date:20190124

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso

2019-01-24 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso

Commit log since last time:

5c8b7b4caa Cleanup vxworks support to be able to compile for VxWorks 7
0b53fe1cdc Fix s_client so that it builds on Windows
bcc1f3e2ba Revert "Keep the DTLS timer running after the end of the handshake 
if appropriate"
80c455d5ae Make sure we trigger retransmits in DTLS testing

Build log ended with (last 100 lines):

../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . skipped: 
test_comp needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  skipped: 
test_renegotiation needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: 
test_sslcbcpadding needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslcertstatus.t  skipped: 
test_sslcertstatus needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslextension.t . skipped: 
test_sslextension needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslmessages.t .. skipped: 
test_sslmessages needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: 
test_sslrecords needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: 
test_sslsessiontick needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: 
test_sslsigalgs needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsignature.t . skipped: 
test_sslsignature needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslskewith0p.t . skipped: 
test_sslskewith0p needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslvertol.t  skipped: 
test_sslextension needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13alerts.t .. skipped: 
test_tls13alerts needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tlsextms.t . skipped: 
test_tlsextms needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_cmsapi.t ... ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t

[openssl-commits] [openssl] master update

2019-01-24 Thread matthias . st . pierre

The branch master has been updated
   via  5c8b7b4caa0faedb69277063a7c6b3a8e56c6308 (commit)
  from  0b53fe1cdc24a3dce450e77db6895a0243ddcb26 (commit)


- Log -
commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308
Author: Klotz, Tobias 
Date:   Thu Dec 20 12:59:31 2018 +0100

Cleanup vxworks support to be able to compile for VxWorks 7

Reviewed-by: Matt Caswell 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/7569)

---

Summary of changes:
 apps/apps.c|  2 +-
 apps/ocsp.c| 14 ++
 apps/rehash.c  | 20 
 apps/speed.c   |  6 +++---
 crypto/bio/b_addr.c|  5 +
 crypto/rand/rand_unix.c| 21 +
 crypto/ui/ui_openssl.c |  6 ++
 include/internal/sockets.h |  6 +-
 test/ssltestlib.c  | 16 +---
 9 files changed, 84 insertions(+), 12 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index ed1b618..39535e9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2192,7 +2192,7 @@ double app_tminterval(int stop, int usertime)
 
 return ret;
 }
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
 # include 
 
 double app_tminterval(int stop, int usertime)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index fb0a95b..7c2a904 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -53,6 +53,20 @@ NON_EMPTY_TRANSLATION_UNIT
 #  define LOG_ERR   2
 # endif
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+errno = ENOSYS;
+return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+errno = ENOSYS;
+return (pid_t) -1;
+}
+# endif
 /* Maximum leeway in validity period: default 5 minutes */
 # define MAX_VALIDITY_PERIOD(5 * 60)
 
diff --git a/apps/rehash.c b/apps/rehash.c
index 6a641a8..a1fc379 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -51,6 +51,26 @@
 # endif
 # define MAX_COLLISIONS  256
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+errno = ENOSYS;
+return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+errno = ENOSYS;
+return -1;
+}
+# endif
+
 typedef struct hentry_st {
 struct hentry_st *next;
 char *filename;
diff --git a/apps/speed.c b/apps/speed.c
index bb8836d..1125f5a 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -100,7 +100,7 @@
 #include 
 
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || 
defined(OPENSSL_SYS_VXWORKS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
@@ -1522,11 +1522,11 @@ int speed_main(int argc, char **argv)
 {"nistp192", NID_X9_62_prime192v1, 192},
 {"nistp224", NID_secp224r1, 224},
 {"nistp256", NID_X9_62_prime256v1, 256},
-{"nistp384", NID_secp384r1, 384}, 
+{"nistp384", NID_secp384r1, 384},
 {"nistp521", NID_secp521r1, 521},
 /* Binary Curves */
 {"nistk163", NID_sect163k1, 163},
-{"nistk233", NID_sect233k1, 233}, 
+{"nistk233", NID_sect233k1, 233},
 {"nistk283", NID_sect283k1, 283},
 {"nistk409", NID_sect409k1, 409},
 {"nistk571", NID_sect571k1, 571},
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 1484f6a..4be74e4 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service, 
int lookup_type,
  * anyway [above getaddrinfo/gai_strerror is]. We just let
  * system administrator figure this out...
  */
+# if defined(OPENSSL_SYS_VXWORKS)
+/* h_errno doesn't exist on VxWorks */
+SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
 SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
 #else
 SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index f5b9c0c..35777ff 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -93,6 +93,27 @@ static uint64_t get_timer_bits(void);
 # error "UEFI and VXWorks only support seeding NONE"
 #endif
 
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+return rand_pool_entropy_available(pool);
+}
+#endif
+
 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
 || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
 ||

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2019-01-24 Thread matthias . st . pierre

The branch OpenSSL_1_1_1-stable has been updated
   via  b6d41ff73392df5af9c931c902ae4cd75c5b61ea (commit)
  from  8e3df4012a8177b89707ebec249be417508c8c7f (commit)


- Log -
commit b6d41ff73392df5af9c931c902ae4cd75c5b61ea
Author: Klotz, Tobias 
Date:   Thu Dec 20 12:59:31 2018 +0100

Cleanup vxworks support to be able to compile for VxWorks 7

Reviewed-by: Matt Caswell 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/7569)

(cherry picked from commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308)

---

Summary of changes:
 apps/apps.c|  2 +-
 apps/ocsp.c| 14 ++
 apps/rehash.c  | 20 
 apps/speed.c   |  6 +++---
 crypto/bio/b_addr.c|  5 +
 crypto/rand/rand_unix.c| 21 +
 crypto/ui/ui_openssl.c |  6 ++
 include/internal/sockets.h |  6 +-
 test/ssltestlib.c  | 16 +---
 9 files changed, 84 insertions(+), 12 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 79171d1..0501d2b 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime)
 
 return ret;
 }
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
 # include 
 
 double app_tminterval(int stop, int usertime)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index de95b71..d38b4a1 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -53,6 +53,20 @@ NON_EMPTY_TRANSLATION_UNIT
 #  define LOG_ERR   2
 # endif
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+errno = ENOSYS;
+return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+errno = ENOSYS;
+return (pid_t) -1;
+}
+# endif
 /* Maximum leeway in validity period: default 5 minutes */
 # define MAX_VALIDITY_PERIOD(5 * 60)
 
diff --git a/apps/rehash.c b/apps/rehash.c
index bb41d31..8c23be7 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -51,6 +51,26 @@
 # endif
 # define MAX_COLLISIONS  256
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+errno = ENOSYS;
+return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+errno = ENOSYS;
+return -1;
+}
+# endif
+
 typedef struct hentry_st {
 struct hentry_st *next;
 char *filename;
diff --git a/apps/speed.c b/apps/speed.c
index 40e9904..dbf50df 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -100,7 +100,7 @@
 #include 
 
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || 
defined(OPENSSL_SYS_VXWORKS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
@@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv)
 {"nistp192", NID_X9_62_prime192v1, 192},
 {"nistp224", NID_secp224r1, 224},
 {"nistp256", NID_X9_62_prime256v1, 256},
-{"nistp384", NID_secp384r1, 384}, 
+{"nistp384", NID_secp384r1, 384},
 {"nistp521", NID_secp521r1, 521},
 /* Binary Curves */
 {"nistk163", NID_sect163k1, 163},
-{"nistk233", NID_sect233k1, 233}, 
+{"nistk233", NID_sect233k1, 233},
 {"nistk283", NID_sect283k1, 283},
 {"nistk409", NID_sect409k1, 409},
 {"nistk571", NID_sect571k1, 571},
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index abec7bb..a2fd4c9 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service, 
int lookup_type,
  * anyway [above getaddrinfo/gai_strerror is]. We just let
  * system administrator figure this out...
  */
+# if defined(OPENSSL_SYS_VXWORKS)
+/* h_errno doesn't exist on VxWorks */
+SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
 SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
 #else
 SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 9d8ffdd..d439c71 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -93,6 +93,27 @@ static uint64_t get_timer_bits(void);
 # error "UEFI and VXWorks only support seeding NONE"
 #endif
 
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+return rand_pool_entropy_available(pool);
+}
+#endif
+
 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \

[openssl-commits] [openssl] master update

2019-01-24 Thread Matt Caswell

The branch master has been updated
   via  bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57 (commit)
   via  80c455d5ae405e855391e298a2bf8a24629dd95d (commit)
  from  5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c (commit)


- Log -
commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57
Author: Matt Caswell 
Date:   Fri Jan 18 12:10:07 2019 +

Revert "Keep the DTLS timer running after the end of the handshake if 
appropriate"

This commit erroneously kept the DTLS timer running after the end of the
handshake. This is not correct behaviour and shold be reverted.

This reverts commit f7506416b1311e65d5c440defdbcfe176f633c50.

Fixes #7998

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8047)

commit 80c455d5ae405e855391e298a2bf8a24629dd95d
Author: Matt Caswell 
Date:   Fri Jan 18 15:24:57 2019 +

Make sure we trigger retransmits in DTLS testing

During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8047)

---

Summary of changes:
 ssl/record/rec_layer_d1.c | 13 -
 ssl/statem/statem_lib.c   | 18 --
 test/dtlstest.c   | 14 +-
 test/sslapitest.c |  2 +-
 test/ssltestlib.c | 31 ---
 test/ssltestlib.h |  3 ++-
 6 files changed, 36 insertions(+), 45 deletions(-)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index c8ef0f7..a4b03ce 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 && SSL3_RECORD_get_length(rr) != 0)
 s->rlayer.alert_count = 0;
 
-if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
-&& SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC
-&& !SSL_in_init(s)
-&& (s->d1->next_timeout.tv_sec != 0
-|| s->d1->next_timeout.tv_usec != 0)) {
-/*
- * The timer is still running but we've received something that isn't
- * handshake data - so the peer must have finished processing our
- * last handshake flight. Stop the timer.
- */
-dtls1_stop_timer(s);
-}
-
 /* we now have a packet which can be read and processed */
 
 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 1a9aa41..2f78a3f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1076,15 +1076,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, 
int clearbufs, int stop)
 /* N.B. s->ctx may not equal s->session_ctx */
 tsan_counter(>ctx->stats.sess_accept_good);
 s->handshake_func = ossl_statem_accept;
-
-if (SSL_IS_DTLS(s) && !s->hit) {
-/*
- * We are finishing after the client. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
 } else {
 if (SSL_IS_TLS13(s)) {
 /*
@@ -1106,15 +1097,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, 
int clearbufs, int stop)
 
 s->handshake_func = ossl_statem_connect;
 tsan_counter(>session_ctx->stats.sess_connect_good);
-
-if (SSL_IS_DTLS(s) && s->hit) {
-/*
- * We are finishing after the server. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
 }
 
 if (SSL_IS_DTLS(s)) {
diff --git a/test/dtlstest.c b/test/dtlstest.c
index 0b04886..d196fb5 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -87,17 +87,21 @@ static int test_dtls_unprocessed(int testidx)
 /*
  * Inject a dummy record from the next epoch. In test 0, this should never
  * get used because

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2019-01-24 Thread Matt Caswell

The branch OpenSSL_1_1_1-stable has been updated
   via  8e3df4012a8177b89707ebec249be417508c8c7f (commit)
   via  f9ad0abb29aca7e765b041c3a13457a58ce66314 (commit)
  from  d0a4e858bb658c098cd267252e1e7cfffe554aff (commit)


- Log -
commit 8e3df4012a8177b89707ebec249be417508c8c7f
Author: Matt Caswell 
Date:   Fri Jan 18 12:10:07 2019 +

Revert "Keep the DTLS timer running after the end of the handshake if 
appropriate"

This commit erroneously kept the DTLS timer running after the end of the
handshake. This is not correct behaviour and shold be reverted.

This reverts commit f7506416b1311e65d5c440defdbcfe176f633c50.

Fixes #7998

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8047)

(cherry picked from commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57)

commit f9ad0abb29aca7e765b041c3a13457a58ce66314
Author: Matt Caswell 
Date:   Fri Jan 18 15:24:57 2019 +

Make sure we trigger retransmits in DTLS testing

During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8047)

(cherry picked from commit 80c455d5ae405e855391e298a2bf8a24629dd95d)

---

Summary of changes:
 ssl/record/rec_layer_d1.c | 13 -
 ssl/statem/statem_lib.c   | 18 --
 test/dtlstest.c   | 14 +-
 test/sslapitest.c |  2 +-
 test/ssltestlib.c | 31 ---
 test/ssltestlib.h |  3 ++-
 6 files changed, 36 insertions(+), 45 deletions(-)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 1f9b319..1e129b7 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 && SSL3_RECORD_get_length(rr) != 0)
 s->rlayer.alert_count = 0;
 
-if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
-&& SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC
-&& !SSL_in_init(s)
-&& (s->d1->next_timeout.tv_sec != 0
-|| s->d1->next_timeout.tv_usec != 0)) {
-/*
- * The timer is still running but we've received something that isn't
- * handshake data - so the peer must have finished processing our
- * last handshake flight. Stop the timer.
- */
-dtls1_stop_timer(s);
-}
-
 /* we now have a packet which can be read and processed */
 
 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index be270e2..cf62c8f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1076,15 +1076,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, 
int clearbufs, int stop)
 /* N.B. s->ctx may not equal s->session_ctx */
 tsan_counter(>ctx->stats.sess_accept_good);
 s->handshake_func = ossl_statem_accept;
-
-if (SSL_IS_DTLS(s) && !s->hit) {
-/*
- * We are finishing after the client. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
 } else {
 if (SSL_IS_TLS13(s)) {
 /*
@@ -1106,15 +1097,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, 
int clearbufs, int stop)
 
 s->handshake_func = ossl_statem_connect;
 tsan_counter(>session_ctx->stats.sess_connect_good);
-
-if (SSL_IS_DTLS(s) && s->hit) {
-/*
- * We are finishing after the server. We start the timer going
- * in case there are any retransmits of our final flight
- * required.
- */
-dtls1_start_timer(s);
-}
 }
 
 if (SSL_IS_DTLS(s)) {
diff --git a/test/dtlstest.c b/test/dtlstest.c
index 772528f..8517eae 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@

[openssl-commits] [openssl] master update

2019-01-24 Thread Matt Caswell

The branch master has been updated
   via  0b53fe1cdc24a3dce450e77db6895a0243ddcb26 (commit)
  from  bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57 (commit)


- Log -
commit 0b53fe1cdc24a3dce450e77db6895a0243ddcb26
Author: Matt Caswell 
Date:   Tue Jan 22 14:27:25 2019 +

Fix s_client so that it builds on Windows

Fixes #8050

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8065)

---

Summary of changes:
 apps/s_client.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index d788b89..9705c4c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2360,9 +2360,11 @@ int s_client_main(int argc, char **argv)
 if (proxypass != NULL)
 l += strlen(proxypass);
 proxyauth = app_malloc(l + 2, "Proxy auth string");
-snprintf(proxyauth, l + 2, "%s:%s", proxyuser, (proxypass != 
NULL) ? proxypass : "");
+BIO_snprintf(proxyauth, l + 2, "%s:%s", proxyuser,
+ (proxypass != NULL) ? proxypass : "");
 proxyauthenc = base64encode(proxyauth, strlen(proxyauth));
-BIO_printf(fbio, "Proxy-Authorization: Basic %s\r\n", 
proxyauthenc); 
+BIO_printf(fbio, "Proxy-Authorization: Basic %s\r\n",
+   proxyauthenc);
 OPENSSL_clear_free(proxyauth, strlen(proxyauth));
 OPENSSL_clear_free(proxyauthenc, strlen(proxyauthenc));
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso

[openssl-commits] [openssl] master update

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

[openssl-commits] [openssl] master update

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

[openssl-commits] [openssl] master update

6 matches

Site Navigation

Mail list logo

Footer information