[5] 5*r^4 2^26148
+
+PERLASM_BEGIN($output);
+
+TEXT ();
+
+
+# static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+my ($ctx,$key)=map("%r$_",(2..3));
+my ($r0,$r1,$r2)=map("%r$_",(9,11,13));
-my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5));
+sub MUL_RKEY { # r*=key
+my ($d0hi,$d0lo,$d1hi,$d1lo)=map("%r$_",(4..7));
+my ($t0,$t1,$s1)=map("%r$_",(8,10,12));
+
+ lg ("%r0","32($ctx)");
+ lg ("%r1","40($ctx)");
+
+ srlg($s1,"%r1",2);
+ algr($s1,"%r1");
+
+ lgr ($d0lo,$r0);
+ lgr ($d1lo,$r1);
+
+ mlgr($d0hi,"%r0");
+ lgr ($r1,$d1lo);
+ mlgr($d1hi,$s1);
+
+ mlgr($t0,"%r1");
+ mlgr($t1,"%r0");
+
+ algr($d0lo,$d1lo);
+ lgr ($d1lo,$r2);
+ alcgr ($d0hi,$d1hi);
+ lghi($d1hi,0);
+
+ algr($r1,$r0);
+ alcgr ($t1,$t0);
+
+ msgr($d1lo,$s1);
+ msgr($r2,"%r0");
+
+ algr($r1,$d1lo);
+ alcgr ($t1,$d1hi);
+
+ algr($r1,$d0hi);
+ alcgr ($r2,$t1);
+
+ lghi($r0,-4);
+ ngr ($r0,$r2);
+ srlg($t0,$r2,2);
+ algr($r0,$t0);
+ lghi($t1,3);
+ ngr ($r2,$t1);
+
+ algr($r0,$d0lo);
+ alcgr ($r1,$d1hi);
+ alcgr ($r2,$d1hi);
+}
+
+sub ST_R5R { # store r,5*r -> base 2^26
+my @d=map("%r$_",(4..8));
+my @off=@_;
+
+ lgr (@d[2],$r0);
+ lr ("%r1",@d[2]);
+ nilh("%r1",1023);
+ lgr (@d[3],$r1);
+ lr (@d[0],"%r1");
+ srlg("%r1",@d[2],52);
+ lgr (@d[4],$r2);
+ srlg("%r0",@d[2],26);
+ sll (@d[4],24);
+ lr (@d[2],@d[3]);
+ nilh("%r0",1023);
+ sll (@d[2],12);
+ lr (@d[1],"%r0");
+(@d[2],"%r1");
+ srlg("%r1",@d[3],40);
+ nilh(@d[2],1023);
+(@d[4],"%r1");
+ srlg(@d[3],@d[3],14);
+ nilh(@d[4],1023);
+ nilh(@d[3],1023);
+
+ stm (@d[0],@d[4],"@off[0]($ctx)");
+ mhi (@d[$_],5) for (0..4);
+ stm (@d[0],@d[4],"@off[1]($ctx)");
+}
-$code.=<<___;
-.text
-
-.globl poly1305_init
-.type poly1305_init,\@function
-.align 16
-poly1305_init:
- lghi%r0,0
- lghi%r1,-1
- stg %r0,0($ctx) # zero hash value
- stg %r0,8($ctx)
- stg %r0,16($ctx)
-
- cl${g}r $inp,%r0
- je .Lno_key
-
- lrvg%r4,0($inp) # load little-endian key
- lrvg%r5,8($inp)
-
- nihl%r1,0xffc0
[openssl-commits] [openssl] master update
The branch master has been updated via 3499327bad401eb510d76266428923d06c9c7bb7 (commit) from 66a60003719240399f6596e58c239df0465a4f70 (commit) - Log - commit 3499327bad401eb510d76266428923d06c9c7bb7 Author: Sam Roberts Date: Fri Feb 1 15:06:26 2019 -0800 Make some simple getters take const SSL/SSL_CTX Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8145) --- Summary of changes: doc/man3/SSL_CTX_set_record_padding_callback.pod | 4 ++-- doc/man3/SSL_CTX_set_ssl_version.pod | 2 +- doc/man3/SSL_key_update.pod | 4 ++-- include/openssl/ssl.h| 20 ++-- ssl/ssl_lib.c| 20 ++-- 5 files changed, 25 insertions(+), 25 deletions(-) diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod index 4bf87c8..3df6621 100644 --- a/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -19,10 +19,10 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); - void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); + void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); - void *SSL_get_record_padding_callback_arg(SSL *ssl); + void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_block_padding(SSL *ssl, size_t block_size); diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod index 0671b53..b410731 100644 --- a/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/doc/man3/SSL_CTX_set_ssl_version.pod @@ -11,7 +11,7 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); - const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/man3/SSL_key_update.pod b/doc/man3/SSL_key_update.pod index 6102143..f95d89e 100644 --- a/doc/man3/SSL_key_update.pod +++ b/doc/man3/SSL_key_update.pod @@ -14,11 +14,11 @@ SSL_renegotiate_pending #include int SSL_key_update(SSL *s, int updatetype); - int SSL_get_key_update_type(SSL *s); + int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); - int SSL_renegotiate_pending(SSL *s); + int SSL_renegotiate_pending(const SSL *s); =head1 DESCRIPTION diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index dc7285f..35311ac 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1931,17 +1931,17 @@ __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); int SSL_key_update(SSL *s, int updatetype); -int SSL_get_key_update_type(SSL *s); +int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); -__owur int SSL_renegotiate_pending(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); int SSL_shutdown(SSL *s); __owur int SSL_verify_client_post_handshake(SSL *s); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); void SSL_set_post_handshake_auth(SSL *s, int val); -__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); __owur const char *SSL_alert_type_string_long(int value); __owur const char *SSL_alert_type_string(int value); @@ -2089,8 +2089,8 @@ void SSL_set_tmp_dh_callback(SSL *ssl, int keylength)); # endif -__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); -__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); __owur int SSL_COMP_get_id(const SSL_COMP *comp); @@ -2134,20 +2134,20 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb) (SSL *ssl, int type,
[openssl-commits] [openssl] master update
The branch master has been updated
via 66a60003719240399f6596e58c239df0465a4f70 (commit)
from adc7e221f12462c6e10bc7c2c7afaf52490cb292 (commit)
- Log -
commit 66a60003719240399f6596e58c239df0465a4f70
Author: Matthias Kraft
Date: Mon Feb 4 09:55:07 2019 +0100
Fix Invalid Argument return code from IP_Factory in connect_to_server().
Fixes #7732
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8158)
---
Summary of changes:
util/perl/TLSProxy/Proxy.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index 3821385..a583e63 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -44,7 +44,7 @@ BEGIN
$s->close();
};
if ($@ eq "") {
-$IP_factory = sub { IO::Socket::INET6->new(@_); };
+$IP_factory = sub { IO::Socket::INET6->new(Domain => AF_INET6, @_); };
$have_IPv6 = 1;
} else {
eval {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via adc7e221f12462c6e10bc7c2c7afaf52490cb292 (commit)
from 1039c7825535d8219b88372b7ad4a3b94c42605d (commit)
- Log -
commit adc7e221f12462c6e10bc7c2c7afaf52490cb292
Author: batist73
Date: Sat Feb 2 13:45:06 2019 +0300
Android build: fix usage of NDK home variable ($ndk_var)
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8153)
---
Summary of changes:
Configurations/15-android.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index c94da41..7b496a4 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -24,7 +24,8 @@
my $ndk_var;
my $ndk;
-foreach $ndk_var (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1039c7825535d8219b88372b7ad4a3b94c42605d (commit) from b2aea0e3d9a15e30ebce8b6da213df4a3f346155 (commit) - Log - commit 1039c7825535d8219b88372b7ad4a3b94c42605d Author: Richard Levitte Date: Mon Feb 4 07:55:56 2019 +0100 Build: correct assembler generation in crypto/rc4/build.info In the removal of BEGINRAW / ENDRAW, attention to the difference between capital .S and lowercase .s wasn't duly paid. This corrects the error. Fixes #8155 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8157) --- Summary of changes: crypto/rc4/build.info | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rc4/build.info b/crypto/rc4/build.info index 9941e6e..8d272e4 100644 --- a/crypto/rc4/build.info +++ b/crypto/rc4/build.info @@ -10,5 +10,5 @@ GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl $(PERLASM_SCHEME) GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME) -GENERATE[rc4-c64xplus.S]=asm/rc4-c64xplus.pl $(PERLASM_SCHEME) -GENERATE[rc4-s390x.S]=asm/rc4-s390x.pl $(PERLASM_SCHEME) +GENERATE[rc4-c64xplus.s]=asm/rc4-c64xplus.pl $(PERLASM_SCHEME) +GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b2aea0e3d9a15e30ebce8b6da213df4a3f346155 (commit) from 1050f687226d43720da59a22b9afe45a4840659e (commit) - Log - commit b2aea0e3d9a15e30ebce8b6da213df4a3f346155 Author: Bernd Edlinger Date: Wed Jan 30 16:20:31 2019 +0100 Add an entry to the CHANGES for the d2i_X509_PUBKEY fix The commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b forgot to add a short description to the CHANGES file. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8144) --- Summary of changes: CHANGES | 4 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 20b1f5c..a72daba 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,10 @@ interoperability with such broken implementations. However, enabling this switch breaks interoperability with correct implementations. + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 1050f687226d43720da59a22b9afe45a4840659e (commit)
from 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 (commit)
- Log -
commit 1050f687226d43720da59a22b9afe45a4840659e
Author: Richard Levitte
Date: Fri Feb 1 10:51:20 2019 +0100
VMS: Clean away stray debugging prints from descrip.mms.tmpl
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8140)
---
Summary of changes:
Configurations/descrip.mms.tmpl | 5 -
1 file changed, 5 deletions(-)
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 46b9ffc..a0bc93d 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -102,9 +102,6 @@
return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS)
depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
}
- #use Data::Dumper;
- #print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
- #print STDERR "DEBUG: after:\n", Dumper($unified_info{after});
"";
-}
PLATFORM={- $config{target} -}
@@ -1097,10 +1094,8 @@ EOF
join("\n\t", "WRITE OPT_FILE \"CASE_SENSITIVE=YES\"",
map { my @lines = ();
use Data::Dumper;
- print STDERR "DEBUG: ",Dumper($_);
my $x = $_->{lib} =~ /\[/
? $_->{lib} : "[]".$_->{lib};
- print STDERR "DEBUG: ",Dumper($x);
if ($x =~ m|\.EXE$|) {
push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
} elsif ($x =~ m|\.OLB$|) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 (commit)
from a28e4890eed847e6122a1c4d50653566e0813f45 (commit)
- Log -
commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674
Author: Michael Tuexen
Date: Wed Dec 26 12:44:53 2018 +0100
Fix end-point shared secret for DTLS/SCTP
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.
Fixes #7956
Reviewed-by: Kurt Roeckx
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7957)
---
Summary of changes:
CHANGES| 7 ++
apps/s_client.c| 15 +++
apps/s_server.c| 17 ++-
doc/man1/s_client.pod | 9 ++
doc/man1/s_server.pod | 9 ++
doc/man3/SSL_CTX_set_mode.pod | 9 ++
include/openssl/ssl.h | 12 +++
ssl/statem/statem_clnt.c | 16 ++-
ssl/statem/statem_srvr.c | 16 ++-
test/handshake_helper.c| 33 +-
test/recipes/80-test_ssl_new.t | 3 +-
test/ssl-tests/29-dtls-sctp-label-bug.conf | 116 +
...atus.conf.in => 29-dtls-sctp-label-bug.conf.in} | 57 --
test/ssl_test_ctx.c| 4 +
test/ssl_test_ctx.h| 4 +
15 files changed, 286 insertions(+), 41 deletions(-)
create mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.conf
copy test/ssl-tests/{16-dtls-certstatus.conf.in =>
29-dtls-sctp-label-bug.conf.in} (54%)
diff --git a/CHANGES b/CHANGES
index 311d6c6..20b1f5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
Changes between 1.1.1 and 3.0.0 [xx XXX ]
+ *) Fix a bug in the computation of the endpoint-pair shared secret used
+ by DTLS over SCTP. This breaks interoperability with older versions
+ of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+ switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+ interoperability with such broken implementations. However, enabling
+ this switch breaks interoperability with correct implementations.
+
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
diff --git a/apps/s_client.c b/apps/s_client.c
index 6e06f15..872496c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -598,6 +598,7 @@ typedef enum OPTION_choice {
#endif
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
+OPT_SCTP_LABEL_BUG,
OPT_R_ENUM
} OPTION_CHOICE;
@@ -754,6 +755,7 @@ const OPTIONS s_client_options[] = {
#endif
#ifndef OPENSSL_NO_SCTP
{"sctp", OPT_SCTP, '-', "Use SCTP"},
+{"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length
bug"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
@@ -982,6 +984,9 @@ int s_client_main(int argc, char **argv)
#endif
char *psksessf = NULL;
int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+int sctp_label_bug = 0;
+#endif
FD_ZERO();
FD_ZERO();
@@ -1335,6 +1340,11 @@ int s_client_main(int argc, char **argv)
protocol = IPPROTO_SCTP;
#endif
break;
+case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+sctp_label_bug = 1;
+#endif
+break;
case OPT_TIMEOUT:
#ifndef OPENSSL_NO_DTLS
enable_timeouts = 1;
@@ -1729,6 +1739,11 @@ int s_client_main(int argc, char **argv)
}
}
+#ifndef OPENSSL_NO_SCTP
+if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
diff --git a/apps/s_server.c b/apps/s_server.c
index 8565a3a..fbbfd6c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -751,7 +751,7 @@ typedef enum OPTION_choice {
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
-OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
@@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = {
#endif
#ifndef OPENSSL_NO_SCTP
{"sctp", OPT_SCTP, '-', "Use SCTP"},
+{"sctp_label_bug",
[openssl-commits] [openssl] master update
The branch master has been updated
via a28e4890eed847e6122a1c4d50653566e0813f45 (commit)
via f8f3d624b7c71e8f5acbe373479a5b0f6b73d13f (commit)
from 5dc40a83c74be579575a512b30d9c1e0364e6a7b (commit)
- Log -
commit a28e4890eed847e6122a1c4d50653566e0813f45
Author: Andy Polyakov
Date: Wed Jan 23 14:56:19 2019 +0100
poly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8120)
commit f8f3d624b7c71e8f5acbe373479a5b0f6b73d13f
Author: Andy Polyakov
Date: Wed Jan 23 15:03:23 2019 +0100
perlasm/ppc-xlate.pl: add VSX word load/store instructions.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8120)
---
Summary of changes:
crypto/perlasm/ppc-xlate.pl |2 +
crypto/poly1305/asm/poly1305-ppc.pl | 1552 ---
crypto/ppccap.c | 11 +-
3 files changed, 1454 insertions(+), 111 deletions(-)
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
index 1c972a1..e52f2f6 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -273,6 +273,8 @@ my $mtvrwz = sub {
my ($f, $vrt, $ra) = @_;
" .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1;
};
+my $lvwzx_u= sub { vsxmem_op(@_, 12); }; # lxsiwzx
+my $stvwx_u= sub { vsxmem_op(@_, 140); }; # stxsiwx
# PowerISA 3.0 stuff
my $maddhdu= sub { vfour(@_,49); };
diff --git a/crypto/poly1305/asm/poly1305-ppc.pl
b/crypto/poly1305/asm/poly1305-ppc.pl
index e9118ba..9f15c0d 100755
--- a/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/crypto/poly1305/asm/poly1305-ppc.pl
@@ -8,10 +8,10 @@
#
#
-# Written by Andy Polyakov for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
+# Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL
+# project. The module is dual licensed under OpenSSL and CRYPTOGAMS
+# licenses depending on where you obtain it. For further details see
+# https://github.com/dot-asm/cryptogams/.
#
#
# This module implements Poly1305 hash for PowerPC.
@@ -44,6 +44,13 @@
#
# On side note, Power ISA 2.07 enables vector base 2^26 implementation,
# and POWER8 might have capacity to break 1.0 cycle per byte barrier...
+#
+# January 2019
+#
+# ... Unfortunately not:-( Estimate was a projection of ARM result,
+# but ARM has vector multiply-n-add instruction, while PowerISA does
+# not, not one usable in the context. Improvement is ~40% over -m64
+# result above and is ~1.43 on little-endian systems.
$flavour = shift;
@@ -99,6 +106,7 @@ $code.=<<___;
std r0,0($ctx) # zero hash value
std r0,8($ctx)
std r0,16($ctx)
+ stw r0,24($ctx) # clear is_base2_26
$UCMP $inp,r0
beq-Lno_key
@@ -140,6 +148,7 @@ Lno_key:
.globl .poly1305_blocks
.align 4
.poly1305_blocks:
+Lpoly1305_blocks:
srdi. $len,$len,4
beq-Labort
@@ -238,60 +247,120 @@ Labort:
.long 0
.byte 0,12,4,1,0x80,5,4,0
.size .poly1305_blocks,.-.poly1305_blocks
+___
+{
+my ($h0,$h1,$h2,$h3,$h4,$t0) = map("r$_",(7..12));
+$code.=<<___;
.globl .poly1305_emit
-.align 4
+.align 5
.poly1305_emit:
- ld $h0,0($ctx) # load hash
- ld $h1,8($ctx)
- ld $h2,16($ctx)
- ld $padbit,0($nonce) # load nonce
- ld $nonce,8($nonce)
-
- addic $d0,$h0,5 # compare to modulus
- addze $d1,$h1
- addze $d2,$h2
-
- srdi$mask,$d2,2 # did it carry/borrow?
- neg $mask,$mask
+ lwz $h0,0($ctx) # load hash value base 2^26
+ lwz $h1,4($ctx)
+ lwz $h2,8($ctx)
+ lwz $h3,12($ctx)
+ lwz $h4,16($ctx)
+ lwz r0,24($ctx) # is_base2_26
+
+ sldi$h1,$h1,26 # base 2^26 -> base 2^64
+ sldi$t0,$h2,52
+ srdi$h2,$h2,12
+ sldi$h3,$h3,14
+ add $h0,$h0,$h1
+ addc$h0,$h0,$t0
+ sldi$t0,$h4,40
+ srdi$h4,$h4,24
+ adde$h1,$h2,$h3
+ addc$h1,$h1,$t0
+ addze $h2,$h4
+
+ ld $h3,0($ctx) # load hash value base 2^64
+ ld $h4,8($ctx)
+ ld $t0,16($ctx)
+
+ neg r0,r0
+ xor $h0,$h0,$h3 # choose between radixes
+ xor $h1,$h1,$h4
+
[openssl-commits] [openssl] master update
The branch master has been updated
via 5dc40a83c74be579575a512b30d9c1e0364e6a7b (commit)
from 53649022509129bce8036c8fb4978dbce9432a86 (commit)
- Log -
commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b
Author: Bernd Edlinger
Date: Wed Jan 30 16:20:31 2019 +0100
Fix a crash in reuse of i2d_X509_PUBKEY
If the second PUBKEY is malformed there is use after free.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8122)
---
Summary of changes:
crypto/x509/x_pubkey.c | 1 +
test/evp_extra_test.c | 49 +
2 files changed, 50 insertions(+)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index f980af7..be42684 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
/* Attempt to decode public key and cache in pubkey structure. */
X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
EVP_PKEY_free(pubkey->pkey);
+pubkey->pkey = NULL;
/*
* Opportunistically decode the key but remove any non fatal errors
* from the queue. Subsequent explicit attempts to decode/use the key
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index eefebd5..eac0c43 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -299,6 +299,21 @@ static const unsigned char kExampleECPubKeyDER[] = {
0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
};
+/*
+ * kExampleBadECKeyDER is a sample EC public key with a wrong OID
+ * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
+ */
+static const unsigned char kExampleBadECPubKeyDER[] = {
+0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
+0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
+0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
+0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
+0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
+0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
+};
+
static const unsigned char pExampleECParamDER[] = {
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
@@ -963,6 +978,37 @@ static int test_HKDF(void)
return ret;
}
+#ifndef OPENSSL_NO_EC
+static int test_X509_PUBKEY_inplace(void)
+{
+ int ret = 0;
+ X509_PUBKEY *xp = NULL;
+ const unsigned char *p = kExampleECPubKeyDER;
+ size_t input_len = sizeof(kExampleECPubKeyDER);
+
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, , input_len)))
+goto done;
+
+ if (!TEST_ptr(X509_PUBKEY_get0(xp)))
+goto done;
+
+ p = kExampleBadECPubKeyDER;
+ input_len = sizeof(kExampleBadECPubKeyDER);
+
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(, , input_len)))
+goto done;
+
+ if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
+goto done;
+
+ ret = 1;
+
+done:
+ X509_PUBKEY_free(xp);
+ return ret;
+}
+#endif
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@@ -987,5 +1033,8 @@ int setup_tests(void)
return 0;
ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
ADD_TEST(test_HKDF);
+#ifndef OPENSSL_NO_EC
+ADD_TEST(test_X509_PUBKEY_inplace);
+#endif
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 53649022509129bce8036c8fb4978dbce9432a86 (commit)
from a727627922b8a9ec6628ffaa2054b4b3833d674b (commit)
- Log -
commit 53649022509129bce8036c8fb4978dbce9432a86
Author: Bernd Edlinger
Date: Tue Jan 29 19:51:59 2019 +0100
Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8116)
---
Summary of changes:
crypto/x509/x_x509.c | 23 +++
test/x509aux.c | 9 +
2 files changed, 32 insertions(+)
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 596e1e4..bf0270e 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
switch (operation) {
+case ASN1_OP_D2I_PRE:
+CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, >ex_data);
+X509_CERT_AUX_free(ret->aux);
+ASN1_OCTET_STRING_free(ret->skid);
+AUTHORITY_KEYID_free(ret->akid);
+CRL_DIST_POINTS_free(ret->crldp);
+policy_cache_free(ret->policy_cache);
+GENERAL_NAMES_free(ret->altname);
+NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+/* fall thru */
+
case ASN1_OP_NEW_POST:
+ret->ex_cached = 0;
+ret->ex_kusage = 0;
+ret->ex_xkusage = 0;
+ret->ex_nscert = 0;
ret->ex_flags = 0;
ret->ex_pathlen = -1;
ret->ex_pcpathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
+ret->policy_cache = NULL;
+ret->altname = NULL;
+ret->nc = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
diff --git a/test/x509aux.c b/test/x509aux.c
index a9764ef..4488aa6 100644
--- a/test/x509aux.c
+++ b/test/x509aux.c
@@ -30,6 +30,7 @@ static int test_certs(int num)
typedef int (*i2d_X509_t)(X509 *, unsigned char **);
int err = 0;
BIO *fp = BIO_new_file(test_get_argument(num), "r");
+X509 *reuse = NULL;
if (!TEST_ptr(fp))
return 0;
@@ -91,6 +92,13 @@ static int test_certs(int num)
err = 1;
goto next;
}
+p = buf;
+reuse = d2i(, , enclen);
+if (reuse == NULL || X509_cmp (reuse, cert)) {
+TEST_error("X509_cmp does not work with %s", name);
+err = 1;
+goto next;
+}
OPENSSL_free(buf);
buf = NULL;
@@ -139,6 +147,7 @@ static int test_certs(int num)
OPENSSL_free(data);
}
BIO_free(fp);
+X509_free(reuse);
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
/* Reached end of PEM file */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via a727627922b8a9ec6628ffaa2054b4b3833d674b (commit)
from 62b563b9df161a992fde18a0cb0d1a0969158412 (commit)
- Log -
commit a727627922b8a9ec6628ffaa2054b4b3833d674b
Author: Bernd Edlinger
Date: Tue Jan 29 14:16:28 2019 +0100
Fix a memory leak with di2_X509_CRL reuse
Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.
Fixes #8099
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8112)
---
Summary of changes:
crypto/x509/x_crl.c | 12
test/crltest.c | 15 +++
2 files changed, 27 insertions(+)
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 89e13e8..3984f01 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
int idx;
switch (operation) {
+case ASN1_OP_D2I_PRE:
+if (crl->meth->crl_free) {
+if (!crl->meth->crl_free(crl))
+return 0;
+}
+AUTHORITY_KEYID_free(crl->akid);
+ISSUING_DIST_POINT_free(crl->idp);
+ASN1_INTEGER_free(crl->crl_number);
+ASN1_INTEGER_free(crl->base_crl_number);
+sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+/* fall thru */
+
case ASN1_OP_NEW_POST:
crl->idp = NULL;
crl->akid = NULL;
diff --git a/test/crltest.c b/test/crltest.c
index 3b0fab7..6a2ef4e 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n)
return r;
}
+static int test_reuse_crl(void)
+{
+X509_CRL *reused_crl = CRL_from_strings(kBasicCRL);
+char *p;
+BIO *b = glue2bio(kRevokedCRL, );
+
+reused_crl = PEM_read_bio_X509_CRL(b, _crl, NULL, NULL);
+
+OPENSSL_free(p);
+BIO_free(b);
+X509_CRL_free(reused_crl);
+return 1;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
@@ -368,6 +382,7 @@ int setup_tests(void)
ADD_TEST(test_bad_issuer_crl);
ADD_TEST(test_known_critical_crl);
ADD_ALL_TESTS(test_unknown_critical_crl,
OSSL_NELEM(unknown_critical_crls));
+ADD_TEST(test_reuse_crl);
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 62b563b9df161a992fde18a0cb0d1a0969158412 (commit) from a17089b0d750732d1b9d19ad924b3f8a2d7c3111 (commit) - Log - commit 62b563b9df161a992fde18a0cb0d1a0969158412 Author: Richard Levitte Date: Thu Jan 31 13:42:46 2019 +0100 Better phrasing around 1.1.0 Fixes #8129 Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8130) --- Summary of changes: INSTALL | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/INSTALL b/INSTALL index 2fd2235..1195643 100644 --- a/INSTALL +++ b/INSTALL @@ -973,10 +973,10 @@ * COMPILING existing applications - OpenSSL 1.1.0 hides a number of structures that were previously - open. This includes all internal libssl structures and a number - of EVP types. Accessor functions have been added to allow - controlled access to the structures' data. + Starting with version 1.1.0, OpenSSL hides a number of structures + that were previously open. This includes all internal libssl + structures and a number of EVP types. Accessor functions have + been added to allow controlled access to the structures' data. This means that some software needs to be rewritten to adapt to the new ways of doing things. This often amounts to allocating @@ -1079,7 +1079,7 @@ depend Rebuild the dependencies in the Makefiles. This is a legacy -option that no longer needs to be used in OpenSSL 1.1.0. +option that no longer needs to be used since OpenSSL 1.1.0. install Install all OpenSSL components. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via a17089b0d750732d1b9d19ad924b3f8a2d7c3111 (commit)
via fb3637d9ae260fa49615f4442127473d0ce27ebf (commit)
via da7e31e0c7be390d37b84c6200afd802def700c5 (commit)
via 77adb75e16142cd4da2af8814090a4f2c2bd5aea (commit)
via 77550dbf7af4d31b915d076ee968cfc75e14a411 (commit)
from d1dd5d6f4c2f13478aa45557b4546febd51f0cb3 (commit)
- Log -
commit a17089b0d750732d1b9d19ad924b3f8a2d7c3111
Author: Richard Levitte
Date: Wed Jan 30 19:25:01 2019 +0100
Configure: clean away unused variables and double assignments
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8125)
commit fb3637d9ae260fa49615f4442127473d0ce27ebf
Author: Richard Levitte
Date: Wed Jan 30 19:12:38 2019 +0100
Build: clean away RENAME and SHARED_NAME
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8125)
commit da7e31e0c7be390d37b84c6200afd802def700c5
Author: Richard Levitte
Date: Wed Jan 30 19:10:26 2019 +0100
Build: remove EXTRA
We never used it for anything
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8125)
commit 77adb75e16142cd4da2af8814090a4f2c2bd5aea
Author: Richard Levitte
Date: Wed Jan 30 18:58:01 2019 +0100
Build: Remove BEGINRAW / ENDRAW / OVERRIDE
It was an ugly hack to avoid certain problems that are no more.
Also added GENERATE lines for perlasm scripts that didn't have that
explicitly.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8125)
commit 77550dbf7af4d31b915d076ee968cfc75e14a411
Author: Richard Levitte
Date: Wed Jan 30 18:18:34 2019 +0100
Build cleanup: Remove the VMS hack from test/build.info
There was a hack specifically for VMS, which involved setting a make
variable to indicate that test/libtestutil contains a 'main'.
Instead, we use the new attributes 'has_main' to indicate this, and
let the VMS build file template fend with it appropriately.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8125)
---
Summary of changes:
Configurations/README | 43 -
Configurations/README.design| 11 ---
Configurations/common.tmpl | 4
Configurations/descrip.mms.tmpl | 39 -
Configure | 43 ++---
crypto/aes/build.info | 11 +--
crypto/build.info | 3 ---
crypto/chacha/build.info| 9 ++---
crypto/ec/build.info| 5 -
crypto/modes/build.info | 7 +--
crypto/poly1305/build.info | 7 ++-
crypto/rc4/build.info | 8 ++--
crypto/sha/build.info | 22 +++--
test/build.info | 9 +
14 files changed, 49 insertions(+), 172 deletions(-)
diff --git a/Configurations/README b/Configurations/README
index c1f80fe..1e4d545 100644
--- a/Configurations/README
+++ b/Configurations/README
@@ -413,7 +413,6 @@ variables:
LIBS=libsomething
ENGINES=libeng
SCRIPTS=myhack
-EXTRA=file1 file2
Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions. The build file templates will figure them out.
@@ -486,48 +485,6 @@ be used in that case:
NOTE: GENERATE lines are limited to one command only per GENERATE.
-As a last resort, it's possible to have raw build file lines, between
-BEGINRAW and ENDRAW lines as follows:
-
-BEGINRAW[Makefile(unix)]
-haha.h: {- $builddir -}/Makefile
-echo "/* haha */" > haha.h
-ENDRAW[Makefile(unix)]
-
-The word within square brackets is the build_file configuration item
-or the build_file configuration item followed by the second word in the
-build_scheme configuration item for the configured target within
-parenthesis as shown above. For example, with the following relevant
-configuration items:
-
- build_file => "build.ninja"
- build_scheme => [ "unified", "unix" ]
-
-... these lines will be considered:
-
- BEGINRAW[build.ninja]
- build haha.h: echo "/* haha */" > haha.h
- ENDRAW[build.ninja]
-
- BEGINRAW[build.ninja(unix)]
- build hoho.h: echo "/* hoho */" > hoho.h
- ENDRAW[build.ninja(unix)]
-
-Should it be needed because the recipes within a RAW section might
-clash with those generated by Configure, it's possible to tell it
-not to generate them with the use of OVERRIDES, for example:
-
-SOURCE[libfoo]=foo.c bar.c
-
-OVERRIDES=bar.o
-BEGINRAW[Makefile(unix)]
-bar.o: bar.c
- $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
-ENDRAW[Makefile(unix)]
-
-See the documentation further up for
[openssl-commits] [openssl] master update
The branch master has been updated
via d1dd5d6f4c2f13478aa45557b4546febd51f0cb3 (commit)
from e57120128fa4e2afa4bda5022a77f73a1e3a0b27 (commit)
- Log -
commit d1dd5d6f4c2f13478aa45557b4546febd51f0cb3
Author: Richard Levitte
Date: Thu Jan 31 14:23:22 2019 +0100
VMS: force 'pinshared'
VMS doesn't currently support unloading of shared object, and we need
to reflect that. Without this, the shlibload test fails
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8131)
---
Summary of changes:
Configurations/10-main.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 054e38c..859e3d9 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1724,6 +1724,8 @@ my %targets = (
asflags => sub { vms_info()->{asflags} },
perlasm_scheme => sub { vms_info()->{perlasm_scheme} },
+disable => add('pinshared'),
+
apps_aux_src => "vms_term_sock.c",
apps_init_src=> "vms_decc_init.c",
},
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via e57120128fa4e2afa4bda5022a77f73a1e3a0b27 (commit)
from c4734493d7da404b1747195a805c8d536dbe6910 (commit)
- Log -
commit e57120128fa4e2afa4bda5022a77f73a1e3a0b27
Author: weinholtendian <45032224+weinholtend...@users.noreply.github.com>
Date: Thu Jan 31 15:16:20 2019 +0800
Fix error message for s_server -psk option
Previously if -psk was given a bad key it would print "Not a hex
number 's_server'".
CLA: Trivial
Reviewed-by: Paul Yang
Reviewed-by: Kurt Roeckx
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/8113)
---
Summary of changes:
apps/s_server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 364f76b..8565a3a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1407,7 +1407,7 @@ int s_server_main(int argc, char *argv[])
for (p = psk_key = opt_arg(); *p; p++) {
if (isxdigit(_UC(*p)))
continue;
-BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
break;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c4734493d7da404b1747195a805c8d536dbe6910 (commit) from a97faad76a1be22eadd6c1a39972ad5e095d9e80 (commit) - Log - commit c4734493d7da404b1747195a805c8d536dbe6910 Author: Petr Vorel Date: Wed Jan 30 19:21:42 2019 +0100 Reuse already defined macros instead of duplicity the code. CLA: trivial Signed-off-by: Petr Vorel Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8127) --- Summary of changes: include/openssl/evp.h | 9 ++--- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9f1dbd4..940a4b1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -958,14 +958,9 @@ const EVP_CIPHER *EVP_sm4_ctr(void); | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) # ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() \ -OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -| OPENSSL_INIT_ADD_ALL_DIGESTS \ -| OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() # else -# define OpenSSL_add_all_algorithms() \ -OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() # endif # define OpenSSL_add_all_ciphers() \ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 40b64553f577716cb4898895f5fd4530a6266c75 (commit)
from 522b11e969cbdc82eca369512275f227080a86fa (commit)
- Log -
commit 40b64553f577716cb4898895f5fd4530a6266c75
Author: Matt Caswell
Date: Tue Jan 29 15:04:38 2019 +
Complain if -twopass is used incorrectly
The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.
Fixes #8107
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8114)
---
Summary of changes:
apps/pkcs12.c | 7 +++
doc/man1/pkcs12.pod | 3 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 94d6661..bf22aeb 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
+if (twopass) {
+if (export_cert)
+BIO_printf(bio_err, "Option -twopass cannot be used with
-passout or -password\n");
+else
+BIO_printf(bio_err, "Option -twopass cannot be used with
-passin or -password\n");
+goto end;
+}
} else {
cpass = pass;
mpass = macpass;
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index 67adaa1..b1b6884 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading
the file.
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).
=back
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 522b11e969cbdc82eca369512275f227080a86fa (commit)
from fa6b1ee1115c1e5e3a8286d833dcbaa2c1ce2b77 (commit)
- Log -
commit 522b11e969cbdc82eca369512275f227080a86fa
Author: Matt Caswell
Date: Tue Jan 29 11:41:32 2019 +
Fix no-dso builds
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8111)
---
Summary of changes:
test/recipes/90-test_shlibload.t | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t
index 1f097ed..fee56cd 100644
--- a/test/recipes/90-test_shlibload.t
+++ b/test/recipes/90-test_shlibload.t
@@ -21,6 +21,7 @@ use platform;
plan skip_all => "Test only supported in a shared build" if disabled("shared");
plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|;
+plan skip_all => "Test only supported in a dso build" if disabled("dso");
plan tests => 10;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via fa6b1ee1115c1e5e3a8286d833dcbaa2c1ce2b77 (commit)
from 6e826c471b7f0431391a4e9f9484f6ea2833774a (commit)
- Log -
commit fa6b1ee1115c1e5e3a8286d833dcbaa2c1ce2b77
Author: Matt Caswell
Date: Mon Jan 28 17:17:59 2019 +
Don't leak memory from ERR_add_error_vdata()
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.
Fixes #8085
Reviewed-by: Paul Yang
(Merged from https://github.com/openssl/openssl/pull/8105)
---
Summary of changes:
crypto/err/err.c | 18 +++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 4505479..3aa3dae 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -791,20 +791,31 @@ int ERR_get_next_error_library(void)
return ret;
}
-void ERR_set_error_data(char *data, int flags)
+static int err_set_error_data_int(char *data, int flags)
{
ERR_STATE *es;
int i;
es = ERR_get_state();
if (es == NULL)
-return;
+return 0;
i = es->top;
err_clear_data(es, i);
es->err_data[i] = data;
es->err_data_flags[i] = flags;
+
+return 1;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+/*
+ * This function is void so we cannot propagate the error return. Since it
+ * is also in the public API we can't change the return type.
+ */
+err_set_error_data_int(data, flags);
}
void ERR_add_error_data(int num, ...)
@@ -844,7 +855,8 @@ void ERR_add_error_vdata(int num, va_list args)
}
OPENSSL_strlcat(str, a, (size_t)s + 1);
}
-ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
+if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING))
+OPENSSL_free(str);
}
int ERR_set_mark(void)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 6e826c471b7f0431391a4e9f9484f6ea2833774a (commit)
from e85d19c68e7fb3302410bd72d434793e5c0c23a0 (commit)
- Log -
commit 6e826c471b7f0431391a4e9f9484f6ea2833774a
Author: Richard Levitte
Date: Mon Jan 28 14:53:19 2019 +0100
Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK
It apepars that ANDROID_NDK_HOME is the recommended standard
environment variable for the NDK.
We retain ANDROID_NDK as a fallback.
Fixes #8101
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8103)
---
Summary of changes:
Configurations/15-android.conf | 19 ---
NOTES.ANDROID | 14 +++---
2 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index 10342ed..c94da41 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -22,13 +22,18 @@
return $android_ndk = { bn_ops => "BN_AUTO" };
}
-my $ndk = $ENV{ANDROID_NDK};
-die "\$ANDROID_NDK is not defined" if (!$ndk);
+my $ndk_var;
+my $ndk;
+foreach $ndk_var (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+$ndk = $ENV{$ndk_var};
+last if defined $ndk;
+}
+die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
# $ndk/platforms is traditional "all-inclusive" NDK, while
# $ndk/AndroidVersion.txt is so-called standalone toolchain
# tailored for specific target down to API level.
-die "\$ANDROID_NDK=$ndk is invalid";
+die "\$ANDROID_NDK_HOME=$ndk is invalid";
}
$ndk = canonpath($ndk);
@@ -90,7 +95,7 @@
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
$cflags .= " -target $tridefault "
-. "-gcc-toolchain \$(ANDROID_NDK)/toolchains"
+. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
$user{CROSS_COMPILE} = undef;
@@ -127,13 +132,13 @@
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
-$cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
-$cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
+$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
+$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$android_ndk = {
-cflags => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
+cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot",
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
diff --git a/NOTES.ANDROID b/NOTES.ANDROID
index 6b4741c..eeacdad 100644
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -23,7 +23,7 @@
platform. Though you still need to know the prefix to extend your PATH,
in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
and give you a hint if you get it wrong.) Apart from PATH adjustment
- you need to set ANDROID_NDK environment to point at NDK directory
+ you need to set ANDROID_NDK_HOME environment to point at NDK directory
as /some/where/android-ndk-. Both variables are significant at both
configuration and compilation times. NDK customarily supports multiple
Android API levels, e.g. android-14, android-21, etc. By default latest
@@ -32,13 +32,13 @@
target platform version. For example, to compile for ICS on ARM with
NDK 10d:
-export ANDROID_NDK=/some/where/android-ndk-10d
-
PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
+export ANDROID_NDK_HOME=/some/where/android-ndk-10d
+
PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
make
Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
- variable set to $ANDROID_NDK/platforms/android-/arch- to
+ variable set to $ANDROID_NDK_HOME/platforms/android-/arch- to
appoint headers-n-libraries' location. It's still recognized in order
to facilitate migration from older projects. However, since API level
appears in
[openssl-commits] [openssl] master update
The branch master has been updated
via e85d19c68e7fb3302410bd72d434793e5c0c23a0 (commit)
from 9f5a87fd665cb597fa1c1f4eef882d2d2f833e61 (commit)
- Log -
commit e85d19c68e7fb3302410bd72d434793e5c0c23a0
Author: Antonio Iacono
Date: Wed Dec 12 23:08:49 2018 +0100
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).
This patch adds support for adding ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create
signatures
which comply with legal requirements of some European States (e.g Italy).
Reviewed-by: Richard Levitte
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7893)
---
Summary of changes:
apps/cms.c | 8 +-
crypto/build.info | 2 +-
crypto/cms/cms_err.c | 4 +
crypto/cms/cms_ess.c | 73 +-
crypto/cms/cms_sd.c| 21 +++
crypto/err/err.c | 1 +
crypto/err/err_all.c | 2 +
crypto/err/openssl.ec | 1 +
crypto/err/openssl.txt | 19 ++-
crypto/ess/build.info | 3 +
crypto/ess/ess_asn1.c | 57
crypto/ess/ess_err.c | 53
crypto/ess/ess_lib.c | 269 +
crypto/include/internal/ess_int.h | 78 +++
crypto/ts/ts_asn1.c| 41 --
crypto/ts/ts_err.c | 14 +-
crypto/ts/ts_lcl.h | 61 -
crypto/ts/ts_rsp_sign.c| 250 +-
crypto/ts/ts_rsp_verify.c | 32 +
doc/man1/cms.pod | 41 ++
doc/man3/CMS_add1_signing_cert.pod | 45 +++
include/openssl/cms.h | 6 +-
include/openssl/cmserr.h | 2 +
include/openssl/err.h | 2 +
include/openssl/ess.h | 80 +++
include/openssl/esserr.h | 38 ++
include/openssl/ts.h | 48 +--
include/openssl/tserr.h| 8 +-
test/recipes/80-test_cms.t | 16 +++
util/libcrypto.num | 55
30 files changed, 852 insertions(+), 478 deletions(-)
create mode 100644 crypto/ess/build.info
create mode 100644 crypto/ess/ess_asn1.c
create mode 100644 crypto/ess/ess_err.c
create mode 100644 crypto/ess/ess_lib.c
create mode 100644 crypto/include/internal/ess_int.h
create mode 100644 doc/man3/CMS_add1_signing_cert.pod
create mode 100644 include/openssl/ess.h
create mode 100644 include/openssl/esserr.h
diff --git a/apps/cms.c b/apps/cms.c
index 8402a27..b2037b4 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -65,7 +65,7 @@ struct cms_key_param_st {
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
-OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN,
OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
@@ -102,6 +102,7 @@ const OPTIONS cms_options[] = {
{"sign", OPT_SIGN, '-', "Sign message"},
{"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the
message"},
{"resign", OPT_RESIGN, '-', "Resign a signed message"},
+{"cades", OPT_CADES, '-', "Include signer certificate digest"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
{"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -326,6 +327,9 @@ int cms_main(int argc, char **argv)
case OPT_BINARY:
flags |= CMS_BINARY;
break;
+case OPT_CADES:
+flags |= CMS_CADES;
+break;
case OPT_KEYID:
flags |= CMS_USE_KEYID;
break;
diff --git a/crypto/build.info b/crypto/build.info
index
[openssl-commits] [openssl] master update
The branch master has been updated
via 9f5a87fd665cb597fa1c1f4eef882d2d2f833e61 (commit)
from 61e033308b1c004bd808352fb1d786547dcdf62b (commit)
- Log -
commit 9f5a87fd665cb597fa1c1f4eef882d2d2f833e61
Author: Ping Yu
Date: Mon Nov 5 15:41:01 2018 -0500
add an additional async notification communication method based on callback
Reviewed-by: Matt Caswell
Reviewed-by: Paul Yang
Signed-off-by: Ping Yu
Signed-off-by: Steven Linsell
(Merged from https://github.com/openssl/openssl/pull/7573)
---
Summary of changes:
crypto/async/async_locl.h | 3 ++
crypto/async/async_wait.c | 35 ++
doc/man3/ASYNC_WAIT_CTX_new.pod | 73 ++--
doc/man3/ASYNC_start_job.pod| 36 +++---
doc/man3/SSL_set_async_callback.pod | 96 +
engines/e_dasync.c | 14 ++
include/openssl/async.h | 14 ++
include/openssl/ssl.h | 9
ssl/ssl_lib.c | 48 +++
ssl/ssl_locl.h | 8
test/asynctest.c| 38 +++
util/libcrypto.num | 4 ++
util/libssl.num | 5 ++
util/private.num| 6 +++
14 files changed, 369 insertions(+), 20 deletions(-)
create mode 100644 doc/man3/SSL_set_async_callback.pod
diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h
index 2325ce9..85dfcfa 100644
--- a/crypto/async/async_locl.h
+++ b/crypto/async/async_locl.h
@@ -59,6 +59,9 @@ struct async_wait_ctx_st {
struct fd_lookup_st *fds;
size_t numadd;
size_t numdel;
+ASYNC_callback_fn callback;
+void *callback_arg;
+int status;
};
DEFINE_STACK_OF(ASYNC_JOB)
diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
index 2553298..642b781 100644
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -182,6 +182,41 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const
void *key)
return 0;
}
+int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx,
+ASYNC_callback_fn callback,
+void *callback_arg)
+{
+ if (ctx == NULL)
+ return 0;
+
+ ctx->callback = callback;
+ ctx->callback_arg = callback_arg;
+ return 1;
+}
+
+int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx,
+ASYNC_callback_fn *callback,
+void **callback_arg)
+{
+ if (ctx->callback == NULL)
+ return 0;
+
+ *callback = ctx->callback;
+ *callback_arg = ctx->callback_arg;
+ return 1;
+}
+
+int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status)
+{
+ ctx->status = status;
+ return 1;
+}
+
+int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx)
+{
+ return ctx->status;
+}
+
void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx)
{
struct fd_lookup_st *curr, *prev = NULL;
diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod
index eeb2777..9076be8 100644
--- a/doc/man3/ASYNC_WAIT_CTX_new.pod
+++ b/doc/man3/ASYNC_WAIT_CTX_new.pod
@@ -4,13 +4,22 @@
ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd,
ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
-ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd - functions to manage
-waiting for asynchronous jobs to complete
+ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd,
+ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback,
+ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn,
+ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK,
+ASYNC_STATUS_EAGAIN
+- functions to manage waiting for asynchronous jobs to complete
=head1 SYNOPSIS
#include
+ #define ASYNC_STATUS_UNSUPPORTED0
+ #define ASYNC_STATUS_ERR1
+ #define ASYNC_STATUS_OK 2
+ #define ASYNC_STATUS_EAGAIN 3
+ typedef int (*ASYNC_callback_fn)(void *arg);
ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
@@ -26,6 +35,14 @@ waiting for asynchronous jobs to complete
size_t *numaddfds, OSSL_ASYNC_FD *delfd,
size_t *numdelfds);
int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+ int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx,
+ ASYNC_callback_fn callback,
+ void *callback_arg);
+ int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx,
+ ASYNC_callback_fn *callback,
+ void **callback_arg);
+ int
[openssl-commits] [openssl] master update
The branch master has been updated via 61e033308b1c004bd808352fb1d786547dcdf62b (commit) from 3d43f9c809e42b960be94f2f4490d6d14e063486 (commit) - Log - commit 61e033308b1c004bd808352fb1d786547dcdf62b Author: Michael Richardson Date: Thu Dec 27 13:26:49 2018 -0500 clarify which functions are the CMS functions which must have CMS_PARTIAL set Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7960) --- Summary of changes: doc/man3/CMS_get0_type.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/CMS_get0_type.pod b/doc/man3/CMS_get0_type.pod index bd45e14..986154f 100644 --- a/doc/man3/CMS_get0_type.pod +++ b/doc/man3/CMS_get0_type.pod @@ -20,7 +20,8 @@ an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo -structure. It should be called with CMS functions with the B +structure. It should be called with CMS functions (such as L, L) +with the B flag and B the structure is finalised, otherwise the results are undefined. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3d43f9c809e42b960be94f2f4490d6d14e063486 (commit) from 5478e2100260b8d6f9df77de875f37763d8eeec6 (commit) - Log - commit 3d43f9c809e42b960be94f2f4490d6d14e063486 Author: David Asraf Date: Wed Jan 23 11:10:11 2019 + crypto/bn: fix return value in BN_generate_prime When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8076) --- Summary of changes: crypto/bn/bn_depr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 705ca1e..2ff0eed 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -40,7 +40,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, goto err; /* we have a prime :-) */ -return ret; +return rnd; err: BN_free(rnd); return NULL; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5478e2100260b8d6f9df77de875f37763d8eeec6 (commit)
from d7bcbfd0828616f33008e711eabc6ec00b32e87b (commit)
- Log -
commit 5478e2100260b8d6f9df77de875f37763d8eeec6
Author: Shigeki Ohtsu
Date: Thu Jan 24 22:45:50 2019 +0900
s_client: fix not to send a command letter of R
Before 1.1.0, this command letter is not sent to a server.
CLA: trivial
(cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35)
Reviewed-by: Ben Kaduk
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8081)
---
Summary of changes:
apps/s_client.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 9705c4c..6e06f15 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3083,9 +3083,7 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
-}
-
-if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+ } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
&& cmdletters) {
BIO_printf(bio_err, "KEYUPDATE\n");
SSL_key_update(con,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d7bcbfd0828616f33008e711eabc6ec00b32e87b (commit) from 6638b2214761b5f30300534e0fe522448113c6cf (commit) - Log - commit d7bcbfd0828616f33008e711eabc6ec00b32e87b Author: Tomas Mraz Date: Thu Jan 24 17:58:56 2019 +0100 Remove stray -modulus option from the ec manual page. Reviewed-by: Paul Yang Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8082) --- Summary of changes: doc/man1/ec.pod | 4 1 file changed, 4 deletions(-) diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod index 9d2fc1f..0a1e7af 100644 --- a/doc/man1/ec.pod +++ b/doc/man1/ec.pod @@ -101,10 +101,6 @@ Prints out the public, private key components and parameters. This option prevents output of the encoded version of the key. -=item B<-modulus> - -This option prints out the value of the public key component of the key. - =item B<-pubin> By default, a private key is read from the input file. With this option a _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6638b2214761b5f30300534e0fe522448113c6cf (commit) from 2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb (commit) - Log - commit 6638b2214761b5f30300534e0fe522448113c6cf Author: Matthias Kraft Date: Fri Jan 18 13:09:06 2019 +0100 Add "weak" declarations of symbols used in safestack.h and lhash.h Only for SunCC for now. It turns out that some compilers to generate external variants of unused static inline functions, and if they use other external symbols, those need to be present as well. If you then happen to include one of safestack.h or lhash.h without linking with libcrypto, the build fails. Fixes #6912 Signed-off-by: Matthias Kraft Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8087) --- Summary of changes: include/openssl/lhash.h | 27 ++- include/openssl/safestack.h | 37 - 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index a142ea0..672841d 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -210,6 +210,31 @@ DEFINE_LHASH_OF(OPENSSL_CSTRING); # pragma warning (pop) # endif +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + #ifdef __cplusplus } #endif diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index aad53d1..ba38ff7 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -166,6 +166,41 @@ DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) typedef void *OPENSSL_BLOCK; DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + # ifdef __cplusplus } # endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb (commit) from 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308 (commit) - Log - commit 2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb Author: Dr. Matthias St. Pierre Date: Fri Jan 25 08:40:46 2019 +0100 X509_STORE: fix two misspelled compatibility macros Fixes #8084 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8086) --- Summary of changes: include/openssl/x509_vfy.h | 4 1 file changed, 4 insertions(+) diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 0df8028..e9a70f5 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -366,7 +366,11 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack # define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ # define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308 (commit)
from 0b53fe1cdc24a3dce450e77db6895a0243ddcb26 (commit)
- Log -
commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308
Author: Klotz, Tobias
Date: Thu Dec 20 12:59:31 2018 +0100
Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7569)
---
Summary of changes:
apps/apps.c| 2 +-
apps/ocsp.c| 14 ++
apps/rehash.c | 20
apps/speed.c | 6 +++---
crypto/bio/b_addr.c| 5 +
crypto/rand/rand_unix.c| 21 +
crypto/ui/ui_openssl.c | 6 ++
include/internal/sockets.h | 6 +-
test/ssltestlib.c | 16 +---
9 files changed, 84 insertions(+), 12 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index ed1b618..39535e9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2192,7 +2192,7 @@ double app_tminterval(int stop, int usertime)
return ret;
}
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
# include
double app_tminterval(int stop, int usertime)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index fb0a95b..7c2a904 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -53,6 +53,20 @@ NON_EMPTY_TRANSLATION_UNIT
# define LOG_ERR 2
# endif
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+errno = ENOSYS;
+return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+errno = ENOSYS;
+return (pid_t) -1;
+}
+# endif
/* Maximum leeway in validity period: default 5 minutes */
# define MAX_VALIDITY_PERIOD(5 * 60)
diff --git a/apps/rehash.c b/apps/rehash.c
index 6a641a8..a1fc379 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -51,6 +51,26 @@
# endif
# define MAX_COLLISIONS 256
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+# define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+errno = ENOSYS;
+return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+errno = ENOSYS;
+return -1;
+}
+# endif
+
typedef struct hentry_st {
struct hentry_st *next;
char *filename;
diff --git a/apps/speed.c b/apps/speed.c
index bb8836d..1125f5a 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -100,7 +100,7 @@
#include
#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) ||
defined(OPENSSL_SYS_VXWORKS)
# define HAVE_FORK 0
# else
# define HAVE_FORK 1
@@ -1522,11 +1522,11 @@ int speed_main(int argc, char **argv)
{"nistp192", NID_X9_62_prime192v1, 192},
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
-{"nistp384", NID_secp384r1, 384},
+{"nistp384", NID_secp384r1, 384},
{"nistp521", NID_secp521r1, 521},
/* Binary Curves */
{"nistk163", NID_sect163k1, 163},
-{"nistk233", NID_sect233k1, 233},
+{"nistk233", NID_sect233k1, 233},
{"nistk283", NID_sect283k1, 283},
{"nistk409", NID_sect409k1, 409},
{"nistk571", NID_sect571k1, 571},
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 1484f6a..4be74e4 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service,
int lookup_type,
* anyway [above getaddrinfo/gai_strerror is]. We just let
* system administrator figure this out...
*/
+# if defined(OPENSSL_SYS_VXWORKS)
+/* h_errno doesn't exist on VxWorks */
+SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
#else
SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
#endif
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index f5b9c0c..35777ff 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -93,6 +93,27 @@ static uint64_t get_timer_bits(void);
# error "UEFI and VXWorks only support seeding NONE"
#endif
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+return rand_pool_entropy_available(pool);
+}
+#endif
+
#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
||
[openssl-commits] [openssl] master update
The branch master has been updated
via bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57 (commit)
via 80c455d5ae405e855391e298a2bf8a24629dd95d (commit)
from 5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c (commit)
- Log -
commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57
Author: Matt Caswell
Date: Fri Jan 18 12:10:07 2019 +
Revert "Keep the DTLS timer running after the end of the handshake if
appropriate"
This commit erroneously kept the DTLS timer running after the end of the
handshake. This is not correct behaviour and shold be reverted.
This reverts commit f7506416b1311e65d5c440defdbcfe176f633c50.
Fixes #7998
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8047)
commit 80c455d5ae405e855391e298a2bf8a24629dd95d
Author: Matt Caswell
Date: Fri Jan 18 15:24:57 2019 +
Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8047)
---
Summary of changes:
ssl/record/rec_layer_d1.c | 13 -
ssl/statem/statem_lib.c | 18 --
test/dtlstest.c | 14 +-
test/sslapitest.c | 2 +-
test/ssltestlib.c | 31 ---
test/ssltestlib.h | 3 ++-
6 files changed, 36 insertions(+), 45 deletions(-)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index c8ef0f7..a4b03ce 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf,
&& SSL3_RECORD_get_length(rr) != 0)
s->rlayer.alert_count = 0;
-if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
-&& SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC
-&& !SSL_in_init(s)
-&& (s->d1->next_timeout.tv_sec != 0
-|| s->d1->next_timeout.tv_usec != 0)) {
-/*
- * The timer is still running but we've received something that isn't
- * handshake data - so the peer must have finished processing our
- * last handshake flight. Stop the timer.
- */
-dtls1_stop_timer(s);
-}
-
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 1a9aa41..2f78a3f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1076,15 +1076,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst,
int clearbufs, int stop)
/* N.B. s->ctx may not equal s->session_ctx */
tsan_counter(>ctx->stats.sess_accept_good);
s->handshake_func = ossl_statem_accept;
-
-if (SSL_IS_DTLS(s) && !s->hit) {
-/*
- * We are finishing after the client. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
} else {
if (SSL_IS_TLS13(s)) {
/*
@@ -1106,15 +1097,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst,
int clearbufs, int stop)
s->handshake_func = ossl_statem_connect;
tsan_counter(>session_ctx->stats.sess_connect_good);
-
-if (SSL_IS_DTLS(s) && s->hit) {
-/*
- * We are finishing after the server. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
}
if (SSL_IS_DTLS(s)) {
diff --git a/test/dtlstest.c b/test/dtlstest.c
index 0b04886..d196fb5 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -87,17 +87,21 @@ static int test_dtls_unprocessed(int testidx)
/*
* Inject a dummy record from the next epoch. In test 0, this should never
* get used because
[openssl-commits] [openssl] master update
The branch master has been updated via 0b53fe1cdc24a3dce450e77db6895a0243ddcb26 (commit) from bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57 (commit) - Log - commit 0b53fe1cdc24a3dce450e77db6895a0243ddcb26 Author: Matt Caswell Date: Tue Jan 22 14:27:25 2019 + Fix s_client so that it builds on Windows Fixes #8050 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8065) --- Summary of changes: apps/s_client.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index d788b89..9705c4c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2360,9 +2360,11 @@ int s_client_main(int argc, char **argv) if (proxypass != NULL) l += strlen(proxypass); proxyauth = app_malloc(l + 2, "Proxy auth string"); -snprintf(proxyauth, l + 2, "%s:%s", proxyuser, (proxypass != NULL) ? proxypass : ""); +BIO_snprintf(proxyauth, l + 2, "%s:%s", proxyuser, + (proxypass != NULL) ? proxypass : ""); proxyauthenc = base64encode(proxyauth, strlen(proxyauth)); -BIO_printf(fbio, "Proxy-Authorization: Basic %s\r\n", proxyauthenc); +BIO_printf(fbio, "Proxy-Authorization: Basic %s\r\n", + proxyauthenc); OPENSSL_clear_free(proxyauth, strlen(proxyauth)); OPENSSL_clear_free(proxyauthenc, strlen(proxyauthenc)); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c (commit)
from 13234dd310511ed2ae1832bb643dd298ddfefb0b (commit)
- Log -
commit 5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c
Author: Richard Levitte
Date: Tue Jan 22 15:46:54 2019 +0100
Build: change remaining $unified_info{install} checks to use attributes
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8063)
---
Summary of changes:
Configurations/common.tmpl | 36
Configurations/descrip.mms.tmpl| 12 ++--
Configurations/platform/Unix.pm| 4 +---
Configurations/platform/VMS.pm | 4 +---
Configurations/platform/Windows.pm | 4 +---
5 files changed, 21 insertions(+), 39 deletions(-)
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
index 132852c..53384c7 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -52,18 +52,6 @@
map { $replace{$_} // $_; } @newlist;
}
- # is_installed checks if a given file will be installed (i.e. they are
- # not defined _NO_INST in build.info)
- sub is_installed {
- my $product = shift;
- if (grep { $product eq $_ }
- map { (@{$unified_info{install}->{$_}}) }
- keys %{$unified_info{install}}) {
- return 1;
- }
- return 0;
- }
-
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
@@ -132,14 +120,14 @@
$OUT .= $obj2shlib->(lib => $lib,
attrs => $unified_info{attributes}->{$lib},
objs => $unified_info{shared_sources}->{$lib},
- deps => [ reducedepends(resolvedepends($lib)) ],
- installed => is_installed($lib));
+ deps => [ reducedepends(resolvedepends($lib)) ]);
foreach ((@{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}})) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $unified_info{sources}->{$_}) {
- doobj($_, $lib, intent => "shlib", installed =>
is_installed($lib));
+ doobj($_, $lib, intent => "shlib",
+ attrs => $unified_info{attributes}->{$lib});
} else {
dogenerate($_, undef, undef, intent => "lib");
}
@@ -149,7 +137,8 @@
attrs => $unified_info{attributes}->{$lib},
objs => [ @{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
- doobj($_, $lib, intent => "lib", installed => is_installed($lib));
+ doobj($_, $lib, intent => "lib",
+ attrs => $unified_info{attributes}->{$lib});
}
$cache{$lib} = 1;
}
@@ -163,13 +152,13 @@
$OUT .= obj2dso(lib => $lib,
attrs => $unified_info{attributes}->{$lib},
objs => $unified_info{shared_sources}->{$lib},
- deps => [ resolvedepends($lib) ],
- installed => is_installed($lib));
+ deps => [ resolvedepends($lib) ]);
foreach (@{$unified_info{shared_sources}->{$lib}}) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $unified_info{sources}->{$_}) {
- doobj($_, $lib, intent => "dso", installed => is_installed($lib));
+ doobj($_, $lib, intent => "dso",
+ attrs => $unified_info{attributes}->{$lib});
} else {
dogenerate($_, undef, $lib, intent => "dso");
}
@@ -186,10 +175,10 @@
$OUT .= obj2bin(bin => $bin,
attrs => $unified_info{attributes}->{$bin},
objs => [ @{$unified_info{sources}->{$bin}} ],
- deps => $deps,
- installed => is_installed($bin));
+ deps => $deps);
foreach (@{$unified_info{sources}->{$bin}}) {
- doobj($_, $bin, intent => "bin", installed => is_installed($bin));
+ doobj($_, $bin, intent => "bin",
+ attrs => $unified_info{attributes}->{$bin});
}
$cache{$bin} = 1;
}
@@ -201,8 +190,7 @@
return "" if $cache{$script};
$OUT .= in2script(script => $script,
attrs => $unified_info{attributes}->{$script},
- sources => $unified_info{sources}->{$script},
- installed => is_installed($script));
+ sources =>
[openssl-commits] [openssl] master update
The branch master has been updated
via 13234dd310511ed2ae1832bb643dd298ddfefb0b (commit)
from 5f8257494c72ba4ea2a99d693916798517a610e1 (commit)
- Log -
commit 13234dd310511ed2ae1832bb643dd298ddfefb0b
Author: Richard Levitte
Date: Tue Jan 22 12:17:36 2019 +0100
Rework build: Windows dependency building fix
One variable misssing
Fixes #8060
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8061)
---
Summary of changes:
Configurations/windows-makefile.tmpl | 1 +
1 file changed, 1 insertion(+)
diff --git a/Configurations/windows-makefile.tmpl
b/Configurations/windows-makefile.tmpl
index 872ef4b..0cd1e86 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -613,6 +613,7 @@ $res: $deps
EOF
}
my $obj = platform->obj($args{obj});
+ my $dep = platform->dep($args{obj});
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj: $deps
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5f8257494c72ba4ea2a99d693916798517a610e1 (commit)
via 994e86a9ffd4195f08a7b0ce61bf001e3bebf891 (commit)
via ac6bba6f6ea328ba22425d6f3f95847452193293 (commit)
via c91f24d4cca5862f11876457e0ffb6dd54814814 (commit)
via 5d3af25934dc5a6850004d6e58af6a89df97e927 (commit)
from 52bcd4afc84d75f9d22866a3cefaf9ae4e9ff997 (commit)
- Log -
commit 5f8257494c72ba4ea2a99d693916798517a610e1
Author: Richard Levitte
Date: Wed Nov 7 11:10:50 2018 +0100
Build: pass attributes down to make rule generators
For good measure, we pass down attributes when calling obj2shlib,
obj2lib, obj2dso, obj2bin, or in2script. We currently don't use them
in our build file templates, but might as well for future use.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7581)
commit 994e86a9ffd4195f08a7b0ce61bf001e3bebf891
Author: Richard Levitte
Date: Wed Nov 7 11:05:17 2018 +0100
Build: use attributes to indicate installed script classes
We have two classes of scripts to be installed, those that are
installed as "normal" programs, and those that are installed as "misc"
scripts. These classes are installed in different locations, so the
build file templates must pay attention.
Because we didn't have the tools to indicate what scripts go where, we
had these scripts hard coded in the build template files, with the
maintenance issues that may cause. Now that we have attributes, those
can be used to classify the installed scripts, and have the build file
templates simply check the attributes to know what's what.
Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and
'tsget', which is done by installing a symbolic link (or copy). This
link name is now given through an attribute, which results in even
less hard coding in the Unix Makefile template.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7581)
commit ac6bba6f6ea328ba22425d6f3f95847452193293
Author: Richard Levitte
Date: Wed Nov 7 11:02:06 2018 +0100
Build: Change all _NO_INST to use attributes instead.
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST
and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and
SCRIPTS with the associated attribute 'noinst'.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7581)
commit c91f24d4cca5862f11876457e0ffb6dd54814814
Author: Richard Levitte
Date: Wed Nov 7 10:44:05 2018 +0100
Configure: add attributes to end product build.info variables
Among others, this avoids having special variables like
PROGRAMS_NO_INST. Instead, we can have something like this:
PROGRAMS{noinst}=foo bar
Configure itself is entirely agnostic to these attributes, they are
simply passed to the build file templates, to be used as they see fit.
Attributes can also have values, for example:
SCRIPTS{linkname=foo}=foo.pl
This could help indicate to build file templates that care that the
perl script 'foo.pl' should also exist with the name 'foo', preferably
as a symbolic link.
Fixes #7568
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7581)
commit 5d3af25934dc5a6850004d6e58af6a89df97e927
Author: Richard Levitte
Date: Wed Nov 7 10:34:05 2018 +0100
Configure: teach the tokenizer to handle other separators than spaces
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7581)
---
Summary of changes:
Configurations/common.tmpl | 5 +
Configurations/descrip.mms.tmpl | 32 --
Configurations/unix-Makefile.tmpl| 53 ++---
Configurations/windows-makefile.tmpl | 63 ---
Configure| 203 ---
apps/build.info | 7 +-
engines/build.info | 2 +-
fuzz/build.info | 12 +--
test/build.info | 34 +++---
test/ossl_shim/build.info| 2 +-
util/build.info | 4 +-
11 files changed, 266 insertions(+), 151 deletions(-)
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
index 9e07a6f..132852c 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -130,6 +130,7 @@
unless ($disabled{shared} || $lib =~ /\.a$/) {
my $obj2shlib = defined ? \ : \
$OUT .= $obj2shlib->(lib => $lib,
+ attrs => $unified_info{attributes}->{$lib},
objs => $unified_info{shared_sources}->{$lib},
[openssl-commits] [openssl] master update
The branch master has been updated via 52bcd4afc84d75f9d22866a3cefaf9ae4e9ff997 (commit) from f5fb6f0543cafd3db6671cfb987bf475a35f30f6 (commit) - Log - commit 52bcd4afc84d75f9d22866a3cefaf9ae4e9ff997 Author: Matt Eaton Date: Mon Jan 21 20:14:34 2019 -0600 Update NOTES.ANDROID Minor typo fix to `adjustment` in the line: "In such case you have to pass matching target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment becomes simpler, $ANDROID_NDK/bin:$PATH suffices." Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8054) --- Summary of changes: NOTES.ANDROID | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTES.ANDROID b/NOTES.ANDROID index bbbd8e4..6b4741c 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -54,7 +54,7 @@ Another option is to create so called "standalone toolchain" tailored for single specific platform including Android API level, and assign its location to ANDROID_NDK. In such case you have to pass matching target - name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjusment + name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment becomes simpler, $ANDROID_NDK/bin:$PATH suffices. Running tests (on Linux) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f5fb6f0543cafd3db6671cfb987bf475a35f30f6 (commit)
via 9afc2b92fe6725336f9c7d917deb5ca8c5e4011b (commit)
via 9dd4ed28eb5972f62723985429b57f42eefda124 (commit)
via c162a8c344f12b2e0e788920358f51181ddf168f (commit)
via 957689611b355f3514bd9051829f3a9a0d9d4517 (commit)
via d7e4932eaf53a82a2606a73282d9c8a242c1a39d (commit)
from ac454d8d4663e2fcf8a8437fab8aefd883091c37 (commit)
- Log -
commit f5fb6f0543cafd3db6671cfb987bf475a35f30f6
Author: Richard Levitte
Date: Tue Oct 23 15:45:24 2018 +0200
Rework building: Get rid of old %unified_info structures
Now that we have the names of libraries on different systems
established through platform modules, we can remove the old structure
to establish the same thing, i.e. $unified_info{sharednames} and
$unified_info{rename}. That means removing support for the RENAME and
SHARED_NAME keywords in build.info as well.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7473)
commit 9afc2b92fe6725336f9c7d917deb5ca8c5e4011b
Author: Richard Levitte
Date: Tue Oct 23 15:42:46 2018 +0200
Rework building: adapt some scripts
The platform module collection is made in such a way that any Perl
script that wants to take part of the available information can use
them just as well as the build system.
This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl,
and util/shlib_wrap.sh.in
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7473)
commit 9dd4ed28eb5972f62723985429b57f42eefda124
Author: Richard Levitte
Date: Tue Oct 23 15:09:57 2018 +0200
Rework building: Unix changes to handle extensions and product names
Add platform::Unix, which is a generic Unix module to support product
name and extensions functionlity. However, this isn't quite enough,
as mingw and Cygwin builds are done using the same templates, but
since shared libraries work as on Windows and are named accordingly,
platform::mingw and platform::Cygwin were also added to provide the
necessary tweaks.
This reworks Configurations/unix-Makefile.tmpl to work out product
names in platform::Unix et al terms. In this one, we currently do
care about the *_extension config attributes, and the modules adapt
accordingly where it matters.
This change also affected crypto/include/internal/dso_conf.h.in, since
the DSO extension is meant to be the same as the short shared library
extension, which isn't '.so' everywhere.
'shared_extension' attributes that had the value
'.so.\$(SHLIB_VERSION_NUMBER)' are removed, platform::Unix provides
an extension where the shared library version number is hard-coded
instead.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7473)
commit c162a8c344f12b2e0e788920358f51181ddf168f
Author: Richard Levitte
Date: Tue Oct 23 15:00:36 2018 +0200
Rework building: VMS changes to handle extensions and product names
Add platform::VMS, which is a generic VMS module. Additional modules
to support specific building aspects (such as specific compilers) may
be added later, but since we currently work on file names and those
are generic enough, this is also enough.
This reworks Configurations/descrip.mms.tmpl to work out product names
in platform::VMS terms. Something to be noted is that the new
functionality ignores the *_extension config attributes, as they were
never used. VMS is very consistent in its use of extensions, so there
is no reason to believe much will change in this respect.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7473)
commit 957689611b355f3514bd9051829f3a9a0d9d4517
Author: Richard Levitte
Date: Tue Oct 23 14:36:23 2018 +0200
Rework building: Windows changes to handle extensions and product names
Add platform::Windows, which is a generic Windows module, and
platform::Windows::MSVC, which is a module specifically for MS Visual
C.
This reworks Configurations/windows-makeffile.tmpl to work out product
names in platform::Windows. Something to be noted is that the new
functionality ignores the *_extension config attributes, as they were
never used.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7473)
commit d7e4932eaf53a82a2606a73282d9c8a242c1a39d
Author: Richard Levitte
Date: Tue Oct 23 14:14:48 2018 +0200
Rework building: initial changes
This is the start of a major work to correct some quirks in the
[openssl-commits] [openssl] master update
The branch master has been updated via ac454d8d4663e2fcf8a8437fab8aefd883091c37 (commit) from c8f370485c43729db44b680e41e875ddd7f3108c (commit) - Log - commit ac454d8d4663e2fcf8a8437fab8aefd883091c37 Author: Bernd Edlinger Date: Fri Sep 21 09:05:16 2018 +0200 Make ca command silently use default if .attr file does not exist Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7286) --- Summary of changes: apps/apps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 67d28ee..ed1b618 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1557,7 +1557,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) #else BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); #endif -dbattr_conf = app_load_config(buf); +dbattr_conf = app_load_config_quiet(buf); retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via c8f370485c43729db44b680e41e875ddd7f3108c (commit)
from 11642f35531e6afc5d6c4135c5e2ea6057e0e39a (commit)
- Log -
commit c8f370485c43729db44b680e41e875ddd7f3108c
Author: Bernd Edlinger
Date: Thu Jan 17 15:15:57 2019 +0100
PPC: Try out if mftb works before using it
If this fails try out if mfspr268 works.
Use OPENSSL_ppccap=0x20 for enabling mftb,
OPENSSL_ppccap=0x40 for enabling mfspr268,
and OPENSSL_ppccap=0 for enabling neither.
Fixes #8012
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8043)
---
Summary of changes:
crypto/cryptlib.c | 10
crypto/ppc_arch.h | 2 +
crypto/ppccap.c | 55 ++--
crypto/ppccpuid.pl | 123
include/internal/cryptlib.h | 2 +
5 files changed, 167 insertions(+), 25 deletions(-)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 9cf264b..9018358 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -460,4 +460,14 @@ uint32_t OPENSSL_rdtsc(void)
{
return 0;
}
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+return 0;
+}
#endif
diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h
index f235358..ce98f5b 100644
--- a/crypto/ppc_arch.h
+++ b/crypto/ppc_arch.h
@@ -22,5 +22,7 @@ extern unsigned int OPENSSL_ppccap_P;
# define PPC_CRYPTO207 (1<<2)
# define PPC_FPU (1<<3)
# define PPC_MADD300 (1<<4)
+# define PPC_MFTB(1<<5)
+# define PPC_MFSPR268(1<<6)
#endif
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index e50f757..70829e4 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -168,6 +168,45 @@ void OPENSSL_altivec_probe(void);
void OPENSSL_crypto207_probe(void);
void OPENSSL_madd300_probe(void);
+long OPENSSL_rdtsc_mftb(void);
+long OPENSSL_rdtsc_mfspr268(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+if (OPENSSL_ppccap_P & PPC_MFTB)
+return OPENSSL_rdtsc_mftb();
+else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+return OPENSSL_rdtsc_mfspr268();
+else
+return 0;
+}
+
+size_t OPENSSL_instrument_bus_mftb(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus_mfspr268(unsigned int *, size_t);
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+if (OPENSSL_ppccap_P & PPC_MFTB)
+return OPENSSL_instrument_bus_mftb(out, cnt);
+else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+return OPENSSL_instrument_bus_mfspr268(out, cnt);
+else
+return 0;
+}
+
+size_t OPENSSL_instrument_bus2_mftb(unsigned int *, size_t, size_t);
+size_t OPENSSL_instrument_bus2_mfspr268(unsigned int *, size_t, size_t);
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+if (OPENSSL_ppccap_P & PPC_MFTB)
+return OPENSSL_instrument_bus2_mftb(out, cnt, max);
+else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+return OPENSSL_instrument_bus2_mfspr268(out, cnt, max);
+else
+return 0;
+}
+
#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
# if __GLIBC_PREREQ(2, 16)
# include
@@ -300,8 +339,6 @@ void OPENSSL_cpuid_setup(void)
if (hwcap & HWCAP_ARCH_3_00) {
OPENSSL_ppccap_P |= PPC_MADD300;
}
-
-return;
}
#endif
@@ -322,15 +359,16 @@ void OPENSSL_cpuid_setup(void)
sigprocmask(SIG_SETMASK, _act.sa_mask, );
sigaction(SIGILL, _act, _oact);
+#ifndef OSSL_IMPLEMENT_GETAUXVAL
if (sigsetjmp(ill_jmp,1) == 0) {
OPENSSL_fpu_probe();
OPENSSL_ppccap_P |= PPC_FPU;
if (sizeof(size_t) == 4) {
-#ifdef __linux
+# ifdef __linux
struct utsname uts;
if (uname() == 0 && strcmp(uts.machine, "ppc64") == 0)
-#endif
+# endif
if (sigsetjmp(ill_jmp, 1) == 0) {
OPENSSL_ppc64_probe();
OPENSSL_ppccap_P |= PPC_FPU64;
@@ -355,6 +393,15 @@ void OPENSSL_cpuid_setup(void)
OPENSSL_madd300_probe();
OPENSSL_ppccap_P |= PPC_MADD300;
}
+#endif
+
+if (sigsetjmp(ill_jmp, 1) == 0) {
+OPENSSL_rdtsc_mftb();
+OPENSSL_ppccap_P |= PPC_MFTB;
+} else if (sigsetjmp(ill_jmp, 1) == 0) {
+OPENSSL_rdtsc_mfspr268();
+OPENSSL_ppccap_P |= PPC_MFSPR268;
+}
sigaction(SIGILL, _oact, NULL);
sigprocmask(SIG_SETMASK, , NULL);
diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
index b1241a7..0c1e124 100755
--- a/crypto/ppccpuid.pl
+++ b/crypto/ppccpuid.pl
@@ -124,26 +124,23 @@ Ladd: lwarx r5,0,r3
.long 0
.size .OPENSSL_atomic_add,.-.OPENSSL_atomic_add
-.globl .OPENSSL_rdtsc
+.globl .OPENSSL_rdtsc_mftb
.align 4
-.OPENSSL_rdtsc:
-___
[openssl-commits] [openssl] master update
The branch master has been updated via 11642f35531e6afc5d6c4135c5e2ea6057e0e39a (commit) via a4abcaeab8b0e1b01f76cddda70a437991c1ff57 (commit) from c6048af23c577bcf85f15122dd03b65f959c9ecb (commit) - Log - commit 11642f35531e6afc5d6c4135c5e2ea6057e0e39a Author: David von Oheimb Date: Thu Jan 17 14:52:18 2019 +0100 update Copyright date Reviewed-by: Kurt Roeckx Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8036) commit a4abcaeab8b0e1b01f76cddda70a437991c1ff57 Author: David von Oheimb Date: Wed Jan 16 15:38:34 2019 +0100 add 'L' after _OPENSSL_VERSION_PRE_RELEASE literals, fixes #8021 Reviewed-by: Kurt Roeckx Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8036) --- Summary of changes: include/openssl/opensslv.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 08d9075..73e64a7 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -126,9 +126,9 @@ const char *OPENSSL_version_build_metadata(void); # if !OPENSSL_API_4 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0 +# define _OPENSSL_VERSION_PRE_RELEASE 0x0L # else -# define _OPENSSL_VERSION_PRE_RELEASE 0xf +# define _OPENSSL_VERSION_PRE_RELEASE 0xfL # endif # define OPENSSL_VERSION_NUMBER\ ( (OPENSSL_VERSION_MAJOR<<28) \ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via c6048af23c577bcf85f15122dd03b65f959c9ecb (commit)
from 37842dfaebcf28b4ca452c6abd93ebde1b4aa6dc (commit)
- Log -
commit c6048af23c577bcf85f15122dd03b65f959c9ecb
Author: Corey Minyard
Date: Mon Jan 21 17:47:02 2019 +1000
Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.
The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.
The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.
Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.
Signed-off-by: Corey Minyard
Reviewed-by: Bernd Edlinger
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8051)
---
Summary of changes:
crypto/bio/bss_mem.c | 24 ++
test/bio_memleak_test.c| 54 ++
test/build.info| 6 ++-
.../{04-test_err.t => 90-test_bio_memleak.t} | 4 +-
4 files changed, 75 insertions(+), 13 deletions(-)
create mode 100644 test/bio_memleak_test.c
copy test/recipes/{04-test_err.t => 90-test_bio_memleak.t} (70%)
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index ee9ea91..89c54b2 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -20,7 +20,7 @@ static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int mem_new(BIO *h);
static int secmem_new(BIO *h);
static int mem_free(BIO *data);
-static int mem_buf_free(BIO *data, int free_all);
+static int mem_buf_free(BIO *data);
static int mem_buf_sync(BIO *h);
static const BIO_METHOD mem_method = {
@@ -140,10 +140,20 @@ static int secmem_new(BIO *bi)
static int mem_free(BIO *a)
{
-return mem_buf_free(a, 1);
+BIO_BUF_MEM *bb;
+
+if (a == NULL)
+return 0;
+
+bb = (BIO_BUF_MEM *)a->ptr;
+if (!mem_buf_free(a))
+return 0;
+OPENSSL_free(bb->readp);
+OPENSSL_free(bb);
+return 1;
}
-static int mem_buf_free(BIO *a, int free_all)
+static int mem_buf_free(BIO *a)
{
if (a == NULL)
return 0;
@@ -155,11 +165,6 @@ static int mem_buf_free(BIO *a, int free_all)
if (a->flags & BIO_FLAGS_MEM_RDONLY)
b->data = NULL;
BUF_MEM_free(b);
-if (free_all) {
-OPENSSL_free(bb->readp);
-OPENSSL_free(bb);
-}
-a->ptr = NULL;
}
return 1;
}
@@ -266,11 +271,10 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
}
break;
case BIO_C_SET_BUF_MEM:
-mem_buf_free(b, 0);
+mem_buf_free(b);
b->shutdown = (int)num;
bbm->buf = ptr;
*bbm->readp = *bbm->buf;
-b->ptr = bbm;
break;
case BIO_C_GET_BUF_MEM_PTR:
if (ptr != NULL) {
diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c
new file mode 100644
index 000..36680e3
--- /dev/null
+++ b/test/bio_memleak_test.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include
+#include
+#include
+#include
+
+#include "testutil.h"
+
+static int test_bio_memleak(void)
+{
+int ok = 0;
+BIO *bio;
+BUF_MEM bufmem;
+const char *str = "BIO test\n";
+char buf[100];
+
+bio = BIO_new(BIO_s_mem());
+if (bio == NULL)
+goto finish;
+bufmem.length = strlen(str) + 1;
+bufmem.data = (char *) str;
+bufmem.max = bufmem.length;
+BIO_set_mem_buf(bio, , BIO_NOCLOSE);
+BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY);
+
+if (BIO_read(bio, buf, sizeof(buf)) <= 0)
+ goto finish;
+
+ok = strcmp(buf, str) == 0;
+
+finish:
+BIO_free(bio);
+return ok;
+}
+
+int global_init(void)
+{
+CRYPTO_set_mem_debug(1);
+CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+return 1;
+}
+
+int setup_tests(void)
+{
+ADD_TEST(test_bio_memleak);
+return 1;
+}
diff --git a/test/build.info b/test/build.info
index 962af11..2e17a5f 100644
--- a/test/build.info
+++ b/test/build.info
@@ -42,7 +42,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=main
packettest asynctest secmemtest srptest memleaktest stack_test \
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
ssl_test_ctx_test ssl_test x509aux
[openssl-commits] [openssl] master update
The branch master has been updated
via 69738dadcda1b242a0b5e41d5d2fe4be3f55a448 (commit)
from 3afd537a3c2319f68280804004e9bf2e798a43f7 (commit)
- Log -
commit 69738dadcda1b242a0b5e41d5d2fe4be3f55a448
Author: Marc <34656315+marct...@users.noreply.github.com>
Date: Thu Jan 3 00:32:00 2019 +
s_client: Add basic proxy authentication support
1) Add two new flags (-proxy_user & -proxy_pass) to s_client to add support
for basic (base64) proxy authentication.
2) Add a "Proxy-Connection: Keep-Alive" HTTP header which is a workaround
for some broken proxies which otherwise close the connection when entering
tunnel mode (eg Squid 2.6).
Reviewed-by: Paul Dale
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7975)
---
Summary of changes:
apps/s_client.c | 81 +++
doc/man1/s_client.pod | 17 +++
2 files changed, 93 insertions(+), 5 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 51001d5..d788b89 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full);
static int ocsp_resp_cb(SSL *s, void *arg);
#endif
static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static char *base64encode (const void *buf, size_t len);
static int saved_errno;
@@ -590,7 +591,8 @@ typedef enum OPTION_choice {
OPT_V_ENUM,
OPT_X_ENUM,
OPT_S_ENUM,
-OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN,
+OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_PROXY_USER, OPT_PROXY_PASS,
+OPT_DANE_TLSA_DOMAIN,
#ifndef OPENSSL_NO_CT
OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
#endif
@@ -608,6 +610,8 @@ const OPTIONS s_client_options[] = {
{"bind", OPT_BIND, 's', "bind local address for connection"},
{"proxy", OPT_PROXY, 's',
"Connect to via specified proxy to the real server"},
+{"proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication"},
+{"proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password
source"},
#ifdef AF_UNIX
{"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
#endif
@@ -894,8 +898,10 @@ int s_client_main(int argc, char **argv)
STACK_OF(X509_CRL) *crls = NULL;
const SSL_METHOD *meth = TLS_client_method();
const char *CApath = NULL, *CAfile = NULL;
-char *cbuf = NULL, *sbuf = NULL;
-char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL, *bindstr = NULL;
+char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
+char *proxystr = NULL, *proxyuser = NULL;
+char *proxypassarg = NULL, *proxypass = NULL;
+char *connectstr = NULL, *bindstr = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
char *port = OPENSSL_strdup(PORT);
@@ -1075,6 +1081,12 @@ int s_client_main(int argc, char **argv)
proxystr = opt_arg();
starttls_proto = PROTO_CONNECT;
break;
+case OPT_PROXY_USER:
+proxyuser = opt_arg();
+break;
+case OPT_PROXY_PASS:
+proxypassarg = opt_arg();
+break;
#ifdef AF_UNIX
case OPT_UNIX:
connect_type = use_unix;
@@ -1619,7 +1631,17 @@ int s_client_main(int argc, char **argv)
#endif
if (!app_passwd(passarg, NULL, , NULL)) {
-BIO_printf(bio_err, "Error getting password\n");
+BIO_printf(bio_err, "Error getting private key password\n");
+goto end;
+}
+
+if (!app_passwd(proxypassarg, NULL, , NULL)) {
+BIO_printf(bio_err, "Error getting proxy password\n");
+goto end;
+}
+
+if (proxypass != NULL && proxyuser == NULL) {
+BIO_printf(bio_err, "Error: Must specify proxy_user with
proxy_pass\n");
goto end;
}
@@ -2322,7 +2344,31 @@ int s_client_main(int argc, char **argv)
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
-BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);
+BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n", connectstr);
+/*
+ * Workaround for broken proxies which would otherwise close
+ * the connection when entering tunnel mode (eg Squid 2.6)
+ */
+BIO_printf(fbio, "Proxy-Connection: Keep-Alive\r\n");
+
+/* Support for basic (base64) proxy authentication */
+if (proxyuser != NULL) {
+size_t l;
+char *proxyauth, *proxyauthenc;
+
+l = strlen(proxyuser);
+if (proxypass != NULL)
+l += strlen(proxypass);
+proxyauth = app_malloc(l + 2, "Proxy auth string");
+snprintf(proxyauth, l
[openssl-commits] [openssl] master update
The branch master has been updated via 37842dfaebcf28b4ca452c6abd93ebde1b4aa6dc (commit) from 69738dadcda1b242a0b5e41d5d2fe4be3f55a448 (commit) - Log - commit 37842dfaebcf28b4ca452c6abd93ebde1b4aa6dc Author: Antoine Salon Date: Fri Dec 14 12:47:07 2018 -0800 Add missing EVP_MD documentation Signed-off-by: Antoine Salon Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7905) --- Summary of changes: doc/man3/EVP_DigestInit.pod | 88 +--- doc/man3/EVP_MD_meth_new.pod | 21 --- 2 files changed, 91 insertions(+), 18 deletions(-) diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index f7ecda5..37cdb27 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -2,17 +2,17 @@ =head1 NAME -EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, -EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, -EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, +EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, -EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, -EVP_get_digestbyname, EVP_get_digestbynid, -EVP_get_digestbyobj, -EVP_MD_CTX_set_pkey_ctx - EVP digest routines +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines =head1 SYNOPSIS @@ -26,6 +26,8 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + int EVP_Digest(const void *data, size_t count, unsigned char *md, +unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); @@ -42,12 +44,18 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); + unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); + void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update)(EVP_MD_CTX *ctx, + const void *data, size_t count)); const EVP_MD *EVP_md_null(void); @@ -55,6 +63,7 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines const EVP_MD *EVP_get_digestbynid(int type); const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); + EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); =head1 DESCRIPTION @@ -79,12 +88,24 @@ Cleans up digest context B and frees up the space allocated to it. =item EVP_MD_CTX_ctrl() -Performs digest-specific control actions on context B. +Performs digest-specific control actions on context B. The control command +is indicated in B and any additional arguments in B and B. +EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions +may apply depending on the control type and digest implementation. +See L below for more information. =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() Sets, clears and tests B flags. See L below for more information. +=item EVP_Digest() + +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes B bytes of data at B using a digest B from ENGINE +B. The digest value is placed in B and its length is written at B +if the pointer is not NULL. At most B bytes will be written. +If B is NULL the default implementation of digest B is used. + =item EVP_DigestInit_ex() Sets up digest context B to use a
[openssl-commits] [openssl] master update
The branch master has been updated
via 3afd537a3c2319f68280804004e9bf2e798a43f7 (commit)
from 9b10986d7742a5105ac8c5f4eba8b103caf57ae9 (commit)
- Log -
commit 3afd537a3c2319f68280804004e9bf2e798a43f7
Author: David Benjamin
Date: Tue Sep 11 13:49:28 2018 -0700
Reduce inputs before the RSAZ code.
The RSAZ code requires the input be fully-reduced. To be consistent with the
other codepaths, move the BN_nnmod logic before the RSAZ check.
This fixes an oft-reported fuzzer bug.
https://github.com/google/oss-fuzz/issues/1761
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7187)
---
Summary of changes:
crypto/bn/bn_exp.c | 64 --
test/bntest.c | 25 +
2 files changed, 58 insertions(+), 31 deletions(-)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 83b0e5a..9ea120b 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -648,34 +648,41 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM
*a, const BIGNUM *p,
goto err;
}
+if (a->neg || BN_ucmp(a, m) >= 0) {
+BIGNUM *reduced = BN_CTX_get(ctx);
+if (reduced == NULL
+|| !BN_nnmod(reduced, a, m, ctx)) {
+goto err;
+}
+a = reduced;
+}
+
#ifdef RSAZ_ENABLED
-if (!a->neg) {
-/*
- * If the size of the operands allow it, perform the optimized
- * RSAZ exponentiation. For further information see
- * crypto/bn/rsaz_exp.c and accompanying assembly modules.
- */
-if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
-&& rsaz_avx2_eligible()) {
-if (NULL == bn_wexpand(rr, 16))
-goto err;
-RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
- mont->n0[0]);
-rr->top = 16;
-rr->neg = 0;
-bn_correct_top(rr);
-ret = 1;
+/*
+ * If the size of the operands allow it, perform the optimized
+ * RSAZ exponentiation. For further information see
+ * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+ */
+if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+&& rsaz_avx2_eligible()) {
+if (NULL == bn_wexpand(rr, 16))
goto err;
-} else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
-if (NULL == bn_wexpand(rr, 8))
-goto err;
-RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
-rr->top = 8;
-rr->neg = 0;
-bn_correct_top(rr);
-ret = 1;
+RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+ mont->n0[0]);
+rr->top = 16;
+rr->neg = 0;
+bn_correct_top(rr);
+ret = 1;
+goto err;
+} else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+if (NULL == bn_wexpand(rr, 8))
goto err;
-}
+RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+rr->top = 8;
+rr->neg = 0;
+bn_correct_top(rr);
+ret = 1;
+goto err;
}
#endif
@@ -747,12 +754,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a,
const BIGNUM *p,
goto err;
/* prepare a^1 in Montgomery domain */
-if (a->neg || BN_ucmp(a, m) >= 0) {
-if (!BN_nnmod(, a, m, ctx))
-goto err;
-if (!bn_to_mont_fixed_top(, , mont, ctx))
-goto err;
-} else if (!bn_to_mont_fixed_top(, a, mont, ctx))
+if (!bn_to_mont_fixed_top(, a, mont, ctx))
goto err;
#if defined(SPARC_T4_MONT)
diff --git a/test/bntest.c b/test/bntest.c
index e760c64..d042a3e 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -519,6 +519,31 @@ static int test_modexp_mont5(void)
if (!TEST_BN_eq(c, d))
goto err;
+/*
+ * rsaz_1024_mul_avx2 expects fully-reduced inputs.
+ * BN_mod_exp_mont_consttime should reduce the input first.
+ */
+BN_hex2bn(,
+""
+""
+""
+"2020202020DF");
+BN_hex2bn(,
+"1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D"
+"9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB"
+"B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38"
+"E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E");
+BN_hex2bn(,
+
[openssl-commits] [openssl] master update
The branch master has been updated
via 9b10986d7742a5105ac8c5f4eba8b103caf57ae9 (commit)
from 807989df56988da92560bce4706d91d7c1371783 (commit)
- Log -
commit 9b10986d7742a5105ac8c5f4eba8b103caf57ae9
Author: Richard Levitte
Date: Wed Jan 16 21:54:48 2019 +0100
apps/verify.c: Change an old comment to clarify what the callback does
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/7922)
---
Summary of changes:
apps/verify.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/apps/verify.c b/apps/verify.c
index 3768fed..2f66912 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx)
cert_error,
X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error));
+
+/*
+ * Pretend that some errors are ok, so they don't stop further
+ * processing of the certificate chain. Setting ok = 1 does this.
+ * After X509_verify_cert() is done, we verify that there were
+ * no actual errors, even if the returned value was positive.
+ */
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(ctx);
/* fall thru */
case X509_V_ERR_CERT_HAS_EXPIRED:
-
-/*
- * since we are just checking the certificates, it is ok if they
- * are self signed. But we should still warn the user.
- */
+/* Continue even if the leaf is a self signed cert */
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
case X509_V_ERR_INVALID_CA:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 807989df56988da92560bce4706d91d7c1371783 (commit)
from 5f40dd158cbfa0a3bd86c32f7a77fec8754bb245 (commit)
- Log -
commit 807989df56988da92560bce4706d91d7c1371783
Author: Richard Levitte
Date: Wed Dec 12 22:37:37 2018 +0100
crypto/bio/b_dump.c: change all char* to void*, and constify
Some of these functions take char*, which is seldom right, they should
have been unsigned char*, because the content isn't expected to be
text.
Even better is to simply take void* as data type, which also happens
to be transparent for any type these functions are called with, be it
char* or unsigned char*. This shouldn't break anything.
While we're at it, constify the input data parameters.
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7890)
---
Summary of changes:
crypto/bio/b_dump.c | 24 +---
include/openssl/bio.h | 14 +++---
2 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
index f4d2de3..e4ad361 100644
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -20,14 +20,15 @@
#define SPACE(buf, pos, n) (sizeof(buf) - (pos) > (n))
int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
-void *u, const char *s, int len)
+void *u, const void *s, int len)
{
return BIO_dump_indent_cb(cb, u, s, len, 0);
}
int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
- void *u, const char *s, int len, int indent)
+ void *u, const void *v, int len, int indent)
{
+const unsigned char *s = v;
int ret = 0;
char buf[288 + 1];
int i, j, rows, n;
@@ -51,7 +52,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t
len, void *u),
if (((i * dump_width) + j) >= len) {
strcpy(buf + n, " ");
} else {
-ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+ch = *(s + i * dump_width + j) & 0xff;
BIO_snprintf(buf + n, 4, "%02x%c", ch,
j == 7 ? '-' : ' ');
}
@@ -66,7 +67,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t
len, void *u),
if (((i * dump_width) + j) >= len)
break;
if (SPACE(buf, n, 1)) {
-ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+ch = *(s + i * dump_width + j) & 0xff;
#ifndef CHARSET_EBCDIC
buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
#else
@@ -96,12 +97,12 @@ static int write_fp(const void *data, size_t len, void *fp)
return UP_fwrite(data, len, 1, fp);
}
-int BIO_dump_fp(FILE *fp, const char *s, int len)
+int BIO_dump_fp(FILE *fp, const void *s, int len)
{
return BIO_dump_cb(write_fp, fp, s, len);
}
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent)
{
return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
}
@@ -112,19 +113,20 @@ static int write_bio(const void *data, size_t len, void
*bp)
return BIO_write((BIO *)bp, (const char *)data, len);
}
-int BIO_dump(BIO *bp, const char *s, int len)
+int BIO_dump(BIO *bp, const void *s, int len)
{
return BIO_dump_cb(write_bio, bp, s, len);
}
-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+int BIO_dump_indent(BIO *bp, const void *s, int len, int indent)
{
return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
}
-int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+int BIO_hex_string(BIO *out, int indent, int width, const void *data,
int datalen)
{
+const unsigned char *d = data;
int i, j = 0;
if (datalen < 1)
@@ -134,7 +136,7 @@ int BIO_hex_string(BIO *out, int indent, int width,
unsigned char *data,
if (i && !j)
BIO_printf(out, "%*s", indent, "");
-BIO_printf(out, "%02X:", data[i]);
+BIO_printf(out, "%02X:", d[i]);
j = (j + 1) % width;
if (!j)
@@ -143,6 +145,6 @@ int BIO_hex_string(BIO *out, int indent, int width,
unsigned char *data,
if (i && !j)
BIO_printf(out, "%*s", indent, "");
-BIO_printf(out, "%02X", data[datalen - 1]);
+BIO_printf(out, "%02X", d[datalen - 1]);
return 1;
}
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index cdeacc8..ed9d489 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -641,16 +641,16 @@ int BIO_sock_non_fatal_error(int error);
int BIO_fd_should_retry(int i);
int BIO_fd_non_fatal_error(int error);
int
[openssl-commits] [openssl] master update
The branch master has been updated
via 5f40dd158cbfa0a3bd86c32f7a77fec8754bb245 (commit)
from aefb980c45134d84f1757de1a9c61d699c8a7e33 (commit)
- Log -
commit 5f40dd158cbfa0a3bd86c32f7a77fec8754bb245
Author: Richard Levitte
Date: Wed Jan 16 06:31:15 2019 +0100
crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
Having a weak getauxval() and only depending on GNU C without looking
at the library we build against meant that it got picked up where not
really expected.
So we change this to check for the glibc version, and since we know it
exists from that version, there's no real need to make it weak.
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/8028)
---
Summary of changes:
crypto/armcap.c | 77 ++---
crypto/ppccap.c | 19 ++
2 files changed, 49 insertions(+), 47 deletions(-)
diff --git a/crypto/armcap.c b/crypto/armcap.c
index e97bdd1..70d2719 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -62,14 +62,12 @@ uint32_t OPENSSL_rdtsc(void)
# if defined(__GNUC__) && __GNUC__>=2
void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# endif
-/*
- * Use a weak reference to getauxval() so we can use it if it is available but
- * don't break the build if it is not.
- */
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
-extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
-# else
-static unsigned long (*getauxval) (unsigned long) = NULL;
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 16)
+# include
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
/*
@@ -134,6 +132,33 @@ void OPENSSL_cpuid_setup(void)
*/
# endif
+OPENSSL_armcap_P = 0;
+
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+if (getauxval(HWCAP) & HWCAP_NEON) {
+unsigned long hwcap = getauxval(HWCAP_CE);
+
+OPENSSL_armcap_P |= ARMV7_NEON;
+
+if (hwcap & HWCAP_CE_AES)
+OPENSSL_armcap_P |= ARMV8_AES;
+
+if (hwcap & HWCAP_CE_PMULL)
+OPENSSL_armcap_P |= ARMV8_PMULL;
+
+if (hwcap & HWCAP_CE_SHA1)
+OPENSSL_armcap_P |= ARMV8_SHA1;
+
+if (hwcap & HWCAP_CE_SHA256)
+OPENSSL_armcap_P |= ARMV8_SHA256;
+
+# ifdef __aarch64__
+if (hwcap & HWCAP_CE_SHA512)
+OPENSSL_armcap_P |= ARMV8_SHA512;
+# endif
+}
+# endif
+
sigfillset(_masked);
sigdelset(_masked, SIGILL);
sigdelset(_masked, SIGTRAP);
@@ -141,8 +166,6 @@ void OPENSSL_cpuid_setup(void)
sigdelset(_masked, SIGBUS);
sigdelset(_masked, SIGSEGV);
-OPENSSL_armcap_P = 0;
-
memset(_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler;
ill_act.sa_mask = all_masked;
@@ -150,30 +173,9 @@ void OPENSSL_cpuid_setup(void)
sigprocmask(SIG_SETMASK, _act.sa_mask, );
sigaction(SIGILL, _act, _oact);
-if (getauxval != NULL) {
-if (getauxval(HWCAP) & HWCAP_NEON) {
-unsigned long hwcap = getauxval(HWCAP_CE);
-
-OPENSSL_armcap_P |= ARMV7_NEON;
-
-if (hwcap & HWCAP_CE_AES)
-OPENSSL_armcap_P |= ARMV8_AES;
-
-if (hwcap & HWCAP_CE_PMULL)
-OPENSSL_armcap_P |= ARMV8_PMULL;
-
-if (hwcap & HWCAP_CE_SHA1)
-OPENSSL_armcap_P |= ARMV8_SHA1;
-
-if (hwcap & HWCAP_CE_SHA256)
-OPENSSL_armcap_P |= ARMV8_SHA256;
-
-# ifdef __aarch64__
-if (hwcap & HWCAP_CE_SHA512)
-OPENSSL_armcap_P |= ARMV8_SHA512;
-# endif
-}
-} else if (sigsetjmp(ill_jmp, 1) == 0) {
+/* If we used getauxval, we already have all the values */
+# ifndef OSSL_IMPLEMENT_GETAUXVAL
+if (sigsetjmp(ill_jmp, 1) == 0) {
_armv7_neon_probe();
OPENSSL_armcap_P |= ARMV7_NEON;
if (sigsetjmp(ill_jmp, 1) == 0) {
@@ -191,13 +193,16 @@ void OPENSSL_cpuid_setup(void)
_armv8_sha256_probe();
OPENSSL_armcap_P |= ARMV8_SHA256;
}
-# if defined(__aarch64__) && !defined(__APPLE__)
+# if defined(__aarch64__) && !defined(__APPLE__)
if (sigsetjmp(ill_jmp, 1) == 0) {
_armv8_sha512_probe();
OPENSSL_armcap_P |= ARMV8_SHA512;
}
-# endif
+# endif
}
+# endif
+
+/* Things that getauxval didn't tell us */
if (sigsetjmp(ill_jmp, 1) == 0) {
_armv7_tick();
OPENSSL_armcap_P |= ARMV7_TICK;
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 4214762..e50f757 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -168,16 +168,11 @@ void OPENSSL_altivec_probe(void);
void OPENSSL_crypto207_probe(void);
void OPENSSL_madd300_probe(void);
-/*
- * Use a weak reference to getauxval() so we can use it if it is available
- *
[openssl-commits] [openssl] master update
The branch master has been updated
via aefb980c45134d84f1757de1a9c61d699c8a7e33 (commit)
from ea09abc80892920ee5db4de82bed7a193b5896f0 (commit)
- Log -
commit aefb980c45134d84f1757de1a9c61d699c8a7e33
Author: Richard Levitte
Date: Thu Dec 20 10:17:38 2018 +0100
crypto/uid.c: use own macro as guard rather than AT_SECURE
It turns out that AT_SECURE may be defined through other means than
our inclusion of sys/auxv.h, so to be on the safe side, we define our
own guard and use that to determine if getauxval() should be used or
not.
Fixes #7932
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7933)
---
Summary of changes:
crypto/uid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/uid.c b/crypto/uid.c
index 6635639..494dbde 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c
@@ -34,12 +34,13 @@ int OPENSSL_issetugid(void)
# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
# if __GLIBC_PREREQ(2, 16)
# include
+# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
int OPENSSL_issetugid(void)
{
-# ifdef AT_SECURE
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
return getauxval(AT_SECURE) != 0;
# else
return getuid() != geteuid() || getgid() != getegid();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via ea09abc80892920ee5db4de82bed7a193b5896f0 (commit)
via 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4 (commit)
from d63bde7827b0be1172f823baf25309b54aa87e0f (commit)
- Log -
commit ea09abc80892920ee5db4de82bed7a193b5896f0
Author: Matt Caswell
Date: Mon Jan 14 16:37:14 2019 +
Don't get the mac type in TLSv1.3
We don't use this information so we shouldn't fetch it. As noted in the
comments in #8005.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/8020)
commit 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4
Author: Matt Caswell
Date: Mon Jan 14 16:36:33 2019 +
Add missing entries in ssl_mac_pkey_id
Fixes #8005
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/8020)
---
Summary of changes:
ssl/ssl_ciph.c | 2 ++
ssl/tls13_enc.c | 4 +---
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index bd97c0f..461a9de 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -171,6 +171,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
/* GOST2012_512 */
EVP_PKEY_HMAC,
+/* MD5/SHA1, SHA224, SHA512 */
+NID_undef, NID_undef, NID_undef
};
static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 6022950..e6cd705 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -323,11 +323,9 @@ int tls13_setup_key_block(SSL *s)
{
const EVP_CIPHER *c;
const EVP_MD *hash;
-int mac_type = NID_undef;
s->session->cipher = s->s3->tmp.new_cipher;
-if (!ssl_cipher_get_evp
-(s->session, , , _type, NULL, NULL, 0)) {
+if (!ssl_cipher_get_evp(s->session, , , NULL, NULL, NULL, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via d63bde7827b0be1172f823baf25309b54aa87e0f (commit)
via 0a5bda639f8fd59e15051cf757708e3b94bcf399 (commit)
from e26f653defd08334ebfa517b6715a338f543fbf1 (commit)
- Log -
commit d63bde7827b0be1172f823baf25309b54aa87e0f
Author: Matt Caswell
Date: Mon Jan 14 11:22:42 2019 +
Check more return values in the SRP code
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8019)
commit 0a5bda639f8fd59e15051cf757708e3b94bcf399
Author: Matt Caswell
Date: Mon Jan 14 11:06:43 2019 +
Check a return value in the SRP code
Spotted by OSTIF audit
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8019)
---
Summary of changes:
crypto/srp/srp_lib.c | 4 +++-
crypto/srp/srp_vfy.c | 21 ++---
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index c43d27a..8cba189 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y,
const BIGNUM *N)
unsigned char *tmp = NULL;
int numN = BN_num_bytes(N);
BIGNUM *res = NULL;
+
if (x != N && BN_ucmp(x, N) >= 0)
return NULL;
if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const
char *pass)
|| !EVP_DigestFinal_ex(ctxt, dig, NULL)
|| !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
goto err;
-BN_bn2bin(s, cs);
+if (BN_bn2bin(s, cs) < 0)
+goto err;
if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
goto err;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 4ed94b7..d69e330 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -614,10 +614,14 @@ char *SRP_create_verifier(const char *user, const char
*pass, char **salt,
if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
goto err;
N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+if (N_bn_alloc == NULL)
+goto err;
N_bn = N_bn_alloc;
if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
goto err;
g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+if (g_bn_alloc == NULL)
+goto err;
g_bn = g_bn_alloc;
defgNid = "*";
} else {
@@ -639,15 +643,19 @@ char *SRP_create_verifier(const char *user, const char
*pass, char **salt,
goto err;
s = BN_bin2bn(tmp2, len, NULL);
}
+if (s == NULL)
+goto err;
if (!SRP_create_verifier_BN(user, pass, , , N_bn, g_bn))
goto err;
-BN_bn2bin(v, tmp);
+if (BN_bn2bin(v, tmp) < 0)
+goto err;
vfsize = BN_num_bytes(v) * 2;
if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
-t_tob64(vf, tmp, BN_num_bytes(v));
+if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+goto err;
if (*salt == NULL) {
char *tmp_salt;
@@ -655,7 +663,10 @@ char *SRP_create_verifier(const char *user, const char
*pass, char **salt,
if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
goto err;
}
-t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+OPENSSL_free(tmp_salt);
+goto err;
+}
*salt = tmp_salt;
}
@@ -702,11 +713,15 @@ int SRP_create_verifier_BN(const char *user, const char
*pass, BIGNUM **salt,
goto err;
salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+if (salttmp == NULL)
+goto err;
} else {
salttmp = *salt;
}
x = SRP_Calc_x(salttmp, user, pass);
+if (x == NULL)
+goto err;
*verifier = BN_new();
if (*verifier == NULL)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via e26f653defd08334ebfa517b6715a338f543fbf1 (commit)
from 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2 (commit)
- Log -
commit e26f653defd08334ebfa517b6715a338f543fbf1
Author: Anna Henningsen
Date: Sun Jan 13 18:26:43 2019 +0100
Fix compilation with `-DREF_PRINT`
CLA: trivial
Reviewed-by: Matthias St. Pierre
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8016)
---
Summary of changes:
crypto/dso/dso_lib.c | 2 +-
crypto/ec/ecp_nistz256.c | 2 +-
crypto/x509/x509_lu.c| 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index f426be0..f1b193b 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -111,7 +111,7 @@ int DSO_up_ref(DSO *dso)
if (CRYPTO_UP_REF(>references, , dso->lock) <= 0)
return 0;
-REF_PRINT_COUNT("DSO", r);
+REF_PRINT_COUNT("DSO", dso);
REF_ASSERT_ISNT(i < 2);
return ((i > 1) ? 1 : 0);
}
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 2db7d19..82affd6 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1432,7 +1432,7 @@ void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
return;
CRYPTO_DOWN_REF(>references, , pre->lock);
-REF_PRINT_COUNT("EC_nistz256", x);
+REF_PRINT_COUNT("EC_nistz256", pre);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 6bcdafb..fa8153d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -237,7 +237,7 @@ int X509_STORE_up_ref(X509_STORE *vfy)
if (CRYPTO_UP_REF(>references, , vfy->lock) <= 0)
return 0;
-REF_PRINT_COUNT("X509_STORE", a);
+REF_PRINT_COUNT("X509_STORE", vfy);
REF_ASSERT_ISNT(i < 2);
return ((i > 1) ? 1 : 0);
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2 (commit)
from 87d06aed64395afcd9ee4e7c699950dd57278259 (commit)
- Log -
commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2
Author: Matt Caswell
Date: Wed Oct 17 16:17:25 2018 +0100
Don't artificially limit the size of the ClientHello
We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.
The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.
This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.
We should just remove the limit.
Reviewed-by: Paul Dale
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/7424)
---
Summary of changes:
ssl/statem/statem_clnt.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3b6cbb7..53bc5ef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
SSL_SESSION *sess = s->session;
unsigned char *session_id;
-if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
-/* Should not happen */
-SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-return 0;
-}
-
/* Work out what SSL/TLS/DTLS version to use */
protverr = ssl_set_client_hello_version(s);
if (protverr != 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 87d06aed64395afcd9ee4e7c699950dd57278259 (commit)
from 760e2d60e62511a6fb96f547f6730d05eb5f47ec (commit)
- Log -
commit 87d06aed64395afcd9ee4e7c699950dd57278259
Author: Matt Caswell
Date: Mon Jan 7 15:16:23 2019 +
Fix compilation on sparc
Fixes #7966
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7997)
---
Summary of changes:
crypto/des/asm/des_enc.m4 | 2 --
crypto/evp/e_aes.c| 5 +
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
index 92b9678..9a17fac 100644
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@@ -29,8 +29,6 @@
.ident "des_enc.m4 2.1"
.file "des_enc-sparc.S"
-#include
-
#if defined(__SUNPRO_C) && defined(__sparcv9)
# define ABI64 /* They've said -xarch=v9 at command line */
#elif defined(__GNUC__) && defined(__arch64__)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 6080d16..8dc5235 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -927,6 +927,11 @@ static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned
char *out,
const unsigned char *in, size_t len);
# endif/* OPENSSL_NO_OCB */
+# ifndef OPENSSL_NO_SIV
+# define aes_t4_siv_init_key aes_siv_init_key
+# define aes_t4_siv_cipher aes_siv_cipher
+# endif /* OPENSSL_NO_SIV */
+
# define
BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 760e2d60e62511a6fb96f547f6730d05eb5f47ec (commit)
from df1f538f28c10f2954757164b17781040d2355ef (commit)
- Log -
commit 760e2d60e62511a6fb96f547f6730d05eb5f47ec
Author: FdaSilvaYY
Date: Tue Jan 8 16:27:27 2019 +1000
Fix CID 1434549: Unchecked return value in test/evp_test.c
5. check_return: Calling EVP_EncodeUpdate without checking return value
(as is done elsewhere 4 out of 5 times).
Fix CID 1371695, 1371698: Resource leak in test/evp_test.c
- leaked_storage: Variable edata going out of scope leaks the storage it
points to.
- leaked_storage: Variable encode_ctx going out of scope leaks the
storage it points to
Fix CID 1430437, 1430426, 1430429 : Dereference before null check in
test/drbg_cavs_test.c
check_after_deref: Null-checking drbg suggests that it
may be null, but it has already been dereferenced on all paths leading
to the check
Fix CID 1440765: Dereference before null check in test/ssltestlib.c
check_after_deref: Null-checking ctx suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
Reviewed-by: Matthias St. Pierre
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/7993)
---
Summary of changes:
test/drbg_cavs_test.c | 29 ++---
test/evp_test.c | 21 -
test/ssltestlib.c | 6 --
3 files changed, 26 insertions(+), 30 deletions(-)
diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c
index 4bb65f0..99d4472 100644
--- a/test/drbg_cavs_test.c
+++ b/test/drbg_cavs_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -106,12 +106,9 @@ static int single_kat_no_reseed(const struct drbg_kat *td)
failures++;
err:
-if (buff != NULL)
-OPENSSL_free(buff);
-if (drbg != NULL) {
-RAND_DRBG_uninstantiate(drbg);
-RAND_DRBG_free(drbg);
-}
+OPENSSL_free(buff);
+RAND_DRBG_uninstantiate(drbg);
+RAND_DRBG_free(drbg);
return failures == 0;
}
@@ -176,12 +173,9 @@ static int single_kat_pr_false(const struct drbg_kat *td)
failures++;
err:
-if (buff != NULL)
-OPENSSL_free(buff);
-if (drbg != NULL) {
-RAND_DRBG_uninstantiate(drbg);
-RAND_DRBG_free(drbg);
-}
+OPENSSL_free(buff);
+RAND_DRBG_uninstantiate(drbg);
+RAND_DRBG_free(drbg);
return failures == 0;
}
@@ -249,12 +243,9 @@ static int single_kat_pr_true(const struct drbg_kat *td)
failures++;
err:
-if (buff != NULL)
-OPENSSL_free(buff);
-if (drbg != NULL) {
-RAND_DRBG_uninstantiate(drbg);
-RAND_DRBG_free(drbg);
-}
+OPENSSL_free(buff);
+RAND_DRBG_uninstantiate(drbg);
+RAND_DRBG_free(drbg);
return failures == 0;
}
diff --git a/test/evp_test.c b/test/evp_test.c
index f3dd79b..eaedab2 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1761,15 +1761,18 @@ static int encode_test_init(EVP_TEST *t, const char
*encoding)
} else if (strcmp(encoding, "invalid") == 0) {
edata->encoding = BASE64_INVALID_ENCODING;
if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
-return 0;
+goto err;
} else {
TEST_error("Bad encoding: %s."
" Should be one of {canonical, valid, invalid}",
encoding);
-return 0;
+goto err;
}
t->data = edata;
return 1;
+err:
+OPENSSL_free(edata);
+return 0;
}
static void encode_test_cleanup(EVP_TEST *t)
@@ -1798,7 +1801,7 @@ static int encode_test_run(EVP_TEST *t)
ENCODE_DATA *expected = t->data;
unsigned char *encode_out = NULL, *decode_out = NULL;
int output_len, chunk_len;
-EVP_ENCODE_CTX *decode_ctx;
+EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
t->err = "INTERNAL_ERROR";
@@ -1806,7 +1809,6 @@ static int encode_test_run(EVP_TEST *t)
}
if (expected->encoding == BASE64_CANONICAL_ENCODING) {
-
[openssl-commits] [openssl] master update
The branch master has been updated
via df1f538f28c10f2954757164b17781040d2355ef (commit)
via b2f16a2271c40faed168c8bd89b562919a18cb3f (commit)
from 9effc496ad8a9b0ec737c69cc0fddf610a045ea4 (commit)
- Log -
commit df1f538f28c10f2954757164b17781040d2355ef
Author: Viktor Dukhovni
Date: Tue Jan 1 02:53:24 2019 -0500
More configurable crypto and ssl library initialization
1. In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().
2. By default we still keep going when configuration file
processing fails. But, applications that want to be strict
about initialization errors can now make explicit flag
choices via non-null OPENSSL_INIT_SETTINGS that omit the
CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
both undocumented and unused).
3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
4. Don't set up atexit() handlers when called with INIT_BASE_ONLY.
Reviewed-by: Bernd Edlinger
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7986)
commit b2f16a2271c40faed168c8bd89b562919a18cb3f
Author: Viktor Dukhovni
Date: Tue Jan 1 19:19:43 2019 -0500
Update generator copyright year.
Some Travis builds appear to fail because generated objects get
2019 copyrights now, and the diff complains.
Reviewed-by: Bernd Edlinger
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7986)
---
Summary of changes:
crypto/asn1/charmap.pl | 2 +-
crypto/bn/bn_prime.pl | 2 +-
crypto/conf/conf_lib.c | 26 +
crypto/conf/conf_mod.c | 3 +++
crypto/conf/conf_sap.c | 23 +-
crypto/conf/keysets.pl | 2 +-
crypto/err/err.c| 12
crypto/init.c | 38 +
crypto/objects/obj_dat.pl | 2 +-
crypto/objects/objects.pl | 2 +-
crypto/objects/objxref.pl | 2 +-
doc/man3/CONF_modules_load_file.pod | 10 +-
doc/man3/OPENSSL_init_crypto.pod| 37 +---
include/internal/conf.h | 9 -
include/openssl/crypto.h| 6 +-
ssl/ssl_init.c | 13 +++--
util/libcrypto.num | 2 ++
17 files changed, 148 insertions(+), 43 deletions(-)
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 20f05fc..d29a21b 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index fb54810..76df3fc 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 860ac67..606563a 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
if (ret != NULL)
memset(ret, 0, sizeof(*ret));
+ret->flags = DEFAULT_CONF_MFLAGS;
+
return ret;
}
#ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *filename)
+{
+char *newfilename = NULL;
+
+if (filename != NULL) {
+newfilename = strdup(filename);
+if (newfilename == NULL)
+return 0;
+}
+
+free(settings->filename);
+settings->filename = newfilename;
+
+return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+unsigned long flags)
+{
+settings->flags = flags;
+}
+
int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
const char *appname)
{
@@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS
*settings,
void
[openssl-commits] [openssl] master update
The branch master has been updated
via 9effc496ad8a9b0ec737c69cc0fddf610a045ea4 (commit)
via 23fed8ba0ec895e1b2a089cae380697f15170afc (commit)
from 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0 (commit)
- Log -
commit 9effc496ad8a9b0ec737c69cc0fddf610a045ea4
Author: Matt Caswell
Date: Fri Jan 4 16:55:15 2019 +
Add a test for correct handling of the cryptopro bug extension
This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7984)
commit 23fed8ba0ec895e1b2a089cae380697f15170afc
Author: Matt Caswell
Date: Fri Jan 4 16:54:03 2019 +
Don't complain if we receive the cryptopro extension in the ClientHello
The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.
Fixes #7747
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7984)
---
Summary of changes:
ssl/statem/extensions.c | 6 --
test/recipes/70-test_sslextension.t | 32 +++
util/perl/TLSProxy/Certificate.pm | 5 -
util/perl/TLSProxy/ClientHello.pm | 7 ++-
util/perl/TLSProxy/EncryptedExtensions.pm | 5 -
util/perl/TLSProxy/Message.pm | 16 +++-
util/perl/TLSProxy/ServerHello.pm | 2 +-
7 files changed, 46 insertions(+), 27 deletions(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index ffa4b46..773309a 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = {
{
/*
* Special unsolicited ServerHello extension only used when
- * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set
+ * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
+ * ignore it.
*/
TLSEXT_TYPE_cryptopro_bug,
-SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+| SSL_EXT_TLS1_2_AND_BELOW_ONLY,
NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
},
{
diff --git a/test/recipes/70-test_sslextension.t
b/test/recipes/70-test_sslextension.t
index 79466b6..e725b44 100644
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -88,9 +88,11 @@ sub inject_duplicate_extension
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == $message_type) {
my %extensions = %{$message->extension_data};
-# Add a duplicate (unknown) extension.
-
$message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
-
$message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
+# Add a duplicate extension. We use cryptopro_bug since we never
+# normally write that one, and it is allowed as unsolicited in the
+# ServerHello
+
$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
+$message->dupext(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION);
$message->repack();
}
}
@@ -173,9 +175,23 @@ sub inject_unsolicited_extension
$sent_unsolisited_extension = 1;
}
+sub inject_cryptopro_extension
+{
+my $proxy = shift;
+
+# We're only interested in the initial ClientHello
+if ($proxy->flight != 0) {
+return;
+}
+
+my $message = ${$proxy->message_list}[0];
+$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION,
"");
+$message->repack();
+}
+
# Test 1-2: Sending a duplicate extension should fail.
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 7;
+plan tests => 8;
ok($fatal_alert, "Duplicate ClientHello extension");
$fatal_alert = 0;
@@ -234,3 +250,11 @@ SKIP: {
$proxy->start();
ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
}
+
+#Test 8: Send the cryptopro extension in a ClientHello. Normally this is an
+#unsolicited extension only ever seen in the ServerHello. We should
+#ignore it in a ClientHello
+$proxy->clear();
+$proxy->filter(\_cryptopro_extension);
+$proxy->start();
+ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");
diff --git a/util/perl/TLSProxy/Certificate.pm
b/util/perl/TLSProxy/Certificate.pm
index 70c9fae..03f6619 100644
---
[openssl-commits] [openssl] master update
The branch master has been updated via 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0 (commit) from 673e0bbbe4b9cbd19a247c0b18c171bb0421915a (commit) - Log - commit 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0 Author: Dr. Matthias St. Pierre Date: Mon Jan 7 01:21:56 2019 +0100 doc/man1/x509.pod: fix typo This looks like a copy error from req.pod to x509.pod. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7995) --- Summary of changes: doc/man1/x509.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod index 8c096ed..75919ca 100644 --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -173,7 +173,7 @@ options. See the B section for more information. =item B<-noout> -This option prevents output of the encoded version of the request. +This option prevents output of the encoded version of the certificate. =item B<-pubkey> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 673e0bbbe4b9cbd19a247c0b18c171bb0421915a (commit)
from 5e9072ed99971fa5e47326c2f8ffa4bc9624a584 (commit)
- Log -
commit 673e0bbbe4b9cbd19a247c0b18c171bb0421915a
Author: Dmitry Belyavskiy
Date: Fri Jan 4 20:38:29 2019 +0300
Restore compatibility with GOST2001 implementations.
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7985)
---
Summary of changes:
ssl/statem/extensions.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c549218..ffa4b46 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -623,7 +623,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet,
unsigned int context,
&& type != TLSEXT_TYPE_cookie
&& type != TLSEXT_TYPE_renegotiate
&& type != TLSEXT_TYPE_signed_certificate_timestamp
-&& (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
+&& (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+&& !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+ && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+ ) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
SSL_F_TLS_COLLECT_EXTENSIONS,
SSL_R_UNSOLICITED_EXTENSION);
goto err;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5e9072ed99971fa5e47326c2f8ffa4bc9624a584 (commit)
from 87bbbfb1e4fc2035e8f9ec1d6313a41c410a3218 (commit)
- Log -
commit 5e9072ed99971fa5e47326c2f8ffa4bc9624a584
Author: Matt Caswell
Date: Fri Jan 4 11:13:39 2019 +
Fix no-sock
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7981)
---
Summary of changes:
test/sslapitest.c | 6 --
test/ssltestlib.c | 9 ++---
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d52380c..1868eb3 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -657,7 +657,8 @@ static int execute_test_large_message(const SSL_METHOD
*smeth,
return testresult;
}
-#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS)
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
+&& !defined(OPENSSL_NO_SOCK)
/* sock must be connected */
static int ktls_chk_platform(int sock)
@@ -6053,7 +6054,8 @@ int setup_tests(void)
#endif
}
-#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS)
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
+&& !defined(OPENSSL_NO_SOCK)
ADD_TEST(test_ktls_client_server);
ADD_TEST(test_ktls_no_client_server);
ADD_TEST(test_ktls_client_no_server);
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index 50c7112..8187513 100644
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -663,7 +663,7 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const
SSL_METHOD *cm,
#define MAXLOOPS100
-#ifndef OPENSSL_NO_KTLS
+#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK)
static int set_nb(int fd)
{
int flags;
@@ -736,12 +736,6 @@ success:
close(afd);
return ret;
}
-#else
-int create_test_sockets(int *cfd, int *sfd)
-{
-return 0;
-}
-#endif
int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, int sfd, int cfd)
@@ -775,6 +769,7 @@ int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX
*clientctx, SSL **sssl,
BIO_free(c_to_s_bio);
return 0;
}
+#endif
/*
* NOTE: Transfers control of the BIOs - this function will free them on error
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 87bbbfb1e4fc2035e8f9ec1d6313a41c410a3218 (commit)
from e74be3d497e5ef60515c186100f3abef832a9f9d (commit)
- Log -
commit 87bbbfb1e4fc2035e8f9ec1d6313a41c410a3218
Author: Matt Caswell
Date: Fri Jan 4 10:24:19 2019 +
Fix no-cmac
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7979)
---
Summary of changes:
test/recipes/90-test_gost.t | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t
index ac214e2..d4f27b8 100644
--- a/test/recipes/90-test_gost.t
+++ b/test/recipes/90-test_gost.t
@@ -12,11 +12,11 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_gost");
# The GOST ciphers are dynamically loaded via the GOST engine, so we must be
-# able to support that. The engine also uses DSA and CMS symbols, so we skip
-# this test on no-dsa or no-cms.
+# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
+# skip this test on no-dsa, no-cms or no-cmac.
plan skip_all => "GOST support is disabled in this OpenSSL build"
if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
- || disabled("dsa") || disabled("cms");
+ || disabled("dsa") || disabled("cms") || disabled("cmac");
plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
if disabled("tls1_3") || disabled("tls1_2");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via e74be3d497e5ef60515c186100f3abef832a9f9d (commit)
from f760137b2144740916afd9ff381451fa16c710de (commit)
- Log -
commit e74be3d497e5ef60515c186100f3abef832a9f9d
Author: Richard Levitte
Date: Sat Jan 5 09:33:22 2019 +0100
crypto/evp/e_aes.c: build again on s390x
The stuff needed to build with SIV wasn't in place for s390x
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7988)
---
Summary of changes:
crypto/evp/e_aes.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index a882f21..6080d16 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2427,6 +2427,18 @@ static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
# endif
+# ifndef OPENSSL_NO_SIV
+# define S390X_AES_SIV_CTX EVP_AES_SIV_CTX
+# define S390X_aes_128_siv_CAPABLE 0
+# define S390X_aes_192_siv_CAPABLE 0
+# define S390X_aes_256_siv_CAPABLE 0
+
+# define s390x_aes_siv_init_key aes_siv_init_key
+# define s390x_aes_siv_cipher aes_siv_cipher
+# define s390x_aes_siv_cleanup aes_siv_cleanup
+# define s390x_aes_siv_ctrl aes_siv_ctrl
+# endif
+
# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \
MODE,flags) \
static const EVP_CIPHER s390x_aes_##keylen##_##mode = {
\
@@ -2468,7 +2480,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)
\
static const EVP_CIPHER s390x_aes_##keylen##_##mode = {
\
nid##_##keylen##_##mode, \
blocksize, \
-(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,
\
+
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE
? 2 : 1) * keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE,\
s390x_aes_##mode##_init_key, \
@@ -2482,7 +2494,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = {
\
}; \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
-(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,
\
+
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE
? 2 : 1) * keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE,\
aes_##mode##_init_key, \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f760137b2144740916afd9ff381451fa16c710de (commit)
via c66bb88cb08adbc848271dd388aa9695c7e200be (commit)
from de2debc524e8de89a9e4e8cd890af3882cf1aaab (commit)
- Log -
commit f760137b2144740916afd9ff381451fa16c710de
Author: Patrick Steuer
Date: Sat Aug 4 00:10:06 2018 +0200
crypto/chacha/asm/chacha-s390x.pl: add vx code path.
Signed-off-by: Patrick Steuer
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6919)
commit c66bb88cb08adbc848271dd388aa9695c7e200be
Author: Patrick Steuer
Date: Wed Dec 7 12:58:34 2016 +0100
s390x assembly pack: perlasm support.
Added crypto/perlasm/s390x.pm Perl module. Its primary use is to be
independent of binutils version, that is to write byte codes of
instructions that are not part of the base instruction set.
Currently only gas format is supported.
Signed-off-by: Patrick Steuer
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6919)
---
Summary of changes:
crypto/chacha/asm/chacha-s390x.pl | 816 ++
crypto/chacha/build.info |1 +
crypto/perlasm/s390x.pm | 3060 +
3 files changed, 3618 insertions(+), 259 deletions(-)
create mode 100644 crypto/perlasm/s390x.pm
diff --git a/crypto/chacha/asm/chacha-s390x.pl
b/crypto/chacha/asm/chacha-s390x.pl
index 1b13a41..005c810 100755
--- a/crypto/chacha/asm/chacha-s390x.pl
+++ b/crypto/chacha/asm/chacha-s390x.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -20,41 +20,46 @@
#
# 3 times faster than compiler-generated code.
-$flavour = shift;
+#
+# August 2018
+#
+# Add vx code path.
+#
+# Copyright IBM Corp. 2018
+# Author: Patrick Steuer
+use strict;
+use FindBin qw($Bin);
+use lib "$Bin/../..";
+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
+
+my $flavour = shift;
+
+my ($z,$SIZE_T);
if ($flavour =~ /3[12]/) {
+ $z=0; # S/390 ABI
$SIZE_T=4;
- $g="";
} else {
+ $z=1; # zSeries ABI
$SIZE_T=8;
- $g="g";
}
+my $output;
while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-sub AUTOLOAD() # thunk [simplified] x86-style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
-$code .= "\t$opcode\t".join(',',@_)."\n";
-}
my $sp="%r15";
-
my $stdframe=16*$SIZE_T+4*8;
-my $frame=$stdframe+4*20;
-
-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
my @t=map("%r$_",(8,9));
+my @v=map("%v$_",(16..31));
sub ROUND {
my ($a0,$b0,$c0,$d0)=@_;
my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
-my ($xc,$xc_)=map("\"$_\"",@t);
-my @x=map("\"$_\"",@x);
+my ($xc,$xc_)=map("$_",@t);
# Consider order in which variables are addressed by their
# index:
@@ -78,249 +83,542 @@ my @x=map("\"$_\"",@x);
# 'c' stores and loads in the middle, but none in the beginning
# or end.
- (
- " (@x[$a0],@x[$b0])", # Q1
-" (@x[$a1],@x[$b1])", # Q2
- "(@x[$d0],@x[$a0])",
-" (@x[$d1],@x[$a1])",
- " (@x[$d0],@x[$d0],16)",
-" (@x[$d1],@x[$d1],16)",
-
- " ($xc,@x[$d0])",
-" ($xc_,@x[$d1])",
- "(@x[$b0],$xc)",
-" (@x[$b1],$xc_)",
- " (@x[$b0],@x[$b0],12)",
-" (@x[$b1],@x[$b1],12)",
-
- " (@x[$a0],@x[$b0])",
-" (@x[$a1],@x[$b1])",
- "(@x[$d0],@x[$a0])",
-" (@x[$d1],@x[$a1])",
- " (@x[$d0],@x[$d0],8)",
-" (@x[$d1],@x[$d1],8)",
-
- " ($xc,@x[$d0])",
-" ($xc_,@x[$d1])",
- "(@x[$b0],$xc)",
-" (@x[$b1],$xc_)",
- " (@x[$b0],@x[$b0],7)",
-" (@x[$b1],@x[$b1],7)",
-
- " ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's
- "($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
-
- " (@x[$a2],@x[$b2])", # Q3
-" (@x[$a3],@x[$b3])", # Q4
- "(@x[$d2],@x[$a2])",
-" (@x[$d3],@x[$a3])",
- " (@x[$d2],@x[$d2],16)",
-" (@x[$d3],@x[$d3],16)",
-
- " ($xc,@x[$d2])",
-" ($xc_,@x[$d3])",
- "(@x[$b2],$xc)",
-" (@x[$b3],$xc_)",
- " (@x[$b2],@x[$b2],12)",
-
[openssl-commits] [openssl] master update
The branch master has been updated
via de2debc524e8de89a9e4e8cd890af3882cf1aaab (commit)
via 41999e7d358c3657a254b34b85fd9e948180529b (commit)
via 88d57bf83fe32b2c8ceb1264562fdd028de504bf (commit)
via d0f2f202c5aa6365d3c13e18a0b9e26837c290a0 (commit)
via 8f6a5c56c17aa89b80fef73875beec53aef1f2c8 (commit)
via 660a1e0434eb5eb8548bea3ad35f3821d49c5c15 (commit)
via df5228e3b294fc546d0f8ea46e40ac111db58650 (commit)
from 9c5ef4ea486f675f33592b34775c3e453f60ee69 (commit)
- Log -
commit de2debc524e8de89a9e4e8cd890af3882cf1aaab
Author: Matt Caswell
Date: Fri Nov 16 17:26:23 2018 +
Support _onexit() in preference to atexit() on Windows
This enables cleanup to happen on DLL unload instead of at process exit.
[extended tests]
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit 41999e7d358c3657a254b34b85fd9e948180529b
Author: Matt Caswell
Date: Fri Nov 16 14:05:14 2018 +
Introduce a no-pinshared option
This option prevents OpenSSL from pinning itself in memory.
Fixes #7598
[extended tests]
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit 88d57bf83fe32b2c8ceb1264562fdd028de504bf
Author: Matt Caswell
Date: Thu Nov 15 17:41:06 2018 +
Test atexit handlers
Test that atexit handlers get called properly at process exit, unless we
have explicitly asked for them not to be.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit d0f2f202c5aa6365d3c13e18a0b9e26837c290a0
Author: Matt Caswell
Date: Thu Nov 15 16:59:41 2018 +
Don't link shlibloadtest against libcrypto
The whole point of shlibloadtest is to test dynamically loading and
unloading the library. If we link shlibloadtest against libcrypto then that
might mask potential issues.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit 8f6a5c56c17aa89b80fef73875beec53aef1f2c8
Author: Matt Caswell
Date: Thu Nov 15 16:27:34 2018 +
Implement OPENSSL_INIT_NO_ATEXIT
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit 660a1e0434eb5eb8548bea3ad35f3821d49c5c15
Author: Matt Caswell
Date: Tue Nov 20 15:32:55 2018 +
Fix a RUN_ONCE bug
We have a number of instances where there are multiple "init" functions for
a single CRYPTO_ONCE variable, e.g. to load config automatically or to not
load config automatically. Unfortunately the RUN_ONCE mechanism was not
correctly giving the right return value where an alternative init function
was being used.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
commit df5228e3b294fc546d0f8ea46e40ac111db58650
Author: Matt Caswell
Date: Thu Nov 15 14:50:52 2018 +
Fix shlibloadtest to properly execute the dso_ref test
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7647)
---
Summary of changes:
Configurations/10-main.conf | 2 +-
Configure| 1 +
INSTALL | 18
crypto/init.c| 105 +++
doc/man3/OPENSSL_init_crypto.pod | 9 +-
include/internal/thread_once.h | 92 +
include/openssl/crypto.h | 2 +-
ssl/ssl_init.c | 6 +-
test/build.info | 1 -
test/recipes/90-test_shlibload.t | 45 +++--
test/shlibloadtest.c | 213 +++
11 files changed, 394 insertions(+), 100 deletions(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 6506203..21d8345 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -651,7 +651,7 @@ my %targets = (
dso_scheme => "dlfcn",
shared_target=> "linux-shared",
shared_cflag => "-fPIC",
-shared_ldflag=> "-Wl,-znodelete",
+shared_ldflag=> sub { $disabled{pinshared} ? () : "-Wl,-znodelete"
},
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
enable => [ "afalgeng" ],
},
diff --git a/Configure b/Configure
index da09003..7a2be83 100755
--- a/Configure
+++ b/Configure
@@ -374,6 +374,7 @@ my @disablables = (
"msan",
"multiblock",
"nextprotoneg",
+"pinshared",
"ocb",
"ocsp",
"pic",
diff --git a/INSTALL b/INSTALL
index 049ff21..2fd2235 100644
--- a/INSTALL
+++ b/INSTALL
@@ -416,6 +416,24 @@
no-pic
Don't build with support for Position Independent Code.
+ no-pinshared By default OpenSSL will attempt to
[openssl-commits] [openssl] master update
The branch master has been updated
via 9c5ef4ea486f675f33592b34775c3e453f60ee69 (commit)
via d072eea2e39cecce3598556053a4c552d9a2 (commit)
from 51adf14a948ac0999114f3807fa6ceae1bb060ac (commit)
- Log -
commit 9c5ef4ea486f675f33592b34775c3e453f60ee69
Author: Dmitry Belyavskiy
Date: Wed Jan 2 15:47:07 2019 +0300
Eliminate unused buffers from ssl3_change_cipher_state
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7971)
commit d072eea2e39cecce3598556053a4c552d9a2
Author: Dmitry Belyavskiy
Date: Wed Jan 2 13:28:07 2019 +0300
Remove unused variables from tls1_change_cipher_state
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/7971)
---
Summary of changes:
ssl/s3_enc.c | 6 --
ssl/t1_enc.c | 12
2 files changed, 18 deletions(-)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 9af4ccb..4d884f4 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km,
int num)
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
-unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
@@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
-OPENSSL_cleanse(exp_key, sizeof(exp_key));
-OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 1;
err:
-OPENSSL_cleanse(exp_key, sizeof(exp_key));
-OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 0;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index adcc626..9b58bd8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -85,10 +85,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char
*km, size_t num)
int tls1_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
-unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
-unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
@@ -408,16 +404,8 @@ int tls1_change_cipher_state(SSL *s, int which)
printf("\n");
#endif
-OPENSSL_cleanse(tmp1, sizeof(tmp1));
-OPENSSL_cleanse(tmp2, sizeof(tmp1));
-OPENSSL_cleanse(iv1, sizeof(iv1));
-OPENSSL_cleanse(iv2, sizeof(iv2));
return 1;
err:
-OPENSSL_cleanse(tmp1, sizeof(tmp1));
-OPENSSL_cleanse(tmp2, sizeof(tmp1));
-OPENSSL_cleanse(iv1, sizeof(iv1));
-OPENSSL_cleanse(iv2, sizeof(iv2));
return 0;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
