[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_1
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1 Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-psk
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via bf1c92faf6d3adba62165432164f5732da3d99c9 (commit) from 6542af0571ccf491022c8d3494871c73c2127389 (commit) - Log - commit bf1c92faf6d3adba62165432164f5732da3d99c9 Author: PauliDate: Tue Mar 7 10:12:05 2017 +1000 Increase the password buffer size to APP_PASS_LEN. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2868) (cherry picked from commit bf580d5f30368f7ebc4c44f10575b5f0b411d594) --- Summary of changes: apps/pkcs8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 93ffdd5..4b3fa10 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -66,7 +66,7 @@ int pkcs8_main(int argc, char **argv) char *infile = NULL, *outfile = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; #ifndef OPENSSL_NO_UI -char pass[50]; +char pass[APP_PASS_LEN]; #endif char *passin = NULL, *passout = NULL, *p8pass = NULL; OPTION_CHOICE o; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via bf580d5f30368f7ebc4c44f10575b5f0b411d594 (commit) from cadb015b021065640c7ae02c5eefa0e04cdbd45e (commit) - Log - commit bf580d5f30368f7ebc4c44f10575b5f0b411d594 Author: PauliDate: Tue Mar 7 10:12:05 2017 +1000 Increase the password buffer size to APP_PASS_LEN. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2868) --- Summary of changes: apps/pkcs8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index e12c5d3..7ee23a2 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -66,7 +66,7 @@ int pkcs8_main(int argc, char **argv) char *infile = NULL, *outfile = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; #ifndef OPENSSL_NO_UI -char pass[50]; +char pass[APP_PASS_LEN]; #endif char *passin = NULL, *passout = NULL, *p8pass = NULL; OPTION_CHOICE o; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-comp
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-comp Commit log since last time: cadb015 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 579a674 util/process_docs.pl: make it possible to add a suffix to man docs c1074ce Add a test to check that we correctly handle record overflows 4321969 Tweak the TLSv1.3 record overflow limits febb0af Fix double free in cookie generation. 6556519 Remove some duplicate manpage entries 44eb65c Add documentation on platform specific checks d192a3a Add a platform specific configuration checker 6979583 Fix an endless loop in rsa_builtin_keygen. e498d95 Fix no-ec 548d015 Fix a test failure with no-tls1_1 593a2aa Fix no-psk e6941c7 Don't call memcmp with a NULL pointer Build log ended with (last 100 lines): Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok # Failed test 'running ssl_test 13-fragmentation.conf' # at ../../openssl/test/recipes/80-test_ssl_new.t line 135. # Looks like you failed 1 test of 3. # Failed test 'Test configuration 13-fragmentation.conf' # at ../../openssl/test/recipes/80-test_ssl_new.t line 101. # Looks like you failed 1 test of 22. ../../openssl/test/recipes/80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/22 subtests ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok # Failed test 'running sslcorrupttest' # at ../../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1. ../../openssl/test/recipes/80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_bioprint.t . ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl/test/recipes/90-test_external.t . skipped: No external tests in this configuration ../../openssl/test/recipes/90-test_gmdiff.t ... ok ../../openssl/test/recipes/90-test_ige.t .. ok ../../openssl/test/recipes/90-test_memleak.t .. ok ../../openssl/test/recipes/90-test_overhead.t . skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ... ok ../../openssl/test/recipes/90-test_shlibload.t ok ../../openssl/test/recipes/90-test_srp.t .. ok # Failed test 'running sslapitest' # at ../../openssl/test/recipes/90-test_sslapi.t line 20. # Looks like you failed 1 test of 1. ../../openssl/test/recipes/90-test_sslapi.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_threads.t .. ok
