[openssl-commits] [openssl] master update
The branch master has been updated
via 60c526975aecba7e7aa229a92624498b36abf971 (commit)
from b1bebbcb67325593f8af247582208940a4cc0332 (commit)
- Log -
commit 60c526975aecba7e7aa229a92624498b36abf971
Author: Tomas Mraz
Date: Tue Aug 14 17:43:36 2018 -0400
Deallocate previously loaded SSL CONF module data
If application explicitly calls CONF_modules_load_file() the SSL
conf module will be initialized twice and the module data would leak.
We need to free it before initializing it again.
Fixes #6835
Reviewed-by: Andy Polyakov
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6948)
---
Summary of changes:
crypto/conf/conf_ssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c
index 015c46c..024bdb4 100644
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -76,6 +76,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
goto err;
}
cnt = sk_CONF_VALUE_num(cmd_lists);
+ssl_module_free(md);
ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b1bebbcb67325593f8af247582208940a4cc0332 (commit)
via 572fa0249d1b863f180986369735b8048ef5f57a (commit)
from 80162ad645f8982102d6994b9ea9ca6c371e933d (commit)
- Log -
commit b1bebbcb67325593f8af247582208940a4cc0332
Author: Philip Prindeville
Date: Tue Aug 14 17:37:33 2018 -0400
Travis: don't generate git clone progress for logs
The logs are usually not looked at, and when they are it's almost
always after they've completed and returned a status. That being
the case, "progress" output is useless if it's always seen after
the fact.
Signed-off-by: Philip Prindeville
Reviewed-by: Andy Polyakov
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6928)
commit 572fa0249d1b863f180986369735b8048ef5f57a
Author: Dmitry Yakovlev
Date: Tue Aug 14 07:24:46 2018 -0400
Move SSL_DEBUG md fprintf after assignment
To avoid crash (same as #5138 fixed in 44f23cd)
CLA: trivial
Reviewed-by: Tim Hudson
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6937)
---
Summary of changes:
.travis.yml | 1 +
ssl/statem/statem_lib.c | 8 +---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index e9e5aa2..d755d8f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,7 @@ language: c
cache: ccache
git:
submodules: false
+quiet: true
before_install:
- if [ -n "$COVERALLS" ]; then
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 74a2ec1..d602846 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -381,9 +381,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET
*pkt)
/* SSLfatal() already called */
goto err;
}
-#ifdef SSL_DEBUG
-fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_INTERNAL_ERROR);
@@ -396,6 +393,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET
*pkt)
goto err;
}
+#ifdef SSL_DEBUG
+if (SSL_USE_SIGALGS(s))
+fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+
/* Check for broken implementations of GOST ciphersuites */
/*
* If key is GOST and len is exactly 64 or 128, it is signature without
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 22fe269070986cdb68933423044f4d126a154d0c (commit) from 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit) - Log - commit 22fe269070986cdb68933423044f4d126a154d0c Author: Rich Salz Date: Tue Aug 14 07:59:18 2018 -0400 Add FIPS FAQ, update FIPS status. --- Summary of changes: docs/faq-5-misc.txt | 7 +++ docs/fips.html | 21 ++--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index f2810e5..006b323 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -33,6 +33,13 @@ that came with the version of OpenSSL you are using. The pod format documentation is included in each OpenSSL distribution under the docs directory. +* I need a FIPS validated offering + +Please see +@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer +involved in private label validations nor adding platforms to the existing +certificates. + * How can I contact the OpenSSL developers? The README file describes how to submit bug reports and patches to diff --git a/docs/fips.html b/docs/fips.html index 5c9b3ec..7bbce9c 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,7 +10,7 @@ FIPS-140 - The most recent open source based validation of a cryptographic + The current validation of a cryptographic module (Module) compatible with the OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747";>#1747. @@ -28,6 +28,19 @@ +Neither validation will work with any release other than 1.0.2. +The OpenSSL project is no longer maintaining either the 1747 +or the 2398 module. This includes adding platforms to those +validations. +We are starting work on a new validation, after the 1.1.1 +release completes. +That module will have a small set of validated operational +environments. +The OpenSSL project is no longer involved in private label +validations nor adding platforms to the existing certificates. + + + Here is the complete set of files. Note that if you are interested in the "1747" validation, you only need the three files mentioned above. @@ -68,12 +81,6 @@ source based validated module directly. You must obtain your own validation. - None of the validations will work with OpenSSL 1.1.0 or - later. - - We are starting work on a new validation based on the - upcoming 1.1.1 release. - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 521b74a4bd4f20cf9955c50199c760876a339edb (commit) from 45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit) - Log - commit 521b74a4bd4f20cf9955c50199c760876a339edb Author: Rich Salz Date: Mon Aug 13 22:41:34 2018 -0400 Fix date for when travel policy was approved --- Summary of changes: policies/travel.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/travel.html b/policies/travel.html index 5d0f1db..7eda596 100644 --- a/policies/travel.html +++ b/policies/travel.html @@ -12,7 +12,7 @@ Travel Reimbursement Policy - First issued 28th February 2014 + First issued 28th February 2018 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via a0f443a05dd68b9949b39b3310a595babcae4624 (commit)
from f48e0ef1144c647a3159a71db114598d8fb6adc9 (commit)
- Log -
commit a0f443a05dd68b9949b39b3310a595babcae4624
Author: Rich Salz
Date: Tue Aug 7 15:28:59 2018 -0400
Increase CT_NUMBER values
Also add build-time errors to keep them in sync.
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6874)
(cherry picked from commit b5ee517794cf546dc7e3d5a82b400955a7381053)
---
Summary of changes:
include/openssl/ssl3.h | 10 --
include/openssl/tls1.h | 8 +++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 4ca434e..e51629f 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -252,9 +252,15 @@ extern "C" {
# define SSL3_CT_FORTEZZA_DMS20
/*
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
*/
-# define SSL3_CT_NUMBER 9
+# define SSL3_CT_NUMBER 10
+
+# if defined(TLS_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 3fe01fe..b536d84 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -883,7 +883,13 @@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 9
+# define TLS_CT_NUMBER 10
+
+# if defined(SSL3_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define TLS1_FINISH_MAC_LENGTH 12
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b5ee517794cf546dc7e3d5a82b400955a7381053 (commit)
from 10281e83eac0fb96de3f14855154197aa33bb800 (commit)
- Log -
commit b5ee517794cf546dc7e3d5a82b400955a7381053
Author: Rich Salz
Date: Tue Aug 7 15:28:59 2018 -0400
Increase CT_NUMBER values
Also add build-time errors to keep them in sync.
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6874)
---
Summary of changes:
include/openssl/ssl3.h | 10 --
include/openssl/tls1.h | 8 +++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 6d0ed11..8d01fcc 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -263,9 +263,15 @@ extern "C" {
# define SSL3_CT_FORTEZZA_DMS20
/*
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
*/
-# define SSL3_CT_NUMBER 9
+# define SSL3_CT_NUMBER 10
+
+# if defined(TLS_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
/* No longer used as of OpenSSL 1.1.1 */
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 761a86a..2f19ccf 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1149,7 +1149,13 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY
*pk, STACK_OF(X509) *chain)
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 9
+# define TLS_CT_NUMBER 10
+
+# if defined(SSL3_CT_NUMBER)
+# if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#error "SSL/TLS CT_NUMBER values do not match"
+# endif
+# endif
# define TLS1_FINISH_MAC_LENGTH 12
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via f48e0ef1144c647a3159a71db114598d8fb6adc9 (commit) from 32096fdac975dde7a13d463fdf256fd2955cd5ab (commit) - Log - commit f48e0ef1144c647a3159a71db114598d8fb6adc9 Author: Rich Salz Date: Tue Aug 7 15:08:03 2018 -0400 Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6875) (cherry picked from commit 10281e83eac0fb96de3f14855154197aa33bb800) --- Summary of changes: ssl/ssl_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index c91e1c5..0b9155d 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -127,8 +127,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) "ERR_load_SSL_strings()\n"); # endif ERR_load_SSL_strings(); -#endif ssl_strings_inited = 1; +#endif return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 10281e83eac0fb96de3f14855154197aa33bb800 (commit) from 4e360445473c3da938703a8142a36cf6ee86a191 (commit) - Log - commit 10281e83eac0fb96de3f14855154197aa33bb800 Author: Rich Salz Date: Tue Aug 7 15:08:03 2018 -0400 Fix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6875) --- Summary of changes: ssl/ssl_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index ed2bf84..c0ccb93 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -129,8 +129,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) "ERR_load_SSL_strings()\n"); # endif ERR_load_SSL_strings(); -#endif ssl_strings_inited = 1; +#endif return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via e0a79ae63700051ddab9e091031dd37ae18182a5 (commit)
from c700d1fe090acf3661d3948c25f489803f50a98b (commit)
- Log -
commit e0a79ae63700051ddab9e091031dd37ae18182a5
Author: Rich Salz
Date: Fri Aug 3 18:03:22 2018 -0400
Use auto-null-initializer
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/6853)
---
Summary of changes:
ssl/ssl_ciph.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 7a393cb..b8da982 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -101,10 +101,7 @@ static const ssl_cipher_table
ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
};
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
-NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-NULL, NULL
-};
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
#define SSL_COMP_NULL_IDX 0
#define SSL_COMP_ZLIB_IDX 1
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39 (commit) from 43a0f2733a943799060ea275516fcce00d89eb38 (commit) - Log - commit ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39 Author: Rich Salz Date: Tue Jul 31 11:36:44 2018 -0400 Some protocol versions are build-time Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6816) --- Summary of changes: doc/man1/ciphers.pod | 28 +--- doc/man1/s_client.pod | 2 ++ doc/man1/s_server.pod | 2 ++ doc/man1/s_time.pod | 7 +-- 4 files changed, 14 insertions(+), 25 deletions(-) diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index e3278eb..3aea982 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -73,30 +73,12 @@ L. Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_3> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.3 were negotiated. - -=item B<-tls1_2> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.2 were negotiated. - -=item B<-ssl3> - -In combination with the B<-s> option, list the ciphers which would be used if -SSLv3 were negotiated. - -=item B<-tls1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1 were negotiated. - -=item B<-tls1_1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.1 were negotiated. +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-stdname> diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 7d92dd8..80152e1 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -473,6 +473,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be offered to and accepted from the server. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-dtls>, B<-dtls1>, B<-dtls1_2> diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 5399096..07016fc 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -532,6 +532,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-bugs> diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index e5b8af4..d17e137 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -112,16 +112,19 @@ specified, they are both on by default and executed in sequence. =item B<-ssl3> -These options disable the use of certain SSL or TLS protocols. By default +This option disables the use of SSL version 3. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. + The timing program is not as rich in options to turn protocols on and off as the L program and may not connect to all servers. - Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the B<-ssl3> option. +Note that this option may not be available, depending on how +OpenSSL was built. + =item B<-bugs> There are several known bug in SSL and TLS implementations. Adding this _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via bd93f1ac2750450033dbfa76b5f1597b0145b585 (commit) from a75be9fd34b5d66f349186f21cd8d063d2fa87a4 (commit) - Log - commit bd93f1ac2750450033dbfa76b5f1597b0145b585 Author: Beat Bolli Date: Sat Jul 28 16:45:22 2018 -0400 doc/BN_generate_prime: update doc about other callback values This here page only documents the callback values 0 to 2, but the callers of BN_generate_prime_ex() call it with the value 3. The list of manual pages in the SEE ALSO section was extended with the output from git grep BN_GENCB_call.*[3-9] while in the doc/man3 directory. Signed-off-by: Beat Bolli Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6802) --- Summary of changes: doc/man3/BN_generate_prime.pod | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 7cfa96e..08158c1 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -72,6 +72,11 @@ B is called as described below. When a prime has been found, B is called. +=item * + +The callers of BN_generate_prime_ex() may call B with +other values as described in their respective man pages; see L. + =back The prime may have to fulfill additional requirements for use in @@ -187,7 +192,8 @@ Instead applications should create a BN_GENCB structure using BN_GENCB_new: =head1 SEE ALSO -L, L +L, L, +L, L, L =head1 HISTORY _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit) from 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) - Log - commit 45331ed59e3bd3c16808ceed54e35a98a3fea79b Author: Rich Salz Date: Thu Jul 26 15:00:58 2018 -0400 Add GeneralName question Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/64) --- Summary of changes: docs/faq-3-prog.txt | 19 +++ 1 file changed, 19 insertions(+) diff --git a/docs/faq-3-prog.txt b/docs/faq-3-prog.txt index a471f5e..bb6790a 100644 --- a/docs/faq-3-prog.txt +++ b/docs/faq-3-prog.txt @@ -154,6 +154,25 @@ Rules (DER): these uniquely specify how a given structure is encoded. Therefore, because DER is a special case of BER, DER is an acceptable encoding for BER. +* The encoding for GeneralName is wrong; why is the SEQUENCE tag missing? + +In RFC 5280 GeneralName is defined in the module in Appendix A.2, and that +module specifies the use of IMPLICIT tagging. This means that there is not an +explicit SEQUENCE (30) tag following the A0 tag (you just know from the ASN.1 +that what follows the A1 tag is a SEQUENCE). This is in contrast to the value +field within OtherName (test@kerberose-domain.internal), where the tag for +UTF8String (0C) follows the A0 tag, since EXPLICIT tagging is specified for +that particular field. + +You will notice the same thing if you look at other choices within +GeneralName. If you look at the DNS names encoded in the subjectAltName +extension, the 82 tag (corresponding to [2]) is not followed by a tag for +IA5String (22). It is not needed since the ASN.1 indicates that what follows +the 82 tag is an IA5String. However, if the module specified EXPLICIT +encoding, then there would be a 16 tag after the 82 tag. + +(Thanks to David Cooper for this text.) + * I tried to set a cipher list with a valid cipher, but the call fails, why? OpenSSL 1.1.0 introduced the concept of a “security level”, allowing _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via 9df990cdef581f7330205aef975055e23d8e8d43 (commit)
from a8a9745257a5071b03d06b82d4b05cabb38d9718 (commit)
- Log -
commit 9df990cdef581f7330205aef975055e23d8e8d43
Author: Rich Salz
Date: Wed Jul 25 15:57:18 2018 -0400
Check for failures, to avoid memory leak
Thanks to Jiecheng Wu, Zuxing Gu for the report.
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6791)
(cherry picked from commit 037241bf046be8cfc7e9216959393dd20b06fc21)
(Only the EC part)
---
Summary of changes:
crypto/ec/ec_ameth.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 2c41c6e..479b307 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const
EVP_PKEY *pkey)
static EC_KEY *eckey_type2param(int ptype, void *pval)
{
EC_KEY *eckey = NULL;
+EC_GROUP *group = NULL;
+
if (ptype == V_ASN1_SEQUENCE) {
-ASN1_STRING *pstr = pval;
-const unsigned char *pm = NULL;
-int pmlen;
-pm = pstr->data;
-pmlen = pstr->length;
-if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
+const ASN1_STRING *pstr = pval;
+const unsigned char *pm = pstr->data;
+int pmlen = pstr->length;
+
+if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
-ASN1_OBJECT *poid = pval;
-EC_GROUP *group;
+const ASN1_OBJECT *poid = pval;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
@@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
return eckey;
ecerr:
-if (eckey)
-EC_KEY_free(eckey);
+EC_KEY_free(eckey);
+EC_GROUP_free(group);
return NULL;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 037241bf046be8cfc7e9216959393dd20b06fc21 (commit)
from 80ae7285e1994d35c84519bf9e038b11d9942875 (commit)
- Log -
commit 037241bf046be8cfc7e9216959393dd20b06fc21
Author: Rich Salz
Date: Wed Jul 25 15:57:18 2018 -0400
Check for failures, to avoid memory leak
Thanks to Jiecheng Wu, Zuxing Gu for the report.
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6791)
---
Summary of changes:
crypto/ec/ec_ameth.c| 11 ++-
crypto/x509v3/v3_tlsf.c | 7 +++
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 6fc6146..2130268 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY
*pkey)
static EC_KEY *eckey_type2param(int ptype, const void *pval)
{
EC_KEY *eckey = NULL;
+EC_GROUP *group = NULL;
+
if (ptype == V_ASN1_SEQUENCE) {
const ASN1_STRING *pstr = pval;
-const unsigned char *pm = NULL;
-int pmlen;
-pm = pstr->data;
-pmlen = pstr->length;
+const unsigned char *pm = pstr->data;
+int pmlen = pstr->length;
+
if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
const ASN1_OBJECT *poid = pval;
-EC_GROUP *group;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
@@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval)
ecerr:
EC_KEY_free(eckey);
+EC_GROUP_free(group);
return NULL;
}
diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c
index 5f2d5d2..61c1638 100644
--- a/crypto/x509v3/v3_tlsf.c
+++ b/crypto/x509v3/v3_tlsf.c
@@ -122,13 +122,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const
X509V3_EXT_METHOD *method,
}
}
-ai = ASN1_INTEGER_new();
-if (ai == NULL) {
+if ((ai = ASN1_INTEGER_new()) == NULL
+|| !ASN1_INTEGER_set(ai, tlsextid)
+|| sk_ASN1_INTEGER_push(tlsf, ai) <= 0) {
X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
goto err;
}
-ASN1_INTEGER_set(ai, tlsextid);
-sk_ASN1_INTEGER_push(tlsf, ai);
}
return tlsf;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via e18da726ed60b502f19fa35fca20201759f371d9 (commit)
from 1de6818a30fa11350460aa148e1ee30cad0a9b10 (commit)
- Log -
commit e18da726ed60b502f19fa35fca20201759f371d9
Author: Rich Salz
Date: Wed Jul 25 15:57:18 2018 -0400
Check for failures, to avoid memory leak
Thanks to Jiecheng Wu, Zuxing Gu for the report.
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6791)
(cherry picked from commit 037241bf046be8cfc7e9216959393dd20b06fc21)
---
Summary of changes:
crypto/ec/ec_ameth.c| 11 ++-
crypto/x509v3/v3_tlsf.c | 7 +++
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index b66adf2..49d0739 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY
*pkey)
static EC_KEY *eckey_type2param(int ptype, const void *pval)
{
EC_KEY *eckey = NULL;
+EC_GROUP *group = NULL;
+
if (ptype == V_ASN1_SEQUENCE) {
const ASN1_STRING *pstr = pval;
-const unsigned char *pm = NULL;
-int pmlen;
-pm = pstr->data;
-pmlen = pstr->length;
+const unsigned char *pm = pstr->data;
+int pmlen = pstr->length;
+
if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
const ASN1_OBJECT *poid = pval;
-EC_GROUP *group;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
@@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval)
ecerr:
EC_KEY_free(eckey);
+EC_GROUP_free(group);
return NULL;
}
diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c
index fec6724..2d30ea6 100644
--- a/crypto/x509v3/v3_tlsf.c
+++ b/crypto/x509v3/v3_tlsf.c
@@ -121,13 +121,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const
X509V3_EXT_METHOD *method,
}
}
-ai = ASN1_INTEGER_new();
-if (ai == NULL) {
+if ((ai = ASN1_INTEGER_new()) == NULL
+|| !ASN1_INTEGER_set(ai, tlsextid)
+|| sk_ASN1_INTEGER_push(tlsf, ai) <= 0) {
X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
goto err;
}
-ASN1_INTEGER_set(ai, tlsextid);
-sk_ASN1_INTEGER_push(tlsf, ai);
}
return tlsf;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1a50eedf2a1fbb1e0e009ad616d8be678e4c6340 (commit) from 910fff7eb6cb8175fec4535ede09dc871c9895ac (commit) - Log - commit 1a50eedf2a1fbb1e0e009ad616d8be678e4c6340 Author: Mat Date: Tue Jul 17 09:48:27 2018 -0400 Fix typo in x25519-x86_64.pl Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6726) --- Summary of changes: crypto/ec/asm/x25519-x86_64.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index da81e06..18dc6af 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -13,7 +13,7 @@ # details see http://www.openssl.org/~appro/cryptogams/. # # -# X25519 lower-level primitives for x86_86. +# X25519 lower-level primitives for x86_64. # # February 2018. # _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 03a5e5ae6304c75f611d3613bedf2019524ff0d6 (commit)
from 71883868ea5b33416ae8283bcc38dd2d97e5006b (commit)
- Log -
commit 03a5e5ae6304c75f611d3613bedf2019524ff0d6
Author: Patrick Steuer
Date: Thu Jul 12 13:19:07 2018 -0400
Fix undefined behavior in s390x aes-gcm/ccm
Reviewed-by: Rich Salz
Reviewed-by: Andy Polyakov
---
Summary of changes:
crypto/evp/e_aes.c | 40 +---
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index eb37b4b..0add393 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -144,6 +144,22 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned
char *out, size_t len,
const unsigned char iv[16]);
#endif
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+int n = 8;
+unsigned char c;
+
+do {
+--n;
+c = counter[n];
+++c;
+counter[n] = c;
+if (c)
+return;
+} while (n);
+}
+
#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) ||
defined(_ARCH_PPC))
# include "ppc_arch.h"
# ifdef VPAES_ASM
@@ -1654,7 +1670,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int
type, int arg, void *ptr)
* Invocation field will be at least 8 bytes in size and so no need
* to check wrap around or increment more than last 8 bytes.
*/
-(*(unsigned long long *)(gctx->iv + gctx->ivlen - 8))++;
+ctr64_inc(gctx->iv + gctx->ivlen - 8);
gctx->iv_set = 1;
return 1;
@@ -2291,7 +2307,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int
type, int arg, void *ptr)
memcpy(buf, ptr, arg);
cctx->aes.ccm.tls_aad_len = arg;
-len = *(uint16_t *)(buf + arg - 2);
+len = buf[arg - 2] << 8 | buf[arg - 1];
if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
return 0;
@@ -2307,7 +2323,9 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int
type, int arg, void *ptr)
len -= cctx->aes.ccm.m;
}
-*(uint16_t *)(buf + arg - 2) = len;
+buf[arg - 2] = len >> 8;
+buf[arg - 1] = len & 0xff;
+
/* Extra padding: tag appended to record. */
return cctx->aes.ccm.m;
@@ -2791,22 +2809,6 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
return 1;
}
-/* increment counter (64-bit int) by 1 */
-static void ctr64_inc(unsigned char *counter)
-{
-int n = 8;
-unsigned char c;
-
-do {
---n;
-c = counter[n];
-++c;
-counter[n] = c;
-if (c)
-return;
-} while (n);
-}
-
static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 (commit)
from 805106fc21b3bb4337c68f736fe43518344862a8 (commit)
- Log -
commit 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50
Author: Pauli
Date: Thu Jul 12 12:22:20 2018 -0400
Export CC variable
The default for CC wasn't exporting the environment variable. Likewise,
the variable wasn't used. Hence it didn't take effect.
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/20)
---
Summary of changes:
review-tools/opensslbuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/review-tools/opensslbuild b/review-tools/opensslbuild
index 404a04e..e9abfb3 100755
--- a/review-tools/opensslbuild
+++ b/review-tools/opensslbuild
@@ -21,7 +21,7 @@ test "$1" = "-x" && {
}
# Set compiler
-test "$CC" = "" && CC="ccache clang-3.6"
+test "$CC" = "" && export CC="ccache clang-3.6"
# Set basic config arguments
CONFIGARGS="-d --strict-warnings --prefix=/usr/local/openssl"
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f99648638c8340cbc0cb7ddaa54309435bda9530 (commit)
from fb853fa245a98b3451818e43a6664219725fd43a (commit)
- Log -
commit f99648638c8340cbc0cb7ddaa54309435bda9530
Author: Rich Salz
Date: Mon Jul 9 14:55:17 2018 -0400
Add tests for the "req" command, -addext flag
Also fixed a memory leak found by the test.
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6681)
---
Summary of changes:
apps/req.c | 1 +
test/recipes/25-test_req.t | 34 +++---
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 066e7c6..48f3a3a 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -947,6 +947,7 @@ int req_main(int argc, char **argv)
ERR_print_errors(bio_err);
}
NCONF_free(req_conf);
+NCONF_free(addext_conf);
BIO_free(addext_bio);
BIO_free(in);
BIO_free_all(out);
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index fa79219..b6d2335 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
-plan tests => 8;
+plan tests => 9;
require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -23,26 +23,30 @@ open RND, ">>", ".rnd";
print RND "string to make the random number generator think it has randomness";
close RND;
-# Check for duplicate -addext parameters
+# What type of key to generate?
+my @req_new;
+if (disabled("rsa")) {
+@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
+} else {
+@req_new = ("-new");
+note("There should be a 2 sequences of .'s and some +'s.");
+note("There should not be more that at most 80 per line");
+}
+
+# Check for duplicate -addext parameters, and one "working" case.
+my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+"-config", srctop_file("test", "test.cnf"), @req_new );
my $val = "subjectAltName=DNS:example.com";
my $val2 = " " . $val;
my $val3 = $val;
$val3 =~ s/=/=/;
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3])));
+ok( run(app([@addext_args, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
+ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
subtest "generating certificate requests" => sub {
-my @req_new;
-if (disabled("rsa")) {
- @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
-} else {
- @req_new = ("-new");
- note("There should be a 2 sequences of .'s and some +'s.");
- note("There should not be more that at most 80 per line");
-}
-
plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5d58e8f1710fbcf955bc949734aa8d594523276d (commit)
from 45197ad33ee77f3773eaefe2395072fbdd9d978c (commit)
- Log -
commit 5d58e8f1710fbcf955bc949734aa8d594523276d
Author: Conrad Meyer
Date: Mon Jul 9 12:45:28 2018 -0400
Correctly check for cryptodev hash support
The sense of the check for build-time support for most hashes was inverted.
CLA: trivial
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6673)
---
Summary of changes:
crypto/engine/eng_devcrypto.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
index 235e84b..27c6df4 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -361,20 +361,20 @@ static const struct digest_data_st {
#endif
{ NID_sha1, 20, CRYPTO_SHA1 },
#ifndef OPENSSL_NO_RMD160
-# if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_RIPEMD160)
+# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
{ NID_ripemd160, 20, CRYPTO_RIPEMD160 },
# endif
#endif
-#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_224)
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
{ NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
#endif
-#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_256)
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
{ NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
#endif
-#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_384)
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
{ NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
#endif
-#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_512)
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
{ NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
#endif
};
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b7b13c7ac8d92adc6d81858b7a4cf27d54bf5563 (commit) from 68b3cbd448e096bf3954d30de058d18615f9c257 (commit) - Log - commit b7b13c7ac8d92adc6d81858b7a4cf27d54bf5563 Author: Rich Salz Date: Sun Jul 8 20:32:04 2018 -0400 Update AUTHORS list, add commentary Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6602) --- Summary of changes: AUTHORS | 56 +++- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/AUTHORS b/AUTHORS index 48211a2..ac93b2e 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,21 +1,35 @@ -Andy Polyakov -Ben Laurie -Bodo M�ller -Emilia K�sper -Eric Young -Geoff Thorpe -Holger Reif -Kurt Roeckx -Lutz J�nicke -Mark J. Cox -Matt Caswell -Nils Larsch -Paul C. Sutton -Ralf S. Engelschall -Rich Salz -Richard Levitte -Stephen Henson -Steve Marquess -Tim Hudson -Ulf M�ller -Viktor Dukhovni +# This is the list of OpenSSL authors for copyright purposes. +# +# This does not necessarily list everyone who has contributed code, since in +# some cases, their employer may be the copyright holder. To see the full list +# of contributors, see the revision history in source control. +OpenSSL Software Services, Inc. +OpenSSL Software Foundation, Inc. + +# Individuals +Andy Polyakov +Ben Laurie +Ben Kaduk +Bernd Edlinger +Bodo Möller +David Benjamin +Emilia Käsper +Eric Young +Geoff Thorpe +Holger Reif +Kurt Roeckx +Lutz Jänicke +Mark J. Cox +Matt Caswell +Matthias St. Pierre +Nils Larsch +Paul Dale +Paul C. Sutton +Ralf S. Engelschall +Rich Salz +Richard Levitte +Stephen Henson +Steve Marquess +Tim Hudson +Ulf Möller +Viktor Dukhovni _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2ddee136ec4157598b0679f9d5a5097ed77c4c01 (commit)
from f27b906703bf933e2efcebfc1225a4c295abd2a0 (commit)
- Log -
commit 2ddee136ec4157598b0679f9d5a5097ed77c4c01
Author: Rich Salz
Date: Thu Jul 5 19:57:22 2018 -0400
Reject duplicate -addext parameters
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/6636)
---
Summary of changes:
apps/req.c | 80 --
test/recipes/25-test_req.t | 13 +++-
2 files changed, 89 insertions(+), 4 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 7e7b994..3d89f20 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -11,6 +11,7 @@
#include
#include
#include
+#include
#include "apps.h"
#include "progs.h"
#include
@@ -23,6 +24,8 @@
#include
#include
#include
+#include
+#include
#ifndef OPENSSL_NO_RSA
# include
#endif
@@ -147,6 +150,68 @@ const OPTIONS req_options[] = {
{NULL}
};
+
+/*
+ * An LHASH of strings, where each string is an extension name.
+ */
+static unsigned long ext_name_hash(const OPENSSL_STRING *a)
+{
+return OPENSSL_LH_strhash((const char *)a);
+}
+
+static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)
+{
+return strcmp((const char *)a, (const char *)b);
+}
+
+static void exts_cleanup(OPENSSL_STRING *x)
+{
+OPENSSL_free((char *)x);
+}
+
+/*
+ * Is the |kv| key already duplicated? This is remarkably tricky to get
+ * right. Return 0 if unique, -1 on runtime error; 1 if found or a syntax
+ * error.
+ */
+static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
+{
+char *p;
+
+/* Check syntax. */
+if (strchr(kv, '=') == NULL)
+return 1;
+
+/* Skip leading whitespace, make a copy. */
+while (*kv && isspace(*kv))
+if (*++kv == '\0')
+return 1;
+if ((kv = OPENSSL_strdup(kv)) == NULL)
+return -1;
+
+/* Skip trailing space before the equal sign. */
+for (p = strchr(kv, '='); p > kv; --p)
+if (p[-1] != ' ' && p[-1] != '\t')
+break;
+if (p == kv) {
+OPENSSL_free(kv);
+return 1;
+}
+*p = '\0';
+
+/* Finally have a clean "key"; see if it's there. */
+if (lh_OPENSSL_STRING_retrieve(addexts, (OPENSSL_STRING*)kv) != NULL) {
+BIO_printf(bio_err, "Extension \"%s\" repeated\n", kv);
+OPENSSL_free(kv);
+return 1;
+}
+
+/* Not found; add it. */
+if (lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv) == NULL)
+return -1;
+return 0;
+}
+
int req_main(int argc, char **argv)
{
ASN1_INTEGER *serial = NULL;
@@ -155,6 +220,7 @@ int req_main(int argc, char **argv)
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *genctx = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
+LHASH_OF(OPENSSL_STRING) *addexts = NULL;
X509 *x509ss = NULL;
X509_REQ *req = NULL;
const EVP_CIPHER *cipher = NULL;
@@ -324,11 +390,17 @@ int req_main(int argc, char **argv)
multirdn = 1;
break;
case OPT_ADDEXT:
-if (addext_bio == NULL) {
+p = opt_arg();
+if (addexts == NULL) {
+addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp);
addext_bio = BIO_new(BIO_s_mem());
+if (addexts == NULL || addext_bio == NULL)
+goto end;
}
-if (addext_bio == NULL
-|| BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)
+i = duplicated(addexts, p);
+if (i == 1)
+goto opthelp;
+if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)
goto end;
break;
case OPT_EXTENSIONS:
@@ -885,6 +957,8 @@ int req_main(int argc, char **argv)
EVP_PKEY_CTX_free(genctx);
sk_OPENSSL_STRING_free(pkeyopts);
sk_OPENSSL_STRING_free(sigopts);
+lh_OPENSSL_STRING_doall(addexts, exts_cleanup);
+lh_OPENSSL_STRING_free(addexts);
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(gen_eng);
#endif
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 82b9bf8..fa79219 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,13 +15,24 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
-plan tests => 4;
+plan tests => 8;
require_ok(srctop_file('test','recipes','tconversion.pl'));
open RND, ">>", ".rnd";
print RND "string to make the random number generator think it has randomness";
close RND
[openssl-commits] [openssl] master update
The branch master has been updated via f27b906703bf933e2efcebfc1225a4c295abd2a0 (commit) from a9cf71a3716f8f624b711faa0d5ea391bb26d9f6 (commit) - Log - commit f27b906703bf933e2efcebfc1225a4c295abd2a0 Author: Rich Salz Date: Thu Jul 5 16:10:55 2018 -0400 Add missing include file to doc Reported by Ingo Schwarze Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6656) --- Summary of changes: doc/man3/X509_digest.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index ee39345..36b89a6 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -28,6 +28,8 @@ PKCS7_ISSUER_AND_SERIAL_digest int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); + #include + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via dfee8626a8f6c1e23ab270a6fc20b4d1ba145392 (commit)
from d5487a454c485eb6f9aef7fb0cb1c0681a06fd25 (commit)
- Log -
commit dfee8626a8f6c1e23ab270a6fc20b4d1ba145392
Author: Rich Salz
Date: Tue Jul 3 12:45:14 2018 -0400
Fix some issues found by Denian's lintian tool
Also fix some L<> labels and =item entries found while doing this.
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/6630)
---
Summary of changes:
doc/man1/ciphers.pod | 2 +-
doc/man1/cms.pod | 7 +--
doc/man1/dsa.pod | 2 +-
doc/man1/gendsa.pod | 2 +-
doc/man1/genpkey.pod | 12 ++---
doc/man1/genrsa.pod | 2 +-
doc/man1/openssl.pod | 123 +-
doc/man1/passwd.pod | 12 +++--
doc/man1/pkcs8.pod| 4 +-
doc/man1/rsa.pod | 2 +-
doc/man1/s_client.pod | 2 +-
doc/man1/s_server.pod | 3 +-
doc/man1/spkac.pod| 11 +++--
doc/man1/ts.pod | 10 ++--
14 files changed, 101 insertions(+), 93 deletions(-)
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3786e9a..e3278eb 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -113,7 +113,7 @@ TLSv1.2 and below ciphersuites that have been configured.
The format for this
list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By
default this value is:
-"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+ TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
=item B
diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 4620561..60ee3b5 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -83,7 +83,8 @@ B B
[B<-signer file>]
[B<-recip file>]
[B<-keyid>]
-[B<-receipt_request_all -receipt_request_first>]
+[B<-receipt_request_all>]
+[B<-receipt_request_first>]
[B<-receipt_request_from emailaddress>]
[B<-receipt_request_to emailaddress>]
[B<-receipt_request_print>]
@@ -304,7 +305,7 @@ default digest algorithm for the signing key will be used
(usually SHA1).
The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
-example B<-aes-128-cbc>. See L|enc(1)> for a list of ciphers
+example B<-aes-128-cbc>. See L for a list of ciphers
supported by your version of OpenSSL.
If not specified triple DES is used. Only used with B<-encrypt> and
@@ -403,7 +404,7 @@ Use subject key identifier to identify certificates instead
of issuer name and
serial number. The supplied certificate B include a subject key
identifier extension. Supported by B<-sign> and B<-encrypt> options.
-=item B<-receipt_request_all -receipt_request_first>
+=item B<-receipt_request_all>, B<-receipt_request_first>
For B<-sign> option include a signed receipt request. Indicate requests should
be provided by all recipient or first tier recipients (those mailed directly
diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod
index 2428879..a4dcc56 100644
--- a/doc/man1/dsa.pod
+++ b/doc/man1/dsa.pod
@@ -89,7 +89,7 @@ filename.
The output file password source. For more information about the format of
B
see the B section in L.
-=item
B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>,
B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>,
B<-des3>, B<-idea>
These options encrypt the private key with the specified
cipher before outputting it. A pass phrase is prompted for.
diff --git a/doc/man1/gendsa.pod b/doc/man1/gendsa.pod
index 7984b74..1cbd3f4 100644
--- a/doc/man1/gendsa.pod
+++ b/doc/man1/gendsa.pod
@@ -45,7 +45,7 @@ Print out a usage message.
Output the key to the specified file. If this argument is not specified then
standard output is used.
-=item
B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>,
B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>,
B<-des3>, B<-idea>
These options encrypt the private key with specified
cipher before outputting it. A pass phrase is prompted for.
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index cdf2
[openssl-commits] [web] master update
The branch master has been updated via 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) from 108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit) - Log - commit 3c0d5cabf30bc2367a5574b3b9bfd5639396533f Author: Rich Salz Date: Tue Jul 3 11:35:17 2018 -0400 Fix NIST links, remove 2473. Also remove some "political" content. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/63) --- Summary of changes: docs/fips.html | 29 + 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/docs/fips.html b/docs/fips.html index 8c67a04..5c9b3ec 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,15 +10,10 @@ FIPS-140 - For a basic introduction, - see below. Thanks to multiple platform - sponsorships, the 2.0 validations include the largest number of - formally tested platforms for any validated module. - The most recent open source based validation of a cryptographic - module (Module) compatible with the OpenSSL 1.0.1 and 1.0.2 - libraries is v2.0.16, FIPS 140-2 certificate http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747";>#1747. + module (Module) compatible with the OpenSSL 1.0.2 + is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747";>#1747. This Module is documented in the 2.0 User Guide; the source code, @@ -26,12 +21,10 @@ are also available. - For convoluted bureaucratic reasons, the same module is also - available under the validations http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398";>#2398 - (revision 2.0.16) and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473";>#2473 - (revision 2.0.10). + For various bureaucratic reasons, the same module is also + available as validation https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2398";>#2398 + (revision 2.0.16). @@ -69,14 +62,18 @@ instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis. - If even the tiniest source code or build process changes are - required for your intended application, you cannot use the open + If even a single line of the source code or build process + has to be changed + for your intended application, you cannot use the open source based validated module directly. You must obtain your own validation. None of the validations will work with OpenSSL 1.1.0 or later. + We are starting work on a new validation based on the + upcoming 1.1.1 release. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via 2c739f72e5236a8e0c351c00047c77083dcdb77f (commit)
from da0bbdd62614df6d6a33f91142a3e72525f7186e (commit)
- Log -
commit 2c739f72e5236a8e0c351c00047c77083dcdb77f
Author: Rich Salz
Date: Thu Jun 28 18:13:54 2018 -0400
Zero-fill IV by default.
Fixes uninitialized memory read reported by Nick Mathewson
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6603)
(cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c)
---
Summary of changes:
crypto/pem/pem_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index eb59050..4ccc676 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -487,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO
*cipher)
char **header_pp = &header;
cipher->cipher = NULL;
+memset(cipher->iv, 0, sizeof(cipher->iv));
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return (1);
if (strncmp(header, "Proc-Type: ", 11) != 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e21602857e79becb64eb8cba3673830bd7a304e3 (commit) from 2f1ad5c81bd1856061cfe1c2d36b0af85f05ddf7 (commit) - Log - commit e21602857e79becb64eb8cba3673830bd7a304e3 Author: Rich Salz Date: Thu Jun 28 18:13:54 2018 -0400 Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c) --- Summary of changes: crypto/pem/pem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 33c03ee..735cd54 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -466,6 +466,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; +memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c (commit) from 358ffa05cd3a088822c7d06256bc87516d918798 (commit) - Log - commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c Author: Rich Salz Date: Thu Jun 28 18:13:54 2018 -0400 Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6603) --- Summary of changes: crypto/pem/pem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 7c82561..5c21a86 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -488,6 +488,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; +memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via 805106fc21b3bb4337c68f736fe43518344862a8 (commit)
from 3660c7ff2c23ae4d89e463f0abd5a359b6172775 (commit)
- Log -
commit 805106fc21b3bb4337c68f736fe43518344862a8
Author: Rich Salz
Date: Mon May 21 08:50:06 2018 -0400
Better flag parsing; build by default
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/tools/pull/15)
---
Summary of changes:
review-tools/ghmerge | 69
1 file changed, 42 insertions(+), 27 deletions(-)
diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 7f00b7c..1fb70c8 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -12,36 +12,49 @@ if [ ! -d .git ] ; then
exit 1
fi
-if [ "$1" = "--tools" ] ; then
-WHAT=tools ; MERGE=yes ; BUILD=no ; shift
-fi
-if [ "$1" = "--web" ] ; then
-WHAT=web ; MERGE=yes ; BUILD=no ; shift
-fi
-if [ "$1" == "--trivial" ] ; then
-TRIVIAL="--trivial" ; shift
-fi
-if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then
-MERGE=yes ; shift
-fi
-if [ "$1" == "--nomerge" -o "$1" == "--nosquash" ] ; then
-MERGE=no ; shift
-fi
+# Parse JCL.
+while true ; do
+case "$1" in
+--tools)
+WHAT=tools ; MERGE=yes ; BUILD=no ; shift
+;;
+--web)
+WHAT=web ; MERGE=yes ; BUILD=no ; shift
+;;
+--trivial)
+TRIVIAL="--trivial" ; shift
+;;
+--merge | --squash)
+MERGE=yes ; shift
+;;
+--nomerge | --nosquash)
+MERGE=no ; shift
+;;
+--nobuild)
+BUILD=no ; shift
+;;
+--)
+shift
+break
+;;
+-*)
+echo "$0: Unknown flag $1"
+exit 1
+;;
+*)
+break
+;;
+esac
+done
if [ $# -lt 2 ] ; then
-echo Usage: `basename $0` '[--trivial] [--merge] prnum reviewer...'
+echo "Usage: $0 [flags] prnum reviewer..."
exit 1
fi
PRNUM=$1 ; shift
-case "$PRNUM" in
--*)
-echo Usage: `basename $0` '[--trivial] [--[no]merge] prnum reviewer...'
-exit 1
-;;
-esac
+TEAM=$*
curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$
-TEAM=$*
set -- `python -c '
from __future__ import print_function
import json, sys;
@@ -69,13 +82,13 @@ function cleanup {
}
trap 'cleanup' EXIT
-
git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH
git rebase $REL
+
echo Diff against $REL
git diff $REL
-echo -n Press return to merge to $REL and build: ; read foo
+echo -n Press return to merge to $REL: ; read foo
addrev $TRIVIAL --prnum=$PRNUM $TEAM ${REL}..
git checkout $REL
if [ "$MERGE" == "yes" ] ; then
@@ -86,8 +99,10 @@ else
git rebase $WORK
fi
-# echo Rebuilding
-# opensslbuild |& tail -3
+if [ "$BUILD" == "yes" ] ; then
+echo Rebuilding
+( opensslbuild 2>&1 ) | tail -3
+fi
while true ; do
echo -n "Enter YES to push or NO to abort: "
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 55fc247a699be33153f27c06d304e6e60eeff980 (commit)
from 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 (commit)
- Log -
commit 55fc247a699be33153f27c06d304e6e60eeff980
Author: Dmitry Belyavskiy
Date: Fri Jun 8 09:14:16 2018 -0400
New GOST identificators
Reviewed-by: Matt Caswell
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6438)
---
Summary of changes:
crypto/objects/obj_dat.h | 98 +++---
crypto/objects/obj_mac.num | 20 ++
crypto/objects/objects.txt | 23 +++
fuzz/oids.txt | 14 +++
include/openssl/obj_mac.h | 77
5 files changed, 227 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 60c3826..6d66d07 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
-static const unsigned char so[7626] = {
+static const unsigned char so[7746] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,/* [6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1060,9 +1060,23 @@ static const unsigned char so[7626] = {
0x2B,0x6F, /* [ 7610] OBJ_ieee */
0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625]
OBJ_id_tc26_cipher_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633]
OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642]
OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651]
OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659]
OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668]
OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,/* [ 7677] OBJ_id_tc26_wrap
*/
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684]
OBJ_id_tc26_wrap_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692]
OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701]
OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709]
OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718]
OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727]
OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736]
OBJ_id_tc26_gost_3410_2012_256_paramSetD */
};
-#define NUM_NID 1173
+#define NUM_NID 1193
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2237,9 +2251,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"ieee", "ieee", NID_ieee, 2, &so[7610]},
{"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg,
5, &so[7612]},
{"SM2", "sm2", NID_sm2, 8, &so[7617]},
+{"id-tc26-cipher-gostr3412-2015-magma",
"id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma,
8, &so[7625]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm",
"id-tc26-cipher-gostr3412-2015-magma-ctracpkm",
NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac",
"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac",
NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik",
"id-tc26-cipher-gostr3412-2015-kuznyechik",
NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm",
"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm",
NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac",
"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac",
NID_id_tc26_ciph
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 853d2453620ff04fbe8afa89fabd77eff42f54db (commit) from cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 (commit) - Log - commit 853d2453620ff04fbe8afa89fabd77eff42f54db Author: Rich Salz Date: Tue Jun 5 11:17:59 2018 -0400 Improve wording Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6413) (cherry picked from commit 630fe1da888490b7dfef3fe0928b813ddff5d51a) --- Summary of changes: INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 9e09dc5..5a98d1d 100644 --- a/INSTALL +++ b/INSTALL @@ -3,7 +3,8 @@ This document describes installation on all supported operating - systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) + systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS, + and Windows). To install OpenSSL, you will need: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 630fe1da888490b7dfef3fe0928b813ddff5d51a (commit) from 02f9d83585e03fb8d1c9d8bf5059db5b4acefd98 (commit) - Log - commit 630fe1da888490b7dfef3fe0928b813ddff5d51a Author: Rich Salz Date: Tue Jun 5 11:17:59 2018 -0400 Improve wording Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6413) --- Summary of changes: INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 77de570..b1a5868 100644 --- a/INSTALL +++ b/INSTALL @@ -2,7 +2,8 @@ This document describes installation on all supported operating - systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) + systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS, + and Windows). To install OpenSSL, you will need: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 (commit) from 78641aacb777147eeca698faf1376761d005ad39 (commit) - Log - commit cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 Author: Rich Salz Date: Sat Jun 2 14:57:34 2018 -0400 Make OS/X more explicit, to avoid questions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6404) (cherry picked from commit 886c2e614fc1e78e658122bf6f6bccdd7dd23857) --- Summary of changes: INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 3e21cc2..9e09dc5 100644 --- a/INSTALL +++ b/INSTALL @@ -3,7 +3,7 @@ This document describes installation on all supported operating - systems (the Linux/Unix family, OpenVMS and Windows) + systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) To install OpenSSL, you will need: @@ -76,7 +76,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (again, this includes Mac OS/X): $ ./config $ make _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 278f65eeabb28279661927ecbcc23e95aad34948 (commit) from 1ac3cd6277f880fac4df313702d5e3b3814e56e2 (commit) - Log - commit 278f65eeabb28279661927ecbcc23e95aad34948 Author: Ken Goldman Date: Sat Jun 2 16:22:04 2018 -0400 Document failure return of ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) (cherry picked from commit 6da34cfbddede5e46f9c9183b724c9dcfb41) --- Summary of changes: doc/crypto/ecdsa.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 46c071b..5708d90 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -112,6 +112,8 @@ using the public key B. =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 78641aacb777147eeca698faf1376761d005ad39 (commit) from 13b578ada3106a4ce9b836f167ee520539f5fa8f (commit) - Log - commit 78641aacb777147eeca698faf1376761d005ad39 Author: Ken Goldman Date: Sat Jun 2 16:17:32 2018 -0400 Document failure return for ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) (cherry picked from commit 6da34cfbddede5e46f9c9183b724c9dcfb41) --- Summary of changes: doc/crypto/ECDSA_SIG_new.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod index 9e1f662..3920b96 100644 --- a/doc/crypto/ECDSA_SIG_new.pod +++ b/doc/crypto/ECDSA_SIG_new.pod @@ -114,6 +114,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_SIG_set0() returns 1 on success or 0 on failure. ECDSA_size() returns the maximum length signature or 0 on error. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6da34cfbddede5e46f9c9183b724c9dcfb41 (commit) from 886c2e614fc1e78e658122bf6f6bccdd7dd23857 (commit) - Log - commit 6da34cfbddede5e46f9c9183b724c9dcfb41 Author: Ken Goldman Date: Sat Jun 2 16:17:32 2018 -0400 Document failure return for ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) --- Summary of changes: doc/man3/ECDSA_SIG_new.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 72962f0..0bf63f8 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -121,6 +121,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_SIG_set0() returns 1 on success or 0 on failure. ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 886c2e614fc1e78e658122bf6f6bccdd7dd23857 (commit) from 166f0082e7ce53ed608d8519526b99893ca7925e (commit) - Log - commit 886c2e614fc1e78e658122bf6f6bccdd7dd23857 Author: Rich Salz Date: Sat Jun 2 14:57:34 2018 -0400 Make OS/X more explicit, to avoid questions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6404) --- Summary of changes: INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 52e3f2a..77de570 100644 --- a/INSTALL +++ b/INSTALL @@ -2,7 +2,7 @@ This document describes installation on all supported operating - systems (the Linux/Unix family, OpenVMS and Windows) + systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) To install OpenSSL, you will need: @@ -76,7 +76,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (again, this includes Mac OS/X): $ ./config $ make _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8241c47b948d2213e8cead94844fd23207716499 (commit) from 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) - Log - commit 8241c47b948d2213e8cead94844fd23207716499 Author: Rich Salz Date: Tue May 29 11:18:24 2018 -0400 Remove rationale paragraph Reviewed-by: OMC Vote --- Summary of changes: policies/releasestrat.html | 16 +--- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 9d0e3c3..0bb80f5 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. - Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security. - With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -64,7 +50,7 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - As implied by the above paragraphs, during the final year + During the final year of support, we do not commit to anything other than security fixes. Before that, bug and security fixes will be applied as appropriate. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via ddda55afb15458bc21187ef80397134193a8982e (commit)
from 845c25d8db7fc784cbf92a523300376a8d69b2a1 (commit)
- Log -
commit ddda55afb15458bc21187ef80397134193a8982e
Author: Rich Salz
Date: Wed May 23 11:44:44 2018 -0400
Add --web and --tools to support other repo's.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/tools/pull/1t)
---
Summary of changes:
review-tools/addrev| 4
review-tools/gitaddrev | 9 +++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/review-tools/addrev b/review-tools/addrev
index 0bd28a5..ce770f3 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -22,6 +22,10 @@ foreach (@ARGV) {
$args .= "--rmreviewers ";
} elsif (/^--trivial$/) {
$args .= "--trivial ";
+} elsif (/^--web$/) {
+$args .= "--web ";
+} elsif (/^--tools$/) {
+$args .= "--tools ";
} elsif (/^--verbose$/) {
$args .= "--verbose ";
} elsif (/^--noself$/) {
diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 2beb48a..cf041d4 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -21,6 +21,7 @@ my $num = 0;
my $refuse = 0;
my $prnum = 0;
my $verbose = 0;
+my $WHAT = 'openssl';
my $query = OpenSSL::Query->new();
@@ -99,6 +100,10 @@ foreach (@ARGV) {
try_add_reviewer($1);
} elsif (/^--verbose$/) {
$verbose = 1;
+} elsif (/^--web$/) {
+$WHAT = 'web';
+} elsif (/--tools$/) {
+$WHAT = 'tools'
}
}
@@ -189,7 +194,7 @@ my $last_is_rev = 0;
foreach (@commit_message) {
# Start each line with assuming it's not a reviewed-by line
$last_is_rev = 0;
-if (/^\(Merged from https:\/\/github\.com\/openssl\/openssl\/pull\//) {
+if (/^\(Merged from https:\/\/github\.com\/openssl\/$WHAT\/pull\//) {
next if $rmrev == 1;
$last_is_rev = 1;
next; # Because we're rewriting it below
@@ -211,5 +216,5 @@ if ($rmrev == 0) {
}
}
-print "(Merged from https://github.com/openssl/openssl/pull/$prnum)\n"
+print "(Merged from https://github.com/openssl/$WHAT/pull/$prnum)\n"
if $prnum;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) from ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) - Log - commit c9f50cbf963b7d9949332c17e614ad0a6e97d431 Author: Rich Salz Date: Wed May 23 19:57:47 2018 -0400 Revert "Remove rationale, clarify language." This reverts commit ac5eb58ddc24db122c494b4cb13de3adff366e48. --- Summary of changes: policies/releasestrat.html | 28 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 83b85d2..3f37936 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,6 +34,20 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. + Binary compatibility also allows other possibilities. For + example, consider an application that wishes to utilize + a new cipher provided in a specific 1.0.x release, but it + is also desirable to maintain the application in a 1.0.0 + context. Customarily this would be resolved at compile time + resulting in two binary packages targeting different OpenSSL + versions. However, depending on the feature, it might be + possible to check for its availability at run-time, thus cutting + down on the maintenance of multiple binary packages. Admittedly + it takes a certain discipline and some extra coding, but we + would like to encourage such practice. This is because we + want to see later releases being adopted faster, because new + features can improve security. + With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -50,18 +64,15 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - During the final year + As implied by the above paragraphs, during the final year of support, we do not commit to anything other than security - fixes. Before then, bug and security fixes will be applied + fixes. Before that, bug and security fixes will be applied as appropriate. The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened; - we want to have at least one beta release after TLS 1.3 is - officially published as an RFC. The next LTS release will be - 1.1.1. + will not have its final release until that has happened. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -77,8 +88,9 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) -29th May 2018, beta release 5 (pre7) -19th June 2018, beta release 6 (pre8) + 8th May 2018, release readiness check (new release + cycles added if required, first possible final release date: + 15th May 2018) An alpha release means: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) from 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit) - Log - commit ac5eb58ddc24db122c494b4cb13de3adff366e48 Author: Rich Salz Date: Mon May 14 16:29:47 2018 -0400 Remove rationale, clarify language. Add 1.1.1 release/LTS details. Remove paragraph justifying binary compatibility. Also remove phrase "as implied by the above" beause, well, it ACTUALY ISN'T implied by the above. :) Reviewed-by: Matt Caswell Reviewed-by: Mark Cox (Merged from https://github.com/openssl/web/pull/52) --- Summary of changes: policies/releasestrat.html | 28 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..83b85d2 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. - Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security. - With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -64,15 +50,18 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - As implied by the above paragraphs, during the final year + During the final year of support, we do not commit to anything other than security - fixes. Before that, bug and security fixes will be applied + fixes. Before then, bug and security fixes will be applied as appropriate. The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened. + will not have its final release until that has happened; + we want to have at least one beta release after TLS 1.3 is + officially published as an RFC. The next LTS release will be + 1.1.1. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -88,9 +77,8 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) - 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018) +29th May 2018, beta release 5 (pre7) +19th June 2018, beta release 6 (pre8) An alpha release means: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via a3215cfa675b64baaa570f374c55f098479b0df6 (commit)
from f37c4f5e3a9ef27283a395ffd0975e78067121ea (commit)
- Log -
commit a3215cfa675b64baaa570f374c55f098479b0df6
Author: Rich Salz
Date: Sun May 20 21:00:32 2018 -0400
Add --web flag for web repo
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/tools/pull/13)
---
Summary of changes:
review-tools/ghmerge | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index b1aebb9..ea6b0ec 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -2,16 +2,22 @@
set -o errexit
+WHAT=openssl
+BUILD=yes
+TRIVIAL=""
+MERGE="yes"
+
if [ ! -d .git ] ; then
echo Not at top-level
exit 1
fi
-TRIVIAL=""
+if [ "$1" = "--web" ] ; then
+WHAT=web ; MERGE=yes ; BUILD=no ; shift
+fi
if [ "$1" == "--trivial" ] ; then
TRIVIAL="--trivial" ; shift
fi
-MERGE="yes"
if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then
MERGE=yes ; shift
fi
@@ -31,7 +37,7 @@ case "$PRNUM" in
;;
esac
-curl -s https://api.github.com/repos/openssl/openssl/pulls/$PRNUM >/tmp/gh$$
+curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$
TEAM=$*
set -- `python -c '
from __future__ import print_function
@@ -61,7 +67,7 @@ function cleanup {
trap 'cleanup' EXIT
-git pull --rebase https://github.com/$WHO/openssl.git $BRANCH
+git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH
git rebase $REL
echo Diff against $REL
git diff $REL
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated via c0ba851e324ad25cf4734ea93b22e315a51e5106 (commit) from a3215cfa675b64baaa570f374c55f098479b0df6 (commit) - Log - commit c0ba851e324ad25cf4734ea93b22e315a51e5106 Author: Rich Salz Date: Mon May 21 08:13:07 2018 -0400 Add --tools flag Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/tools/pull/14) --- Summary of changes: review-tools/ghmerge | 4 1 file changed, 4 insertions(+) diff --git a/review-tools/ghmerge b/review-tools/ghmerge index ea6b0ec..7f00b7c 100755 --- a/review-tools/ghmerge +++ b/review-tools/ghmerge @@ -12,6 +12,9 @@ if [ ! -d .git ] ; then exit 1 fi +if [ "$1" = "--tools" ] ; then +WHAT=tools ; MERGE=yes ; BUILD=no ; shift +fi if [ "$1" = "--web" ] ; then WHAT=web ; MERGE=yes ; BUILD=no ; shift fi @@ -82,6 +85,7 @@ if [ "$MERGE" == "yes" ] ; then else git rebase $WORK fi + # echo Rebuilding # opensslbuild |& tail -3 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 8e51a340f40fc80331ddac19203ef7a3e7e02d1a (commit)
from ee94ec2ef88e0ec25dedf2829d8e48dff0aa1c50 (commit)
- Log -
commit 8e51a340f40fc80331ddac19203ef7a3e7e02d1a
Author: Rich Salz
Date: Mon May 21 10:28:16 2018 -0400
Check malloc failure via app_malloc
Thanks to GitHUb user murugesandins for reporting this.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/6322)
---
Summary of changes:
apps/speed.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/speed.c b/apps/speed.c
index c0a34ee..e513263 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3152,7 +3152,7 @@ static int do_multi(int multi, int size_num)
int *fds;
static char sep[] = ":";
-fds = malloc(sizeof(*fds) * multi);
+fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
for (n = 0; n < multi; ++n) {
if (pipe(fd) == -1) {
BIO_printf(bio_err, "pipe failure\n");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) from c1af450066654ac208edbb73f954fcf32d6330f7 (commit) - Log - commit 6d2d64dcea7f89da419eafb2e860b0f0f164458f Author: Rich Salz Date: Wed May 16 16:09:43 2018 -0400 Broken link to pgpkey.html Also fix indent of #include'd file Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/53) --- Summary of changes: community/index.html | 2 +- news/pgpkey.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 82374b6..e204c4b 100644 --- a/community/index.html +++ b/community/index.html @@ -50,7 +50,7 @@ please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. Encryption is not required, but if you want to encrypt the mail, you can use our -team's PGP Key. Or you can +team's PGP Key. Or you can send mail to one or more individual OMC Members, encrypted or plaintext. diff --git a/news/pgpkey.html b/news/pgpkey.html index 492a80d..5c996a5 100644 --- a/news/pgpkey.html +++ b/news/pgpkey.html @@ -18,7 +18,7 @@ openssl-security.asc - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c1af450066654ac208edbb73f954fcf32d6330f7 (commit) from 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) - Log - commit c1af450066654ac208edbb73f954fcf32d6330f7 Author: Rich Salz Date: Fri Apr 6 12:08:26 2018 -0400 Remove NSA license and mention of it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/51) --- Summary of changes: source/NSA-PLA.pdf | Bin 2276088 -> 0 bytes source/sidebar.shtml | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 source/NSA-PLA.pdf diff --git a/source/NSA-PLA.pdf b/source/NSA-PLA.pdf deleted file mode 100644 index 88514df..000 Binary files a/source/NSA-PLA.pdf and /dev/null differ diff --git a/source/sidebar.shtml b/source/sidebar.shtml index 233e092..6862589 100644 --- a/source/sidebar.shtml +++ b/source/sidebar.shtml @@ -17,9 +17,6 @@ OCB License -NSA ECC License - - Old Releases _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 781fb90cd7ec28a0d4e94cbb4a95fecb72020c2d (commit) from 717f308e7624233e2ad18fba62558a421dfda83d (commit) - Log - commit 781fb90cd7ec28a0d4e94cbb4a95fecb72020c2d Author: Rich Salz Date: Sat May 5 15:57:21 2018 -0400 Cleanup Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6183) --- Summary of changes: README.ECC | 61 - 1 file changed, 61 deletions(-) delete mode 100644 README.ECC diff --git a/README.ECC b/README.ECC deleted file mode 100644 index fa3cad7..000 --- a/README.ECC +++ /dev/null @@ -1,61 +0,0 @@ -NOTE: The OpenSSL Software Foundation has executed a sublicense agreement -entitled "Elliptic Curve Cryptography Patent License Agreement" with the -National Security Agency/ Central Security Service Commercial Solutions -Center (NCSC) dated 2010-11-04. That agreement permits implementation and -distribution of software containing features covered by any or all of the -following patents: - -1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol -with Implicit Signatures" issued on June 2, 1998; -2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport -Protocol with Implicit Signature and Reduced Bandwidth" filed on May -16, 1996; -3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol -with Implicit Signatures" issued on March 30, 1999; -4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol -with Implicit Signatures" issued on April 20, 1999; -5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" -issued on August 3, 1999; -6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key -Protocol" filed on May 17, 1996; -7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key -Protocol" filed on May 17, 1996; -8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" -issued on December 7, 1999; -9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a -Smartcard" filed on April 14, 1997; -10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a - Smartcard" filed on April 15, 1997; -11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on September 19, 2000; -12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport - Protocol with Implicit Signatures" filed on April 16, 1996; -13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 16, 1996; -14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" - issued on October 31, 2000; -15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued - on January 1, 2002; -18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" - issued on November 26, 2002; -19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport - Protocol" filed on April 16, 1996; -20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and - Transport Protocol" filed on April 21, 1996; -21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" - issued on May 13, 2003; -22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" - issued September 9, 2003; -23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a - Smartcard" filed on November 5, 1999; -24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 25, 2000; -25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a - Smartcard" filed on August 29, 2001 and published on July 18, 2002; and, -26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key - Protocol" filed on July 1, 2000. - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) from 52717d01f543385642f385407e52b1eb35283f21 (commit) - Log - commit 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d Author: Rich Salz Date: Sat May 5 10:10:44 2018 -0400 Tweak wording based on F2F --- Summary of changes: community/getting-started.html | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/community/getting-started.html b/community/getting-started.html index 0bbc175..c7c9626 100644 --- a/community/getting-started.html +++ b/community/getting-started.html @@ -14,11 +14,21 @@ the information on this page, and the links to the side. In particular, you should look at the Mailing Lists page and join -the openssl-dev or openssl-users list, or both. +the openssl-project or openssl-users list, or both. After that, here are some ideas: + Review and comment on the pull requests on GitHub. + + You can find pull requests -- patches that people have + suggested -- at + https://github.com/openssl/openssl/pulls";>https://github.com/openssl/openssl/pulls + Reviewing and commenting on these is helpful and can be a good + way to learn your way around the code. + + Look through the OpenSSL issues on GitHub. You can find issues that people have opened at @@ -31,22 +41,12 @@ very useful! - Look at the pull requests on GitHub. - - You can find pull requests -- patches that people have - suggested -- at - https://github.com/openssl/openssl/pulls";>https://github.com/openssl/openssl/pulls - Reviewing and commenting on these is helpful, like with - the issues mentioned above. - - Help update the documentation. The documentation has gotten better, but there are still many API's that are not documented. Write a POD page, or report - bugs in existing pages. It's probably better to get a whole - bunch of minor edits done one once. + bugs in existing pages. It's probably better to do a whole + bunch of minor edits in one submission. Write some test cases. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via fe1128dc2a6e7aae9010cf6595c78245e0eefd46 (commit)
from 74a8acbdfb2c7f398d1ae2fe914cd32b437f6df4 (commit)
- Log -
commit fe1128dc2a6e7aae9010cf6595c78245e0eefd46
Author: Rich Salz
Date: Thu Apr 26 14:02:24 2018 -0400
Fix last(?) batch of malloc-NULL places
Add a script to find them in the future
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/6103)
---
Summary of changes:
crypto/comp/comp_err.c | 3 ++-
crypto/comp/comp_lib.c | 5 -
crypto/cpt_err.c | 5 +
crypto/err/openssl.txt | 6 ++
crypto/lhash/lhash.c | 9 -
crypto/stack/stack.c | 10 +++---
include/openssl/comperr.h | 1 +
include/openssl/cryptoerr.h| 4
include/openssl/sslerr.h | 1 +
ssl/record/rec_layer_d1.c | 4 +++-
ssl/ssl_err.c | 2 ++
.../04-test_bio_callback.t => util/check-malloc-errs | 14 +-
12 files changed, 52 insertions(+), 12 deletions(-)
copy test/recipes/04-test_bio_callback.t => util/check-malloc-errs (57%)
mode change 100644 => 100755
diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
index 5aff502..2dca315 100644
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA COMP_str_functs[] = {
{ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"},
{ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"},
{ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"},
+{ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"},
{0, NULL}
};
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index e509f59..6ae2114 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -12,14 +12,17 @@
#include
#include
#include
+#include
#include "comp_lcl.h"
COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
{
COMP_CTX *ret;
-if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+}
ret->meth = meth;
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
OPENSSL_free(ret);
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index da1004d..4147b1c 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -40,11 +40,16 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
"OPENSSL_hexstr2buf"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
"OPENSSL_init_crypto"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
+ "OPENSSL_sk_deep_copy"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
"pkey_poly1305_init"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
"pkey_siphash_init"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
{0, NULL}
};
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index b9457b9..155a8f3 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -320,6 +320,7 @@ COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush
COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new
COMP_F_BIO_ZLIB_READ:101:bio_zlib_read
COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write
+COMP_F_COMP_CTX_NEW:103:COMP_CTX_new
CONF_F_CONF_DUMP_FP:104:CONF_dump_fp
CONF_F_CONF_LOAD:100:CONF_load
CONF_F_CONF_LOAD_FP:103:CONF_load_fp
@@ -359,9 +360,13 @@ CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr
CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen
CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf
CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
+CRYP
[openssl-commits] [openssl] master update
The branch master has been updated
via f06080cb3da93e99755edb5f19e7ccc132aeba36 (commit)
from d1f7a1e62a5b67b492f8e7eb48130bf00f9a3ab0 (commit)
- Log -
commit f06080cb3da93e99755edb5f19e7ccc132aeba36
Author: FdaSilvaYY
Date: Thu Apr 26 12:06:17 2018 -0400
Add missing error code when alloc-return-null
Reviewed-by: Bernd Edlinger
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6085)
---
Summary of changes:
crypto/bio/bf_nbio.c | 4 +++-
crypto/bio/bio_err.c | 4
crypto/bio/bss_acpt.c| 4 +++-
crypto/bio/bss_conn.c| 4 +++-
crypto/bio/bss_log.c | 1 +
crypto/bn/bn_err.c | 2 ++
crypto/bn/bn_mont.c | 4 +++-
crypto/bn/bn_recp.c | 4 +++-
crypto/ec/ec_err.c | 1 +
crypto/ec/ec_lib.c | 6 --
crypto/err/openssl.txt | 13 +
crypto/objects/obj_dat.c | 6 --
crypto/objects/obj_err.c | 1 +
crypto/pkcs12/p12_utl.c | 17 -
crypto/pkcs12/pk12err.c | 8 +++-
crypto/x509v3/pcy_tree.c | 5 -
crypto/x509v3/v3err.c| 1 +
include/openssl/bioerr.h | 4
include/openssl/bnerr.h | 2 ++
include/openssl/ecerr.h | 1 +
include/openssl/objectserr.h | 1 +
include/openssl/pkcs12err.h | 4
include/openssl/x509v3err.h | 1 +
23 files changed, 82 insertions(+), 16 deletions(-)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index d7972bf..4bc84ee 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -57,8 +57,10 @@ static int nbiof_new(BIO *bi)
{
NBIO_TEST *nt;
-if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL)
+if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) {
+BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE);
return 0;
+}
nt->lrn = -1;
nt->lwn = -1;
bi->ptr = (char *)nt;
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index 2a4e478..7aa9dab 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -19,10 +19,12 @@ static const ERR_STRING_DATA BIO_str_functs[] = {
{ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"},
+{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"},
+{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"},
@@ -65,6 +67,8 @@ static const ERR_STRING_DATA BIO_str_functs[] = {
{ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"},
+{ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"},
+{ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"},
{ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"},
{0, NULL}
};
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 64cc452..993e590 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -92,8 +92,10 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void)
{
BIO_ACCEPT *ret;
-if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+}
ret->accept_family = BIO_FAMILY_IPANY;
ret->accept_sock = (int)INVALID_SOCKET;
return ret;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index c87b431..e9673fe 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -223,8 +223,10 @@ BIO_CONNECT *BIO_CONNECT_new(void)
{
BIO_CONNECT *ret;
-if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+}
ret->state = BIO_CONN_S_BEFORE;
ret->connect_family = BIO_FAMILY_IPANY;
return ret;
diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
index 10acba1..0376919 100644
--- a/crypto/bio/bss_log.c
+++ b/crypto/bi
[openssl-commits] [openssl] master update
The branch master has been updated
via f90bc6c5cb9ca4d97730ff63e6d34fd94047893e (commit)
from 208056b2ae41e2501f071fa134765349ddb57b3c (commit)
- Log -
commit f90bc6c5cb9ca4d97730ff63e6d34fd94047893e
Author: Rich Salz
Date: Tue Apr 24 12:41:45 2018 -0400
Add missing malloc-return-null instance
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6071)
---
Summary of changes:
crypto/err/openssl.txt| 1 +
crypto/x509/x509_err.c| 2 ++
crypto/x509/x509_vpm.c| 9 -
include/openssl/x509err.h | 1 +
4 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d62968e..1b547ea 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1696,6 +1696,7 @@ X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
X509_F_X509_TRUST_ADD:133:X509_TRUST_add
X509_F_X509_TRUST_SET:141:X509_TRUST_set
X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
#Reason codes
ASN1_R_ADDING_OBJECT:171:adding object
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 7b9f505..5027df4 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -103,6 +103,8 @@ static const ERR_STRING_DATA X509_str_functs[] = {
{ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+{ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+ "X509_VERIFY_PARAM_new"},
{0, NULL}
};
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 033ec42..fa51990 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -84,13 +84,12 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
X509_VERIFY_PARAM *param;
param = OPENSSL_zalloc(sizeof(*param));
-if (param == NULL)
+if (param == NULL) {
+X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+}
param->trust = X509_TRUST_DEFAULT;
-/*
- * param->inh_flags = X509_VP_FLAG_DEFAULT;
- */
-param->inh_flags = 0;
+/* param->inh_flags = X509_VP_FLAG_DEFAULT; */
param->depth = -1;
param->auth_level = -1; /* -1 means unset, 0 is explicit */
return param;
diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h
index 4faeffa..15a0d75 100644
--- a/include/openssl/x509err.h
+++ b/include/openssl/x509err.h
@@ -78,6 +78,7 @@ int ERR_load_X509_strings(void);
# define X509_F_X509_TRUST_ADD133
# define X509_F_X509_TRUST_SET141
# define X509_F_X509_VERIFY_CERT 127
+# define X509_F_X509_VERIFY_PARAM_NEW 159
/*
* X509 reason codes.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via cb1b2cafe11f2008b0acc91726a6a6760f16fe28 (commit)
from b3199e54d65f25c5ef6e54e129e228831a1fb363 (commit)
- Log -
commit cb1b2cafe11f2008b0acc91726a6a6760f16fe28
Author: Beat Bolli
Date: Wed Apr 18 16:42:11 2018 -0400
Clarify the configuration module in config.pod
Similar to 0652e8a7 ("Clarify default section in config.pod",
2018-04-12), reword a sentence to make it easier to parse.
Reviewed-by: Andy Polyakov
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5794)
---
Summary of changes:
doc/man5/config.pod | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index c930ddd..3e110b0 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -88,9 +88,9 @@ of the configuration file.
The configuration section should consist of a set of name value pairs which
contain specific module configuration information. The B represents
-the name of the I the meaning of the B is
+the name of the I. The meaning of the B is
module specific: it may, for example, represent a further configuration
-section containing configuration module specific information. E.g.
+section containing configuration module specific information. E.g.:
# This must be in the default section
openssl_conf = openssl_init
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f8a362841bcc696786c5faa1dcfc8d0c274f92e7 (commit) from fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit) - Log - commit f8a362841bcc696786c5faa1dcfc8d0c274f92e7 Author: Rich Salz Date: Wed Apr 18 08:50:48 2018 -0400 Add bug bounty reference --- Summary of changes: docs/faq-5-misc.txt | 10 ++ 1 file changed, 10 insertions(+) diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index b84b595..f2810e5 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -103,3 +103,13 @@ in the next minor release. It was decided after the release of OpenSSL 0.9.8y the next version should be 0.9.8za then 0.9.8zb and so on. + +* Do you have a bug bounty program? + +The project does not. Google runs a program +@@@https://www.google.com/about/appsecurity/patch-rewards/@@@; so does +HackerOne, @@@https://hackerone.com/ibb-openssl@@@. In general, if you +have found a security issue, send email to openssl-secur...@openssl.org. +Please note that we do not consider DNS configurations or Website +configuration to be security issues. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 55442b8a5b719f54578083fae0fcc814b599cd84 (commit)
from 9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94 (commit)
- Log -
commit 55442b8a5b719f54578083fae0fcc814b599cd84
Author: Davide Galassi
Date: Tue Apr 17 16:57:22 2018 -0400
BIGNUM signed add/sub routines refactory
Old code replaced in favor of a clearer implementation.
Performances are not penalized.
Updated the copyright end date to 2018.
Reviewed-by: David Benjamin
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5963)
---
Summary of changes:
crypto/bn/bn_add.c | 132 +++--
1 file changed, 47 insertions(+), 85 deletions(-)
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index 7cdefa7..f2736b8 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,51 +10,69 @@
#include "internal/cryptlib.h"
#include "bn_lcl.h"
-/* r can == a or b */
+/* signed add of b to a. */
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
-int a_neg = a->neg, ret;
+int ret, r_neg, cmp_res;
bn_check_top(a);
bn_check_top(b);
-/*-
- * a + b a+b
- * a + -b a-b
- * -a + b b-a
- * -a + -b -(a+b)
- */
-if (a_neg ^ b->neg) {
-/* only one is negative */
-if (a_neg) {
-const BIGNUM *tmp;
-
-tmp = a;
-a = b;
-b = tmp;
+if (a->neg == b->neg) {
+r_neg = a->neg;
+ret = BN_uadd(r, a, b);
+} else {
+cmp_res = BN_ucmp(a, b);
+if (cmp_res > 0) {
+r_neg = a->neg;
+ret = BN_usub(r, a, b);
+} else if (cmp_res < 0) {
+r_neg = b->neg;
+ret = BN_usub(r, b, a);
+} else {
+r_neg = 0;
+BN_zero(r);
+ret = 1;
}
+}
+
+r->neg = r_neg;
+bn_check_top(r);
+return ret;
+}
+
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+int ret, r_neg, cmp_res;
-/* we are now a - b */
+bn_check_top(a);
+bn_check_top(b);
-if (BN_ucmp(a, b) < 0) {
-if (!BN_usub(r, b, a))
-return 0;
-r->neg = 1;
+if (a->neg != b->neg) {
+r_neg = a->neg;
+ret = BN_uadd(r, a, b);
+} else {
+cmp_res = BN_ucmp(a, b);
+if (cmp_res > 0) {
+r_neg = a->neg;
+ret = BN_usub(r, a, b);
+} else if (cmp_res < 0) {
+r_neg = !b->neg;
+ret = BN_usub(r, b, a);
} else {
-if (!BN_usub(r, a, b))
-return 0;
-r->neg = 0;
+r_neg = 0;
+BN_zero(r);
+ret = 1;
}
-return 1;
}
-ret = BN_uadd(r, a, b);
-r->neg = a_neg;
+r->neg = r_neg;
bn_check_top(r);
return ret;
}
-/* unsigned add of b to a */
+/* unsigned add of b to a, r can be equal to a or b. */
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max, min, dif;
@@ -151,59 +169,3 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
return 1;
}
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
-int max;
-int add = 0, neg = 0;
-
-bn_check_top(a);
-bn_check_top(b);
-
-/*-
- * a - b a-b
- * a - -b a+b
- * -a - b -(a+b)
- * -a - -b b-a
- */
-if (a->neg) {
-if (b->neg) {
-const BIGNUM *tmp;
-
-tmp = a;
-a = b;
-b = tmp;
-} else {
-add = 1;
-neg = 1;
-}
-} else {
-if (b->neg) {
-add = 1;
-neg = 0;
-}
-}
-
-if (add) {
-if (!BN_uadd(r, a, b))
-return 0;
-r->neg = neg;
-return 1;
-}
-
-/* We are actually doing a - b :-) */
-
-max = (a->top > b->top) ? a->top : b->top;
-if (bn_wexpand(r, max) == NULL)
-return 0;
-if (BN_ucmp(a, b) < 0) {
-if (!BN_usub(r, b, a))
-return 0;
-r->neg = 1;
-} else {
-if (!BN_usub(r, a, b))
-return 0;
-r->neg = 0;
-}
-bn_check_top(r);
-return 1;
-}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 168a9472b41c33b508d82a167ec169482b854664 (commit) from 58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit) - Log - commit 168a9472b41c33b508d82a167ec169482b854664 Author: Rich Salz Date: Mon Apr 16 11:47:44 2018 -0400 1747 newsflash --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e4ecaef..b0b7cf1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html";>OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c12a2d2728fd9eb555ab347049ebdddef9d81d7f (commit) from a8b2b52fe57249f5093e190eb40def9fed9c9627 (commit) - Log - commit c12a2d2728fd9eb555ab347049ebdddef9d81d7f Author: Theo Buehler Date: Wed Apr 11 12:59:25 2018 -0400 EVP_MD_CTX_cleanup replaced with EVP_MD_CTX_reset The EVP_MD_CTX_cleanup() function was merged into EVP_MD_CTX_reset() which is called by EVP_MD_CTX_free(). Adjust the documentation to say that the latter should be used to avoid leaking memory. CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5921) --- Summary of changes: doc/man3/EVP_DigestSignInit.pod | 2 +- doc/man3/EVP_DigestVerifyInit.pod | 2 +- doc/man3/EVP_SignInit.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index c3513f5..176872d 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -77,7 +77,7 @@ context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. The use of EVP_PKEY_size() with these functions is discouraged because some diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 2191b9e..603e2cd 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -76,7 +76,7 @@ context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 SEE ALSO diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index d3fe79c..12e67f8 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -75,7 +75,7 @@ This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called later to digest and sign additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 BUGS diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index faabc71..f868258 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -57,7 +57,7 @@ This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 BUGS _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a8b2b52fe57249f5093e190eb40def9fed9c9627 (commit) from f7bef277eac05853224d33e67465147833c49108 (commit) - Log - commit a8b2b52fe57249f5093e190eb40def9fed9c9627 Author: Daniel Bevenius Date: Wed Apr 11 12:57:31 2018 -0400 Fix minor typos in Configurations/README Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5774) --- Summary of changes: Configurations/README | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Configurations/README b/Configurations/README index d553cab..4457b94 100644 --- a/Configurations/README +++ b/Configurations/README @@ -165,7 +165,7 @@ In each table entry, the following keys are significant: that use dlopen() et al but do not have fcntl.h), "DL" (shl_load() et al), "WIN32" and "VMS". -perlasm_scheme => The perlasm method used to created the +perlasm_scheme => The perlasm method used to create the assembler files used when compiling with assembler implementations. shared_target => The shared library building method used. @@ -429,7 +429,7 @@ It's also possible to depend on static libraries explicitly: This should be rarely used, and care should be taken to make sure it's only used when supported. For example, native Windows build doesn't -support build static libraries and DLLs at the same time, so using +support building static libraries and DLLs at the same time, so using static libraries on Windows can only be done when configured 'no-shared'. @@ -445,7 +445,7 @@ library: RENAME[libfoo]=libbar -That lines has "libfoo" get renamed to "libbar". While it makes no +That line has "libfoo" renamed to "libbar". While it makes no sense at all to just have a rename like that (why not just use "libbar" everywhere?), it does make sense when it can be used conditionally. See a little further below for an example. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via eb8e052c4b43551f205b328e3a6568309c9e042e (commit) from a9b7a06ed8e6d70bf7caa778838d7a869a17db78 (commit) - Log - commit eb8e052c4b43551f205b328e3a6568309c9e042e Author: Kunxian Xia Date: Mon Apr 9 08:38:51 2018 -0400 Correct the equation for Y' in the comment of point_double function CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5908) --- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 346f84d..5b8da3f 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -813,7 +813,7 @@ static void copy_conditional(felem out, const felem in, limb icopy) * Double an elliptic curve point: * (X', Y', Z') = 2 * (X, Y, Z), where * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 - * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2 + * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4 * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, * while x_out == y_in is not (maybe this works, but it's not tested). _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 06196e717651fe2c724fb326e31e8d666b27de33 (commit) from 0ac1a7eace815bb4a0597bd43774c2e607288968 (commit) - Log - commit 06196e717651fe2c724fb326e31e8d666b27de33 Author: Rich Salz Date: Sat Apr 7 13:09:15 2018 -0400 Updated to CONTRIBUTING to reflect GitHub, etc. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5889) (cherry picked from commit 2876872ffe5dd53ec1c446656e924ff463e5d4bf) --- Summary of changes: CONTRIBUTING | 50 +- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index f734d77..efcb0b8 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,26 +1,26 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL - +HOW TO CONTRIBUTE TO OpenSSL + (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. -1. Anything other than trivial contributions will require a contributor -licensing agreement, giving us permission to use your code. See -https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + +1. Anything other than a trivial contribution requires a Contributor +License Agreement (CLA), giving us permission to use your code. See +https://www.openssl.org/policies/cla.html for details. If your +contribution is too small to require a CLA, put "CLA: trivial" on a +line by itself in your commit message body. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -34,21 +34,21 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase -often. We do not accept merge commits; You will be asked to remove -them before a patch is considered acceptable. +often. We do not accept merge commits, you will have to remove them +(usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see -https://www.openssl.org/policies/codingstyle.html) and compile without -warnings. Where gcc or clang is availble you should use the +https://www.openssl.org/policies/codingstyle.html) and compile +without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied -platforms: try to ensure you only use portable features. -Clean builds via Travis and AppVeyor are expected, and done whenever -a PR is created or updated. +platforms: try to ensure you only use portable features. Clean builds +via Travis and AppVeyor are required, and they are started automatically +whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include -documentation. Please look at the "pod" files in doc/apps, doc/crypto -and doc/ssl for examples of our style. +documentation. Please look at the "pod" files in doc for +examples of our style. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via facd09a0784d3337bec66987ab0ba6653cd6dd75 (commit) from 4bf4b86518297b47af9b160f063e09832c406b51 (commit) - Log - commit facd09a0784d3337bec66987ab0ba6653cd6dd75 Author: Rich Salz Date: Sat Apr 7 13:09:15 2018 -0400 Updated to CONTRIBUTING to reflect GitHub, etc. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5889) (cherry picked from commit 2876872ffe5dd53ec1c446656e924ff463e5d4bf) --- Summary of changes: CONTRIBUTING | 50 +- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1eebaf3..efcb0b8 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,26 +1,26 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL - +HOW TO CONTRIBUTE TO OpenSSL + (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. -1. Anything other than trivial contributions will require a contributor -licensing agreement, giving us permission to use your code. See -https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + +1. Anything other than a trivial contribution requires a Contributor +License Agreement (CLA), giving us permission to use your code. See +https://www.openssl.org/policies/cla.html for details. If your +contribution is too small to require a CLA, put "CLA: trivial" on a +line by itself in your commit message body. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -34,21 +34,21 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase -often. We do not accept merge commits; You will be asked to remove -them before a patch is considered acceptable. +often. We do not accept merge commits, you will have to remove them +(usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see -https://www.openssl.org/policies/codingstyle.html) and compile without -warnings. Where gcc or clang is available you should use the +https://www.openssl.org/policies/codingstyle.html) and compile +without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied -platforms: try to ensure you only use portable features. -Clean builds via Travis and AppVeyor are expected, and done whenever -a PR is created or updated. +platforms: try to ensure you only use portable features. Clean builds +via Travis and AppVeyor are required, and they are started automatically +whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include -documentation. Please look at the "pod" files in doc/apps, doc/crypto -and doc/ssl for examples of our style. +documentation. Please look at the "pod" files in doc for +examples of our style. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 2876872ffe5dd53ec1c446656e924ff463e5d4bf (commit) from 69b15002913c1b85b0a9d03e11a6608fb153d6bd (commit) - Log - commit 2876872ffe5dd53ec1c446656e924ff463e5d4bf Author: Rich Salz Date: Sat Apr 7 13:09:15 2018 -0400 Updated to CONTRIBUTING to reflect GitHub, etc. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5889) --- Summary of changes: CONTRIBUTING | 51 ++- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 08c607a..7654862 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,26 +1,26 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL - +HOW TO CONTRIBUTE TO OpenSSL + (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. -1. Anything other than trivial contributions will require a contributor -licensing agreement, giving us permission to use your code. See -https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + +1. Anything other than a trivial contribution requires a Contributor +License Agreement (CLA), giving us permission to use your code. See +https://www.openssl.org/policies/cla.html for details. If your +contribution is too small to require a CLA, put "CLA: trivial" on a +line by itself in your commit message body. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -34,21 +34,22 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase -often. We do not accept merge commits; You will be asked to remove -them before a patch is considered acceptable. +often. We do not accept merge commits, you will have to remove them +(usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see -https://www.openssl.org/policies/codingstyle.html) and compile without -warnings. Where gcc or clang is available you should use the +https://www.openssl.org/policies/codingstyle.html) and compile +without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied -platforms: try to ensure you only use portable features. -Clean builds via Travis and AppVeyor are expected, and done whenever -a PR is created or updated. +platforms: try to ensure you only use portable features. Clean builds +via Travis and AppVeyor are required, and they are started automatically +whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include -documentation. Please look at the "pod" files in doc/man[1357] -for examples of our style. +documentation. Please look at the "pod" files in doc/man[1357] for +examples of our style. Run "make doc-nits" to make sure that your +documentation changes are clean. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 69b15002913c1b85b0a9d03e11a6608fb153d6bd (commit)
from e65c959f1fd5469ba96fceb68ce8b7c8d52edb39 (commit)
- Log -
commit 69b15002913c1b85b0a9d03e11a6608fb153d6bd
Author: Kaoru Toda
Date: Fri Apr 6 08:42:31 2018 -0400
Duplicate code refactored
add_attribute_object and add_DN_object have similar code, so move
it into a common function build_data.
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/4566)
---
Summary of changes:
apps/req.c | 106 +
1 file changed, 43 insertions(+), 63 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index ac14fdb..4ab636e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -63,6 +63,11 @@ static int add_DN_object(X509_NAME *n, char *text, const
char *def,
char *value, int nid, int n_min, int n_max,
unsigned long chtype, int mval);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int build_data(char *text, const char *def,
+ char *value, int n_min, int n_max,
+ char *buf, const int buf_size,
+ const char *desc1, const char *desc2
+ );
static int req_check_len(int len, int n_min, int n_max);
static int check_end(const char *str, const char *end);
static int join(char buf[], size_t buf_size, const char *name,
@@ -1202,58 +1207,19 @@ static int add_DN_object(X509_NAME *n, char *text,
const char *def,
char *value, int nid, int n_min, int n_max,
unsigned long chtype, int mval)
{
-int i, ret = 0;
+int ret = 0;
char buf[1024];
- start:
-if (!batch)
-BIO_printf(bio_err, "%s [%s]:", text, def);
-(void)BIO_flush(bio_err);
-if (value != NULL) {
-if (!join(buf, sizeof(buf), value, "\n", "DN value"))
-return 0;
-BIO_printf(bio_err, "%s\n", value);
-} else {
-buf[0] = '\0';
-if (!batch) {
-if (!fgets(buf, sizeof(buf), stdin))
-return 0;
-} else {
-buf[0] = '\n';
-buf[1] = '\0';
-}
-}
-if (buf[0] == '\0')
-return 0;
-if (buf[0] == '\n') {
-if ((def == NULL) || (def[0] == '\0'))
-return 1;
-if (!join(buf, sizeof(buf), def, "\n", "DN default"))
-return 0;
-} else if ((buf[0] == '.') && (buf[1] == '\n')) {
-return 1;
-}
-
-i = strlen(buf);
-if (buf[i - 1] != '\n') {
-BIO_printf(bio_err, "weird input :-(\n");
-return 0;
-}
-buf[--i] = '\0';
-#ifdef CHARSET_EBCDIC
-ebcdic2ascii(buf, buf, i);
-#endif
-if (!req_check_len(i, n_min, n_max)) {
-if (batch || value)
-return 0;
-goto start;
-}
+ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+ "DN value", "DN default");
+if ((ret == 0) || (ret == 1))
+return ret;
+ret = 1;
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
(unsigned char *)buf, -1, -1, mval))
-goto err;
-ret = 1;
- err:
+ret = 0;
+
return ret;
}
@@ -1261,21 +1227,45 @@ static int add_attribute_object(X509_REQ *req, char
*text, const char *def,
char *value, int nid, int n_min,
int n_max, unsigned long chtype)
{
-int i;
-static char buf[1024];
+int ret = 0;
+char buf[1024];
+
+ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+ "Attribute value", "Attribute default");
+if ((ret == 0) || (ret == 1))
+return ret;
+ret = 1;
+
+if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+ (unsigned char *)buf, -1)) {
+BIO_printf(bio_err, "Error adding attribute\n");
+ERR_print_errors(bio_err);
+ret = 0;
+}
+
+return ret;
+}
+
+static int build_data(char *text, const char *def,
+ char *value, int n_min, int n_max,
+ char *buf, const int buf_size,
+ const char *desc1, const char *desc2
+ )
+{
+int i;
start:
if (!batch)
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
-if (!join(buf, sizeof(buf), value, "\n", &qu
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 4bf4b86518297b47af9b160f063e09832c406b51 (commit) from 6ad8253306f96e1a749d020ddbb131c71aa1edf8 (commit) - Log - commit 4bf4b86518297b47af9b160f063e09832c406b51 Author: Neel Goyal Date: Fri Apr 6 08:32:35 2018 -0400 Set biom->type in BIO_METH_new Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5812) --- Summary of changes: crypto/bio/bio_meth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 1e785d3..d1f3815 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -43,6 +43,7 @@ BIO_METHOD *BIO_meth_new(int type, const char *name) BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE); return NULL; } +biom->type = type; return biom; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via bbf27cd58337116c57a1c942153330ff83d5540a (commit)
from 7de2b9c4afd90359e47d81a5fa70bcb8506fbf91 (commit)
- Log -
commit bbf27cd58337116c57a1c942153330ff83d5540a
Author: Rich Salz
Date: Thu Apr 5 22:55:28 2018 -0400
Fix bugs in X509_NAME_ENTRY_set
The wrong "set" field was incremented in the wrong place and would
create a new RDN, not a multi-valued RDN.
RDN inserts would happen after not before.
Prepending an entry to an RDN incorrectly created a new RDN
Anything which built up an X509_NAME could get a messed-up structure,
which would then be "wrong" for anyone using that name.
Thanks to Ingo Schwarze for extensive debugging and the initial
fix (documented in GitHub issue #5870).
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/5882)
---
Summary of changes:
crypto/x509/x509name.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index bde5db4..8b08cae 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -193,7 +193,7 @@ int X509_NAME_add_entry(X509_NAME *name, const
X509_NAME_ENTRY *ne, int loc,
loc = n;
else if (loc < 0)
loc = n;
-
+inc = (set == 0);
name->modified = 1;
if (set == -1) {
@@ -202,7 +202,6 @@ int X509_NAME_add_entry(X509_NAME *name, const
X509_NAME_ENTRY *ne, int loc,
inc = 1;
} else {
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
-inc = 0;
}
} else {/* if (set >= 0) */
@@ -213,12 +212,11 @@ int X509_NAME_add_entry(X509_NAME *name, const
X509_NAME_ENTRY *ne, int loc,
set = 0;
} else
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
-inc = (set == 0) ? 1 : 0;
}
/*
* X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily
- * const'ified; harmless cast as dup() don't modify its input.
+ * const'ified; harmless cast since dup() don't modify its input.
*/
if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
goto err;
@@ -230,7 +228,7 @@ int X509_NAME_add_entry(X509_NAME *name, const
X509_NAME_ENTRY *ne, int loc,
if (inc) {
n = sk_X509_NAME_ENTRY_num(sk);
for (i = loc + 1; i < n; i++)
-sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
+sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
}
return 1;
err:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 7de2b9c4afd90359e47d81a5fa70bcb8506fbf91 (commit)
from 77579510aa40aa769ceafc7a0c856381800e79c2 (commit)
- Log -
commit 7de2b9c4afd90359e47d81a5fa70bcb8506fbf91
Author: Rich Salz
Date: Thu Apr 5 15:13:55 2018 -0400
Set error code if alloc returns NULL
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/5886)
---
Summary of changes:
crypto/cmac/cmac.c | 6 --
crypto/cpt_err.c | 10 ++
crypto/err/openssl.txt | 8 +++-
crypto/hmac/hm_pmeth.c | 6 --
crypto/modes/ocb128.c| 11 +++
crypto/poly1305/poly1305_pmeth.c | 6 --
crypto/siphash/siphash_pmeth.c | 6 --
crypto/threads_none.c| 7 +--
crypto/threads_pthread.c | 14 ++
crypto/threads_win.c | 7 +--
include/openssl/conferr.h| 2 +-
include/openssl/cryptoerr.h | 6 ++
12 files changed, 67 insertions(+), 22 deletions(-)
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 46e3cb7..0c59659 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -12,6 +12,7 @@
#include
#include "internal/cryptlib.h"
#include
+#include
struct CMAC_CTX_st {
/* Cipher context to use */
@@ -46,9 +47,10 @@ CMAC_CTX *CMAC_CTX_new(void)
{
CMAC_CTX *ctx;
-ctx = OPENSSL_malloc(sizeof(*ctx));
-if (ctx == NULL)
+if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+}
ctx->cctx = EVP_CIPHER_CTX_new();
if (ctx->cctx == NULL) {
OPENSSL_free(ctx);
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 43426ec..da1004d 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -14,6 +14,7 @@
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA CRYPTO_str_functs[] = {
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0),
"CRYPTO_dup_ex_data"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0),
@@ -23,6 +24,10 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0),
"CRYPTO_new_ex_data"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0),
+ "CRYPTO_ocb128_copy_ctx"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0),
+ "CRYPTO_ocb128_init"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0),
"CRYPTO_set_ex_data"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"},
@@ -35,6 +40,11 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
"OPENSSL_hexstr2buf"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
"OPENSSL_init_crypto"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
+ "pkey_poly1305_init"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
+ "pkey_siphash_init"},
{0, NULL}
};
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d1cc039..b238cd7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -335,13 +335,16 @@ CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio
CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp
CONF_F_NCONF_NEW:111:NCONF_new
CONF_F_PROCESS_INCLUDE:116:process_include
-CONF_F_SSL_MODULE_INIT:122:ssl_module_init
+CONF_F_SSL_MODULE_INIT:123:ssl_module_init
CONF_F_STR_COPY:101:str_copy
+CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new
CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data
CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data
CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index
CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup
CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data
+CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx
+CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init
CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data
CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set
CRYPTO_F_GET_AND_LOCK:113:get_and_lock
@@ -350,6 +353,9 @@ CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr
CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen
CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf
CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
+CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
+CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init
+CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init
CT_F_CTLOG_NEW:117:CTLOG_new
CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64
CT_F_C
[openssl-commits] [openssl] master update
The branch master has been updated
via cdb10bae3f773401e039c55965eb177a6f3fc160 (commit)
from 29f484d00d732ea4c19a7fd3dc0440045653e79e (commit)
- Log -
commit cdb10bae3f773401e039c55965eb177a6f3fc160
Author: Rich Salz
Date: Tue Apr 3 11:31:16 2018 -0400
Set error code on alloc failures
Almost all *alloc failures now set an error code.
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/5842)
---
Summary of changes:
crypto/asn1/a_object.c | 5 ++--
crypto/asn1/a_strex.c| 5 ++--
crypto/asn1/a_strnid.c | 5 ++--
crypto/asn1/asn1_err.c | 14 +++
crypto/asn1/asn_moid.c | 5 ++--
crypto/asn1/bio_asn1.c | 5 ++--
crypto/asn1/bio_ndef.c | 10 +---
crypto/asn1/tasn_enc.c | 6 +++--
crypto/asn1/tasn_new.c | 5 ++--
crypto/asn1/tasn_utl.c | 5 ++--
crypto/asn1/x_int64.c| 10 +---
crypto/async/async_err.c | 4 ++-
crypto/async/async_wait.c| 5 ++--
crypto/bio/b_addr.c | 5 ++--
crypto/bio/b_print.c | 5 ++--
crypto/bio/bf_lbuf.c | 6 +++--
crypto/bio/bio_err.c | 4 +++
crypto/bio/bss_dgram.c | 5 ++--
crypto/bn/bn_ctx.c | 14 ---
crypto/bn/bn_err.c | 4 ++-
crypto/cms/cms_enc.c | 5 ++--
crypto/cms/cms_err.c | 5 +++-
crypto/cms/cms_pwri.c| 5 ++--
crypto/conf/conf_err.c | 1 +
crypto/conf/conf_mod.c | 5 ++--
crypto/cpt_err.c | 4 ++-
crypto/dh/dh_err.c | 3 ++-
crypto/dh/dh_pmeth.c | 5 ++--
crypto/ec/ec_err.c | 5
crypto/ec/ec_key.c | 6 +++--
crypto/ec/ec_lib.c | 5 ++--
crypto/ec/ec_oct.c | 6 +++--
crypto/ec/ec_pmeth.c | 10 +---
crypto/ec/ec_print.c | 6 +++--
crypto/engine/eng_err.c | 5 +++-
crypto/engine/eng_lib.c | 8 --
crypto/engine/eng_openssl.c | 5 ++--
crypto/err/err.c | 10 +---
crypto/err/openssl.txt | 59
crypto/evp/bio_b64.c | 5 ++--
crypto/evp/bio_enc.c | 5 ++--
crypto/evp/bio_ok.c | 5 ++--
crypto/evp/e_aes.c | 20 +--
crypto/evp/e_aria.c | 10 +---
crypto/evp/evp_err.c | 6 +
crypto/init.c| 5 ++--
crypto/kdf/hkdf.c| 5 ++--
crypto/kdf/kdf_err.c | 3 +++
crypto/kdf/tls1_prf.c| 10 +---
crypto/o_fopen.c | 5 ++--
crypto/objects/obj_err.c | 3 ++-
crypto/objects/obj_xref.c| 6 +++--
crypto/pem/pem_err.c | 3 ++-
crypto/pem/pvkfmt.c | 5 ++--
crypto/rsa/rsa_err.c | 5 +++-
crypto/rsa/rsa_mp.c | 6 +++--
crypto/rsa/rsa_pmeth.c | 5 ++--
crypto/srp/srp_vfy.c | 8 --
crypto/stack/stack.c | 5 ++--
crypto/ui/ui_err.c | 3 ++-
crypto/ui/ui_lib.c | 5 ++--
include/openssl/asn1err.h| 12 +
include/openssl/asyncerr.h | 1 +
include/openssl/bioerr.h | 4 +++
include/openssl/bnerr.h | 2 ++
include/openssl/cmserr.h | 2 ++
include/openssl/conferr.h| 1 +
include/openssl/cryptoerr.h | 2 ++
include/openssl/dherr.h | 1 +
include/openssl/ecerr.h | 5
include/openssl/engineerr.h | 2 ++
include/openssl/evperr.h | 6 +
include/openssl/kdferr.h | 3 +++
include/openssl/objectserr.h | 1 +
include/openssl/pemerr.h | 1 +
include/openssl/rsaerr.h | 2 ++
include/openssl/sslerr.h | 12 +
include/openssl/uierr.h | 1 +
ssl/packet.c | 11 ++---
ssl/pqueue.c | 10 +---
ssl/ssl_ciph.c | 5 ++--
ssl/ssl_err.c| 19 ++
ssl/ssl_lib.c| 6 +++--
ssl/statem/statem_dtls.c | 10 +---
ssl/t1_lib.c | 26 +++
85 files changed, 420 insertions(+), 143 deletions(-)
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index b5e90a5..2d3877b 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -180,9 +180,10 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
return BIO_write(bp, "NULL", 4);
i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) {
-p = OPENSSL_malloc(i + 1);
-if (p == NULL)
+if ((p = OPENSSL_malloc(i + 1)) == NULL) {
+ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return -1;
+}
i2t_ASN1_OBJECT(p, i + 1, a);
}
if (i <= 0) {
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index b91266b..7539553 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@
[openssl-commits] [openssl] master update
The branch master has been updated via 1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 (commit) from d53df3d08f354a650912c3409a84bea225cf1cc5 (commit) - Log - commit 1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 Author: Alexandre Perrin Date: Mon Apr 2 07:15:31 2018 -0400 Documentation typo fix in EVP_EncryptInit.pod Remove duplicate declaration of `EVP_CIPHER_key_length` in the synopsis. CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5792) --- Summary of changes: doc/man3/EVP_EncryptInit.pod | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 030b010..2e3a45a 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -99,7 +99,6 @@ EVP_enc_null int EVP_CIPHER_nid(const EVP_CIPHER *e); int EVP_CIPHER_block_size(const EVP_CIPHER *e); - int EVP_CIPHER_key_length(const EVP_CIPHER *e) int EVP_CIPHER_key_length(const EVP_CIPHER *e); int EVP_CIPHER_iv_length(const EVP_CIPHER *e); unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d53df3d08f354a650912c3409a84bea225cf1cc5 (commit) from 0e34f37fb1b7474c86ac9a170dfda5226351ecc9 (commit) - Log - commit d53df3d08f354a650912c3409a84bea225cf1cc5 Author: Illya Gerasymchuk Date: Mon Apr 2 07:13:19 2018 -0400 fix typo in x509 documentation Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5829) --- Summary of changes: doc/man1/x509.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod index c375b3b..6e4d288 100644 --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -429,7 +429,7 @@ the CA certificate file. Sets the CA serial number file to use. When the B<-CA> option is used to sign a certificate it uses a serial -number specified in a file. This file consist of one line containing +number specified in a file. This file consists of one line containing an even number of hex digits with the serial number to use. After each use the serial number is incremented and written out to the file again. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 094925de1ecfcfb8019b21994c45f3dc00ab4e2c (commit) from 5585c8495e4c0175450b4ddc75b38eb76f929d34 (commit) - Log - commit 094925de1ecfcfb8019b21994c45f3dc00ab4e2c Author: Daniel Bevenius Date: Sat Mar 31 18:29:12 2018 -0400 Fix minor typo in comment in Configure Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5825) --- Summary of changes: Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index b06f17f..d1ea061 100755 --- a/Configure +++ b/Configure @@ -423,7 +423,7 @@ my %deprecated_disablables = ( "ui" => "ui-console", ); -# All of the following is disabled by default (RC5 was enabled before 0.9.8): +# All of the following are disabled by default: our %disabled = ( # "what" => "comment" "asan" => "default", _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 6714cb1462c4980330e4cc4f65d7c10bc36b369d (commit)
from a73d990e2b6b1a406b1c85837a176bf7525d3914 (commit)
- Log -
commit 6714cb1462c4980330e4cc4f65d7c10bc36b369d
Author: Rich Salz
Date: Fri Mar 30 12:40:08 2018 -0400
Remove some code
This commit removes the contribution of a user that we cannot
trace to gain their consent for the licence change.
I also cleaned up the return/error-return flow a bit.
Reviewed-by: Matt Caswell
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/5811)
---
Summary of changes:
crypto/pem/pem_lib.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 26b4bc8..8300992 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -610,6 +610,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char
*header,
unsigned char *buf = NULL;
EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int reason = ERR_R_BUF_LIB;
+int retval = 0;
if (ctx == NULL) {
reason = ERR_R_MALLOC_FAILURE;
@@ -654,14 +655,14 @@ int PEM_write_bio(BIO *bp, const char *name, const char
*header,
(BIO_write(bp, name, nlen) != nlen) ||
(BIO_write(bp, "-\n", 6) != 6))
goto err;
-OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
-EVP_ENCODE_CTX_free(ctx);
-return i + outl;
+retval = i + outl;
+
err:
-OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+if (retval == 0)
+PEMerr(PEM_F_PEM_WRITE_BIO, reason);
EVP_ENCODE_CTX_free(ctx);
-PEMerr(PEM_F_PEM_WRITE_BIO, reason);
-return 0;
+OPENSSL_free(buf);
+return retval;
}
#ifndef OPENSSL_NO_STDIO
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via c6d38183d6754b0a7b90527d085a500680e7d2ea (commit)
from 92565101ca7bc1587ff1d87f9efa8aa1cfbe62f7 (commit)
- Log -
commit c6d38183d6754b0a7b90527d085a500680e7d2ea
Author: Rich Salz
Date: Wed Mar 28 15:34:16 2018 -0400
Rewrite the X509->alert mapping code
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/5780)
---
Summary of changes:
ssl/ssl_locl.h | 2 +-
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 124 ++-
ssl/statem/statem_srvr.c | 2 +-
4 files changed, 62 insertions(+), 68 deletions(-)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1c3ee35..a9ef6c3 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2262,7 +2262,7 @@ __owur int ssl_get_server_cert_serverinfo(SSL *s,
size_t *serverinfo_length);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-__owur int ssl_verify_alarm_type(long type);
+__owur int ssl_x509err2alert(int type);
void ssl_sort_cipher_list(void);
int ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 29db4bc..91b986f 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1898,7 +1898,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s,
PACKET *pkt)
* set. The *documented* interface remains the same.
*/
if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
-SSLfatal(s, ssl_verify_alarm_type(s->verify_result),
+SSLfatal(s, ssl_x509err2alert(s->verify_result),
SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_CERTIFICATE_VERIFY_FAILED);
goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 190050c..44c9c2c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -19,6 +19,14 @@
#include
#include
+/*
+ * Map error codes to TLS/SSL alart types.
+ */
+typedef struct x509err2alert_st {
+int x509err;
+int alert;
+} X509ERR2ALERT;
+
/* Fixed value used in the ServerHello random field to identify an HRR */
const unsigned char hrrrandom[] = {
0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02,
@@ -1277,73 +1285,59 @@ int tls_get_message_body(SSL *s, size_t *len)
return 1;
}
-int ssl_verify_alarm_type(long type)
+static const X509ERR2ALERT x509table[] = {
+{X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
+{X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+{X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED},
+{X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+{X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+{X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+{X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE},
+{X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_UNABLE_TO_GET_ISSUER_
[openssl-commits] [openssl] master update
The branch master has been updated
via e6e9170d6e28038768895e1af18e3aad8093bf4b (commit)
from 98c03302fb7b855647aa14022f61f5fb272e514a (commit)
- Log -
commit e6e9170d6e28038768895e1af18e3aad8093bf4b
Author: Rich Salz
Date: Tue Mar 27 16:25:08 2018 -0400
Allow NULL for some _free routines.
Based on the description in https://github.com/openssl/openssl/pull/5757,
this re-implements the "allow NULL to be passed" behavior of a number of
xxx_free routines. I also fixed up some egregious formatting errors
that were nearby.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/5761)
---
Summary of changes:
crypto/bio/bss_acpt.c | 2 ++
crypto/bio/bss_conn.c | 2 ++
crypto/bn/bn_blind.c | 2 ++
crypto/bn/bn_ctx.c | 2 ++
crypto/bn/bn_mont.c| 14 --
crypto/bn/bn_recp.c| 6 --
crypto/buffer/buffer.c | 2 ++
crypto/comp/comp_lib.c | 2 ++
crypto/err/err.c | 29 +++--
crypto/txt_db/txt_db.c | 2 ++
crypto/x509/x509_lu.c | 2 ++
ssl/s3_lib.c | 2 +-
ssl/ssl_cert.c | 2 ++
ssl/ssl_lib.c | 2 ++
ssl/ssl_sess.c | 2 ++
15 files changed, 50 insertions(+), 23 deletions(-)
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 0171c49..64cc452 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -101,6 +101,8 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void)
static void BIO_ACCEPT_free(BIO_ACCEPT *a)
{
+if (a == NULL)
+return;
OPENSSL_free(a->param_addr);
OPENSSL_free(a->param_serv);
BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 0fad02f..cc245ab 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -232,6 +232,8 @@ BIO_CONNECT *BIO_CONNECT_new(void)
void BIO_CONNECT_free(BIO_CONNECT *a)
{
+if (a == NULL)
+return;
OPENSSL_free(a->param_hostname);
OPENSSL_free(a->param_service);
BIO_ADDRINFO_free(a->addr_first);
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 8bd6156..985d3ef 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -80,6 +80,8 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM
*Ai, BIGNUM *mod)
void BN_BLINDING_free(BN_BLINDING *r)
{
+if (r == NULL)
+return;
BN_free(r->A);
BN_free(r->Ai);
BN_free(r->e);
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 7202aef..68c0468 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -156,6 +156,8 @@ BN_CTX *BN_CTX_secure_new(void)
void BN_CTX_free(BN_CTX *ctx)
{
+if (ctx == NULL)
+return;
#ifdef BN_CTX_DEBUG
{
BN_POOL_ITEM *pool = ctx->pool.head;
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index bae7d23..c882891 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -208,18 +208,20 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
{
ctx->ri = 0;
-bn_init(&(ctx->RR));
-bn_init(&(ctx->N));
-bn_init(&(ctx->Ni));
+bn_init(&ctx->RR);
+bn_init(&ctx->N);
+bn_init(&ctx->Ni);
ctx->n0[0] = ctx->n0[1] = 0;
ctx->flags = 0;
}
void BN_MONT_CTX_free(BN_MONT_CTX *mont)
{
-BN_clear_free(&(mont->RR));
-BN_clear_free(&(mont->N));
-BN_clear_free(&(mont->Ni));
+if (mont == NULL)
+return;
+BN_clear_free(&mont->RR);
+BN_clear_free(&mont->N);
+BN_clear_free(&mont->Ni);
if (mont->flags & BN_FLG_MALLOCED)
OPENSSL_free(mont);
}
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 923a9b3..8eb500b 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -32,8 +32,10 @@ BN_RECP_CTX *BN_RECP_CTX_new(void)
void BN_RECP_CTX_free(BN_RECP_CTX *recp)
{
-BN_free(&(recp->N));
-BN_free(&(recp->Nr));
+if (recp == NULL)
+return;
+BN_free(&recp->N);
+BN_free(&recp->Nr);
if (recp->flags & BN_FLG_MALLOCED)
OPENSSL_free(recp);
}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index dfa5c23..48618a4 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -42,6 +42,8 @@ BUF_MEM *BUF_MEM_new(void)
void BUF_MEM_free(BUF_MEM *a)
{
+if (a == NULL)
+return;
if (a->data != NULL) {
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_clear_free(a->data, a->max);
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index 5bed187..c199bb3 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -45,6 +45,8 @@ const char *COMP_get_name(const COMP_METHOD *meth)
void CO
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via b1eaed1c996da382efcbd44611a8917a68188dbf (commit) from 68f04fa1ddc71c67822796bee7abaf32a87203a8 (commit) - Log - commit b1eaed1c996da382efcbd44611a8917a68188dbf Author: Rich Salz Date: Mon Apr 24 20:24:38 2017 -0400 Fix typo in OPENSSL_LH_new compat API CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3292) (cherry picked from commit b3c42fc2503a685a9e51427c1a83c8f09487389d) --- Summary of changes: include/openssl/lhash.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 82d40c1..88d7d97 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -95,7 +95,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_lh_new +# define lh_new OPENSSL_LH_new # define lh_free OPENSSL_LH_free # define lh_insert OPENSSL_LH_insert # define lh_delete OPENSSL_LH_delete _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via ab0c22d2655c626cbc93835d9f3042be28efa64c (commit)
from 38108eb94667a35f449685fc34832b1255311b13 (commit)
- Log -
commit ab0c22d2655c626cbc93835d9f3042be28efa64c
Author: Rich Salz
Date: Mon Mar 26 15:16:51 2018 -0400
Ignore CHANGES changes
---
Summary of changes:
license/add-lastchance | 1 +
license/get-summary| 1 +
2 files changed, 2 insertions(+)
diff --git a/license/add-lastchance b/license/add-lastchance
index 5a21f03..e763b6e 100755
--- a/license/add-lastchance
+++ b/license/add-lastchance
@@ -72,6 +72,7 @@ while ( <> ) {
open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
while ( <$F> ) {
+ next if /CHANGES/;
$files++;
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
diff --git a/license/get-summary b/license/get-summary
index 46e0efd..3e0089c 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -26,6 +26,7 @@ while ( <$FH> ) {
open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
while ( <$F> ) {
+ next if /CHANGES/;
$files++;
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via 38108eb94667a35f449685fc34832b1255311b13 (commit)
from c24b4571fda7c7bfa526f91494d61f7bc94c4807 (commit)
- Log -
commit 38108eb94667a35f449685fc34832b1255311b13
Author: Rich Salz
Date: Mon Mar 26 14:32:54 2018 -0400
Add -m flag
---
Summary of changes:
license/rmcommit | 41 ++---
1 file changed, 30 insertions(+), 11 deletions(-)
diff --git a/license/rmcommit b/license/rmcommit
index f128c47..02bc769 100755
--- a/license/rmcommit
+++ b/license/rmcommit
@@ -1,9 +1,14 @@
#! /usr/bin/env python
-"""Remove commits from a user.
+"""Remove commits from the log.
+
+Flags:
+-m X Just the specified commits from the user X
+
+Arguments is a list of commit prefixes.
"""
import mysql.connector, os, re, subprocess, sys
-import string, random
+import getopt, string, random
dbconfig = {
'user': 'license',
'password': open('rwpass.txt').read().strip(),
@@ -12,22 +17,36 @@ dbconfig = {
conn = mysql.connector.connect(**dbconfig)
cursor = conn.cursor()
-# Get email identifier
-cursor.execute('SELECT uid FROM users WHERE email = %s', (sys.argv[1],))
email = None
-for c in cursor:
-email = c[0]
-if not email:
-print sys.argv[1], "not found"
+try:
+opts, args = getopt.getopt(sys.argv[1:], "hm:")
+except:
+print __doc__
raise SystemExit
+for o,a in opts:
+if o == '-h':
+print __doc__
+raise SystemExit
+elif o == '-m':
+cursor.execute('SELECT uid FROM users WHERE email = %s', (a,))
+for c in cursor:
+email = c[0]
+if not email:
+print a, "not found"
+raise SystemExit
-for cids in sys.argv[2:]:
+for cids in args:
pat = cids + '%'
cursor.execute('SELECT cid FROM commits WHERE commit LIKE %s', (pat,))
cid = None
for c in cursor:
cid = c[0]
if cid:
-cursor.execute('DELETE FROM log WHERE uid=%s AND cid LIKE %s',
-(email, cid))
+if email:
+cursor.execute('DELETE FROM log WHERE uid=%s AND cid=%s',
+(email, cid))
+else:
+cursor.execute('DELETE FROM log WHERE cid=%s', (cid,))
conn.commit()
+else:
+print "Commit", cids, "not found"
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via faec5c4a8aa3943d835bdad26800a103426b0eda (commit)
from edc79fc99e1efec04c2a0a7f652269364981e6aa (commit)
- Log -
commit faec5c4a8aa3943d835bdad26800a103426b0eda
Author: Rich Salz
Date: Mon Mar 26 14:10:57 2018 -0400
Remove QNX support
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/5756)
---
Summary of changes:
CHANGES | 4
Configurations/10-main.conf | 29 -
config | 17 -
include/internal/sockets.h | 4
util/shlib_wrap.sh.in | 2 +-
5 files changed, 5 insertions(+), 51 deletions(-)
diff --git a/CHANGES b/CHANGES
index 7b14ee9..3f6c8de 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
Changes between 1.1.0g and 1.1.1 [xx XXX ]
+ *) QNX support removed (cannot find contributors to get their approval
+ for the license change).
+ [Rich Salz]
+
*) TLSv1.3 replay protection for early data has been implemented. See the
SSL_read_early_data() man page for further details.
[Matt Caswell]
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index f27691f..0f7bdf2 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1040,35 +1040,6 @@ my %targets = (
thread_scheme=> "(unknown)",
},
-# QNX
-"qnx4" => {
-inherit_from => [ "BASE_unix" ],
-CC => "cc",
-CFLAGS => "",
-lib_cppflags => "-DL_ENDIAN -DTERMIO",
-thread_scheme=> "(unknown)",
-},
-"QNX6" => {
-inherit_from => [ "BASE_unix" ],
-CC => "gcc",
-ex_libs => add("-lsocket"),
-dso_scheme => "dlfcn",
-shared_target=> "bsd-gcc-shared",
-shared_cflag => "-fPIC",
-shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
-},
-"QNX6-i386" => {
-inherit_from => [ "BASE_unix", asm("x86_elf_asm") ],
-CC => "gcc",
-CFLAGS => "-O2 -Wall",
-lib_cppflags => "-DL_ENDIAN",
-ex_libs => add("-lsocket"),
-dso_scheme => "dlfcn",
-shared_target=> "bsd-gcc-shared",
-shared_cflag => "-fPIC",
-shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
-},
-
SCO/Caldera targets.
#
# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
diff --git a/config b/config
index 3bee007..ce99302 100755
--- a/config
+++ b/config
@@ -240,21 +240,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
esac
;;
-QNX:*)
- case "$RELEASE" in
- 4*)
- echo "${MACHINE}-whatever-qnx4"
- ;;
- 6*)
- echo "${MACHINE}-whatever-qnx6"
- ;;
- *)
- echo "${MACHINE}-whatever-qnx"
- ;;
- esac
- exit 0
- ;;
-
Paragon*:*:*:*)
echo "i860-intel-osf1"; exit 0
;;
@@ -831,8 +816,6 @@ case "$GUESSOS" in
# these are all covered by the catchall below
i[3456]86-*-cygwin) OUT="Cygwin-x86" ;;
*-*-cygwin) OUT="Cygwin-${MACHINE}" ;;
- x86pc-*-qnx6) OUT="QNX6-i386" ;;
- *-*-qnx6) OUT="QNX6" ;;
x86-*-android|i?86-*-android) OUT="android-x86" ;;
armv[7-9]*-*-android)
OUT="android-armeabi"
diff --git a/include/internal/sockets.h b/include/internal/sockets.h
index 031156b..a6026da 100644
--- a/include/internal/sockets.h
+++ b/include/internal/sockets.h
@@ -93,10 +93,6 @@ struct servent *PASCAL getservbyname(const char *, const
char *);
# include
# endif
-# ifdef __QNX__
-# include
-# endif
-
# ifndef VMS
# include
# else
diff --git a/util/shlib_wrap.sh.in b/util/shlib_wrap.sh.in
index 6c115ba..b9e3ddf 100755
--- a/util/shlib_wrap.sh.in
+++ b/util/shlib_wrap.sh.in
@@ -110,7 +110,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
# it into a script makes it possible to do so on multi-ABI
# platforms.
case "$SYSNAME" in
- *BSD|QNX) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD, QNX
+ *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD
*) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF
HP-UX
esac
_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 8390062853513e1b42cac98078db184bc6100ca7 (commit)
from b9499cf8de17d1d7efd4ad135beb74d5dec8e120 (commit)
- Log -
commit 8390062853513e1b42cac98078db184bc6100ca7
Author: Rich Salz
Date: Thu Mar 22 10:21:33 2018 -0400
Fix resource files
Add it to apps as well as libraries.
Fix the copyright year generation.
Thanks to user RTT for pointing this out.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/5704)
---
Summary of changes:
Configure | 7 +++
apps/build.info | 5 +
apps/progs.pl | 6 --
util/mkrc.pl| 19 ++-
4 files changed, 26 insertions(+), 11 deletions(-)
diff --git a/Configure b/Configure
index 0934088..ce33f48 100755
--- a/Configure
+++ b/Configure
@@ -2015,6 +2015,13 @@ EOF
$o = cleanfile($buildd, $o, $blddir);
$unified_info{sources}->{$ddest}->{$o} = 1;
$unified_info{sources}->{$o}->{$s} = 1;
+} elsif ($s =~ /\.rc$/) {
+# We also recognise resource files
+my $o = $_;
+$o =~ s/\.rc$/.res/; # Resource configuration
+my $o = cleanfile($buildd, $o, $blddir);
+$unified_info{sources}->{$ddest}->{$o} = 1;
+$unified_info{sources}->{$o}->{$s} = 1;
} else {
$unified_info{sources}->{$ddest}->{$s} = 1;
}
diff --git a/apps/build.info b/apps/build.info
index e724373..4a11a18 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -23,6 +23,11 @@ IF[{- !$disabled{apps} -}]
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=libapps.a ../libssl
+IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+ GENERATE[openssl.rc]=../util/mkrc.pl openssl
+ SOURCE[openssl]=openssl.rc
+ENDIF
+
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
diff --git a/apps/progs.pl b/apps/progs.pl
index f832467..8b9a95b 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -17,12 +17,14 @@ use configdata qw/@disablables %unified_info/;
my %commands = ();
my $cmdre= qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
my $apps_openssl = shift @ARGV;
+my $YEAR = [localtime()]->[5] + 1900;
# because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
+grep { /\.o$/ }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
@@ -36,12 +38,12 @@ foreach my $filename (@openssl_source) {
@ARGV = sort keys %commands;
-print <<'EOF';
+print <<"EOF";
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/util/mkrc.pl b/util/mkrc.pl
index b98a694..08b0af1 100755
--- a/util/mkrc.pl
+++ b/util/mkrc.pl
@@ -39,13 +39,14 @@ while () {
close(FD);
my $filename = $ARGV[0];
-$filename =~ /(.*)\.([^.]+)$/;
-my $basename = $1;
-my $extname = $2;
-
-my $description = "OpenSSL application";
-$description = "OpenSSL shared library" if $extname =~ /dll/i;
+my $description = "OpenSSL library";
+my $vft = "VFT_DLL";
+if ( $filename =~ /openssl/i ) {
+$description = "OpenSSL application";
+$vft = "VFT_APP";
+}
+my $YEAR = [localtime()]->[5] + 1900;
print <<___;
#include
@@ -61,7 +62,7 @@ LANGUAGE 0x09,0x01
FILEFLAGS 0x00L
#endif
FILEOS VOS__WINDOWS32
- FILETYPE VFT_DLL
+ FILETYPE $vft
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
@@ -72,13 +73,13 @@ BEGIN
VALUE "CompanyName", "The OpenSSL Project,
http://www.openssl.org/\\0";
VALUE "FileDescription", "$description\\0"
VALUE "FileVersion", "$version\\0"
-VALUE "InternalName", "$basename\\0"
+VALUE "InternalName", "$filename\\0"
VALUE "OriginalFilename", "$filename\\0"
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "Pr
[openssl-commits] [openssl] master update
The branch master has been updated
via 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0 (commit)
from ab0a3914a64d8f1fce22795c02269e1288df52b1 (commit)
- Log -
commit 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0
Author: FdaSilvaYY
Date: Wed Mar 21 16:01:24 2018 -0400
Unify s_client/s_server srtp profiles option handling
Add missing guards around STRP-related fields
Remove two unneeded global variables: my 2'cents to #4679
Merge definition and instantiation of srpsrvparm global.
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/4908)
---
Summary of changes:
apps/s_client.c | 5 +++--
apps/s_server.c | 11 ++-
ssl/ssl_locl.h | 4
3 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 4b7df0c..ce7366f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
#endif
-static char *srtp_profiles = NULL;
-
#ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
@@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = {
OPT_R_OPTIONS,
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_USE_SRTP, 's',
"Offer SRTP key management with a colon-separated profile list"},
+#endif
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv)
int srp_lateuser = 0;
SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
#endif
+char *srtp_profiles = NULL;
#ifndef OPENSSL_NO_CT
char *ctlog_file = NULL;
int ct_validation = 0;
diff --git a/apps/s_server.c b/apps/s_server.c
index bfa1345..9b5106d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -236,6 +236,7 @@ typedef struct srpsrvparm_st {
SRP_VBASE *vb;
SRP_user_pwd *user;
} srpsrvparm;
+static srpsrvparm srp_callback_parm;
/*
* This callback pretends to require some asynchronous logic in order to
@@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int
is_forward_secure)
return is_forward_secure;
}
-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
@@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[])
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
+char *srtp_profiles = NULL;
int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int s_server_verify = SSL_VERIFY_NONE;
int s_server_session_id_context = 1; /* anything will do */
@@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[])
alpn_in = opt_arg();
break;
case OPT_SRTP_PROFILES:
-#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
-#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a28facd..eae5788 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1019,8 +1019,10 @@ struct ssl_ctx_st {
/* Shared DANE context */
struct dane_ctx_st dane;
+# ifndef OPENSSL_NO_SRTP
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
@@ -1358,10 +1360,12 @@ struct ssl_st {
int scts_parsed;
# endif
SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 4af14b7b018750bf3584587068211948924738fb (commit)
from d316cdcf6d8d6934663278145fe0a8191e14a8c5 (commit)
- Log -
commit 4af14b7b018750bf3584587068211948924738fb
Author: Matthias Kraft
Date: Mon Mar 19 13:37:46 2018 -0400
Add dladdr() for AIX
Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.
Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.
The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.
As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.
Signed-off-by: Matthias Kraft
Reviewed-by: Richard Levitte
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5668)
---
Summary of changes:
Configurations/10-main.conf | 2 +
crypto/dso/dso_dlfcn.c | 80 ++--
crypto/init.c| 15
test/recipes/90-test_shlibload.t | 6 ++-
test/shlibloadtest.c | 49 +++-
5 files changed, 145 insertions(+), 7 deletions(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index a0a9e17..72695d5 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1212,6 +1212,7 @@ my %targets = (
perlasm_scheme => "aix32",
dso_scheme => "dlfcn",
shared_target=> "aix-shared",
+shared_cflag => "-qpic",
shared_ldflag=> "-G",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
arflags => "-X32 r",
@@ -1232,6 +1233,7 @@ my %targets = (
perlasm_scheme => "aix64",
dso_scheme => "dlfcn",
shared_target=> "aix-shared",
+shared_cflag => "-qpic",
shared_ldflag=> "-G",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
arflags => "-X64 r",
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index 26f98bf..7abfe66 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@
# endif
# include
# define HAVE_DLINFO 1
-# if defined(_AIX) || defined(__CYGWIN__) || \
+# if defined(__CYGWIN__) || \
defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
(defined(__osf__) && !defined(RTLD_NEXT)) || \
(defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
@@ -308,6 +308,73 @@ static int dladdr(void *address, Dl_info *dl)
}
# endif /* __sgi */
+# ifdef _AIX
+/*-
+ * See IBM's AIX Version 7.2, Technical Reference:
+ * Base Operating System and Extensions, Volume 1 and 2
+ *
https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm
+ */
+# include
+# include
+/* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */
+# define DLFCN_LDINFO_SIZE 86976
+typedef struct Dl_info {
+const char *dli_fname;
+} Dl_info;
+/*
+ * This dladdr()-implementation will also find the ptrgl (Pointer Glue) virtual
+ * address of a function, which is just located in the DATA segment instead of
+ * the TEXT segment.
+ */
+static int dladdr(void *addr, Dl_info *dl)
+{
+unsigned int found = 0;
+struct ld_info *ldinfos, *next_ldi, *this_ldi;
+
+if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) ==
NULL) {
+errno = ENOMEM;
+dl->dli_fname = NULL;
+return 0;
+}
+
+if ((loadquery(L_GETINFO, (void *)ldinfos, DLFCN_LDINFO_SIZE)) < 0) {
+/*-
+ * Error handling is done through errno and dlerror() reading errno:
+ * ENOMEM (ldinfos buffer is too small),
+ * EINVAL (invalid flags),
+ * EFAULT (invalid ldinfos ptr)
+ */
+OPENSSL_free((void *)ldinfos);
+dl->dli_fname = NULL;
[openssl-commits] [tools] master update
The branch master has been updated
via c4cba40bbb70057a10b858829a8d2c3289cb356d (commit)
from dd672a5f06f5ca4e516170902f1876b249445351 (commit)
- Log -
commit c4cba40bbb70057a10b858829a8d2c3289cb356d
Author: Rich Salz
Date: Mon Mar 19 13:44:32 2018 -0400
Add net changes
---
Summary of changes:
license/get-summary | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/license/get-summary b/license/get-summary
index b88627f..46e0efd 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -18,13 +18,10 @@ while ( <$FH> ) {
}
next unless /([0-da-f]{8}) .*/;
my $cid = $1;
-# Skip a big import
-next if $cid eq 'd02b48c6';
my $pattern = "$cid^..$cid";
my $files = 0;
my $adds = 0;
my $dels = 0;
-my $name = '';
$total++;
open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
@@ -33,17 +30,18 @@ while ( <$FH> ) {
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
$dels += int($2);
- $name = $3 if $name eq '';
}
$tot_files += $files;
$tot_adds += $adds;
$tot_dels += $dels;
close $F || die "Can't close git diff, $!\n";
}
+close $FH || die "Can't close, $!,";
+
printf "Authors : %4d\n", $authors;
printf "Commits : %4d\n", $total;
printf "Files: %4d (%.2f average)\n", $tot_files, $tot_files / $total;
printf "Added lines : %4d (%.2f average)\n", $tot_adds, $tot_adds / $total;
printf "Deleted lines: %4d (%.2f average)\n", $tot_dels, $tot_dels / $total;
-
-close $FH || die "Can't close, $!,";
+my $tot = $tot_adds - $tot_dels;
+printf "Net change : %4d (%.2f average)\n", $tot, $tot / $total;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 4bfb96f2ad01d71836cfccceb7b15102f0f59055 (commit)
from c2b290c3d0ff878c33b3540df530f64af23163bf (commit)
- Log -
commit 4bfb96f2ad01d71836cfccceb7b15102f0f59055
Author: Todd Short
Date: Mon Mar 19 10:50:51 2018 -0400
Place ticket keys into secure memory
Place the session ticket AES and HMAC keys into secure memory.
Reviewed-by: Richard Levitte
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2351)
---
Summary of changes:
ssl/s3_lib.c | 24
ssl/ssl_lib.c| 12
ssl/ssl_locl.h | 11 ---
ssl/statem/statem_srvr.c | 6 +++---
ssl/t1_lib.c | 6 +++---
5 files changed, 34 insertions(+), 25 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bbf49a2..6193269 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3798,8 +3798,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void
*parg)
{
unsigned char *keys = parg;
long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
-sizeof(ctx->ext.tick_hmac_key) +
-sizeof(ctx->ext.tick_aes_key));
+sizeof(ctx->ext.secure->tick_hmac_key) +
+sizeof(ctx->ext.secure->tick_aes_key));
if (keys == NULL)
return tick_keylen;
if (larg != tick_keylen) {
@@ -3809,23 +3809,23 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg,
void *parg)
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
memcpy(ctx->ext.tick_key_name, keys,
sizeof(ctx->ext.tick_key_name));
-memcpy(ctx->ext.tick_hmac_key,
+memcpy(ctx->ext.secure->tick_hmac_key,
keys + sizeof(ctx->ext.tick_key_name),
- sizeof(ctx->ext.tick_hmac_key));
-memcpy(ctx->ext.tick_aes_key,
+ sizeof(ctx->ext.secure->tick_hmac_key));
+memcpy(ctx->ext.secure->tick_aes_key,
keys + sizeof(ctx->ext.tick_key_name) +
- sizeof(ctx->ext.tick_hmac_key),
- sizeof(ctx->ext.tick_aes_key));
+ sizeof(ctx->ext.secure->tick_hmac_key),
+ sizeof(ctx->ext.secure->tick_aes_key));
} else {
memcpy(keys, ctx->ext.tick_key_name,
sizeof(ctx->ext.tick_key_name));
memcpy(keys + sizeof(ctx->ext.tick_key_name),
- ctx->ext.tick_hmac_key,
- sizeof(ctx->ext.tick_hmac_key));
+ ctx->ext.secure->tick_hmac_key,
+ sizeof(ctx->ext.secure->tick_hmac_key));
memcpy(keys + sizeof(ctx->ext.tick_key_name) +
- sizeof(ctx->ext.tick_hmac_key),
- ctx->ext.tick_aes_key,
- sizeof(ctx->ext.tick_aes_key));
+ sizeof(ctx->ext.secure->tick_hmac_key),
+ ctx->ext.secure->tick_aes_key,
+ sizeof(ctx->ext.secure->tick_aes_key));
}
return 1;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index baf8a94..062f5ce 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3035,6 +3035,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
goto err;
+if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) ==
NULL)
+goto err;
+
/* No compression for DTLS */
if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
ret->comp_methods = SSL_COMP_get_compression_methods();
@@ -3045,10 +3048,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
/* Setup RFC5077 ticket keys */
if ((RAND_bytes(ret->ext.tick_key_name,
sizeof(ret->ext.tick_key_name)) <= 0)
-|| (RAND_bytes(ret->ext.tick_hmac_key,
- sizeof(ret->ext.tick_hmac_key)) <= 0)
-|| (RAND_bytes(ret->ext.tick_aes_key,
- sizeof(ret->ext.tick_aes_key)) <= 0))
+|| (RAND_bytes(ret->ext.secure->tick_hmac_key,
+ sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+|| (RAND_bytes(ret->ext.secure->tick_aes_key,
+ sizeof(ret->ext.secure->tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
[openssl-commits] [openssl] master update
The branch master has been updated
via 69e2b8d67d980b4dea8c5f2cb17cd86455989bb7 (commit)
from 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41 (commit)
- Log -
commit 69e2b8d67d980b4dea8c5f2cb17cd86455989bb7
Author: Rich Salz
Date: Mon Mar 19 10:23:28 2018 -0400
Revise and cleanup; use strict,warnings
Use shorter names for some defines, so also had to change the .c file
that used them.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/5669)
---
Summary of changes:
crypto/conf/conf_def.c | 6 +-
crypto/conf/conf_def.h | 78 ---
crypto/conf/keysets.pl | 205 +++--
3 files changed, 131 insertions(+), 158 deletions(-)
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 752859d..05ba1c9 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -558,7 +558,7 @@ static int str_copy(CONF *conf, char *section, char **pto,
char *from)
s++;
cp = section;
e = np = s;
-while (IS_ALPHA_NUMERIC(conf, *e))
+while (IS_ALNUM(conf, *e))
e++;
if ((e[0] == ':') && (e[1] == ':')) {
cp = np;
@@ -567,7 +567,7 @@ static int str_copy(CONF *conf, char *section, char **pto,
char *from)
*rrp = '\0';
e += 2;
np = e;
-while (IS_ALPHA_NUMERIC(conf, *e))
+while (IS_ALNUM(conf, *e))
e++;
}
r = *e;
@@ -759,7 +759,7 @@ static char *eat_alpha_numeric(CONF *conf, char *p)
p = scan_esc(conf, p);
continue;
}
-if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
+if (!IS_ALNUM_PUNCT(conf, *p))
return p;
p++;
}
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index ad8894c..f0734ec 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -9,54 +9,42 @@
* https://www.openssl.org/source/license.html
*/
-#define CONF_NUMBER 1
-#define CONF_UPPER 2
-#define CONF_LOWER 4
-#define CONF_UNDER 256
-#define CONF_PUNCTUATION512
-#define CONF_WS 16
-#define CONF_ESC32
-#define CONF_QUOTE 64
-#define CONF_DQUOTE 1024
-#define CONF_COMMENT128
-#define CONF_FCOMMENT 2048
-#define CONF_EOF8
-#define CONF_HIGHBIT4096
-#define CONF_ALPHA (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-CONF_PUNCTUATION)
+#define CONF_NUMBER 1
+#define CONF_UPPER2
+#define CONF_LOWER4
+#define CONF_UNDER256
+#define CONF_PUNCT512
+#define CONF_WS 16
+#define CONF_ESC 32
+#define CONF_QUOTE64
+#define CONF_DQUOTE 1024
+#define CONF_COMMENT 128
+#define CONF_FCOMMENT 2048
+#define CONF_EOF 8
+#define CONF_HIGHBIT 4096
+#define CONF_ALPHA(CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
-#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-
(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data))
-#else /* CHARSET_EBCDIC */
+#ifndef CHARSET_EBCDIC
+# define CVT(a) ((a) & 0xFF)
+#else
+# define CVT(a) os_toascci[(a) & 0FF]
+#endif
-# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a &
0xff]]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)(KEYTYPES(c)[os_toascii[a &
[openssl-commits] [openssl] master update
The branch master has been updated
via 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41 (commit)
from 440bce8f813fa661437ce52378c3df38e2fd073b (commit)
- Log -
commit 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41
Author: Tomas Mraz
Date: Mon Mar 19 10:01:39 2018 -0400
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hudson
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/4848)
---
Summary of changes:
doc/man3/SSL_read_early_data.pod | 2 +-
doc/man5/config.pod| 16 +++
ssl/ssl_lib.c | 2 +
ssl/ssl_locl.h | 3 ++
ssl/ssl_mcnf.c | 25 ---
test/build.info| 7 ++-
.../{90-test_tls13ccs.t => 90-test_sysdefault.t} | 9 ++--
test/sysdefault.cnf| 15 +++
test/sysdefaulttest.c | 50 ++
9 files changed, 117 insertions(+), 12 deletions(-)
copy test/recipes/{90-test_tls13ccs.t => 90-test_sysdefault.t} (72%)
create mode 100644 test/sysdefault.cnf
create mode 100644 test/sysdefaulttest.c
diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod
index 1b14a73..cdfebc8 100644
--- a/doc/man3/SSL_read_early_data.pod
+++ b/doc/man3/SSL_read_early_data.pod
@@ -180,7 +180,7 @@ server application will either use both of
SSL_read_early_data() and
SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them,
since there is no practical benefit from using only one of them. If the maximum
early data setting for a server is non-zero then replay protection is
-automatically enabled (see L below).
+automatically enabled (see L below).
In the event that the current maximum early data setting for the server is
different to that originally specified in a session that a client is resuming
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 485ec08..7885d6a 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -247,6 +247,22 @@ For example:
ECDSA.Certificate = server-ecdsa.pem
Ciphers = ALL:!RC4
+The system default configuration with name B if present will
+be applied during any creation of the B structure.
+
+Example of a configuration with the system default:
+
+ ssl_conf = ssl_sect
+
+ [ssl_sect]
+
+ system_default = system_default_sect
+
+ [system_default_sect]
+
+ MinProtocol = TLSv1.2
+
+
=head1 NOTES
If a configuration file attempts to expand a variable that doesn't exist
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e423331..baf8a94 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3112,6 +3112,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
*/
ret->max_early_data = 0;
+ssl_ctx_system_config(ret);
+
return ret;
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 83a0334..9d4e0f1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2587,6 +2587,9 @@ void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void);
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
# else /* OPENSSL_UNIT_TEST */
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c
index 59674f3..70c7ed8 100644
--- a/ssl/ssl_mcnf.c
+++ b/ssl/ssl_mcnf.c
@@ -125,6 +125,7 @@ static const struct ssl_conf_name *ssl_name_find(const char
*name)
{
size_t i;
const struct ssl_conf_name *nm;
+
if (name == NULL)
return NULL;
for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
@@ -134,7 +135,7 @@ static const struct ssl_conf_name *ssl_name_find(const char
*name)
return NULL;
}
-static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
{
SSL_CONF_CTX *cctx = NULL;
size_t i;
@@ -143,21 +144,28 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char
*name)
const SSL_METHOD *meth;
const struct ssl_conf_name *nm;
struct ssl_conf_cmd *cmd;
+
if (s == NULL && ctx == NULL) {
SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
+
+if (name == NULL && system)
+name = "system_default";
nm = ssl_name_find(name);
if (nm == NULL) {
-SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
-ERR_add_error_data(2, "name=", name);
+if (!system) {
+SSLe
[openssl-commits] [openssl] master update
The branch master has been updated
via f297e4ecc3e5bd9f460ffc99f38680e34d6d4d2f (commit)
from 23be743286c0f0a160de33365ef34af39427eac9 (commit)
- Log -
commit f297e4ecc3e5bd9f460ffc99f38680e34d6d4d2f
Author: Rich Salz
Date: Thu Mar 15 10:51:17 2018 -0400
Add code to run test, get malloc counts
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/4528)
---
Summary of changes:
test/sslapitest.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 2c122be..8e91151 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -17,6 +17,7 @@
#include "ssltestlib.h"
#include "testutil.h"
+#include "testutil/output.h"
#include "internal/nelem.h"
#include "../ssl/ssl_locl.h"
@@ -3638,6 +3639,22 @@ int setup_tests(void)
|| !TEST_ptr(privkey = test_get_argument(1)))
return 0;
+if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+TEST_error("not supported in this build");
+return 0;
+#else
+int i, mcount, rcount, fcount;
+
+for (i = 0; i < 4; i++)
+test_export_key_mat(i);
+CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
+test_printf_stdout("malloc %d realloc %d free %d\n",
+mcount, rcount, fcount);
+return 1;
+#endif
+}
+
ADD_TEST(test_large_message_tls);
ADD_TEST(test_large_message_tls_read_ahead);
#ifndef OPENSSL_NO_DTLS
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via e45b4dd292d8cd2a9f71c88784b72d831b3b6212 (commit)
from 6ac11bdffb02eda132973c9740b4a45a3242 (commit)
- Log -
commit e45b4dd292d8cd2a9f71c88784b72d831b3b6212
Author: gmile
Date: Sun Mar 11 20:52:13 2018 -0400
Add OIDs for DSTU-4145
Original source:
https://github.com/dstucrypt/openssl-dstu/commit/2c5fc4c92b8244c5026f4f871eb9497f9c28d5af
Full list of OIDs is available on related enactment page
at http://zakon2.rada.gov.ua/laws/show/z0423-17
CLA: trivial
Reviewed-by: Tim Hudson
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5216)
---
Summary of changes:
crypto/objects/obj_dat.h | 110 ++---
crypto/objects/obj_mac.num | 20 +
crypto/objects/objects.txt | 30 +
fuzz/oids.txt | 20 +
include/openssl/obj_mac.h | 98
5 files changed, 273 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index c62f4ea..8aa6b8b 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
-static const unsigned char so[7368] = {
+static const unsigned char so[7595] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,/* [6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1035,9 +1035,29 @@ static const unsigned char so[7368] = {
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7341]
OBJ_id_tc26_gost_3410_2012_256_constants */
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7349]
OBJ_id_tc26_gost_3410_2012_256_paramSetA */
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7358]
OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+0x2A,0x86,0x24,/* [ 7367] OBJ_ISO_UA */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,/* [ 7370] OBJ_ua_pki */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01, /* [ 7377]
OBJ_dstu28147 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7387]
OBJ_dstu28147_ofb */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03, /* [ 7398]
OBJ_dstu28147_cfb */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05, /* [ 7409]
OBJ_dstu28147_wrap */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7420]
OBJ_hmacWithDstu34311 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01, /* [ 7430]
OBJ_dstu34311 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01, /* [ 7440]
OBJ_dstu4145le */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01, /* [
7451] OBJ_dstu4145be */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00, /* [
7464] OBJ_uacurve0 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01, /* [
7477] OBJ_uacurve1 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02, /* [
7490] OBJ_uacurve2 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03, /* [
7503] OBJ_uacurve3 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04, /* [
7516] OBJ_uacurve4 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05, /* [
7529] OBJ_uacurve5 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06, /* [
7542] OBJ_uacurve6 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07, /* [
7555] OBJ_uacurve7 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08, /* [
7568] OBJ_uacurve8 */
+0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09, /* [
7581] OBJ_uacurve9 */
};
-#define NUM_NID 1150
+#define NUM_NID 1170
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2189,9 +2209,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"id-tc26-gost-3410-2012-256-constants",
"id-tc26-gost-3410-2012-256-constants",
NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7341]},
{"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit)
ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7349]},
{"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit)
ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7358]},
+{"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7367]},
+{"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7370]},
+{"dstu2
[openssl-commits] [openssl] master update
The branch master has been updated via 3266cf582a8e1b0bd04600658f64e2c9a79cf903 (commit) from 78a50c7524e86137e4db3d57d1a06eb573b26054 (commit) - Log - commit 3266cf582a8e1b0bd04600658f64e2c9a79cf903 Author: Alex Gaynor Date: Sat Mar 10 13:13:23 2018 -0500 Fixed a handful of typos Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5583) --- Summary of changes: doc/man3/EVP_md5.pod | 2 +- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OSSL_STORE_SEARCH.pod | 4 ++-- doc/man3/OSSL_STORE_open.pod | 4 ++-- doc/man3/SSL_CTX_set_tlsext_use_srtp.pod | 2 +- doc/man3/UI_STRING.pod | 4 ++-- doc/man3/d2i_X509.pod| 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod index 1048c0f..30e72a2 100644 --- a/doc/man3/EVP_md5.pod +++ b/doc/man3/EVP_md5.pod @@ -16,7 +16,7 @@ EVP_md5 MD5 is a cryptographic hash function standardized in RFC 1321 and designed by Ronald Rivest. -The CMU Software Engieneering Institute considers MD5 unsuitable for further +The CMU Software Engineering Institute considers MD5 unsuitable for further use since its security has been severely compromised. =over 4 diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index e6e520e..87c135a 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -162,7 +162,7 @@ It is otherwise expected to return 0. =item B This function takes a B pointer and is expected to -return 1 to indicate that an error occured in a previous call to the +return 1 to indicate that an error occurred in a previous call to the B function. It is otherwise expected to return 0. diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod index 411664d..6d36a19 100644 --- a/doc/man3/OSSL_STORE_SEARCH.pod +++ b/doc/man3/OSSL_STORE_SEARCH.pod @@ -45,7 +45,7 @@ OSSL_STORE_SEARCH_get0_digest =head1 DESCRIPTION -These functions are use to specify search criteria to help search for specific +These functions are used to specify search criteria to help search for specific objects through other names than just the URI that's given to OSSL_STORE_open(). For example, this can be useful for an application that has received a URI and then wants to add on search criteria in a uniform and supported manner. @@ -122,7 +122,7 @@ accordingly. A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() and the actual fingerprint and its length can be retrieved with OSSL_STORE_SEARCH_get0_bytes(). -The digest can be retreived with OSSL_STORE_SEARCH_get0_digest(). +The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest(). =item OSSL_STORE_SEARCH_BY_ALIAS diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 3a05a88..92b2493 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -86,7 +86,7 @@ object and return it wrapped with B. OSSL_STORE_eof() takes a B and checks if we've reached the end of data. -OSSL_STORE_error() takes a B and checks if an error occured in +OSSL_STORE_error() takes a B and checks if an error occurred in the last OSSL_STORE_load() call. Note that it may still be meaningful to try and load more objects, unless OSSL_STORE_eof() shows that the end of data has been reached. @@ -125,7 +125,7 @@ returned B. OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0. -OSSL_STORE_error() returns 1 if an error occured in a OSSL_STORE_load() call, +OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, otherwise 0. OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure. diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod index 2746d50..2bc3a43 100644 --- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod +++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod @@ -75,7 +75,7 @@ SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP protection profile was negotiated. The memory returned from this function should not be freed by the caller. -If an SRTP protection profile has been sucessfully negotiated then the SRTP +If an SRTP protection profile has been successfully negotiated then the SRTP keying material (on both the client and server) should be obtained via a call to L. This call should provide a label value of "EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total diff --git a/doc/man3/UI_STRING.pod b/doc/man3/UI_STRING.pod index 5a464a3..09a7d0b 100644 --- a/doc/man3/UI_STRING.pod +++ b/doc/man3/UI_STRING.pod @@ -120,11 +120,11 @@ UI_get0_test_string() r
[openssl-commits] [openssl] master update
The branch master has been updated
via 0244234d5d64b96d251fc86371bccbca6cfc52b5 (commit)
from d47eaaf41f67b0c3521a53aed6b4c4458417f791 (commit)
- Log -
commit 0244234d5d64b96d251fc86371bccbca6cfc52b5
Author: Steven Noonan
Date: Fri Mar 9 07:15:20 2018 -0500
speed: add ecdhx448 to ecdh choices
CLA: trivial
Signed-off-by: Steven Noonan
Reviewed-by: Matt Caswell
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5551)
---
Summary of changes:
apps/speed.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index c59f266..66271fd 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -118,7 +118,7 @@
#define RSA_NUM 7
#define DSA_NUM 3
-#define EC_NUM 17
+#define EC_NUM 18
#define MAX_ECDH_SIZE 256
#define MISALIGN64
@@ -533,6 +533,7 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_B40914
#define R_EC_B57115
#define R_EC_X25519 16
+#define R_EC_X44817
#ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = {
{"ecdsap160", R_EC_P160},
@@ -572,6 +573,7 @@ static OPT_PAIR ecdh_choices[] = {
{"ecdhb409", R_EC_B409},
{"ecdhb571", R_EC_B571},
{"ecdhx25519", R_EC_X25519},
+{"ecdhx448", R_EC_X448},
{NULL}
};
#endif
@@ -1377,7 +1379,7 @@ int speed_main(int argc, char **argv)
NID_sect233r1, NID_sect283r1, NID_sect409r1,
NID_sect571r1,
/* Other */
-NID_X25519
+NID_X25519, NID_X448
};
static const char *test_curves_names[EC_NUM] = {
/* Prime Curves */
@@ -1389,7 +1391,7 @@ int speed_main(int argc, char **argv)
"nistb233", "nistb283", "nistb409",
"nistb571",
/* Other */
-"X25519"
+"X25519", "X448"
};
static const int test_curves_bits[EC_NUM] = {
160, 192, 224,
@@ -1397,7 +1399,7 @@ int speed_main(int argc, char **argv)
163, 233, 283,
409, 571, 163,
233, 283, 409,
-571, 253/* X25519 */
+571, 253, 448
};
int ecdsa_doit[EC_NUM] = { 0 };
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d47eaaf41f67b0c3521a53aed6b4c4458417f791 (commit) from e440f51395f10e307f720213bd75393e446024a3 (commit) - Log - commit d47eaaf41f67b0c3521a53aed6b4c4458417f791 Author: Alex Gaynor Date: Fri Mar 9 07:11:13 2018 -0500 Fixed a spelling mistake in ASN1_TIME_set.pod Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5569) --- Summary of changes: doc/man3/ASN1_TIME_set.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index d45cfe6..4ae640b 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -155,7 +155,7 @@ in the B and B parameters instead of directly manipulating a time_t value. ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to ASN1_UTCTIME, -or vise-versa, based on the resulting year. The ASN1_GENERALIZEDTIME_adj() and +or vice versa, based on the resulting year. The ASN1_GENERALIZEDTIME_adj() and ASN1_UTCTIME_adj() functions will not modify the type of the return structure. It is recommended that functions starting with ASN1_TIME be used instead of _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via d420729b9e709b7a6fc227a073f526d86d8767e6 (commit)
from 082193ef2b25cf16ec51af9dc9f0ee890beb38b9 (commit)
- Log -
commit d420729b9e709b7a6fc227a073f526d86d8767e6
Author: FdaSilvaYY
Date: Thu Mar 8 10:32:34 2018 -0500
Duplicate entries ssl_handshake_tbl trace entries...
... and add some missing known values.
Sort ssl/tls extension array list
Reviewed-by: Matt Caswell
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5304)
---
Summary of changes:
apps/s_cb.c| 4 ++--
include/openssl/ssl3.h | 2 ++
ssl/t1_trce.c | 30 +-
3 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index ae15f55..412442d 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -536,9 +536,9 @@ static STRINT_PAIR handshakes[] = {
{", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
{", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
{", Finished", SSL3_MT_FINISHED},
-{", CertificateUrl", 21},
+{", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
{", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
-{", SupplementalData", 23},
+{", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
{", KeyUpdate", SSL3_MT_KEY_UPDATE},
#ifndef OPENSSL_NO_NEXTPROTONEG
{", NextProto", SSL3_MT_NEXT_PROTO},
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 7518f68..6d0ed11 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -299,7 +299,9 @@ extern "C" {
# define SSL3_MT_CERTIFICATE_VERIFY 15
# define SSL3_MT_CLIENT_KEY_EXCHANGE 16
# define SSL3_MT_FINISHED20
+# define SSL3_MT_CERTIFICATE_URL 21
# define SSL3_MT_CERTIFICATE_STATUS 22
+# define SSL3_MT_SUPPLEMENTAL_DATA 23
# define SSL3_MT_KEY_UPDATE 24
# ifndef OPENSSL_NO_NEXTPROTONEG
# define SSL3_MT_NEXT_PROTO 67
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index ba52258..601ab02 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -79,7 +79,7 @@ static const ssl_trace_tbl ssl_content_tbl[] = {
{SSL3_RT_APPLICATION_DATA, "ApplicationData"},
};
-/* Handshake types */
+/* Handshake types, sorted by ascending id */
static const ssl_trace_tbl ssl_handshake_tbl[] = {
{SSL3_MT_HELLO_REQUEST, "HelloRequest"},
{SSL3_MT_CLIENT_HELLO, "ClientHello"},
@@ -94,10 +94,10 @@ static const ssl_trace_tbl ssl_handshake_tbl[] = {
{SSL3_MT_SERVER_DONE, "ServerHelloDone"},
{SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
{SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
-{SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
-{SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
{SSL3_MT_FINISHED, "Finished"},
+{SSL3_MT_CERTIFICATE_URL, "CertificateUrl"},
{SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+{SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"},
{SSL3_MT_KEY_UPDATE, "KeyUpdate"},
# ifndef OPENSSL_NO_NEXTPROTONEG
{SSL3_MT_NEXT_PROTO, "NextProto"},
@@ -449,7 +449,7 @@ static const ssl_trace_tbl ssl_comp_tbl[] = {
{0x0001, "Zlib Compression"}
};
-/* Extensions */
+/* Extensions sorted by ascending id */
static const ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_server_name, "server_name"},
{TLSEXT_TYPE_max_fragment_length, "max_fragment_length"},
@@ -461,28 +461,32 @@ static const ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_client_authz, "client_authz"},
{TLSEXT_TYPE_server_authz, "server_authz"},
{TLSEXT_TYPE_cert_type, "cert_type"},
-{TLSEXT_TYPE_key_share, "key_share"},
-{TLSEXT_TYPE_psk, "psk"},
-{TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
{TLSEXT_TYPE_supported_groups, "supported_groups"},
{TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
{TLSEXT_TYPE_use_srtp, "use_srtp"},
-{TLSEXT_TYPE_session_ticket, "session_ticket"},
-{TLSEXT_TYPE_supported_versions, "supported_versions"},
-{TLSEXT_TYPE_renegotiate, "renegotiate"},
-# ifndef OPENSSL_NO_NEXTPROTONEG
-{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
-# endif
+{TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
{TLSEXT_TYPE_application_layer_prot
[openssl-commits] [openssl] master update
The branch master has been updated
via 082193ef2b25cf16ec51af9dc9f0ee890beb38b9 (commit)
from 83918ad6fddf33acc43aadcc40f08be22ff39482 (commit)
- Log -
commit 082193ef2b25cf16ec51af9dc9f0ee890beb38b9
Author: Bryan Donlan
Date: Wed Mar 7 16:01:06 2018 -0500
Fix issues in ia32 RDRAND asm leading to reduced entropy
This patch fixes two issues in the ia32 RDRAND assembly code that result in
a
(possibly significant) loss of entropy.
The first, less significant, issue is that, by returning success as 0 from
OPENSSL_ia32_rdrand() and OPENSSL_ia32_rdseed(), a subtle bias was
introduced.
Specifically, because the assembly routine copied the remaining number of
retries over the result when RDRAND/RDSEED returned 'successful but zero', a
bias towards values 1-8 (primarily 8) was introduced.
The second, more worrying issue was that, due to a mixup in registers, when
a
buffer that was not size 0 or 1 mod 8 was passed to
OPENSSL_ia32_rdrand_bytes
or OPENSSL_ia32_rdseed_bytes, the last (n mod 8) bytes were all the same
value.
This issue impacts only the 64-bit variant of the assembly.
This change fixes both issues by first eliminating the only use of
OPENSSL_ia32_rdrand, replacing it with OPENSSL_ia32_rdrand_bytes, and fixes
the
register mixup in OPENSSL_ia32_rdrand_bytes. It also adds a sanity test for
OPENSSL_ia32_rdrand_bytes and OPENSSL_ia32_rdseed_bytes to help catch
problems
of this nature in the future.
Reviewed-by: Andy Polyakov
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5342)
---
Summary of changes:
crypto/engine/eng_rdrand.c | 23 +---
crypto/x86_64cpuid.pl | 20 +---
crypto/x86cpuid.pl | 15 +--
test/build.info| 7 +-
test/rdrand_sanitytest.c | 125 +
...3-test_internal_curve448.t => 06-test-rdrand.t} | 17 +--
6 files changed, 151 insertions(+), 56 deletions(-)
create mode 100644 test/rdrand_sanitytest.c
copy test/recipes/{03-test_internal_curve448.t => 06-test-rdrand.t} (60%)
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
index 7be64e3..261e5de 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,28 +20,15 @@
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
-size_t OPENSSL_ia32_rdrand(void);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
static int get_random_bytes(unsigned char *buf, int num)
{
-size_t rnd;
-
-while (num >= (int)sizeof(size_t)) {
-if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-return 0;
-
-*((size_t *)buf) = rnd;
-buf += sizeof(size_t);
-num -= sizeof(size_t);
-}
-if (num) {
-if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-return 0;
-
-memcpy(buf, &rnd, num);
+if (num < 0) {
+return 0;
}
-return 1;
+return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
}
static int random_status(void)
diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
index 0a88c7a..513d005 100644
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -434,21 +434,6 @@ ___
sub gen_random {
my $rdop = shift;
print<<___;
-.globl OPENSSL_ia32_${rdop}
-.type OPENSSL_ia32_${rdop},\@abi-omnipotent
-.align 16
-OPENSSL_ia32_${rdop}:
- mov \$8,%ecx
-.Loop_${rdop}:
- ${rdop} %rax
- jc .Lbreak_${rdop}
- loop.Loop_${rdop}
-.Lbreak_${rdop}:
- cmp \$0,%rax
- cmove %rcx,%rax
- ret
-.size OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop}
-
.globl OPENSSL_ia32_${rdop}_bytes
.type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
.align 16
@@ -482,11 +467,12 @@ OPENSSL_ia32_${rdop}_bytes:
mov %r10b,($arg1)
lea 1($arg1),$arg1
inc %rax
- shr \$8,%r8
+ shr \$8,%r10
dec
[openssl-commits] [openssl] master update
The branch master has been updated via 5ff554cfd2c2b20f9f8c4b0f4c2a61c4e35379f1 (commit) from 3b5e5172007d5eb30cec4269a0f763c9632afd06 (commit) - Log - commit 5ff554cfd2c2b20f9f8c4b0f4c2a61c4e35379f1 Author: Alex Gaynor Date: Wed Mar 7 14:01:05 2018 -0500 Corrected two typos in a man page Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5542) --- Summary of changes: doc/man3/ADMISSIONS.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod index c38ad04..5dcf72e 100644 --- a/doc/man3/ADMISSIONS.pod +++ b/doc/man3/ADMISSIONS.pod @@ -99,10 +99,10 @@ The B, B, B, and B types are opaque structures representing the analogous types defined in the Common PKI Specification published by L<https://www.t7ev.org>. -Knowledge of those strutures and their semantics is assumed. +Knowledge of those structures and their semantics is assumed. The conventional routines to convert between DER and the local format -are desribed in L. +are described in L. The conventional routines to allocate and free the types are defined in L. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 3b5e5172007d5eb30cec4269a0f763c9632afd06 (commit)
from d8b67b9d0f711622523c36dbdd1ae3ab01d474f6 (commit)
- Log -
commit 3b5e5172007d5eb30cec4269a0f763c9632afd06
Author: Sergey Zhuravlev
Date: Wed Mar 7 12:58:38 2018 -0500
Add GOST OIDs for Edwards parameter sets
Add OIDs for parameter sets of Edwards elliptic curves.
CLA: trivial
Reviewed-by: Bernd Edlinger
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5380)
---
Summary of changes:
crypto/objects/obj_dat.h | 25 -
crypto/objects/obj_mac.num | 3 +++
crypto/objects/objects.txt | 3 +++
fuzz/oids.txt | 3 +++
include/openssl/obj_mac.h | 14 ++
5 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 61b12bf..c62f4ea 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
-static const unsigned char so[7342] = {
+static const unsigned char so[7368] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,/* [6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1032,9 +1032,12 @@ static const unsigned char so[7342] = {
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78, /* [ 7315]
OBJ_sm3WithRSAEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F, /* [ 7323]
OBJ_sha512_224WithRSAEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10, /* [ 7332]
OBJ_sha512_256WithRSAEncryption */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7341]
OBJ_id_tc26_gost_3410_2012_256_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7349]
OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7358]
OBJ_id_tc26_gost_3410_2012_512_paramSetC */
};
-#define NUM_NID 1147
+#define NUM_NID 1150
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2183,9 +2186,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8,
&so[7315]},
{"RSA-SHA512/224", "sha512-224WithRSAEncryption",
NID_sha512_224WithRSAEncryption, 9, &so[7323]},
{"RSA-SHA512/256", "sha512-256WithRSAEncryption",
NID_sha512_256WithRSAEncryption, 9, &so[7332]},
+{"id-tc26-gost-3410-2012-256-constants",
"id-tc26-gost-3410-2012-256-constants",
NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7341]},
+{"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit)
ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7349]},
+{"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit)
ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7358]},
};
-#define NUM_SN 1138
+#define NUM_SN 1141
static const unsigned int sn_objs[NUM_SN] = {
364,/* "AD_DVCS" */
419,/* "AES-128-CBC" */
@@ -2940,9 +2946,12 @@ static const unsigned int sn_objs[NUM_SN] = {
1000,/* "id-tc26-digest-constants" */
1002,/* "id-tc26-gost-28147-constants" */
1003,/* "id-tc26-gost-28147-param-Z" */
+1147,/* "id-tc26-gost-3410-2012-256-constants" */
+1148,/* "id-tc26-gost-3410-2012-256-paramSetA" */
996,/* "id-tc26-gost-3410-2012-512-constants" */
998,/* "id-tc26-gost-3410-2012-512-paramSetA" */
999,/* "id-tc26-gost-3410-2012-512-paramSetB" */
+1149,/* "id-tc26-gost-3410-2012-512-paramSetC" */
997,/* "id-tc26-gost-3410-2012-512-paramSetTest" */
988,/* "id-tc26-hmac-gost-3411-2012-256" */
989,/* "id-tc26-hmac-gost-3411-2012-512" */
@@ -3327,7 +3336,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093,/* "x509ExtAdmission" */
};
-#define NUM_LN 1138
+#define NUM_LN 1141
static const unsigned int ln_objs[NUM_LN] = {
363,/* "AD Time Stamping" */
405,/* "ANSI X9.62" */
@@ -3366,8 +3375,10 @@ static const unsigned int ln_objs[NUM_LN] = {
850,/* "GOST 34.10-94 Cryptocom" */
811,/* "GOST R 34.10-2001" */
817,/* "GOST R 34.10-2001 DH" */
+1148,/* "GOST R 34.10-2012 (256 bit) ParamSet A&q
[openssl-commits] [tools] master update
The branch master has been updated
via dd672a5f06f5ca4e516170902f1876b249445351 (commit)
from 78f6c4c25ac5a0264903aefa00dfd5ab71da9fff (commit)
- Log -
commit dd672a5f06f5ca4e516170902f1876b249445351
Author: Rich Salz
Date: Tue Mar 6 14:34:26 2018 -0500
Formatting
---
Summary of changes:
license/get-summary | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/license/get-summary b/license/get-summary
index b1b51df..b88627f 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -10,7 +10,12 @@ my $total = 0;
my $tot_adds = 0;
my $tot_files = 0;
my $tot_dels = 0;
+my $authors = 0;
while ( <$FH> ) {
+if ( /https:/ ) {
+ $authors++;
+ next;
+}
next unless /([0-da-f]{8}) .*/;
my $cid = $1;
# Skip a big import
@@ -35,9 +40,10 @@ while ( <$FH> ) {
$tot_dels += $dels;
close $F || die "Can't close git diff, $!\n";
}
-print "Commits : $total\n";
-print "Files: $tot_files avg ", $tot_files / $total, "\n";
-print "Added lines : $tot_adds avg ", $tot_adds / $total, "\n";
-print "Deleted lines: $tot_dels avg ", $tot_dels / $total, "\n";
+printf "Authors : %4d\n", $authors;
+printf "Commits : %4d\n", $total;
+printf "Files: %4d (%.2f average)\n", $tot_files, $tot_files / $total;
+printf "Added lines : %4d (%.2f average)\n", $tot_adds, $tot_adds / $total;
+printf "Deleted lines: %4d (%.2f average)\n", $tot_dels, $tot_dels / $total;
close $FH || die "Can't close, $!,";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 4044ebfe2481c240cb37cfcb0e6176fe79394db4 (commit)
from 9d927ddf1c74c293db4ada85e925b9620adb1436 (commit)
- Log -
commit 4044ebfe2481c240cb37cfcb0e6176fe79394db4
Author: knekritz
Date: Tue Mar 6 13:21:49 2018 -0500
Avoid unconditional store in CRYPTO_malloc.
Reviewed-by: Richard Levitte
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5372)
(cherry picked from commit 41aede863b76202347c2d5e2c2666428084f9203)
---
Summary of changes:
crypto/mem.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/crypto/mem.c b/crypto/mem.c
index bc35132..7ec7a80 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -78,7 +78,14 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
if (num == 0)
return NULL;
-allow_customize = 0;
+if (allow_customize) {
+/*
+ * Disallow customization after the first allocation. We only set this
+ * if necessary to avoid a store to the same cache line on every
+ * allocation.
+ */
+allow_customize = 0;
+}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
@@ -117,7 +124,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char
*file, int line)
return NULL;
}
-allow_customize = 0;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
void *ret;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 41aede863b76202347c2d5e2c2666428084f9203 (commit)
from ce3dcdc9fe11e4d262f00633a139b2ee1d2ff8a0 (commit)
- Log -
commit 41aede863b76202347c2d5e2c2666428084f9203
Author: knekritz
Date: Tue Mar 6 13:21:49 2018 -0500
Avoid unconditional store in CRYPTO_malloc.
Reviewed-by: Richard Levitte
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/5372)
---
Summary of changes:
crypto/mem.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/crypto/mem.c b/crypto/mem.c
index b3f7a1f..3364467 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -201,7 +201,14 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
return NULL;
FAILTEST();
-allow_customize = 0;
+if (allow_customize) {
+/*
+ * Disallow customization after the first allocation. We only set this
+ * if necessary to avoid a store to the same cache line on every
+ * allocation.
+ */
+allow_customize = 0;
+}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
@@ -243,7 +250,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char
*file, int line)
return NULL;
}
-allow_customize = 0;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
void *ret;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce3dcdc9fe11e4d262f00633a139b2ee1d2ff8a0 (commit) from fce1b86f61e183d3b73a51d2077ec2719291b756 (commit) - Log - commit ce3dcdc9fe11e4d262f00633a139b2ee1d2ff8a0 Author: Alex Gaynor Date: Tue Mar 6 13:07:33 2018 -0500 Fix a typo in the s_client man page Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5525) --- Summary of changes: doc/man1/s_client.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 6e47140..f101b33 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -145,7 +145,7 @@ Print out a usage message. This specifies the host and optional port to connect to. It is possible to select the host and port using the optional target positional argument instead. -If neither this nor the target positonal argument are specified then an attempt +If neither this nor the target positional argument are specified then an attempt is made to connect to the local host on port 4433. =item B<-bind host:port>] @@ -499,7 +499,7 @@ For example strings, see L =item B<-curves curvelist> Specifies the list of supported curves to be sent by the client. The curve is -is ultimately selected by the server. For a list of all curves, use: +ultimately selected by the server. For a list of all curves, use: $ openssl ecparam -list_curves _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated
via 78f6c4c25ac5a0264903aefa00dfd5ab71da9fff (commit)
from b884ccda58cf9e72c56f76d5aeac1663860d8c0b (commit)
- Log -
commit 78f6c4c25ac5a0264903aefa00dfd5ab71da9fff
Author: Rich Salz
Date: Tue Mar 6 11:58:48 2018 -0500
Add summary script
---
Summary of changes:
license/get-summary | 43 +++
1 file changed, 43 insertions(+)
create mode 100755 license/get-summary
diff --git a/license/get-summary b/license/get-summary
new file mode 100755
index 000..b1b51df
--- /dev/null
+++ b/license/get-summary
@@ -0,0 +1,43 @@
+#! /usr/bin/env perl
+# Annotate the output of "get-followups -d" to show the summary
+# of all outstanding commits.
+use strict;
+use warnings;
+
+open my $FH, "./get-followups -d|" || die "Can't pipe, $!,";
+
+my $total = 0;
+my $tot_adds = 0;
+my $tot_files = 0;
+my $tot_dels = 0;
+while ( <$FH> ) {
+next unless /([0-da-f]{8}) .*/;
+my $cid = $1;
+# Skip a big import
+next if $cid eq 'd02b48c6';
+my $pattern = "$cid^..$cid";
+my $files = 0;
+my $adds = 0;
+my $dels = 0;
+my $name = '';
+$total++;
+open my $F, "git diff --numstat $pattern|"
+ || die "Can't open git diff, $!\n";
+while ( <$F> ) {
+ $files++;
+ next unless /(\d+)\s+(\d+)\s+(.*)/;
+ $adds += int($1);
+ $dels += int($2);
+ $name = $3 if $name eq '';
+}
+$tot_files += $files;
+$tot_adds += $adds;
+$tot_dels += $dels;
+close $F || die "Can't close git diff, $!\n";
+}
+print "Commits : $total\n";
+print "Files: $tot_files avg ", $tot_files / $total, "\n";
+print "Added lines : $tot_adds avg ", $tot_adds / $total, "\n";
+print "Deleted lines: $tot_dels avg ", $tot_dels / $total, "\n";
+
+close $FH || die "Can't close, $!,";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 24c346086d9e1ad5aef1afac8145b32638f3d17c (commit) from 3e8fcd3d1f9343707e1c4f9e8d5deb32bfac6538 (commit) - Log - commit 24c346086d9e1ad5aef1afac8145b32638f3d17c Author: Alex Gaynor Date: Sun Mar 4 18:57:24 2018 -0500 Fixed a typo in a man page Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5508) --- Summary of changes: doc/man1/openssl.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index bda9ecf..9b951f5 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -208,7 +208,7 @@ Generate pseudo-random bytes. =item L|rehash(1)> -Create symbolic links to certficate and CRL files named by the hash values. +Create symbolic links to certificate and CRL files named by the hash values. =item L|req(1)> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 726cd62662616b3db1cf535df9a7797eb3ff7489 (commit) from da25dc2985a93ffade1f3467b496eb53577a1f8c (commit) - Log - commit 726cd62662616b3db1cf535df9a7797eb3ff7489 Author: Rich Salz Date: Sun Mar 4 18:54:42 2018 -0500 Fix credit for SRP code Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5504) --- Summary of changes: CHANGES | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 83ec14e..f2bc2b3 100644 --- a/CHANGES +++ b/CHANGES @@ -2016,8 +2016,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou , Peter Sylvester + , Tom Wu , and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via fa740328d67ee39f6db647e28ea5034e427ad83e (commit) from e9e28ddc4ed3d047d397424735373a572efd5e60 (commit) - Log - commit fa740328d67ee39f6db647e28ea5034e427ad83e Author: Rich Salz Date: Sun Mar 4 18:53:45 2018 -0500 Fix credit for SRP code Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5504) --- Summary of changes: CHANGES | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8840bd6..3eb1cc3 100644 --- a/CHANGES +++ b/CHANGES @@ -3035,8 +3035,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou , Peter Sylvester + , Tom Wu , and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
