[openssl-commits] [openssl] master update
The branch master has been updated via 653162c6005b4594327029729c0bffcf7c15d58c (commit) from 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit) - Log - commit 653162c6005b4594327029729c0bffcf7c15d58c Author: Gregor JasnyDate: Sun May 13 19:51:52 2018 +0200 NOTES.ANDROID: fix typo in build notes CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6244) --- Summary of changes: NOTES.ANDROID | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTES.ANDROID b/NOTES.ANDROID index dcddc4c..103ed87 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -32,7 +32,7 @@ NDK 10d: ANDROID_NDK=/some/where/android-ndk-10d - PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin:$PATH + PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH ./Configure android-arm -D__ANDROID_API__=14 Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit) from 73cc84a132a08a02253ae168600fc4d16cd400d8 (commit) - Log - commit 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 Author: Andy PolyakovDate: Mon May 14 17:06:04 2018 +0200 windows-makefile.tmpl: delete export library prior link. LINK can outsmart itself and choose to not update export .lib upon corresponding .dll re-link. Since dependency is between .lib and all .obj-s, re-compilation of any .obj makes NMAKE relink .dll and all .exe-s over and over... Reviewed-by: Rich Salz --- Summary of changes: Configurations/windows-makefile.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 0752bbe..49af571 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -627,6 +627,7 @@ EOF return <<"EOF" $target: $deps IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest + IF EXIST \$@ DEL /F /Q \$@ \$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\ /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext$shared_def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1) $objs _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 7171f71ef10eb079322bbe99332f411a14f03891 (commit) from f1e92861c30e91139407e65fffd0af76ef48fd34 (commit) - Log - commit 7171f71ef10eb079322bbe99332f411a14f03891 Author: Matt CaswellDate: Wed May 2 16:07:13 2018 +0100 Mark DTLS records as read when we have finished with them The TLS code marks records as read when its finished using a record. The DTLS code did not do that. However SSL_has_pending() relies on it. So we should make DTLS consistent. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6160) --- Summary of changes: ssl/record/rec_layer_d1.c | 37 - ssl/record/ssl3_record.c | 14 -- 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 0eeed4f..6111a2e 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -473,6 +473,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); goto start; } @@ -482,8 +483,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); s->rwstate = SSL_NOTHING; -return (0); +return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -508,8 +510,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); -if (len <= 0) -return (len); +if (len <= 0) { +/* + * Mark a zero length record as read. This ensures multiple calls to + * SSL_read() with a zero length buffer will eventually cause + * SSL_pending() to report data as being available. + */ +if (SSL3_RECORD_get_length(rr) == 0) +SSL3_RECORD_set_read(rr); +return len; +} if ((unsigned int)len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); @@ -517,12 +527,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, n = (unsigned int)len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); -if (!peek) { +if (peek) { +if (SSL3_RECORD_get_length(rr) == 0) +SSL3_RECORD_set_read(rr); +} else { SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_off(rr, 0); +SSL3_RECORD_set_read(rr); } } #ifndef OPENSSL_NO_SCTP @@ -573,6 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* Exit and notify application to read again */ SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); @@ -617,6 +632,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, #endif s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); goto start; } @@ -626,6 +642,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_add_off(rr, 1); SSL3_RECORD_add_length(rr, -1); } +if (SSL3_RECORD_get_length(rr) == 0) +SSL3_RECORD_set_read(rr); *dest_len = dest_maxlen; } } @@ -696,6 +714,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } } else { SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); } /* @@ -720,6 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) { s->rlayer.d->handshake_fragment_len = 0; SSL3_RECORD_set_length(rr, 0); +SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } @@ -747,6 +767,7 @@ int
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 73cc84a132a08a02253ae168600fc4d16cd400d8 (commit) from ba8b48e98dd86851ca20733f819da5b76859e64a (commit) - Log - commit 73cc84a132a08a02253ae168600fc4d16cd400d8 Author: Matt CaswellDate: Mon May 14 18:35:30 2018 +0100 Suport TLSv1.3 draft 28 Also retains support for drafts 27 and 26 Fixes #6257 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6258) --- Summary of changes: include/openssl/tls1.h | 10 +++--- ssl/ssl_locl.h | 2 ++ ssl/statem/extensions_clnt.c | 8 ++-- ssl/statem/extensions_srvr.c | 4 ++-- ssl/statem/statem_lib.c| 17 - ssl/t1_trce.c | 14 -- test/recipes/70-test_sslversions.t | 7 --- util/perl/TLSProxy/Record.pm | 2 +- 8 files changed, 50 insertions(+), 14 deletions(-) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index b9f0918..37bdc7d 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -30,9 +30,13 @@ extern "C" { # define TLS1_3_VERSION 0x0304 # define TLS_MAX_VERSION TLS1_3_VERSION -/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -26 */ -# define TLS1_3_VERSION_DRAFT0x7f1a -# define TLS1_3_VERSION_DRAFT_TXT"TLS 1.3 (draft 26)" +/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */ +# define TLS1_3_VERSION_DRAFT_26 0x7f1a +# define TLS1_3_VERSION_DRAFT_27 0x7f1b +# define TLS1_3_VERSION_DRAFT0x7f1c +# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)" +# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)" +# define TLS1_3_VERSION_DRAFT_TXT"TLS 1.3 (draft 28)" /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x1 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c066e14..e02f5a1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1057,6 +1057,8 @@ struct ssl_st { * DTLS1_VERSION) */ int version; +/* TODO(TLS1.3): Remove this before release */ +int version_draft; /* SSLv3 */ const SSL_METHOD *method; /* diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index e4a5b3c..cc4563b 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -538,7 +538,9 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, for (currv = max_version; currv >= min_version; currv--) { /* TODO(TLS1.3): Remove this first if clause prior to release!! */ if (currv == TLS1_3_VERSION) { -if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) { +if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) +|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27) +|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); @@ -1789,7 +1791,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, } /* TODO(TLS1.3): Remove this before release */ -if (version == TLS1_3_VERSION_DRAFT) +if (version == TLS1_3_VERSION_DRAFT +|| version == TLS1_3_VERSION_DRAFT_27 +|| version == TLS1_3_VERSION_DRAFT_26) version = TLS1_3_VERSION; /* diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ec4e1b8..65b9d3b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -892,7 +892,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (!WPACKET_put_bytes_u16(, TLSEXT_TYPE_supported_versions) || !WPACKET_start_sub_packet_u16() /* TODO(TLS1.3): Fix this before release */ -|| !WPACKET_put_bytes_u16(, TLS1_3_VERSION_DRAFT) +|| !WPACKET_put_bytes_u16(, s->version_draft) || !WPACKET_close()) { WPACKET_cleanup(); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, @@ -1606,7 +1606,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) || !WPACKET_start_sub_packet_u16(pkt) /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */ -|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) +|| !WPACKET_put_bytes_u16(pkt, s->version_draft) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR,
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via fe4fe67139bc1e1abb62035d9eb0992f614bf645 (commit) from 4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit) - Log - commit fe4fe67139bc1e1abb62035d9eb0992f614bf645 Author: Richard LevitteDate: Mon May 14 05:01:54 2018 +0200 When configuring 'no-comp', zlib support should be disabled too Fixes #6241 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6248) --- Summary of changes: Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index 9c1879e..c7066dc 100755 --- a/Configure +++ b/Configure @@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled)) $depflags .= " -DOPENSSL_NO_$ALGO"; } } +if (/^comp$/) { $zlib = 0; } } print "\n"; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2f2VYHeha9M-2Box5kA59JLmb-2BZtXt09WkCsb0M-2BjBzpUv-2FN2csbZFzYsjLBjfXd-2BrZz2MyrDgxHf4FGUpNjxvJsHSF2gzqvniyyHLxIAfxbo-2F6o5q0O5OD4rtE2EBcPuoZs5vmq7twNjy7xCq-2Fyj37QZlHmXWUQDTEtbZYxQRxAObmHdiXPmG4MN4tzvUQt3DY-3D Build ID: 210768 Analysis Summary: New defects found: 0 Defects eliminated: 0 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8481434439e421d513350a81a01ba2e2a8e61b6e (commit) via 491c35324c9f4392ec3d59bb260bf9b7e588f881 (commit) from de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit) - Log - commit 8481434439e421d513350a81a01ba2e2a8e61b6e Author: Richard LevitteDate: Sun May 13 11:35:14 2018 +0200 Link in passphrase-encoding(7) in relevant documentation Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6179) commit 491c35324c9f4392ec3d59bb260bf9b7e588f881 Author: Richard Levitte Date: Sat May 5 00:06:07 2018 +0200 Docs: add general document on how pass phrases are handled Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6179) --- Summary of changes: doc/man1/openssl.pod | 3 + doc/man3/OSSL_STORE_open.pod | 11 ++- doc/man3/PEM_bytes_read_bio.pod | 7 +- doc/man3/PEM_read.pod| 7 +- doc/man3/PEM_read_CMS.pod| 9 +- doc/man3/PEM_read_bio_PrivateKey.pod | 7 +- doc/man3/PKCS12_create.pod | 7 +- doc/man3/PKCS12_newpass.pod | 3 +- doc/man3/PKCS12_parse.pod| 3 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 6 +- doc/man3/d2i_PKCS8PrivateKey_bio.pod | 7 +- doc/man7/passphrase-encoding.pod | 182 +++ 12 files changed, 242 insertions(+), 10 deletions(-) create mode 100644 doc/man7/passphrase-encoding.pod diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 03c07c0..a713269 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -439,6 +439,9 @@ password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off. +Note that character encoding may be relevant, please see +L . + =over 4 =item B diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 13f3722..b1467f4 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -112,6 +112,14 @@ URI, or if it's a different error (such as memory allocation failures); if the URI was parsable but the scheme unregistered, the top error will have the reason C. +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the B scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See L for further information. + =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B on success, or @@ -132,7 +140,8 @@ OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure. =head1 SEE ALSO -L , L , L +L , L , L , +L =head1 HISTORY diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod index d16ccd8..cd05582 100644 --- a/doc/man3/PEM_bytes_read_bio.pod +++ b/doc/man3/PEM_bytes_read_bio.pod @@ -55,6 +55,10 @@ use of BIO_s_file() indicates the use of the operating system stdio functionality, which includes buffering as a feature; BIO_s_fd() is likely to be more appropriate in such cases. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or @@ -63,7 +67,8 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or =head1 SEE ALSO L , -L +L , +L =head1 HISTORY diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod index 66cbc7d..2a017c6 100644 --- a/doc/man3/PEM_read.pod +++ b/doc/man3/PEM_read.pod @@ -110,10 +110,15 @@ Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See L and L . +PEM_do_header() makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 SEE ALSO L , L , -L . +L , +L =head1 COPYRIGHT diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod index 65a114d..0c22618 100644 --- a/doc/man3/PEM_read_CMS.pod +++ b/doc/man3/PEM_read_CMS.pod @@
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 66e4a8944b894b9301226bad193a7d8ec330742d (commit) from f54b665e29a0ed8df2ea322a1f9e1b8057f13894 (commit) - Log - commit 66e4a8944b894b9301226bad193a7d8ec330742d Author: Pavel KopylDate: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. (cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1) Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6238) --- Summary of changes: apps/ca.c | 5 - apps/verify.c | 1 + crypto/conf/conf_api.c | 2 ++ crypto/engine/eng_lib.c | 6 -- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 4f9de54..31e8773 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv) if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); -if (!BN_add_word(serial, 1)) +if (!BN_add_word(serial, 1)) { +X509_free(x); goto err; +} if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); +X509_free(x); goto err; } } diff --git a/apps/verify.c b/apps/verify.c index c4bd197..180ccf4 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { ERR_print_errors(bio_err); +X509_STORE_CTX_free(csc); goto end; } if (tchain) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 4cf7553..60c9440 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); +if (lh_CONF_VALUE_error(conf->data) > 0) +goto err; ok = 1; err: if (!ok) { diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index dc2abd2..b7a899f 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); -if (item) -sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); +if (item != NULL) { +if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) +OPENSSL_free(item); +} } /* The API function that performs all cleanup */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR ="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/t_req.d.tmp -MT crypto/x509/t_req.o -c -o crypto/x509/t_req.o ../openssl/crypto/x509/t_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR ="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/t_x509.d.tmp -MT crypto/x509/t_x509.o -c -o crypto/x509/t_x509.o ../openssl/crypto/x509/t_x509.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR ="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_att.d.tmp -MT crypto/x509/x509_att.o -c -o crypto/x509/x509_att.o ../openssl/crypto/x509/x509_att.c clang
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e22ce0d07496c53cd100c6d46a54d7a46c13bba9 (commit) from 1b261954028925c1e2c329928938dacacf0bb6c0 (commit) - Log - commit e22ce0d07496c53cd100c6d46a54d7a46c13bba9 Author: Pavel KopylDate: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. (cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1) Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6237) --- Summary of changes: apps/ca.c | 5 - apps/verify.c | 1 + crypto/conf/conf_api.c | 4 crypto/engine/eng_lib.c | 6 -- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index eb093d0..fe9d29b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -929,10 +929,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); -if (!BN_add_word(serial, 1)) +if (!BN_add_word(serial, 1)) { +X509_free(x); goto end; +} if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); +X509_free(x); goto end; } } diff --git a/apps/verify.c b/apps/verify.c index 0925ee6..9ca9f33 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { +X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 5535416..afbaefb 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); +if (lh_CONF_VALUE_error(conf->data) > 0) +goto err; return v; err: sk_CONF_VALUE_free(sk); +if (v != NULL) +OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 1b88d6f..7078876 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -144,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); -if (item) -sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); +if (item != NULL) { +if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) +OPENSSL_free(item); +} } /* The API function that performs all cleanup */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3sk1pzKP4Fju0jJRTzbZ9OpExEEnelm3LjYN8lnWfKLNX4IGMRlO-2FJeb8geQ-2Fcm5hzE4AHgJVIs80jx-2F0It7-2FmQMFqTISuuaFLxn3qodsp5pQmu7hu3MHX5ZP7XgFgW7mo0qFmYsf8MwSnbEYoFQebVi5NFs3If9clgNjRmYhn1C2mbGIqU-2BVw-2BFl-2BjT6XBAw-3D Build ID: 210763 Analysis Summary: New defects found: 0 Defects eliminated: 1 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.17995
Build openssl master.17995 completed Commit b8c2fd1dee by Matt Caswell on 5/14/2018 11:17 AM: fixup! Change the default number of NewSessionTickets we send to 2 Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit) from 66e4a8944b894b9301226bad193a7d8ec330742d (commit) - Log - commit 4080f4d2fefbb7186171eb620d565e91f56be5b3 Author: Richard LevitteDate: Wed May 2 14:28:53 2018 +0200 UI console: Restore tty settings, do not force ECHO after prompt The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6158) --- Summary of changes: crypto/ui/ui_openssl.c | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8a43590..5dcb91a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -567,17 +567,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); -tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), _new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; -tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; +tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12, 0, 0, 0, 0); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.17977
Build openssl master.17977 completed Commit 46175b4eda by Richard Levitte on 5/13/2018 7:45 PM: fixup! UI console: Restore tty settings, do not force ECHO after prompt Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit) from 1c534560dc905b6d399dbde242422f0cf5543286 (commit) - Log - commit de03cc92d1f3758ad1a525893c93e16b15e6cf45 Author: Richard LevitteDate: Wed May 2 14:18:55 2018 +0200 UI console: Restore tty settings, do not force ECHO after prompt The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6156) --- Summary of changes: crypto/ui/ui_openssl.c | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 3ccd8a7..078d10c 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -503,17 +503,13 @@ static int echo_console(UI *ui) { # if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); -tty_new.TTY_FLAGS |= ECHO; -# endif - -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), _new) == -1)) return 0; # endif # ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; -tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; +tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12, 0, 0, 0, 0); @@ -534,7 +530,6 @@ static int echo_console(UI *ui) # if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; -tty_new |= ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } # endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via f1e92861c30e91139407e65fffd0af76ef48fd34 (commit) from 0ec946fda5b66fb364a784b002aee5f8b1ac678a (commit) - Log - commit f1e92861c30e91139407e65fffd0af76ef48fd34 Author: Richard LevitteDate: Mon May 14 09:28:52 2018 +0200 CI config: no need to make both install and install_docs 'install' depends on 'install_docs', so making the latter explicit is a waste. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6250) (cherry picked from commit 986caf9e34fd60366a5b3711bb12e239e43a2431) --- Summary of changes: .travis.yml | 2 +- appveyor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ba06dfd..e20c208 100644 --- a/.travis.yml +++ b/.travis.yml @@ -186,7 +186,7 @@ script: fi - if [ -n "$DESTDIR" ]; then mkdir "../$DESTDIR"; - if $make install install_docs DESTDIR="../$DESTDIR"; then + if $make install DESTDIR="../$DESTDIR"; then echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK'; else echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false; diff --git a/appveyor.yml b/appveyor.yml index 8dd6cb6..ba291fd 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -41,5 +41,5 @@ test_script: - cd _build - nmake test - mkdir ..\_install -- nmake install install_docs DESTDIR=..\_install +- nmake install DESTDIR=..\_install - cd .. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.17994
Build openssl master.17994 failed Commit 97d64ea039 by JeffZhao on 5/14/2018 9:36 AM: Add support SM3 and SM4 for Zhaoxin's platform Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch
[openssl-commits] [openssl] master update
The branch master has been updated via 986caf9e34fd60366a5b3711bb12e239e43a2431 (commit) from 8481434439e421d513350a81a01ba2e2a8e61b6e (commit) - Log - commit 986caf9e34fd60366a5b3711bb12e239e43a2431 Author: Richard LevitteDate: Mon May 14 09:28:52 2018 +0200 CI config: no need to make both install and install_docs 'install' depends on 'install_docs', so making the latter explicit is a waste. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6250) --- Summary of changes: .travis.yml | 2 +- appveyor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f23f156..4affefd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -229,7 +229,7 @@ script: fi - if [ -n "$DESTDIR" ]; then mkdir "$top/$DESTDIR"; - if $make install install_docs DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then + if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK'; else echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED'; diff --git a/appveyor.yml b/appveyor.yml index 3b66f0d..24966c0 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -61,6 +61,6 @@ test_script: - ps: >- if ($env:EXTENDED_TESTS) { mkdir ..\_install -cmd /c "nmake install install_docs DESTDIR=..\_install 2>&1" +cmd /c "nmake install DESTDIR=..\_install 2>&1" } - cd .. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.17981
Build openssl master.17981 completed Commit 7aacf9440f by Richard Levitte on 5/14/2018 2:34 AM: fixup! UI console: Restore tty settings, do not force ECHO after prompt Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-psk
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ba8b48e98dd86851ca20733f819da5b76859e64a (commit) via 199dc0d3e857fa4242d90d89a0df52e87b975c67 (commit) from 986caf9e34fd60366a5b3711bb12e239e43a2431 (commit) - Log - commit ba8b48e98dd86851ca20733f819da5b76859e64a Author: Matt CaswellDate: Mon May 14 14:37:16 2018 +0100 Fix no-tls1_2 Also fixes no-tls1_2-method, no-tls1_3, no-tls, no-ec Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6253) commit 199dc0d3e857fa4242d90d89a0df52e87b975c67 Author: Matt Caswell Date: Mon May 14 14:28:06 2018 +0100 Fix no-psk Fixes #6239 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6253) --- Summary of changes: ssl/s3_lib.c | 2 ++ test/sslapitest.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c5f2235..354769b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4192,6 +4192,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } if (SSL_IS_TLS13(s)) { +#ifndef OPENSSL_NO_PSK int j; /* @@ -4208,6 +4209,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, prefer_sha256 = 1; } } +#endif } else { tls1_set_cert_validity(s); ssl_set_masks(s); diff --git a/test/sslapitest.c b/test/sslapitest.c index fc7288d..06d6cb2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4693,11 +4693,11 @@ static int test_ticket_callbacks(int tst) int testresult = 0; #ifdef OPENSSL_NO_TLS1_2 -if (tst % 2 == 0); +if (tst % 2 == 0) return 1; #endif #ifdef OPENSSL_NO_TLS1_3 -if (tst % 2 == 1); +if (tst % 2 == 1) return 1; #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.17980
Build openssl master.17980 failed Commit df2b03ec1d by Richard Levitte on 5/14/2018 2:23 AM: fixup! Adapt *.tmpl to generate docs at build time Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits