[openssl-dev] [openssl.org #3230] Deficiency in the Perl script openssl/crypto/objects/objects.pl
OpenSSL_1_0_1-stable 32b2ad7 RT3230: Better test for C identifier OpenSSL_1_0_2-stable fb22f74 RT3230: Better test for C identifier master 591b7ae RT3230: Better test for C identifier Author: Annie Yousar a.you...@informatik.hu-berlin.de Date: Sun May 3 09:05:47 2015 -0400 RT3230: Better test for C identifier objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: Rich Salz rs...@akamai.com Reviewed-by: Matt Caswell m...@openssl.org -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests
Generally, these look good. I have concerns about three (that you raised); quoting from your README. Any comments from others? + err.c.patch The 'int_thread_del_item' function calls 'int_thread_release' that accesses (*hash), but this is invalid because 'int_thread_del_item' frees 'int_thread_hash' that can be an alias of 'hash'. This patch fixes the problem, but WARNING: it changes the program behavior since 'int_thread_release' now returns earlier and then doesn't call CRYPTO_add. Don't know whether this is the correct fix for this problem. + mem_dbg.c.patch The 'pop_info' function return 'ret' after OPENSSL_free(ret), and the returned value is then tested (ret = (pop_info() != NULL)) in CRYPTO_pop_info, which is incorrect since the address is now a dangling pointer (indeterminate in the C standard). This patch fixes the problem, but don't know whether this is the correct fix regarding the behavior of the 'pop_info' callers. Regardless, returning an address that has just been passed to free() is never useful and a change is necessary here. + Patches about catching memory allocation errors are grouped in malloc.patch Most of them consist on adding tests about fields being non-NULL before accessing to sub-fields, or tests on the returned value of functions that where memory allocation may have failed. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] RT is down, will be up again within the hour
Hi, OpenSSL's request tracker is down for the moment being, but will rise again within the hour, in a new box and updated software. What has happened is that the request tracker is moving to a new and hopefully more powerful box (*). That new box has had a slave database server that's been synchronising its data with the old box for a few days, and now is the time to switch over. The DNS entries have been changed a few minutes ago, and now, all that remains is to wait for DNS around the globe to cache up. Meanwhile, to allow database traffic between the boxes to slow down, I've taken down the web service on the old box. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3893] Bug in openssl-1.0.2a when disabling DES
Self-test report generated by 'make report' - testlog attached Application Details (name, version) - openssl-1.0.2a Problem Description ./Configure linux-x86_64 no-des make depend make ../libcrypto.a(cms_kari.o): In function `cms_RecipientInfo_kari_encrypt': cms_kari.c:(.text+0xa21): undefined reference to `EVP_des_ede3_wrap' collect2: error: ld returned 1 exit status ../Makefile.shared:164: recipe for target 'link_app.' failed when OPENSSL_NO_DES is defined (no-des), the cms utility (Cryptographic Message Syntax) should not use des3 for encryption. -- In file cms_kari.c at line 400 if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) kekcipher = EVP_des_ede3_wrap(); -- An error message should be printed to the final user des3 not supported -- :[ Saludos Osvaldo Calles :[ testlog Description: Binary data ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3808] BUG: corrupted ssl session id
Fixes to this pushed to all branches. Thanks for your report. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3888] BUG: BIO_CTRL_DGRAM_SET_DONT_FRAG does nothing on IPv4/Linux
Patch applied. Many thanks. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests
The attached archive contains a collection of patches for undefined behaviors that happen while the tests in directory tests/ are executed, with a recent (as of June 2015) OpenSSL git version. Each undefined behavior really happens for at least one execution, the execution of the test. In other terms, none of these is a “false positive”. The issues broadly fall in the following categories: - accessing uninitialized data, sometimes as a result of not testing the error code of a function (the patch fixes the caller to check for success of the function that's supposed to allocate or initialize); - dereferencing NULL (often for the same reason of failing to check for success of called functions); - using dangling pointers in comparisons as a result of the order in which they are freed and compared. A README file discusses the changes for which discussion seems necessary. The undefined behaviors were found using a Valgrind-like, ASan-like tool to be released as Open-Source soon: http://trust-in-soft.com/tis-interpreter/ openssl_git_patches.tgz Description: Binary data ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #832] ocsp and dsa key+socket option SO_REUSEADDR for responder
fixed in master master 366e2a6 RT832: Use REUSEADDR in ocsp responder Author: Rich Salz rs...@akamai.com Date: Sat May 2 10:44:31 2015 -0400 RT832: Use REUSEADDR in ocsp responder I also re-ordered some of #ifdef's. Reviewed-by: Matt Caswell m...@openssl.org -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3848] [PATCH] Fix memory leak caused by not calling SSL_COMP_free_compression_methods()
Thanks! Applied. commit 45d051c82563a75b07ec54b63e3a5bbad388ab67 Author: Gunnar Kudrjavets gunna...@exchange.microsoft.com Date: Wed May 13 15:13:55 2015 -0400 RT3848: Call SSL_COMP_free_compression_methods Signed-off-by: Rich Salz rs...@akamai.com Reviewed-by: Matt Caswell m...@openssl.org -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3472] PATCH: Update info on PKCS8 command and -iter option
fixed thanks commit f20bb4eb18b01979cb23b2ae4a60675c83c4ba91 Author: Jeffrey Walton noloa...@gmail.com Date: Wed May 13 15:27:57 2015 -0400 RT3472: Doc pkcs8 -iter flag is in OpenSSL 1.1 Reviewed-by: Matt Caswell m...@openssl.org -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev