[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi Commit log since last time: 7e12cdb Fix a few typos [skip ci] 7c12035 Remove obsolete comment 873019f Prevents that OPENSSL_gmtime incorrectly signals success if gmtime_r fails, and that struct* tm result's possibly uninitialized content is used 57b0d65 Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. 7f07149 Prevent allocations of size 0 in sh_init, which are not possible with the default OPENSSL_zalloc, but are possible if the user has installed their own allocator using CRYPTO_set_mem_functions. If the 0-allocations succeeds, the secure heap code will later access (at least) the first byte of that space, which is technically an OOB access. This could lead to problems with some custom allocators that only return a valid pointer for subsequent free()-ing, and do not expect that the pointer is actually dereferenced. 20967af Add Sieve support (RFC 5804) to s_client ("-starttls sieve") b08ee30 Add no-ec build 52f4840 Make -xcert work again. deb2d5e Fix no-ec compilation 429ff31 Remove a double call to ssl3_send_alert() 319a33d Fix a bogus uninit variable warning 0dd7ba2 Add a bytestogroup macro 2248dbe Various style fixes following review feedback b0bfd14 Update the tls13messages test to add some HRR scenarios d542790 Update the kex modes tests to check various HRR scenarios 0adb641 Update TLSProxy to know about HelloRetryRequest messages f6cec2d Update test counting in checkhandshake.pm 38f5c30 Update the key_share tests for HelloRetryRequest 87d70b6 Add trace support for HelloRetryRequest aff9929 Implement support for resumption with a HelloRetryRequest 3847d42 Add client side support for parsing Hello Retry Request 7d061fc Add server side support for creating the Hello Retry Request message 6113835 Make the context available to the extensions parse and construction funcs e067097 mem leak on error path and error propagation fix Build log ended with (last 100 lines): make[1]: Entering directory '/home/openssl/run-checker/no-asm_-ansi' clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o ../openssl/crypto/aes/aes_cbc.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o ../openssl/crypto/aes/aes_cfb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o ../openssl/crypto/aes/aes_core.c clang -I. -Icrypto/includ
[openssl-commits] [openssl] master update
The branch master has been updated via a34a9df0712ac27256ec48e6f88c61064613ac08 (commit) via a497cf25162e100ad46bd08222b6e7584b2d5bee (commit) via f695571e10a3e63930424940acc8dafd13c6c35c (commit) via f365a3e2e552e36f5c885953f5a361267f0d06c6 (commit) via 0972bc5cedfb3c8dcf7eae3ab010ed3b47a6f186 (commit) via 4a419f60188405d6ecc450526b6aa926638d1db2 (commit) via 4020c0b33b25f829ca68976970d44227d115eb9e (commit) from 7e12cdb52e3f4beff050caeecf3634870bb9a7c4 (commit) - Log - commit a34a9df0712ac27256ec48e6f88c61064613ac08 Author: Dr. Stephen Henson Date: Tue Feb 14 14:27:15 2017 + Skip curve check if sigalg doesn't specify a curve. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit a497cf25162e100ad46bd08222b6e7584b2d5bee Author: Dr. Stephen Henson Date: Tue Feb 14 00:35:26 2017 + Use CERT_PKEY pointer instead of index Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit f695571e10a3e63930424940acc8dafd13c6c35c Author: Dr. Stephen Henson Date: Mon Feb 13 18:07:00 2017 + Simplify tls_construct_server_key_exchange Use negotiated signature algorithm and certificate index in tls_construct_key_exchange instead of recalculating it. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit f365a3e2e552e36f5c885953f5a361267f0d06c6 Author: Dr. Stephen Henson Date: Mon Feb 13 16:32:06 2017 + Use cert_index and sigalg Now the certificate and signature algorithm is set in one place we can use it directly insetad of recalculating it. The old functions ssl_get_server_send_pkey() and ssl_get_server_cert_index() are no longer required. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit 0972bc5cedfb3c8dcf7eae3ab010ed3b47a6f186 Author: Dr. Stephen Henson Date: Mon Feb 13 16:04:07 2017 + Add sigalg for earlier TLS versions Update tls_choose_sigalg to choose a signature algorithm for all versions of TLS not just 1.3. For TLS 1.2 we choose the highest preference signature algorithm for the chosen ciphersuite. For TLS 1.1 and earlier the signature algorithm is determined by the ciphersuite alone. For RSA we use a special MD5+SHA1 signature algorithm. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit 4a419f60188405d6ecc450526b6aa926638d1db2 Author: Dr. Stephen Henson Date: Mon Feb 13 15:50:43 2017 + Change tls_choose_sigalg so it can set errors and alerts. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) commit 4020c0b33b25f829ca68976970d44227d115eb9e Author: Dr. Stephen Henson Date: Mon Feb 13 15:40:21 2017 + add ssl_has_cert Add inline function ssl_has_cert which checks to see if a certificate and private key for a given index are not NULL. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) --- Summary of changes: include/openssl/ssl.h| 1 + ssl/s3_lib.c | 8 +-- ssl/ssl_err.c| 1 + ssl/ssl_lib.c| 105 +++- ssl/ssl_locl.h | 25 --- ssl/statem/statem_clnt.c | 10 +-- ssl/statem/statem_lib.c | 11 +-- ssl/statem/statem_srvr.c | 143 +-- ssl/t1_lib.c | 173 --- 9 files changed, 250 insertions(+), 227 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 96a5558..f2b6198 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2259,6 +2259,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS1_PRF 284 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 # define SSL_F_TLS1_SET_SERVER_SIGALGS335 +# define SSL_F_TLS_CHOOSE_SIGALG 510 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 # define SSL_F_TLS_COLLECT_EXTENSIONS 435 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8065e15..8537e80 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3137,12 +3137,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CURRENT_CERT: if (larg == SSL_CERT_SET_SERVER) { -CERT_PKEY *cpk; const SSL_CIPHER *cipher; if (!s->server) return 0; cipher = s->s3->tmp.new_cipher; -if (!cipher) +if (cipher == NULL)
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 9b9f8315dc3b205e19f04565efe54fbac62f9a30 (commit) from b70dc3a66d168b0f136a6edf50239df6e13abdac (commit) - Log - commit 9b9f8315dc3b205e19f04565efe54fbac62f9a30 Author: FdaSilvaYY Date: Tue Feb 7 00:05:06 2017 +0100 Fix a few typos Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2571) (cherry picked from commit 7e12cdb52e3f4beff050caeecf3634870bb9a7c4) --- Summary of changes: crypto/perlasm/x86_64-xlate.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index b7ae40b..625f95c 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -414,7 +414,7 @@ my %globals; } } } -{ package expr;# pick up expressioins +{ package expr;# pick up expressions sub re { my $self = shift; # single instance is enough... local *line = shift; @@ -977,7 +977,7 @@ close STDOUT; # the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, +# register and stack layout, but disregards the "red zone" existence, # it's possible to use following prologue and epilogue to "gear" from # Unix to Win64 ABI in leaf functions with not more than 6 arguments. # _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 19d5e48d6d56f59672c08c8aa162a2a3ff3819ba (commit) from 07bc93f479bb73567b23ceb6c2d96e7cc511edd3 (commit) - Log - commit 19d5e48d6d56f59672c08c8aa162a2a3ff3819ba Author: FdaSilvaYY Date: Tue Feb 7 00:05:06 2017 +0100 Fix a few typos Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2571) (cherry picked from commit 7e12cdb52e3f4beff050caeecf3634870bb9a7c4) --- Summary of changes: crypto/perlasm/README | 6 +++--- crypto/perlasm/x86_64-xlate.pl | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/perlasm/README b/crypto/perlasm/README index 2c8435c..e90bd8e 100644 --- a/crypto/perlasm/README +++ b/crypto/perlasm/README @@ -7,7 +7,7 @@ and then include it. push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; -The first thing we do is setup the file and type of assember +The first thing we do is setup the file and type of assembler &asm_init($ARGV[0],$0); @@ -18,7 +18,7 @@ Argument 2 is the file name. The reciprocal function is &asm_finish() which should be called at the end. -There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, +There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler, and x86unix.pl which is the unix (gas) version. Functions of interest are: @@ -32,7 +32,7 @@ Functions of interest are: &function_begin(name,extra)Start a function with pushing of edi, esi, ebx and ebp. extra is extra win32 external info that may be required. -&function_begin_B(name,extra) Same as norma function_begin but no pushing. +&function_begin_B(name,extra) Same as normal function_begin but no pushing. &function_end(name)Call at end of function. &function_end_A(name) Standard pop and ret, for use inside functions &function_end_B(name) Call at end but with poping or 'ret'. diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 2d9e1a1..425cd29 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -429,7 +429,7 @@ my %globals; } } } -{ package expr;# pick up expressioins +{ package expr;# pick up expressions sub re { my ($class, $line, $opcode) = @_; my $self = {}; @@ -1004,7 +1004,7 @@ close STDOUT; # the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, +# register and stack layout, but disregards the "red zone" existence, # it's possible to use following prologue and epilogue to "gear" from # Unix to Win64 ABI in leaf functions with not more than 6 arguments. # _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7e12cdb52e3f4beff050caeecf3634870bb9a7c4 (commit) from 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e (commit) - Log - commit 7e12cdb52e3f4beff050caeecf3634870bb9a7c4 Author: FdaSilvaYY Date: Tue Feb 7 00:05:06 2017 +0100 Fix a few typos [skip ci] Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2571) --- Summary of changes: crypto/perlasm/README | 6 +++--- crypto/perlasm/x86_64-xlate.pl | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/perlasm/README b/crypto/perlasm/README index 2c8435c..e90bd8e 100644 --- a/crypto/perlasm/README +++ b/crypto/perlasm/README @@ -7,7 +7,7 @@ and then include it. push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; -The first thing we do is setup the file and type of assember +The first thing we do is setup the file and type of assembler &asm_init($ARGV[0],$0); @@ -18,7 +18,7 @@ Argument 2 is the file name. The reciprocal function is &asm_finish() which should be called at the end. -There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, +There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler, and x86unix.pl which is the unix (gas) version. Functions of interest are: @@ -32,7 +32,7 @@ Functions of interest are: &function_begin(name,extra)Start a function with pushing of edi, esi, ebx and ebp. extra is extra win32 external info that may be required. -&function_begin_B(name,extra) Same as norma function_begin but no pushing. +&function_begin_B(name,extra) Same as normal function_begin but no pushing. &function_end(name)Call at end of function. &function_end_A(name) Standard pop and ret, for use inside functions &function_end_B(name) Call at end but with poping or 'ret'. diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 1edea05..b612c21 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -437,7 +437,7 @@ my %globals; } } } -{ package expr;# pick up expressioins +{ package expr;# pick up expressions sub re { my ($class, $line, $opcode) = @_; my $self = {}; @@ -1245,7 +1245,7 @@ close STDOUT; # the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, +# register and stack layout, but disregards the "red zone" existence, # it's possible to use following prologue and epilogue to "gear" from # Unix to Win64 ABI in leaf functions with not more than 6 arguments. # _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via b70dc3a66d168b0f136a6edf50239df6e13abdac (commit) from 4fd35d83412946d19da05d4c89f6c2002d5c2e82 (commit) - Log - commit b70dc3a66d168b0f136a6edf50239df6e13abdac Author: Guido Vranken Date: Sat Feb 11 22:41:38 2017 +0100 Remove obsolete comment Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1613) (cherry picked from commit 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e) --- Summary of changes: crypto/o_time.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index b99e599..04d805d 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -106,11 +106,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) struct tm *ts = NULL; #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) -/* - * should return &data, but doesn't on some systems, so we don't even - * look at the return value - */ -gmtime_r(timer, result); +if (gmtime_r(timer, result) == NULL) +return NULL; ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 07bc93f479bb73567b23ceb6c2d96e7cc511edd3 (commit) from 177b4225baac56336e04fd97d0c993fd45d3e45e (commit) - Log - commit 07bc93f479bb73567b23ceb6c2d96e7cc511edd3 Author: Guido Vranken Date: Sat Feb 11 22:41:38 2017 +0100 Remove obsolete comment Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1613) (cherry picked from commit 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e) --- Summary of changes: crypto/o_time.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index e785525..4b902e0 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -52,11 +52,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) struct tm *ts = NULL; #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) -/* - * should return &data, but doesn't on some systems, so we don't even - * look at the return value - */ -gmtime_r(timer, result); +if (gmtime_r(timer, result) == NULL) +return NULL; ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e (commit) via 873019f2c3d5d19f761b0f6e8dbc8d439345fd6f (commit) from 57b0d651f052ed86528da916397acbcce035fb21 (commit) - Log - commit 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e Author: Guido Vranken Date: Sat Feb 11 22:41:38 2017 +0100 Remove obsolete comment Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1613) commit 873019f2c3d5d19f761b0f6e8dbc8d439345fd6f Author: Guido Vranken Date: Thu Sep 22 22:48:44 2016 +0200 Prevents that OPENSSL_gmtime incorrectly signals success if gmtime_r fails, and that struct* tm result's possibly uninitialized content is used Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1613) --- Summary of changes: crypto/o_time.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index e785525..4b902e0 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -52,11 +52,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) struct tm *ts = NULL; #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) -/* - * should return &data, but doesn't on some systems, so we don't even - * look at the return value - */ -gmtime_r(timer, result); +if (gmtime_r(timer, result) == NULL) +return NULL; ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 177b4225baac56336e04fd97d0c993fd45d3e45e (commit) from be31d57686a551261cfd5deb95c9553402942a43 (commit) - Log - commit 177b4225baac56336e04fd97d0c993fd45d3e45e Author: Bernd Edlinger Date: Mon Feb 13 18:36:13 2017 +0100 Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2618) (cherry picked from commit 57b0d651f052ed86528da916397acbcce035fb21) --- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f1e4d29..b51d60a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3151,8 +3151,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ -p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx); -eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx); +p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); +eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) { EVP_CIPHER_CTX_free(ctx); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 57b0d651f052ed86528da916397acbcce035fb21 (commit) from 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d (commit) - Log - commit 57b0d651f052ed86528da916397acbcce035fb21 Author: Bernd Edlinger Date: Mon Feb 13 18:36:13 2017 +0100 Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2618) --- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7c8244d..eba3203 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1252,8 +1252,8 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ -p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx); -eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx); +p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); +eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via be31d57686a551261cfd5deb95c9553402942a43 (commit) from dff827da751525b0e32ecb59a1d382b03f34a4de (commit) - Log - commit be31d57686a551261cfd5deb95c9553402942a43 Author: Guido Vranken Date: Mon Feb 13 01:36:43 2017 +0100 Prevent allocations of size 0 in sh_init. which are not possible with the default OPENSSL_zalloc, but are possible if the user has installed their own allocator using CRYPTO_set_mem_functions. If the 0-allocations succeeds, the secure heap code will later access (at least) the first byte of that space, which is technically an OOB access. This could lead to problems with some custom allocators that only return a valid pointer for subsequent free()-ing, and do not expect that the pointer is actually dereferenced. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2605) (cherry picked from commit 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d) --- Summary of changes: crypto/mem_sec.c | 4 1 file changed, 4 insertions(+) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 4ccff34..0c79b43 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -356,6 +356,10 @@ static int sh_init(size_t size, int minsize) sh.minsize = minsize; sh.bittable_size = (sh.arena_size / sh.minsize) * 2; +/* Prevent allocations of size 0 later on */ +if (sh.bittable_size >> 3 == 0) +goto err; + sh.freelist_size = -1; for (i = sh.bittable_size; i; i >>= 1) sh.freelist_size++; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d (commit) from 20967afb7f4a2613a6d7230bcbdf99140bccd677 (commit) - Log - commit 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d Author: Guido Vranken Date: Mon Feb 13 01:36:43 2017 +0100 Prevent allocations of size 0 in sh_init, which are not possible with the default OPENSSL_zalloc, but are possible if the user has installed their own allocator using CRYPTO_set_mem_functions. If the 0-allocations succeeds, the secure heap code will later access (at least) the first byte of that space, which is technically an OOB access. This could lead to problems with some custom allocators that only return a valid pointer for subsequent free()-ing, and do not expect that the pointer is actually dereferenced. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2605) --- Summary of changes: crypto/mem_sec.c | 4 1 file changed, 4 insertions(+) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 4ccff34..0c79b43 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -356,6 +356,10 @@ static int sh_init(size_t size, int minsize) sh.minsize = minsize; sh.bittable_size = (sh.arena_size / sh.minsize) * 2; +/* Prevent allocations of size 0 later on */ +if (sh.bittable_size >> 3 == 0) +goto err; + sh.freelist_size = -1; for (i = sh.bittable_size; i; i >>= 1) sh.freelist_size++; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 20967afb7f4a2613a6d7230bcbdf99140bccd677 (commit) from b08ee30bf4fb3d0c92d838778332b7a3afbdb062 (commit) - Log - commit 20967afb7f4a2613a6d7230bcbdf99140bccd677 Author: Robert Scheck Date: Thu Feb 9 22:20:59 2017 +0100 Add Sieve support (RFC 5804) to s_client ("-starttls sieve") Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2300) --- Summary of changes: apps/apps.c | 8 + apps/apps.h | 2 ++ apps/ca.c | 3 +- apps/s_client.c | 81 --- doc/man1/s_client.pod | 2 +- 5 files changed, 82 insertions(+), 14 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 969b6b8..216bc79 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2664,3 +2664,11 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, } return 1; } + +void make_uppercase(char *string) +{ +int i; + +for (i = 0; string[i] != '\0'; i++) +string[i] = toupper((unsigned char)string[i]); +} diff --git a/apps/apps.h b/apps/apps.h index 5bf8c1d..e7c860f 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -559,6 +559,8 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); +void make_uppercase(char *string); + typedef struct verify_options_st { int depth; int quiet; diff --git a/apps/ca.c b/apps/ca.c index 030f8b1..8329884 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2141,8 +2141,7 @@ static int get_certificate_status(const char *serial, CA_DB *db) } /* Make it Upper Case */ -for (i = 0; row[DB_serial][i] != '\0'; i++) -row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); +make_uppercase(row[DB_serial]); ok = 1; diff --git a/apps/s_client.c b/apps/s_client.c index ad237c3..6d96012 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -749,7 +749,8 @@ typedef enum PROTOCOL_choice { PROTO_IRC, PROTO_POSTGRES, PROTO_LMTP, -PROTO_NNTP +PROTO_NNTP, +PROTO_SIEVE } PROTOCOL_CHOICE; static const OPT_PAIR services[] = { @@ -764,6 +765,7 @@ static const OPT_PAIR services[] = { {"postgres", PROTO_POSTGRES}, {"lmtp", PROTO_LMTP}, {"nntp", PROTO_NNTP}, +{"sieve", PROTO_SIEVE}, {NULL, 0} }; @@ -1911,12 +1913,12 @@ int s_client_main(int argc, char **argv) */ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); /* Wait for multi-line response to end from LMTP or SMTP */ do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); -} -while (mbuf_len > 3 && mbuf[3] == '-'); +} while (mbuf_len > 3 && mbuf[3] == '-'); if (starttls_proto == (int)PROTO_LMTP) BIO_printf(fbio, "LHLO %s\r\n", ehlo); else @@ -1930,14 +1932,13 @@ int s_client_main(int argc, char **argv) mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); if (strstr(mbuf, "STARTTLS")) foundit = 1; -} -while (mbuf_len > 3 && mbuf[3] == '-'); +} while (mbuf_len > 3 && mbuf[3] == '-'); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't find starttls in server response," + "Didn't find STARTTLS in server response," " trying anyway...\n"); BIO_printf(sbio, "STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); @@ -1958,6 +1959,7 @@ int s_client_main(int argc, char **argv) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); BIO_gets(fbio, mbuf, BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ @@ -1975,7 +1977,7 @@ int s_client_main(int argc, char **argv) BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't find STARTTLS in server response," + "Didn't find STARTTLS in server response," " trying anyway...\n"); BIO_printf(sbio, ". STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); @@ -1984,6 +1986,7 @@ int s_client_main(int argc, char **argv) case PROTO_FTP: { BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ do { @@ -2007,7 +2010,11 @@ int s_client_main(int argc, char **argv)
[openssl-commits] [openssl] master update
The branch master has been updated via b08ee30bf4fb3d0c92d838778332b7a3afbdb062 (commit) from 52f4840cb237cc37cad5eac8328828cf3d3e1049 (commit) - Log - commit b08ee30bf4fb3d0c92d838778332b7a3afbdb062 Author: Rich Salz Date: Tue Feb 14 11:51:22 2017 -0500 Add no-ec build Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2626) --- Summary of changes: .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index a60c402..7b9e671 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,6 +34,7 @@ env: - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" +- CONFIG_OPTS="no-ec" BUILDONLY="yes" matrix: include: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via dff827da751525b0e32ecb59a1d382b03f34a4de (commit) from 55f0883dadcf38ddcf11d6a17899fd8a19ee146c (commit) - Log - commit dff827da751525b0e32ecb59a1d382b03f34a4de Author: Dr. Stephen Henson Date: Tue Feb 14 17:18:00 2017 + Make -xcert work again. When a certificate is prepended update the list pointer. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2628) (cherry picked from commit 52f4840cb237cc37cad5eac8328828cf3d3e1049) --- Summary of changes: apps/s_cb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/s_cb.c b/apps/s_cb.c index 9535f12..e0acd51 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -922,6 +922,7 @@ int args_excert(int opt, SSL_EXCERT **pexc) BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); goto err; } +*pexc = exc; exc->certfile = opt_arg(); break; case OPT_X_KEY: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 52f4840cb237cc37cad5eac8328828cf3d3e1049 (commit) from deb2d5e7e3d5549d2be0f9c3fde2f257ae378152 (commit) - Log - commit 52f4840cb237cc37cad5eac8328828cf3d3e1049 Author: Dr. Stephen Henson Date: Tue Feb 14 17:18:00 2017 + Make -xcert work again. When a certificate is prepended update the list pointer. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2628) --- Summary of changes: apps/s_cb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/s_cb.c b/apps/s_cb.c index e0d432d..0111c24 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -944,6 +944,7 @@ int args_excert(int opt, SSL_EXCERT **pexc) BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); goto err; } +*pexc = exc; exc->certfile = opt_arg(); break; case OPT_X_KEY: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 55f0883dadcf38ddcf11d6a17899fd8a19ee146c (commit) from b37fce59cb7c48776361ac8cb8a808793016eefd (commit) - Log - commit 55f0883dadcf38ddcf11d6a17899fd8a19ee146c Author: Rich Salz Date: Tue Feb 14 11:51:22 2017 -0500 Add no-ec build Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2626) (cherry picked from commit b4568b04c7cd425103ac8f1603682e8da2044238) --- Summary of changes: .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index e848fc7..24f62dd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,6 +33,7 @@ env: - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" +- CONFIG_OPTS="no-ec" BUILDONLY="yes" matrix: include: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via deb2d5e7e3d5549d2be0f9c3fde2f257ae378152 (commit) from 429ff318d613047cf94accdc17e8d7c0dc144657 (commit) - Log - commit deb2d5e7e3d5549d2be0f9c3fde2f257ae378152 Author: Matt Caswell Date: Tue Feb 14 15:57:50 2017 + Fix no-ec compilation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2624) --- Summary of changes: ssl/statem/extensions.c | 7 ++- ssl/statem/statem_lib.c | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 50fd3bb..edb674d 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -36,7 +36,9 @@ static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); static int final_ems(SSL *s, unsigned int context, int sent, int *al); static int init_psk_kex_modes(SSL *s, unsigned int context); +#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent, int *al); +#endif #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif @@ -244,6 +246,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, tls_construct_ctos_psk_kex_modes, NULL }, +#ifndef OPENSSL_NO_EC { /* * Must be in this list after supported_groups. We need that to have @@ -257,6 +260,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, +#endif { /* * Special unsolicited ServerHello extension only used when @@ -960,7 +964,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al) return 1; } - +#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent, int *al) { if (!SSL_IS_TLS13(s)) @@ -1078,6 +1082,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent, int *al) return 1; } +#endif static int init_psk_kex_modes(SSL *s, unsigned int context) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d7564e6..3a03ada 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1745,6 +1745,7 @@ int ssl_set_client_hello_version(SSL *s) * used. Returns 1 if the group is in the list (and allowed if |checkallow| is * 1) or 0 otherwise. */ +#ifndef OPENSSL_NO_EC int check_in_list(SSL *s, unsigned int group_id, const unsigned char *groups, size_t num_groups, int checkallow) { @@ -1766,3 +1767,4 @@ int check_in_list(SSL *s, unsigned int group_id, const unsigned char *groups, /* If i == num_groups then not in the list */ return i < num_groups; } +#endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#8529 (OpenSSL_1_1_0-stable - b37fce5)
Build Update for openssl/openssl - Build: #8529 Status: Broken Duration: 1 hour, 19 minutes, and 27 seconds Commit: b37fce5 (OpenSSL_1_1_0-stable) Author: Yuchi Message: mem leak on error path and error propagation fix Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2559) (cherry picked from commit e0670973d5c0b837eb5a9f1670e47107f466fbc7) View the changeset: https://github.com/openssl/openssl/compare/955286c9f38c...b37fce59cb7c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201462839 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 429ff318d613047cf94accdc17e8d7c0dc144657 (commit) via 319a33d0060b77d9446894b8a386718abcaee1a4 (commit) via 0dd7ba24e835fc66afc4997b376bc2a5e1f03992 (commit) via 2248dbebeeedd77f08d67e3dcd9031f6c1f0894f (commit) via b0bfd1408506b399081186aa2a15cd60ed001595 (commit) via d542790b0767535bce903d9f6ad314357484d67f (commit) via 0adb6417403f4be801b8da28cb83efb60f79f66c (commit) via f6cec2d8badb6e9b01e8f477f98fdeecc32e46a5 (commit) via 38f5c30b311f0e736081e0b64b22e917b651536a (commit) via 87d70b63a53e7268512c7890cb55192669342534 (commit) via aff9929b43cba794e5b99a9be5c8ca47873154d1 (commit) via 3847d426e3a530786b82fecfdbc9793b44b88cd3 (commit) via 7d061fced39d72bd664d04e254c1e3ba6cf99fbc (commit) via 611383586e68921ba4640134c491a4d2b57933d9 (commit) from e0670973d5c0b837eb5a9f1670e47107f466fbc7 (commit) - Log - commit 429ff318d613047cf94accdc17e8d7c0dc144657 Author: Matt Caswell Date: Wed Feb 8 17:27:09 2017 + Remove a double call to ssl3_send_alert() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 319a33d0060b77d9446894b8a386718abcaee1a4 Author: Matt Caswell Date: Wed Feb 8 17:16:25 2017 + Fix a bogus uninit variable warning Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 0dd7ba24e835fc66afc4997b376bc2a5e1f03992 Author: Matt Caswell Date: Mon Feb 6 16:52:38 2017 + Add a bytestogroup macro For converting the 2 byte group id into an unsigned int. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 2248dbebeeedd77f08d67e3dcd9031f6c1f0894f Author: Matt Caswell Date: Mon Feb 6 16:47:29 2017 + Various style fixes following review feedback Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit b0bfd1408506b399081186aa2a15cd60ed001595 Author: Matt Caswell Date: Thu Feb 2 16:28:45 2017 + Update the tls13messages test to add some HRR scenarios Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit d542790b0767535bce903d9f6ad314357484d67f Author: Matt Caswell Date: Thu Feb 2 16:06:50 2017 + Update the kex modes tests to check various HRR scenarios Make sure we get an HRR in the right circumstances based on kex mode. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 0adb6417403f4be801b8da28cb83efb60f79f66c Author: Matt Caswell Date: Thu Feb 2 16:06:28 2017 + Update TLSProxy to know about HelloRetryRequest messages Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit f6cec2d8badb6e9b01e8f477f98fdeecc32e46a5 Author: Matt Caswell Date: Thu Feb 2 14:54:24 2017 + Update test counting in checkhandshake.pm Previously counting the number of tests in checkhandshake.pm took an initial guess and then modified it based on various known special cases. That is becoming increasingly untenable, so this changes it to properly calculate the number of tests we expect to run. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 38f5c30b311f0e736081e0b64b22e917b651536a Author: Matt Caswell Date: Thu Feb 2 13:12:08 2017 + Update the key_share tests for HelloRetryRequest Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 87d70b63a53e7268512c7890cb55192669342534 Author: Matt Caswell Date: Thu Feb 2 11:16:25 2017 + Add trace support for HelloRetryRequest Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit aff9929b43cba794e5b99a9be5c8ca47873154d1 Author: Matt Caswell Date: Wed Feb 1 17:10:45 2017 + Implement support for resumption with a HelloRetryRequest Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 3847d426e3a530786b82fecfdbc9793b44b88cd3 Author: Matt Caswell Date: Wed Feb 1 13:31:27 2017 + Add client side support for parsing Hello Retry Request Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 7d061fced39d72bd664d04e254c1e3ba6cf99fbc Author: Matt Caswell Date: Mon Jan 30 16:16:28 2017 + Add server side support for creating the Hello Retry Request message Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) commit 611383586e68921ba4640134c491a4d2b57933d9 Author: Matt Caswell Date: Tue Jan 31
[openssl-commits] [web] master update
The branch master has been updated via e088c8bb8449c3613e41a5200acbd56cd23268b8 (commit) from 001a0f55253e2dc9dd7360b6e5d20a158c319bcc (commit) - Log - commit e088c8bb8449c3613e41a5200acbd56cd23268b8 Author: Mark J. Cox Date: Tue Feb 14 10:45:51 2017 + Add blog post and bylaws --- Summary of changes: news/newsflash.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 8d8e4b7..a32903f 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +13-Feb-2017: New Blog post: https://www.openssl.org/blog/blog/2017/02/13/bylaws/";>Project Bylaws +13-Feb-2017: New https://www.openssl.org/policies/bylaws.html";>OpenSSL Bylaws published 13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 16th February 2017 26-Jan-2017: Security Advisory: several security fixes 26-Jan-2017: OpenSSL 1.1.0d is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 4fd35d83412946d19da05d4c89f6c2002d5c2e82 (commit) from 07109409daa674e4e766523a1dc51edb06299e03 (commit) - Log - commit 4fd35d83412946d19da05d4c89f6c2002d5c2e82 Author: Yuchi Date: Sun Feb 5 19:33:47 2017 -0500 mem leak on error path and error propagation fix Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2559) (cherry picked from commit e0670973d5c0b837eb5a9f1670e47107f466fbc7) --- Summary of changes: crypto/ec/ec_ameth.c | 4 +++- ssl/ssl_ciph.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index d089af7..2c41c6e 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -342,8 +342,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { +OPENSSL_free(ep); return 0; +} return 1; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2ad8f43..92b022b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -2001,7 +2001,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); -return 0; +return 1; } MemCheck_off(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via b37fce59cb7c48776361ac8cb8a808793016eefd (commit) from 955286c9f38c11b8be719d632fa9267eb13467f8 (commit) - Log - commit b37fce59cb7c48776361ac8cb8a808793016eefd Author: Yuchi Date: Sun Feb 5 19:33:47 2017 -0500 mem leak on error path and error propagation fix Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2559) (cherry picked from commit e0670973d5c0b837eb5a9f1670e47107f466fbc7) --- Summary of changes: apps/ts.c| 8 +++- crypto/ec/ec_ameth.c | 4 +++- ssl/ssl_ciph.c | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/ts.c b/apps/ts.c index eda5297..14c533b 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -890,9 +890,15 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, goto err; f = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { +BIO *out = NULL; + f |= TS_VFY_DATA; -if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL) +if ((out = BIO_new_file(data, "rb")) == NULL) +goto err; +if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) { +BIO_free_all(out); goto err; +} } else if (digest != NULL) { long imprint_len; unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 66437e0..fa5bd03 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -254,8 +254,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { +OPENSSL_free(ep); return 0; +} return 1; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 99b64bb..dad2ec1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1827,7 +1827,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); -return 0; +return 1; } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e0670973d5c0b837eb5a9f1670e47107f466fbc7 (commit) from b84460ad3a3e4fcb22efaa0a8365b826f4264ecf (commit) - Log - commit e0670973d5c0b837eb5a9f1670e47107f466fbc7 Author: Yuchi Date: Sun Feb 5 19:33:47 2017 -0500 mem leak on error path and error propagation fix Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2559) --- Summary of changes: apps/ts.c| 8 +++- crypto/ec/ec_ameth.c | 4 +++- ssl/ssl_ciph.c | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/ts.c b/apps/ts.c index 6c0adb1..0db6b50 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -887,9 +887,15 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, goto err; f = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { +BIO *out = NULL; + f |= TS_VFY_DATA; -if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL) +if ((out = BIO_new_file(data, "rb")) == NULL) +goto err; +if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) { +BIO_free_all(out); goto err; +} } else if (digest != NULL) { long imprint_len; unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 66437e0..fa5bd03 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -254,8 +254,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { +OPENSSL_free(ep); return 0; +} return 1; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d28b53d..93da3dc 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1838,7 +1838,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); -return 0; +return 1; } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits