[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated
via 728432aed0f8e0c8b86df0724c9fde76659bc54b (commit)
via 8e75dcf58705dbf29f37bfa9725ef6cde49c0c8a (commit)
from 396a2dc07177a14284dba194cb6dfda4f3785681 (commit)


- Log -----------------------------------------------------------------
commit 728432aed0f8e0c8b86df0724c9fde76659bc54b
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jul 27 13:30:43 2015 +0100

Fix SSL_set_session_ticket_ext when used with SSLv23_method

The function SSL_set_session_ticket_ext can be used to set custom session
ticket data passed in the initial ClientHello. This can be particularly
useful for EAP-FAST. However, when using SSLv23_method, the session does
not get created until the ServerHello has been received. The extension code
will only add the SessionTicket data to the ClientHello if a session already
exists. Therefore SSL_set_session_ticket_ext has no impact when used in
conjunction with SSLv23_method. The solution is to simply create the session
during creation of the ClientHello instead of waiting for the ServerHello.

This commit fixes the test failure introduced by the previous commit.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

commit 8e75dcf58705dbf29f37bfa9725ef6cde49c0c8a
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jul 27 12:04:47 2015 +0100

Add test for SSL_set_session_ticket_ext

The function SSL_set_session_ticket_ext sets the ticket data to be sent in
the ClientHello. This is useful for EAP-FAST. This commit adds a test to
ensure that when this function is called the expected ticket data actually
appears in the ClientHello.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/Makefile | 2 +-
ssl/clienthellotest.c | 218 ++++++++++++++++++++++++++++++++++++++++++++++++++
ssl/s23_clnt.c | 19 ++---
ssl/ssl3.h | 2 +
test/Makefile | 39 ++++++++-
5 files changed, 261 insertions(+), 19 deletions(-)
create mode 100644 ssl/clienthellotest.c

diff --git a/ssl/Makefile b/ssl/Makefile
index 29d9e45..ad14abb 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -15,7 +15,7 @@ KRB5_INCLUDES=
CFLAGS= $(INCLUDES) $(CFLAG)

GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c heartbeat_test.c
+TEST=ssltest.c heartbeat_test.c clienthellotest.c
APPS=

LIB=$(TOP)/libssl.a
diff --git a/ssl/clienthellotest.c b/ssl/clienthellotest.c
new file mode 100644
index 0000000..a00a7ea
--- /dev/null
+++ b/ssl/clienthellotest.c
@@ -0,0 +1,218 @@
+/* Written by Matt Caswell for the OpenSSL Project */
+/* ====================================================================
+ * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openss...@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (e...@cryptsoft.com). This product includes software written by Tim
+ * Hudson (t...@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+#define CLIENT_VERSION_LEN 2
+#define SESSION_ID_LEN_LEN 1
+#define CIPHERS_LEN_LEN 2
+#define COMPRESSION_LEN_LEN 1
+#define EXTENSIONS_LEN_LEN 2
+#define EXTENSION_TYPE_LEN 2
+#define EXTENSION_SIZE_LEN 2
+
+
+#define TOTAL_NUM_TESTS 2
+
+/*
+ * Test that explicitly setting ticket data results in it appearing in the
+ * ClientHello for TLS1.2
+ */
+#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0
+
+/*
+ * Test that explicitly setting ticket data results in it appearing in the
+ * ClientHello for a negotiated SSL/TLS version
+ */
+#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1
+
+int main(int argc, char *argv[])
+{
+ SSL_CTX *ctx;
+ SSL *con;
+ BIO *rbio;
+ BIO *wbio;
+ BIO *err;
+ long len;
+ unsigned char *data;
+ unsigned char *dataend;
+ char *dummytick = "Hello World!";
+ unsigned int tmplen;
+ unsigned int type;
+ unsigned int size;
+ int testresult = 0;
+ int currtest = 0;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ /*
+ * For each test set up an SSL_CTX and SSL and see what ClientHello gets
+ * produced when we try to connect
+ */
+ for (; currtest < TOTAL_NUM_TESTS; currtest++) {
+ testresult = 0;
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) {
+ ctx = SSL_CTX_new(TLSv1_2_method());
+ } else {
+ ctx = SSL_CTX_new(SSLv23_method());
+ }
+ con = SSL_new(ctx);
+
+ rbio = BIO_new(BIO_s_mem());
+ wbio = BIO_new(BIO_s_mem());
+ SSL_set_bio(con, rbio, wbio);
+ SSL_set_connect_state(con);
+
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
+ || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+ if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
+ goto end;
+ }
+
+ if (SSL_connect(con) > 0) {
+ /* This shouldn't succeed because we don't have a server! */
+ goto end;
+ }
+
+ len = BIO_get_mem_data(wbio, (char **)&data);
+ dataend = data + len;
+
+ /* Skip the record header */
+ data += SSL3_RT_HEADER_LENGTH;
+ /* Skip the handshake message header */
+ data += SSL3_HM_HEADER_LENGTH;
+ /* Skip client version and random */
+ data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE;
+ if (data + SESSION_ID_LEN_LEN > dataend)
+ goto end;
+ /* Skip session id */
+ tmplen = *data;
+ data += SESSION_ID_LEN_LEN + tmplen;
+ if (data + CIPHERS_LEN_LEN > dataend)
+ goto end;
+ /* Skip ciphers */
+ tmplen = ((*data) << 8) | *(data + 1);
+ data += CIPHERS_LEN_LEN + tmplen;
+ if (data + COMPRESSION_LEN_LEN > dataend)
+ goto end;
+ /* Skip compression */
+ tmplen = *data;
+ data += COMPRESSION_LEN_LEN + tmplen;
+ if (data + EXTENSIONS_LEN_LEN > dataend)
+ goto end;
+ /* Extensions len */
+ tmplen = ((*data) << 8) | *(data + 1);
+ data += EXTENSIONS_LEN_LEN;
+ if (data + tmplen > dataend)
+ goto end;
+
+ /* Loop through all extensions */
+ while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) {
+ type = ((*data) << 8) | *(data + 1);
+ data += EXTENSION_TYPE_LEN;
+ size = ((*data) << 8) | *(data + 1);
+ data += EXTENSION_SIZE_LEN;
+ if (data + size > dataend)
+ goto end;
+
+ if (type == TLSEXT_TYPE_session_ticket) {
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
+ || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+ if (size == strlen(dummytick)
+ && memcmp(data, dummytick, size) == 0) {
+ /* Ticket data is as we expected */
+ testresult = 1;
+ } else {
+ printf("Received session ticket is not as expected\n");
+ }
+ break;
+ }
+ }
+
+ tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size;
+ data += size;
+ }
+
+ end:
+ SSL_free(con);
+ SSL_CTX_free(ctx);
+ if (!testresult) {
+ printf("ClientHello test: FAILED (Test %d)\n", currtest);
+ break;
+ }
+ }
+
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ CRYPTO_mem_leaks(err);
+
+ return testresult?0:1;
+}
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 3766567..fc344b9 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -373,12 +373,13 @@ static int ssl23_client_hello(SSL *s)

buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-#if 0
- /* don't reuse session-id's */
+ /*
+ * Since we're sending s23 client hello, we're not reusing a session, as
+ * we'd be using the method from the saved session instead
+ */
if (!ssl_get_new_session(s, 0)) {
- return (-1);
+ return -1;
}
-#endif

p = s->s3->client_random;
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
@@ -439,9 +440,6 @@ static int ssl23_client_hello(SSL *s)
/*
* put in the session-id length (zero since there is no reuse)
*/
-#if 0
- s->session->session_id_length = 0;
-#endif
s2n(0, d);

if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
@@ -784,13 +782,6 @@ static int ssl23_get_server_hello(SSL *s)
}
s->init_num = 0;

- /*
- * Since, if we are sending a ssl23 client hello, we are not reusing a
- * session-id
- */
- if (!ssl_get_new_session(s, 0))
- goto err;
-
return (SSL_connect(s));
err:
return (-1);
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 2dd5462..e9b1170 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -263,6 +263,8 @@ extern "C" {
# define SSL3_SESSION_ID_SIZE 32
# define SSL3_RT_HEADER_LENGTH 5

+# define SSL3_HM_HEADER_LENGTH 4
+
# ifndef SSL3_ALIGN_PAYLOAD
/*
* Some will argue that this increases memory footprint, but it's not
diff --git a/test/Makefile b/test/Makefile
index eca1400..522af50 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -67,6 +67,7 @@ ASN1TEST= asn1test
HEARTBEATTEST= heartbeat_test
CONSTTIMETEST= constant_time_test
VERIFYEXTRATEST= verify_extra_test
+CLIENTHELLOTEST= clienthellotest

TESTS= alltests

@@ -78,7 +79,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT)
+ $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
+ $(CLIENTHELLOTEST)$(EXE_EXT)

# $(METHTEST)$(EXE_EXT)

@@ -91,7 +93,8 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \
- $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o
+ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \
+ $(CLIENTHELLOTEST).o

SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -101,7 +104,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
- $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c
+ $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \
+ $(CLIENTHELLOTEST).c

EXHEADER=
HEADER= $(EXHEADER)
@@ -144,7 +148,8 @@ alltests: \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra
+ test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra \
+ test_clienthello

test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -339,6 +344,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)

+test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST)
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff

@@ -510,6 +519,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
@target=$(VERIFYEXTRATEST) $(BUILD_CMD)

+$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+ @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

@@ -555,6 +567,25 @@ bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
casttest.o: ../include/openssl/opensslconf.h casttest.c
+clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+clienthellotest.o: ../include/openssl/opensslconf.h
+clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+clienthellotest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+clienthellotest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+clienthellotest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+clienthellotest.o: clienthellotest.c
constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h
constant_time_test.o: ../include/openssl/e_os2.h
constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 372e74903e8e0553f507215cea544ff6805fdda3 (commit)
from 728432aed0f8e0c8b86df0724c9fde76659bc54b (commit)


- Log -----------------------------------------------------------------
commit 372e74903e8e0553f507215cea544ff6805fdda3
Author: Rich Salz <rs...@akamai.com>
Date: Tue Jul 28 12:41:36 2015 -0400

Tweak README about rt and bug reporting.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b)

-----------------------------------------------------------------------

Summary of changes:
README | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/README b/README
index c3db93a..e851aff 100644
--- a/README
+++ b/README
@@ -164,16 +164,23 @@
Report the bug to the OpenSSL project via the Request Tracker
(http://www.openssl.org/support/rt.html) by mail to:

- openss...@openssl.org
+ r...@openssl.org

- Note that the request tracker should NOT be used for general assistance
- or support queries. Just because something doesn't work the way you expect
- does not mean it is necessarily a bug in OpenSSL.
+ In order to avoid spam, this is a moderated mailing list, and it might
+ take a day for the ticket to show up. (We also scan posts to make sure
+ that security disclosures aren't publically posted by mistake.) Mail to
+ this address is recorded in the public RT (request tracker) database (see
+ https://www.openssl.org/support/rt.html for details) and also forwarded
+ the public openssl-dev mailing list. Confidential mail may be sent to
+ openssl-...@openssl.org (PGP key available from the key servers).

- Note that mail to openss...@openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-...@openssl.org
- (PGP key available from the key servers).
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL.
+
+ You can also make GitHub pull requests. If you do this, please also send
+ mail to r...@openssl.org with a link to the PR so that we can more easily
+ keep track of it.

HOW TO CONTRIBUTE TO OpenSSL
----------------------------
@@ -190,11 +197,10 @@
reason as to why that feature isn't implemented.

Patches should be as up to date as possible, preferably relative to the
- current Git or the last snapshot. They should follow the coding style of
- OpenSSL and compile without warnings. Some of the core team developer targets
- can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
- compiles on many varied platforms: try to ensure you only use portable
- features.
+ current Git or the last snapshot. They should follow our coding style
+ (see http://openssl.org/about/codingstyle.txt) and compile without
+ warnings using the --strict-warnings flag. OpenSSL compiles on many
+ varied platforms: try to ensure you only use portable features.

Note: For legal reasons, contributions from the US can be accepted only
if a TSU notification and a copy of the patch are sent to cr...@bis.doc.gov

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e (commit)
from 372e74903e8e0553f507215cea544ff6805fdda3 (commit)


- Log -----------------------------------------------------------------
commit 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e
Author: Martin Vejnar <Martin...@avg.com>
Date: Wed Jul 29 17:28:19 2015 -0400

RT3774: double-free in DSA

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit fa4629b6a2518d202fd051f228c3d8770682b3be)

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_ameth.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index a2840ea..6ddef45 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -318,6 +318,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
dplen = i2d_ASN1_INTEGER(prkey, &dp);

ASN1_STRING_clear_free(prkey);
+ prkey = NULL;

if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
V_ASN1_SEQUENCE, params, dp, dplen))

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 5030cc69ffd6137d3d3f2b221c3313042940c1fd (commit)
from 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e (commit)


- Log -----------------------------------------------------------------
commit 5030cc69ffd6137d3d3f2b221c3313042940c1fd
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed Jul 29 16:16:02 2015 +0100

use X9.31 keygen by default in FIPS mode

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7)

-----------------------------------------------------------------------

Summary of changes:
crypto/rsa/rsa_gen.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 2465fbd..7f7dca3 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -69,6 +69,8 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
#endif

static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
#ifdef OPENSSL_FIPS
if (FIPS_mode())
- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb);

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 1a9a506cfbb3a57215dae72aadab8943b977bcf7 (commit)
from 5030cc69ffd6137d3d3f2b221c3313042940c1fd (commit)


- Log -----------------------------------------------------------------
commit 1a9a506cfbb3a57215dae72aadab8943b977bcf7
Author: Loganaden Velvindron <loga...@gmail.com>
Date: Fri Jul 31 13:20:16 2015 -0400

Clear BN-mont values when free'ing it.

From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
(cherry picked from commit 1a586b3942de1c0bd64203d09385d5e74f499d8d)

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_mont.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index aadd5db..aafd1b8 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -361,9 +361,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
if (mont == NULL)
return;

- BN_free(&(mont->RR));
- BN_free(&(mont->N));
- BN_free(&(mont->Ni));
+ BN_clear_free(&(mont->RR));
+ BN_clear_free(&(mont->N));
+ BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
OPENSSL_free(mont);

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 556803fc3d0c3a957056665d0eef1c6c80cf556e (commit)
from 1a9a506cfbb3a57215dae72aadab8943b977bcf7 (commit)


- Log -----------------------------------------------------------------
commit 556803fc3d0c3a957056665d0eef1c6c80cf556e
Author: Dirk Wetter <di...@testssl.sh>
Date: Fri Jul 31 13:02:51 2015 -0400

GH336: Return an exit code if report fails

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit e36ce2d986a5edbd33d6d176fb95c8046fae9725)

-----------------------------------------------------------------------

Summary of changes:
util/selftest.pl | 1 +

1 file changed, 1 insertion(+)

diff --git a/util/selftest.pl b/util/selftest.pl
index 7b32e9f..59842ef 100644
--- a/util/selftest.pl
+++ b/util/selftest.pl
@@ -199,3 +199,4 @@ while (<IN>) {
}
print "\nTest report in file $report\n";

+die if $ok != 2;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 507ea77b82f99af8cdae22bebb49fb2772d95330 (commit)
from 556803fc3d0c3a957056665d0eef1c6c80cf556e (commit)


- Log -----------------------------------------------------------------
commit 507ea77b82f99af8cdae22bebb49fb2772d95330
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 9 16:37:54 2015 +0100

Fix warning when compiling with no-ec2m

EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(cherry picked from commit 8d11b7c7ee84ad0aa243476088285d15b22c5470)

-----------------------------------------------------------------------

Summary of changes:
crypto/ec/ec_key.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 55ce3fe..c784b6f 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -366,7 +366,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
- int ok = 0, tmp_nid, is_char_two = 0;
+ int ok = 0;
+#ifndef OPENSSL_NO_EC2M
+ int tmp_nid, is_char_two = 0;
+#endif

if (!key || !key->group || !x || !y) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
@@ -382,14 +385,15 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
if (!point)
goto err;

+ tx = BN_CTX_get(ctx);
+ ty = BN_CTX_get(ctx);
+
+#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));

if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;

- tx = BN_CTX_get(ctx);
- ty = BN_CTX_get(ctx);
-#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via b11980d79a52ec08844f08bea0e66c04b691840b (commit)
via f15c99f4d4a96b692bdbb6f343c9112f2fa5a8ed (commit)
from 507ea77b82f99af8cdae22bebb49fb2772d95330 (commit)


- Log -----------------------------------------------------------------
commit b11980d79a52ec08844f08bea0e66c04b691840b
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 10 12:00:29 2015 +0100

Check for 0 modulus in BN_MONT_CTX_set

The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit f15c99f4d4a96b692bdbb6f343c9112f2fa5a8ed
Author: Guy Leaver (guleaver) <gule...@cisco.com>
Date: Fri Aug 7 15:45:21 2015 +0100

Fix seg fault with 0 p val in SKE

If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_mont.c | 3 +++
ssl/s3_clnt.c | 16 ++++++++++++++++
ssl/ssl.h | 3 +++
ssl/ssl_err.c | 3 +++
4 files changed, 25 insertions(+)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index aafd1b8..be95bd5 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
int ret = 0;
BIGNUM *Ri, *R;

+ if (BN_is_zero(mod))
+ return 0;
+
BN_CTX_start(ctx);
if ((Ri = BN_CTX_get(ctx)) == NULL)
goto err;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 35ad121..c89564b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1624,6 +1624,12 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;

+ if (BN_is_zero(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+ goto f_err;
+ }
+
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1644,6 +1650,11 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;

+ if (BN_is_zero(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1665,6 +1676,11 @@ int ssl3_get_key_exchange(SSL *s)
p += i;
n -= param_len;

+ if (BN_is_zero(dh->pub_key)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
+ goto f_err;
+ }
+
# ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey =
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d2ab0c0..d9657eb 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2465,8 +2465,11 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DH_P_VALUE 395
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 88621b7..26f149e 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -369,8 +369,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"bad data returned by callback"},
{ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
{ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+ {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
{ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+ {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
{ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 396e30044910df29b81a416de42a94eb4355cd70 (commit)
via 402634f8aaf2f2c83b2cc648a0ae376247b029f4 (commit)
from b11980d79a52ec08844f08bea0e66c04b691840b (commit)


- Log -----------------------------------------------------------------
commit 396e30044910df29b81a416de42a94eb4355cd70
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 11 19:38:39 2015 +0100

Fix "make test" seg fault with SCTP enabled

When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.

This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit f75d5171be0b3b5419c8974133e1573cf976a8bb)

commit 402634f8aaf2f2c83b2cc648a0ae376247b029f4
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 11 19:36:43 2015 +0100

Fix missing return value checks in SCTP

There are some missing return value checks in the SCTP code. In master this
was causing a compilation failure when config'd with
"--strict-warnings sctp".

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit d8e8590ed90eba6ef651d09d77befb14f980de2c)

-----------------------------------------------------------------------

Summary of changes:
ssl/d1_both.c | 7 +++++--
ssl/d1_clnt.c | 16 ++++++++++++----
ssl/d1_srvr.c | 18 +++++++++++++-----
3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 8dd8ea3..d453c07 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1490,9 +1490,12 @@ int dtls1_shutdown(SSL *s)
{
int ret;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+ BIO *wbio;
+
+ wbio = SSL_get_wbio(s);
+ if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+ ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0)
return -1;

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 377c1e6..a9c4ed0 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -350,11 +350,15 @@ int dtls1_connect(SSL *s)
sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0,
- 0);
+ 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@@ -484,9 +488,13 @@ int dtls1_connect(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 41c7dc5..d716f0a 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -405,9 +405,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -628,9 +632,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 50e56c1d8c681b8e8a070487645370f0f7c1ee9e (commit)
via 2d172503687dd4c05193edf4d8242625fedc5806 (commit)
via aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2 (commit)
from 396e30044910df29b81a416de42a94eb4355cd70 (commit)


- Log -----------------------------------------------------------------
commit 50e56c1d8c681b8e8a070487645370f0f7c1ee9e

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Aug 1 15:38:11 2015 +0100

Return error for unsupported modes.

PR#3974
PR#3975

Reviewed-by: Matt Caswell <ma...@openssl.org>

Conflicts:
crypto/evp/evp_lib.c

commit 2d172503687dd4c05193edf4d8242625fedc5806

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Aug 1 15:37:44 2015 +0100

Fix memory leak if setup fails.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 891eac4604b5f05413e59602fae1f11136f4719a)

Conflicts:
crypto/cms/cms_enc.c

commit aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Aug 1 15:37:01 2015 +0100

Err isn't always malloc failure.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit a187e08d856690b5c1da3184d0ff560d572f893b)

Conflicts:
crypto/cms/cms_smime.c

-----------------------------------------------------------------------

Summary of changes:
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_smime.c | 2 +-
crypto/evp/evp_lib.c | 33 +++++++++++++++++++++++++++------
3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..b14b4b6 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
ok = 1;

err:
- if (ec->key && !keep_key) {
+ if (ec->key && (!keep_key || !ok)) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
ec->key = NULL;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8b37560..f45693a 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -714,7 +714,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
BIO *cmsbio;
int ret = 0;
if (!(cmsbio = CMS_dataInit(cms, dcont))) {
- CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index d4d2b4b..b16d623 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -67,9 +67,19 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_set_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_set_asn1_iv(c, type);
+ }
+ } else
ret = -1;
return (ret);
}
@@ -80,9 +90,20 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_get_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ break;
+ }
+ } else
ret = -1;
return (ret);

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 2cf51451f3a94be3fdf7d281b122eb74d72a839e (commit)
from 50e56c1d8c681b8e8a070487645370f0f7c1ee9e (commit)


- Log -----------------------------------------------------------------
commit 2cf51451f3a94be3fdf7d281b122eb74d72a839e

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Jun 17 01:13:40 2015 +0100

Update docs.

Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 2fd7fb99dba9f56fbcb7ee1686bef30c7aef4754)

-----------------------------------------------------------------------

Summary of changes:
doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 35 +++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
index 5955ee1..18fb2e2 100644
--- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -2,29 +2,39 @@

=head1 NAME

-SSL_CTX_add_extra_chain_cert - add certificate to chain
+SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
+extra chain certificates

=head1 SYNOPSIS

#include <openssl/ssl.h>

- long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);

=head1 DESCRIPTION

-SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
-chain presented together with the certificate. Several certificates
-can be added one after the other.
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
+certificates associated with B<ctx>. Several certificates can be added one
+after another.
+
+SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
+associated with B<ctx>.
+
+These functions are implemented as macros.

=head1 NOTES

-When constructing the certificate chain, the chain will be formed from
-these certificates explicitly specified. If no chain is specified,
-the library will try to complete the chain from the available CA
-certificates in the trusted CA storage, see
+When sending a certificate chain, extra chain certificates are sent in order
+following the end entity certificate.
+
+If no chain is specified, the library will try to complete the chain from the
+available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.

-The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
+freed by the library when the B<SSL_CTX> is destroyed. An application
+B<should not> free the B<x509> object.

=head1 RESTRICTIONS

@@ -36,8 +46,9 @@ function.

=head1 RETURN VALUES

-SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
-error stack to find out the reason for failure otherwise.
+SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
+1 on success and 0 for failure. Check out the error stack to find out the
+reason for failure.

=head1 SEE ALSO

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 2507c8cfb3664cfd9bf94e597e83afb4646451de (commit)
from 98e75c0b699eb4a1b68ed3f1ab44ec0cc4a7555d (commit)


- Log -----------------------------------------------------------------
commit 2507c8cfb3664cfd9bf94e597e83afb4646451de
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 17 18:10:16 2015 +0200

Add new types to indent.pro

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 3da9505dc02b0594633c73a11343f54bb5dbf536)

-----------------------------------------------------------------------

Summary of changes:
util/indent.pro | 16 ++++++++++++++++
1 file changed, 16 insertions(+)

diff --git a/util/indent.pro b/util/indent.pro
index e871431..4dcda5d 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -749,3 +749,19 @@
-T ssl_trace_tbl
-T _stdcall
-T tls12_lookup
+-T OPTIONS
+-T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 98e75c0b699eb4a1b68ed3f1ab44ec0cc4a7555d (commit)
from 2cf51451f3a94be3fdf7d281b122eb74d72a839e (commit)


- Log -----------------------------------------------------------------
commit 98e75c0b699eb4a1b68ed3f1ab44ec0cc4a7555d
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 18:38:24 2015 -0400

Move FAQ to the web.

Best hope of keeping current.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 4f46473a86c9e3741203b22d4d401a3763583494)

-----------------------------------------------------------------------

Summary of changes:
FAQ | 1041 +------------------------------------------------------------------
1 file changed, 2 insertions(+), 1039 deletions(-)

diff --git a/FAQ b/FAQ
index f8ea604..22c5cf7 100644
--- a/FAQ
+++ b/FAQ
@@ -1,1039 +1,2 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1e was released on Feb 11th, 2013.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/related/binaries.html> .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
- pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL. For information on intellectual
-property rights, please consult a lawyer. The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
- <URL: http://www.mail-archive.com/modssl...@modssl.org/msg16980.html>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA: 5,214,703 25/05/2010
-RC5: 5,724,428 03/03/2015
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<opens...@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <r...@openssl.org> (or its
-alias <openss...@openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.
-
-See also <URL: http://www.openssl.org/support/rt.html>
-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-...@openssl.org if you don't get a prompt reply at least
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads). On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries. If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
-and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
-and friends. This is described in the threads(3) manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
- Single Threaded /ML - MS VC++ often defaults to
- this for the release
- version of a new project.
- Debug Single Threaded /MLd - MS VC++ often defaults to
- this for the debug version
- of a new project.
- Multithreaded /MT
- Debug Multithreaded /MTd
- Multithreaded DLL /MD - OpenSSL defaults to this.
- Debug Multithreaded DLL /MDd
-
-Note that debug and release libraries are NOT interchangeable. If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we insist on the
-default /MD] can be deployed with application compiled with different
-option or even different compiler. But there is a catch! Instead of
-re-compiling OpenSSL toolkit, as you would have to with prior versions,
-you have to compile small C snippet with compiler and/or options of
-your choice. The snippet gets installed as
-<install-root>/include/openssl/applink.c and should be either added to
-your application project or simply #include-d in one [and only one]
-of your application source files. Failure to link this shim module
-into your application manifests itself as fatal "no OPENSSL_Applink"
-run-time error. An explicit reminder is due that in this situation
-[mixing compiler options] it is as important to add CRYPTO_malloc_init
-prior first call to OpenSSL.
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
- unsigned char *buf, *p;
- int len;
-
- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
- unsigned char *p;
- p = buf;
- p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure of NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-The cause is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
-can cause several problems such as being unable to read in an encrypted
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
-verifying certificates.
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data. One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-
-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
-versions, uniqueIdentifier was incorrectly used for X.509 certificates.
-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
-Change your code to use the new name when compiling against OpenSSL 0.9.7.
-
-
-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions. Currently these include following:
-
-Thread-local cleanup functions:
-
- ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
- ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
-* Why does Valgrind complain about the use of uninitialized data?
-
-When OpenSSL's PRNG routines are called to generate random numbers the supplied
-buffer contents are mixed into the entropy pool: so it technically does not
-matter whether the buffer is initialized at this point or not. Valgrind (and
-other test tools) will complain about this. When using Valgrind, make sure the
-OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
-to get rid of these warnings.
-
-
-* Why doesn't a memory BIO work when a file does?
-
-This can occur in several cases for example reading an S/MIME email message.
-The reason is that a memory BIO can do one of two things when all the data
-has been read from it.
-
-The default behaviour is to indicate that no more data is available and that
-the call should be retried, this is to allow the application to fill up the BIO
-again if necessary.
-
-Alternatively it can indicate that no more data is available and that EOF has
-been reached.
-
-If a memory BIO is to behave in the same way as a file this second behaviour
-is needed. This must be done by calling:
-
- BIO_set_mem_eof_return(bio, 0);
-
-See the manual pages for more details.
-
-
-* Where are the declarations and implementations of d2i_X509() etc?
-
-These are defined and implemented by macros of the form:
-
-
- DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
-
-The implementation passes an ASN1 "template" defining the structure into an
-ASN1 interpreter using generalised functions such as ASN1_item_d2i().
-
-
-===============================================================================
+The FAQ is now maintained on the web:
+ https://www.openssl.org/docs/faq.html

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via bedcd9385f05a88397b01651fa08158b8cef2d91 (commit)
from 2507c8cfb3664cfd9bf94e597e83afb4646451de (commit)

- Log -----------------------------------------------------------------
commit bedcd9385f05a88397b01651fa08158b8cef2d91
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 24 15:25:14 2015 -0400

GH372: Remove duplicate flags

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 32c5e0ba0f9097e9c788ed8402fcbf6646cd2c2d)

-----------------------------------------------------------------------

Summary of changes:
doc/apps/genrsa.pod | 6 ------
1 file changed, 6 deletions(-)

diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
index cb03d09..3dc9870 100644
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -10,12 +10,6 @@ B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 86de216da3ebea7f876a096e258cf4c9d219bc0a (commit)
from bedcd9385f05a88397b01651fa08158b8cef2d91 (commit)

- Log -----------------------------------------------------------------
commit 86de216da3ebea7f876a096e258cf4c9d219bc0a
Author: Markus Rinne <markus....@gmail.com>
Date: Mon Aug 24 16:20:13 2015 -0400

RT4019: Duplicate -hmac flag in dgst.pod

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
doc/apps/dgst.pod | 5 -----
1 file changed, 5 deletions(-)

diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 9e15798..b27bb94 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -13,7 +13,6 @@ B<openssl> B<dgst>
[B<-hex>]
[B<-binary>]
[B<-r>]
-[B<-hmac arg>]
[B<-non-fips-allow>]
[B<-out filename>]
[B<-sign filename>]
@@ -64,10 +63,6 @@ output the digest or signature in binary form.

output the digest in the "coreutils" format used by programs like B<sha1sum>.

-=item B<-hmac arg>
-
-set the HMAC key to "arg".
-
=item B<-non-fips-allow>

Allow use of non FIPS digest when in FIPS mode. This has no effect when not in

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via be8b8603d6789c1dcb058f167c8b54e3f4b928c9 (commit)
from 86de216da3ebea7f876a096e258cf4c9d219bc0a (commit)


- Log -----------------------------------------------------------------
commit be8b8603d6789c1dcb058f167c8b54e3f4b928c9
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Aug 13 10:06:30 2015 +0100

Fix DTLS session ticket renewal

A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit ee4ffd6fccd169775ba74afb1dbfecff48ee413d)

Conflicts:
ssl/d1_clnt.c

-----------------------------------------------------------------------

Summary of changes:
ssl/d1_clnt.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index a9c4ed0..20ed02c 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -366,6 +366,10 @@ int dtls1_connect(SSL *s)
#endif

s->state = SSL3_ST_CR_FINISHED_A;
+ if (s->tlsext_ticket_expected) {
+ /* receive renewed session ticket */
+ s->state = SSL3_ST_CR_SESSION_TICKET_A;
+ }
} else
s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via eb55a6f4558ce7a78647a21ac2ace8ddca7e7253 (commit)
from be8b8603d6789c1dcb058f167c8b54e3f4b928c9 (commit)


- Log -----------------------------------------------------------------
commit eb55a6f4558ce7a78647a21ac2ace8ddca7e7253
Author: Viktor Dukhovni <vik...@dukhovni.org>
Date: Wed Apr 23 21:58:30 2014 -0400

GH correct organizationalUnitName

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 208b2d541dcb3b8f62639d2a8cc5771af4ba8755)

-----------------------------------------------------------------------

Summary of changes:
doc/apps/req.pod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 0730d11..37ed377 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -490,7 +490,7 @@ be input by calling it "1.organizationName".
The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
-organizationUnitName, stateOrProvinceName. Additionally emailAddress
+organizationalUnitName, stateOrProvinceName. Additionally emailAddress
is include as well as name, surname, givenName initials and dnQualifier.

Additional object identifiers can be defined with the B<oid_file> or

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 80c25ba6764c797f52982d45a12414618d48524a (commit)
from eb55a6f4558ce7a78647a21ac2ace8ddca7e7253 (commit)


- Log -----------------------------------------------------------------
commit 80c25ba6764c797f52982d45a12414618d48524a
Author: David Brodski <b...@softing.com>
Date: Tue May 13 18:06:27 2014 +0200

Fixed problem with multiple load-unload of comp zlib

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Tim Hudson <t...@openssl.org>

(cherry picked from commit 8cbb153357896c4b224e0678550944f7851bc3b2)

-----------------------------------------------------------------------

Summary of changes:
crypto/comp/c_zlib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 6731af8..9c32614 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -404,8 +404,9 @@ COMP_METHOD *COMP_zlib(void)
void COMP_zlib_cleanup(void)
{
#ifdef ZLIB_SHARED
- if (zlib_dso)
+ if (zlib_dso != NULL)
DSO_free(zlib_dso);
+ zlib_dso = NULL;
#endif

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 9a9744646805bcf5d25af990be0533f71bf5edd5 (commit)
from 80c25ba6764c797f52982d45a12414618d48524a (commit)

- Log -----------------------------------------------------------------
commit 9a9744646805bcf5d25af990be0533f71bf5edd5
Author: Ismo Puustinen <ismo.pu...@intel.com>
Date: Fri Aug 7 22:14:47 2015 -0400

GH367: Fix dsa keygen for too-short seed

If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit f00a10b89734e84fe80f98ad9e2e77b557c701ae)

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 7 ++++++-
crypto/dsa/dsa_gen.c | 31 +++++++++++++------------------
doc/crypto/DSA_generate_parameters.pod | 11 +++++------
3 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/CHANGES b/CHANGES
index c2aba4b..6e19f3d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,12 @@

Changes between 1.0.1p and 1.0.1q [xx XXX xxxx]

- *)
+ *) In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+ [Rich Salz and Ismo Puustinen <ismo.pu...@intel.com>]
+
+ *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+ from RFC4279, RFC4785, RFC5487, RFC5489.

Changes between 1.0.1o and 1.0.1p [9 Jul 2015]

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index d686ab0..44c47a3 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -161,18 +161,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

bits = (bits + 63) / 64 * 64;

- /*
- * NB: seed_len == 0 is special case: copy generated seed to seed_in if
- * it is not NULL.
- */
- if (seed_len && (seed_len < (size_t)qsize))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > (size_t)qsize)
- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
- * SEED, but our internal buffers are
- * restricted to 160 bits */
- if (seed_in != NULL)
+ if (seed_in != NULL) {
+ if (seed_len < (size_t)qsize)
+ return 0;
+ if (seed_len > (size_t)qsize) {
+ /* Don't overflow seed local variable. */
+ seed_len = qsize;
+ }
memcpy(seed, seed_in, seed_len);
+ }

if ((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -195,20 +192,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */
- int seed_is_random;
+ int seed_is_random = seed_in == NULL;

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (!seed_len) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (seed_is_random) {
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
- seed_is_random = 1;
} else {
- seed_is_random = 0;
- seed_len = 0; /* use random seed if 'seed_in' turns out to
- * be bad */
+ /* If we come back through, use random seed next time. */
+ seed_in = NULL;
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index be7c924..ae30824 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -17,13 +17,12 @@ DSA_generate_parameters - generate DSA parameters
DSA_generate_parameters() generates primes p and q and a generator g
for use in the DSA.

-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
+B<bits> is the length of the prime p to be generated.
+For lengths under 2048 bits, the length of q is 160 bits; for lengths
+at least 2048, it is set to 256 bits.

-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
+If B<seed> is NULL, the primes will be generated at random.
+If B<seed_len> is less than the length of q, an error is returned.

DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via cb5320014d18633dcb444d09948f5bdac8f48c0d (commit)
from 9a9744646805bcf5d25af990be0533f71bf5edd5 (commit)


- Log -----------------------------------------------------------------
commit cb5320014d18633dcb444d09948f5bdac8f48c0d
Author: Emilia Kasper <emi...@openssl.org>
Date: Mon Aug 31 13:57:44 2015 +0200

bntest: don't dereference the |d| array for a zero BIGNUM.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 4d04226c2ec7e7f69f6234def63631648e35e828)
(cherry picked from commit 9c989aaa749d88b63bef5d5beeb3046eae62d836)

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bntest.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 06662c5..9f888f9 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -516,9 +516,9 @@ int test_div_word(BIO *bp)
do {
BN_bntest_rand(&a, 512, -1, 0);
BN_bntest_rand(&b, BN_BITS2, -1, 0);
- s = b.d[0];
- } while (!s);
+ } while (BN_is_zero(&b));

+ s = b.d[0];
BN_copy(&b, &a);
r = BN_div_word(&b, s);

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via c88f65f5b5cdc01fc16ca38084aebfc141dcba03 (commit)
via fc90ab42db6de59f2d1d9ea35141963c9db98083 (commit)
via 8d677c10f91af886b229207dbc1119a1e98da619 (commit)
from cb5320014d18633dcb444d09948f5bdac8f48c0d (commit)


- Log -----------------------------------------------------------------
commit c88f65f5b5cdc01fc16ca38084aebfc141dcba03
Author: Richard Levitte <ric...@levitte.org>
Date: Mon Aug 31 17:58:53 2015 +0200

Remove auto-fill-mode

Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 6dc08048d93ff35de882878f190ae49aa698b5d2)

commit fc90ab42db6de59f2d1d9ea35141963c9db98083
Author: Richard Levitte <ric...@levitte.org>
Date: Mon Aug 31 17:25:17 2015 +0200

Add an example .dir-locals.el

This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 0927f0d822b1e0f55cb7d8bacf9004ad3495514b)

commit 8d677c10f91af886b229207dbc1119a1e98da619
Author: Richard Levitte <ric...@levitte.org>
Date: Mon Aug 31 17:12:37 2015 +0200

Add emacs CC mode style for OpenSSL

This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit d9b3554b2d9724bc2d1621a026ddaf0223e2d191)

-----------------------------------------------------------------------

Summary of changes:
doc/dir-locals.example.el | 15 ++++++++++++
doc/openssl-c-indent.el | 62 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 77 insertions(+)
create mode 100644 doc/dir-locals.example.el
create mode 100644 doc/openssl-c-indent.el

diff --git a/doc/dir-locals.example.el b/doc/dir-locals.example.el
new file mode 100644
index 0000000..79d0b01
--- /dev/null
+++ b/doc/dir-locals.example.el
@@ -0,0 +1,15 @@
+;;; This is an example of what a .dir-locals.el suitable for OpenSSL
+;;; development could look like.
+;;;
+;;; Apart from setting the CC mode style to "OpenSSL-II", it also
+;;; makes sure that tabs are never used for indentation in any file,
+;;; and that the fill column is 78.
+;;;
+;;; For more information see (info "(emacs) Directory Variables")
+
+((nil
+ (indent-tabs-mode . nil)
+ (fill-column . 78)
+ )
+ (c-mode
+ (c-file-style . "OpenSSL-II")))
diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el
new file mode 100644
index 0000000..144a915
--- /dev/null
+++ b/doc/openssl-c-indent.el
@@ -0,0 +1,62 @@
+;;; This Emacs Lisp file defines a C indentation style for OpenSSL.
+;;;
+;;; This definition is for the "CC mode" package, which is the default
+;;; mode for editing C source files in Emacs 20, not for the older
+;;; c-mode.el (which was the default in less recent releaes of Emacs 19).
+;;;
+;;; Recommended use is to add this line in your .emacs:
+;;;
+;;; (load (expand-file-name "~/PATH/TO/openssl-c-indent.el"))
+;;;
+;;; To activate this indentation style, visit a C file, type
+;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
+;;; To toggle the auto-newline feature of CC mode, type C-c C-a.
+;;;
+;;; If you're a OpenSSL developer, you might find it more comfortable
+;;; to have this style be permanent in your OpenSSL development
+;;; directory. To have that, please perform this:
+;;;
+;;; M-x add-dir-local-variable <RET> c-mode <RET> c-file-style <RET>
+;;; "OpenSSL-II" <RET>
+;;;
+;;; A new buffer with .dir-locals.el will appear. Save it (C-x C-s).
+;;;
+;;; Alternatively, have a look at dir-locals.example.el
+
+;;; For suggesting improvements, please send e-mail to lev...@openssl.org.
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Note, it could be easy to inherit from the "gnu" style... however,
+;; one never knows if that style will change somewhere in the future,
+;; so I've chosen to copy the "gnu" style values explicitely instead
+;; and mark them with a comment. // RLevitte 2015-08-31
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(c-add-style "OpenSSL-II"
+ '((c-basic-offset . 4)
+ (indent-tabs-mode . nil)
+ (fill-column . 78)
+ (comment-column . 33)
+ (c-comment-only-line-offset 0 . 0) ; From "gnu" style
+ (c-hanging-braces-alist ; From "gnu" style
+ (substatement-open before after) ; From "gnu" style
+ (arglist-cont-nonempty)) ; From "gnu" style
+ (c-offsets-alist
+ (statement-block-intro . +) ; From "gnu" style
+ (knr-argdecl-intro . 0)
+ (knr-argdecl . 0)
+ (substatement-open . +) ; From "gnu" style
+ (substatement-label . 0) ; From "gnu" style
+ (label . 1)
+ (statement-case-open . +) ; From "gnu" style
+ (statement-cont . +) ; From "gnu" style
+ (arglist-intro . c-lineup-arglist-intro-after-paren) ; From "gnu" style
+ (arglist-close . c-lineup-arglist) ; From "gnu" style
+ (inline-open . 0) ; From "gnu" style
+ (brace-list-open . +) ; From "gnu" style
+ (topmost-intro-cont first c-lineup-topmost-intro-cont
+ c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style
+ )
+ (c-special-indent-hook . c-gnu-impose-minimum) ; From "gnu" style
+ (c-block-comment-prefix . "* ")
+ ))

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via d46e946d2603c64df6e1e4f9db0c70baaf1c4c03 (commit)
from c88f65f5b5cdc01fc16ca38084aebfc141dcba03 (commit)


- Log -----------------------------------------------------------------
commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
Author: Emilia Kasper <emi...@openssl.org>
Date: Mon Aug 31 15:51:27 2015 +0200

BN_mod_exp_mont_consttime: check for zero modulus.

Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.

Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_exp.c | 7 ++++---
crypto/bn/bntest.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 27146c8..7e33ba9 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -599,12 +599,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
bn_check_top(p);
bn_check_top(m);

- top = m->top;
-
- if (!(m->d[0] & 1)) {
+ if (!BN_is_odd(m)) {
BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
return (0);
}
+
+ top = m->top;
+
bits = BN_num_bits(p);
if (bits == 0) {
ret = BN_one(rr);
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 9f888f9..6d55049 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -441,6 +441,14 @@ int test_div(BIO *bp, BN_CTX *ctx)
BN_init(&d);
BN_init(&e);

+ BN_one(&a);
+ BN_zero(&b);
+
+ if (BN_div(&d, &c, &a, &b, ctx)) {
+ fprintf(stderr, "Division by zero succeeded!\n");
+ return 0;
+ }
+
for (i = 0; i < num0 + num1; i++) {
if (i < num1) {
BN_bntest_rand(&a, 400, 0, 0);
@@ -781,6 +789,18 @@ int test_mont(BIO *bp, BN_CTX *ctx)
if (mont == NULL)
return 0;

+ BN_zero(&n);
+ if (BN_MONT_CTX_set(mont, &n, ctx)) {
+ fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
+ return 0;
+ }
+
+ BN_set_word(&n, 16);
+ if (BN_MONT_CTX_set(mont, &n, ctx)) {
+ fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
+ return 0;
+ }
+
BN_bntest_rand(&a, 100, 0, 0);
BN_bntest_rand(&b, 100, 0, 0);
for (i = 0; i < num2; i++) {
@@ -887,6 +907,14 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
d = BN_new();
e = BN_new();

+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_mul(e, a, b, c, ctx)) {
+ fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
+ return 0;
+ }
+
for (j = 0; j < 3; j++) {
BN_bntest_rand(c, 1024, 0, 0);
for (i = 0; i < num0; i++) {
@@ -952,6 +980,14 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
d = BN_new();
e = BN_new();

+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_exp(d, a, b, c, ctx)) {
+ fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
+ return 0;
+ }
+
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);
@@ -999,6 +1035,22 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
d = BN_new();
e = BN_new();

+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+ fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
+ "succeeded\n");
+ return 0;
+ }
+
+ BN_set_word(c, 16);
+ if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+ fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
+ "succeeded\n");
+ return 0;
+ }
+
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via a6ce498b2a00ea7bdca0730064d7ee62b77d87cb (commit)
from d46e946d2603c64df6e1e4f9db0c70baaf1c4c03 (commit)

- Log -----------------------------------------------------------------
commit a6ce498b2a00ea7bdca0730064d7ee62b77d87cb
Author: Ben Kaduk <bka...@akamai.com>
Date: Fri Aug 28 12:41:50 2015 -0400

GH367 follow-up, for more clarity

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

(cherry picked from commit 36ac7bc8a9c856bcdff6eecdaca128ccc5430a1e)

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 8 ++++----
doc/crypto/DSA_generate_parameters.pod | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 44c47a3..1f12d6b 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -165,7 +165,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
if (seed_len < (size_t)qsize)
return 0;
if (seed_len > (size_t)qsize) {
- /* Don't overflow seed local variable. */
+ /* Only consume as much seed as is expected. */
seed_len = qsize;
}
memcpy(seed, seed_in, seed_len);
@@ -192,13 +192,13 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */

- int seed_is_random = seed_in == NULL;
+ int use_random_seed = (seed_in == NULL);

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (seed_is_random) {
+ if (use_random_seed) {

if (RAND_bytes(seed, qsize) <= 0)
goto err;

} else {
@@ -230,7 +230,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- seed_is_random, cb);
+ use_random_seed, cb);
if (r > 0)
break;
if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index ae30824..b64a276 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -19,7 +19,7 @@ for use in the DSA.

B<bits> is the length of the prime p to be generated.

For lengths under 2048 bits, the length of q is 160 bits; for lengths

-at least 2048, it is set to 256 bits.
+greater than or equal to 2048 bits, the length of q is set to 256 bits.

If B<seed> is NULL, the primes will be generated at random.

If B<seed_len> is less than the length of q, an error is returned.

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 1915a22184f879f8008e2447214f515a20045314 (commit)
from a6ce498b2a00ea7bdca0730064d7ee62b77d87cb (commit)


- Log -----------------------------------------------------------------
commit 1915a22184f879f8008e2447214f515a20045314
Author: mrpre <mr...@163.com>
Date: Fri Aug 28 16:12:51 2015 +0800

check bn_new return value

Slightly modified from the original PR.
Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Richard Levitte <lev...@openssl.org>

(cherry picked from commit a7e974c7be90e2c9673e2ce6215a70f734eb8ad4)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/x_bignum.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
index a5a403c..eaf0466 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -141,8 +141,9 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
BIGNUM *bn;
- if (!*pval)
- bn_new(pval, it);
+
+ if (*pval == NULL && !bn_new(pval, it))
+ return 0;
bn = (BIGNUM *)*pval;
if (!BN_bin2bn(cont, len, bn)) {
bn_free(pval, it);

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 246a010b781444d8c216851d2ae34a42ade91f38 (commit)
from 1915a22184f879f8008e2447214f515a20045314 (commit)


- Log -----------------------------------------------------------------
commit 246a010b781444d8c216851d2ae34a42ade91f38
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 31 21:45:56 2015 +0200

Ignore .dir-locals.el

Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit d7c02691a5e6f2716759eacb6f48c39f15ee57c8)

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 1 +

1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 9a0d846..4661b19 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
.#*
#*#
*~
+/.dir-locals.el

# Top level excludes
/Makefile.bak

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via bae16c98c1aed3c67c3328541c8cce015bb4c344 (commit)
via 9d4798a9e0e1d2a366adabafcf0f007f42cd5fa7 (commit)
from 246a010b781444d8c216851d2ae34a42ade91f38 (commit)


- Log -----------------------------------------------------------------
commit bae16c98c1aed3c67c3328541c8cce015bb4c344
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 14:56:58 2015 +0200

RT4002: check for NULL cipher in p12_crpt.c

The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 394f7b6fcc38132b8ccff0a3253b9dd15640cfc0)

commit 9d4798a9e0e1d2a366adabafcf0f007f42cd5fa7
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 13:19:15 2015 +0200

RT 3493: fix RSA test

- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 25d6b3401ca40c9a2cbe5080449c1c2a37037777)

-----------------------------------------------------------------------

Summary of changes:
crypto/pkcs12/p12_crpt.c | 3 +++
crypto/rsa/rsa_test.c | 32 ++++++++++++++++++++------------
2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 3a166e6..9c2dcab 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -77,6 +77,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
const unsigned char *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

+ if (cipher == NULL)
+ return 0;
+
/* Extract useful info from parameter */
if (param == NULL || param->type != V_ASN1_SEQUENCE ||
param->value.sequence == NULL) {
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
index e971295..85c7440 100644
--- a/crypto/rsa/rsa_test.c
+++ b/crypto/rsa/rsa_test.c
@@ -297,22 +297,30 @@ int main(int argc, char *argv[])
} else
printf("OAEP encryption/decryption ok\n");

- /* Try decrypting corrupted ciphertexts */
+ /* Try decrypting corrupted ciphertexts. */
for (n = 0; n < clen; ++n) {
- int b;
- unsigned char saved = ctext[n];
- for (b = 0; b < 256; ++b) {
- if (b == saved)
- continue;
- ctext[n] = b;
- num = RSA_private_decrypt(num, ctext, ptext, key,
+ ctext[n] ^= 1;
+ num = RSA_private_decrypt(clen, ctext, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (num > 0) {
- printf("Corrupt data decrypted!\n");
- err = 1;
- }
+ if (num > 0) {
+ printf("Corrupt data decrypted!\n");
+ err = 1;
+ break;
}
+ ctext[n] ^= 1;
}
+
+ /* Test truncated ciphertexts, as well as negative length. */
+ for (n = -1; n < clen; ++n) {
+ num = RSA_private_decrypt(n, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ printf("Truncated data decrypted!\n");
+ err = 1;

+ break;
+ }
+ }
+

next:
RSA_free(key);

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 5999b897ff6e64a79c97598569361ca15734e6e1 (commit)
from bae16c98c1aed3c67c3328541c8cce015bb4c344 (commit)


- Log -----------------------------------------------------------------
commit 5999b897ff6e64a79c97598569361ca15734e6e1
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 17:19:52 2015 +0200

OpenSSL 1.0.1n: add missing CHANGES entry

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 3 +++
1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 6e19f3d..3ac66ae 100644
--- a/CHANGES
+++ b/CHANGES
@@ -103,6 +103,9 @@
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]

+ *) dhparam: generate 2048-bit parameters by default.
+ [Kurt Roeckx and Emilia Kasper]
+
Changes between 1.0.1l and 1.0.1m [19 Mar 2015]

*) Segmentation fault in ASN1_TYPE_cmp fix

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 525e13612ee692e9d827c27b99c7e38583f887f3 (commit)
from 5999b897ff6e64a79c97598569361ca15734e6e1 (commit)

- Log -----------------------------------------------------------------
commit 525e13612ee692e9d827c27b99c7e38583f887f3
Author: Tim Zhang <tim....@irdeto.com>
Date: Mon May 11 10:58:51 2015 +0100

Fix the comment for POINT_CONVERSION_UNCOMPRESSED

The |z| value should be 0x04 not 0x02

RT#3838

Signed-off-by: Matt Caswell <ma...@openssl.org>

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 91d2728b38b1df930f337e163816a0fc9580b6a6)

-----------------------------------------------------------------------

Summary of changes:
crypto/ec/ec.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index c4e7aea..2a935fd 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -106,7 +106,7 @@ typedef enum {
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
- /** the point is encoded as z||x||y, where z is the octet 0x02 */
+ /** the point is encoded as z||x||y, where z is the octet 0x04 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
* which solution of the quadratic equation y is */

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 927f7a870337157bbb9e7a7d32578eeedb90ddbb (commit)
from 525e13612ee692e9d827c27b99c7e38583f887f3 (commit)

- Log -----------------------------------------------------------------
commit 927f7a870337157bbb9e7a7d32578eeedb90ddbb
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 16 14:17:24 2015 -0400

Fix building with OPENSSL_NO_TLSEXT.

Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.

Based on a patch by Marc Branchaud <marc...@xiplink.com>

Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 9a931208d7fc8a3596dda005cdbd6439938f01b0)

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_sess.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 1ad9dc7..de4c59e 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -256,8 +256,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_ecpointformatlist = NULL;
dest->tlsext_ellipticcurvelist = NULL;
# endif
-#endif
dest->tlsext_tick = NULL;
+#endif
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
@@ -324,7 +324,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
goto err;
}
# endif
-#endif

if (ticket != 0) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
@@ -334,6 +333,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_tick_lifetime_hint = 0;
dest->tlsext_ticklen = 0;
}
+#endif

#ifndef OPENSSL_NO_SRP
if (src->srp_username) {

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via dd642deea83d0f5b4accee9855e36c36699653cc (commit)
from 927f7a870337157bbb9e7a7d32578eeedb90ddbb (commit)

- Log -----------------------------------------------------------------
commit dd642deea83d0f5b4accee9855e36c36699653cc
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Aug 5 13:33:52 2015 +0100

Fix session resumption

Commit f0348c842e7 introduced a problem with session resumption. The
version for the session is fixed when the session is created. By moving
the creation of the session earlier in the process the version is fixed
*before* version negotiation has completed when processing the ServerHello
on the client side. This fix updates the session version after version neg
has completed.

Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit dc0c888811cebfa2d21c844be0d81335fb2361da)

-----------------------------------------------------------------------

Summary of changes:
ssl/s23_clnt.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index fc344b9..2b2855d 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -727,6 +727,8 @@ static int ssl23_get_server_hello(SSL *s)
goto err;
}

+ s->session->ssl_version = s->version;
+
/* ensure that TLS_MAX_VERSION is up-to-date */
OPENSSL_assert(s->version <= TLS_MAX_VERSION);

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 4cb23e12a300b64dd997ca00cee75cde8925df05 (commit)
from dd642deea83d0f5b4accee9855e36c36699653cc (commit)


- Log -----------------------------------------------------------------
commit 4cb23e12a300b64dd997ca00cee75cde8925df05
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue Sep 1 16:31:55 2015 +0200

RT3754: check for NULL pointer

Fix both the caller to error out on malloc failure, as well as the
eventual callee to handle a NULL gracefully.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/p_lib.c | 2 +-
crypto/evp/pmeth_gn.c | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 2b84dc7..375f561 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -253,7 +253,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)

int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
- if (!EVP_PKEY_set_type(pkey, type))
+ if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
return 0;
pkey->pkey.ptr = key;
return (key != NULL);
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 59f8134..6435f1b 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -96,12 +96,17 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
return -1;
}

- if (!ppkey)
+ if (ppkey == NULL)
return -1;

- if (!*ppkey)
+ if (*ppkey == NULL)
*ppkey = EVP_PKEY_new();

+ if (*ppkey == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
ret = ctx->pmeth->paramgen(ctx, *ppkey);
if (ret <= 0) {
EVP_PKEY_free(*ppkey);

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 8b5ac90e5eb3343ddf768f64a2cf975a14d21387 (commit)
from 4cb23e12a300b64dd997ca00cee75cde8925df05 (commit)


- Log -----------------------------------------------------------------
commit 8b5ac90e5eb3343ddf768f64a2cf975a14d21387

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Sep 11 16:13:52 2015 +0100

Use default field separator.

If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 03706afa30aeb4407287171a9d6f9a765395d0a2)

-----------------------------------------------------------------------

Summary of changes:
apps/apps.c | 6 +++++-
doc/apps/x509.pod | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 6801238..1e48307 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1247,7 +1247,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
- return set_multi_opts(flags, arg, ex_tbl);
+ if (set_multi_opts(flags, arg, ex_tbl) == 0)
+ return 0;
+ if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ *flags |= XN_FLAG_SEP_CPLUS_SPC;
+ return 1;
}

int set_ext_copy(int *copy_type, const char *arg)
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 6109389..1bb0550 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -529,7 +529,8 @@ very rare and their use is discouraged). The options ending in
"space" additionally place a space after the separator to make it
more readable. The B<sep_multiline> uses a linefeed character for
the RDN separator and a spaced B<+> for the AVA separator. It also
-indents the fields by four characters.
+indents the fields by four characters. If no field separator is specified
+then B<sep_comma_plus_space> is used by default.

=item B<dn_rev>

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 421baf1862e5325c1de36dcb171a8a33d44f121f (commit)
from 8b5ac90e5eb3343ddf768f64a2cf975a14d21387 (commit)


- Log -----------------------------------------------------------------
commit 421baf1862e5325c1de36dcb171a8a33d44f121f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Sep 12 00:44:07 2015 +0100

Check for FIPS mode after loading config.

PR#3958

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9)

-----------------------------------------------------------------------

Summary of changes:
apps/pkcs12.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4ff6449..e41b445 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)

apps_startup();

-# ifdef OPENSSL_FIPS
- if (FIPS_mode())
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else
-# endif
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;

+# ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+# endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
args = argv + 1;

while (*args) {

[Kurt Roeckx]

The branch OpenSSL_1_0_1-stable has been updated

via 8f42c34f8fe6eac75e5a6f2d955f460c1d424576 (commit)
from 421baf1862e5325c1de36dcb171a8a33d44f121f (commit)


- Log -----------------------------------------------------------------
commit 8f42c34f8fe6eac75e5a6f2d955f460c1d424576
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue Sep 15 00:07:02 2015 +0200

d2i: don't update input pointer on failure

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
MR #1005
(cherry picked from commit a46c9789ce2aecedceef119e9883513c7a49f1ca)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/d2i_pr.c | 11 ++++++++---
crypto/asn1/tasn_dec.c | 4 ++--
crypto/asn1/x_pubkey.c | 5 ++++-
crypto/asn1/x_x509.c | 7 ++++---
crypto/ec/ec_asn1.c | 8 ++++++--
5 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c96da09..314f4e3 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
{
EVP_PKEY *ret;
+ const unsigned char *p = *pp;

if ((a == NULL) || (*a == NULL)) {
if ((ret = EVP_PKEY_new()) == NULL) {
@@ -94,10 +95,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
}

if (!ret->ameth->old_priv_decode ||
- !ret->ameth->old_priv_decode(ret, pp, length)) {
+ !ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
PKCS8_PRIV_KEY_INFO *p8 = NULL;
- p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
EVP_PKEY_free(ret);
@@ -109,6 +110,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
goto err;
}
}
+ *pp = p;
if (a != NULL)
(*a) = ret;
return (ret);
@@ -136,6 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
* input is surrounded by an ASN1 SEQUENCE.
*/
inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+ p = *pp;
/*
* Since we only need to discern "traditional format" RSA and DSA keys we
* can just count the elements.
@@ -146,7 +149,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
keytype = EVP_PKEY_EC;
else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
* traditional format */
- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
EVP_PKEY *ret;

sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
@@ -157,6 +160,8 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
+ if (ret != NULL)
+ *pp = p;
if (a) {
*a = ret;
}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7fd336a..febf605 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -350,9 +350,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
}

asn1_set_choice_selector(pval, i, it);
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;

case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -489,9 +489,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* Save encoding */
if (!asn1_enc_save(pval, *in, p - *in, it))
goto auxerr;
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;

default:
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 4b68201..6c57a79 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
{
X509_PUBKEY *xpk;
EVP_PKEY *pktmp;
- xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ const unsigned char *q;
+ q = *pp;
+ xpk = d2i_X509_PUBKEY(NULL, &q, length);
if (!xpk)
return NULL;
pktmp = X509_PUBKEY_get(xpk);
X509_PUBKEY_free(xpk);
if (!pktmp)
return NULL;
+ *pp = q;
if (a) {
EVP_PKEY_free(*a);
*a = pktmp;
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index f56e837..916e51f 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -180,16 +180,17 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
if (!a || *a == NULL) {
freeret = 1;
}
- ret = d2i_X509(a, pp, length);
+ ret = d2i_X509(a, &q, length);
/* If certificate unreadable then forget it */
if (!ret)
return NULL;
/* update length */
- length -= *pp - q;
+ length -= q - *pp;
if (!length)
return ret;
- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+ if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
goto err;
+ *pp = q;
return ret;
err:
if (freeret) {
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 4ad8494..33abf61 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -970,8 +970,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
{
EC_GROUP *group = NULL;
ECPKPARAMETERS *params = NULL;
+ const unsigned char *p = *in;

- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+ if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
ECPKPARAMETERS_free(params);
return NULL;
@@ -989,6 +990,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
*a = group;

ECPKPARAMETERS_free(params);
+ *in = p;
return (group);
}

@@ -1016,8 +1018,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
int ok = 0;
EC_KEY *ret = NULL;
EC_PRIVATEKEY *priv_key = NULL;
+ const unsigned char *p = *in;

- if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
+ if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
return NULL;
}
@@ -1096,6 +1099,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)

if (a)
*a = ret;
+ *in = p;
ok = 1;
err:
if (!ok) {

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 12650153ec2c57c1b2b4d7f747ecd3709962912a (commit)
from 8f42c34f8fe6eac75e5a6f2d955f460c1d424576 (commit)


- Log -----------------------------------------------------------------
commit 12650153ec2c57c1b2b4d7f747ecd3709962912a
Author: Rich Salz <rs...@akamai.com>
Date: Tue Sep 15 11:49:42 2015 -0400

RT4044: Remove .cvsignore files.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 3be39dc1e3378d79531e385a72051c4dc5c6b34d)

-----------------------------------------------------------------------

Summary of changes:
crypto/.cvsignore | 8 --------
crypto/aes/.cvsignore | 5 -----
crypto/asn1/.cvsignore | 4 ----
crypto/bf/.cvsignore | 5 -----
crypto/bf/asm/.cvsignore | 4 ----
crypto/bio/.cvsignore | 4 ----
crypto/bn/.cvsignore | 7 -------
crypto/bn/asm/.cvsignore | 6 ------
crypto/buffer/.cvsignore | 4 ----
crypto/camellia/.cvsignore | 3 ---
crypto/cast/.cvsignore | 6 ------
crypto/cast/asm/.cvsignore | 4 ----
crypto/cmac/.cvsignore | 4 ----
crypto/cms/.cvsignore | 4 ----
crypto/comp/.cvsignore | 4 ----
crypto/conf/.cvsignore | 4 ----
crypto/des/.cvsignore | 7 -------
crypto/des/asm/.cvsignore | 7 -------
crypto/dh/.cvsignore | 4 ----
crypto/dsa/.cvsignore | 4 ----
crypto/dso/.cvsignore | 4 ----
crypto/ec/.cvsignore | 4 ----
crypto/ecdh/.cvsignore | 4 ----
crypto/ecdsa/.cvsignore | 2 --
crypto/engine/.cvsignore | 4 ----
crypto/err/.cvsignore | 4 ----
crypto/evp/.cvsignore | 4 ----
crypto/hmac/.cvsignore | 4 ----
crypto/idea/.cvsignore | 4 ----
crypto/jpake/.cvsignore | 3 ---
crypto/krb5/.cvsignore | 4 ----
crypto/lhash/.cvsignore | 4 ----
crypto/md2/.cvsignore | 4 ----
crypto/md4/.cvsignore | 4 ----
crypto/md5/.cvsignore | 5 -----
crypto/md5/asm/.cvsignore | 4 ----
crypto/mdc2/.cvsignore | 4 ----
crypto/modes/.cvsignore | 4 ----
crypto/objects/.cvsignore | 4 ----
crypto/ocsp/.cvsignore | 4 ----
crypto/pem/.cvsignore | 5 -----
crypto/pkcs12/.cvsignore | 4 ----
crypto/pkcs7/.cvsignore | 8 --------
crypto/pqueue/.cvsignore | 4 ----
crypto/rand/.cvsignore | 4 ----
crypto/rc2/.cvsignore | 4 ----
crypto/rc4/.cvsignore | 5 -----
crypto/rc4/asm/.cvsignore | 4 ----
crypto/rc5/.cvsignore | 4 ----
crypto/rc5/asm/.cvsignore | 4 ----
crypto/ripemd/.cvsignore | 5 -----
crypto/ripemd/asm/.cvsignore | 4 ----
crypto/rsa/.cvsignore | 4 ----
crypto/seed/.cvsignore | 4 ----
crypto/sha/.cvsignore | 7 -------
crypto/sha/asm/.cvsignore | 4 ----
crypto/srp/.cvsignore | 2 --
crypto/stack/.cvsignore | 4 ----
crypto/store/.cvsignore | 4 ----
crypto/ts/.cvsignore | 2 --
crypto/txt_db/.cvsignore | 4 ----
crypto/ui/.cvsignore | 4 ----
crypto/whrlpool/.cvsignore | 3 ---
crypto/x509/.cvsignore | 4 ----
crypto/x509v3/.cvsignore | 4 ----
demos/easy_tls/.cvsignore | 3 ---
demos/engines/cluster_labs/.cvsignore | 6 ------
demos/engines/ibmca/.cvsignore | 6 ------
demos/engines/rsaref/.cvsignore | 14 --------------
demos/engines/zencod/.cvsignore | 6 ------
demos/state_machine/.cvsignore | 3 ---
demos/tunala/.cvsignore | 4 ----
engines/.cvsignore | 6 ------
engines/ccgost/.cvsignore | 6 ------
include/.cvsignore | 3 ---
ms/.cvsignore | 5 -----
perl/.cvsignore | 14 --------------
ssl/.cvsignore | 4 ----
test/.cvsignore | 34 ----------------------------------
tools/.cvsignore | 4 ----
util/.cvsignore | 2 --
81 files changed, 401 deletions(-)
delete mode 100644 crypto/.cvsignore
delete mode 100644 crypto/aes/.cvsignore
delete mode 100644 crypto/asn1/.cvsignore
delete mode 100644 crypto/bf/.cvsignore
delete mode 100644 crypto/bf/asm/.cvsignore
delete mode 100644 crypto/bio/.cvsignore
delete mode 100644 crypto/bn/.cvsignore
delete mode 100644 crypto/bn/asm/.cvsignore
delete mode 100644 crypto/buffer/.cvsignore
delete mode 100644 crypto/camellia/.cvsignore
delete mode 100644 crypto/cast/.cvsignore
delete mode 100644 crypto/cast/asm/.cvsignore
delete mode 100644 crypto/cmac/.cvsignore
delete mode 100644 crypto/cms/.cvsignore
delete mode 100644 crypto/comp/.cvsignore
delete mode 100644 crypto/conf/.cvsignore
delete mode 100644 crypto/des/.cvsignore
delete mode 100644 crypto/des/asm/.cvsignore
delete mode 100644 crypto/dh/.cvsignore
delete mode 100644 crypto/dsa/.cvsignore
delete mode 100644 crypto/dso/.cvsignore
delete mode 100644 crypto/ec/.cvsignore
delete mode 100644 crypto/ecdh/.cvsignore
delete mode 100644 crypto/ecdsa/.cvsignore
delete mode 100644 crypto/engine/.cvsignore
delete mode 100644 crypto/err/.cvsignore
delete mode 100644 crypto/evp/.cvsignore
delete mode 100644 crypto/hmac/.cvsignore
delete mode 100644 crypto/idea/.cvsignore
delete mode 100644 crypto/jpake/.cvsignore
delete mode 100644 crypto/krb5/.cvsignore
delete mode 100644 crypto/lhash/.cvsignore
delete mode 100644 crypto/md2/.cvsignore
delete mode 100644 crypto/md4/.cvsignore
delete mode 100644 crypto/md5/.cvsignore
delete mode 100644 crypto/md5/asm/.cvsignore
delete mode 100644 crypto/mdc2/.cvsignore
delete mode 100644 crypto/modes/.cvsignore
delete mode 100644 crypto/objects/.cvsignore
delete mode 100644 crypto/ocsp/.cvsignore
delete mode 100644 crypto/pem/.cvsignore
delete mode 100644 crypto/pkcs12/.cvsignore
delete mode 100644 crypto/pkcs7/.cvsignore
delete mode 100644 crypto/pqueue/.cvsignore
delete mode 100644 crypto/rand/.cvsignore
delete mode 100644 crypto/rc2/.cvsignore
delete mode 100644 crypto/rc4/.cvsignore
delete mode 100644 crypto/rc4/asm/.cvsignore
delete mode 100644 crypto/rc5/.cvsignore
delete mode 100644 crypto/rc5/asm/.cvsignore
delete mode 100644 crypto/ripemd/.cvsignore
delete mode 100644 crypto/ripemd/asm/.cvsignore
delete mode 100644 crypto/rsa/.cvsignore
delete mode 100644 crypto/seed/.cvsignore
delete mode 100644 crypto/sha/.cvsignore
delete mode 100644 crypto/sha/asm/.cvsignore
delete mode 100644 crypto/srp/.cvsignore
delete mode 100644 crypto/stack/.cvsignore
delete mode 100644 crypto/store/.cvsignore
delete mode 100644 crypto/ts/.cvsignore
delete mode 100644 crypto/txt_db/.cvsignore
delete mode 100644 crypto/ui/.cvsignore
delete mode 100644 crypto/whrlpool/.cvsignore
delete mode 100644 crypto/x509/.cvsignore
delete mode 100644 crypto/x509v3/.cvsignore
delete mode 100644 demos/easy_tls/.cvsignore
delete mode 100644 demos/engines/cluster_labs/.cvsignore
delete mode 100644 demos/engines/ibmca/.cvsignore
delete mode 100644 demos/engines/rsaref/.cvsignore
delete mode 100644 demos/engines/zencod/.cvsignore
delete mode 100644 demos/state_machine/.cvsignore
delete mode 100644 demos/tunala/.cvsignore
delete mode 100644 engines/.cvsignore
delete mode 100644 engines/ccgost/.cvsignore
delete mode 100644 include/.cvsignore
delete mode 100644 ms/.cvsignore
delete mode 100644 perl/.cvsignore
delete mode 100644 ssl/.cvsignore
delete mode 100644 test/.cvsignore
delete mode 100644 tools/.cvsignore
delete mode 100644 util/.cvsignore

diff --git a/crypto/.cvsignore b/crypto/.cvsignore
deleted file mode 100644
index 337529e..0000000
--- a/crypto/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-lib
-buildinf.h
-opensslconf.h
-Makefile.save
-*.flc
-semantic.cache
-*cpuid.s
-uplink-cof.s
diff --git a/crypto/aes/.cvsignore b/crypto/aes/.cvsignore
deleted file mode 100644
index 035489b..0000000
--- a/crypto/aes/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-aes-*.s
diff --git a/crypto/asn1/.cvsignore b/crypto/asn1/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/asn1/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/bf/.cvsignore b/crypto/bf/.cvsignore
deleted file mode 100644
index 86da787..0000000
--- a/crypto/bf/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-bf-*.s
diff --git a/crypto/bf/asm/.cvsignore b/crypto/bf/asm/.cvsignore
deleted file mode 100644
index 0a60dba..0000000
--- a/crypto/bf/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-bx86unix.cpp
-bx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/bio/.cvsignore b/crypto/bio/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/bio/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/bn/.cvsignore b/crypto/bn/.cvsignore
deleted file mode 100644
index ebe4b61..0000000
--- a/crypto/bn/.cvsignore
+++ /dev/null
@@ -1,7 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-co-*.s
-bn-*.s
-*-mont.s
diff --git a/crypto/bn/asm/.cvsignore b/crypto/bn/asm/.cvsignore
deleted file mode 100644
index 2647502..0000000
--- a/crypto/bn/asm/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-bn86unix.cpp
-co86unix.cpp
-bn86-elf.s
-co86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/buffer/.cvsignore b/crypto/buffer/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/buffer/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/camellia/.cvsignore b/crypto/camellia/.cvsignore
deleted file mode 100644
index b7f68a8..0000000
--- a/crypto/camellia/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-cmll-*.s
diff --git a/crypto/cast/.cvsignore b/crypto/cast/.cvsignore
deleted file mode 100644
index 7075b5d..0000000
--- a/crypto/cast/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-cx86-*.s
-cast-586.s
diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore
deleted file mode 100644
index 322fa86..0000000
--- a/crypto/cast/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-cx86unix.cpp
-cx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/cmac/.cvsignore b/crypto/cmac/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/cmac/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/cms/.cvsignore b/crypto/cms/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/cms/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/comp/.cvsignore b/crypto/comp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/comp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/conf/.cvsignore b/crypto/conf/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/conf/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/des/.cvsignore b/crypto/des/.cvsignore
deleted file mode 100644
index 6f011ea..0000000
--- a/crypto/des/.cvsignore
+++ /dev/null
@@ -1,7 +0,0 @@
-lib
-Makefile.save
-des
-*.flc
-semantic.cache
-crypt*.s
-des-*.s
diff --git a/crypto/des/asm/.cvsignore b/crypto/des/asm/.cvsignore
deleted file mode 100644
index b92f401..0000000
--- a/crypto/des/asm/.cvsignore
+++ /dev/null
@@ -1,7 +0,0 @@
-dx86unix.cpp
-yx86unix.cpp
-des_enc-sparc.S
-dx86-elf.s
-yx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/dh/.cvsignore b/crypto/dh/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dh/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/dsa/.cvsignore b/crypto/dsa/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dsa/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/dso/.cvsignore b/crypto/dso/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/dso/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ec/.cvsignore b/crypto/ec/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ec/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ecdh/.cvsignore b/crypto/ecdh/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ecdh/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ecdsa/.cvsignore b/crypto/ecdsa/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/ecdsa/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/engine/.cvsignore b/crypto/engine/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/engine/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/err/.cvsignore b/crypto/err/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/err/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/evp/.cvsignore b/crypto/evp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/evp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/hmac/.cvsignore b/crypto/hmac/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/hmac/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/idea/.cvsignore b/crypto/idea/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/idea/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/jpake/.cvsignore b/crypto/jpake/.cvsignore
deleted file mode 100644
index 33ac838..0000000
--- a/crypto/jpake/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-
diff --git a/crypto/krb5/.cvsignore b/crypto/krb5/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/krb5/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/lhash/.cvsignore b/crypto/lhash/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/lhash/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md2/.cvsignore b/crypto/md2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/md2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md4/.cvsignore b/crypto/md4/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/md4/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/md5/.cvsignore b/crypto/md5/.cvsignore
deleted file mode 100644
index e7bf5dd..0000000
--- a/crypto/md5/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-md5-*.s
diff --git a/crypto/md5/asm/.cvsignore b/crypto/md5/asm/.cvsignore
deleted file mode 100644
index 5265922..0000000
--- a/crypto/md5/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-mx86unix.cpp
-mx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/mdc2/.cvsignore b/crypto/mdc2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/mdc2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/modes/.cvsignore b/crypto/modes/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/modes/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/objects/.cvsignore b/crypto/objects/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/objects/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ocsp/.cvsignore b/crypto/ocsp/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ocsp/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pem/.cvsignore b/crypto/pem/.cvsignore
deleted file mode 100644
index feb507d..0000000
--- a/crypto/pem/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-ctx_size
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pkcs12/.cvsignore b/crypto/pkcs12/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/pkcs12/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/pkcs7/.cvsignore b/crypto/pkcs7/.cvsignore
deleted file mode 100644
index 5463e2a..0000000
--- a/crypto/pkcs7/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-lib
-Makefile.save
-enc
-dec
-sign
-verify
-*.flc
-semantic.cache
diff --git a/crypto/pqueue/.cvsignore b/crypto/pqueue/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/pqueue/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rand/.cvsignore b/crypto/rand/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rand/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc2/.cvsignore b/crypto/rc2/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rc2/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc4/.cvsignore b/crypto/rc4/.cvsignore
deleted file mode 100644
index 55e2f07..0000000
--- a/crypto/rc4/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-rc4-*.s
diff --git a/crypto/rc4/asm/.cvsignore b/crypto/rc4/asm/.cvsignore
deleted file mode 100644
index ded381e..0000000
--- a/crypto/rc4/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-rx86unix.cpp
-rx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/rc5/.cvsignore b/crypto/rc5/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rc5/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/rc5/asm/.cvsignore b/crypto/rc5/asm/.cvsignore
deleted file mode 100644
index e294b19..0000000
--- a/crypto/rc5/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-r586unix.cpp
-r586-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/ripemd/.cvsignore b/crypto/ripemd/.cvsignore
deleted file mode 100644
index 4e5de48..0000000
--- a/crypto/ripemd/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-rmd-*.s
diff --git a/crypto/ripemd/asm/.cvsignore b/crypto/ripemd/asm/.cvsignore
deleted file mode 100644
index 1c4890f..0000000
--- a/crypto/ripemd/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-rm86unix.cpp
-rm86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/rsa/.cvsignore b/crypto/rsa/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/rsa/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/seed/.cvsignore b/crypto/seed/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/seed/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/sha/.cvsignore b/crypto/sha/.cvsignore
deleted file mode 100644
index 4f51f91..0000000
--- a/crypto/sha/.cvsignore
+++ /dev/null
@@ -1,7 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
-sha1-*.s
-sha256-*.s
-sha512-*.s
diff --git a/crypto/sha/asm/.cvsignore b/crypto/sha/asm/.cvsignore
deleted file mode 100644
index 9921443..0000000
--- a/crypto/sha/asm/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-sx86unix.cpp
-sx86-elf.s
-*.flc
-semantic.cache
diff --git a/crypto/srp/.cvsignore b/crypto/srp/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/srp/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/stack/.cvsignore b/crypto/stack/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/stack/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/store/.cvsignore b/crypto/store/.cvsignore
deleted file mode 100644
index 68a9313..0000000
--- a/crypto/store/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-Makefile.save
-lib
-*.flc
-semantic.cache
diff --git a/crypto/ts/.cvsignore b/crypto/ts/.cvsignore
deleted file mode 100644
index c6d03a9..0000000
--- a/crypto/ts/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-lib
-Makefile.save
diff --git a/crypto/txt_db/.cvsignore b/crypto/txt_db/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/txt_db/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/ui/.cvsignore b/crypto/ui/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/ui/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/whrlpool/.cvsignore b/crypto/whrlpool/.cvsignore
deleted file mode 100644
index baa1c42..0000000
--- a/crypto/whrlpool/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-lib
-Makefile.save
-wp-*.s
diff --git a/crypto/x509/.cvsignore b/crypto/x509/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/x509/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/crypto/x509v3/.cvsignore b/crypto/x509v3/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/crypto/x509v3/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/demos/easy_tls/.cvsignore b/demos/easy_tls/.cvsignore
deleted file mode 100644
index eae327d..0000000
--- a/demos/easy_tls/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-test
-*.flc
-semantic.cache
diff --git a/demos/engines/cluster_labs/.cvsignore b/demos/engines/cluster_labs/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/cluster_labs/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/engines/ibmca/.cvsignore b/demos/engines/ibmca/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/ibmca/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/engines/rsaref/.cvsignore b/demos/engines/rsaref/.cvsignore
deleted file mode 100644
index e8e5e62..0000000
--- a/demos/engines/rsaref/.cvsignore
+++ /dev/null
@@ -1,14 +0,0 @@
-librsaref.so.gnu
-librsaref.so.tru64
-librsaref.so.solaris
-librsaref.so.irix
-librsaref.so.hpux32
-librsaref.so.hpux64
-librsaref.so.aix
-librsaref.exp
-doc
-install
-rdemo
-source
-*.flc
-semantic.cache
diff --git a/demos/engines/zencod/.cvsignore b/demos/engines/zencod/.cvsignore
deleted file mode 100644
index 375a79d..0000000
--- a/demos/engines/zencod/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.exp
-*.so
-*.so.*
-*.a
-*.flc
-semantic.cache
diff --git a/demos/state_machine/.cvsignore b/demos/state_machine/.cvsignore
deleted file mode 100644
index a90633f..0000000
--- a/demos/state_machine/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-state_machine
-*.flc
-semantic.cache
diff --git a/demos/tunala/.cvsignore b/demos/tunala/.cvsignore
deleted file mode 100644
index f9eca98..0000000
--- a/demos/tunala/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-tunala
-
-*.flc
-semantic.cache
diff --git a/engines/.cvsignore b/engines/.cvsignore
deleted file mode 100644
index b722ca8..0000000
--- a/engines/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-Makefile.save
-lib
-libs
-*.flc
-semantic.cache
-*.dll
diff --git a/engines/ccgost/.cvsignore b/engines/ccgost/.cvsignore
deleted file mode 100644
index b722ca8..0000000
--- a/engines/ccgost/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-Makefile.save
-lib
-libs
-*.flc
-semantic.cache
-*.dll
diff --git a/include/.cvsignore b/include/.cvsignore
deleted file mode 100644
index 55e25b4..0000000
--- a/include/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*
-*.flc
-semantic.cache
diff --git a/ms/.cvsignore b/ms/.cvsignore
deleted file mode 100644
index 5f8e47b..0000000
--- a/ms/.cvsignore
+++ /dev/null
@@ -1,5 +0,0 @@
-*.def
-*.mak
-*.out
-*.flc
-semantic.cache
diff --git a/perl/.cvsignore b/perl/.cvsignore
deleted file mode 100644
index 5e8eb88..0000000
--- a/perl/.cvsignore
+++ /dev/null
@@ -1,14 +0,0 @@
-Makefile
-blib
-pm_to_blib
-OpenSSL.c
-openssl_bio.c
-openssl_bn.c
-openssl_cipher.c
-openssl_digest.c
-openssl_err.c
-openssl_ssl.c
-openssl_x509.c
-OpenSSL.bs
-*.flc
-semantic.cache
diff --git a/ssl/.cvsignore b/ssl/.cvsignore
deleted file mode 100644
index 439e6d3..0000000
--- a/ssl/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-lib
-Makefile.save
-*.flc
-semantic.cache
diff --git a/test/.cvsignore b/test/.cvsignore
deleted file mode 100644
index 8b5997c..0000000
--- a/test/.cvsignore
+++ /dev/null
@@ -1,34 +0,0 @@
-*test
-demoCA
-certCA.srl
-.rnd
-testkey.pem
-testreq.pem
-keyCA.ss
-reqCA.ss
-certCA.ss
-req2CA.ss
-keyU.ss
-reqU.ss
-certU.ss
-certU.srl
-intP1.ss
-tmp_intP1.ss
-keyP1.ss
-reqP1.ss
-certP1.ss
-certP1.srl
-intP2.ss
-tmp_intP2.ss
-keyP2.ss
-reqP2.ss
-certP2.ss
-Makefile.save
-tmp.bntest
-evptests.txt
-sha256t
-sha512t
-*.flc
-semantic.cache
-newkey.pem
-*.dll
diff --git a/tools/.cvsignore b/tools/.cvsignore
deleted file mode 100644
index cde7450..0000000
--- a/tools/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-c_rehash
-c_rehash.bak
-*.flc
-semantic.cache
diff --git a/util/.cvsignore b/util/.cvsignore
deleted file mode 100644
index 8b4054c..0000000
--- a/util/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*.flc
-semantic.cache

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 83fcd322f7b398534fba7816ca3c0896f529c7c0 (commit)
from 12650153ec2c57c1b2b4d7f747ecd3709962912a (commit)


- Log -----------------------------------------------------------------
commit 83fcd322f7b398534fba7816ca3c0896f529c7c0
Author: Rich Salz <rs...@openssl.org>
Date: Tue Sep 15 12:01:30 2015 -0400

RT4044: Remove .cvsignore files.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
.cvsignore | 22 ----------------------
apps/.cvsignore | 8 --------
2 files changed, 30 deletions(-)
delete mode 100644 .cvsignore
delete mode 100644 apps/.cvsignore

diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index 01be5fa..0000000
--- a/.cvsignore
+++ /dev/null
@@ -1,22 +0,0 @@
-openssl.pc
-libcrypto.pc
-libssl.pc
-MINFO
-makefile.one
-tmp
-out
-outinc
-rehash.time
-testlog
-make.log
-maketest.log
-cctest
-cctest.c
-cctest.a
-*.flc
-semantic.cache
-Makefile
-*.dll*
-*.so*
-*.sl*
-*.dylib*
diff --git a/apps/.cvsignore b/apps/.cvsignore
deleted file mode 100644
index 9981329..0000000
--- a/apps/.cvsignore

+++ /dev/null
@@ -1,8 +0,0 @@

-openssl
-Makefile.save
-der_chop
-der_chop.bak
-CA.pl
-*.flc
-semantic.cache
-*.dll

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via f95d1af064bd0477cb551124bb3d7792c4e3216b (commit)
from 83fcd322f7b398534fba7816ca3c0896f529c7c0 (commit)

- Log -----------------------------------------------------------------
commit f95d1af064bd0477cb551124bb3d7792c4e3216b
Author: Ivo Raisr <ivo....@oracle.com>
Date: Fri Sep 11 17:24:33 2015 +0100

Make no-psk compile without warnings.

PR#4035

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Stephen Henson <st...@openssl.org>
(cherry picked from commit 929f6d6f55275b17cfdd5c405ef403bce87c9aef)

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_asn1.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 39d48ea..35cc27c 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -121,13 +121,16 @@ typedef struct ssl_session_asn1_st {
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
- int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0;
+ int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
int v6 = 0, v9 = 0, v10 = 0;
unsigned char ibuf6[LSIZE2];
#endif
+#ifndef OPENSSL_NO_PSK
+ int v7 = 0, v8 = 0;
+#endif
#ifndef OPENSSL_NO_COMP
unsigned char cbuf;
int v11 = 0;

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 76067c75fd60371c0a66a36ed531e52b883dcf6a (commit)
from f95d1af064bd0477cb551124bb3d7792c4e3216b (commit)

- Log -----------------------------------------------------------------
commit 76067c75fd60371c0a66a36ed531e52b883dcf6a
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed Sep 2 15:31:28 2015 +0200

RT3757: base64 encoding bugs

Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Dr Stephen Henson <st...@openssl.org>
(cherry picked from commit 3cdd1e94b1d71f2ce3002738f9506da91fe2af45)
(cherry picked from commit 37faf117965de181f4de0b4032eecac2566de5f6)

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 6 ++
crypto/evp/encode.c | 182 ++++++++++++++++++++++++----------------------------
2 files changed, 90 insertions(+), 98 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3ac66ae..178d010 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@

Changes between 1.0.1p and 1.0.1q [xx XXX xxxx]

+ *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+ This changes the decoding behaviour for some invalid messages,
+ though the change is mostly in the more lenient direction, and
+ legacy behaviour is preserved as much as possible.
+ [Emilia Käsper]

+
*) In DSA_generate_parameters_ex, if the provided seed is too short,

return an error

[Rich Salz and Ismo Puustinen <ismo.pu...@intel.com>]

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 5c5988f..f758a8c 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -103,6 +103,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
+#define B64_BASE64(a) !B64_NOT_BASE64(a)

static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -218,8 +219,9 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)

void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
- ctx->length = 30;
+ /* Only ctx->num is used during decoding. */
ctx->num = 0;
+ ctx->length = 0;
ctx->line_num = 0;
ctx->expect_nl = 0;
}
@@ -228,139 +230,123 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
* -1 for error
* 0 for last line
* 1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ * - Padding or B64_EOF was detected and the last block is complete.
+ * - Input has zero-length.
+ * -1 is returned if:
+ * - Invalid characters are detected.
+ * - There is extra trailing padding, or data after padding.
+ * - B64_EOF is detected after an incomplete base64 block.
*/
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl;
+ int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
unsigned char *d;

n = ctx->num;
d = ctx->enc_data;
- ln = ctx->line_num;
- exp_nl = ctx->expect_nl;

- /* last line of input. */
- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
+ if (n > 0 && d[n - 1] == '=') {
+ eof++;
+ if (n > 1 && d[n - 2] == '=')
+ eof++;
+ }
+
+ /* Legacy behaviour: an empty input chunk signals end of input. */
+ if (inl == 0) {
rv = 0;
goto end;
}

- /* We parse the input data */
for (i = 0; i < inl; i++) {
- /* If the current line is > 80 characters, scream alot */
- if (ln >= 80) {
- rv = -1;
- goto end;
- }
-
- /* Get char and put it into the buffer */
tmp = *(in++);
v = conv_ascii2bin(tmp);
- /* only save the good data :-) */
- if (!B64_NOT_BASE64(v)) {
- OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
- d[n++] = tmp;
- ln++;
- } else if (v == B64_ERROR) {
+ if (v == B64_ERROR) {
rv = -1;
goto end;
}

- /*
- * have we seen a '=' which is 'definitly' the last input line. seof
- * will point to the character that holds it. and eof will hold how
- * many characters to chop off.
- */
if (tmp == '=') {
- if (seof == -1)
- seof = n;
eof++;
+ } else if (eof > 0 && B64_BASE64(v)) {
+ /* More data after padding. */
+ rv = -1;
+ goto end;
}

- if (v == B64_CR) {
- ln = 0;
- if (exp_nl)
- continue;
+ if (eof > 2) {
+ rv = -1;
+ goto end;
}

- /* eoln */
- if (v == B64_EOLN) {
- ln = 0;
- if (exp_nl) {
- exp_nl = 0;
- continue;
- }
- }
- exp_nl = 0;
-
- /*
- * If we are at the end of input and it looks like a line, process
- * it.
- */
- if (((i + 1) == inl) && (((n & 3) == 0) || eof)) {
- v = B64_EOF;
- /*
- * In case things were given us in really small records (so two
- * '=' were given in separate updates), eof may contain the
- * incorrect number of ending bytes to skip, so let's redo the
- * count
- */
- eof = 0;
- if (d[n - 1] == '=')
- eof++;
- if (d[n - 2] == '=')
- eof++;
- /* There will never be more than two '=' */
+ if (v == B64_EOF) {
+ seof = 1;
+ goto tail;
}

- if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) {
- /*
- * This is needed to work correctly on 64 byte input lines. We
- * process the line and then need to accept the '\n'
- */
- if ((v != B64_EOF) && (n >= 64))
- exp_nl = 1;
- if (n > 0) {
- v = EVP_DecodeBlock(out, d, n);
- n = 0;
- if (v < 0) {
- rv = 0;
- goto end;
- }
- if (eof > v) {
- rv = -1;
- goto end;
- }
- ret += (v - eof);
- } else {
- eof = 1;
- v = 0;
- }
-
- /*
- * This is the case where we have had a short but valid input
- * line
- */
- if ((v < ctx->length) && eof) {
- rv = 0;
+ /* Only save valid base64 characters. */
+ if (B64_BASE64(v)) {
+ if (n >= 64) {
+ /*
+ * We increment n once per loop, and empty the buffer as soon as
+ * we reach 64 characters, so this can only happen if someone's
+ * manually messed with the ctx. Refuse to write any more data.
+ */
+ rv = -1;
goto end;
- } else
- ctx->length = v;
+ }
+ OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+ d[n++] = tmp;
+ }

- if (seof >= 0) {
- rv = 0;
+ if (n == 64) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
goto end;
}
- out += v;
+ ret += decoded_len - eof;
+ out += decoded_len - eof;
}
}
- rv = 1;
- end:
+
+ /*
+ * Legacy behaviour: if the current line is a full base64-block (i.e., has
+ * 0 mod 4 base64 characters), it is processed immediately. We keep this
+ * behaviour as applications may not be calling EVP_DecodeFinal properly.
+ */
+tail:
+ if (n > 0) {
+ if ((n & 3) == 0) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
+ goto end;
+ }
+ ret += (decoded_len - eof);
+ } else if (seof) {
+ /* EOF in the middle of a base64 block. */
+ rv = -1;
+ goto end;
+ }
+ }
+
+ rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+ /* Legacy behaviour. This should probably rather be zeroed on error. */
*outl = ret;
ctx->num = n;
- ctx->line_num = ln;
- ctx->expect_nl = exp_nl;
return (rv);

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 7ac2c47583242343cf2ac001730a343118c21d56 (commit)
from 76067c75fd60371c0a66a36ed531e52b883dcf6a (commit)


- Log -----------------------------------------------------------------
commit 7ac2c47583242343cf2ac001730a343118c21d56
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 20:08:48 2015 +0200

base64 decode: check for high bit

Previously, the conversion would silently coerce to ASCII. Now, we error
out.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit b785504a10310cb2872270eb409b70971be5e76e)
(cherry picked from commit cb71f17dc786c72ec74c0ebb983b3ccfde484271)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/encode.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index f758a8c..3005560 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -60,9 +60,9 @@
#include "cryptlib.h"
#include <openssl/evp.h>

+static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f])
#else
/*
* We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -71,7 +71,6 @@
* as the underlying textstring data_bin2ascii[] is already EBCDIC)
*/
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
#endif

/*-
@@ -124,6 +123,23 @@ static const unsigned char data_ascii2bin[128] = {
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};

+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ a = os_toascii[a];
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#endif
+
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->length = 48;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via a50a8a76dd19bdcb3c2544fbf36e9238779cef3a (commit)
from 7ac2c47583242343cf2ac001730a343118c21d56 (commit)


- Log -----------------------------------------------------------------
commit a50a8a76dd19bdcb3c2544fbf36e9238779cef3a
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Sep 16 10:47:15 2015 +0100

Make sure OPENSSL_cleanse checks for NULL

In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18)

-----------------------------------------------------------------------

Summary of changes:
crypto/mem_clr.c | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
index 3df1f39..1a06636 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len)
{
unsigned char *p = ptr;
size_t loop = len, ctr = cleanse_ctr;
+
+ if (ptr == NULL)
+ return;
+
while (loop--) {
*(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF));

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 628c15039fd3e20980a587b71683d786a8addcd4 (commit)
from a50a8a76dd19bdcb3c2544fbf36e9238779cef3a (commit)

- Log -----------------------------------------------------------------
commit 628c15039fd3e20980a587b71683d786a8addcd4
Author: Rich Salz <rs...@akamai.com>
Date: Thu Sep 17 21:53:43 2015 -0400

This undoes GH367 for non-master

Was only approved for master, to avoid compatibility issues on
previous releases.

Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 6be18a22199de4d114b53686c31ba02723fc2c18)

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 33 +++++++++++++++++++--------------
doc/crypto/DSA_generate_parameters.pod | 11 ++++++-----
2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 1f12d6b..d686ab0 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -161,15 +161,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

bits = (bits + 63) / 64 * 64;

- if (seed_in != NULL) {
- if (seed_len < (size_t)qsize)
- return 0;
- if (seed_len > (size_t)qsize) {
- /* Only consume as much seed as is expected. */
- seed_len = qsize;
- }
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < (size_t)qsize))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > (size_t)qsize)
+ seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */

+ if (seed_in != NULL)

memcpy(seed, seed_in, seed_len);
- }

if ((ctx = BN_CTX_new()) == NULL)
goto err;

@@ -192,18 +195,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

for (;;) {
for (;;) { /* find q */

- int use_random_seed = (seed_in == NULL);
+ int seed_is_random;

/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (use_random_seed) {
- if (RAND_bytes(seed, qsize) <= 0)
+ if (!seed_len) {
+ if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;
+ seed_is_random = 1;
} else {
- /* If we come back through, use random seed next time. */
- seed_in = NULL;
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */

}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);

@@ -230,7 +235,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,

- use_random_seed, cb);
+ seed_is_random, cb);

if (r > 0)
break;
if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod

index b64a276..be7c924 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -17,12 +17,13 @@ DSA_generate_parameters - generate DSA parameters

DSA_generate_parameters() generates primes p and q and a generator g

for use in the DSA.

-B<bits> is the length of the prime p to be generated.
-For lengths under 2048 bits, the length of q is 160 bits; for lengths
-greater than or equal to 2048 bits, the length of q is set to 256 bits.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.

-If B<seed> is NULL, the primes will be generated at random.
-If B<seed_len> is less than the length of q, an error is returned.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.

DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

[Viktor Dukhovni]

The branch OpenSSL_1_0_1-stable has been updated

via 2ab1e7fde35f8f2b9e6eff523f5618a6eaac03f2 (commit)
from 628c15039fd3e20980a587b71683d786a8addcd4 (commit)


- Log -----------------------------------------------------------------
commit 2ab1e7fde35f8f2b9e6eff523f5618a6eaac03f2
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Fri Sep 18 21:15:42 2015 -0400

Fix indentation

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 4fe1cbdff89768c5d1983988ce1022674a438bbb)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/encode.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 3005560..c6abc4a 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -344,13 +344,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
tail:
if (n > 0) {

if ((n & 3) == 0) {

- decoded_len = EVP_DecodeBlock(out, d, n);
- n = 0;
- if (decoded_len < 0 || eof > decoded_len) {

- rv = -1;
- goto end;
- }

- ret += (decoded_len - eof);

+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
+ goto end;
+ }
+ ret += (decoded_len - eof);

} else if (seof) {

/* EOF in the middle of a base64 block. */

rv = -1;

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 34a0eade7ffea9c73b59e0fdffd4e1148b47b5ee (commit)
via 2bc914eb29a266d16d6046ae64d153c033ff333f (commit)
from 2ab1e7fde35f8f2b9e6eff523f5618a6eaac03f2 (commit)


- Log -----------------------------------------------------------------
commit 34a0eade7ffea9c73b59e0fdffd4e1148b47b5ee

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Sep 12 02:37:48 2015 +0100

Make SRP work with -www

PR#3817

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4e7e623012e1604d985e2ef362c2957d464f3f01)

Conflicts:
apps/s_server.c

commit 2bc914eb29a266d16d6046ae64d153c033ff333f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Sep 13 19:04:58 2015 +0100

Handle SSL_ERROR_WANT_X509_LOOKUP

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit f1c412c9e63f7c9cac2c723bff09cce563dda1b0)

-----------------------------------------------------------------------

Summary of changes:
apps/s_server.c | 15 +++++++++++++++
ssl/bio_ssl.c | 4 ++++
2 files changed, 19 insertions(+)

diff --git a/apps/s_server.c b/apps/s_server.c
index b58e5e0..a8aee77 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2654,6 +2654,21 @@ static int www_body(char *hostname, int s, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index a0c583e..d2d4d2e 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -419,6 +419,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
b->retry_reason = b->next_bio->retry_reason;
break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
default:
break;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via b2a6718819cc29be0abdf9272a037f82317ed163 (commit)
from 34a0eade7ffea9c73b59e0fdffd4e1148b47b5ee (commit)

- Log -----------------------------------------------------------------
commit b2a6718819cc29be0abdf9272a037f82317ed163
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Sep 16 10:24:37 2015 +0100

Fix SRP memory leaks

There were some memory leaks in the creation of an SRP verifier (both on
successful completion and also on some error paths).

Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit bf95cde28712cfcad90cb3975cdcb8e5c0f20fde)

-----------------------------------------------------------------------

Summary of changes:
crypto/srp/srp_vfy.c | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 50f75d7..a3f1a8a 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -521,12 +521,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g)
{
int len;
- char *result = NULL;
- char *vf;
+ char *result = NULL, *vf = NULL;
BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
+ int vfsize = 0;

if ((user == NULL) ||
(pass == NULL) || (salt == NULL) || (verifier == NULL))
@@ -564,22 +564,23 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
goto err;

BN_bn2bin(v, tmp);
- if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
+ vfsize = BN_num_bytes(v) * 2;
+ if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
t_tob64(vf, tmp, BN_num_bytes(v));

- *verifier = vf;
if (*salt == NULL) {
char *tmp_salt;

if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
- OPENSSL_free(vf);
goto err;
}
t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
*salt = tmp_salt;
}

+ *verifier = vf;
+ vf = NULL;
result = defgNid;

err:
@@ -587,11 +588,21 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
BN_free(N_bn);
BN_free(g_bn);
}
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ BN_clear_free(s);
+ BN_clear_free(v);
return result;
}

/*
- * create a verifier (*salt,*verifier,g and N are BIGNUMs)
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
*/
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
@@ -600,6 +611,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
+ BIGNUM *salttmp = NULL;

if ((user == NULL) ||
(pass == NULL) ||
@@ -614,10 +626,12 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
goto err;

- *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ } else {
+ salttmp = *salt;
}

- x = SRP_Calc_x(*salt, user, pass);
+ x = SRP_Calc_x(salttmp, user, pass);

*verifier = BN_new();
if (*verifier == NULL)
@@ -631,9 +645,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
srp_bn_print(*verifier);

result = 1;
+ *salt = salttmp;

err:
-
+ if (*salt != salttmp)
+ BN_clear_free(salttmp);
BN_clear_free(x);
BN_CTX_free(bn_ctx);
return result;

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via f9394bd7a053aa5ede7722e93b9351f8d9a800e7 (commit)
from b2a6718819cc29be0abdf9272a037f82317ed163 (commit)


- Log -----------------------------------------------------------------
commit f9394bd7a053aa5ede7722e93b9351f8d9a800e7
Author: Gunnar Kudrjavets <gunn...@microsoft.com>
Date: Mon Apr 27 11:14:45 2015 -0700

RT3823: Improve the robustness of event logging

There are a couple of minor fixes here:

1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.

2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.

3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.

Testing performed:

1) Clean compilation for debug-VC-WIN32 and VC-WIN32.

2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.

3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 4cd94416a452c3a3e0df24c297f7d2f0e6d5bb5f)

-----------------------------------------------------------------------

Summary of changes:
crypto/cryptlib.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index c654a5c..eccee72 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -930,13 +930,29 @@ void OPENSSL_showfatal(const char *fmta, ...)
# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (check_winnt() && OPENSSL_isservice() > 0) {
- HANDLE h = RegisterEventSource(0, _T("OPENSSL"));
- const TCHAR *pmsg = buf;
- ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0);
- DeregisterEventSource(h);
+ HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+ if (hEventLog != NULL) {
+ const TCHAR *pmsg = buf;
+
+ if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+ 1, 0, &pmsg, NULL)) {
+#if defined(DEBUG)
+ /*
+ * We are in a situation where we tried to report a critical
+ * error and this failed for some reason. As a last resort,
+ * in debug builds, send output to the debugger or any other
+ * tool like DebugView which can monitor the output.
+ */
+ OutputDebugString(pmsg);
+#endif
+ }
+
+ (void)DeregisterEventSource(hEventLog);
+ }
} else
# endif
- MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
}
#else
void OPENSSL_showfatal(const char *fmta, ...)

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 21d8f2448528346f6510ed329f53bb4ff93d00ba (commit)
from f9394bd7a053aa5ede7722e93b9351f8d9a800e7 (commit)


- Log -----------------------------------------------------------------
commit 21d8f2448528346f6510ed329f53bb4ff93d00ba
Author: David Woodhouse <David.W...@intel.com>
Date: Wed Sep 9 15:49:01 2015 -0400

RT3479: Add UTF8 support to BIO_read_filename()

If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().

If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?

It would certainly be nice if SSL_use_certificate_chain_file() worked.

Also made BIO_C_SET_FILENAME work (rsalz)

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit ff03599a2f518dbdf13bca0bb0208e431b892fe9)

-----------------------------------------------------------------------

Summary of changes:
crypto/bio/bss_file.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index d7f15b0..bfba93e 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -115,9 +115,8 @@ static BIO_METHOD methods_filep = {
NULL,
};

-BIO *BIO_new_file(const char *filename, const char *mode)
+static FILE *file_fopen(const char *filename, const char *mode)
{
- BIO *ret;
FILE *file = NULL;

# if defined(_WIN32) && defined(CP_UTF8)
@@ -164,6 +163,14 @@ BIO *BIO_new_file(const char *filename, const char *mode)
# else
file = fopen(filename, mode);
# endif
+ return (file);
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ BIO *ret;
+ FILE *file = file_fopen(filename, mode);
+
if (file == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
@@ -386,7 +393,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
else
strcat(p, "t");
# endif
- fp = fopen(ptr, p);
+ fp = file_fopen(ptr, p);
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 9d1fcbebbc0b026c87f1ad37d47be2e87608ca11 (commit)
from 21d8f2448528346f6510ed329f53bb4ff93d00ba (commit)


- Log -----------------------------------------------------------------
commit 9d1fcbebbc0b026c87f1ad37d47be2e87608ca11
Author: Rich Salz <rs...@akamai.com>
Date: Mon Sep 21 19:54:36 2015 -0400

GH398: Add mingw cross-compile, etc.

For all release branches. It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.

Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit db9defdfe306e1adf0af7188b187d535eb0268da)

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
create mode 100644 .travis.yml

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..cb28758
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,50 @@
+language: c
+
+addons:
+ apt_packages:
+ - binutils-mingw-w64
+ - gcc-mingw-w64
+
+os:
+ - linux
+ - osx
+
+compiler:
+ - clang
+ - gcc
+ - i686-w64-mingw32-gcc
+ - x86_64-w64-mingw32-gcc
+
+env:
+ - CONFIG_OPTS=""
+ - CONFIG_OPTS="shared"
+ - CONFIG_OPTS="--debug --strict-warnings"
+
+matrix:
+ exclude:
+ - os: osx
+ compiler: i686-w64-mingw32-gcc
+ - os: osx
+ compiler: x86_64-w64-mingw32-gcc
+
+before_script:
+ - if [ "$CC" == i686-w64-mingw32-gcc ]; then
+ export CROSS_COMPILE=${CC%%gcc}; unset CC;
+ ./Configure mingw $CONFIG_OPTS;
+ elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
+ export CROSS_COMPILE=${CC%%gcc}; unset CC;
+ ./Configure mingw64 $CONFIG_OPTS;
+ else
+ ./config $CONFIG_OPTS;
+ fi
+
+script:
+ - make
+ - if [ -z "$CROSS_COMPILE" ]; then make test; fi
+
+notifications:
+ recipient:
+ - openssl...@openssl.org
+ email:
+ on_success: change
+ on_failure: always

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 456b9820ebaa7e9bfec8eec27326478cc0a3b0fa (commit)
via e56c77b8ee964b233137eea15b067eed1b1b44ea (commit)
via 69051874889696c2064b556ad4614d2f3644258a (commit)
from 9d1fcbebbc0b026c87f1ad37d47be2e87608ca11 (commit)


- Log -----------------------------------------------------------------
commit 456b9820ebaa7e9bfec8eec27326478cc0a3b0fa
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 13:50:34 2015 +0200

BUF_strdup and friends: update docs

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 58e3457a82e8940ff36b36949f9c7a60e7614b2c)
(cherry picked from commit be250ee2d353a9c8ed858bf8ca274d3107ae2f64)

commit e56c77b8ee964b233137eea15b067eed1b1b44ea
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Sep 17 13:27:05 2015 +0200

BUF_strndup: tidy

Fix comment, add another overflow check, tidy style

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf)
(cherry picked from commit f5afe9ce3f7ab8d2fef460054d1170427db0d02c)

commit 69051874889696c2064b556ad4614d2f3644258a
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Wed Sep 16 17:54:05 2015 +0200

Make BUF_strndup() read-safe on arbitrary inputs

BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
(cherry picked from commit f61216ba9d17430fb5eb3e2b202a209960b9d51b)

-----------------------------------------------------------------------

Summary of changes:
crypto/buffer/buf_str.c | 21 ++++++++++++++-------
crypto/buffer/buffer.h | 6 ++++++
doc/crypto/buffer.pod | 47 ++++++++++++++++++++++++-----------------------
3 files changed, 44 insertions(+), 30 deletions(-)

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index fdde3d7..233af24 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -58,12 +58,13 @@

#include <stdio.h>
#include "cryptlib.h"
+#include <limits.h>
#include <openssl/buffer.h>

char *BUF_strdup(const char *str)
{
if (str == NULL)
- return (NULL);
+ return NULL;
return BUF_strndup(str, strlen(str));
}

@@ -72,14 +73,20 @@ char *BUF_strndup(const char *str, size_t siz)
char *ret;

if (str == NULL)
- return (NULL);
+ return NULL;
+
+ if (siz >= INT_MAX)
+ return NULL;

ret = OPENSSL_malloc(siz + 1);
if (ret == NULL) {
BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
- BUF_strlcpy(ret, str, siz + 1);
+
+ memcpy(ret, str, siz);
+ ret[siz] = '\0';
+
return (ret);
}

@@ -87,13 +94,13 @@ void *BUF_memdup(const void *data, size_t siz)
{
void *ret;

- if (data == NULL)
- return (NULL);
+ if (data == NULL || siz >= INT_MAX)
+ return NULL;

ret = OPENSSL_malloc(siz);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return memcpy(ret, data, siz);
}
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index 632df93..89183ad 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -85,7 +85,13 @@ void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
char *BUF_strndup(const char *str, size_t siz);
+
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);

diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
index 781f5b1..9d6de53 100644
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@@ -2,8 +2,11 @@

=head1 NAME

-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents

=head1 SYNOPSIS

@@ -15,25 +18,20 @@ character arrays structure

int BUF_MEM_grow(BUF_MEM *str, int len);

- char * BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);

-=head1 DESCRIPTION
+ char *BUF_strndup(const char *str, size_t siz);

-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
+ void *BUF_memdup(const void *data, size_t siz);

-The library uses the BUF_MEM structure defined in buffer.h:
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);

- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);

-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.

BUF_MEM_new() allocates a new buffer of zero size.

@@ -44,14 +42,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to
B<len>. Any data already in the buffer is preserved if it increases in
size.

-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy() and
+BUF_strlcat() are equivalents of the standard C library functions. The
+dup() functions use OPENSSL_malloc() underneath and so should be used
+in preference to the standard library for memory leak checking or
+replacing the malloc() function.
+
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.

-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.

=head1 RETURN VALUES

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 2bd918696bd779fc15af20b2edd990e9ddb31ee8 (commit)
from 456b9820ebaa7e9bfec8eec27326478cc0a3b0fa (commit)


- Log -----------------------------------------------------------------
commit 2bd918696bd779fc15af20b2edd990e9ddb31ee8
Author: Rich Salz <rs...@openssl.org>
Date: Fri Sep 25 11:38:43 2015 -0400

Change --debug to -d for compat with old releases.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 1d4ddb4e1a088f1333c4bb155c52c7f94e572bca)

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index cb28758..14e0a87 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ compiler:
env:
- CONFIG_OPTS=""
- CONFIG_OPTS="shared"
- - CONFIG_OPTS="--debug --strict-warnings"
+ - CONFIG_OPTS="--d --strict-warnings"

matrix:
exclude:

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via dfa08ea7502d58e10d222165c0200075ef6bb739 (commit)
from 2bd918696bd779fc15af20b2edd990e9ddb31ee8 (commit)


- Log -----------------------------------------------------------------
commit dfa08ea7502d58e10d222165c0200075ef6bb739
Author: Rich Salz <rs...@openssl.org>
Date: Fri Sep 25 11:43:51 2015 -0400

Fix typo in previous merge

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml

index 14e0a87..3125363 100644

--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ compiler:
env:
- CONFIG_OPTS=""
- CONFIG_OPTS="shared"

- - CONFIG_OPTS="--d --strict-warnings"
+ - CONFIG_OPTS="-d --strict-warnings"

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 7794c355eadd49d2fc1670b1dc8ac19f1e93c26f (commit)
from dfa08ea7502d58e10d222165c0200075ef6bb739 (commit)


- Log -----------------------------------------------------------------
commit 7794c355eadd49d2fc1670b1dc8ac19f1e93c26f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Sep 28 14:31:53 2015 +0100

SRP memory leak fix

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 92ea6fe597238779e23fd9e1fee82d30641d61a8)

-----------------------------------------------------------------------

Summary of changes:
apps/s_client.c | 3 +++

1 file changed, 3 insertions(+)

diff --git a/apps/s_client.c b/apps/s_client.c
index 28737b6..16833ac 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1884,6 +1884,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+ OPENSSL_free(srp_arg.srppassin);
+#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cbuf != NULL) {

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via 64ec479559d359cb18cc9dc94b6503a624831eee (commit)
from 7794c355eadd49d2fc1670b1dc8ac19f1e93c26f (commit)


- Log -----------------------------------------------------------------
commit 64ec479559d359cb18cc9dc94b6503a624831eee
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed Sep 23 19:29:18 2015 +0200

RT2772: accept empty SessionTicket

RFC 5077 section 3.3 says: If the server determines that it does not
want to include a ticket after it has included the SessionTicket
extension in the ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 21b538d616b388fa0ce64ef54da3504253895cf8)

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c89564b..47b3189 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2134,6 +2134,7 @@ int ssl3_get_new_session_ticket(SSL *s)
long n;
const unsigned char *p;
unsigned char *d;
+ unsigned long ticket_lifetime_hint;

n = s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A,
@@ -2152,6 +2153,19 @@ int ssl3_get_new_session_ticket(SSL *s)

p = d = (unsigned char *)s->init_msg;

+ n2l(p, ticket_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ /* Server is allowed to change its mind and send an empty ticket. */
+ if (ticklen == 0)
+ return 1;
+
if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode;
SSL_SESSION *new_sess;
@@ -2183,14 +2197,6 @@ int ssl3_get_new_session_ticket(SSL *s)
s->session = new_sess;
}

- n2l(p, s->session->tlsext_tick_lifetime_hint);
- n2s(p, ticklen);
- /* ticket_lifetime_hint + ticket_length + ticket */
- if (ticklen + 6 != n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
if (s->session->tlsext_tick) {
OPENSSL_free(s->session->tlsext_tick);
s->session->tlsext_ticklen = 0;
@@ -2201,6 +2207,7 @@ int ssl3_get_new_session_ticket(SSL *s)
goto err;
}
memcpy(s->session->tlsext_tick, p, ticklen);
+ s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
s->session->tlsext_ticklen = ticklen;
/*
* There are two ways to detect a resumed ticket session. One is to set

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via b0c8e38e3398a634b9be081fa377933ed8f45905 (commit)
from 64ec479559d359cb18cc9dc94b6503a624831eee (commit)


- Log -----------------------------------------------------------------
commit b0c8e38e3398a634b9be081fa377933ed8f45905
Author: Hubert Kario <hka...@redhat.com>
Date: Thu Sep 17 14:42:27 2015 +0200

RT4051: fix ciphers man page typo

the alias supported by OpenSSL 1.0.1 is "EECDH" not "EECDHE"
(GH PR 405)

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
doc/apps/ciphers.pod | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 0aa1bad..0afe80d 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -205,7 +205,7 @@ keys or either respectively.
cipher suites using ephemeral ECDH key agreement, including anonymous
cipher suites.

-=item B<EECDHE>
+=item B<EECDH>

cipher suites using authenticated ephemeral ECDH key agreement.

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 72ac982306be9c9ad5f355dba725ab3d0716879e (commit)
from b0c8e38e3398a634b9be081fa377933ed8f45905 (commit)

- Log -----------------------------------------------------------------
commit 72ac982306be9c9ad5f355dba725ab3d0716879e
Author: Ismo Puustinen <ismo.pu...@intel.com>
Date: Fri Sep 18 16:07:23 2015 -0400

GH367: use random data if seed too short.

Signed-off-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 6f997dc36504d67d1339ceb6bce4ecba673d8568)

-----------------------------------------------------------------------

Summary of changes:
crypto/dsa/dsa_gen.c | 2 +-
doc/crypto/DSA_generate_parameters.pod | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index d686ab0..defa499 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -201,7 +201,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

if (!BN_GENCB_call(cb, 0, m++))
goto err;

- if (!seed_len) {
+ if (!seed_len || !seed_in) {

if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;

seed_is_random = 1;
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index be7c924..f24c9c7 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,7 +23,7 @@ maximum of 1024 bits.

If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be

generated at random. Otherwise, the seed is used to generate

them. If the given seed does not yield a prime q, a new random

-seed is chosen and placed at B<seed>.
+seed is chosen.

DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 978c8aa8b79692d193437d28e2485ec5ffa9d6cc (commit)
from 72ac982306be9c9ad5f355dba725ab3d0716879e (commit)


- Log -----------------------------------------------------------------
commit 978c8aa8b79692d193437d28e2485ec5ffa9d6cc

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Sep 28 14:14:10 2015 +0100

Link in applink with fips_premain_dso

PR#4042

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit d62c64b947ae96463a331de005165c57966d2149)

-----------------------------------------------------------------------

Summary of changes:
util/pl/VC-32.pl | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index b597998..e5abb97 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -342,15 +342,17 @@ sub do_link_rule
local($ret,$_);
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
+ $ret.="$target: $files $dep_libs";
if ($standalone == 1)
{
+ $ret.=" \$(OBJ_D)${o}applink.obj\n";
$ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
- $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+ $ret.= "\$(EX_LIBS) \$(OBJ_D)${o}applink.obj " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
$ret.="$files $libs\n<<\n";
}
elsif ($standalone == 2)
{
+ $ret.="\n";
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
@@ -363,6 +365,7 @@ sub do_link_rule
}
else
{
+ $ret.="\n";
$ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";

[Kurt Roeckx]

The branch OpenSSL_1_0_1-stable has been updated

via 67d42531744e56d11212ee000e4559cf95ac57a7 (commit)
from 978c8aa8b79692d193437d28e2485ec5ffa9d6cc (commit)


- Log -----------------------------------------------------------------
commit 67d42531744e56d11212ee000e4559cf95ac57a7
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue Sep 29 19:59:48 2015 +0200

Fix more d2i cases to properly update the input pointer

Thanks to David Benjamin <davi...@google.com> for pointing them out.

Reviewed-by: Steve Henson <st...@openssl.org>
MR #1198

(cherry picked from commit 605236f6a8fe0743af2f63d93239a74c69dae137)

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/d2i_pr.c | 8 +++++---
crypto/asn1/x_x509.c | 4 +---
2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 314f4e3..d21829a 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
EVP_PKEY_free(ret);
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
-
+ if (ret == NULL)
+ goto err;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
@@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret != NULL)
- *pp = p;
+ if (ret == NULL)
+ return NULL;

+ *pp = p;
if (a) {
*a = ret;
}

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 916e51f..bcd9166 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -186,9 +186,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)

return NULL;
/* update length */

length -= q - *pp;

- if (!length)
- return ret;
- if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
goto err;

*pp = q;
return ret;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via f141376ae2892b59f2b1af94204f925832f8dc3a (commit)
via e4840c88c516d959785fcd842d8658d3b7a6ae43 (commit)
from 67d42531744e56d11212ee000e4559cf95ac57a7 (commit)

- Log -----------------------------------------------------------------
commit f141376ae2892b59f2b1af94204f925832f8dc3a
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Oct 5 14:12:05 2015 +0100

Change functions to pass in a limit rather than calculate it

Some extension handling functions were passing in a pointer to the start
of the data, plus the length in order to calculate the end, rather than
just passing in the end to start with. This change makes things a little
more readable.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

Conflicts:
ssl/s3_srvr.c
ssl/ssl_locl.h
ssl/t1_lib.c

commit e4840c88c516d959785fcd842d8658d3b7a6ae43
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Fri Oct 2 14:38:30 2015 +0200

Validate ClientHello extension field length

RT#4069

Reviewed-by: Emilia Käsper <emi...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 2 +-
ssl/ssl_locl.h | 2 +-
ssl/t1_lib.c | 30 +++++++++++++++---------------
3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 3a5f71d..208063c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1264,7 +1264,7 @@ int ssl3_get_client_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions */
if (s->version >= SSL3_VERSION) {
- if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
+ if (!ssl_parse_clienthello_tlsext(s, &p, d + n, &al)) {
/* 'al' set by ssl_parse_clienthello_tlsext */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
goto f_err;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a7f3f8d..5edf7a8 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1154,7 +1154,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit);
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
- unsigned char *d, int n, int *al);
+ unsigned char *limit, int *al);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
unsigned char *d, int n, int *al);
int ssl_prepare_clienthello_tlsext(SSL *s);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d70b93f..b1b8bb0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -913,7 +913,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* 10.8..10.8.3 (which don't work).
*/
static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const unsigned char *d, int n)
+ const unsigned char *limit)
{
unsigned short type, size;
static const unsigned char kSafariExtensionsBlock[] = {
@@ -942,11 +942,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
0x02, 0x03, /* SHA-1/ECDSA */
};

- if (data >= (d + n - 2))
+ if (data >= (limit - 2))
return;
data += 2;

- if (data > (d + n - 4))
+ if (data > (limit - 4))
return;
n2s(data, type);
n2s(data, size);
@@ -954,7 +954,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
if (type != TLSEXT_TYPE_server_name)
return;

- if (data + size > d + n)
+ if (data + size > limit)
return;
data += size;

@@ -962,7 +962,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);

- if (data + len1 + len2 != d + n)
+ if (data + len1 + len2 != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
return;
@@ -971,7 +971,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
} else {
const size_t len = sizeof(kSafariExtensionsBlock);

- if (data + len != d + n)
+ if (data + len != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
return;
@@ -981,8 +981,8 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
}
# endif /* !OPENSSL_NO_EC */

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
- int n, int *al)
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
+ unsigned char *limit, int *al)
{
unsigned short type;
unsigned short size;
@@ -1004,7 +1004,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

# ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- ssl_check_for_safari(s, data, d, n);
+ ssl_check_for_safari(s, data, limit);
# endif /* !OPENSSL_NO_EC */

# ifndef OPENSSL_NO_SRP
@@ -1016,22 +1016,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

s->srtp_profile = NULL;

- if (data == d + n)
+ if (data == limit)
goto ri_check;

- if (data > (d + n - 2))
+ if (data > (limit - 2))
goto err;

n2s(data, len);

- if (data > (d + n - len))
+ if (data + len != limit)
goto err;

- while (data <= (d + n - 4)) {
+ while (data <= (limit - 4)) {
n2s(data, type);
n2s(data, size);

- if (data + size > (d + n))
+ if (data + size > (limit))
goto err;
# if 0
fprintf(stderr, "Received extension type %d size %d\n", type, size);
@@ -1396,7 +1396,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}

/* Spurious data on the end */
- if (data != d + n)
+ if (data != limit)
goto err;

*p = data;

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via a0ba92ccde949582e498cb42bced205ec1c95a3c (commit)
from f141376ae2892b59f2b1af94204f925832f8dc3a (commit)


- Log -----------------------------------------------------------------
commit a0ba92ccde949582e498cb42bced205ec1c95a3c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Oct 6 14:15:14 2015 +0100

Don't try and parse boolean type.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit e58c4d3cdde7a0a01df2884bfeec31a2b07be22d)

-----------------------------------------------------------------------

Summary of changes:
apps/asn1pars.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 11b0787..0a6b990 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;

[Kurt Roeckx]

The branch OpenSSL_1_0_1-stable has been updated

via 91dc4497dec6fcb1e0ecf61f257c9c13364328b4 (commit)
via 11ca27c912888460a7a06b9308fd85170e1db194 (commit)
from a0ba92ccde949582e498cb42bced205ec1c95a3c (commit)


- Log -----------------------------------------------------------------
commit 91dc4497dec6fcb1e0ecf61f257c9c13364328b4
Author: Pascal Cuoq <cu...@trust-in-soft.com>
Date: Tue May 5 11:20:39 2015 +0200

Move BN_CTX_start() call so the error case can always call BN_CTX_end().

Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1231

(cherry picked from commit 99c203337574d967c86ffbfa13f40ace51048485)

commit 11ca27c912888460a7a06b9308fd85170e1db194
Author: Pascal Cuoq <cu...@trust-in-soft.com>
Date: Wed May 6 11:31:27 2015 +0200

Set flags to 0 before calling BN_with_flags()

BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.

Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Rich Salz <rs...@openssl.org>
MR #1231

(cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_gcd.c | 2 ++
crypto/dsa/dsa_gen.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab..ce59fe7 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
+ local_B.flags = 0;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, pB, A, ctx))
goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
+ local_A.flags = 0;
BN_with_flags(pA, A, BN_FLG_CONSTTIME);

/* (D, M) := (A/B, A%B) ... */
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index defa499..0dada3d 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -177,10 +177,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

if ((ctx = BN_CTX_new()) == NULL)
goto err;

+ BN_CTX_start(ctx);
+
if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;

- BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 363c8fd572b19aa085dad8da6d7a5dd89930bf54 (commit)
from 91dc4497dec6fcb1e0ecf61f257c9c13364328b4 (commit)


- Log -----------------------------------------------------------------
commit 363c8fd572b19aa085dad8da6d7a5dd89930bf54
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Oct 8 11:53:07 2015 +0200

When ENGINE_add finds that id or name is missing, actually return

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 5850cc75ea0c1581a9034390f1ca77cadc596238)

-----------------------------------------------------------------------

Summary of changes:
crypto/engine/eng_list.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 3384e31..83c95d5 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -260,6 +260,7 @@ int ENGINE_add(ENGINE *e)
}
if ((e->id == NULL) || (e->name == NULL)) {
ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+ return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (!engine_list_add(e)) {

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via ec1f1255127c3987494978c9bf1c8f7ac9b093e4 (commit)
from 363c8fd572b19aa085dad8da6d7a5dd89930bf54 (commit)


- Log -----------------------------------------------------------------
commit ec1f1255127c3987494978c9bf1c8f7ac9b093e4
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Oct 8 13:36:10 2015 +0100

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)

-----------------------------------------------------------------------

Summary of changes:
crypto/rsa/rsa_sign.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index bc91da2..41c827f 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
- } else if (memcmp(m, s + 2, 16))
+ } else if (memcmp(m, s + 2, 16)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- else
+ } else {
ret = 1;
- }
-
- /* Special case: SSL signature */
- if (dtype == NID_md5_sha1) {
+ }
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 978b5d709a6d7fc75665a837df2ad57fe9653dcf (commit)
from ec1f1255127c3987494978c9bf1c8f7ac9b093e4 (commit)


- Log -----------------------------------------------------------------
commit 978b5d709a6d7fc75665a837df2ad57fe9653dcf
Author: Rich Salz <rs...@openssl.org>
Date: Thu Oct 8 23:31:29 2015 -0400

Fix travis build for 1.0.1

Add explicit linux-clang targets
Add --strict-warnings support for clang
Disable mingw debug builds

Signed-off-by: Rich Salz <rs...@openssl.org>

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

.travis.yml | 4 ++++
Configure | 15 ++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 3125363..397ac1d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,6 +26,10 @@ matrix:
compiler: i686-w64-mingw32-gcc
- os: osx
compiler: x86_64-w64-mingw32-gcc
+ - compiler: i686-w64-mingw32-gcc
+ env: CONFIG_OPTS="-d --strict-warnings"
+ - compiler: x86_64-w64-mingw32-gcc
+ env: CONFIG_OPTS="-d --strict-warnings"

before_script:

- if [ "$CC" == i686-w64-mingw32-gcc ]; then

diff --git a/Configure b/Configure
index 60ec378..c9dedcd 100755
--- a/Configure
+++ b/Configure
@@ -105,6 +105,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta

my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";

+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+
my $strict_warnings = 0;

my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -197,6 +199,7 @@ my %table=(
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",

# Basic configs that should work on any (32 and less bit) box
@@ -361,6 +364,7 @@ my %table=(
"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -1574,12 +1578,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)

if ($strict_warnings)
{
+ my $ecc = $cc;
+ $ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my $wopt;
- die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
}
+ if ($ecc eq "clang")
+ {
+ foreach $wopt (split /\s+/, $clang_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ }
+ }
}

open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via bfc19297cddd5bc2192c02c7f8896d804b0456cb (commit)
from 978b5d709a6d7fc75665a837df2ad57fe9653dcf (commit)


- Log -----------------------------------------------------------------
commit bfc19297cddd5bc2192c02c7f8896d804b0456cb
Author: Rich Salz <rs...@akamai.com>
Date: Fri Oct 9 14:14:34 2015 -0400

Avoid SHA1 weakness

In X509_cmp, if cert digest is equal, look at DER of the
signed part. This is what master and 1.0.2 already do.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/x509/x509_cmp.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 3c5b717..5792e7f 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -179,11 +179,24 @@ unsigned long X509_subject_name_hash_old(X509 *x)
*/
int X509_cmp(const X509 *a, const X509 *b)
{
+ int rv;
+
/* ensure hash is valid */
X509_check_purpose((X509 *)a, -1, 0);
X509_check_purpose((X509 *)b, -1, 0);

- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ if (rv)
+ return rv;
+ /* Check for match against stored encoding too */
+ if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
+ rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
+ if (rv)
+ return rv;
+ return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+ a->cert_info->enc.len);
+ }
+ return rv;
}
#endif

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via b2593839da1e0c5af5fedf3fce3fd43c400199b4 (commit)
from bfc19297cddd5bc2192c02c7f8896d804b0456cb (commit)


- Log -----------------------------------------------------------------
commit b2593839da1e0c5af5fedf3fce3fd43c400199b4

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Oct 11 00:06:56 2015 +0100

Typo.

PR#4079

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit c69ce9351336f5b4a8b33890756b3fd185528210)

Conflicts:
crypto/evp/e_des3.c

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/e_des3.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 07a5aca..1272305 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -241,7 +241,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
DES_cblock *deskey = (DES_cblock *)key;
# ifdef EVP_CHECK_DES_KEY
if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
+ || DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
return 0;
# else
DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);