[openssl-commits] Fixed: openssl/openssl#8556 (OpenSSL_1_1_0-stable - 07bc93f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8556
Status: Fixed

Duration: 2 hours, 30 minutes, and 34 seconds
Commit: 07bc93f (OpenSSL_1_1_0-stable)
Author: Guido Vranken
Message: Remove obsolete comment

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1613)
(cherry picked from commit 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e)

View the changeset: 
https://github.com/openssl/openssl/compare/177b4225baac...07bc93f479bb

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201637998

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.7927

[AppVeyor]

Build openssl master.7927 failed


Commit e4f5100316 by Todd Short on 2/14/2017 9:45 PM:

WIP: Add missing ASN1_TIME functions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#8544 (master - 52f4840)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8544
Status: Errored

Duration: 48 minutes and 50 seconds
Commit: 52f4840 (master)
Author: Dr. Stephen Henson
Message: Make -xcert work again.

When a certificate is prepended update the list pointer.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2628)

View the changeset: 
https://github.com/openssl/openssl/compare/deb2d5e7e3d5...52f4840cb237

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201594711

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#8545 (OpenSSL_1_1_0-stable - dff827d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8545
Status: Errored

Duration: 1 hour, 1 minute, and 44 seconds
Commit: dff827d (OpenSSL_1_1_0-stable)
Author: Dr. Stephen Henson
Message: Make -xcert work again.

When a certificate is prepended update the list pointer.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2628)
(cherry picked from commit 52f4840cb237cc37cad5eac8328828cf3d3e1049)

View the changeset: 
https://github.com/openssl/openssl/compare/55f0883dadcf...dff827da7515

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201594885

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  bb90d02a71c60bc16389fba4ff06965714b1826f (commit)
  from  a34a9df0712ac27256ec48e6f88c61064613ac08 (commit)


- Log -
commit bb90d02a71c60bc16389fba4ff06965714b1826f
Author: Matt Caswell 
Date:   Wed Feb 15 09:44:46 2017 +

Fix merge issue

Causes make update to fail.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2634)

---

Summary of changes:
 include/openssl/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f2b6198..89b4514 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2259,7 +2259,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS1_PRF   284
 # define SSL_F_TLS1_SETUP_KEY_BLOCK   211
 # define SSL_F_TLS1_SET_SERVER_SIGALGS335
-# define SSL_F_TLS_CHOOSE_SIGALG  510
+# define SSL_F_TLS_CHOOSE_SIGALG  513
 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK  354
 # define SSL_F_TLS_COLLECT_EXTENSIONS 435
 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST  372
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : master_make_errors #2147

[openssl . sanity]

See 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.7893

[AppVeyor]

Build openssl master.7893 failed


Commit da54ccc11c by Yuchi on 2/11/2017 8:44 AM:

fix mem leak on error path and improve error handling


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_make_errors #2146

[openssl . sanity]

See 

Changes:

[Matt Caswell] Fix no-ec compilation

[steve] Make -xcert work again.

[rsalz] Add no-ec build

[rsalz] Add Sieve support (RFC 5804) to s_client ("-starttls sieve")

[rsalz] Prevent allocations of size 0 in sh_init, which are not possible with

[rsalz] Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket.

[rsalz] Prevents that OPENSSL_gmtime incorrectly signals success if gmtime_r

[rsalz] Remove obsolete comment

[rsalz] Fix a few typos [skip ci]

[steve] add ssl_has_cert

[steve] Change tls_choose_sigalg so it can set errors and alerts.

[steve] Add sigalg for earlier TLS versions

[steve] Use cert_index and sigalg

[steve] Simplify tls_construct_server_key_exchange

[steve] Use CERT_PKEY pointer instead of index

[steve] Skip curve check if sigalg doesn't specify a curve.

--
Started by upstream project "master_basic" build number 2263
originally caused by:
 Started by an SCM change
Building on master in workspace 

[WS-CLEANUP] Deleting project workspace...
[WS-CLEANUP] Done
Cloning the remote Git repository
Cloning repository https://github.com/openssl/openssl.git
 > git init  
 > # timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # 
 > timeout=10
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision a34a9df0712ac27256ec48e6f88c61064613ac08 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f a34a9df0712ac27256ec48e6f88c61064613ac08
 > git rev-list 429ff318d613047cf94accdc17e8d7c0dc144657 # timeout=10
[master_make_errors] $ /bin/sh -xe /tmp/hudson4077606621018090046.sh
+ ./config
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1-dev (0x10101000L)
no-asan [default]  OPENSSL_NO_ASAN
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG
no-crypto-mdebug-backtrace [default]  OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128
no-egd  [default]  OPENSSL_NO_EGD
no-external-tests [default]  OPENSSL_NO_EXTERNAL_TESTS
no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL
no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-msan [default]  OPENSSL_NO_MSAN
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE
no-ssl3 [default]  OPENSSL_NO_SSL3
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD
no-tls1_3   [default]  OPENSSL_NO_TLS1_3
no-ubsan[default]  OPENSSL_NO_UBSAN
no-unit-test[default]  OPENSSL_NO_UNIT_TEST
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for linux-x86_64

PERL  =/usr/bin/perl
PERLVERSION   =5.16.3 for x86_64-linux-thread-multi
HASHBANGPERL  =/usr/bin/env perl
CC=gcc
CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
CXX   =g++
CXXFLAG   =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT 
OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM RC4_ASM 
MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM PADLOCK_ASM 
POLY1305_ASM
EX_LIBS   =-ldl 
+ make depend
+ make errors
( cd .; /usr/bin/perl util/ck_errf.pl -strict */*.c */*/*.c )
( cd .; /usr/bin/perl util/mkerr.pl -recurse -write )
!! ERROR: SSL function code 510 assigned twice (collision at 
SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST)
There were errors, failing...

make: *** [errors] Error 1
Build step 'Execute shell' marked build as failure
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : master_noec #1146

[openssl . sanity]

See 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#8542 (OpenSSL_1_1_0-stable - 55f0883)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8542
Status: Fixed

Duration: 54 minutes and 48 seconds
Commit: 55f0883 (OpenSSL_1_1_0-stable)
Author: Rich Salz
Message: Add no-ec build

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2626)
(cherry picked from commit b4568b04c7cd425103ac8f1603682e8da2044238)

View the changeset: 
https://github.com/openssl/openssl/compare/b37fce59cb7c...55f0883dadcf

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201582352

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  c9c1a63d58c7950484347d153a2150b4587e7a53 (commit)
  from  19d5e48d6d56f59672c08c8aa162a2a3ff3819ba (commit)


- Log -
commit c9c1a63d58c7950484347d153a2150b4587e7a53
Author: Bernd Edlinger 
Date:   Wed Feb 15 11:36:17 2017 +0100

Rework error handling of custom_ext_meth_add towards strong exception 
safety.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2636)
(cherry picked from commit ed874fac6399d5064d6eb8fe2022b918aeaf75af)

---

Summary of changes:
 ssl/t1_ext.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index a8e9f9a..adcd0f9 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -181,12 +181,8 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
 tmp = OPENSSL_realloc(exts->meths,
   (exts->meths_count + 1) * sizeof(custom_ext_method));
 
-if (tmp == NULL) {
-OPENSSL_free(exts->meths);
-exts->meths = NULL;
-exts->meths_count = 0;
+if (tmp == NULL)
 return 0;
-}
 
 exts->meths = tmp;
 meth = exts->meths + exts->meths_count;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  b75dbf3c118aeee4b1a71f882eb30ba7cefba486 (commit)
  from  9b9f8315dc3b205e19f04565efe54fbac62f9a30 (commit)


- Log -
commit b75dbf3c118aeee4b1a71f882eb30ba7cefba486
Author: Bernd Edlinger 
Date:   Tue Feb 14 16:38:02 2017 +0100

Fix some realloc error handling issues.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2625)

---

Summary of changes:
 apps/engine.c |  9 ++---
 ssl/ssl_rsa.c |  6 --
 ssl/t1_ext.c  | 14 ++
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/apps/engine.c b/apps/engine.c
index f54631b..a8eed9a 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int 
*size, int step)
 }
 
 if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+char *p = *buf;
+
 *size += step;
 *buf = OPENSSL_realloc(*buf, *size);
+if (*buf == NULL) {
+OPENSSL_free(p);
+return 0;
+}
 }
 
-if (*buf == NULL)
-return 0;
-
 if (**buf != '\0')
 BUF_strlcat(*buf, ", ", *size);
 BUF_strlcat(*buf, s, *size);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index f679801..af03d45 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -964,6 +964,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char 
*file)
 int ret = 0;
 BIO *bin = NULL;
 size_t num_extensions = 0;
+unsigned char *new_serverinfo;
 
 if (ctx == NULL || file == NULL) {
 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
@@ -1014,12 +1015,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const 
char *file)
 goto end;
 }
 /* Append the decoded extension to the serverinfo buffer */
-serverinfo =
+new_serverinfo =
 OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
-if (serverinfo == NULL) {
+if (new_serverinfo == NULL) {
 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
 goto end;
 }
+serverinfo = new_serverinfo;
 memcpy(serverinfo + serverinfo_length, extension, extension_length);
 serverinfo_length += extension_length;
 
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 79ed946..8909914 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -223,16 +223,14 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
 /* Search for duplicate */
 if (custom_ext_find(exts, ext_type))
 return 0;
-exts->meths = OPENSSL_realloc(exts->meths,
-  (exts->meths_count +
-   1) * sizeof(custom_ext_method));
-
-if (!exts->meths) {
-exts->meths_count = 0;
+meth = OPENSSL_realloc(exts->meths,
+   (exts->meths_count + 1)
+   * sizeof(custom_ext_method));
+if (meth == NULL)
 return 0;
-}
 
-meth = exts->meths + exts->meths_count;
+exts->meths = meth;
+meth += exts->meths_count;
 memset(meth, 0, sizeof(custom_ext_method));
 meth->parse_cb = parse_cb;
 meth->add_cb = add_cb;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.7894

[AppVeyor]

Build openssl master.7894 completed



Commit 416fefbf88 by Bernd Edlinger on 2/15/2017 10:36 AM:

Rework error handling of custom_ext_meth_add towards strong exception safety.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  ed874fac6399d5064d6eb8fe2022b918aeaf75af (commit)
  from  bb90d02a71c60bc16389fba4ff06965714b1826f (commit)


- Log -
commit ed874fac6399d5064d6eb8fe2022b918aeaf75af
Author: Bernd Edlinger 
Date:   Wed Feb 15 11:36:17 2017 +0100

Rework error handling of custom_ext_meth_add towards strong exception 
safety.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2636)

---

Summary of changes:
 ssl/t1_ext.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 1821647..b19e752 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -179,12 +179,8 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
 tmp = OPENSSL_realloc(exts->meths,
   (exts->meths_count + 1) * sizeof(custom_ext_method));
 
-if (tmp == NULL) {
-OPENSSL_free(exts->meths);
-exts->meths = NULL;
-exts->meths_count = 0;
+if (tmp == NULL)
 return 0;
-}
 
 exts->meths = tmp;
 meth = exts->meths + exts->meths_count;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  af7e05c7c60b87723efccc01f6d03ebc07cdd93c (commit)
  from  a8f957686675194d786b41f6e1f7c48bb85723ec (commit)


- Log -
commit af7e05c7c60b87723efccc01f6d03ebc07cdd93c
Author: Robert Scheck 
Date:   Tue Feb 14 21:47:25 2017 +0100

Handle negative reply for NNTP STARTTLS in s_client

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2629)

---

Summary of changes:
 apps/s_client.c | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 6d96012..2db985d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2218,7 +2218,16 @@ int s_client_main(int argc, char **argv)
"Didn't find STARTTLS in server response,"
" trying anyway...\n");
 BIO_printf(sbio, "STARTTLS\r\n");
-BIO_read(sbio, sbuf, BUFSIZZ);
+mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+if (mbuf_len < 0) {
+BIO_printf(bio_err, "BIO_read failed\n");
+goto end;
+}
+mbuf[mbuf_len] = '\0';
+if (strstr(mbuf, "382") == NULL) {
+BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+goto shut;
+}
 }
 break;
 case PROTO_SIEVE:
@@ -2252,15 +2261,16 @@ int s_client_main(int argc, char **argv)
 if (mbuf_len < 0) {
 BIO_printf(bio_err, "BIO_read failed\n");
 goto end;
-} else if (mbuf_len < 2) {
-BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+}
+mbuf[mbuf_len] = '\0';
+if (mbuf_len < 2) {
+BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
 goto shut;
 }
 /*
  * According to RFC 5804 § 2.2, response codes are case-
  * insensitive, make it uppercase but preserve the response.
  */
-mbuf[mbuf_len] = '\0';
 strncpy(sbuf, mbuf, 2);
 make_uppercase(sbuf);
 if (strncmp(sbuf, "OK", 2) != 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  7b3a4d610731929d4fde15411f9be9b883974980 (commit)
  from  af7e05c7c60b87723efccc01f6d03ebc07cdd93c (commit)


- Log -
commit 7b3a4d610731929d4fde15411f9be9b883974980
Author: Dr. Stephen Henson 
Date:   Thu Feb 16 01:29:14 2017 +

Fix warning

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2644)

---

Summary of changes:
 ssl/t1_lib.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6aa4dec..787f487 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2320,7 +2320,7 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, 
X509 *x, int vfy)
  */
 int tls_choose_sigalg(SSL *s, int *al)
 {
-int idx;
+int idx = -1;
 const SIGALG_LOOKUP *lu = NULL;
 
 if (SSL_IS_TLS13(s)) {
@@ -2443,6 +2443,11 @@ int tls_choose_sigalg(SSL *s, int *al)
 }
 }
 }
+if (idx == -1) {
+*al = SSL_AD_INTERNAL_ERROR;
+SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
+return 0;
+}
 s->s3->tmp.cert = >cert->pkeys[idx];
 s->cert->key = s->s3->tmp.cert;
 s->s3->tmp.sigalg = lu;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#8551 (OpenSSL_1_1_0-stable - be31d57)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8551
Status: Errored

Duration: 1 hour, 56 minutes, and 14 seconds
Commit: be31d57 (OpenSSL_1_1_0-stable)
Author: Guido Vranken
Message: Prevent allocations of size 0 in sh_init.

which are not possible with the default OPENSSL_zalloc, but are possible if
the user has installed their own allocator using CRYPTO_set_mem_functions. If
the 0-allocations succeeds, the secure heap code will later access
(at least) the first byte of that space, which is technically an OOB
access. This could lead to problems with some custom allocators that only
return a valid pointer for subsequent free()-ing, and do not expect that
the pointer is actually dereferenced.

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2605)
(cherry picked from commit 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d)

View the changeset: 
https://github.com/openssl/openssl/compare/dff827da7515...be31d57686a5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201630544

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  59088e43b13da40beb09728bc142964e482b5a8f (commit)
  from  399976c7ba8dcc9eba3641e03d0bb41e4d137ed1 (commit)


- Log -
commit 59088e43b13da40beb09728bc142964e482b5a8f
Author: Dr. Stephen Henson 
Date:   Wed Feb 15 15:28:56 2017 +

Set current certificate to selected certificate.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2637)

---

Summary of changes:
 ssl/t1_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3e00cdb..6aa4dec 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2444,6 +2444,7 @@ int tls_choose_sigalg(SSL *s, int *al)
 }
 }
 s->s3->tmp.cert = >cert->pkeys[idx];
+s->cert->key = s->s3->tmp.cert;
 s->s3->tmp.sigalg = lu;
 return 1;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings

Commit log since last time:

59088e4 Set current certificate to selected certificate.
399976c sha/asm/*-x86_64.pl: add CFI annotations.
ed874fa Rework error handling of custom_ext_meth_add towards strong exception 
safety.
bb90d02 Fix merge issue
a34a9df Skip curve check if sigalg doesn't specify a curve.
a497cf2 Use CERT_PKEY pointer instead of index
f695571 Simplify tls_construct_server_key_exchange
f365a3e Use cert_index and sigalg
0972bc5 Add sigalg for earlier TLS versions
4a419f6 Change tls_choose_sigalg so it can set errors and alerts.
4020c0b add ssl_has_cert

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits 
-Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations 
 -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/x509/x_name.d.tmp -MT 
crypto/x509/x_name.o -c -o crypto/x509/x_name.o ../openssl/crypto/x509/x_name.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits 
-Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations 
 -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/x509/x_pubkey.d.tmp -MT 
crypto/x509/x_pubkey.o -c -o crypto/x509/x_pubkey.o 
../openssl/crypto/x509/x_pubkey.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits 
-Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations 
 -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/x509/x_req.d.tmp -MT 
crypto/x509/x_req.o -c -o crypto/x509/x_req.o ../openssl/crypto/x509/x_req.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow 

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  8653e78f4319b23d60239f9557d8c1e1d23be1a5 (commit)
   via  c93f06c12f10c07cea935abd78a07a037e27f155 (commit)
  from  59088e43b13da40beb09728bc142964e482b5a8f (commit)


- Log -
commit 8653e78f4319b23d60239f9557d8c1e1d23be1a5
Author: Andy Polyakov 
Date:   Wed Feb 15 12:01:09 2017 +0100

crypto/armcap.c: short-circuit processor capability probe in iOS builds.

Capability probing by catching SIGILL appears to be problematic
on iOS. But since Apple universe is "monocultural", it's actually
possible to simply set pre-defined processor capability mask.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2617)

commit c93f06c12f10c07cea935abd78a07a037e27f155
Author: Andy Polyakov 
Date:   Mon Feb 13 18:16:16 2017 +0100

ARMv4 assembly pack: harmonize Thumb-ification of iOS build.

Three modules were left behind in a285992763f3961f69a8d86bf7dfff020a08cef9.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2617)

---

Summary of changes:
 crypto/aes/asm/aesv8-armx.pl |  9 ++---
 crypto/armcap.c  | 18 ++
 crypto/armv4cpuid.pl |  1 +
 crypto/modes/asm/ghashv8-armx.pl |  6 +-
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index 954c041..a7947af 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -59,9 +59,12 @@ $code=<<___;
 .text
 ___
 $code.=".arch  armv8-a+crypto\n"   if ($flavour =~ /64/);
-$code.=".arch  armv7-a\n.fpu   neon\n.code 32\n"   if ($flavour !~ /64/);
-   #^^ this is done to simplify adoption by not depending
-   #   on latest binutils.
+$code.=<<___   if ($flavour !~ /64/);
+.arch  armv7-a // don't confuse not-so-latest binutils with argv8 :-)
+.fpu   neon
+.code  32
+#undef __thumb2__
+___
 
 # Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
 # NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 4215766..2953484 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -111,6 +111,24 @@ void OPENSSL_cpuid_setup(void)
 return;
 }
 
+# if defined(__APPLE__) && !defined(__aarch64__)
+/*
+ * Capability probing by catching SIGILL appears to be problematic
+ * on iOS. But since Apple universe is "monocultural", it's actually
+ * possible to simply set pre-defined processor capability mask.
+ */
+if (1) {
+OPENSSL_armcap_P = ARMV7_NEON;
+return;
+}
+/*
+ * One could do same even for __aarch64__ iOS builds. It's not done
+ * exclusively for reasons of keeping code unified across platforms.
+ * Unified code works because it never triggers SIGILL on Apple
+ * devices...
+ */
+# endif
+
 sigfillset(_masked);
 sigdelset(_masked, SIGILL);
 sigdelset(_masked, SIGTRAP);
diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
index 33c893d..f7d31a6 100644
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
@@ -27,6 +27,7 @@ $code.=<<___;
 .thumb
 #else
 .code  32
+#undef __thumb2__
 #endif
 
 .align 5
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
index cb4537b..dcd5f59 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -67,7 +67,11 @@ $code=<<___;
 .text
 ___
 $code.=".arch  armv8-a+crypto\n"   if ($flavour =~ /64/);
-$code.=".fpu   neon\n.code 32\n"   if ($flavour !~ /64/);
+$code.=<<___   if ($flavour !~ /64/);
+.fpu   neon
+.code  32
+#undef __thumb2__
+___
 
 

 # void gcm_init_v8(u128 Htable[16],const u64 H[2]);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Andy Polyakov]

The branch OpenSSL_1_1_0-stable has been updated
   via  b763981b76b6a97c72011c290ec574b37a15f6e4 (commit)
   via  c04b1434e6741cfc6b6c29db2c34b46f5ccd3d99 (commit)
  from  c9c1a63d58c7950484347d153a2150b4587e7a53 (commit)


- Log -
commit b763981b76b6a97c72011c290ec574b37a15f6e4
Author: Andy Polyakov 
Date:   Wed Feb 15 12:01:09 2017 +0100

crypto/armcap.c: short-circuit processor capability probe in iOS builds.

Capability probing by catching SIGILL appears to be problematic
on iOS. But since Apple universe is "monocultural", it's actually
possible to simply set pre-defined processor capability mask.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2617)

(cherry picked from commit 8653e78f4319b23d60239f9557d8c1e1d23be1a5)

commit c04b1434e6741cfc6b6c29db2c34b46f5ccd3d99
Author: Andy Polyakov 
Date:   Mon Feb 13 18:16:16 2017 +0100

ARMv4 assembly pack: harmonize Thumb-ification of iOS build.

Three modules were left behind in a285992763f3961f69a8d86bf7dfff020a08cef9.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2617)

(cherry picked from commit c93f06c12f10c07cea935abd78a07a037e27f155)

---

Summary of changes:
 crypto/aes/asm/aesv8-armx.pl |  9 ++---
 crypto/armcap.c  | 18 ++
 crypto/armv4cpuid.pl |  1 +
 crypto/modes/asm/ghashv8-armx.pl |  6 +-
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index 9246dbb..1782d5b 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -59,9 +59,12 @@ $code=<<___;
 .text
 ___
 $code.=".arch  armv8-a+crypto\n"   if ($flavour =~ /64/);
-$code.=".arch  armv7-a\n.fpu   neon\n.code 32\n"   if ($flavour !~ /64/);
-   #^^ this is done to simplify adoption by not depending
-   #   on latest binutils.
+$code.=<<___   if ($flavour !~ /64/);
+.arch  armv7-a // don't confuse not-so-latest binutils with argv8 :-)
+.fpu   neon
+.code  32
+#undef __thumb2__
+___
 
 # Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
 # NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 4215766..2953484 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -111,6 +111,24 @@ void OPENSSL_cpuid_setup(void)
 return;
 }
 
+# if defined(__APPLE__) && !defined(__aarch64__)
+/*
+ * Capability probing by catching SIGILL appears to be problematic
+ * on iOS. But since Apple universe is "monocultural", it's actually
+ * possible to simply set pre-defined processor capability mask.
+ */
+if (1) {
+OPENSSL_armcap_P = ARMV7_NEON;
+return;
+}
+/*
+ * One could do same even for __aarch64__ iOS builds. It's not done
+ * exclusively for reasons of keeping code unified across platforms.
+ * Unified code works because it never triggers SIGILL on Apple
+ * devices...
+ */
+# endif
+
 sigfillset(_masked);
 sigdelset(_masked, SIGILL);
 sigdelset(_masked, SIGTRAP);
diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
index 33c893d..f7d31a6 100644
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
@@ -27,6 +27,7 @@ $code.=<<___;
 .thumb
 #else
 .code  32
+#undef __thumb2__
 #endif
 
 .align 5
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
index cb4537b..dcd5f59 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -67,7 +67,11 @@ $code=<<___;
 .text
 ___
 $code.=".arch  armv8-a+crypto\n"   if ($flavour =~ /64/);
-$code.=".fpu   neon\n.code 32\n"   if ($flavour !~ /64/);
+$code.=<<___   if ($flavour !~ /64/);
+.fpu   neon
+.code  32
+#undef __thumb2__
+___
 
 

 # void gcm_init_v8(u128 Htable[16],const u64 H[2]);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#8553 (OpenSSL_1_1_0-stable - 177b422)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8553
Status: Errored

Duration: 3 hours, 34 minutes, and 47 seconds
Commit: 177b422 (OpenSSL_1_1_0-stable)
Author: Bernd Edlinger
Message: Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket.

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2618)
(cherry picked from commit 57b0d651f052ed86528da916397acbcce035fb21)

View the changeset: 
https://github.com/openssl/openssl/compare/be31d57686a5...177b4225baac

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/201633483

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  62cd6a8389128ec4dc5500bdd13889633c4a5ae0 (commit)
  from  b75dbf3c118aeee4b1a71f882eb30ba7cefba486 (commit)


- Log -
commit 62cd6a8389128ec4dc5500bdd13889633c4a5ae0
Author: Bernd Edlinger 
Date:   Wed Feb 15 19:11:05 2017 +0100

Fix possible memory leak in cryptodev_digest_update.

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2639)

---

Summary of changes:
 crypto/engine/eng_cryptodev.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 2a2b95c..af59471 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -810,14 +810,15 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const 
void *data,
 
 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
 /* if application doesn't support one buffer */
-state->mac_data =
+char *mac_data =
 OPENSSL_realloc(state->mac_data, state->mac_len + count);
 
-if (!state->mac_data) {
+if (mac_data == NULL) {
 printf("cryptodev_digest_update: realloc failed\n");
 return (0);
 }
 
+state->mac_data = mac_data;
 memcpy(state->mac_data + state->mac_len, data, count);
 state->mac_len += count;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  a8f957686675194d786b41f6e1f7c48bb85723ec (commit)
  from  8653e78f4319b23d60239f9557d8c1e1d23be1a5 (commit)


- Log -
commit a8f957686675194d786b41f6e1f7c48bb85723ec
Author: Kazuki Yamaguchi 
Date:   Thu Jan 26 13:01:30 2017 +0900

Properly zero cipher_data for ChaCha20-Poly1305 on cleanup

Fix a typo. Probably this has not been found because EVP_CIPHER_CTX is
smaller than EVP_CHACHA_AEAD_CTX and heap overflow does not occur.

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2294)

---

Summary of changes:
 crypto/evp/e_chacha20_poly1305.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index 46bc2cb..7fd4f8d 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -316,7 +316,7 @@ static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
 {
 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
 if (actx)
-OPENSSL_cleanse(ctx->cipher_data, sizeof(*ctx) + Poly1305_ctx_size());
+OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
 return 1;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  04d42270ba76d1c9dad2e383d109084e60a2ac12 (commit)
  from  62cd6a8389128ec4dc5500bdd13889633c4a5ae0 (commit)


- Log -
commit 04d42270ba76d1c9dad2e383d109084e60a2ac12
Author: Bernd Edlinger 
Date:   Sun Feb 5 12:38:09 2017 +0100

Add a make distclean rule in the OpenSSL_1_0_2 branch

Reviewed-by: Andy Polyakov 
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2554)

---

Summary of changes:
 Makefile.org | 8 
 1 file changed, 8 insertions(+)

diff --git a/Makefile.org b/Makefile.org
index 61a329b..f51f0a7 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -424,6 +424,14 @@ clean: libclean
rm -fr $$i/*; \
done
 
+distclean: clean
+   -$(RM) `find . -name .git -prune -o -type l -print`
+   $(RM) apps/CA.pl
+   $(RM) test/evptests.txt test/newkey.pem test/testkey.pem 
test/testreq.pem
+   $(RM) tools/c_rehash
+   $(RM) crypto/opensslconf.h
+   $(RM) Makefile Makefile.bak
+
 makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  399976c7ba8dcc9eba3641e03d0bb41e4d137ed1 (commit)
  from  ed874fac6399d5064d6eb8fe2022b918aeaf75af (commit)


- Log -
commit 399976c7ba8dcc9eba3641e03d0bb41e4d137ed1
Author: Andy Polyakov 
Date:   Mon Feb 13 22:34:51 2017 +0100

sha/asm/*-x86_64.pl: add CFI annotations.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/sha/asm/sha1-mb-x86_64.pl   | 46 +++
 crypto/sha/asm/sha256-mb-x86_64.pl | 46 +++
 crypto/sha/asm/sha512-x86_64.pl| 92 +-
 3 files changed, 183 insertions(+), 1 deletion(-)

diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl
index 2f6b35f..56e1529 100644
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -363,6 +363,7 @@ $code.=<<___;
 .type  sha1_multi_block,\@function,3
 .align 32
 sha1_multi_block:
+.cfi_startproc
mov OPENSSL_ia32cap_P+4(%rip),%rcx
bt  \$61,%rcx   # check SHA bit
jc  _shaext_shortcut
@@ -373,8 +374,11 @@ $code.=<<___ if ($avx);
 ___
 $code.=<<___;
mov %rsp,%rax
+.cfi_def_cfa_register  %rax
push%rbx
+.cfi_push  %rbx
push%rbp
+.cfi_push  %rbx
 ___
 $code.=<<___ if ($win64);
lea -0xa8(%rsp),%rsp
@@ -393,6 +397,7 @@ $code.=<<___;
sub \$`$REG_SZ*18`,%rsp
and \$-256,%rsp
mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
+.cfi_cfa_expression%rsp+`$REG_SZ*17`,deref,+8
 .Lbody:
lea K_XX_XX(%rip),$Tbl
lea `$REG_SZ*16`(%rsp),%rbx
@@ -487,6 +492,7 @@ $code.=<<___;
 
 .Ldone:
mov `$REG_SZ*17`(%rsp),%rax # original %rsp
+.cfi_def_cfa   %rax,8
 ___
 $code.=<<___ if ($win64);
movaps  -0xb8(%rax),%xmm6
@@ -502,10 +508,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
mov -16(%rax),%rbp
+.cfi_restore   %rbp
mov -8(%rax),%rbx
+.cfi_restore   %rbx
lea (%rax),%rsp
+.cfi_def_cfa_register  %rsp
 .Lepilogue:
ret
+.cfi_endproc
 .size  sha1_multi_block,.-sha1_multi_block
 ___
{{{
@@ -517,10 +527,14 @@ $code.=<<___;
 .type  sha1_multi_block_shaext,\@function,3
 .align 32
 sha1_multi_block_shaext:
+.cfi_startproc
 _shaext_shortcut:
mov %rsp,%rax
+.cfi_def_cfa_register  %rax
push%rbx
+.cfi_push  %rbx
push%rbp
+.cfi_push  %rbp
 ___
 $code.=<<___ if ($win64);
lea -0xa8(%rsp),%rsp
@@ -756,10 +770,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
mov -16(%rax),%rbp
+.cfi_restore   %rbp
mov -8(%rax),%rbx
+.cfi_restore   %rbx
lea (%rax),%rsp
+.cfi_def_cfa_register  %rsp
 .Lepilogue_shaext:
ret
+.cfi_endproc
 .size  sha1_multi_block_shaext,.-sha1_multi_block_shaext
 ___
}}}
@@ -1002,6 +1020,7 @@ $code.=<<___;
 .type  sha1_multi_block_avx,\@function,3
 .align 32
 sha1_multi_block_avx:
+.cfi_startproc
 _avx_shortcut:
 ___
 $code.=<<___ if ($avx>1);
@@ -1016,8 +1035,11 @@ $code.=<<___ if ($avx>1);
 ___
 $code.=<<___;
mov %rsp,%rax
+.cfi_def_cfa_register  %rax
push%rbx
+.cfi_push  %rbx
push%rbp
+.cfi_push  %rbp
 ___
 $code.=<<___ if ($win64);
lea -0xa8(%rsp),%rsp
@@ -1036,6 +1058,7 @@ $code.=<<___;
sub \$`$REG_SZ*18`, %rsp
and \$-256,%rsp
mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
+.cfi_cfa_expression%rsp+`$REG_SZ*17`,deref,+8
 .Lbody_avx:
lea K_XX_XX(%rip),$Tbl
lea `$REG_SZ*16`(%rsp),%rbx
@@ -1125,6 +1148,7 @@ $code.=<<___;
 
 .Ldone_avx:
mov `$REG_SZ*17`(%rsp),%rax # original %rsp
+.cfi_def_cfa   %rax,8
vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1141,10 +1165,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
mov -16(%rax),%rbp
+.cfi_restore   %rbp
mov -8(%rax),%rbx
+.cfi_restore   %rbx
lea (%rax),%rsp
+.cfi_def_cfa_register  %rsp
 .Lepilogue_avx:
ret
+.cfi_endproc
 .size  sha1_multi_block_avx,.-sha1_multi_block_avx
 ___
 
@@ -1164,14 +1192,22 @@ $code.=<<___;
 .type  sha1_multi_block_avx2,\@function,3
 .align 32
 sha1_multi_block_avx2:
+.cfi_startproc
 _avx2_shortcut:
mov %rsp,%rax
+.cfi_def_cfa_register  %rax
push%rbx
+.cfi_push  %rbx
push%rbp
+.cfi_push  %rbp
push%r12
+.cfi_push  %r12
push%r13
+.cfi_push  %r13
push%r14
+.cfi_push  %r14
push%r15
+.cfi_push  %r15
 ___
 $code.=<<___ if ($win64);
lea -0xa8(%rsp),%rsp
@@ -1190,6 +1226,7 @@ $code.=<<___;
sub