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 6542af0571ccf491022c8d3494871c73c2127389 (commit) via b7a9c3fcb5fc11cc102c4520514e01c09a62a1d8 (commit) from c6d8bbd7e25e5184112247fb680ddcdea88d4edb (commit) - Log - commit 6542af0571ccf491022c8d3494871c73c2127389 Author: Richard LevitteDate: Mon Mar 6 21:42:33 2017 +0100 Unix Makefile: Have manual generation use the same perl script as Windows and VMS Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2864) commit b7a9c3fcb5fc11cc102c4520514e01c09a62a1d8 Author: Richard Levitte Date: Mon Mar 6 21:40:48 2017 +0100 util/process_docs.pl: make it possible to add a suffix to man docs Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2864) --- Summary of changes: Configurations/unix-Makefile.tmpl | 104 -- util/process_docs.pl | 13 - 2 files changed, 21 insertions(+), 96 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index c029817..27b34b9 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -549,115 +549,29 @@ uninstall_runtime: @ : {- output_on() unless windowsdll(); "" -} -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin -# A method to extract all names from a .pod file -# The first sed extracts everything between "=head1 NAME" and the next =head1 -# The perl command joins all the lines into one -# The second sed removes the description and turns all commas into spaces -# VoilĂ , you have a space separated list of names! -EXTRACT_NAMES=sed -e '1,/^=head1 *NAME *$$/d;/^=head1/,$$d' | \ - $(PERL) -p -0 -e 's/\n/ /g; END {print "\n"}' | \ - sed -e 's/ - .*$$//;s/,/ /g' -PROCESS_PODS=\ - set -e; \ - here=`cd $(SRCDIR); pwd`; \ - point=$$here/util/point.sh; \ - for ds in apps:1 crypto:3 ssl:3; do \ - defdir=`echo $$ds | cut -f1 -d:`; \ - defsec=`echo $$ds | cut -f2 -d:`; \ - for p in $(SRCDIR)/doc/$$defdir/*.pod; do \ - SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \ - [ -z "$$SEC" ] && SEC=$$defsec; \ - fn=`basename $$p .pod`; \ - Name=$$fn; \ - NAME=`echo $$fn | tr '[a-z]' '[A-Z]'`; \ - suf=`eval "echo $$OUTSUFFIX"`; \ - top=`eval "echo $$OUTTOP"`; \ - $(PERL) $(SRCDIR)/util/mkdir-p.pl $$top/man$$SEC; \ - echo "install $$p -> $$top/man$$SEC/$$fn$$suf"; \ - cat $$p | eval "$$GENERATE" \ - > $$top/man$$SEC/$$fn$$suf; \ - names=`cat $$p | $(EXTRACT_NAMES)`; \ - ( cd $$top/man$$SEC; \ - for n in $$names; do \ - comp_n="$$n"; \ - comp_fn="$$fn"; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - comp_n=`echo "$$n" | tr '[A-Z]' '[a-z]'`; \ - comp_fn=`echo "$$fn" | tr '[A-Z]' '[a-z]'`; \ - ;; \ - esac; \ - if [ "$$comp_n" != "$$comp_fn" ]; then \ - echo "link $$top/man$$SEC/$$n$$suf -> $$top/man$$SEC/$$fn$$suf"; \ - PLATFORM=$(PLATFORM) $$point $$fn$$suf $$n$$suf; \ - fi; \ - done ); \ - done; \ - done -UNINSTALL_DOCS=\ - set -e; \ - here=`cd $(SRCDIR); pwd`; \ - for ds in apps:1 crypto:3 ssl:3; do \ - defdir=`echo $$ds | cut -f1 -d:`; \ - defsec=`echo $$ds | cut -f2 -d:`; \ - for p in $(SRCDIR)/doc/$$defdir/*.pod; do \ - SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \ - [ -z "$$SEC" ] && SEC=$$defsec; \ - fn=`basename $$p .pod`; \ - suf=`eval "echo $$OUTSUFFIX"`; \ - top=`eval "echo $$OUTTOP"`; \ - echo "$(RM) $$top/man$$SEC/$$fn$$suf"; \ - $(RM) $$top/man$$SEC/$$fn$$suf; \ - names=`cat $$p | $(EXTRACT_NAMES)`; \ - for n in $$names; do \ - comp_n="$$n"; \ - comp_fn="$$fn"; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - comp_n=`echo "$$n" | tr '[A-Z]' '[a-z]'`; \ - comp_fn=`echo "$$fn" | tr '[A-Z]' '[a-z]'`; \ - ;; \ - esac; \ - if [ "$$comp_n" != "$$comp_fn" ]; then \ - echo "$(RM)
[openssl-commits] [openssl] master update
The branch master has been updated via cadb015b021065640c7ae02c5eefa0e04cdbd45e (commit) via 579a6745337fe8dc4ce34fac6367fa197a7cc219 (commit) from c1074ce096e98d3175292cbd2240ead7f1f67b32 (commit) - Log - commit cadb015b021065640c7ae02c5eefa0e04cdbd45e Author: Richard LevitteDate: Mon Mar 6 21:17:32 2017 +0100 Unix Makefile: Have manual generation use the same perl script as Windows and VMS Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2863) commit 579a6745337fe8dc4ce34fac6367fa197a7cc219 Author: Richard Levitte Date: Mon Mar 6 21:16:35 2017 +0100 util/process_docs.pl: make it possible to add a suffix to man docs Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2863) --- Summary of changes: Configurations/unix-Makefile.tmpl | 98 --- util/process_docs.pl | 13 +- 2 files changed, 21 insertions(+), 90 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 87a9e1b..01f5665 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -563,109 +563,29 @@ uninstall_runtime: @ : {- output_on() unless windowsdll(); "" -} -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin -# A method to extract all names from a .pod file -# The first sed extracts everything between "=head1 NAME" and the next =head1 -# The perl command joins all the lines into one -# The second sed removes the description and turns all commas into spaces -# VoilĂ , you have a space separated list of names! -EXTRACT_NAMES=sed -e '1,/^=head1 *NAME *$$/d;/^=head1/,$$d' | \ - $(PERL) -p -0 -e 's/\n/ /g; END {print "\n"}' | \ - sed -e 's/ - .*$$//;s/,/ /g' -PROCESS_PODS=\ - set -e; \ - here=`cd $(SRCDIR); pwd`; \ - point=$$here/util/point.sh; \ - for ds in man1 man3 man5 man7 ; do \ - SEC=`echo $$ds | sed -e s/man//`; \ - for p in $(SRCDIR)/doc/$$ds/*.pod; do \ - fn=`basename $$p .pod`; \ - Name=$$fn; \ - NAME=`echo $$fn | tr '[a-z]' '[A-Z]'`; \ - suf=`eval "echo $$OUTSUFFIX"`; \ - top=`eval "echo $$OUTTOP"`; \ - $(PERL) $(SRCDIR)/util/mkdir-p.pl $$top/man$$SEC; \ - echo "install $$p -> $$top/man$$SEC/$$fn$$suf"; \ - cat $$p | eval "$$GENERATE" \ - > $$top/man$$SEC/$$fn$$suf; \ - names=`cat $$p | $(EXTRACT_NAMES)`; \ - ( cd $$top/man$$SEC; \ - for n in $$names; do \ - comp_n="$$n"; \ - comp_fn="$$fn"; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - comp_n=`echo "$$n" | tr '[A-Z]' '[a-z]'`; \ - comp_fn=`echo "$$fn" | tr '[A-Z]' '[a-z]'`; \ - ;; \ - esac; \ - if [ "$$comp_n" != "$$comp_fn" ]; then \ - echo "link $$top/man$$SEC/$$n$$suf -> $$top/man$$SEC/$$fn$$suf"; \ - PLATFORM=$(PLATFORM) $$point $$fn$$suf $$n$$suf; \ - fi; \ - done ); \ - done; \ - done -UNINSTALL_DOCS=\ - set -e; \ - here=`cd $(SRCDIR); pwd`; \ - for ds in man1 man3 man5 man7 ; do \ - SEC=`echo $$ds | sed -e s/man//`; \ - for p in $(SRCDIR)/doc/$$ds/*.pod; do \ - fn=`basename $$p .pod`; \ - suf=`eval "echo $$OUTSUFFIX"`; \ - top=`eval "echo $$OUTTOP"`; \ - echo "$(RM) $$top/man$$SEC/$$fn$$suf"; \ - $(RM) $$top/man$$SEC/$$fn$$suf; \ - names=`cat $$p | $(EXTRACT_NAMES)`; \ - for n in $$names; do \ - comp_n="$$n"; \ - comp_fn="$$fn"; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - comp_n=`echo "$$n" | tr '[A-Z]' '[a-z]'`; \ - comp_fn=`echo "$$fn" | tr '[A-Z]' '[a-z]'`; \ - ;; \ - esac; \ - if [ "$$comp_n" != "$$comp_fn" ]; then \ - echo "$(RM) $$top/man$$SEC/$$n$$suf"; \ - $(RM) $$top/man$$SEC/$$n$$suf; \ - fi; \ - done; \ - ( $(RMDIR) $$top/man$$SEC 2>/dev/null || exit 0 ); \ - done; \ - done install_man_docs: @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @echo "*** Installing manpages" - @\ -
[openssl-commits] [openssl] master update
The branch master has been updated via c1074ce096e98d3175292cbd2240ead7f1f67b32 (commit) via 432196951390796cf2353de2d92f952f1deaa9d0 (commit) from febb0afaef47ed74b2bdbde0b4278263390f4185 (commit) - Log - commit c1074ce096e98d3175292cbd2240ead7f1f67b32 Author: Matt CaswellDate: Mon Mar 6 16:56:42 2017 + Add a test to check that we correctly handle record overflows Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2861) commit 432196951390796cf2353de2d92f952f1deaa9d0 Author: Matt Caswell Date: Mon Mar 6 15:13:25 2017 + Tweak the TLSv1.3 record overflow limits Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2861) --- Summary of changes: include/openssl/ssl3.h | 11 +- ssl/record/ssl3_record.c | 26 ++- test/build.info| 6 +- .../{90-test_sslapi.t => 70-test_recordlen.t} | 8 +- test/recordlentest.c | 221 + 5 files changed, 256 insertions(+), 16 deletions(-) copy test/recipes/{90-test_sslapi.t => 70-test_recordlen.t} (68%) create mode 100644 test/recordlentest.c diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index e6df97b..604a704 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -170,7 +170,8 @@ extern "C" { * practice the value is lower than this. The overhead is the maximum number * of padding bytes (256) plus the mac size. */ -# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD(256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 /* * OpenSSL currently only uses a padding length of at most one block so the @@ -186,12 +187,14 @@ extern "C" { # define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH # else # define SSL3_RT_MAX_COMPRESSED_LENGTH \ -(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) # endif # define SSL3_RT_MAX_ENCRYPTED_LENGTH\ -(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ +(SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) # define SSL3_RT_MAX_PACKET_SIZE \ -(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) +(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 4149969..1e281fc 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -340,6 +340,25 @@ int ssl3_get_record(SSL *s) /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } +if (SSL_IS_TLS13(s)) { +if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { +al = SSL_AD_RECORD_OVERFLOW; +SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); +goto f_err; +} +} else { +size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + +if (s->expand == NULL) +len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; + +if (thisrr->length > len) { +al = SSL_AD_RECORD_OVERFLOW; +SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); +goto f_err; +} +} + /* * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data. * Calculate how much more data we need to read for the rest of the @@ -388,13 +407,6 @@ int ssl3_get_record(SSL *s) * thisrr->length bytes of encrypted compressed stuff. */ -/* check is not needed I believe */ -if (thisrr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { -al = SSL_AD_RECORD_OVERFLOW; -SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); -goto f_err; -} - /* decrypt in place in 'thisrr->input' */ thisrr->data = thisrr->input; thisrr->orig_len = thisrr->length; diff --git a/test/build.info b/test/build.info index 6bdeb85..f1f97f9 100644 --- a/test/build.info +++ b/test/build.info @@ -28,7 +28,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest
[openssl-commits] [openssl] master update
The branch master has been updated via febb0afaef47ed74b2bdbde0b4278263390f4185 (commit) from 6556519ea0581323f2330684ad2ae81f0448ef52 (commit) - Log - commit febb0afaef47ed74b2bdbde0b4278263390f4185 Author: Kurt RoeckxDate: Sun Mar 5 21:00:11 2017 +0100 Fix double free in cookie generation. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell GH: #2850 --- Summary of changes: ssl/statem/extensions_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 23dc8d3..8860462 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -658,6 +658,7 @@ int tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, ret = 1; end: OPENSSL_free(s->ext.tls13_cookie); +s->ext.tls13_cookie = NULL; s->ext.tls13_cookie_len = 0; return ret; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via c6d8bbd7e25e5184112247fb680ddcdea88d4edb (commit) from 08beac4f3d37247e2ed3bf49dd7d760f4c3e0389 (commit) - Log - commit c6d8bbd7e25e5184112247fb680ddcdea88d4edb Author: Rich SalzDate: Fri Mar 3 15:03:42 2017 -0500 Remove some duplicate manpage entries Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2860) (cherry picked from commit 6556519ea0581323f2330684ad2ae81f0448ef52) --- Summary of changes: doc/crypto/X509_STORE_set_verify_cb_func.pod | 6 ++ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod index f9fc1b1..68d6a65 100644 --- a/doc/crypto/X509_STORE_set_verify_cb_func.pod +++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod @@ -32,16 +32,13 @@ X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, -X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn, -X509_STORE_CTX_verify_cb, X509_STORE_CTX_verify_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set verification callback =head1 SYNOPSIS #include - typedef int (*X509_STORE_CTX_verify_cb)(int ok, X509_STORE_CTX *ctx); - typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, @@ -235,6 +232,7 @@ function type. =head1 SEE ALSO L , L , +L , L , L =head1 HISTORY diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 76f1901..8f95cfa 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -3,7 +3,6 @@ =head1 NAME X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6556519ea0581323f2330684ad2ae81f0448ef52 (commit) from 44eb65ce20d673d0332802275d54f6811f448076 (commit) - Log - commit 6556519ea0581323f2330684ad2ae81f0448ef52 Author: Rich SalzDate: Fri Mar 3 15:03:42 2017 -0500 Remove some duplicate manpage entries [skip ci] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2860) --- Summary of changes: doc/man3/X509_STORE_set_verify_cb_func.pod | 6 ++ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index f9fc1b1..68d6a65 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -32,16 +32,13 @@ X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, -X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn, -X509_STORE_CTX_verify_cb, X509_STORE_CTX_verify_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set verification callback =head1 SYNOPSIS #include - typedef int (*X509_STORE_CTX_verify_cb)(int ok, X509_STORE_CTX *ctx); - typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, @@ -235,6 +232,7 @@ function type. =head1 SEE ALSO L , L , +L , L , L =head1 HISTORY diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 76f1901..8f95cfa 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -3,7 +3,6 @@ =head1 NAME X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 08beac4f3d37247e2ed3bf49dd7d760f4c3e0389 (commit) via a40b5be27e28eaf5a8be7193c8b6460bc6f851b4 (commit) from 0d41526f4f76b2f9384540503c21e8ef41e1fbbb (commit) - Log - commit 08beac4f3d37247e2ed3bf49dd7d760f4c3e0389 Author: Richard LevitteDate: Mon Mar 6 11:19:49 2017 +0100 Add documentation on platform specific checks Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2851) (cherry picked from commit 44eb65ce20d673d0332802275d54f6811f448076) commit a40b5be27e28eaf5a8be7193c8b6460bc6f851b4 Author: Richard Levitte Date: Sun Mar 5 21:51:18 2017 +0100 Add a platform specific configuration checker For each platform, we may need to perform some basic checks to see that available tools perform as we expect them. For the moment, the added checkers test that Perl gives the expected path format. This should help MingW users to see if they run an appropriate Perl implementation, for example. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2851) (cherry picked from commit d192a3aaeb76fc89f8285b4dc938c2bc0c37d0d4) --- Summary of changes: Configurations/README | 37 + Configurations/unix-checker.pm| 22 ++ Configurations/windows-checker.pm | 22 ++ Configure | 19 +++ 4 files changed, 100 insertions(+) create mode 100644 Configurations/unix-checker.pm create mode 100644 Configurations/windows-checker.pm diff --git a/Configurations/README b/Configurations/README index da64e8c..428ac31 100644 --- a/Configurations/README +++ b/Configurations/README @@ -1,3 +1,20 @@ +Intro += + +This directory contains a few sets of files that are used for +configuration in diverse ways: + +*.conf Target platform configurations, please read +'Configurations of OpenSSL target platforms' for more +information. +*.tmpl Build file templates, please read 'Build-file +programming with the "unified" build system' as well +as 'Build info files' for more information. +*.pmHelper scripts / modules for the main `Configure` +script. See 'Configure helper scripts for more +information. + + Configurations of OpenSSL target platforms == @@ -653,3 +670,23 @@ else, end it like this: ""; # Make sure no lingering values end up in the Makefile -} + + +Configure helper scripts + + +Configure uses helper scripts in this directory: + +Checker scripts +--- + +These scripts are per platform family, to check the integrity of the +tools used for configuration and building. The checker script used is +either {build_platform}-{build_file}-checker.pm or +{build_platform}-checker.pm, where {build_platform} is the second +'build_scheme' list element from the configuration target data, and +{build_file} is 'build_file' from the same target data. + +If the check succeeds, the script is expected to end with a non-zero +expression. If the check fails, the script can end with a zero, or +with a `die`. diff --git a/Configurations/unix-checker.pm b/Configurations/unix-checker.pm new file mode 100644 index 000..b39b0eb --- /dev/null +++ b/Configurations/unix-checker.pm @@ -0,0 +1,22 @@ +#! /usr/bin/perl + +use Config; + +# Check that the perl implementation file modules generate paths that +# we expect for the platform +use File::Spec::Functions qw(:DEFAULT rel2abs); + +if (rel2abs('.') !~ m|/|) { +die <
[openssl-commits] [openssl] master update
The branch master has been updated via 44eb65ce20d673d0332802275d54f6811f448076 (commit) via d192a3aaeb76fc89f8285b4dc938c2bc0c37d0d4 (commit) from 697958313ba48c8ebc832ab8f9f2b845fb7acfd4 (commit) - Log - commit 44eb65ce20d673d0332802275d54f6811f448076 Author: Richard LevitteDate: Mon Mar 6 11:19:49 2017 +0100 Add documentation on platform specific checks Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2851) commit d192a3aaeb76fc89f8285b4dc938c2bc0c37d0d4 Author: Richard Levitte Date: Sun Mar 5 21:51:18 2017 +0100 Add a platform specific configuration checker For each platform, we may need to perform some basic checks to see that available tools perform as we expect them. For the moment, the added checkers test that Perl gives the expected path format. This should help MingW users to see if they run an appropriate Perl implementation, for example. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2851) --- Summary of changes: Configurations/README | 37 + Configurations/unix-checker.pm| 22 ++ Configurations/windows-checker.pm | 22 ++ Configure | 19 +++ 4 files changed, 100 insertions(+) create mode 100644 Configurations/unix-checker.pm create mode 100644 Configurations/windows-checker.pm diff --git a/Configurations/README b/Configurations/README index 21a6f03..2958461 100644 --- a/Configurations/README +++ b/Configurations/README @@ -1,3 +1,20 @@ +Intro += + +This directory contains a few sets of files that are used for +configuration in diverse ways: + +*.conf Target platform configurations, please read +'Configurations of OpenSSL target platforms' for more +information. +*.tmpl Build file templates, please read 'Build-file +programming with the "unified" build system' as well +as 'Build info files' for more information. +*.pmHelper scripts / modules for the main `Configure` +script. See 'Configure helper scripts for more +information. + + Configurations of OpenSSL target platforms == @@ -672,3 +689,23 @@ else, end it like this: ""; # Make sure no lingering values end up in the Makefile -} + + +Configure helper scripts + + +Configure uses helper scripts in this directory: + +Checker scripts +--- + +These scripts are per platform family, to check the integrity of the +tools used for configuration and building. The checker script used is +either {build_platform}-{build_file}-checker.pm or +{build_platform}-checker.pm, where {build_platform} is the second +'build_scheme' list element from the configuration target data, and +{build_file} is 'build_file' from the same target data. + +If the check succeeds, the script is expected to end with a non-zero +expression. If the check fails, the script can end with a zero, or +with a `die`. diff --git a/Configurations/unix-checker.pm b/Configurations/unix-checker.pm new file mode 100644 index 000..b39b0eb --- /dev/null +++ b/Configurations/unix-checker.pm @@ -0,0 +1,22 @@ +#! /usr/bin/perl + +use Config; + +# Check that the perl implementation file modules generate paths that +# we expect for the platform +use File::Spec::Functions qw(:DEFAULT rel2abs); + +if (rel2abs('.') !~ m|/|) { +die <
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 0d41526f4f76b2f9384540503c21e8ef41e1fbbb (commit) from 0b6b011fc6d6f5034dfc197750057a8b1977f526 (commit) - Log - commit 0d41526f4f76b2f9384540503c21e8ef41e1fbbb Author: Rich SalzDate: Mon Mar 6 09:54:17 2017 -0500 Fix an endless loop in rsa_builtin_keygen. And add a test case. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2757) (cherry picked from commit 697958313ba48c8ebc832ab8f9f2b845fb7acfd4) --- Summary of changes: crypto/rsa/rsa_gen.c | 23 +++ test/recipes/15-test_genrsa.t | 26 ++ 2 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 test/recipes/15-test_genrsa.t diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 0d1d56b..4ced965 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -43,6 +43,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; +/* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. + */ +if (bits < 16) { +ok = 0; /* we set our own err */ +RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); +goto err; +} + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -94,21 +104,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { -/* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. Check for this and - * bail if it happens 3 times. - */ -unsigned int degenerate = 0; do { if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; -} while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -if (degenerate == 3) { -ok = 0; /* we set our own err */ -RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); -goto err; -} +} while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t new file mode 100644 index 000..cc74e30 --- /dev/null +++ b/test/recipes/15-test_genrsa.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_genrsa"); + +plan tests => 5; + +is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); +ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +unlink 'genrsatest.pem'; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 697958313ba48c8ebc832ab8f9f2b845fb7acfd4 (commit) from e498d95454cf58685e659ec8ac5c57131d7f2de7 (commit) - Log - commit 697958313ba48c8ebc832ab8f9f2b845fb7acfd4 Author: Rich SalzDate: Mon Mar 6 09:54:17 2017 -0500 Fix an endless loop in rsa_builtin_keygen. And add a test case. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2757) --- Summary of changes: crypto/rsa/rsa_gen.c | 23 +++ test/recipes/15-test_genrsa.t | 26 ++ 2 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 test/recipes/15-test_genrsa.t diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 0d1d56b..4ced965 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -43,6 +43,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; +/* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. + */ +if (bits < 16) { +ok = 0; /* we set our own err */ +RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); +goto err; +} + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -94,21 +104,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { -/* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. Check for this and - * bail if it happens 3 times. - */ -unsigned int degenerate = 0; do { if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; -} while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -if (degenerate == 3) { -ok = 0; /* we set our own err */ -RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); -goto err; -} +} while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t new file mode 100644 index 000..cc74e30 --- /dev/null +++ b/test/recipes/15-test_genrsa.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_genrsa"); + +plan tests => 5; + +is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); +ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +unlink 'genrsatest.pem'; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9242 (master - 593a2aa)
Build Update for openssl/openssl - Build: #9242 Status: Errored Duration: 7 minutes and 7 seconds Commit: 593a2aa (master) Author: Matt Caswell Message: Fix no-psk Fixes #2847 Reviewed-by: Richard Levitte(Merged from https://github.com/openssl/openssl/pull/2856) View the changeset: https://github.com/openssl/openssl/compare/e6941c7814bb...593a2aa3eb8e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/208147393 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e498d95454cf58685e659ec8ac5c57131d7f2de7 (commit) from 548d0153cc81439547f511adeb252c52c898794b (commit) - Log - commit e498d95454cf58685e659ec8ac5c57131d7f2de7 Author: Matt CaswellDate: Mon Mar 6 10:16:07 2017 + Fix no-ec Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2858) --- Summary of changes: test/recipes/70-test_sslsigalgs.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index 0588797..dbd4870 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -118,7 +118,7 @@ SKIP: { } SKIP: { -skip "EC or TLSv1.2 disabled", 7 if disabled("tls1_2") || disabled("ec"); +skip "EC or TLSv1.2 disabled", 8 if disabled("tls1_2") || disabled("ec"); $proxy->filter(\_filter); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 548d0153cc81439547f511adeb252c52c898794b (commit) from 593a2aa3eb8e0153ff0b6af72b1af3327b46a19e (commit) - Log - commit 548d0153cc81439547f511adeb252c52c898794b Author: Matt CaswellDate: Mon Mar 6 10:03:53 2017 + Fix a test failure with no-tls1_1 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2857) --- Summary of changes: test/recipes/80-test_ssl_new.t | 1 + 1 file changed, 1 insertion(+) diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 5f44334..4173157 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -56,6 +56,7 @@ my $no_ocsp = disabled("ocsp"); my %conf_dependent_tests = ( "02-protocol-version.conf" => !$is_default_tls, "04-client_auth.conf" => !$is_default_tls, + "05-sni.conf" => disabled("tls1_1"), "07-dtls-protocol-version.conf" => !$is_default_dtls, "10-resumption.conf" => !$is_default_tls, "11-dtls_resumption.conf" => !$is_default_dtls, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 593a2aa3eb8e0153ff0b6af72b1af3327b46a19e (commit) from e6941c7814bb25729d65e1f8e87d1c110a0cbe7e (commit) - Log - commit 593a2aa3eb8e0153ff0b6af72b1af3327b46a19e Author: Matt CaswellDate: Mon Mar 6 09:51:54 2017 + Fix no-psk Fixes #2847 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2856) --- Summary of changes: apps/s_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 57bae82..a6048fb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -144,12 +144,12 @@ static long socket_mtu; #endif static int dtlslisten = 0; +static int early_data = 0; + #ifndef OPENSSL_NO_PSK static char *psk_identity = "Client_identity"; char *psk_key = NULL; /* by default PSK is not used */ -static int early_data = 0; - static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e6941c7814bb25729d65e1f8e87d1c110a0cbe7e (commit) from ee7002266cbdcfcfe002c94396795c9fb3d5a337 (commit) - Log - commit e6941c7814bb25729d65e1f8e87d1c110a0cbe7e Author: Matt CaswellDate: Sat Mar 4 23:58:03 2017 + Don't call memcmp with a NULL pointer If early data is sent to a server, but ALPN is not used then memcmp is called with a NULL pointer which is undefined behaviour. Fixes #2841 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/2845) --- Summary of changes: ssl/statem/extensions.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8c4013e..fab9bcb 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1252,8 +1252,9 @@ static int final_early_data(SSL *s, unsigned int context, int sent, int *al) || !s->ext.early_data_ok || s->hello_retry_request || s->s3->alpn_selected_len != s->session->ext.alpn_selected_len -|| memcmp(s->s3->alpn_selected, s->session->ext.alpn_selected, - s->s3->alpn_selected_len) != 0){ +|| (s->s3->alpn_selected_len > 0 +&& memcmp(s->s3->alpn_selected, s->session->ext.alpn_selected, + s->s3->alpn_selected_len) != 0)) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi Commit log since last time: ee70022 Add a test for TLSv1.3 cookies cfef502 Add basic TLSv1.3 cookie support 6356716 appveyor.yml: call upon cmd to redirect stderr. 8b0d424 apps/s_client.c: harden ldap_ExtendedResponse_parse. Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/asn1/asn1_lib.d.tmp -MT crypto/asn1/asn1_lib.o -c -o crypto/asn1/asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/asn1/asn1_par.d.tmp -MT crypto/asn1/asn1_par.o -c -o crypto/asn1/asn1_par.o ../openssl/crypto/asn1/asn1_par.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/asn1/asn_mime.d.tmp -MT crypto/asn1/asn_mime.o -c -o crypto/asn1/asn_mime.o ../openssl/crypto/asn1/asn_mime.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/asn1/asn_moid.d.tmp -MT crypto/asn1/asn_moid.o -c -o crypto/asn1/asn_moid.o ../openssl/crypto/asn1/asn_moid.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers