via 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (commit)
from 374fd385c2347b965c3490aa1c10025e1339d265 (commit)

- Log -----------------------------------------------------------------
commit 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jul 29 23:20:56 2015 +0100

Fix write failure handling in DTLS1.2

The DTLS code is supposed to drop packets if we try to write them out but
the underlying BIO write buffers are full. ssl3_write_pending() contains
an incorrect test for DTLS that controls this. The test only checks for
DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
can later cause an assert to be hit. This commit changes the test to cover
all DTLS versions.

RT#3967

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b)

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_pkt.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 603c285..3798902 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate = SSL_NOTHING;
return (s->s3->wpend_ret);
} else if (i <= 0) {
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service

Dr. Stephen Henson

unread,

Jul 30, 2015, 9:35:33 AM7/30/15

to

The branch OpenSSL_1_0_2-stable has been updated

via d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (commit)
from 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (commit)

- Log -----------------------------------------------------------------
commit d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed Jul 29 16:16:02 2015 +0100

use X9.31 keygen by default in FIPS mode

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/rsa/rsa_gen.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 2465fbd..7f7dca3 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -69,6 +69,8 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
#endif

static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
#ifdef OPENSSL_FIPS
if (FIPS_mode())
- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb);

Rich Salz

unread,

Jul 31, 2015, 11:09:23 AM7/31/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 602af7d01da82dc6c45946572f531bcbe9ebbf47 (commit)
from d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (commit)

- Log -----------------------------------------------------------------
commit 602af7d01da82dc6c45946572f531bcbe9ebbf47
Author: Nicholas Cooper <qza2...@gmail.com>
Date: Fri Jul 31 11:08:18 2015 -0400

RT3959: Fix misleading comment

Manual cherry-pick from main branch, since the header file
moved in master.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/dh/dh.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

unread,

Aug 4, 2015, 5:56:04 AM8/4/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 5438e17de05cfd383790c63bd5770945ac1ccc7f (commit)
from 49cc3f4038d81ffdad95c9e49e72bc497f4d3954 (commit)

- Log -----------------------------------------------------------------
commit 5438e17de05cfd383790c63bd5770945ac1ccc7f
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 9 16:37:54 2015 +0100

Fix warning when compiling with no-ec2m

EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(cherry picked from commit 8d11b7c7ee84ad0aa243476088285d15b22c5470)

-----------------------------------------------------------------------

Summary of changes:
crypto/ec/ec_key.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 55ce3fe..c784b6f 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -366,7 +366,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
- int ok = 0, tmp_nid, is_char_two = 0;
+ int ok = 0;
+#ifndef OPENSSL_NO_EC2M
+ int tmp_nid, is_char_two = 0;
+#endif

if (!key || !key->group || !x || !y) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
@@ -382,14 +385,15 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
if (!point)
goto err;

+ tx = BN_CTX_get(ctx);
+ ty = BN_CTX_get(ctx);
+
+#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));

if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;

- tx = BN_CTX_get(ctx);
- ty = BN_CTX_get(ctx);
-#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))

Rich Salz

unread,

Aug 5, 2015, 10:06:51 PM8/5/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 9ea70e5b4097a1319d90fca289c2a3940e846f6b (commit)
from 5438e17de05cfd383790c63bd5770945ac1ccc7f (commit)

- Log -----------------------------------------------------------------
commit 9ea70e5b4097a1319d90fca289c2a3940e846f6b
Author: Anton Blanchard <an...@samba.org>
Date: Wed Aug 5 21:48:35 2015 -0400

RT3990: Fix #include path.

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 1125245997dac232a0c0867b6c858cda4e549c6d)

-----------------------------------------------------------------------

Summary of changes:
crypto/ppccap.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 2b7f704..74af473 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -7,7 +7,7 @@
#if defined(__linux) || defined(_AIX)
# include <sys/utsname.h>
#endif
-#include <crypto.h>
+#include <openssl/crypto.h>
#include <openssl/bn.h>

#include "ppc_arch.h"

Rich Salz

unread,

Aug 8, 2015, 6:15:05 PM8/8/15

unread,

Aug 17, 2015, 1:39:40 PM8/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 6786c70ec112ac11b31ff19bb9e52a70ba0b5220 (commit)
from 40356e4914154fdcc02bce8943348148e20c4a0f (commit)

- Log -----------------------------------------------------------------
commit 6786c70ec112ac11b31ff19bb9e52a70ba0b5220
Author: Rich Salz <rs...@openssl.org>
Date: Sun Aug 16 21:09:45 2015 -0400

GH345: Remove stderr output

Manually-cherry-picked since master varied a lot.
Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/app_rand.c | 3 ---
1 file changed, 3 deletions(-)

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 595fc78..7f40bba 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -124,10 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];

#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e, "Loading 'screen' into random state -");
- BIO_flush(bio_e);
RAND_screen();
- BIO_printf(bio_e, " done\n");
#endif

if (file == NULL)

Richard Levitte

unread,

Aug 17, 2015, 1:44:31 PM8/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via b012b497eaac76da42ef6741d50c3c17ec8ed732 (commit)
from 6786c70ec112ac11b31ff19bb9e52a70ba0b5220 (commit)

- Log -----------------------------------------------------------------
commit b012b497eaac76da42ef6741d50c3c17ec8ed732
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 17 18:10:16 2015 +0200

Add new types to indent.pro

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 3da9505dc02b0594633c73a11343f54bb5dbf536)

-----------------------------------------------------------------------

Summary of changes:
util/indent.pro | 16 ++++++++++++++++
1 file changed, 16 insertions(+)

diff --git a/util/indent.pro b/util/indent.pro
index e871431..4dcda5d 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -749,3 +749,19 @@
-T ssl_trace_tbl
-T _stdcall
-T tls12_lookup
+-T OPTIONS
+-T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER

Rich Salz

unread,

Aug 17, 2015, 2:18:52 PM8/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 40356e4914154fdcc02bce8943348148e20c4a0f (commit)
from 3d23b2c255e194ebb9dabd198d263028b475d012 (commit)

- Log -----------------------------------------------------------------
commit 40356e4914154fdcc02bce8943348148e20c4a0f
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 18:38:24 2015 -0400

Move FAQ to the web.

Best hope of keeping current.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 4f46473a86c9e3741203b22d4d401a3763583494)

-----------------------------------------------------------------------

Summary of changes:
FAQ | 1055 +------------------------------------------------------------------
1 file changed, 2 insertions(+), 1053 deletions(-)

diff --git a/FAQ b/FAQ
index 3be8310..22c5cf7 100644
--- a/FAQ
+++ b/FAQ
@@ -1,1053 +1,2 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1a was released on Apr 19th, 2012.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/related/binaries.html> .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
- pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-* What happens when the letter release reaches z?
-
-It was decided after the release of OpenSSL 0.9.8y the next version should
-be 0.9.8za then 0.9.8zb and so on.
-
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-For information on intellectual property rights, please consult a lawyer.
-The OpenSSL team does not offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
- <URL: http://www.mail-archive.com/modssl...@modssl.org/msg16980.html>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. Red Hat has chosen to disable support for IDEA, RC5 and
-MDC2 in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<opens...@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <r...@openssl.org> (or its
-alias <openss...@openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.
-
-See also <URL: http://www.openssl.org/support/rt.html>
-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-...@openssl.org if you don't get a prompt reply at least
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads). On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries. If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
-and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
-and friends. This is described in the threads(3) manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
- Single Threaded /ML - MS VC++ often defaults to
- this for the release
- version of a new project.
- Debug Single Threaded /MLd - MS VC++ often defaults to
- this for the debug version
- of a new project.
- Multithreaded /MT
- Debug Multithreaded /MTd
- Multithreaded DLL /MD - OpenSSL defaults to this.
- Debug Multithreaded DLL /MDd
-
-Note that debug and release libraries are NOT interchangeable. If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we insist on the
-default /MD] can be deployed with application compiled with different
-option or even different compiler. But there is a catch! Instead of
-re-compiling OpenSSL toolkit, as you would have to with prior versions,
-you have to compile small C snippet with compiler and/or options of
-your choice. The snippet gets installed as
-<install-root>/include/openssl/applink.c and should be either added to
-your application project or simply #include-d in one [and only one]
-of your application source files. Failure to link this shim module
-into your application manifests itself as fatal "no OPENSSL_Applink"
-run-time error. An explicit reminder is due that in this situation
-[mixing compiler options] it is as important to add CRYPTO_malloc_init
-prior first call to OpenSSL.
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
- unsigned char *buf, *p;
- int len;
-
- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
- unsigned char *p;
- p = buf;
- p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure or NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-Memory allocation and encoding can also be combined in a single
-operation by the ASN1 routines:
-
- unsigned char *buf = NULL; /* mandatory */
- int len;
- len = i2d_PKCS7(p7, &buf);
- if (len < 0)
- /* Error */
- /* Do some things with 'buf' */
- /* Finished with buf: free it */
- OPENSSL_free(buf);
-
-In this special case the "buf" parameter is *not* incremented, it points
-to the start of the encoding.
-
-
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-The cause is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
-can cause several problems such as being unable to read in an encrypted
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
-verifying certificates.
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data. One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-
-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
-versions, uniqueIdentifier was incorrectly used for X.509 certificates.
-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
-Change your code to use the new name when compiling against OpenSSL 0.9.7.
-
-
-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions. Currently these include following:
-
-Thread-local cleanup functions:
-
- ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
- ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
-* Why does Valgrind complain about the use of uninitialized data?
-
-When OpenSSL's PRNG routines are called to generate random numbers the supplied
-buffer contents are mixed into the entropy pool: so it technically does not
-matter whether the buffer is initialized at this point or not. Valgrind (and
-other test tools) will complain about this. When using Valgrind, make sure the
-OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
-to get rid of these warnings.
-
-
-* Why doesn't a memory BIO work when a file does?
-
-This can occur in several cases for example reading an S/MIME email message.
-The reason is that a memory BIO can do one of two things when all the data
-has been read from it.
-
-The default behaviour is to indicate that no more data is available and that
-the call should be retried, this is to allow the application to fill up the BIO
-again if necessary.
-
-Alternatively it can indicate that no more data is available and that EOF has
-been reached.
-
-If a memory BIO is to behave in the same way as a file this second behaviour
-is needed. This must be done by calling:
-
- BIO_set_mem_eof_return(bio, 0);
-
-See the manual pages for more details.
-
-
-* Where are the declarations and implementations of d2i_X509() etc?
-
-These are defined and implemented by macros of the form:
-
-
- DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
-
-The implementation passes an ASN1 "template" defining the structure into an
-ASN1 interpreter using generalised functions such as ASN1_item_d2i().
-
-
-===============================================================================
+The FAQ is now maintained on the web:
+ https://www.openssl.org/docs/faq.html

Rich Salz

unread,

Aug 25, 2015, 12:13:17 PM8/25/15

to

The branch OpenSSL_1_0_2-stable has been updated

via d72c446213f38da24c00bef504de29c0365ff556 (commit)
from b012b497eaac76da42ef6741d50c3c17ec8ed732 (commit)

- Log -----------------------------------------------------------------
commit d72c446213f38da24c00bef504de29c0365ff556
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 24 15:25:14 2015 -0400

GH372: Remove duplicate flags

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 32c5e0ba0f9097e9c788ed8402fcbf6646cd2c2d)

-----------------------------------------------------------------------

Summary of changes:
doc/apps/genrsa.pod | 6 ------
1 file changed, 6 deletions(-)

diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
index cb03d09..3dc9870 100644
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -10,12 +10,6 @@ B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]

Rich Salz

unread,

Aug 25, 2015, 12:15:50 PM8/25/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 8e0b56b99647872cde4c4770852e1be04a8d243b (commit)
from d72c446213f38da24c00bef504de29c0365ff556 (commit)

- Log -----------------------------------------------------------------
commit 8e0b56b99647872cde4c4770852e1be04a8d243b
Author: Markus Rinne <markus....@gmail.com>
Date: Mon Aug 24 16:20:13 2015 -0400

RT4019: Duplicate -hmac flag in dgst.pod

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

(cherry picked from commit 86de216da3ebea7f876a096e258cf4c9d219bc0a)

-----------------------------------------------------------------------

Summary of changes:
doc/apps/dgst.pod | 5 -----
1 file changed, 5 deletions(-)

diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 9e15798..b27bb94 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -13,7 +13,6 @@ B<openssl> B<dgst>
[B<-hex>]
[B<-binary>]
[B<-r>]
-[B<-hmac arg>]
[B<-non-fips-allow>]
[B<-out filename>]
[B<-sign filename>]
@@ -64,10 +63,6 @@ output the digest or signature in binary form.

output the digest in the "coreutils" format used by programs like B<sha1sum>.

-=item B<-hmac arg>
-
-set the HMAC key to "arg".
-
=item B<-non-fips-allow>

Allow use of non FIPS digest when in FIPS mode. This has no effect when not in

Matt Caswell

unread,

Aug 26, 2015, 5:32:05 AM8/26/15

to

The branch OpenSSL_1_0_2-stable has been updated

unread,

Aug 28, 2015, 11:26:15 AM8/28/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 1d7df236dcb4f7c95707110753e5e77b19b9a0aa (commit)
from a7cb67f4f2457724fbfbc39377f55c26f3aafa80 (commit)

- Log -----------------------------------------------------------------
commit 1d7df236dcb4f7c95707110753e5e77b19b9a0aa
Author: Ismo Puustinen <ismo.pu...@intel.com>
Date: Fri Aug 7 22:14:47 2015 -0400

GH367: Fix dsa keygen for too-short seed

If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit f00a10b89734e84fe80f98ad9e2e77b557c701ae)

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 449 ++++++++++++++++++++++++++++++++-
crypto/dsa/dsa_gen.c | 31 +--
doc/crypto/DSA_generate_parameters.pod | 11 +-
3 files changed, 466 insertions(+), 25 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2760606..082e15e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,454 @@

Changes between 1.0.2d and 1.0.2e [xx XXX xxxx]

- *)
+ *) In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+ [Rich Salz and Ismo Puustinen <ismo.pu...@intel.com>]
+
+ *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+ from RFC4279, RFC4785, RFC5487, RFC5489.
+
+ Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
+ original RSA_PSK patch.
+ [Steve Henson]
+
+ *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
+ era flag was never set throughout the codebase (only read). Also removed
+ SSL3_FLAGS_POP_BUFFER which was only used if
+ SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
+ [Matt Caswell]
+
+ *) Changed the default name options in the "ca", "crl", "req" and "x509"
+ to be "oneline" instead of "compat".
+ [Richard Levitte]
+
+ *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
+ not aware of clients that still exhibit this bug, and the workaround
+ hasn't been working properly for a while.
+ [Emilia Käsper]
+
+ *) The return type of BIO_number_read() and BIO_number_written() as well as
+ the corresponding num_read and num_write members in the BIO structure has
+ changed from unsigned long to uint64_t. On platforms where an unsigned
+ long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
+ transferred.
+ [Matt Caswell]
+
+ *) Given the pervasive nature of TLS extensions it is inadvisable to run
+ OpenSSL without support for them. It also means that maintaining
+ the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+ not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+ [Matt Caswell]
+
+ *) Removed support for the two export grade static DH ciphersuites
+ EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+ were newly added (along with a number of other static DH ciphersuites) to
+ 1.0.2. However the two export ones have *never* worked since they were
+ introduced. It seems strange in any case to be adding new export
+ ciphersuites, and given "logjam" it also does not seem correct to fix them.
+ [Matt Caswell]
+
+ *) Version negotiation has been rewritten. In particular SSLv23_method(),
+ SSLv23_client_method() and SSLv23_server_method() have been deprecated,
+ and turned into macros which simply call the new preferred function names
+ TLS_method(), TLS_client_method() and TLS_server_method(). All new code
+ should use the new names instead. Also as part of this change the ssl23.h
+ header file has been removed.
+ [Matt Caswell]
+
+ *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+ code and the associated standard is no longer considered fit-for-purpose.
+ [Matt Caswell]
+
+ *) RT2547 was closed. When generating a private key, try to make the
+ output file readable only by the owner. This behavior change might
+ be noticeable when interacting with other software.
+
+ *) Added HTTP GET support to the ocsp command.
+ [Rich Salz]
+
+ *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+ [Matt Caswell]
+
+ *) Added support for TLS extended master secret from
+ draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+ initial patch which was a great help during development.
+ [Steve Henson]
+
+ *) All libssl internal structures have been removed from the public header
+ files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+ now redundant). Users should not attempt to access internal structures
+ directly. Instead they should use the provided API functions.
+ [Matt Caswell]
+
+ *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
+ Access to deprecated functions can be re-enabled by running config with
+ "enable-deprecated". In addition applications wishing to use deprecated
+ functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
+ will, by default, disable some transitive includes that previously existed
+ in the header files (e.g. ec.h will no longer, by default, include bn.h)
+ [Matt Caswell]
+
+ *) Added support for OCB mode. OpenSSL has been granted a patent license
+ compatible with the OpenSSL license for use of OCB. Details are available
+ at https://www.openssl.org/docs/misc/OCB-patent-grant-OpenSSL.pdf. Support
+ for OCB can be removed by calling config with no-ocb.
+ [Matt Caswell]
+
+ *) SSLv2 support has been removed. It still supports receiving a SSLv2
+ compatible client hello.
+ [Kurt Roeckx]
+
+ *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz],
+ done while fixing the error code for the key-too-small case.
+ [Annie Yousar <a.yo...@informatik.hu-berlin.de>]
+
+ *) CA.sh has been removmed; use CA.pl instead.
+ [Rich Salz]
+
+ *) Removed old DES API.
+ [Rich Salz]
+
+ *) Remove various unsupported platforms:
+ Sony NEWS4
+ BEOS and BEOS_R5
+ NeXT
+ SUNOS
+ MPE/iX
+ Sinix/ReliantUNIX RM400
+ DGUX
+ NCR
+ Tandem
+ Cray
+ 16-bit platforms such as WIN16
+ [Rich Salz]
+
+ *) Clean up OPENSSL_NO_xxx #define's
+ Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+ Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+ OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+ OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+ OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+ Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+ OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+ OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+ OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
+ Remove MS_STATIC; it's a relic from platforms <32 bits.
+ [Rich Salz]
+
+ *) Cleaned up dead code
+ Remove all but one '#ifdef undef' which is to be looked at.
+ [Rich Salz]
+
+ *) Clean up calling of xxx_free routines.
+ Just like free(), fix most of the xxx_free routines to accept
+ NULL. Remove the non-null checks from callers. Save much code.
+ [Rich Salz]
+
+ *) Add secure heap for storage of private keys (when possible).
+ Add BIO_s_secmem(), CBIGNUM, etc.
+ Contributed by Akamai Technologies under our Corporate CLA.
+ [Rich Salz]
+
+ *) Experimental support for a new, fast, unbiased prime candidate generator,
+ bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
+ [Felix Laurie von Massenbach <fe...@erbridge.co.uk>]
+
+ *) New output format NSS in the sess_id command line tool. This allows
+ exporting the session id and the master key in NSS keylog format.
+ [Martin Kaiser <mar...@kaiser.cx>]
+
+ *) Harmonize version and its documentation. -f flag is used to display
+ compilation flags.
+ [mancha <man...@zoho.com>]
+
+ *) Fix eckey_priv_encode so it immediately returns an error upon a failure

+ in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue.

+ [mancha <man...@zoho.com>]
+
+ *) Fix some double frees. These are not thought to be exploitable.
+ [mancha <man...@zoho.com>]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+ this fixes a limitation in previous versions of OpenSSL.
+ [Steve Henson]
+
+ *) Experimental encrypt-then-mac support.
+
+ Experimental support for encrypt then mac from
+ draft-gutmann-tls-encrypt-then-mac-02.txt
+
+ To enable it set the appropriate extension number (0x42 for the test
+ server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42
+
+ For non-compliant peers (i.e. just about everything) this should have no
+ effect.
+
+ WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
+
+ [Steve Henson]
+
+ *) Add EVP support for key wrapping algorithms, to avoid problems with
+ existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+ the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+ algorithms and include tests cases.
+ [Steve Henson]
+
+ *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
+ enveloped data.
+ [Steve Henson]
+
+ *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+ MGF1 digest and OAEP label.
+ [Steve Henson]
+
+ *) Make openssl verify return errors.
+ [Chris Palmer <pal...@google.com> and Ben Laurie]
+
+ *) New function ASN1_TIME_diff to calculate the difference between two
+ ASN1_TIME structures or one structure and the current time.
+ [Steve Henson]
+
+ *) Update fips_test_suite to support multiple command line options. New
+ test to induce all self test errors in sequence and check expected
+ failures.
+ [Steve Henson]
+
+ *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
+ sign or verify all in one operation.
+ [Steve Henson]
+
+ *) Add fips_algvs: a multicall fips utility incorporating all the algorithm
+ test programs and fips_test_suite. Includes functionality to parse
+ the minimal script output of fipsalgest.pl directly.
+ [Steve Henson]
+
+ *) Add authorisation parameter to FIPS_module_mode_set().
+ [Steve Henson]
+
+ *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
+ [Steve Henson]
+
+ *) Use separate DRBG fields for internal and external flags. New function
+ FIPS_drbg_health_check() to perform on demand health checking. Add
+ generation tests to fips_test_suite with reduced health check interval to
+ demonstrate periodic health checking. Add "nodh" option to
+ fips_test_suite to skip very slow DH test.
+ [Steve Henson]
+
+ *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers
+ based on NID.
+ [Steve Henson]
+
+ *) More extensive health check for DRBG checking many more failure modes.
+ New function FIPS_selftest_drbg_all() to handle every possible DRBG
+ combination: call this in fips_test_suite.
+ [Steve Henson]
+
+ *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
+ and POST to handle Dual EC cases.
+ [Steve Henson]
+
+ *) Add support for canonical generation of DSA parameter 'g'. See
+ FIPS 186-3 A.2.3.
+
+ *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
+ POST to handle HMAC cases.
+ [Steve Henson]
+
+ *) Add functions FIPS_module_version() and FIPS_module_version_text()
+ to return numerical and string versions of the FIPS module number.
+ [Steve Henson]
+
+ *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
+ FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implemented
+ outside the validated module in the FIPS capable OpenSSL.
+ [Steve Henson]
+
+ *) Minor change to DRBG entropy callback semantics. In some cases
+ there is no multiple of the block length between min_len and
+ max_len. Allow the callback to return more than max_len bytes
+ of entropy but discard any extra: it is the callback's responsibility
+ to ensure that the extra data discarded does not impact the
+ requested amount of entropy.
+ [Steve Henson]
+
+ *) Add PRNG security strength checks to RSA, DSA and ECDSA using
+ information in FIPS186-3, SP800-57 and SP800-131A.
+ [Steve Henson]
+
+ *) CCM support via EVP. Interface is very similar to GCM case except we
+ must supply all data in one chunk (i.e. no update, final) and the
+ message length must be supplied if AAD is used. Add algorithm test
+ support.
+ [Steve Henson]
+
+ *) Initial version of POST overhaul. Add POST callback to allow the status
+ of POST to be monitored and/or failures induced. Modify fips_test_suite
+ to use callback. Always run all selftests even if one fails.
+ [Steve Henson]
+
+ *) XTS support including algorithm test driver in the fips_gcmtest program.
+ Note: this does increase the maximum key length from 32 to 64 bytes but
+ there should be no binary compatibility issues as existing applications
+ will never use XTS mode.
+ [Steve Henson]
+
+ *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+ to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+ performs algorithm blocking for unapproved PRNG types. Also do not
+ set PRNG type in FIPS_mode_set(): leave this to the application.
+ Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+ the standard OpenSSL PRNG: set additional data to a date time vector.
+ [Steve Henson]
+
+ *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+ This shouldn't present any incompatibility problems because applications
+ shouldn't be using these directly and any that are will need to rethink
+ anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+ [Steve Henson]
+
+ *) Extensive self tests and health checking required by SP800-90 DRBG.
+ Remove strength parameter from FIPS_drbg_instantiate and always
+ instantiate at maximum supported strength.
+ [Steve Henson]
+
+ *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
+ [Steve Henson]
+
+ *) New algorithm test program fips_dhvs to handle DH primitives only testing.
+ [Steve Henson]
+
+ *) New function DH_compute_key_padded() to compute a DH key and pad with
+ leading zeroes if needed: this complies with SP800-56A et al.
+ [Steve Henson]
+
+ *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
+ anything, incomplete, subject to change and largely untested at present.
+ [Steve Henson]
+
+ *) Modify fipscanisteronly build option to only build the necessary object
+ files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
+ [Steve Henson]
+
+ *) Add experimental option FIPSSYMS to give all symbols in
+ fipscanister.o and FIPS or fips prefix. This will avoid
+ conflicts with future versions of OpenSSL. Add perl script
+ util/fipsas.pl to preprocess assembly language source files
+ and rename any affected symbols.
+ [Steve Henson]
+
+ *) Add selftest checks and algorithm block of non-fips algorithms in
+ FIPS mode. Remove DES2 from selftests.
+ [Steve Henson]
+
+ *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just
+ return internal method without any ENGINE dependencies. Add new
+ tiny fips sign and verify functions.
+ [Steve Henson]
+
+ *) New build option no-ec2m to disable characteristic 2 code.
+ [Steve Henson]
+
+ *) New build option "fipscanisteronly". This only builds fipscanister.o
+ and (currently) associated fips utilities. Uses the file Makefile.fips
+ instead of Makefile.org as the prototype.
+ [Steve Henson]
+
+ *) Add some FIPS mode restrictions to GCM. Add internal IV generator.
+ Update fips_gcmtest to use IV generator.
+ [Steve Henson]
+
+ *) Initial, experimental EVP support for AES-GCM. AAD can be input by
+ setting output buffer to NULL. The *Final function must be
+ called although it will not retrieve any additional data. The tag
+ can be set or retrieved with a ctrl. The IV length is by default 12
+ bytes (96 bits) but can be set to an alternative value. If the IV
+ length exceeds the maximum IV length (currently 16 bytes) it cannot be
+ set before the key.
+ [Steve Henson]
+
+ *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+ underlying do_cipher function handles all cipher semantics itself
+ including padding and finalisation. This is useful if (for example)
+ an ENGINE cipher handles block padding itself. The behaviour of
+ do_cipher is subtly changed if this flag is set: the return value
+ is the number of characters written to the output buffer (zero is
+ no longer an error code) or a negative error code. Also if the
+ input buffer is NULL and length 0 finalisation should be performed.
+ [Steve Henson]
+
+ *) If a candidate issuer certificate is already part of the constructed
+ path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+ [Steve Henson]
+
+ *) Improve forward-security support: add functions
+
+ void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
+ void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
+
+ for use by SSL/TLS servers; the callback function will be called whenever a
+ new session is created, and gets to decide whether the session may be
+ cached to make it resumable (return 0) or not (return 1). (As by the
+ SSL/TLS protocol specifications, the session_id sent by the server will be
+ empty to indicate that the session is not resumable; also, the server will
+ not generate RFC 4507 (RFC 5077) session tickets.)
+
+ A simple reasonable callback implementation is to return is_forward_secure.
+ This parameter will be set to 1 or 0 depending on the ciphersuite selected
+ by the SSL/TLS server library, indicating whether it can provide forward
+ security.
+ [Emilia Käsper <emilia...@esat.kuleuven.be> (Google)]
+
+ *) New -verify_name option in command line utilities to set verification
+ parameters by name.
+ [Steve Henson]
+
+ *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
+ Add CMAC pkey methods.
+ [Steve Henson]
+
+ *) Experimental renegotiation in s_server -www mode. If the client
+ browses /reneg connection is renegotiated. If /renegcert it is
+ renegotiated requesting a certificate.
+ [Steve Henson]
+
+ *) Add an "external" session cache for debugging purposes to s_server. This
+ should help trace issues which normally are only apparent in deployed
+ multi-process servers.
+ [Steve Henson]
+
+ *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+ return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+ BIO_set_cipher() and some obscure PEM functions were changed so they
+ can now return an error. The RAND changes required a change to the
+ RAND_METHOD structure.
+ [Steve Henson]
+
+ *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+ a gcc attribute to warn if the result of a function is ignored. This
+ is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+ whose return value is often ignored.
+ [Steve Henson]
+>>>>>>> f00a10b... GH367: Fix dsa keygen for too-short seed

Changes between 1.0.2c and 1.0.2d [9 Jul 2015]

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 5a328aa..847c874 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -163,18 +163,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

bits = (bits + 63) / 64 * 64;

- /*
- * NB: seed_len == 0 is special case: copy generated seed to seed_in if
- * it is not NULL.
- */
- if (seed_len && (seed_len < (size_t)qsize))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > (size_t)qsize)
- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
- * SEED, but our internal buffers are
- * restricted to 160 bits */
- if (seed_in != NULL)
+ if (seed_in != NULL) {
+ if (seed_len < (size_t)qsize)
+ return 0;
+ if (seed_len > (size_t)qsize) {
+ /* Don't overflow seed local variable. */
+ seed_len = qsize;
+ }
memcpy(seed, seed_in, seed_len);
+ }

if ((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -197,20 +194,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */
- int seed_is_random;
+ int seed_is_random = seed_in == NULL;

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (!seed_len) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (seed_is_random) {
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
- seed_is_random = 1;
} else {
- seed_is_random = 0;
- seed_len = 0; /* use random seed if 'seed_in' turns out to
- * be bad */
+ /* If we come back through, use random seed next time. */
+ seed_in = NULL;
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index 16a67f2..7db1522 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,13 +23,12 @@ Deprecated:
DSA_generate_parameters_ex() generates primes p and q and a generator g
for use in the DSA and stores the result in B<dsa>.

-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
+B<bits> is the length of the prime p to be generated.
+For lengths under 2048 bits, the length of q is 160 bits; for lengths
+at least 2048, it is set to 256 bits.

-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
+If B<seed> is NULL, the primes will be generated at random.
+If B<seed_len> is less than the length of q, an error is returned.

DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

Rich Salz

unread,

Aug 28, 2015, 12:03:23 PM8/28/15

to

The branch OpenSSL_1_0_2-stable has been updated

via c8491de393639dbc4508306b7dbedb3872b74293 (commit)
from 1d7df236dcb4f7c95707110753e5e77b19b9a0aa (commit)

- Log -----------------------------------------------------------------
commit c8491de393639dbc4508306b7dbedb3872b74293
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Thu Aug 27 23:07:07 2015 -0400

GH354: Memory leak fixes

Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.

GH367 follow-up, for more clarity

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

(cherry picked from commit 36ac7bc8a9c856bcdff6eecdaca128ccc5430a1e)

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 8 ++++----
doc/crypto/DSA_generate_parameters.pod | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 847c874..f65790c 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -167,7 +167,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
if (seed_len < (size_t)qsize)
return 0;
if (seed_len > (size_t)qsize) {
- /* Don't overflow seed local variable. */
+ /* Only consume as much seed as is expected. */
seed_len = qsize;
}
memcpy(seed, seed_in, seed_len);
@@ -194,13 +194,13 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */

- int seed_is_random = seed_in == NULL;
+ int use_random_seed = (seed_in == NULL);

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (seed_is_random) {
+ if (use_random_seed) {

if (RAND_bytes(seed, qsize) <= 0)
goto err;

} else {
@@ -232,7 +232,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- seed_is_random, cb);
+ use_random_seed, cb);
if (r > 0)
break;
if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index 7db1522..116ff09 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -25,7 +25,7 @@ for use in the DSA and stores the result in B<dsa>.

B<bits> is the length of the prime p to be generated.

For lengths under 2048 bits, the length of q is 160 bits; for lengths

-at least 2048, it is set to 256 bits.
+greater than or equal to 2048 bits, the length of q is set to 256 bits.

If B<seed> is NULL, the primes will be generated at random.

If B<seed_len> is less than the length of q, an error is returned.

Rich Salz

unread,

Aug 31, 2015, 4:04:51 PM8/31/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cae70cfd46d9b266c9e4a32c8a588235663ce091 (commit)
from df1565ed9cebb6933ee7c6e762abcfefd1cd3846 (commit)

- Log -----------------------------------------------------------------
commit cae70cfd46d9b266c9e4a32c8a588235663ce091
Author: mrpre <mr...@163.com>
Date: Fri Aug 28 16:12:51 2015 +0800

check bn_new return value

Slightly modified from the original PR.
Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Richard Levitte <lev...@openssl.org>

(cherry picked from commit a7e974c7be90e2c9673e2ce6215a70f734eb8ad4)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/x_bignum.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
index a5a403c..eaf0466 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -141,8 +141,9 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
BIGNUM *bn;
- if (!*pval)
- bn_new(pval, it);
+
+ if (*pval == NULL && !bn_new(pval, it))
+ return 0;
bn = (BIGNUM *)*pval;
if (!BN_bin2bn(cont, len, bn)) {
bn_free(pval, it);

Richard Levitte

unread,

Aug 31, 2015, 7:20:14 PM8/31/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 542591740667b17642ad300c357b5d8045c8ccda (commit)
from cae70cfd46d9b266c9e4a32c8a588235663ce091 (commit)

- Log -----------------------------------------------------------------
commit 542591740667b17642ad300c357b5d8045c8ccda
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 31 21:45:56 2015 +0200

Ignore .dir-locals.el

Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit d7c02691a5e6f2716759eacb6f48c39f15ee57c8)

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 1 +
1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index bb3feab..36c3a37 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
.#*
#*#
*~
+/.dir-locals.el

# Top level excludes
/Makefile.bak

Emilia Kasper

unread,

Sep 1, 2015, 2:08:58 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 59793f5c1e0138928d9e5fc24c743d8e38d450e1 (commit)
via 5f623eb61655688501cb1817a7ad0592299d894a (commit)
from 542591740667b17642ad300c357b5d8045c8ccda (commit)

- Log -----------------------------------------------------------------
commit 59793f5c1e0138928d9e5fc24c743d8e38d450e1
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 14:56:58 2015 +0200

RT4002: check for NULL cipher in p12_crpt.c

The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 394f7b6fcc38132b8ccff0a3253b9dd15640cfc0)

commit 5f623eb61655688501cb1817a7ad0592299d894a
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 13:19:15 2015 +0200

RT 3493: fix RSA test

- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 25d6b3401ca40c9a2cbe5080449c1c2a37037777)

-----------------------------------------------------------------------

Summary of changes:
crypto/pkcs12/p12_crpt.c | 3 +++
crypto/rsa/rsa_test.c | 32 ++++++++++++++++++++------------
2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 3a166e6..9c2dcab 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -77,6 +77,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
const unsigned char *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

+ if (cipher == NULL)
+ return 0;
+
/* Extract useful info from parameter */
if (param == NULL || param->type != V_ASN1_SEQUENCE ||
param->value.sequence == NULL) {
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
index e971295..85c7440 100644
--- a/crypto/rsa/rsa_test.c
+++ b/crypto/rsa/rsa_test.c
@@ -297,22 +297,30 @@ int main(int argc, char *argv[])
} else
printf("OAEP encryption/decryption ok\n");

- /* Try decrypting corrupted ciphertexts */
+ /* Try decrypting corrupted ciphertexts. */
for (n = 0; n < clen; ++n) {
- int b;
- unsigned char saved = ctext[n];
- for (b = 0; b < 256; ++b) {
- if (b == saved)
- continue;
- ctext[n] = b;
- num = RSA_private_decrypt(num, ctext, ptext, key,
+ ctext[n] ^= 1;
+ num = RSA_private_decrypt(clen, ctext, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (num > 0) {
- printf("Corrupt data decrypted!\n");
- err = 1;
- }
+ if (num > 0) {
+ printf("Corrupt data decrypted!\n");
+ err = 1;
+ break;
}
+ ctext[n] ^= 1;
}
+
+ /* Test truncated ciphertexts, as well as negative length. */
+ for (n = -1; n < clen; ++n) {
+ num = RSA_private_decrypt(n, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ printf("Truncated data decrypted!\n");
+ err = 1;
+ break;
+ }
+ }
+
next:
RSA_free(key);

Emilia Kasper

unread,

Sep 1, 2015, 2:13:54 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cc42e4af2cb88279555753a4f167347492ddc523 (commit)
from 59793f5c1e0138928d9e5fc24c743d8e38d450e1 (commit)

- Log -----------------------------------------------------------------
commit cc42e4af2cb88279555753a4f167347492ddc523
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 17:13:02 2015 +0200

Add missing CHANGES entry for 1.0.2

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 082e15e..343d847 100644
--- a/CHANGES
+++ b/CHANGES
@@ -723,6 +723,10 @@

Changes between 1.0.1l and 1.0.2 [22 Jan 2015]

+ *) Change RSA and DH/DSA key generation apps to generate 2048-bit
+ keys by default.
+ [Kurt Roeckx]
+
*) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
ARMv5 through ARMv8, as opposite to "locking" it to single one.
So far those who have to target multiple plaforms would compromise

Matt Caswell

unread,

Sep 1, 2015, 6:58:44 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 41fe7d2380617da515581503490f1467ee75a521 (commit)
from cc42e4af2cb88279555753a4f167347492ddc523 (commit)

- Log -----------------------------------------------------------------
commit 41fe7d2380617da515581503490f1467ee75a521
Author: Tim Zhang <tim....@irdeto.com>
Date: Mon May 11 10:58:51 2015 +0100

Fix the comment for POINT_CONVERSION_UNCOMPRESSED

The |z| value should be 0x04 not 0x02

RT#3838

Signed-off-by: Matt Caswell <ma...@openssl.org>

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 91d2728b38b1df930f337e163816a0fc9580b6a6)

-----------------------------------------------------------------------

Summary of changes:
crypto/ec/ec.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 6d3178f..81e6faf 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -106,7 +106,7 @@ typedef enum {
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
- /** the point is encoded as z||x||y, where z is the octet 0x02 */
+ /** the point is encoded as z||x||y, where z is the octet 0x04 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
* which solution of the quadratic equation y is */

Matt Caswell

unread,

Sep 1, 2015, 7:20:07 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 9a931208d7fc8a3596dda005cdbd6439938f01b0 (commit)
from 41fe7d2380617da515581503490f1467ee75a521 (commit)

- Log -----------------------------------------------------------------
commit 9a931208d7fc8a3596dda005cdbd6439938f01b0
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 16 14:17:24 2015 -0400

Fix building with OPENSSL_NO_TLSEXT.

Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.

Based on a patch by Marc Branchaud <marc...@xiplink.com>

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_sess.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 07e7379..68390d3 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -256,8 +256,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_ecpointformatlist = NULL;
dest->tlsext_ellipticcurvelist = NULL;
# endif
-#endif
dest->tlsext_tick = NULL;
+#endif
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
@@ -324,7 +324,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
goto err;
}
# endif
-#endif

if (ticket != 0) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
@@ -334,6 +333,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_tick_lifetime_hint = 0;
dest->tlsext_ticklen = 0;
}
+#endif

#ifndef OPENSSL_NO_SRP
if (src->srp_username) {

Matt Caswell

unread,

Sep 1, 2015, 7:33:25 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via dc0c888811cebfa2d21c844be0d81335fb2361da (commit)
from 9a931208d7fc8a3596dda005cdbd6439938f01b0 (commit)

- Log -----------------------------------------------------------------
commit dc0c888811cebfa2d21c844be0d81335fb2361da
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Aug 5 13:33:52 2015 +0100

Fix session resumption

Commit f0348c842e7 introduced a problem with session resumption. The
version for the session is fixed when the session is created. By moving
the creation of the session earlier in the process the version is fixed
*before* version negotiation has completed when processing the ServerHello
on the client side. This fix updates the session version after version neg
has completed.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s23_clnt.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index acbbe31..f782010 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -736,6 +736,8 @@ static int ssl23_get_server_hello(SSL *s)
goto err;
}

+ s->session->ssl_version = s->version;
+
/* ensure that TLS_MAX_VERSION is up-to-date */
OPENSSL_assert(s->version <= TLS_MAX_VERSION);

Matt Caswell

unread,

Sep 1, 2015, 7:40:32 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 31472acf61fce8bbc39390ca96ff2f9da2dfafb8 (commit)
via 28643a1615f4b09295a18d7ae0cb13adca8c8d00 (commit)
from dc0c888811cebfa2d21c844be0d81335fb2361da (commit)

- Log -----------------------------------------------------------------
commit 31472acf61fce8bbc39390ca96ff2f9da2dfafb8
Author: Hiroyuki YAMAMORI <h-ya...@db3.so-net.ne.jp>
Date: Wed Aug 26 15:06:22 2015 +0100

Fix DTLS1.2 compression

Backport of equivalent fix from master. The only compression
method is stateful and hence incompatible with DTLS. The DTLS
test was not working for DTLS1.2

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 28643a1615f4b09295a18d7ae0cb13adca8c8d00
Author: Hiroyuki YAMAMORI <h-ya...@db3.so-net.ne.jp>
Date: Wed Aug 26 15:04:09 2015 +0100

Fix DTLS1.2 buffers

Fix the setup of DTLS1.2 buffers to take account of the Header

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_both.c | 4 ++--
ssl/ssl_lib.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 019e21c..09d0661 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -648,7 +648,7 @@ int ssl3_setup_read_buffer(SSL *s)
unsigned char *p;
size_t len, align = 0, headerlen;

- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
@@ -687,7 +687,7 @@ int ssl3_setup_write_buffer(SSL *s)
unsigned char *p;
size_t len, align = 0, headerlen;

- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c0931e7..d72756a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1980,7 +1980,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)

ret->extra_certs = NULL;
/* No compression for DTLS */
- if (meth->version != DTLS1_VERSION)
+ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
ret->comp_methods = SSL_COMP_get_compression_methods();

ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;

Rich Salz

unread,

Sep 1, 2015, 9:38:46 PM9/1/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 0a1682d8b53a61732877edf015438ecd7965bc21 (commit)
from 31472acf61fce8bbc39390ca96ff2f9da2dfafb8 (commit)

- Log -----------------------------------------------------------------
commit 0a1682d8b53a61732877edf015438ecd7965bc21
Author: Rich Salz <rs...@akamai.com>
Date: Thu Aug 27 00:10:55 2015 -0400

RT3767: openssl_button.gif should be PNG

No, we should just delete it. And updated the README

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 8db78781069697cfa30a2261413f33f5055a2838)

-----------------------------------------------------------------------

Summary of changes:
doc/README | 27 ++++++++++++++++++---------
doc/openssl_button.gif | Bin 2063 -> 0 bytes
doc/openssl_button.html | 7 -------
3 files changed, 18 insertions(+), 16 deletions(-)
delete mode 100644 doc/openssl_button.gif
delete mode 100644 doc/openssl_button.html

diff --git a/doc/README b/doc/README
index 6ecc14d..cc76040 100644
--- a/doc/README
+++ b/doc/README
@@ -1,12 +1,21 @@

- apps/openssl.pod .... Documentation of OpenSSL `openssl' command
- crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
- ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
- openssl.txt ......... Assembled documentation files for OpenSSL [not final]
- ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
- standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
- that are related to OpenSSL.
+README This file

- An archive of HTML documents for the SSLeay library is available from
- http://www.columbia.edu/~ariel/ssleay/
+fingerprints.txt
+ PGP fingerprints of authoried release signers

+standards.txt
+ Pointers to standards, RFC's and IETF Drafts that are
+ related to OpenSSL. Incomplete.
+
+HOWTO/
+ A few how-to documents; not necessarily up-to-date
+apps/
+ The openssl command-line tools; start with openssl.pod
+ssl/
+ The SSL library; start with ssl.pod
+crypto/
+ The cryptographic library; start with crypto.pod
+
+Formatted versions of the manpages (apps,ssl,crypto) can be found at
+ https://www.openssl.org/docs/manpages.html
diff --git a/doc/openssl_button.gif b/doc/openssl_button.gif
deleted file mode 100644
index 3d3c90c..0000000
Binary files a/doc/openssl_button.gif and /dev/null differ
diff --git a/doc/openssl_button.html b/doc/openssl_button.html
deleted file mode 100644
index 44c91bd..0000000
--- a/doc/openssl_button.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-<a href="http://www.openssl.org/">
-<img src="openssl_button.gif"
- width=102 height=47 border=0></a>
-

Viktor Dukhovni

unread,

Sep 2, 2015, 10:02:54 AM9/2/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 40d5689458593aeca0d1a7f3591f7ccb48e459ac (commit)
via 39c76ceb2d3e51eaff95e04d6e4448f685718f8d (commit)
from 0a1682d8b53a61732877edf015438ecd7965bc21 (commit)

- Log -----------------------------------------------------------------
commit 40d5689458593aeca0d1a7f3591f7ccb48e459ac
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Tue Sep 1 21:59:08 2015 -0400

Cleaner handling of "cnid" in do_x509_check

Avoid using cnid = 0, use NID_undef instead, and return early instead
of trying to find an instance of that in the subject DN.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit fffc2faeb2b5cad4516cc624352d445284aa7522)

commit 39c76ceb2d3e51eaff95e04d6e4448f685718f8d
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Tue Sep 1 21:47:12 2015 -0400

Better handling of verify param id peername field

Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).

In x509_verify_param_zero() set peername to NULL after freeing it.

In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername. This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.

Reviewed-by: Richard Levitte <lev...@openssl.org>

(cherry picked from commit a0724ef1c9b9e2090bdd96b784f492b6a3952957)

-----------------------------------------------------------------------

Summary of changes:
crypto/x509/x509_vfy.c | 4 ++++
crypto/x509/x509_vpm.c | 15 +++++++++++----
crypto/x509v3/v3_utl.c | 10 +++++++---
3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7bac197..ab94948 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -753,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
int n = sk_OPENSSL_STRING_num(id->hosts);
char *name;

+ if (id->peername != NULL) {
+ OPENSSL_free(id->peername);
+ id->peername = NULL;
+ }
for (i = 0; i < n; ++i) {
name = sk_OPENSSL_STRING_value(id->hosts, i);
if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 1ea0c69..592a8a5 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
}
if (paramid->peername)
OPENSSL_free(paramid->peername);
+ paramid->peername = NULL;
if (paramid->email) {
OPENSSL_free(paramid->email);
paramid->email = NULL;
@@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
paramid->ip = NULL;
paramid->iplen = 0;
}
-
}

X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
@@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
param = OPENSSL_malloc(sizeof *param);
if (!param)
return NULL;
- paramid = OPENSSL_malloc(sizeof *paramid);
+ memset(param, 0, sizeof(*param));
+
+ paramid = OPENSSL_malloc(sizeof(*paramid));
if (!paramid) {
OPENSSL_free(param);
return NULL;
}
- memset(param, 0, sizeof *param);
- memset(paramid, 0, sizeof *paramid);
+ memset(paramid, 0, sizeof(*paramid));
+ /* Exotic platforms may have non-zero bit representation of NULL */
+ paramid->hosts = NULL;
+ paramid->peername = NULL;
+ paramid->email = NULL;
+ paramid->ip = NULL;
+
param->id = paramid;
x509_verify_param_zero(param);
return param;
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index bdd7b95..4d1ecc5 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -926,7 +926,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES *gens = NULL;
X509_NAME *name = NULL;
int i;
- int cnid;
+ int cnid = NID_undef;
int alt_type;
int san_present = 0;
int rv = 0;
@@ -949,7 +949,6 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
else
equal = equal_wildcard;
} else {
- cnid = 0;
alt_type = V_ASN1_OCTET_STRING;
equal = equal_case;
}
@@ -980,11 +979,16 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES_free(gens);
if (rv != 0)
return rv;
- if (!cnid
+ if (cnid == NID_undef
|| (san_present
&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
return 0;
}
+
+ /* We're done if CN-ID is not pertinent */
+ if (cnid == NID_undef)
+ return 0;
+
i = -1;
name = X509_get_subject_name(x);
while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {

Rich Salz

unread,

Sep 3, 2015, 12:40:39 PM9/3/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cef9dcbb45c936024cda5d741aee586aa530f052 (commit)
from 40d5689458593aeca0d1a7f3591f7ccb48e459ac (commit)

- Log -----------------------------------------------------------------
commit cef9dcbb45c936024cda5d741aee586aa530f052
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Thu Aug 20 00:12:29 2015 +0200

Add initial Travis CI configuration

Closes #63

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Ben Laurie <b...@openssl.org>
(cherry picked from commit 66c103bdaba21749555c8073a3f20b7741fa5869)

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 .travis.yml

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..2862473
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,24 @@
+language: c
+
+os:
+ - linux
+ - osx
+
+compiler:
+ - clang
+ - gcc
+
+env:
+ - CONFIG_OPTS=""
+ - CONFIG_OPTS="--debug"
+ - CONFIG_OPTS="shared"
+
+script:
+ - ./config $CONFIG_OPTS && make && make test
+
+notifications:
+ recipient:
+ - opens...@openssl.org
+ email:
+ on_success: change
+ on_failure: always

Dr. Stephen Henson

unread,

Sep 4, 2015, 4:36:39 PM9/4/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 2df619b06ca0026e40e8689020b0e54ed7165583 (commit)
from cef9dcbb45c936024cda5d741aee586aa530f052 (commit)

- Log -----------------------------------------------------------------
commit 2df619b06ca0026e40e8689020b0e54ed7165583
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri Sep 4 00:20:34 2015 +0100

Match SUITEB strings at start of cipher list.

PR#4009.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 13e228d6845aff7e454eea7c9ddd392ebfbd2868)

Conflicts:
ssl/ssl_ciph.c

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_ciph.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 2cc9a4a..a53f25b 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1404,15 +1404,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str)
{
unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
- if (!strcmp(*prule_str, "SUITEB128"))
- suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
- else if (!strcmp(*prule_str, "SUITEB128ONLY"))
+ if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
- else if (!strcmp(*prule_str, "SUITEB128C2")) {
+ } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
suiteb_comb2 = 1;
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
- } else if (!strcmp(*prule_str, "SUITEB192"))
+ } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+ suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+ } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+ }

if (suiteb_flags) {
c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;

Rich Salz

unread,

Sep 8, 2015, 11:37:52 AM9/8/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 7b8a9992021c496df1826ca29f65c366b544689c (commit)
from 2df619b06ca0026e40e8689020b0e54ed7165583 (commit)

- Log -----------------------------------------------------------------
commit 7b8a9992021c496df1826ca29f65c366b544689c
Author: Rich Salz <rs...@openssl.org>
Date: Tue Sep 8 11:37:05 2015 -0400

Remove bogus CHANGES entries

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 445 ----------------------------------------------------------------
1 file changed, 445 deletions(-)

diff --git a/CHANGES b/CHANGES
index 343d847..c2898ab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,451 +8,6 @@
return an error

[Rich Salz and Ismo Puustinen <ismo.pu...@intel.com>]

- *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
- from RFC4279, RFC4785, RFC5487, RFC5489.
-
- Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
- original RSA_PSK patch.
- [Steve Henson]
-
- *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
- era flag was never set throughout the codebase (only read). Also removed
- SSL3_FLAGS_POP_BUFFER which was only used if
- SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
- [Matt Caswell]
-
- *) Changed the default name options in the "ca", "crl", "req" and "x509"
- to be "oneline" instead of "compat".
- [Richard Levitte]
-
- *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
- not aware of clients that still exhibit this bug, and the workaround
- hasn't been working properly for a while.
- [Emilia Käsper]
-
- *) The return type of BIO_number_read() and BIO_number_written() as well as
- the corresponding num_read and num_write members in the BIO structure has
- changed from unsigned long to uint64_t. On platforms where an unsigned
- long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
- transferred.
- [Matt Caswell]
-
- *) Given the pervasive nature of TLS extensions it is inadvisable to run
- OpenSSL without support for them. It also means that maintaining
- the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
- not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
- [Matt Caswell]
-
- *) Removed support for the two export grade static DH ciphersuites
- EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
- were newly added (along with a number of other static DH ciphersuites) to
- 1.0.2. However the two export ones have *never* worked since they were
- introduced. It seems strange in any case to be adding new export
- ciphersuites, and given "logjam" it also does not seem correct to fix them.
- [Matt Caswell]
-
- *) Version negotiation has been rewritten. In particular SSLv23_method(),
- SSLv23_client_method() and SSLv23_server_method() have been deprecated,
- and turned into macros which simply call the new preferred function names
- TLS_method(), TLS_client_method() and TLS_server_method(). All new code
- should use the new names instead. Also as part of this change the ssl23.h
- header file has been removed.
- [Matt Caswell]
-
- *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
- code and the associated standard is no longer considered fit-for-purpose.
- [Matt Caswell]
-
- *) RT2547 was closed. When generating a private key, try to make the
- output file readable only by the owner. This behavior change might
- be noticeable when interacting with other software.
-
- *) Added HTTP GET support to the ocsp command.
- [Rich Salz]
-
- *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
- [Matt Caswell]
-
- *) Added support for TLS extended master secret from
- draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
- initial patch which was a great help during development.
- [Steve Henson]
-
- *) All libssl internal structures have been removed from the public header
- files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
- now redundant). Users should not attempt to access internal structures
- directly. Instead they should use the provided API functions.
- [Matt Caswell]
-
- *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
- Access to deprecated functions can be re-enabled by running config with
- "enable-deprecated". In addition applications wishing to use deprecated
- functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
- will, by default, disable some transitive includes that previously existed
- in the header files (e.g. ec.h will no longer, by default, include bn.h)
- [Matt Caswell]
-
- *) Added support for OCB mode. OpenSSL has been granted a patent license
- compatible with the OpenSSL license for use of OCB. Details are available
- at https://www.openssl.org/docs/misc/OCB-patent-grant-OpenSSL.pdf. Support
- for OCB can be removed by calling config with no-ocb.
- [Matt Caswell]
-
- *) SSLv2 support has been removed. It still supports receiving a SSLv2
- compatible client hello.
- [Kurt Roeckx]
-
- *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz],
- done while fixing the error code for the key-too-small case.
- [Annie Yousar <a.yo...@informatik.hu-berlin.de>]
-
- *) CA.sh has been removmed; use CA.pl instead.
- [Rich Salz]
-
- *) Removed old DES API.
- [Rich Salz]
-
- *) Remove various unsupported platforms:
- Sony NEWS4
- BEOS and BEOS_R5
- NeXT
- SUNOS
- MPE/iX
- Sinix/ReliantUNIX RM400
- DGUX
- NCR
- Tandem
- Cray
- 16-bit platforms such as WIN16
- [Rich Salz]
-
- *) Clean up OPENSSL_NO_xxx #define's
- Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
- Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
- OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
- OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
- OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
- Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
- OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
- OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
- OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
- Remove MS_STATIC; it's a relic from platforms <32 bits.
- [Rich Salz]
-
- *) Cleaned up dead code
- Remove all but one '#ifdef undef' which is to be looked at.
- [Rich Salz]
-
- *) Clean up calling of xxx_free routines.
- Just like free(), fix most of the xxx_free routines to accept
- NULL. Remove the non-null checks from callers. Save much code.
- [Rich Salz]
-
- *) Add secure heap for storage of private keys (when possible).
- Add BIO_s_secmem(), CBIGNUM, etc.
- Contributed by Akamai Technologies under our Corporate CLA.
- [Rich Salz]
-
- *) Experimental support for a new, fast, unbiased prime candidate generator,
- bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
- [Felix Laurie von Massenbach <fe...@erbridge.co.uk>]
-
- *) New output format NSS in the sess_id command line tool. This allows
- exporting the session id and the master key in NSS keylog format.
- [Martin Kaiser <mar...@kaiser.cx>]
-
- *) Harmonize version and its documentation. -f flag is used to display
- compilation flags.
- [mancha <man...@zoho.com>]
-
- *) Fix eckey_priv_encode so it immediately returns an error upon a failure
- in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue.
- [mancha <man...@zoho.com>]
-
- *) Fix some double frees. These are not thought to be exploitable.
- [mancha <man...@zoho.com>]
-
- *) A missing bounds check in the handling of the TLS heartbeat extension
- can be used to reveal up to 64k of memory to a connected client or
- server.
-
- Thanks for Neel Mehta of Google Security for discovering this bug and to
- Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
- preparing the fix (CVE-2014-0160)
- [Adam Langley, Bodo Moeller]
-
- *) Fix for the attack described in the paper "Recovering OpenSSL
- ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
- by Yuval Yarom and Naomi Benger. Details can be obtained from:
- http://eprint.iacr.org/2014/140
-
- Thanks to Yuval Yarom and Naomi Benger for discovering this
- flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
- [Yuval Yarom and Naomi Benger]
-
- *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
- this fixes a limitation in previous versions of OpenSSL.
- [Steve Henson]
-
- *) Experimental encrypt-then-mac support.
-
- Experimental support for encrypt then mac from
- draft-gutmann-tls-encrypt-then-mac-02.txt
-
- To enable it set the appropriate extension number (0x42 for the test
- server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42
-
- For non-compliant peers (i.e. just about everything) this should have no
- effect.
-
- WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- [Steve Henson]
-
- *) Add EVP support for key wrapping algorithms, to avoid problems with
- existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
- the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
- algorithms and include tests cases.
- [Steve Henson]
-
- *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
- enveloped data.
- [Steve Henson]
-
- *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
- MGF1 digest and OAEP label.
- [Steve Henson]
-
- *) Make openssl verify return errors.
- [Chris Palmer <pal...@google.com> and Ben Laurie]
-
- *) New function ASN1_TIME_diff to calculate the difference between two
- ASN1_TIME structures or one structure and the current time.
- [Steve Henson]
-
- *) Update fips_test_suite to support multiple command line options. New
- test to induce all self test errors in sequence and check expected
- failures.
- [Steve Henson]
-
- *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
- sign or verify all in one operation.
- [Steve Henson]
-
- *) Add fips_algvs: a multicall fips utility incorporating all the algorithm
- test programs and fips_test_suite. Includes functionality to parse
- the minimal script output of fipsalgest.pl directly.
- [Steve Henson]
-
- *) Add authorisation parameter to FIPS_module_mode_set().
- [Steve Henson]
-
- *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
- [Steve Henson]
-
- *) Use separate DRBG fields for internal and external flags. New function
- FIPS_drbg_health_check() to perform on demand health checking. Add
- generation tests to fips_test_suite with reduced health check interval to
- demonstrate periodic health checking. Add "nodh" option to
- fips_test_suite to skip very slow DH test.
- [Steve Henson]
-
- *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers
- based on NID.
- [Steve Henson]
-
- *) More extensive health check for DRBG checking many more failure modes.
- New function FIPS_selftest_drbg_all() to handle every possible DRBG
- combination: call this in fips_test_suite.
- [Steve Henson]
-
- *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
- and POST to handle Dual EC cases.
- [Steve Henson]
-
- *) Add support for canonical generation of DSA parameter 'g'. See
- FIPS 186-3 A.2.3.
-
- *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
- POST to handle HMAC cases.
- [Steve Henson]
-
- *) Add functions FIPS_module_version() and FIPS_module_version_text()
- to return numerical and string versions of the FIPS module number.
- [Steve Henson]
-
- *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
- FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implemented
- outside the validated module in the FIPS capable OpenSSL.
- [Steve Henson]
-
- *) Minor change to DRBG entropy callback semantics. In some cases
- there is no multiple of the block length between min_len and
- max_len. Allow the callback to return more than max_len bytes
- of entropy but discard any extra: it is the callback's responsibility
- to ensure that the extra data discarded does not impact the
- requested amount of entropy.
- [Steve Henson]
-
- *) Add PRNG security strength checks to RSA, DSA and ECDSA using
- information in FIPS186-3, SP800-57 and SP800-131A.
- [Steve Henson]
-
- *) CCM support via EVP. Interface is very similar to GCM case except we
- must supply all data in one chunk (i.e. no update, final) and the
- message length must be supplied if AAD is used. Add algorithm test
- support.
- [Steve Henson]
-
- *) Initial version of POST overhaul. Add POST callback to allow the status
- of POST to be monitored and/or failures induced. Modify fips_test_suite
- to use callback. Always run all selftests even if one fails.
- [Steve Henson]
-
- *) XTS support including algorithm test driver in the fips_gcmtest program.
- Note: this does increase the maximum key length from 32 to 64 bytes but
- there should be no binary compatibility issues as existing applications
- will never use XTS mode.
- [Steve Henson]
-
- *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
- to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
- performs algorithm blocking for unapproved PRNG types. Also do not
- set PRNG type in FIPS_mode_set(): leave this to the application.
- Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
- the standard OpenSSL PRNG: set additional data to a date time vector.
- [Steve Henson]
-
- *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
- This shouldn't present any incompatibility problems because applications
- shouldn't be using these directly and any that are will need to rethink
- anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
- [Steve Henson]
-
- *) Extensive self tests and health checking required by SP800-90 DRBG.
- Remove strength parameter from FIPS_drbg_instantiate and always
- instantiate at maximum supported strength.
- [Steve Henson]
-
- *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
- [Steve Henson]
-
- *) New algorithm test program fips_dhvs to handle DH primitives only testing.
- [Steve Henson]
-
- *) New function DH_compute_key_padded() to compute a DH key and pad with
- leading zeroes if needed: this complies with SP800-56A et al.
- [Steve Henson]
-
- *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
- anything, incomplete, subject to change and largely untested at present.
- [Steve Henson]
-
- *) Modify fipscanisteronly build option to only build the necessary object
- files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
- [Steve Henson]
-
- *) Add experimental option FIPSSYMS to give all symbols in
- fipscanister.o and FIPS or fips prefix. This will avoid
- conflicts with future versions of OpenSSL. Add perl script
- util/fipsas.pl to preprocess assembly language source files
- and rename any affected symbols.
- [Steve Henson]
-
- *) Add selftest checks and algorithm block of non-fips algorithms in
- FIPS mode. Remove DES2 from selftests.
- [Steve Henson]
-
- *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just
- return internal method without any ENGINE dependencies. Add new
- tiny fips sign and verify functions.
- [Steve Henson]
-
- *) New build option no-ec2m to disable characteristic 2 code.
- [Steve Henson]
-
- *) New build option "fipscanisteronly". This only builds fipscanister.o
- and (currently) associated fips utilities. Uses the file Makefile.fips
- instead of Makefile.org as the prototype.
- [Steve Henson]
-
- *) Add some FIPS mode restrictions to GCM. Add internal IV generator.
- Update fips_gcmtest to use IV generator.
- [Steve Henson]
-
- *) Initial, experimental EVP support for AES-GCM. AAD can be input by
- setting output buffer to NULL. The *Final function must be
- called although it will not retrieve any additional data. The tag
- can be set or retrieved with a ctrl. The IV length is by default 12
- bytes (96 bits) but can be set to an alternative value. If the IV
- length exceeds the maximum IV length (currently 16 bytes) it cannot be
- set before the key.
- [Steve Henson]
-
- *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
- underlying do_cipher function handles all cipher semantics itself
- including padding and finalisation. This is useful if (for example)
- an ENGINE cipher handles block padding itself. The behaviour of
- do_cipher is subtly changed if this flag is set: the return value
- is the number of characters written to the output buffer (zero is
- no longer an error code) or a negative error code. Also if the
- input buffer is NULL and length 0 finalisation should be performed.
- [Steve Henson]
-
- *) If a candidate issuer certificate is already part of the constructed
- path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
- [Steve Henson]
-
- *) Improve forward-security support: add functions
-
- void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
- void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
-
- for use by SSL/TLS servers; the callback function will be called whenever a
- new session is created, and gets to decide whether the session may be
- cached to make it resumable (return 0) or not (return 1). (As by the
- SSL/TLS protocol specifications, the session_id sent by the server will be
- empty to indicate that the session is not resumable; also, the server will
- not generate RFC 4507 (RFC 5077) session tickets.)
-
- A simple reasonable callback implementation is to return is_forward_secure.
- This parameter will be set to 1 or 0 depending on the ciphersuite selected
- by the SSL/TLS server library, indicating whether it can provide forward
- security.
- [Emilia Käsper <emilia...@esat.kuleuven.be> (Google)]
-
- *) New -verify_name option in command line utilities to set verification
- parameters by name.
- [Steve Henson]
-
- *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
- Add CMAC pkey methods.
- [Steve Henson]
-
- *) Experimental renegotiation in s_server -www mode. If the client
- browses /reneg connection is renegotiated. If /renegcert it is
- renegotiated requesting a certificate.
- [Steve Henson]
-
- *) Add an "external" session cache for debugging purposes to s_server. This
- should help trace issues which normally are only apparent in deployed
- multi-process servers.
- [Steve Henson]
-
- *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
- return value is ignored. NB. The functions RAND_add(), RAND_seed(),
- BIO_set_cipher() and some obscure PEM functions were changed so they
- can now return an error. The RAND changes required a change to the
- RAND_METHOD structure.
- [Steve Henson]
-
- *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
- a gcc attribute to warn if the result of a function is ignored. This
- is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
- whose return value is often ignored.
- [Steve Henson]
->>>>>>> f00a10b... GH367: Fix dsa keygen for too-short seed
-

Changes between 1.0.2c and 1.0.2d [9 Jul 2015]

*) Alternate chains certificate forgery

Emilia Kasper

unread,

Sep 10, 2015, 11:24:16 AM9/10/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 4dcdde120bac79979d1ce63cc652e7b53fab4f49 (commit)
from 7b8a9992021c496df1826ca29f65c366b544689c (commit)

- Log -----------------------------------------------------------------
commit 4dcdde120bac79979d1ce63cc652e7b53fab4f49
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 16:31:55 2015 +0200

RT3754: check for NULL pointer

Fix both the caller to error out on malloc failure, as well as the
eventual callee to handle a NULL gracefully.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/p_lib.c | 2 +-
crypto/evp/pmeth_gn.c | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 1171d30..c017124 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -253,7 +253,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)

int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
- if (!EVP_PKEY_set_type(pkey, type))
+ if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
return 0;
pkey->pkey.ptr = key;
return (key != NULL);
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 59f8134..6435f1b 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -96,12 +96,17 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
return -1;
}

- if (!ppkey)
+ if (ppkey == NULL)
return -1;

- if (!*ppkey)
+ if (*ppkey == NULL)
*ppkey = EVP_PKEY_new();

+ if (*ppkey == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
ret = ctx->pmeth->paramgen(ctx, *ppkey);
if (ret <= 0) {
EVP_PKEY_free(*ppkey);

Dr. Stephen Henson

unread,

Sep 11, 2015, 3:57:09 PM9/11/15

to

The branch OpenSSL_1_0_2-stable has been updated

via ce5ae63ab2f3a85795462cf91e8be3f1be013992 (commit)
from 4dcdde120bac79979d1ce63cc652e7b53fab4f49 (commit)

- Log -----------------------------------------------------------------
commit ce5ae63ab2f3a85795462cf91e8be3f1be013992

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Sep 11 16:13:52 2015 +0100

Use default field separator.

If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 03706afa30aeb4407287171a9d6f9a765395d0a2)

-----------------------------------------------------------------------

Summary of changes:
apps/apps.c | 6 +++++-
doc/apps/x509.pod | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 7478fc3..68287b1 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1352,7 +1352,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
- return set_multi_opts(flags, arg, ex_tbl);
+ if (set_multi_opts(flags, arg, ex_tbl) == 0)
+ return 0;
+ if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ *flags |= XN_FLAG_SEP_CPLUS_SPC;
+ return 1;
}

int set_ext_copy(int *copy_type, const char *arg)
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a1326ed..26f71c8 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -539,7 +539,8 @@ very rare and their use is discouraged). The options ending in
"space" additionally place a space after the separator to make it
more readable. The B<sep_multiline> uses a linefeed character for
the RDN separator and a spaced B<+> for the AVA separator. It also
-indents the fields by four characters.
+indents the fields by four characters. If no field separator is specified
+then B<sep_comma_plus_space> is used by default.

=item B<dn_rev>

Dr. Stephen Henson

unread,

Sep 11, 2015, 7:51:55 PM9/11/15

to

The branch OpenSSL_1_0_2-stable has been updated

via eac2b837d63fbac8acb3a9d1f65a2d8379edfc93 (commit)
from ce5ae63ab2f3a85795462cf91e8be3f1be013992 (commit)

- Log -----------------------------------------------------------------
commit eac2b837d63fbac8acb3a9d1f65a2d8379edfc93
Author: John Foley <fol...@cisco.com>
Date: Sat Sep 12 00:11:23 2015 +0100

Use memmove instead of memcpy.

PR#4036

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/modes/wrap128.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index 4dcaf03..3849783 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -76,7 +76,7 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
return 0;
A = B;
t = 1;
- memcpy(out + 8, in, inlen);
+ memmove(out + 8, in, inlen);
if (!iv)
iv = default_iv;

@@ -113,7 +113,7 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
A = B;
t = 6 * (inlen >> 3);
memcpy(A, in, 8);
- memcpy(out, in + 8, inlen);
+ memmove(out, in + 8, inlen);
for (j = 0; j < 6; j++) {
R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8) {

Dr. Stephen Henson

unread,

Sep 11, 2015, 9:43:12 PM9/11/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9 (commit)
from eac2b837d63fbac8acb3a9d1f65a2d8379edfc93 (commit)

- Log -----------------------------------------------------------------
commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Sep 12 00:44:07 2015 +0100

Check for FIPS mode after loading config.

PR#3958

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/pkcs12.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4ff6449..e41b445 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)

apps_startup();

-# ifdef OPENSSL_FIPS
- if (FIPS_mode())
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else
-# endif
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;

+# ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+# endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
args = argv + 1;

while (*args) {

Dr. Stephen Henson

unread,

Sep 11, 2015, 9:48:24 PM9/11/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 5116aeeacbac3f22792cfa9a370069f00adc2a49 (commit)
from 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9 (commit)

- Log -----------------------------------------------------------------
commit 5116aeeacbac3f22792cfa9a370069f00adc2a49

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Sep 12 01:53:52 2015 +0100

Constify ECDSA_METHOD_new.

PR#3920.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit aabd49232025807babe995006a46c4c7815ce868)

-----------------------------------------------------------------------

Summary of changes:
crypto/ecdsa/ecdsa.h | 2 +-
crypto/ecdsa/ecs_lib.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
index c4016ac..a6f0930 100644
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx);
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
*/

-ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
+ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method);

/** frees a ECDSA_METHOD structure
* \param ecdsa_method pointer to the ECDSA_METHOD structure
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 1c02310..8dc1dda 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -276,7 +276,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx)
return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
}

-ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth)
+ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_meth)
{
ECDSA_METHOD *ret;

Kurt Roeckx

unread,

Sep 14, 2015, 6:08:34 PM9/14/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 728bcd59d3d41e152aead0d15acc51a8958536d3 (commit)
from 5116aeeacbac3f22792cfa9a370069f00adc2a49 (commit)

- Log -----------------------------------------------------------------
commit 728bcd59d3d41e152aead0d15acc51a8958536d3
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue Sep 15 00:07:02 2015 +0200

d2i: don't update input pointer on failure

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

MR #1005
(cherry picked from commit a46c9789ce2aecedceef119e9883513c7a49f1ca)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/d2i_pr.c | 11 ++++++++---
crypto/asn1/tasn_dec.c | 4 ++--
crypto/asn1/x_pubkey.c | 5 ++++-
crypto/asn1/x_x509.c | 7 ++++---
crypto/ec/ec_asn1.c | 8 ++++++--
crypto/x509v3/v3_scts.c | 4 +++-
6 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c96da09..314f4e3 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
{
EVP_PKEY *ret;
+ const unsigned char *p = *pp;

if ((a == NULL) || (*a == NULL)) {
if ((ret = EVP_PKEY_new()) == NULL) {
@@ -94,10 +95,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
}

if (!ret->ameth->old_priv_decode ||
- !ret->ameth->old_priv_decode(ret, pp, length)) {
+ !ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
PKCS8_PRIV_KEY_INFO *p8 = NULL;
- p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
EVP_PKEY_free(ret);
@@ -109,6 +110,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
goto err;
}
}
+ *pp = p;
if (a != NULL)
(*a) = ret;
return (ret);
@@ -136,6 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
* input is surrounded by an ASN1 SEQUENCE.
*/
inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+ p = *pp;
/*
* Since we only need to discern "traditional format" RSA and DSA keys we
* can just count the elements.
@@ -146,7 +149,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
keytype = EVP_PKEY_EC;
else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
* traditional format */
- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
EVP_PKEY *ret;

sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
@@ -157,6 +160,8 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
+ if (ret != NULL)
+ *pp = p;
if (a) {
*a = ret;
}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7fd336a..febf605 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -350,9 +350,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
}

asn1_set_choice_selector(pval, i, it);
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;

case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -489,9 +489,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* Save encoding */
if (!asn1_enc_save(pval, *in, p - *in, it))
goto auxerr;
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;

default:
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 4b68201..6c57a79 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
{
X509_PUBKEY *xpk;
EVP_PKEY *pktmp;
- xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ const unsigned char *q;
+ q = *pp;
+ xpk = d2i_X509_PUBKEY(NULL, &q, length);
if (!xpk)
return NULL;
pktmp = X509_PUBKEY_get(xpk);
X509_PUBKEY_free(xpk);
if (!pktmp)
return NULL;
+ *pp = q;
if (a) {
EVP_PKEY_free(*a);
*a = pktmp;
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 5f266a2..63c15e8 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -180,16 +180,17 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
if (!a || *a == NULL) {
freeret = 1;
}
- ret = d2i_X509(a, pp, length);
+ ret = d2i_X509(a, &q, length);
/* If certificate unreadable then forget it */
if (!ret)
return NULL;
/* update length */
- length -= *pp - q;
+ length -= q - *pp;
if (!length)
return ret;
- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+ if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
goto err;
+ *pp = q;
return ret;
err:
if (freeret) {
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 4ad8494..33abf61 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -970,8 +970,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
{
EC_GROUP *group = NULL;
ECPKPARAMETERS *params = NULL;
+ const unsigned char *p = *in;

- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+ if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
ECPKPARAMETERS_free(params);
return NULL;
@@ -989,6 +990,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
*a = group;

ECPKPARAMETERS_free(params);
+ *in = p;
return (group);
}

@@ -1016,8 +1018,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
int ok = 0;
EC_KEY *ret = NULL;
EC_PRIVATEKEY *priv_key = NULL;
+ const unsigned char *p = *in;

- if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
+ if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
return NULL;
}
@@ -1096,6 +1099,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)

if (a)
*a = ret;
+ *in = p;
ok = 1;
err:
if (!ok) {
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 6e0b8d6..0b7c681 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -190,8 +190,9 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,
SCT *sct;
unsigned char *p, *p2;
unsigned short listlen, sctlen = 0, fieldlen;
+ const unsigned char *q = *pp;

- if (d2i_ASN1_OCTET_STRING(&oct, pp, length) == NULL)
+ if (d2i_ASN1_OCTET_STRING(&oct, &q, length) == NULL)
return NULL;
if (oct->length < 2)
goto done;
@@ -279,6 +280,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,

done:
ASN1_OCTET_STRING_free(oct);
+ *pp = q;
return sk;

err:

Rich Salz

unread,

Sep 15, 2015, 11:58:58 AM9/15/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 3be39dc1e3378d79531e385a72051c4dc5c6b34d (commit)
from 728bcd59d3d41e152aead0d15acc51a8958536d3 (commit)

- Log -----------------------------------------------------------------
commit 3be39dc1e3378d79531e385a72051c4dc5c6b34d
Author: Rich Salz <rs...@akamai.com>
Date: Tue Sep 15 11:49:42 2015 -0400

RT4044: Remove .cvsignore files.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/.cvsignore | 8 --------
crypto/aes/.cvsignore | 8 --------
crypto/asn1/.cvsignore | 4 ----
crypto/bf/.cvsignore | 5 -----
crypto/bf/asm/.cvsignore | 4 ----
crypto/bio/.cvsignore | 4 ----
crypto/bn/.cvsignore | 10 ----------
crypto/bn/asm/.cvsignore | 6 ------
crypto/buffer/.cvsignore | 4 ----
crypto/camellia/.cvsignore | 3 ---
crypto/cast/.cvsignore | 6 ------
crypto/cast/asm/.cvsignore | 4 ----
crypto/cmac/.cvsignore | 4 ----
crypto/cms/.cvsignore | 4 ----
crypto/comp/.cvsignore | 4 ----
crypto/conf/.cvsignore | 4 ----
crypto/des/.cvsignore | 7 -------
crypto/des/asm/.cvsignore | 7 -------
crypto/dh/.cvsignore | 4 ----
crypto/dsa/.cvsignore | 4 ----
crypto/dso/.cvsignore | 4 ----
crypto/ec/.cvsignore | 4 ----
crypto/ecdh/.cvsignore | 4 ----
crypto/ecdsa/.cvsignore | 2 --
crypto/engine/.cvsignore | 4 ----
crypto/err/.cvsignore | 4 ----
crypto/evp/.cvsignore | 4 ----
crypto/hmac/.cvsignore | 4 ----
crypto/idea/.cvsignore | 4 ----
crypto/jpake/.cvsignore | 3 ---
crypto/krb5/.cvsignore | 4 ----
crypto/lhash/.cvsignore | 4 ----
crypto/md2/.cvsignore | 4 ----
crypto/md4/.cvsignore | 4 ----
crypto/md5/.cvsignore | 5 -----
crypto/md5/asm/.cvsignore | 4 ----
crypto/mdc2/.cvsignore | 4 ----
crypto/modes/.cvsignore | 5 -----
crypto/objects/.cvsignore | 4 ----
crypto/ocsp/.cvsignore | 4 ----
crypto/pem/.cvsignore | 5 -----
crypto/pkcs12/.cvsignore | 4 ----
crypto/pkcs7/.cvsignore | 8 --------
crypto/pqueue/.cvsignore | 4 ----
crypto/rand/.cvsignore | 4 ----
crypto/rc2/.cvsignore | 4 ----
crypto/rc4/.cvsignore | 5 -----
crypto/rc4/asm/.cvsignore | 4 ----
crypto/rc5/.cvsignore | 4 ----
crypto/rc5/asm/.cvsignore | 4 ----
crypto/ripemd/.cvsignore | 5 -----
crypto/ripemd/asm/.cvsignore | 4 ----
crypto/rsa/.cvsignore | 4 ----
crypto/seed/.cvsignore | 4 ----
crypto/sha/.cvsignore | 7 -------
crypto/sha/asm/.cvsignore | 4 ----
crypto/srp/.cvsignore | 2 --
crypto/stack/.cvsignore | 4 ----
crypto/store/.cvsignore | 4 ----
crypto/ts/.cvsignore | 2 --
crypto/txt_db/.cvsignore | 4 ----
crypto/ui/.cvsignore | 4 ----
crypto/whrlpool/.cvsignore | 3 ---
crypto/x509/.cvsignore | 4 ----
crypto/x509v3/.cvsignore | 4 ----
demos/easy_tls/.cvsignore | 3 ---
demos/engines/cluster_labs/.cvsignore | 6 ------
demos/engines/ibmca/.cvsignore | 6 ------
demos/engines/rsaref/.cvsignore | 14 --------------
demos/engines/zencod/.cvsignore | 6 ------
demos/state_machine/.cvsignore | 3 ---
demos/tunala/.cvsignore | 4 ----
engines/.cvsignore | 6 ------
engines/ccgost/.cvsignore | 6 ------
include/.cvsignore | 3 ---
ms/.cvsignore | 5 -----
perl/.cvsignore | 14 --------------
ssl/.cvsignore | 4 ----
test/.cvsignore | 34 ----------------------------------
tools/.cvsignore | 4 ----
util/.cvsignore | 2 --
81 files changed, 408 deletions(-)
delete mode 100644 crypto/.cvsignore
delete mode 100644 crypto/aes/.cvsignore
delete mode 100644 crypto/asn1/.cvsignore
delete mode 100644 crypto/bf/.cvsignore
delete mode 100644 crypto/bf/asm/.cvsignore
delete mode 100644 crypto/bio/.cvsignore
delete mode 100644 crypto/bn/.cvsignore
delete mode 100644 crypto/bn/asm/.cvsignore
delete mode 100644 crypto/buffer/.cvsignore
delete mode 100644 crypto/camellia/.cvsignore
delete mode 100644 crypto/cast/.cvsignore
delete mode 100644 crypto/cast/asm/.cvsignore
delete mode 100644 crypto/cmac/.cvsignore
delete mode 100644 crypto/cms/.cvsignore
delete mode 100644 crypto/comp/.cvsignore
delete mode 100644 crypto/conf/.cvsignore
delete mode 100644 crypto/des/.cvsignore
delete mode 100644 crypto/des/asm/.cvsignore
delete mode 100644 crypto/dh/.cvsignore
delete mode 100644 crypto/dsa/.cvsignore
delete mode 100644 crypto/dso/.cvsignore
delete mode 100644 crypto/ec/.cvsignore
delete mode 100644 crypto/ecdh/.cvsignore
delete mode 100644 crypto/ecdsa/.cvsignore
delete mode 100644 crypto/engine/.cvsignore
delete mode 100644 crypto/err/.cvsignore
delete mode 100644 crypto/evp/.cvsignore
delete mode 100644 crypto/hmac/.cvsignore
delete mode 100644 crypto/idea/.cvsignore
delete mode 100644 crypto/jpake/.cvsignore
delete mode 100644 crypto/krb5/.cvsignore
delete mode 100644 crypto/lhash/.cvsignore
delete mode 100644 crypto/md2/.cvsignore
delete mode 100644 crypto/md4/.cvsignore
delete mode 100644 crypto/md5/.cvsignore
delete mode 100644 crypto/md5/asm/.cvsignore
delete mode 100644 crypto/mdc2/.cvsignore
delete mode 100644 crypto/modes/.cvsignore
delete mode 100644 crypto/objects/.cvsignore
delete mode 100644 crypto/ocsp/.cvsignore
delete mode 100644 crypto/pem/.cvsignore
delete mode 100644 crypto/pkcs12/.cvsignore
delete mode 100644 crypto/pkcs7/.cvsignore
delete mode 100644 crypto/pqueue/.cvsignore
delete mode 100644 crypto/rand/.cvsignore
delete mode 100644 crypto/rc2/.cvsignore
delete mode 100644 crypto/rc4/.cvsignore
delete mode 100644 crypto/rc4/asm/.cvsignore
delete mode 100644 crypto/rc5/.cvsignore
delete mode 100644 crypto/rc5/asm/.cvsignore
delete mode 100644 crypto/ripemd/.cvsignore
delete mode 100644 crypto/ripemd/asm/.cvsignore
delete mode 100644 crypto/rsa/.cvsignore
delete mode 100644 crypto/seed/.cvsignore
delete mode 100644 crypto/sha/.cvsignore
delete mode 100644 crypto/sha/asm/.cvsignore
delete mode 100644 crypto/srp/.cvsignore
delete mode 100644 crypto/stack/.cvsignore
delete mode 100644 crypto/store/.cvsignore
delete mode 100644 crypto/ts/.cvsignore
delete mode 100644 crypto/txt_db/.cvsignore
delete mode 100644 crypto/ui/.cvsignore
delete mode 100644 crypto/whrlpool/.cvsignore
delete mode 100644 crypto/x509/.cvsignore
delete mode 100644 crypto/x509v3/.cvsignore
delete mode 100644 demos/easy_tls/.cvsignore
delete mode 100644 demos/engines/cluster_labs/.cvsignore
delete mode 100644 demos/engines/ibmca/.cvsignore
delete mode 100644 demos/engines/rsaref/.cvsignore
delete mode 100644 demos/engines/zencod/.cvsignore
delete mode 100644 demos/state_machine/.cvsignore
delete mode 100644 demos/tunala/.cvsignore
delete mode 100644 engines/.cvsignore
delete mode 100644 engines/ccgost/.cvsignore
delete mode 100644 include/.cvsignore
delete mode 100644 ms/.cvsignore
delete mode 100644 perl/.cvsignore
delete mode 100644 ssl/.cvsignore
delete mode 100644 test/.cvsignore
delete mode 100644 tools/.cvsignore
delete mode 100644 util/.cvsignore

diff --git a/crypto/.cvsignore b/crypto/.cvsignore
deleted file mode 100644
index 337529e..0000000
--- a/crypto/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-lib
-buildinf.h
-opensslconf.h
-Makefile.save
-*.flc
-semantic.cache
-*cpuid.s
-uplink-cof.s
diff --git a/crypto/aes/.cvsignore b/crypto/aes/.cvsignore
deleted file mode 100644
index 2ae26c6..0000000
--- a/crypto/aes/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-aes-*.s
-aesni-*.s
-bsaes-*.s
-vpaes-*.s
diff --git a/crypto/asn1/.cvsignore b/crypto/asn1/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/asn1/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/bf/.cvsignore b/crypto/bf/.cvsignore
deleted file mode 100644
index 86da787..0000000
--- a/crypto/bf/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-bf-*.s
diff --git a/crypto/bf/asm/.cvsignore b/crypto/bf/asm/.cvsignore
deleted file mode 100644
index 0a60dba..0000000
--- a/crypto/bf/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-bx86unix.cpp
-bx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/bio/.cvsignore b/crypto/bio/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/bio/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/bn/.cvsignore b/crypto/bn/.cvsignore
deleted file mode 100644
index 4f9bed1..0000000
--- a/crypto/bn/.cvsignore
+++ /dev/null
@@ -1,10 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-co-*.s
-bn-*.s
-*-mont.s
-modexp512-x86_64.s
-*-gf2m.s
-x86_64-mont5.s
diff --git a/crypto/bn/asm/.cvsignore b/crypto/bn/asm/.cvsignore
deleted file mode 100644
index 2647502..0000000
--- a/crypto/bn/asm/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-bn86unix.cpp
-co86unix.cpp
-bn86-elf.s
-co86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/buffer/.cvsignore b/crypto/buffer/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/buffer/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/camellia/.cvsignore b/crypto/camellia/.cvsignore
deleted file mode 100644
index b7f68a8..0000000
--- a/crypto/camellia/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-cmll-*.s
diff --git a/crypto/cast/.cvsignore b/crypto/cast/.cvsignore
deleted file mode 100644
index 7075b5d..0000000
--- a/crypto/cast/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-cx86-*.s
-cast-586.s
diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore
deleted file mode 100644
index 322fa86..0000000
--- a/crypto/cast/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-cx86unix.cpp
-cx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/cmac/.cvsignore b/crypto/cmac/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/cmac/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/cms/.cvsignore b/crypto/cms/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/cms/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/comp/.cvsignore b/crypto/comp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/comp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/conf/.cvsignore b/crypto/conf/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/conf/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/des/.cvsignore b/crypto/des/.cvsignore
deleted file mode 100644
index 6f011ea..0000000
--- a/crypto/des/.cvsignore

+++ /dev/null
@@ -1,7 +0,0 @@

-lib
-Makefile.save
-des
-*.flc
-semantic.cache
-crypt*.s
-des-*.s
diff --git a/crypto/des/asm/.cvsignore b/crypto/des/asm/.cvsignore
deleted file mode 100644
index b92f401..0000000
--- a/crypto/des/asm/.cvsignore

+++ /dev/null
@@ -1,7 +0,0 @@

-dx86unix.cpp
-yx86unix.cpp
-des_enc-sparc.S
-dx86-elf.s
-yx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/dh/.cvsignore b/crypto/dh/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dh/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/dsa/.cvsignore b/crypto/dsa/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dsa/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/dso/.cvsignore b/crypto/dso/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dso/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ec/.cvsignore b/crypto/ec/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ec/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ecdh/.cvsignore b/crypto/ecdh/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ecdh/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ecdsa/.cvsignore b/crypto/ecdsa/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/ecdsa/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/engine/.cvsignore b/crypto/engine/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/engine/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/err/.cvsignore b/crypto/err/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/err/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/evp/.cvsignore b/crypto/evp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/evp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/hmac/.cvsignore b/crypto/hmac/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/hmac/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/idea/.cvsignore b/crypto/idea/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/idea/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/jpake/.cvsignore b/crypto/jpake/.cvsignore
deleted file mode 100644
index 33ac838..0000000
--- a/crypto/jpake/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-
diff --git a/crypto/krb5/.cvsignore b/crypto/krb5/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/krb5/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/lhash/.cvsignore b/crypto/lhash/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/lhash/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md2/.cvsignore b/crypto/md2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/md2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md4/.cvsignore b/crypto/md4/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/md4/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md5/.cvsignore b/crypto/md5/.cvsignore
deleted file mode 100644
index e7bf5dd..0000000
--- a/crypto/md5/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-md5-*.s
diff --git a/crypto/md5/asm/.cvsignore b/crypto/md5/asm/.cvsignore
deleted file mode 100644
index 5265922..0000000
--- a/crypto/md5/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-mx86unix.cpp
-mx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/mdc2/.cvsignore b/crypto/mdc2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/mdc2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/modes/.cvsignore b/crypto/modes/.cvsignore
deleted file mode 100644
index 1d4a29a..0000000
--- a/crypto/modes/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-ghash-*.s
diff --git a/crypto/objects/.cvsignore b/crypto/objects/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/objects/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ocsp/.cvsignore b/crypto/ocsp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ocsp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pem/.cvsignore b/crypto/pem/.cvsignore
deleted file mode 100644
index feb507d..0000000
--- a/crypto/pem/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-ctx_size
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pkcs12/.cvsignore b/crypto/pkcs12/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/pkcs12/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pkcs7/.cvsignore b/crypto/pkcs7/.cvsignore
deleted file mode 100644
index 5463e2a..0000000
--- a/crypto/pkcs7/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-lib
-Makefile.save
-enc
-dec
-sign
-verify
-*.flc
-semantic.cache
diff --git a/crypto/pqueue/.cvsignore b/crypto/pqueue/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/pqueue/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rand/.cvsignore b/crypto/rand/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rand/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc2/.cvsignore b/crypto/rc2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rc2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc4/.cvsignore b/crypto/rc4/.cvsignore
deleted file mode 100644
index 55e2f07..0000000
--- a/crypto/rc4/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-rc4-*.s
diff --git a/crypto/rc4/asm/.cvsignore b/crypto/rc4/asm/.cvsignore
deleted file mode 100644
index ded381e..0000000
--- a/crypto/rc4/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-rx86unix.cpp
-rx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/rc5/.cvsignore b/crypto/rc5/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rc5/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc5/asm/.cvsignore b/crypto/rc5/asm/.cvsignore
deleted file mode 100644
index e294b19..0000000
--- a/crypto/rc5/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-r586unix.cpp
-r586-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/ripemd/.cvsignore b/crypto/ripemd/.cvsignore
deleted file mode 100644
index 4e5de48..0000000
--- a/crypto/ripemd/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-rmd-*.s
diff --git a/crypto/ripemd/asm/.cvsignore b/crypto/ripemd/asm/.cvsignore
deleted file mode 100644
index 1c4890f..0000000
--- a/crypto/ripemd/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-rm86unix.cpp
-rm86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/rsa/.cvsignore b/crypto/rsa/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rsa/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/seed/.cvsignore b/crypto/seed/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/seed/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/sha/.cvsignore b/crypto/sha/.cvsignore
deleted file mode 100644
index 4f51f91..0000000
--- a/crypto/sha/.cvsignore

+++ /dev/null
@@ -1,7 +0,0 @@

-lib
-Makefile.save
-*.flc
-semantic.cache
-sha1-*.s
-sha256-*.s
-sha512-*.s
diff --git a/crypto/sha/asm/.cvsignore b/crypto/sha/asm/.cvsignore
deleted file mode 100644
index 9921443..0000000
--- a/crypto/sha/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-sx86unix.cpp
-sx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/srp/.cvsignore b/crypto/srp/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/srp/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/stack/.cvsignore b/crypto/stack/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/stack/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/store/.cvsignore b/crypto/store/.cvsignore
deleted file mode 100644
index 68a9313..0000000
--- a/crypto/store/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-Makefile.save
-lib
-*.flc
-semantic.cache
diff --git a/crypto/ts/.cvsignore b/crypto/ts/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/ts/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/txt_db/.cvsignore b/crypto/txt_db/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/txt_db/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ui/.cvsignore b/crypto/ui/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ui/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/whrlpool/.cvsignore b/crypto/whrlpool/.cvsignore
deleted file mode 100644
index baa1c42..0000000
--- a/crypto/whrlpool/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-wp-*.s
diff --git a/crypto/x509/.cvsignore b/crypto/x509/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/x509/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/x509v3/.cvsignore b/crypto/x509v3/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/x509v3/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/demos/easy_tls/.cvsignore b/demos/easy_tls/.cvsignore
deleted file mode 100644
index eae327d..0000000
--- a/demos/easy_tls/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-test
-*.flc
-semantic.cache
diff --git a/demos/engines/cluster_labs/.cvsignore b/demos/engines/cluster_labs/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/cluster_labs/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/engines/ibmca/.cvsignore b/demos/engines/ibmca/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/ibmca/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/engines/rsaref/.cvsignore b/demos/engines/rsaref/.cvsignore
deleted file mode 100644
index e8e5e62..0000000
--- a/demos/engines/rsaref/.cvsignore
+++ /dev/null
@@ -1,14 +0,0 @@
-librsaref.so.gnu
-librsaref.so.tru64
-librsaref.so.solaris
-librsaref.so.irix
-librsaref.so.hpux32
-librsaref.so.hpux64
-librsaref.so.aix
-librsaref.exp
-doc
-install
-rdemo
-source
-*.flc
-semantic.cache
diff --git a/demos/engines/zencod/.cvsignore b/demos/engines/zencod/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/zencod/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/state_machine/.cvsignore b/demos/state_machine/.cvsignore
deleted file mode 100644
index a90633f..0000000
--- a/demos/state_machine/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-state_machine
-*.flc
-semantic.cache
diff --git a/demos/tunala/.cvsignore b/demos/tunala/.cvsignore
deleted file mode 100644
index f9eca98..0000000
--- a/demos/tunala/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-tunala
-
-*.flc
-semantic.cache
diff --git a/engines/.cvsignore b/engines/.cvsignore
deleted file mode 100644
index b722ca8..0000000
--- a/engines/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-Makefile.save
-lib
-libs
-*.flc
-semantic.cache
-*.dll
diff --git a/engines/ccgost/.cvsignore b/engines/ccgost/.cvsignore
deleted file mode 100644
index b722ca8..0000000
--- a/engines/ccgost/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-Makefile.save
-lib
-libs
-*.flc
-semantic.cache
-*.dll
diff --git a/include/.cvsignore b/include/.cvsignore
deleted file mode 100644
index 55e25b4..0000000
--- a/include/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*
-*.flc
-semantic.cache
diff --git a/ms/.cvsignore b/ms/.cvsignore
deleted file mode 100644
index 5f8e47b..0000000
--- a/ms/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-*.def
-*.mak
-*.out
-*.flc
-semantic.cache
diff --git a/perl/.cvsignore b/perl/.cvsignore
deleted file mode 100644
index 5e8eb88..0000000
--- a/perl/.cvsignore
+++ /dev/null
@@ -1,14 +0,0 @@
-Makefile
-blib
-pm_to_blib
-OpenSSL.c
-openssl_bio.c
-openssl_bn.c
-openssl_cipher.c
-openssl_digest.c
-openssl_err.c
-openssl_ssl.c
-openssl_x509.c
-OpenSSL.bs
-*.flc
-semantic.cache
diff --git a/ssl/.cvsignore b/ssl/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/ssl/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/test/.cvsignore b/test/.cvsignore
deleted file mode 100644
index 8b5997c..0000000
--- a/test/.cvsignore

+++ /dev/null
@@ -1,34 +0,0 @@

-*test
-demoCA
-certCA.srl
-.rnd
-testkey.pem
-testreq.pem
-keyCA.ss
-reqCA.ss
-certCA.ss
-req2CA.ss
-keyU.ss
-reqU.ss
-certU.ss
-certU.srl
-intP1.ss
-tmp_intP1.ss
-keyP1.ss
-reqP1.ss
-certP1.ss
-certP1.srl
-intP2.ss
-tmp_intP2.ss
-keyP2.ss
-reqP2.ss
-certP2.ss
-Makefile.save
-tmp.bntest
-evptests.txt
-sha256t
-sha512t
-*.flc
-semantic.cache
-newkey.pem
-*.dll
diff --git a/tools/.cvsignore b/tools/.cvsignore
deleted file mode 100644
index cde7450..0000000
--- a/tools/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-c_rehash
-c_rehash.bak
-*.flc
-semantic.cache
diff --git a/util/.cvsignore b/util/.cvsignore
deleted file mode 100644
index 8b4054c..0000000
--- a/util/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*.flc
-semantic.cache

Rich Salz

unread,

Sep 15, 2015, 12:02:43 PM9/15/15

to

The branch OpenSSL_1_0_2-stable has been updated

via beb841c5d10d12eaac96167866dad2b3f36edb2a (commit)
from 3be39dc1e3378d79531e385a72051c4dc5c6b34d (commit)

- Log -----------------------------------------------------------------
commit beb841c5d10d12eaac96167866dad2b3f36edb2a
Author: Rich Salz <rs...@openssl.org>
Date: Tue Sep 15 12:01:30 2015 -0400

RT4044: Remove .cvsignore files.

Reviewed-by: Matt Caswell <ma...@openssl.org>

(cherry picked from commit 83fcd322f7b398534fba7816ca3c0896f529c7c0)

-----------------------------------------------------------------------

Summary of changes:
.cvsignore | 22 ----------------------
apps/.cvsignore | 8 --------
2 files changed, 30 deletions(-)
delete mode 100644 .cvsignore
delete mode 100644 apps/.cvsignore

diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index 01be5fa..0000000
--- a/.cvsignore

+++ /dev/null
@@ -1,22 +0,0 @@

-openssl.pc
-libcrypto.pc
-libssl.pc
-MINFO
-makefile.one
-tmp
-out
-outinc
-rehash.time
-testlog
-make.log
-maketest.log
-cctest
-cctest.c
-cctest.a
-*.flc
-semantic.cache
-Makefile
-*.dll*
-*.so*
-*.sl*
-*.dylib*
diff --git a/apps/.cvsignore b/apps/.cvsignore
deleted file mode 100644
index 9981329..0000000
--- a/apps/.cvsignore

+++ /dev/null
@@ -1,8 +0,0 @@

-openssl
-Makefile.save
-der_chop
-der_chop.bak
-CA.pl
-*.flc
-semantic.cache
-*.dll

Dr. Stephen Henson

unread,

Sep 16, 2015, 1:11:35 PM9/16/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 929f6d6f55275b17cfdd5c405ef403bce87c9aef (commit)
from beb841c5d10d12eaac96167866dad2b3f36edb2a (commit)

- Log -----------------------------------------------------------------
commit 929f6d6f55275b17cfdd5c405ef403bce87c9aef
Author: Ivo Raisr <ivo....@oracle.com>
Date: Fri Sep 11 17:24:33 2015 +0100

Make no-psk compile without warnings.

PR#4035

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_asn1.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 39d48ea..35cc27c 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -121,13 +121,16 @@ typedef struct ssl_session_asn1_st {
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
- int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0;
+ int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
int v6 = 0, v9 = 0, v10 = 0;
unsigned char ibuf6[LSIZE2];
#endif
+#ifndef OPENSSL_NO_PSK
+ int v7 = 0, v8 = 0;
+#endif
#ifndef OPENSSL_NO_COMP
unsigned char cbuf;
int v11 = 0;

Kurt Roeckx

unread,

Sep 16, 2015, 3:04:19 PM9/16/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 0711826ae946138b94c19aabbcdc2f716cd98684 (commit)
from 929f6d6f55275b17cfdd5c405ef403bce87c9aef (commit)

- Log -----------------------------------------------------------------
commit 0711826ae946138b94c19aabbcdc2f716cd98684
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue Sep 15 21:26:32 2015 +0200

Fix return values when adding serverinfo fails.

Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1128

(cherry picked from commit fae11ec714ac8e71d95e824d7102ab5b2ec2e256)

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_rsa.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b1b2318..237154c 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -750,31 +750,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
*extension_data = NULL;
*extension_length = 0;
if (serverinfo == NULL || serverinfo_length == 0)
- return 0;
+ return -1;
for (;;) {
unsigned int type = 0;
size_t len = 0;

/* end of serverinfo */
if (serverinfo_length == 0)
- return -1; /* Extension not found */
+ return 0; /* Extension not found */

/* read 2-byte type field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
type = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;

/* read 2-byte len field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
len = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;

if (len > serverinfo_length)
- return 0; /* Error */
+ return -1; /* Error */

if (type == extension_type) {
*extension_data = serverinfo;
@@ -814,10 +814,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
/* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
ext_type, out, outlen);
+ if (retval == -1) {
+ *al = SSL_AD_DECODE_ERROR;
+ return -1; /* Error */
+ }
if (retval == 0)
- return 0; /* Error */
- if (retval == -1)
- return -1; /* No extension found, don't send extension */
+ return 0; /* No extension found, don't send extension */
return 1; /* Send extension */
}
return -1; /* No serverinfo data found, don't send

Emilia Kasper

unread,

Sep 17, 2015, 2:28:34 PM9/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 37faf117965de181f4de0b4032eecac2566de5f6 (commit)
from 0711826ae946138b94c19aabbcdc2f716cd98684 (commit)

- Log -----------------------------------------------------------------
commit 37faf117965de181f4de0b4032eecac2566de5f6
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed Sep 2 15:31:28 2015 +0200

RT3757: base64 encoding bugs

Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Dr Stephen Henson <st...@openssl.org>
(cherry picked from commit 3cdd1e94b1d71f2ce3002738f9506da91fe2af45)

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 6 ++
crypto/evp/encode.c | 182 ++++++++++++++++++++++++----------------------------
2 files changed, 90 insertions(+), 98 deletions(-)

diff --git a/CHANGES b/CHANGES
index c2898ab..1dc6dc6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@

Changes between 1.0.2d and 1.0.2e [xx XXX xxxx]

+ *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+ This changes the decoding behaviour for some invalid messages,
+ though the change is mostly in the more lenient direction, and
+ legacy behaviour is preserved as much as possible.
+ [Emilia Käsper]
+
*) In DSA_generate_parameters_ex, if the provided seed is too short,

return an error
[Rich Salz and Ismo Puustinen <ismo.pu...@intel.com>]

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index c361d1f..f758a8c 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -103,6 +103,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
+#define B64_BASE64(a) !B64_NOT_BASE64(a)

static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -218,8 +219,9 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)

void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
- ctx->length = 30;
+ /* Only ctx->num is used during decoding. */
ctx->num = 0;
+ ctx->length = 0;
ctx->line_num = 0;
ctx->expect_nl = 0;
}
@@ -228,139 +230,123 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
* -1 for error
* 0 for last line
* 1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ * - Padding or B64_EOF was detected and the last block is complete.
+ * - Input has zero-length.
+ * -1 is returned if:
+ * - Invalid characters are detected.
+ * - There is extra trailing padding, or data after padding.
+ * - B64_EOF is detected after an incomplete base64 block.
*/
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl;
+ int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
unsigned char *d;

n = ctx->num;
d = ctx->enc_data;
- ln = ctx->line_num;
- exp_nl = ctx->expect_nl;

- /* last line of input. */
- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
+ if (n > 0 && d[n - 1] == '=') {
+ eof++;
+ if (n > 1 && d[n - 2] == '=')
+ eof++;
+ }
+
+ /* Legacy behaviour: an empty input chunk signals end of input. */
+ if (inl == 0) {
rv = 0;
goto end;
}

- /* We parse the input data */
for (i = 0; i < inl; i++) {
- /* If the current line is > 80 characters, scream a lot */
- if (ln >= 80) {
- rv = -1;
- goto end;
- }
-
- /* Get char and put it into the buffer */
tmp = *(in++);
v = conv_ascii2bin(tmp);
- /* only save the good data :-) */
- if (!B64_NOT_BASE64(v)) {
- OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
- d[n++] = tmp;
- ln++;
- } else if (v == B64_ERROR) {
+ if (v == B64_ERROR) {
rv = -1;
goto end;
}

- /*
- * have we seen a '=' which is 'definitly' the last input line. seof
- * will point to the character that holds it. and eof will hold how
- * many characters to chop off.
- */
if (tmp == '=') {
- if (seof == -1)
- seof = n;
eof++;
+ } else if (eof > 0 && B64_BASE64(v)) {
+ /* More data after padding. */
+ rv = -1;
+ goto end;
}

- if (v == B64_CR) {
- ln = 0;
- if (exp_nl)
- continue;
+ if (eof > 2) {
+ rv = -1;
+ goto end;
}

- /* eoln */
- if (v == B64_EOLN) {
- ln = 0;
- if (exp_nl) {
- exp_nl = 0;
- continue;
- }
- }
- exp_nl = 0;
-
- /*
- * If we are at the end of input and it looks like a line, process
- * it.
- */
- if (((i + 1) == inl) && (((n & 3) == 0) || eof)) {
- v = B64_EOF;
- /*
- * In case things were given us in really small records (so two
- * '=' were given in separate updates), eof may contain the
- * incorrect number of ending bytes to skip, so let's redo the
- * count
- */
- eof = 0;
- if (d[n - 1] == '=')
- eof++;
- if (d[n - 2] == '=')
- eof++;
- /* There will never be more than two '=' */
+ if (v == B64_EOF) {
+ seof = 1;
+ goto tail;
}

- if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) {
- /*
- * This is needed to work correctly on 64 byte input lines. We
- * process the line and then need to accept the '\n'
- */
- if ((v != B64_EOF) && (n >= 64))
- exp_nl = 1;
- if (n > 0) {
- v = EVP_DecodeBlock(out, d, n);
- n = 0;
- if (v < 0) {
- rv = 0;
- goto end;
- }
- if (eof > v) {
- rv = -1;
- goto end;
- }
- ret += (v - eof);
- } else {
- eof = 1;
- v = 0;
- }
-
- /*
- * This is the case where we have had a short but valid input
- * line
- */
- if ((v < ctx->length) && eof) {
- rv = 0;
+ /* Only save valid base64 characters. */
+ if (B64_BASE64(v)) {
+ if (n >= 64) {
+ /*
+ * We increment n once per loop, and empty the buffer as soon as
+ * we reach 64 characters, so this can only happen if someone's
+ * manually messed with the ctx. Refuse to write any more data.
+ */
+ rv = -1;
goto end;
- } else
- ctx->length = v;
+ }
+ OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+ d[n++] = tmp;
+ }

- if (seof >= 0) {
- rv = 0;
+ if (n == 64) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
goto end;
}
- out += v;
+ ret += decoded_len - eof;
+ out += decoded_len - eof;
}
}
- rv = 1;
- end:
+
+ /*
+ * Legacy behaviour: if the current line is a full base64-block (i.e., has
+ * 0 mod 4 base64 characters), it is processed immediately. We keep this
+ * behaviour as applications may not be calling EVP_DecodeFinal properly.
+ */
+tail:
+ if (n > 0) {
+ if ((n & 3) == 0) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
+ goto end;
+ }
+ ret += (decoded_len - eof);
+ } else if (seof) {
+ /* EOF in the middle of a base64 block. */
+ rv = -1;
+ goto end;
+ }
+ }
+
+ rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+ /* Legacy behaviour. This should probably rather be zeroed on error. */
*outl = ret;
ctx->num = n;
- ctx->line_num = ln;
- ctx->expect_nl = exp_nl;
return (rv);

Emilia Kasper

unread,

Sep 17, 2015, 3:46:01 PM9/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cb71f17dc786c72ec74c0ebb983b3ccfde484271 (commit)
from 37faf117965de181f4de0b4032eecac2566de5f6 (commit)

- Log -----------------------------------------------------------------
commit cb71f17dc786c72ec74c0ebb983b3ccfde484271
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 20:08:48 2015 +0200

base64 decode: check for high bit

Previously, the conversion would silently coerce to ASCII. Now, we error
out.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit b785504a10310cb2872270eb409b70971be5e76e)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/encode.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index f758a8c..3005560 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -60,9 +60,9 @@
#include "cryptlib.h"
#include <openssl/evp.h>

+static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f])
#else
/*
* We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -71,7 +71,6 @@
* as the underlying textstring data_bin2ascii[] is already EBCDIC)
*/
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
#endif

/*-
@@ -124,6 +123,23 @@ static const unsigned char data_ascii2bin[128] = {
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};

+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ a = os_toascii[a];
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#endif
+
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->length = 48;

Matt Caswell

unread,

Sep 17, 2015, 5:41:10 PM9/17/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 197db2143c9e0324300cc631740844df651a05ff (commit)
from cb71f17dc786c72ec74c0ebb983b3ccfde484271 (commit)

- Log -----------------------------------------------------------------
commit 197db2143c9e0324300cc631740844df651a05ff
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Sep 16 10:47:15 2015 +0100

Make sure OPENSSL_cleanse checks for NULL

In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18)

-----------------------------------------------------------------------

Summary of changes:
crypto/mem_clr.c | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
index 3df1f39..1a06636 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len)
{
unsigned char *p = ptr;
size_t loop = len, ctr = cleanse_ctr;
+
+ if (ptr == NULL)
+ return;
+
while (loop--) {
*(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF));

Rich Salz

unread,

Sep 18, 2015, 3:57:05 PM9/18/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 6be18a22199de4d114b53686c31ba02723fc2c18 (commit)
from 197db2143c9e0324300cc631740844df651a05ff (commit)

- Log -----------------------------------------------------------------
commit 6be18a22199de4d114b53686c31ba02723fc2c18
Author: Rich Salz <rs...@akamai.com>
Date: Thu Sep 17 21:53:43 2015 -0400

This undoes GH367 for non-master

Was only approved for master, to avoid compatibility issues on
previous releases.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 33 +++++++++++++++++++--------------
doc/crypto/DSA_generate_parameters.pod | 11 ++++++-----
2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index f65790c..5a328aa 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -163,15 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

bits = (bits + 63) / 64 * 64;

- if (seed_in != NULL) {
- if (seed_len < (size_t)qsize)
- return 0;
- if (seed_len > (size_t)qsize) {
- /* Only consume as much seed as is expected. */
- seed_len = qsize;
- }
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < (size_t)qsize))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > (size_t)qsize)
+ seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */
+ if (seed_in != NULL)
memcpy(seed, seed_in, seed_len);
- }

if ((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -194,18 +197,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */
- int use_random_seed = (seed_in == NULL);
+ int seed_is_random;

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (use_random_seed) {
- if (RAND_bytes(seed, qsize) <= 0)
+ if (!seed_len) {
+ if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;
+ seed_is_random = 1;
} else {
- /* If we come back through, use random seed next time. */
- seed_in = NULL;
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
@@ -232,7 +237,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- use_random_seed, cb);
+ seed_is_random, cb);
if (r > 0)
break;
if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index 116ff09..16a67f2 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,12 +23,13 @@ Deprecated:
DSA_generate_parameters_ex() generates primes p and q and a generator g
for use in the DSA and stores the result in B<dsa>.

-B<bits> is the length of the prime p to be generated.
-For lengths under 2048 bits, the length of q is 160 bits; for lengths
-greater than or equal to 2048 bits, the length of q is set to 256 bits.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.

-If B<seed> is NULL, the primes will be generated at random.
-If B<seed_len> is less than the length of q, an error is returned.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.

DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

Viktor Dukhovni

unread,

Sep 19, 2015, 9:09:52 AM9/19/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 8748519f64735a9753b7791bb5e08a28ac7bdc94 (commit)
from 6be18a22199de4d114b53686c31ba02723fc2c18 (commit)

- Log -----------------------------------------------------------------
commit 8748519f64735a9753b7791bb5e08a28ac7bdc94
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Fri Sep 18 21:15:42 2015 -0400

Fix indentation

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 4fe1cbdff89768c5d1983988ce1022674a438bbb)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/encode.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 3005560..c6abc4a 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -344,13 +344,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
tail:
if (n > 0) {

if ((n & 3) == 0) {

- decoded_len = EVP_DecodeBlock(out, d, n);
- n = 0;
- if (decoded_len < 0 || eof > decoded_len) {

- rv = -1;
- goto end;
- }

- ret += (decoded_len - eof);

+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
+ goto end;
+ }
+ ret += (decoded_len - eof);

} else if (seof) {

/* EOF in the middle of a base64 block. */

rv = -1;

Dr. Stephen Henson

unread,

Sep 20, 2015, 9:34:34 AM9/20/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 325bb1ac25e1f9ae8d2c11bdbc528a115c60ed8e (commit)
via 2e3a21e152d2e953d9ed148f65e43707db370302 (commit)
from 8748519f64735a9753b7791bb5e08a28ac7bdc94 (commit)

- Log -----------------------------------------------------------------
commit 325bb1ac25e1f9ae8d2c11bdbc528a115c60ed8e

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Sep 13 19:04:58 2015 +0100

Handle SSL_ERROR_WANT_X509_LOOKUP

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit f1c412c9e63f7c9cac2c723bff09cce563dda1b0)

commit 2e3a21e152d2e953d9ed148f65e43707db370302

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Sep 12 02:37:48 2015 +0100

Make SRP work with -www

PR#3817

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4e7e623012e1604d985e2ef362c2957d464f3f01)

-----------------------------------------------------------------------

Summary of changes:
apps/s_server.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
ssl/bio_ssl.c | 4 ++++
2 files changed, 49 insertions(+)

diff --git a/apps/s_server.c b/apps/s_server.c
index afc72b0..f19532b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2887,6 +2887,21 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
@@ -3217,6 +3232,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
ERR_print_errors(bio_err);
goto end;
}
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
}
BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
@@ -3230,6 +3260,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index a0c583e..d2d4d2e 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -419,6 +419,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
b->retry_reason = b->next_bio->retry_reason;
break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
default:
break;

Matt Caswell

unread,

Sep 21, 2015, 5:29:42 AM9/21/15

to

The branch OpenSSL_1_0_2-stable has been updated

via b21b330bf195104fd921f2570729b5f837c0e442 (commit)
from 325bb1ac25e1f9ae8d2c11bdbc528a115c60ed8e (commit)

- Log -----------------------------------------------------------------
commit b21b330bf195104fd921f2570729b5f837c0e442
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Sep 16 10:24:37 2015 +0100

Fix SRP memory leaks

There were some memory leaks in the creation of an SRP verifier (both on
successful completion and also on some error paths).

Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit bf95cde28712cfcad90cb3975cdcb8e5c0f20fde)

-----------------------------------------------------------------------

Summary of changes:
crypto/srp/srp_vfy.c | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 50f75d7..a3f1a8a 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -521,12 +521,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g)
{
int len;
- char *result = NULL;
- char *vf;
+ char *result = NULL, *vf = NULL;
BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
+ int vfsize = 0;

if ((user == NULL) ||
(pass == NULL) || (salt == NULL) || (verifier == NULL))
@@ -564,22 +564,23 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
goto err;

BN_bn2bin(v, tmp);
- if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
+ vfsize = BN_num_bytes(v) * 2;
+ if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
t_tob64(vf, tmp, BN_num_bytes(v));

- *verifier = vf;
if (*salt == NULL) {
char *tmp_salt;

if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
- OPENSSL_free(vf);
goto err;
}
t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
*salt = tmp_salt;
}

+ *verifier = vf;
+ vf = NULL;
result = defgNid;

err:
@@ -587,11 +588,21 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
BN_free(N_bn);
BN_free(g_bn);
}
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ BN_clear_free(s);
+ BN_clear_free(v);
return result;
}

/*
- * create a verifier (*salt,*verifier,g and N are BIGNUMs)
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
*/
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
@@ -600,6 +611,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
+ BIGNUM *salttmp = NULL;

if ((user == NULL) ||
(pass == NULL) ||
@@ -614,10 +626,12 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
goto err;

- *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ } else {
+ salttmp = *salt;
}

- x = SRP_Calc_x(*salt, user, pass);
+ x = SRP_Calc_x(salttmp, user, pass);

*verifier = BN_new();
if (*verifier == NULL)
@@ -631,9 +645,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
srp_bn_print(*verifier);

result = 1;
+ *salt = salttmp;

err:
-
+ if (*salt != salttmp)
+ BN_clear_free(salttmp);
BN_clear_free(x);
BN_CTX_free(bn_ctx);
return result;

Rich Salz

unread,

Sep 21, 2015, 2:36:41 PM9/21/15

to

The branch OpenSSL_1_0_2-stable has been updated

via d601b9b50c0157279d9b968e27c944719f85936f (commit)
from b21b330bf195104fd921f2570729b5f837c0e442 (commit)

- Log -----------------------------------------------------------------
commit d601b9b50c0157279d9b968e27c944719f85936f
Author: Gunnar Kudrjavets <gunn...@microsoft.com>
Date: Mon Apr 27 11:14:45 2015 -0700

RT3823: Improve the robustness of event logging

There are a couple of minor fixes here:

1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.

2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.

3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.

Testing performed:

1) Clean compilation for debug-VC-WIN32 and VC-WIN32.

2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.

3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 4cd94416a452c3a3e0df24c297f7d2f0e6d5bb5f)

-----------------------------------------------------------------------

Summary of changes:
crypto/cryptlib.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index ca0e3cc..c9f674b 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -953,13 +953,29 @@ void OPENSSL_showfatal(const char *fmta, ...)
# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (check_winnt() && OPENSSL_isservice() > 0) {
- HANDLE h = RegisterEventSource(0, _T("OPENSSL"));
- const TCHAR *pmsg = buf;
- ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0);
- DeregisterEventSource(h);
+ HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+ if (hEventLog != NULL) {
+ const TCHAR *pmsg = buf;
+
+ if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+ 1, 0, &pmsg, NULL)) {
+#if defined(DEBUG)
+ /*
+ * We are in a situation where we tried to report a critical
+ * error and this failed for some reason. As a last resort,
+ * in debug builds, send output to the debugger or any other
+ * tool like DebugView which can monitor the output.
+ */
+ OutputDebugString(pmsg);
+#endif
+ }
+
+ (void)DeregisterEventSource(hEventLog);
+ }
} else
# endif
- MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
}
#else
void OPENSSL_showfatal(const char *fmta, ...)

Rich Salz

unread,

Sep 21, 2015, 5:32:12 PM9/21/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 0ea050e743e57235ba2e1a9a105b61490c09c149 (commit)
from d601b9b50c0157279d9b968e27c944719f85936f (commit)

- Log -----------------------------------------------------------------
commit 0ea050e743e57235ba2e1a9a105b61490c09c149
Author: David Woodhouse <David.W...@intel.com>
Date: Wed Sep 9 15:49:01 2015 -0400

RT3479: Add UTF8 support to BIO_read_filename()

If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().

If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?

It would certainly be nice if SSL_use_certificate_chain_file() worked.

Also made BIO_C_SET_FILENAME work (rsalz)

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit ff03599a2f518dbdf13bca0bb0208e431b892fe9)

-----------------------------------------------------------------------

Summary of changes:
crypto/bio/bss_file.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index d7f15b0..bfba93e 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -115,9 +115,8 @@ static BIO_METHOD methods_filep = {
NULL,
};

-BIO *BIO_new_file(const char *filename, const char *mode)
+static FILE *file_fopen(const char *filename, const char *mode)
{
- BIO *ret;
FILE *file = NULL;

# if defined(_WIN32) && defined(CP_UTF8)
@@ -164,6 +163,14 @@ BIO *BIO_new_file(const char *filename, const char *mode)
# else
file = fopen(filename, mode);
# endif
+ return (file);
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ BIO *ret;
+ FILE *file = file_fopen(filename, mode);
+
if (file == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
@@ -386,7 +393,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
else
strcat(p, "t");
# endif
- fp = fopen(ptr, p);
+ fp = file_fopen(ptr, p);
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");

Rich Salz

unread,

Sep 22, 2015, 1:46:20 PM9/22/15

to

The branch OpenSSL_1_0_2-stable has been updated

via c038e6b50497a4c63044a509e925a6eebff3e747 (commit)
from 0ea050e743e57235ba2e1a9a105b61490c09c149 (commit)

- Log -----------------------------------------------------------------
commit c038e6b50497a4c63044a509e925a6eebff3e747
Author: Rich Salz <rs...@akamai.com>
Date: Mon Sep 21 19:54:36 2015 -0400

GH398: Add mingw cross-compile, etc.

For all release branches. It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.

Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit db9defdfe306e1adf0af7188b187d535eb0268da)

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 52 +++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 39 insertions(+), 13 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 2862473..cb28758 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,24 +1,50 @@
language: c

+addons:
+ apt_packages:
+ - binutils-mingw-w64
+ - gcc-mingw-w64
+
os:
- - linux
- - osx

+ - linux
+ - osx

compiler:
- - clang
- - gcc

+ - clang
+ - gcc

+ - i686-w64-mingw32-gcc
+ - x86_64-w64-mingw32-gcc

env:
- - CONFIG_OPTS=""
- - CONFIG_OPTS="--debug"
- - CONFIG_OPTS="shared"
+ - CONFIG_OPTS=""
+ - CONFIG_OPTS="shared"
+ - CONFIG_OPTS="--debug --strict-warnings"
+
+matrix:
+ exclude:
+ - os: osx
+ compiler: i686-w64-mingw32-gcc
+ - os: osx
+ compiler: x86_64-w64-mingw32-gcc
+
+before_script:
+ - if [ "$CC" == i686-w64-mingw32-gcc ]; then
+ export CROSS_COMPILE=${CC%%gcc}; unset CC;
+ ./Configure mingw $CONFIG_OPTS;
+ elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
+ export CROSS_COMPILE=${CC%%gcc}; unset CC;
+ ./Configure mingw64 $CONFIG_OPTS;
+ else
+ ./config $CONFIG_OPTS;
+ fi

script:
- - ./config $CONFIG_OPTS && make && make test
+ - make
+ - if [ -z "$CROSS_COMPILE" ]; then make test; fi

notifications:
- recipient:
- - opens...@openssl.org
- email:
- on_success: change
- on_failure: always
+ recipient:
+ - openssl...@openssl.org

+ email:
+ on_success: change
+ on_failure: always

Emilia Kasper

unread,

Sep 22, 2015, 2:05:29 PM9/22/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 51ff683c12104f667c33f37c1fdb35ab47571ea1 (commit)
via be250ee2d353a9c8ed858bf8ca274d3107ae2f64 (commit)
via f5afe9ce3f7ab8d2fef460054d1170427db0d02c (commit)
via f61216ba9d17430fb5eb3e2b202a209960b9d51b (commit)
from c038e6b50497a4c63044a509e925a6eebff3e747 (commit)

- Log -----------------------------------------------------------------
commit 51ff683c12104f667c33f37c1fdb35ab47571ea1
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 13:55:09 2015 +0200

Document BUF_strnlen

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 21b0fa91186ff1c1c3d956c0593ef4ac02521695)

commit be250ee2d353a9c8ed858bf8ca274d3107ae2f64
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 13:50:34 2015 +0200

BUF_strdup and friends: update docs

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 58e3457a82e8940ff36b36949f9c7a60e7614b2c)

commit f5afe9ce3f7ab8d2fef460054d1170427db0d02c
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 13:27:05 2015 +0200

BUF_strndup: tidy

Fix comment, add another overflow check, tidy style

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf)

commit f61216ba9d17430fb5eb3e2b202a209960b9d51b
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Wed Sep 16 17:54:05 2015 +0200

Make BUF_strndup() read-safe on arbitrary inputs

BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)

-----------------------------------------------------------------------

Summary of changes:
crypto/buffer/buf_str.c | 21 ++++++++++++++-------
crypto/buffer/buffer.h | 6 ++++++
doc/crypto/buffer.pod | 49 ++++++++++++++++++++++++++-----------------------
3 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index ebc5ab4..fa0d608 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -58,6 +58,7 @@

#include <stdio.h>
#include "cryptlib.h"
+#include <limits.h>
#include <openssl/buffer.h>

size_t BUF_strnlen(const char *str, size_t maxlen)
@@ -72,7 +73,7 @@ size_t BUF_strnlen(const char *str, size_t maxlen)
char *BUF_strdup(const char *str)
{
if (str == NULL)
- return (NULL);
+ return NULL;
return BUF_strndup(str, strlen(str));
}

@@ -81,16 +82,22 @@ char *BUF_strndup(const char *str, size_t siz)
char *ret;

if (str == NULL)
- return (NULL);
+ return NULL;

siz = BUF_strnlen(str, siz);

+ if (siz >= INT_MAX)
+ return NULL;
+
ret = OPENSSL_malloc(siz + 1);
if (ret == NULL) {
BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
- BUF_strlcpy(ret, str, siz + 1);
+
+ memcpy(ret, str, siz);
+ ret[siz] = '\0';
+
return (ret);
}

@@ -98,13 +105,13 @@ void *BUF_memdup(const void *data, size_t siz)
{
void *ret;

- if (data == NULL)
- return (NULL);
+ if (data == NULL || siz >= INT_MAX)
+ return NULL;

ret = OPENSSL_malloc(siz);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return memcpy(ret, data, siz);
}
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index c343dd7..efd240a 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
size_t BUF_strnlen(const char *str, size_t maxlen);
char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
char *BUF_strndup(const char *str, size_t siz);
+
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);

diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
index 781f5b1..52c5c84 100644
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@@ -2,8 +2,11 @@

=head1 NAME

-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents

=head1 SYNOPSIS

@@ -15,25 +18,22 @@ character arrays structure

int BUF_MEM_grow(BUF_MEM *str, int len);

- char * BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);

-=head1 DESCRIPTION
+ char *BUF_strndup(const char *str, size_t siz);

-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
+ void *BUF_memdup(const void *data, size_t siz);
+
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);

-The library uses the BUF_MEM structure defined in buffer.h:
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);

- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
+ size_t BUF_strnlen(const char *str, size_t maxlen);

-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.

BUF_MEM_new() allocates a new buffer of zero size.

@@ -44,14 +44,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to
B<len>. Any data already in the buffer is preserved if it increases in
size.

-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy(),
+BUF_strlcat() and BUF_strnlen are equivalents of the standard C
+library functions. The dup() functions use OPENSSL_malloc() underneath
+and so should be used in preference to the standard library for memory
+leak checking or replacing the malloc() function.
+
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.

-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.

=head1 RETURN VALUES

Rich Salz

unread,

Sep 25, 2015, 11:39:48 AM9/25/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 605a54ef1c17f93d5a5f09150953f444d4a3ad39 (commit)
from 51ff683c12104f667c33f37c1fdb35ab47571ea1 (commit)

- Log -----------------------------------------------------------------
commit 605a54ef1c17f93d5a5f09150953f444d4a3ad39
Author: Rich Salz <rs...@openssl.org>
Date: Fri Sep 25 11:38:43 2015 -0400

Change --debug to -d for compat with old releases.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 1d4ddb4e1a088f1333c4bb155c52c7f94e572bca)

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index cb28758..14e0a87 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ compiler:
env:
- CONFIG_OPTS=""
- CONFIG_OPTS="shared"
- - CONFIG_OPTS="--debug --strict-warnings"
+ - CONFIG_OPTS="--d --strict-warnings"

matrix:
exclude:

Rich Salz

unread,

Sep 25, 2015, 11:44:43 AM9/25/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 920f7cf8972d8185b0b8eb6640a1bbff59b69ca3 (commit)
from 605a54ef1c17f93d5a5f09150953f444d4a3ad39 (commit)

- Log -----------------------------------------------------------------
commit 920f7cf8972d8185b0b8eb6640a1bbff59b69ca3
Author: Rich Salz <rs...@openssl.org>
Date: Fri Sep 25 11:44:28 2015 -0400

Fix typo in previous merge.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml

index 14e0a87..3125363 100644

--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ compiler:
env:
- CONFIG_OPTS=""
- CONFIG_OPTS="shared"

- - CONFIG_OPTS="--d --strict-warnings"
+ - CONFIG_OPTS="-d --strict-warnings"

Dr. Stephen Henson

unread,

Sep 28, 2015, 9:33:52 AM9/28/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 92ea6fe597238779e23fd9e1fee82d30641d61a8 (commit)
from 920f7cf8972d8185b0b8eb6640a1bbff59b69ca3 (commit)

- Log -----------------------------------------------------------------
commit 92ea6fe597238779e23fd9e1fee82d30641d61a8

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Sep 28 14:31:53 2015 +0100

SRP memory leak fix

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/s_client.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/apps/s_client.c b/apps/s_client.c
index 2c75e11..f80711f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2073,6 +2073,9 @@ int MAIN(int argc, char **argv)
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+ OPENSSL_free(srp_arg.srppassin);
+#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);

Emilia Kasper

unread,

Sep 28, 2015, 10:18:47 AM9/28/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 21b538d616b388fa0ce64ef54da3504253895cf8 (commit)
from 92ea6fe597238779e23fd9e1fee82d30641d61a8 (commit)

- Log -----------------------------------------------------------------
commit 21b538d616b388fa0ce64ef54da3504253895cf8
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed Sep 23 19:29:18 2015 +0200

RT2772: accept empty SessionTicket

RFC 5077 section 3.3 says: If the server determines that it does not
want to include a ticket after it has included the SessionTicket
extension in the ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/s3_clnt.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 2059151..12f1f8e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2224,6 +2224,7 @@ int ssl3_get_new_session_ticket(SSL *s)
long n;
const unsigned char *p;
unsigned char *d;
+ unsigned long ticket_lifetime_hint;

n = s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A,
@@ -2242,6 +2243,19 @@ int ssl3_get_new_session_ticket(SSL *s)

p = d = (unsigned char *)s->init_msg;

+ n2l(p, ticket_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ /* Server is allowed to change its mind and send an empty ticket. */
+ if (ticklen == 0)
+ return 1;
+
if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode;
SSL_SESSION *new_sess;
@@ -2273,14 +2287,6 @@ int ssl3_get_new_session_ticket(SSL *s)
s->session = new_sess;
}

- n2l(p, s->session->tlsext_tick_lifetime_hint);
- n2s(p, ticklen);
- /* ticket_lifetime_hint + ticket_length + ticket */
- if (ticklen + 6 != n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
if (s->session->tlsext_tick) {
OPENSSL_free(s->session->tlsext_tick);
s->session->tlsext_ticklen = 0;
@@ -2291,6 +2297,7 @@ int ssl3_get_new_session_ticket(SSL *s)
goto err;
}
memcpy(s->session->tlsext_tick, p, ticklen);
+ s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
s->session->tlsext_ticklen = ticklen;
/*
* There are two ways to detect a resumed ticket session. One is to set

Rich Salz

unread,

Sep 29, 2015, 12:49:19 PM9/29/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 6f997dc36504d67d1339ceb6bce4ecba673d8568 (commit)
from 21b538d616b388fa0ce64ef54da3504253895cf8 (commit)

- Log -----------------------------------------------------------------
commit 6f997dc36504d67d1339ceb6bce4ecba673d8568
Author: Ismo Puustinen <ismo.pu...@intel.com>
Date: Fri Sep 18 16:07:23 2015 -0400

GH367: use random data if seed too short.

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 2 +-
doc/crypto/DSA_generate_parameters.pod | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 5a328aa..9d3b59e 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -203,7 +203,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (!seed_len) {
+ if (!seed_len || !seed_in) {

if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;

seed_is_random = 1;
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index 16a67f2..b1a4d20 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -29,7 +29,7 @@ maximum of 1024 bits.

If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be

generated at random. Otherwise, the seed is used to generate

them. If the given seed does not yield a prime q, a new random

-seed is chosen and placed at B<seed>.
+seed is chosen.

DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

Dr. Stephen Henson

unread,

Sep 29, 2015, 1:43:38 PM9/29/15

to

The branch OpenSSL_1_0_2-stable has been updated

via d62c64b947ae96463a331de005165c57966d2149 (commit)
from 6f997dc36504d67d1339ceb6bce4ecba673d8568 (commit)

- Log -----------------------------------------------------------------
commit d62c64b947ae96463a331de005165c57966d2149

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Sep 28 14:14:10 2015 +0100

Link in applink with fips_premain_dso

PR#4042

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

util/pl/VC-32.pl | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index da05e9d..284fe03 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -358,15 +358,17 @@ sub do_link_rule
local($ret,$_);
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
+ $ret.="$target: $files $dep_libs";
if ($standalone == 1)
{
+ $ret.=" \$(OBJ_D)${o}applink.obj\n";
$ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
- $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+ $ret.= "\$(EX_LIBS) \$(OBJ_D)${o}applink.obj " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
$ret.="$files $libs\n<<\n";
}
elsif ($standalone == 2)
{
+ $ret.="\n";
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
@@ -379,6 +381,7 @@ sub do_link_rule
}
else
{
+ $ret.="\n";
$ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";

Kurt Roeckx

unread,

Oct 3, 2015, 7:36:18 AM10/3/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 6b247c181726e7dd3744570b850c0cef60776c55 (commit)
from d62c64b947ae96463a331de005165c57966d2149 (commit)

- Log -----------------------------------------------------------------
commit 6b247c181726e7dd3744570b850c0cef60776c55
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue Sep 29 19:59:48 2015 +0200

Fix more d2i cases to properly update the input pointer

Thanks to David Benjamin <davi...@google.com> for pointing them out.

Reviewed-by: Steve Henson <st...@openssl.org>
MR #1198

(cherry picked from commit 605236f6a8fe0743af2f63d93239a74c69dae137)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/d2i_pr.c | 8 +++++---
crypto/asn1/x_x509.c | 4 +---
2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 314f4e3..d21829a 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
EVP_PKEY_free(ret);
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
-
+ if (ret == NULL)
+ goto err;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
@@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret != NULL)
- *pp = p;
+ if (ret == NULL)
+ return NULL;

+ *pp = p;
if (a) {
*a = ret;
}

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 63c15e8..e2cac83 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -186,9 +186,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)

return NULL;
/* update length */

length -= q - *pp;

- if (!length)
- return ret;
- if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
goto err;

*pp = q;
return ret;

Matt Caswell

unread,

Oct 5, 2015, 3:00:07 PM10/5/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 61dfe3a720b37efe97fa5de23ceadd17ce47518d (commit)
via 184718baabed00fecbc89fdd84b44014fcd6c444 (commit)
from 6b247c181726e7dd3744570b850c0cef60776c55 (commit)

- Log -----------------------------------------------------------------
commit 61dfe3a720b37efe97fa5de23ceadd17ce47518d
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Oct 5 14:12:05 2015 +0100

Change functions to pass in a limit rather than calculate it

Some extension handling functions were passing in a pointer to the start
of the data, plus the length in order to calculate the end, rather than
just passing in the end to start with. This change makes things a little
more readable.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 184718baabed00fecbc89fdd84b44014fcd6c444
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Fri Oct 2 14:38:30 2015 +0200

Validate ClientHello extension field length

RT#4069

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 2 +-
ssl/ssl_locl.h | 2 +-
ssl/t1_lib.c | 36 ++++++++++++++++++------------------
3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index acd3b9e..a355fde 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1231,7 +1231,7 @@ int ssl3_get_client_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions */
if (s->version >= SSL3_VERSION) {
- if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {
+ if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
goto err;
}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6c2c551..1caf83b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1366,7 +1366,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
- unsigned char *d, int n);
+ unsigned char *limit);
int tls1_set_server_sigalgs(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 210a5e8..ba09848 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* 10.8..10.8.3 (which don't work).
*/
static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const unsigned char *d, int n)
+ const unsigned char *limit)
{
unsigned short type, size;
static const unsigned char kSafariExtensionsBlock[] = {
@@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
0x02, 0x03, /* SHA-1/ECDSA */
};

- if (data >= (d + n - 2))
+ if (data >= (limit - 2))
return;
data += 2;

- if (data > (d + n - 4))
+ if (data > (limit - 4))
return;
n2s(data, type);
n2s(data, size);
@@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
if (type != TLSEXT_TYPE_server_name)
return;

- if (data + size > d + n)
+ if (data + size > limit)
return;
data += size;

@@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);

- if (data + len1 + len2 != d + n)
+ if (data + len1 + len2 != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
return;
@@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
} else {
const size_t len = sizeof(kSafariExtensionsBlock);

- if (data + len != d + n)
+ if (data + len != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
return;
@@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
}

static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- unsigned char *d, int n, int *al)
+ unsigned char *limit, int *al)
{
unsigned short type;
unsigned short size;
@@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

# ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- ssl_check_for_safari(s, data, d, n);
+ ssl_check_for_safari(s, data, limit);
# endif /* !OPENSSL_NO_EC */

/* Clear any signature algorithms extension received */
@@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

s->srtp_profile = NULL;

- if (data == d + n)
+ if (data == limit)
goto ri_check;

- if (data > (d + n - 2))
+ if (data > (limit - 2))
goto err;

n2s(data, len);

- if (data > (d + n - len))
+ if (data + len != limit)
goto err;

- while (data <= (d + n - 4)) {
+ while (data <= (limit - 4)) {
n2s(data, type);
n2s(data, size);

- if (data + size > (d + n))
+ if (data + size > (limit))
goto err;
# if 0
fprintf(stderr, "Received extension type %d size %d\n", type, size);
@@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}

/* Spurious data on the end */
- if (data != d + n)
+ if (data != limit)
goto err;

*p = data;
@@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
return 1;
}

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
- int n)
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
+ unsigned char *limit)
{
int al = -1;
unsigned char *ptmp = *p;
@@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
* switch the parent context using SSL_set_SSL_CTX and custom extensions
* need to be handled by the new SSL_CTX structure.
*/
- if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) {
+ if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
}
@@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}

custom_ext_init(&s->cert->srv_ext);
- if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) {
+ if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;

Dr. Stephen Henson

unread,

Oct 6, 2015, 10:19:39 AM10/6/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cba874539596a3f6563c4b462793a99965bcf1e1 (commit)
from 61dfe3a720b37efe97fa5de23ceadd17ce47518d (commit)

- Log -----------------------------------------------------------------
commit cba874539596a3f6563c4b462793a99965bcf1e1

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Oct 6 14:15:14 2015 +0100

Don't try and parse boolean type.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit e58c4d3cdde7a0a01df2884bfeec31a2b07be22d)

-----------------------------------------------------------------------

Summary of changes:
apps/asn1pars.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 11b0787..0a6b990 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;

Kurt Roeckx

unread,

Oct 7, 2015, 2:40:51 PM10/7/15

to

The branch OpenSSL_1_0_2-stable has been updated

via cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52 (commit)
via 738b8e6bc2331ae9230411d88b8a100614f80457 (commit)
via 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31 (commit)
from cba874539596a3f6563c4b462793a99965bcf1e1 (commit)

- Log -----------------------------------------------------------------
commit cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52
Author: Pascal Cuoq <cu...@trust-in-soft.com>
Date: Tue May 5 11:20:39 2015 +0200

Move BN_CTX_start() call so the error case can always call BN_CTX_end().

Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1231

(cherry picked from commit 99c203337574d967c86ffbfa13f40ace51048485)

commit 738b8e6bc2331ae9230411d88b8a100614f80457
Author: Pascal Cuoq <cu...@trust-in-soft.com>
Date: Wed May 6 09:55:28 2015 +0200

Properly check return type of DH_compute_key()

It returns -1 on error, not 0.

Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1231

(cherry picked from commit d6e92c0bd6c36fc68291e79ef5753fd7f0420695)

commit 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31
Author: Pascal Cuoq <cu...@trust-in-soft.com>
Date: Wed May 6 11:31:27 2015 +0200

Set flags to 0 before calling BN_with_flags()

BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.

Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1231

(cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_gcd.c | 2 ++
crypto/dh/dhtest.c | 4 ++--
crypto/dsa/dsa_gen.c | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab..ce59fe7 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
+ local_B.flags = 0;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, pB, A, ctx))
goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
+ local_A.flags = 0;
BN_with_flags(pA, A, BN_FLG_CONSTTIME);

/* (D, M) := (A/B, A%B) ... */
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index c9dd76b..6fe8ff4 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -533,9 +533,9 @@ static int run_rfc5114_tests(void)
* Work out shared secrets using both sides and compare with expected
* values.
*/
- if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+ if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1)
goto bad_err;
- if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+ if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1)
goto bad_err;

if (memcmp(Z1, td->Z, td->Z_len))
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 9d3b59e..6bc86dd 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -179,10 +179,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

if ((ctx = BN_CTX_new()) == NULL)
goto err;

+ BN_CTX_start(ctx);
+
if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;

- BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);

Rich Salz

unread,

Oct 7, 2015, 4:43:01 PM10/7/15

to

The branch OpenSSL_1_0_2-stable has been updated

via bb7b893d7c36803d8c5d4ca82a5a037c5fc111b9 (commit)
from cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52 (commit)

- Log -----------------------------------------------------------------
commit bb7b893d7c36803d8c5d4ca82a5a037c5fc111b9
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Wed Oct 7 16:40:37 2015 -0400

Fix travis 1.0.2 builds

Disable -Wshadow error when building with GCC
Add support for linu-x86_64-clang debug; this is needed for Travis CI.
Disable linux-clang and mingw debug builds on Travis CI; not supported.
Fix Travis email notifications config

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 12 ++++++++----
Configure | 1 +
2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 3125363..b88eb3a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,6 +26,10 @@ matrix:
compiler: i686-w64-mingw32-gcc
- os: osx
compiler: x86_64-w64-mingw32-gcc
+ - compiler: i686-w64-mingw32-gcc
+ env: CONFIG_OPTS="-d --strict-warnings"
+ - compiler: x86_64-w64-mingw32-gcc
+ env: CONFIG_OPTS="-d --strict-warnings"

before_script:

- if [ "$CC" == i686-w64-mingw32-gcc ]; then

@@ -35,6 +39,9 @@ before_script:

export CROSS_COMPILE=${CC%%gcc}; unset CC;

./Configure mingw64 $CONFIG_OPTS;
else
+ if [ "$CC" == gcc ]; then
+ export CONFIG_OPTS="$CONFIG_OPTS -Wno-error=shadow";
+ fi;
./config $CONFIG_OPTS;
fi

@@ -43,8 +50,5 @@ script:

- if [ -z "$CROSS_COMPILE" ]; then make test; fi

notifications:
- recipient:

- - openssl...@openssl.org

email:
- on_success: change
- on_failure: always

+ - openssl...@openssl.org
diff --git a/Configure b/Configure
index d99eed7..81b263f 100755
--- a/Configure
+++ b/Configure
@@ -416,6 +416,7 @@ my %table=(
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",

Richard Levitte

unread,

Oct 8, 2015, 6:41:27 AM10/8/15

to

The branch OpenSSL_1_0_2-stable has been updated

via b00424792f293b49e5e581aa36a9c826d1d2d508 (commit)
from bb7b893d7c36803d8c5d4ca82a5a037c5fc111b9 (commit)

- Log -----------------------------------------------------------------
commit b00424792f293b49e5e581aa36a9c826d1d2d508
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Oct 8 11:53:07 2015 +0200

When ENGINE_add finds that id or name is missing, actually return

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 5850cc75ea0c1581a9034390f1ca77cadc596238)

-----------------------------------------------------------------------

Summary of changes:
crypto/engine/eng_list.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 3384e31..83c95d5 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -260,6 +260,7 @@ int ENGINE_add(ENGINE *e)
}
if ((e->id == NULL) || (e->name == NULL)) {
ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+ return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (!engine_list_add(e)) {

Matt Caswell

unread,

Oct 8, 2015, 9:19:19 AM10/8/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 985abd1fd8aa24ef1bbf6adcf1923d07b35fa246 (commit)
from b00424792f293b49e5e581aa36a9c826d1d2d508 (commit)

- Log -----------------------------------------------------------------
commit 985abd1fd8aa24ef1bbf6adcf1923d07b35fa246
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Oct 8 13:36:10 2015 +0100

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)

-----------------------------------------------------------------------

Summary of changes:
crypto/rsa/rsa_sign.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 19461c6..82ca832 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
- } else if (memcmp(m, s + 2, 16))
+ } else if (memcmp(m, s + 2, 16)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- else
+ } else {
ret = 1;
- }
-
- /* Special case: SSL signature */
- if (dtype == NID_md5_sha1) {
+ }
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else

Dr. Stephen Henson

unread,

Oct 10, 2015, 7:50:27 PM10/10/15

to

The branch OpenSSL_1_0_2-stable has been updated

via 6868346585f38066de4610b516346a18a98a8427 (commit)
from 985abd1fd8aa24ef1bbf6adcf1923d07b35fa246 (commit)

- Log -----------------------------------------------------------------
commit 6868346585f38066de4610b516346a18a98a8427

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Oct 11 00:06:56 2015 +0100

Typo.

PR#4079

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit c69ce9351336f5b4a8b33890756b3fd185528210)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/e_des3.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 96f272e..bf6c1d2 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -289,7 +289,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
# endif
# ifdef EVP_CHECK_DES_KEY
if (DES_set_key_checked(&deskey[0], &dat->ks1)
- ! !DES_set_key_checked(&deskey[1], &dat->ks2))
+ || DES_set_key_checked(&deskey[1], &dat->ks2))
return 0;
# else
DES_set_key_unchecked(&deskey[0], &dat->ks1);

Ben Laurie

unread,

Oct 12, 2015, 8:26:45 AM10/12/15

to

How did that ever compile? Is EVP_CHECK_DES_KEY ever set?

Benjamin Kaduk

unread,

Oct 12, 2015, 11:27:29 AM10/12/15

to

I would guess that no one has ever set EVP_CHECK_DES_KEY during the 11 years the code has been around (since commit 216659eb87485402a8e861a6de77233d1f5d7425), so maybe that code should just be removed. Sorry I didn't mention that in the ticket; I was in the middle of something else at the time but wanted to note the issue while it was in front of me. -Ben

Rich Salz

unread,

Oct 13, 2015, 4:10:32 PM10/13/15

to

The branch OpenSSL_1_0_2-stable has been updated

via bf9d61d1abfc4d36562aa799cd9dc59c7bb46e57 (commit)
from 6868346585f38066de4610b516346a18a98a8427 (commit)

- Log -----------------------------------------------------------------
commit bf9d61d1abfc4d36562aa799cd9dc59c7bb46e57
Author: Peter Mosmans <sup...@go-forward.net>
Date: Tue May 27 23:26:11 2014 +0100

RT3346: Fix test_bn regexp for Windows using MSYS.

(cherry picked from commit 028bac0670c167f154438742eb4d0fbed73df209)

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/Makefile | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Makefile b/test/Makefile
index 80aeccf..8cbb5ad 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -245,7 +245,7 @@ test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
@echo quit >>tmp.bntest
@echo "running bc"
- @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+ @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0\r?$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
@echo 'test a^b%c implementations'
../util/shlib_wrap.sh ./$(EXPTEST)

Dr. Stephen Henson

unread,

Oct 13, 2015, 6:03:24 PM10/13/15

to

The branch OpenSSL_1_0_2-stable has been updated

via a20d9422cf7a516cd576be8f91fe90738459ef42 (commit)
from bf9d61d1abfc4d36562aa799cd9dc59c7bb46e57 (commit)

- Log -----------------------------------------------------------------
commit a20d9422cf7a516cd576be8f91fe90738459ef42

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Oct 12 21:14:04 2015 +0100

RFC5753 compliance.

RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit 4ec36aff2a3c221b640dafa56ac838312e6724f4)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/evp_lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index d2c9ae4..7e0bab9 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -74,7 +74,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
switch (EVP_CIPHER_CTX_mode(c)) {
case EVP_CIPH_WRAP_MODE:
- ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
+ if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
+ ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
ret = 1;
break;

Emilia Kasper

unread,

Oct 14, 2015, 1:11:52 PM10/14/15

to

The branch OpenSSL_1_0_2-stable has been updated

via c97c7f8d53dda12f4fda24fc7542281999df97f6 (commit)
from a20d9422cf7a516cd576be8f91fe90738459ef42 (commit)

- Log -----------------------------------------------------------------
commit c97c7f8d53dda12f4fda24fc7542281999df97f6
Author: Emilia Kasper <emi...@openssl.org>
Date: Fri Oct 9 20:00:53 2015 +0200

make depend: prefer clang over makedepend

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
Configure | 6 ++++--
util/domd | 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Configure b/Configure
index 81b263f..e374a69 100755
--- a/Configure
+++ b/Configure
@@ -1647,10 +1647,11 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}

+my $ecc = $cc;
+$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+
if ($strict_warnings)
{
- my $ecc = $cc;
- $ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my $wopt;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
@@ -1714,6 +1715,7 @@ while (<IN>)
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
diff --git a/util/domd b/util/domd
index bab48cb..6a628c7 100755
--- a/util/domd
+++ b/util/domd
@@ -14,7 +14,8 @@ if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
cp Makefile Makefile.save
# fake the presence of Kerberos
touch $TOP/krb5.h
-if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then
+if ${MAKEDEPEND} --version 2>&1 | grep -q "clang" ||
+ echo $MAKEDEPEND | grep -q "gcc"; then
args=""
while [ $# -gt 0 ]; do
if [ "$1" != "--" ]; then args="$args $1"; fi

Dr. Stephen Henson

unread,

Oct 15, 2015, 10:39:21 AM10/15/15

Rich Salz

Rich Salz

Emilia Kasper

Matt Caswell

Rich Salz

Rich Salz

Matt Caswell

Dr. Stephen Henson

Rich Salz

Rich Salz

Rich Salz

Rich Salz

Matt Caswell

Rich Salz

Rich Salz

Matt Caswell

Matt Caswell

Dr. Stephen Henson

Rich Salz

Rich Salz

Dr. Stephen Henson

Dr. Stephen Henson

Rich Salz

Richard Levitte

Rich Salz

Rich Salz

Rich Salz

Matt Caswell

Rich Salz

Rich Salz

Rich Salz

Rich Salz

Rich Salz

Rich Salz

Rich Salz

Emilia Kasper

Richard Levitte

Emilia Kasper

Rich Salz

Rich Salz

Richard Levitte

Emilia Kasper

Emilia Kasper

Matt Caswell

Matt Caswell

Matt Caswell

Matt Caswell

Rich Salz

Viktor Dukhovni

Rich Salz

Dr. Stephen Henson

Rich Salz

Emilia Kasper

Dr. Stephen Henson

Dr. Stephen Henson

Dr. Stephen Henson

Dr. Stephen Henson

Kurt Roeckx

Rich Salz

Rich Salz

Dr. Stephen Henson

Kurt Roeckx

Emilia Kasper

Emilia Kasper

Matt Caswell

Rich Salz

Viktor Dukhovni

Dr. Stephen Henson

Matt Caswell

Rich Salz

Rich Salz

Rich Salz

Emilia Kasper

Rich Salz

Rich Salz

Dr. Stephen Henson

Emilia Kasper

Rich Salz

Dr. Stephen Henson