[openssl-commits] Fixed: FdaSilvaYY/openssl#2089 (fix-ca-buf-usage - 920152e)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2089
Status: Fixed

Duration: 51 minutes and 1 second
Commit: 920152e (fix-ca-buf-usage)
Author: FdaSilvaYY
Message: Introduce PATH_MAX and NAME_MAX

 to define the certificate filename storage buffer.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/99846cd6ea77...920152effb8c

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163834911

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#2087 (prn_nit - b02d066)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2087
Status: Fixed

Duration: 1 hour, 9 minutes, and 27 seconds
Commit: b02d066 (prn_nit)
Author: FdaSilvaYY
Message: Add error checking, small nit on ouput

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/41172709f812...b02d066de8d2

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163834573

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#2086 (reduce_array - f64b19a)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2086
Status: Fixed

Duration: 1 hour, 14 minutes, and 11 seconds
Commit: f64b19a (reduce_array)
Author: FdaSilvaYY
Message: Discard last useless array item

only  _ns_ia5_list[0...6 ] are used

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/4bb8bd6e01f2...f64b19a80100

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163834295

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#2085 (x509_crl_method-fix - 60d1a67)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2085
Status: Fixed

Duration: 24 minutes and 19 seconds
Commit: 60d1a67 (x509_crl_method-fix)
Author: FdaSilvaYY
Message: Allow null in  X509_CRL_METHOD_free

and fix documentation.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/280cd179c1e3...60d1a67f0b02

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163834076

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  a00d75e1b21bc5c49817610b172bae440f526622 (commit)
   via  b36017fe5f2ee0a2cbc1028d842a183e0ac22da7 (commit)
  from  cc59ad1073c49cbb173708d7377df06ad3786f4c (commit)


- Log -
commit a00d75e1b21bc5c49817610b172bae440f526622
Author: Matt Caswell 
Date:   Thu Sep 29 18:00:37 2016 +0100

Convert NewSessionTicket construction to WPACKET

Reviewed-by: Rich Salz 

commit b36017fe5f2ee0a2cbc1028d842a183e0ac22da7
Author: Matt Caswell 
Date:   Thu Sep 29 18:00:01 2016 +0100

Fix an error in packet_locl.h

A convenience macro was using the wrong underlying function.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/packet_locl.h|   2 +-
 ssl/statem/statem_srvr.c | 109 ++-
 2 files changed, 52 insertions(+), 59 deletions(-)

diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 517c12d..55e41bb 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -758,7 +758,7 @@ int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, 
size_t bytes);
 #define WPACKET_put_bytes_u24(pkt, val) \
 WPACKET_put_bytes__((pkt), (val), 3)
 #define WPACKET_put_bytes_u32(pkt, val) \
-WPACKET_sub_allocate_bytes__((pkt), (val), 4)
+WPACKET_put_bytes__((pkt), (val), 4)
 
 /* Set a maximum size that we will not allow the WPACKET to grow beyond */
 int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 3fbc4ad..c7d77ae 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2956,15 +2956,17 @@ int tls_construct_new_session_ticket(SSL *s)
 unsigned char *senc = NULL;
 EVP_CIPHER_CTX *ctx = NULL;
 HMAC_CTX *hctx = NULL;
-unsigned char *p, *macstart;
+unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
 const unsigned char *const_p;
-int len, slen_full, slen;
+int len, slen_full, slen, lenfinal;
 SSL_SESSION *sess;
 unsigned int hlen;
 SSL_CTX *tctx = s->initial_ctx;
 unsigned char iv[EVP_MAX_IV_LENGTH];
 unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
 int iv_len;
+size_t macoffset, macendoffset;
+WPACKET pkt;
 
 /* get session encoding length */
 slen_full = i2d_SSL_SESSION(s->session, NULL);
@@ -2982,6 +2984,12 @@ int tls_construct_new_session_ticket(SSL *s)
 return 0;
 }
 
+if (!WPACKET_init(, s->init_buf)
+|| !ssl_set_handshake_header2(s, , SSL3_MT_NEWSESSION_TICKET)) 
{
+SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+goto err;
+}
+
 ctx = EVP_CIPHER_CTX_new();
 hctx = HMAC_CTX_new();
 if (ctx == NULL || hctx == NULL) {
@@ -3014,21 +3022,6 @@ int tls_construct_new_session_ticket(SSL *s)
 }
 SSL_SESSION_free(sess);
 
-/*-
- * Grow buffer if need be: the length calculation is as
- * follows handshake_header_length +
- * 4 (ticket lifetime hint) + 2 (ticket length) +
- * sizeof(keyname) + max_iv_len (iv length) +
- * max_enc_block_size (max encrypted session * length) +
- * max_md_size (HMAC) + session_length.
- */
-if (!BUF_MEM_grow(s->init_buf,
-  SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) +
-  EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-  EVP_MAX_MD_SIZE + slen))
-goto err;
-
-p = ssl_handshake_start(s);
 /*
  * Initialize HMAC and cipher contexts. If callback present it does
  * all the work otherwise use generated values from parent ctx.
@@ -3039,11 +3032,15 @@ int tls_construct_new_session_ticket(SSL *s)
  hctx, 1);
 
 if (ret == 0) {
-l2n(0, p);  /* timeout */
-s2n(0, p);  /* length */
-if (!ssl_set_handshake_header
-(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
+
+/* Put timeout and length */
+if (!WPACKET_put_bytes_u32(, 0)
+|| !WPACKET_put_bytes_u16(, 0)
+|| !ssl_close_construct_packet(s, )) {
+SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+   ERR_R_INTERNAL_ERROR);
 goto err;
+}
 OPENSSL_free(senc);
 EVP_CIPHER_CTX_free(ctx);
 HMAC_CTX_free(hctx);
@@ -3074,44 +3071,38 @@ int tls_construct_new_session_ticket(SSL *s)
  * for resumed session (for simplicity), and guess that tickets for
  * new sessions will live as long as their sessions.
  */
-l2n(s->hit ? 0 : s->session->timeout, p);
-
-/* Skip ticket length for now */
-p += 2;
-/* Output key name */
-macstart = p;
-

[openssl-commits] Errored: FdaSilvaYY/openssl#2084 (style_n_nit's - 085f1b2)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2084
Status: Errored

Duration: 1 hour, 9 minutes, and 6 seconds
Commit: 085f1b2 (style_n_nit's)
Author: FdaSilvaYY
Message: Fix some style and indent issue

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/f267cd272eb4...085f1b2c8dfb

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163789191

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#6227 (master - cc59ad1)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6227
Status: Errored

Duration: 1 hour, 8 minutes, and 35 seconds
Commit: cc59ad1 (master)
Author: Matt Caswell
Message: Convert CertStatus message construction to WPACKET

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/b1b4f0a5807d...cc59ad1073c4

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163765312

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#2083 (apps-speed-rework - 6cb9bb6)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #2083
Status: Fixed

Duration: 27 minutes and 13 seconds
Commit: 6cb9bb6 (apps-speed-rework)
Author: FdaSilvaYY
Message: Reduce number of allocations

Simpilify misalignment limits

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/2103c7437c30...6cb9bb6f7bf8

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/163788177

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6226 (master - b1b4f0a)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6226
Status: Fixed

Duration: 16 minutes and 16 seconds
Commit: b1b4f0a (master)
Author: Dr. Stephen Henson
Message: make update

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/83ae4661315d...b1b4f0a5807d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163750924

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: mouse07410/openssl#58 (OpenSSL_1_0_2-stable - 53a71b7)

[Travis CI]

Build Update for mouse07410/openssl
-

Build: #58
Status: Errored

Duration: 8 minutes and 7 seconds
Commit: 53a71b7 (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: apps/apps.c: initialize and de-initialize engine around key loading

Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson 
(cherry picked from commit 49e476a5382602d0bad1139d6f1f66ddbc7959d6)

View the changeset: 
https://github.com/mouse07410/openssl/compare/4badd2b3c29c...53a71b7429a4

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/163758345

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6224 (master - 83ae466)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6224
Status: Fixed

Duration: 53 minutes and 57 seconds
Commit: 83ae466 (master)
Author: Matt Caswell
Message: Fix missing NULL checks in NewSessionTicket construction

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/e4e1aa903e62...83ae4661315d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163749860

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  cc59ad1073c49cbb173708d7377df06ad3786f4c (commit)
   via  f308416e27cc8b6639841497bbc782363c17b11d (commit)
   via  4346a8faa7dd660c053c8e65b9e566b6c934f010 (commit)
  from  b1b4f0a5807d0462067a39daf39eb8bccd3bca2b (commit)


- Log -
commit cc59ad1073c49cbb173708d7377df06ad3786f4c
Author: Matt Caswell 
Date:   Thu Sep 29 16:40:13 2016 +0100

Convert CertStatus message construction to WPACKET

Reviewed-by: Rich Salz 

commit f308416e27cc8b6639841497bbc782363c17b11d
Author: Matt Caswell 
Date:   Thu Sep 29 16:39:32 2016 +0100

Fix mis-named macro in packet_locl.h

A couple of the WPACKET_sub_memcpy* macros were mis-named.

Reviewed-by: Rich Salz 

commit 4346a8faa7dd660c053c8e65b9e566b6c934f010
Author: Matt Caswell 
Date:   Thu Sep 29 15:14:33 2016 +0100

Convert SeverDone construction to WPACKET

Reviewed-by: Rich Salz 

---

Summary of changes:
 include/openssl/ssl.h|  1 +
 ssl/packet_locl.h|  4 ++--
 ssl/ssl_err.c|  1 +
 ssl/statem/statem_srvr.c | 62 ++--
 4 files changed, 32 insertions(+), 36 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d741ece..517716f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2220,6 +2220,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS1_SET_SERVER_SIGALGS335
 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK  354
 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST  372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS  429
 # define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC   427
 # define SSL_F_TLS_CONSTRUCT_CKE_DHE  404
 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE405
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 8d3fd37..517c12d 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -779,9 +779,9 @@ int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, 
size_t len,
 WPACKET_sub_memcpy__((pkt), (src), (len), 1)
 #define WPACKET_sub_memcpy_u16(pkt, src, len) \
 WPACKET_sub_memcpy__((pkt), (src), (len), 2)
-#define WPACKET_sub_memcpy_bytes_u24(pkt, src, len) \
+#define WPACKET_sub_memcpy_u24(pkt, src, len) \
 WPACKET_sub_memcpy__((pkt), (src), (len), 3)
-#define WPACKET_sub_memcpy_bytes_u32(pkt, src, len) \
+#define WPACKET_sub_memcpy_u32(pkt, src, len) \
 WPACKET_sub_memcpy__((pkt), (src), (len), 4)
 
 /*
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index e6c7320..9539e67 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -239,6 +239,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
  "tls_client_key_exchange_post_work"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
  "tls_construct_certificate_request"},
+{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
  "tls_construct_change_cipher_spec"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index eae0e3c..3fbc4ad 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1572,19 +1572,26 @@ int tls_construct_server_hello(SSL *s)
 
 int tls_construct_server_done(SSL *s)
 {
-if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
+WPACKET pkt;
+
+if (!WPACKET_init(, s->init_buf)
+|| !ssl_set_handshake_header2(s, , SSL3_MT_SERVER_DONE)
+|| !ssl_close_construct_packet(s, )) {
 SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
-ossl_statem_set_error(s);
-return 0;
+goto err;
 }
 
 if (!s->s3->tmp.cert_request) {
-if (!ssl3_digest_cached_records(s, 0)) {
-ossl_statem_set_error(s);
-}
+if (!ssl3_digest_cached_records(s, 0))
+goto err;
 }
-
 return 1;
+
+ err:
+WPACKET_cleanup();
+ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ossl_statem_set_error(s);
+return 0;
 }
 
 int tls_construct_server_key_exchange(SSL *s)
@@ -3118,36 +3125,23 @@ int tls_construct_new_session_ticket(SSL *s)
 
 int tls_construct_cert_status(SSL *s)
 {
-unsigned char *p;
-size_t msglen;
-
-/*-
- * Grow buffer if need be: the length calculation is as
- * follows handshake_header_length +
- * 1 (ocsp response type) + 3 (ocsp response length)
- * + (ocsp response)
- */
-msglen = 4 + s->tlsext_ocsp_resplen;
-if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen))
-goto err;
-
-p = ssl_handshake_start(s);
-
-/* status type */
-*(p++) = 

[openssl-commits] Passed: openssl/openssl#6223 (master - e4e1aa9)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6223
Status: Passed

Duration: 31 minutes and 56 seconds
Commit: e4e1aa9 (master)
Author: Matt Caswell
Message: Fix an mis-matched function code so that "make update" doesn't fail

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/0023baffb8f6...e4e1aa903e62

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163741523

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  b1b4f0a5807d0462067a39daf39eb8bccd3bca2b (commit)
   via  73a9f60dd127df9ca05bec7afd835ff7c9bee9ae (commit)
   via  adffae15d3c6713ecd15d55d51b159b4262c20e6 (commit)
   via  2171a071aa16780962071e93c5c24ff148195c98 (commit)
   via  5fb1005987d3d0bc749d935e5af4a69323824b48 (commit)
   via  56501ebd09316941a6deba111e33ccc166641b25 (commit)
  from  83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6 (commit)


- Log -
commit b1b4f0a5807d0462067a39daf39eb8bccd3bca2b
Author: Dr. Stephen Henson 
Date:   Wed Sep 28 16:59:54 2016 +0100

make update

Reviewed-by: Rich Salz 

commit 73a9f60dd127df9ca05bec7afd835ff7c9bee9ae
Author: Dr. Stephen Henson 
Date:   Wed Sep 28 15:18:58 2016 +0100

Print  if a STACK is NULL.

If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).

Reviewed-by: Rich Salz 

commit adffae15d3c6713ecd15d55d51b159b4262c20e6
Author: Dr. Stephen Henson 
Date:   Wed Sep 28 00:24:58 2016 +0100

add item list support to d2i_test

Reviewed-by: Rich Salz 

commit 2171a071aa16780962071e93c5c24ff148195c98
Author: Dr. Stephen Henson 
Date:   Tue Sep 27 22:39:12 2016 +0100

ASN1_ITEM should use type name not structure name.

Reviewed-by: Rich Salz 

commit 5fb1005987d3d0bc749d935e5af4a69323824b48
Author: Dr. Stephen Henson 
Date:   Tue Sep 27 22:25:08 2016 +0100

Add -item option to asn1parse

Reviewed-by: Rich Salz 

commit 56501ebd09316941a6deba111e33ccc166641b25
Author: Dr. Stephen Henson 
Date:   Tue Sep 27 21:15:57 2016 +0100

Add ASN1_ITEM lookup and enumerate functions.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/asn1pars.c |  45 +--
 crypto/asn1/asn1_item_list.c|  40 +
 fuzz/asn1.c => crypto/asn1/asn1_item_list.h | 121 +++-
 crypto/asn1/build.info  |   2 +-
 crypto/asn1/tasn_prn.c  |   3 +-
 doc/apps/asn1parse.pod  |   6 ++
 doc/crypto/ASN1_ITEM_lookup.pod |  39 +
 include/openssl/asn1.h  |   3 +
 include/openssl/asn1t.h |   4 +-
 test/d2i_test.c |  22 ++---
 util/libcrypto.num  |   2 +
 11 files changed, 172 insertions(+), 115 deletions(-)
 create mode 100644 crypto/asn1/asn1_item_list.c
 copy fuzz/asn1.c => crypto/asn1/asn1_item_list.h (71%)
 create mode 100644 doc/crypto/ASN1_ITEM_lookup.pod

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 1ac261c..0bc48e3 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -20,12 +20,14 @@
 #include 
 #include 
 #include 
+#include 
 
 typedef enum OPTION_choice {
 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
 OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
 OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
-OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
+OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
+OPT_ITEM
 } OPTION_CHOICE;
 
 OPTIONS asn1parse_options[] = {
@@ -49,6 +51,7 @@ OPTIONS asn1parse_options[] = {
 {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
 {"strictpem", OPT_STRICTPEM, 0,
  "do not attempt base64 decode outside PEM markers"},
+{"item", OPT_ITEM, 's', "item to parse and print"},
 {NULL}
 };
 
@@ -71,6 +74,7 @@ int asn1parse_main(int argc, char **argv)
 unsigned char *tmpbuf;
 unsigned int length = 0;
 OPTION_CHOICE o;
+const ASN1_ITEM *it = NULL;
 
 prog = opt_init(argc, argv, asn1parse_options);
 
@@ -134,6 +138,22 @@ int asn1parse_main(int argc, char **argv)
 strictpem = 1;
 informat = FORMAT_PEM;
 break;
+case OPT_ITEM:
+it = ASN1_ITEM_lookup(opt_arg());
+if (it == NULL) {
+size_t tmp;
+
+BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
+BIO_puts(bio_err, "Supported types:\n");
+for (tmp = 0;; tmp++) {
+it = ASN1_ITEM_get(tmp);
+if (it == NULL)
+break;
+BIO_printf(bio_err, "%s\n", it->sname);
+}
+goto end;
+}
+break;
 }
 }
 argc = opt_num_rest();
@@ -260,11 +280,24 @@ int asn1parse_main(int argc, char **argv)
 goto end;
 }
 }
-if (!noout &&
-!ASN1_parse_dump(bio_out, 

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  6b02b586c35359e338cfa151341e49aeb01590d0 (commit)
  from  9cb0c3a3cae638143af8bc66dd2b19f7593e3978 (commit)


- Log -
commit 6b02b586c35359e338cfa151341e49aeb01590d0
Author: Matt Caswell 
Date:   Thu Sep 29 15:38:44 2016 +0100

Fix missing NULL checks in NewSessionTicket construction

Reviewed-by: Rich Salz 
(cherry picked from commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6)

---

Summary of changes:
 include/openssl/ssl.h| 1 +
 ssl/ssl_err.c| 2 ++
 ssl/statem/statem_srvr.c | 6 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 440b9a0..86ab912 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY358
 # define SSL_F_TLS_CONSTRUCT_FINISHED 359
 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET   428
 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE   374
 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE  375
 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 85cb489..73e0ae1 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
  "tls_construct_hello_request"},
+{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+ "tls_construct_new_session_ticket"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
  "tls_construct_server_certificate"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index a6b8a87..19ceda5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s)
 int tls_construct_new_session_ticket(SSL *s)
 {
 unsigned char *senc = NULL;
-EVP_CIPHER_CTX *ctx;
+EVP_CIPHER_CTX *ctx = NULL;
 HMAC_CTX *hctx = NULL;
 unsigned char *p, *macstart;
 const unsigned char *const_p;
@@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s)
 
 ctx = EVP_CIPHER_CTX_new();
 hctx = HMAC_CTX_new();
+if (ctx == NULL || hctx == NULL) {
+SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+goto err;
+}
 
 p = senc;
 if (!i2d_SSL_SESSION(s->session, ))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6 (commit)
  from  e4e1aa903e624044d3319622fc50222f1b2c7328 (commit)


- Log -
commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6
Author: Matt Caswell 
Date:   Thu Sep 29 15:38:44 2016 +0100

Fix missing NULL checks in NewSessionTicket construction

Reviewed-by: Rich Salz 

---

Summary of changes:
 include/openssl/ssl.h| 1 +
 ssl/ssl_err.c| 2 ++
 ssl/statem/statem_srvr.c | 6 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d127c76..d741ece 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2233,6 +2233,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY358
 # define SSL_F_TLS_CONSTRUCT_FINISHED 359
 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET   428
 # define SSL_F_TLS_CONSTRUCT_NEXT_PROTO   426
 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE   374
 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE  375
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ec550be..e6c7320 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -259,6 +259,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
  "tls_construct_hello_request"},
+{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+ "tls_construct_new_session_ticket"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
  "tls_construct_server_certificate"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b9eb634..eae0e3c 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2947,7 +2947,7 @@ int tls_construct_server_certificate(SSL *s)
 int tls_construct_new_session_ticket(SSL *s)
 {
 unsigned char *senc = NULL;
-EVP_CIPHER_CTX *ctx;
+EVP_CIPHER_CTX *ctx = NULL;
 HMAC_CTX *hctx = NULL;
 unsigned char *p, *macstart;
 const unsigned char *const_p;
@@ -2977,6 +2977,10 @@ int tls_construct_new_session_ticket(SSL *s)
 
 ctx = EVP_CIPHER_CTX_new();
 hctx = HMAC_CTX_new();
+if (ctx == NULL || hctx == NULL) {
+SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+goto err;
+}
 
 p = senc;
 if (!i2d_SSL_SESSION(s->session, ))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#6222 (master - 0023baf)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6222
Status: Broken

Duration: 49 minutes and 23 seconds
Commit: 0023baf (master)
Author: Matt Caswell
Message: Add an example of usage to the WPACKET_reserve_bytes() documentation

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/ac8cc3efb26f...0023baffb8f6

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163728274

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  e4e1aa903e624044d3319622fc50222f1b2c7328 (commit)
  from  0023baffb8f648c22d397bfa5e1cc8749749bd29 (commit)


- Log -
commit e4e1aa903e624044d3319622fc50222f1b2c7328
Author: Matt Caswell 
Date:   Thu Sep 29 15:32:35 2016 +0100

Fix an mis-matched function code so that "make update" doesn't fail

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/statem/statem_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 3c3544c..b9eb634 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1610,7 +1610,7 @@ int tls_construct_server_key_exchange(SSL *s)
 || !ssl_set_handshake_header2(s, ,
   SSL3_MT_SERVER_KEY_EXCHANGE)
 || !WPACKET_get_total_written(, )) {
-SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 goto f_err;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#6221 (master - ac8cc3e)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6221
Status: Errored

Duration: 38 minutes and 42 seconds
Commit: ac8cc3e (master)
Author: Matt Caswell
Message: Remove tls12_copy_sigalgs_old()

This was a temporary function needed during the conversion to WPACKET. All
callers have now been converted to the new way of doing this so this
function is no longer required.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/25849a8f8bb6...ac8cc3efb26f

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163724235

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  0023baffb8f648c22d397bfa5e1cc8749749bd29 (commit)
   via  ff8194774ca2d8e30223c6f8e2583112514e9fb7 (commit)
   via  4a424545c4f3148bfbf54270422e05177b4c392f (commit)
   via  c13d2a5be720a8ab8f0cb67fc2750ed27eee3d9e (commit)
   via  1ff8434040b35f35c27f77ef064481622490bba9 (commit)
  from  ac8cc3efb26fa91c4f29463044cfe9e7070ebc14 (commit)


- Log -
commit 0023baffb8f648c22d397bfa5e1cc8749749bd29
Author: Matt Caswell 
Date:   Thu Sep 29 14:45:49 2016 +0100

Add an example of usage to the WPACKET_reserve_bytes() documentation

Reviewed-by: Rich Salz 

commit ff8194774ca2d8e30223c6f8e2583112514e9fb7
Author: Matt Caswell 
Date:   Thu Sep 29 14:39:47 2016 +0100

Address style feedback comments

Reviewed-by: Rich Salz 

commit 4a424545c4f3148bfbf54270422e05177b4c392f
Author: Matt Caswell 
Date:   Thu Sep 29 12:04:08 2016 +0100

Fix a bug in CKE construction for PSK

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz 

commit c13d2a5be720a8ab8f0cb67fc2750ed27eee3d9e
Author: Matt Caswell 
Date:   Thu Sep 29 11:46:08 2016 +0100

Convert ServerKeyExchange construction to WPACKET

Reviewed-by: Rich Salz 

commit 1ff8434040b35f35c27f77ef064481622490bba9
Author: Matt Caswell 
Date:   Thu Sep 29 11:43:37 2016 +0100

Add the WPACKET_reserve_bytes() function

WPACKET_allocate_bytes() requires you to know the size of the data you
are allocating for, before you create it. Sometimes this isn't the case,
for example we know the maximum size that a signature will be before we
create it, but not the actual size. WPACKET_reserve_bytes() enables us to
reserve bytes in the WPACKET, but not count them as written yet. We then
subsequently need to acall WPACKET_allocate_bytes to actually count them as
written.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/packet.c |  33 +--
 ssl/packet_locl.h|  40 -
 ssl/statem/statem_clnt.c |   2 +-
 ssl/statem/statem_srvr.c | 218 +--
 4 files changed, 164 insertions(+), 129 deletions(-)

diff --git a/ssl/packet.c b/ssl/packet.c
index 4077de5..2a8fe25 100644
--- a/ssl/packet.c
+++ b/ssl/packet.c
@@ -14,6 +14,27 @@
 
 int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char 
**allocbytes)
 {
+if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
+return 0;
+
+pkt->written += len;
+pkt->curr += len;
+return 1;
+}
+
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+ unsigned char **allocbytes, size_t lenbytes)
+{
+if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+|| !WPACKET_allocate_bytes(pkt, len, allocbytes)
+|| !WPACKET_close(pkt))
+return 0;
+
+return 1;
+}
+
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
 /* Internal API, so should not fail */
 assert(pkt->subs != NULL && len != 0);
 if (pkt->subs == NULL || len == 0)
@@ -39,20 +60,18 @@ int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, 
unsigned char **allocbytes)
 return 0;
 }
 *allocbytes = (unsigned char *)pkt->buf->data + pkt->curr;
-pkt->written += len;
-pkt->curr += len;
 
 return 1;
 }
 
-int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
- unsigned char **allocbytes, size_t lenbytes)
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+unsigned char **allocbytes, size_t lenbytes)
 {
-if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
-|| !WPACKET_allocate_bytes(pkt, len, allocbytes)
-|| !WPACKET_close(pkt))
+if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
 return 0;
 
+*allocbytes += lenbytes;
+
 return 1;
 }
 
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 44a8f82..8d3fd37 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -675,7 +675,7 @@ int WPACKET_start_sub_packet(WPACKET *pkt);
  * WPACKET_* calls. If not then the underlying buffer may be realloc'd and
  * change its location.
  */
-int WPACKET_allocate_bytes(WPACKET *pkt, size_t bytes,
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len,
unsigned char **allocbytes);
 
 /*
@@ -701,6 +701,44 @@ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
 WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4)
 
 /*
+ * The 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  ac8cc3efb26fa91c4f29463044cfe9e7070ebc14 (commit)
   via  28ff8ef3f71e23660db5d42002af1b44d99f3e4a (commit)
  from  25849a8f8bb64956f35a8a2a160ae0de1d2990c6 (commit)


- Log -
commit ac8cc3efb26fa91c4f29463044cfe9e7070ebc14
Author: Matt Caswell 
Date:   Thu Sep 29 14:26:36 2016 +0100

Remove tls12_copy_sigalgs_old()

This was a temporary function needed during the conversion to WPACKET. All
callers have now been converted to the new way of doing this so this
function is no longer required.

Reviewed-by: Rich Salz 

commit 28ff8ef3f71e23660db5d42002af1b44d99f3e4a
Author: Matt Caswell 
Date:   Thu Sep 29 14:25:52 2016 +0100

Convert CertificateRequest construction to WPACKET

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/s3_lib.c | 42 --
 ssl/ssl_locl.h   |  4 +--
 ssl/statem/statem_srvr.c | 76 ++--
 ssl/t1_lib.c | 20 -
 4 files changed, 61 insertions(+), 81 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2115a7e..ea607a5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3708,15 +3708,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, 
STACK_OF(SSL_CIPHER) *clnt,
 return (ret);
 }
 
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
 {
-int ret = 0;
 uint32_t alg_k, alg_a = 0;
 
 /* If we have custom certificate types set, use them */
 if (s->cert->ctypes) {
-memcpy(p, s->cert->ctypes, s->cert->ctype_num);
-return (int)s->cert->ctype_num;
+return WPACKET_memcpy(pkt, s->cert->ctypes, s->cert->ctype_num);
 }
 /* Get mask of algorithms disabled by signature list */
 ssl_set_sig_mask(_a, s, SSL_SECOP_SIGALG_MASK);
@@ -3724,45 +3722,43 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
 #ifndef OPENSSL_NO_GOST
-if (s->version >= TLS1_VERSION) {
-if (alg_k & SSL_kGOST) {
-p[ret++] = TLS_CT_GOST01_SIGN;
-p[ret++] = TLS_CT_GOST12_SIGN;
-p[ret++] = TLS_CT_GOST12_512_SIGN;
-return (ret);
-}
-}
+if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
+return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+&& WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
+&& WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
 #endif
 
 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
 #ifndef OPENSSL_NO_DH
 # ifndef OPENSSL_NO_RSA
-p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
+if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
+return 0;
 # endif
 # ifndef OPENSSL_NO_DSA
-p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
+if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+return 0;
 # endif
 #endif  /* !OPENSSL_NO_DH */
 }
 #ifndef OPENSSL_NO_RSA
-if (!(alg_a & SSL_aRSA))
-p[ret++] = SSL3_CT_RSA_SIGN;
+if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
+return 0;
 #endif
 #ifndef OPENSSL_NO_DSA
-if (!(alg_a & SSL_aDSS))
-p[ret++] = SSL3_CT_DSS_SIGN;
+if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
+return 0;
 #endif
 #ifndef OPENSSL_NO_EC
 /*
  * ECDSA certs can be used with RSA cipher suites too so we don't
  * need to check for SSL_kECDH or SSL_kECDHE
  */
-if (s->version >= TLS1_VERSION) {
-if (!(alg_a & SSL_aECDSA))
-p[ret++] = TLS_CT_ECDSA_SIGN;
-}
+if (s->version >= TLS1_VERSION
+&& !(alg_a & SSL_aECDSA)
+&& !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
+return 0;
 #endif
-return (ret);
+return 1;
 }
 
 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7dbff76..a1b3e3d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1873,7 +1873,7 @@ __owur int ssl3_do_write(SSL *s, int type);
 int ssl3_send_alert(SSL *s, int level, int desc);
 __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
-__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
+__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
 __owur int ssl3_num_ciphers(void);
 __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl);
@@ -2068,8 +2068,6 @@ __owur int ssl_add_serverhello_renegotiate_ext(SSL *s, 
WPACKET *pkt);
 __owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET 

[openssl-commits] Fixed: openssl/openssl#6219 (OpenSSL_1_1_0-stable - 9cb0c3a)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6219
Status: Fixed

Duration: 39 minutes and 21 seconds
Commit: 9cb0c3a (OpenSSL_1_1_0-stable)
Author: David Woodhouse
Message: Restore '-keyform engine' support for s_client

This used to work in 1.0.2 but disappeared when the argument parsing was
revamped.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1639)

(cherry picked from commit a6972f346248fbc37e42056bb943fae0896a2967)

View the changeset: 
https://github.com/openssl/openssl/compare/61b1eb2c6754...9cb0c3a3cae6

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163676699

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6216 (OpenSSL_1_1_0-stable - 61b1eb2)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6216
Status: Fixed

Duration: 19 minutes and 10 seconds
Commit: 61b1eb2 (OpenSSL_1_1_0-stable)
Author: Matt Caswell
Message: Fix an Uninit read in DTLS

If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz 
(cherry picked from commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083)

View the changeset: 
https://github.com/openssl/openssl/compare/dd63da7032c6...61b1eb2c6754

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163652623

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6215 (master - 2f2d6e3)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6215
Status: Fixed

Duration: 42 minutes and 13 seconds
Commit: 2f2d6e3 (master)
Author: Matt Caswell
Message: Fix an Uninit read in DTLS

If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/55386bef807c...2f2d6e3e3ccd

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163652572

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#6214 (OpenSSL_1_1_0-stable - dd63da7)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6214
Status: Still Failing

Duration: 47 minutes and 33 seconds
Commit: dd63da7 (OpenSSL_1_1_0-stable)
Author: Matt Caswell
Message: Fix no-dtls

The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte 
(cherry picked from commit 55386bef807c7edd0f1db036c0ed464b28a61d68)

View the changeset: 
https://github.com/openssl/openssl/compare/a1b791225f29...dd63da7032c6

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/163651103

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_1_0-stable.5550

[AppVeyor]

Build openssl OpenSSL_1_1_0-stable.5550 completed



Commit dd63da7032 by Matt Caswell on 9/29/2016 8:54 AM:

Fix no-dtls


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  25849a8f8bb64956f35a8a2a160ae0de1d2990c6 (commit)
   via  7facdbd66f19f4a87cf2a5a335568c879772d92f (commit)
   via  7507e73d409b8f3046d6efcc3f4c0b6208b59b64 (commit)
   via  150e298551a6788baac56c0c89dc8b8342ac0079 (commit)
   via  8157d44b624da08142f3f9f6edc37fb5542c2573 (commit)
  from  2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit)


- Log -
commit 25849a8f8bb64956f35a8a2a160ae0de1d2990c6
Author: Matt Caswell 
Date:   Thu Sep 29 10:06:11 2016 +0100

Address style feedback comments

Merge declarations of same type together.

Reviewed-by: Rich Salz 

commit 7facdbd66f19f4a87cf2a5a335568c879772d92f
Author: Matt Caswell 
Date:   Wed Sep 28 13:33:41 2016 +0100

Fix a bug in the construction of the ClienHello SRTP extension

Reviewed-by: Rich Salz 

commit 7507e73d409b8f3046d6efcc3f4c0b6208b59b64
Author: Matt Caswell 
Date:   Wed Sep 28 12:03:30 2016 +0100

Fix heartbeat compilation error

Reviewed-by: Rich Salz 

commit 150e298551a6788baac56c0c89dc8b8342ac0079
Author: Matt Caswell 
Date:   Wed Sep 28 11:15:36 2016 +0100

Delete some unneeded code

Some functions were being called from both code that used WPACKETs and code
that did not. Now that more code has been converted to use WPACKETs some of
that duplication can be removed.

Reviewed-by: Rich Salz 

commit 8157d44b624da08142f3f9f6edc37fb5542c2573
Author: Matt Caswell 
Date:   Wed Sep 28 11:13:48 2016 +0100

Convert ServerHello construction to WPACKET

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/d1_srtp.c|  24 --
 ssl/s3_lib.c |  20 -
 ssl/ssl_locl.h   |  11 +--
 ssl/statem/statem_srvr.c |  82 +++
 ssl/t1_ext.c |  65 ---
 ssl/t1_lib.c | 209 +--
 ssl/t1_reneg.c   |  36 +++-
 7 files changed, 138 insertions(+), 309 deletions(-)

diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index b5e5ef3..bcefb9e 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -203,30 +203,6 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET 
*pkt, int *al)
 return 0;
 }
 
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
-{
-if (p) {
-if (maxlen < 5) {
-SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
-   SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
-return 1;
-}
-
-if (s->srtp_profile == 0) {
-SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
-   SSL_R_USE_SRTP_NOT_NEGOTIATED);
-return 1;
-}
-s2n(2, p);
-s2n(s->srtp_profile->id, p);
-*p++ = 0;
-}
-*len = 5;
-
-return 0;
-}
-
 int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
 {
 unsigned int id, ct, mki;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2a4dc6d..2115a7e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3571,26 +3571,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned 
char *p)
 return cp;
 }
 
-/*
- * Old version of the ssl3_put_cipher_by_char function used by code that has 
not
- * yet been converted to WPACKET yet. It will be deleted once WPACKET 
conversion
- * is complete.
- * TODO - DELETE ME
- */
-int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p)
-{
-long l;
-
-if (p != NULL) {
-l = c->id;
-if ((l & 0xff00) != 0x0300)
-return (0);
-p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
-p[1] = ((unsigned char)(l)) & 0xFF;
-}
-return (2);
-}
-
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
 {
 if ((c->id & 0xff00) != 0x0300) {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 630fea8..7dbff76 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1863,7 +1863,6 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY 
*pubkey);
 __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
 
 __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-__owur int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p);
 __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
 int ssl3_init_finished_mac(SSL *s);
@@ -2017,8 +2016,7 @@ __owur int tls1_shared_list(SSL *s,
 const unsigned char *l1, size_t l1len,
 const unsigned char *l2, size_t l2len, int nmatch);
 __owur int 

[openssl-commits] Build failed: openssl master.5549

[AppVeyor]

Build openssl master.5549 failed


Commit 1478110112 by Cory Benfield on 9/29/2016 8:51 AM:

Remove for loop declarations.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  61b1eb2c67542c85311843300f49d019f80afc6c (commit)
  from  dd63da7032c655afcc80b82c38f2805b8f9476cf (commit)


- Log -
commit 61b1eb2c67542c85311843300f49d019f80afc6c
Author: Matt Caswell 
Date:   Wed Sep 28 14:12:26 2016 +0100

Fix an Uninit read in DTLS

If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz 
(cherry picked from commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083)

---

Summary of changes:
 ssl/record/rec_layer_d1.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 2455c2b..1d16319 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 /*
  * check whether there's a handshake message (client hello?) waiting
  */
-if ((ret = have_handshake_fragment(s, type, buf, len)))
+if ((ret = have_handshake_fragment(s, type, buf, len))) {
+*recvd_type = SSL3_RT_HANDSHAKE;
 return ret;
+}
 
 /*
  * Now s->rlayer.d->handshake_fragment_len == 0 if
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit)
  from  55386bef807c7edd0f1db036c0ed464b28a61d68 (commit)


- Log -
commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083
Author: Matt Caswell 
Date:   Wed Sep 28 14:12:26 2016 +0100

Fix an Uninit read in DTLS

If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/record/rec_layer_d1.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 2455c2b..1d16319 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 /*
  * check whether there's a handshake message (client hello?) waiting
  */
-if ((ret = have_handshake_fragment(s, type, buf, len)))
+if ((ret = have_handshake_fragment(s, type, buf, len))) {
+*recvd_type = SSL3_RT_HANDSHAKE;
 return ret;
+}
 
 /*
  * Now s->rlayer.d->handshake_fragment_len == 0 if
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  dd63da7032c655afcc80b82c38f2805b8f9476cf (commit)
  from  a1b791225f2913ace014071bfb9099790ef468e5 (commit)


- Log -
commit dd63da7032c655afcc80b82c38f2805b8f9476cf
Author: Matt Caswell 
Date:   Wed Sep 28 09:35:05 2016 +0100

Fix no-dtls

The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte 
(cherry picked from commit 55386bef807c7edd0f1db036c0ed464b28a61d68)

---

Summary of changes:
 test/sslapitest.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index b08eb8c..4d22d8e 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -108,11 +108,13 @@ static int test_large_message_tls(void)
 return execute_test_large_message(TLS_server_method(), 
TLS_client_method());
 }
 
+#ifndef OPENSSL_NO_DTLS
 static int test_large_message_dtls(void)
 {
 return execute_test_large_message(DTLS_server_method(),
   DTLS_client_method());
 }
+#endif
 
 static int ocsp_server_cb(SSL *s, void *arg)
 {
@@ -861,7 +863,9 @@ int main(int argc, char *argv[])
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 ADD_TEST(test_large_message_tls);
+#ifndef OPENSSL_NO_DTLS
 ADD_TEST(test_large_message_dtls);
+#endif
 ADD_TEST(test_tlsext_status_type);
 ADD_TEST(test_session_with_only_int_cache);
 ADD_TEST(test_session_with_only_ext_cache);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  55386bef807c7edd0f1db036c0ed464b28a61d68 (commit)
  from  49e476a5382602d0bad1139d6f1f66ddbc7959d6 (commit)


- Log -
commit 55386bef807c7edd0f1db036c0ed464b28a61d68
Author: Matt Caswell 
Date:   Wed Sep 28 09:35:05 2016 +0100

Fix no-dtls

The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte 

---

Summary of changes:
 test/sslapitest.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index b08eb8c..4d22d8e 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -108,11 +108,13 @@ static int test_large_message_tls(void)
 return execute_test_large_message(TLS_server_method(), 
TLS_client_method());
 }
 
+#ifndef OPENSSL_NO_DTLS
 static int test_large_message_dtls(void)
 {
 return execute_test_large_message(DTLS_server_method(),
   DTLS_client_method());
 }
+#endif
 
 static int ocsp_server_cb(SSL *s, void *arg)
 {
@@ -861,7 +863,9 @@ int main(int argc, char *argv[])
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 ADD_TEST(test_large_message_tls);
+#ifndef OPENSSL_NO_DTLS
 ADD_TEST(test_large_message_dtls);
+#endif
 ADD_TEST(test_tlsext_status_type);
 ADD_TEST(test_session_with_only_int_cache);
 ADD_TEST(test_session_with_only_ext_cache);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5548

[AppVeyor]

Build openssl master.5548 failed


Commit 0f09d599a1 by Cory Benfield on 9/28/2016 1:11 PM:

Add support for key logging callbacks.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits