[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-crypto-mdebug

OpenSSL run-checker openssl at openssl.org
Thu Dec 7 01:03:03 UTC 2017

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-crypto-mdebug

Commit log since last time:

e1dd8fa Fix the check_fatal macro
2894e9c Fix bug in TLSv1.3 PSK processing
723a7c5 apps/speed.c: detect evp cipher 32-bit ctr overflow and reset iv
4086607 Add link for more SECLEVEL info
0759f93 Fix minor typo in comment in rsa_st
b35bb37 Update eng_fat.c
603ebe0 modes/asm/ghashv8-armx.pl: handle lengths not divisible by 4x.
aa7bf31 modes/asm/ghashv8-armx.pl: optimize modulo-scheduled loop.
9ee020f modes/asm/ghashv8-armx.pl: modulo-schedule loop.
7ff2fa4 modes/asm/ghashv8-armx.pl: implement 4x aggregate factor.
a00cceb key_A and key_B had 3 references, only 2 were freed.
546fda2 apps/speed.c: use 32 byte key material as default
64daf14 apps/speed.c: add -seconds and -bytes options
dd5a427 Fix some formatting nits
e7d961e Remove spurious whitespace
8e7677a Update an error reason code to be ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
8e02e73 Fix the Boring tests following the SSLfatal() changes
29bfd5b Add some more cleanups
f9f674e Assert that SSLfatal() only gets called once
47e2ee0 Add some sanity checks for the fatal error condition
635c8f7 Fix up a few places in the state machine that got missed with SSLfatal()
d273b60 Convert more functions in ssl/statem/statem_dtls.c to use SSLfatal()
d4d2f3a Convert more functions in ssl/statem/statem.c to use SSLfatal()
3ec8d11 Convert remaining functions in statem_srvr.c to use SSLfatal()
a2c2e00 Convert remaining functions in statem_clnt.c to use SSLfatal()
f63a17d Convert the state machine code to use SSLfatal()
4752c5d Replace some usage of SSLerr with SSLfatal()
1f35947 Provide an SSLfatal() macro
1e2804f Adjusted Argument Indices CLA: trivial
822b5e2 Make possible variant SONAMEs and symbol versions
a4cefc8 Add "friendly name" extractor
e670e90 Add sk_new_reserve support
e1c7871 Use ChaCha only if prioritized by clnt
92b1b9a A missing semicolon prevents compilation with ENGINE_REF_COUNT_DEBUG enabled.
3f6a831 Fix chacha-armv4.pl with clang -fno-integrated-as.
3bded9c rsa/rsa_gen.c: harmonize keygen's ability with RSA_security_bits.
0122add rsa/rsa_lib.c: make RSA_security_bits multi-prime aware.
83ccead Fix lshift tests
7bbb005 Fix docs for EVP_EncryptUpdate and EVP_DecryptUpdate
881dfed Fix SSL_state_string() and SSL_state_string_long()
b7af3f1 Test support for time_t comparisons.
92738d7 use size_t tests instead of int ones
378db52 Check for malloc failure
8a8d9e1 Fix SOURCE_DATE_EPOCH bug; use UTC
47c9926 chacha/asm/chacha-x86_64.pl: fix sporadic crash in AVX512 code path.
a8f302e poly1305/asm/poly1305-x86_64.pl: switch to pure AVX512F.
10a3195 Pretty-print large INTEGERs and ENUMERATEDs in hex.
d807db2 Create a prototype for OPENSSL_rdtsc
9279364 Fix EVP_MD_meth_new.pod
51e47d5 Correct EVP_CIPHER_meth_new.pod and EVP_MD_meth_new.pod
e44480c rsa/rsa_gen.c: ensure backward compatibility with external rsa->meth.
88ac224 crypto/x86_64cpuid.pl: fix AVX512 capability masking.
6df3409 Add SM3/SM4 to openssl command-line tool
f106f40 Avoid unnecessary MSYS2 conversion of some arguments
281bf23 If a server is not acknowledging SNI then don't reject early_data
3b58735 Provide a more information early_data message in s_server
bfab12b Allow a client to send early_data with SNI if the session has no SNI
b510b74 Ignore the session when setting SNI in s_client
665d899 Support multi-prime RSA (RFC 8017)
b000470 Support public key and param check in EVP interface
5d99881 Iron out /WX errors in VC-WIN32.
c1ec4db bn/bn_exp.c: harmonize BN_mod_exp_mont_consttime with negative input.
899e62d Fix AppVeyor/VC build failure
a78324d bn/bn_add.c: address performance regression.
8e4ec5b Modify expected output of a CRL to match the changed printout
be63fc1 Add padding spaces before printing signature algorithm for CRLs output
d1453d6 Modify expected output of a certificate to match the changed printout
e6cccb5 Add padding spaces before printing algo.
4ff71d6 Revert "Add padding spaces before printing algo."
26a374a Add padding spaces before printing algo.
4483fba Factorise duplicated code.
1a78a33 remove magic number
7533162 ARMv8 assembly pack: add Qualcomm Kryo results.
0d2394a Configurations/10-main.conf: add back /WX to VC-WIN32.
3a63c0e Resolve warnings in VC-WIN32 build, which allows to add /WX.
802127e ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX.
b4c0e4d evp/pbe_scrypt.c: add boundary condition for implicit cast.
3724631 asn1/a_strex.c: fix flags truncation in do_esc_char.
b741fcd Fix typo that cause find-doc-nits failure
f1d3de7 make update
27da134 Add OCSP API test executable
ce5886d Add an API to get the signer of an OCSP response
47c0702 Typo fix
46f4e1b Many spelling fixes/typo's corrected.
b4d0fa4 lhash.c: Replace Unicode EN DASH with the ASCII char '-'.
1687aa7 Fix possible leaks on sk_X509_EXTENSION_push() failure ...
1097d2a util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions.
7285803 00-base-templates.conf: fix ia64 builds.
44f19af Fix an s_client memory leak
b6705d4 Configurations/unix-Makefile.tmpl: fix HP-UX build.
d6ee8f3 OPENSSL_ia32cap: reserve for new extensions.
1b6fa9f Don't NULL check before calling DSO_free.
7aae0d3 Removre comment with user's name
f4411fa Various typo
f479eab style : fix some if(...
8963507 Configure: cleanup @disable_cascade
89a99cd Warn if -days without -x509
1c47d35 Mark a zero length record as read
018632a Fix race condition in TLSProxy
9f5671c Remove 4 broken macros from ocsp.h
14e0639 Disabled list doesn't contain SM3 and SM4.
67e247f SM3: restructure to EVP internal and update doc to right location
a0c3e4f SM3: Add SM3 hash function
cf72c75 Implement Maximum Fragment Length TLS extension.
b82acc3 aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
976b038 Conditionalize fuzz tests on feature macros
7760384 Check return value of OBJ_nid2obj in dsa_pub_encode.
a6f622b Add error handling in dsa_main and ASN1_i2d_bio.
157997f Fix error handling in i2d* functions.
ba24968 Update asn1 and x509 corpora
902f7d5 ASN1 fuzzer: Use d2i_TYPE / i2d_TYPE functions
222cb30 Don't turn b2 negative
e8ff08f Update location of the libfuzzer repository
d794876 Travis: if "make update" created a diff, please show it
de8c19c Update CHANGES and NEWS for new release
420b88c test/bntest.c: add bn_sqrx8x_internal regression test.
668a709 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
bd6eba7 Fix small but important regression
4a089bb Address a timing side channel whereby it is possible to determine some
c0caa94  Address a timing side channel whereby it is possible to determine some
8d3363f make update
8e32e1a Generate a dictionary of OIDs for fuzzers
8fa4d95 Synchronize man3 EVP cipher list with existing implementations, adding: * ARIA, SEED, Camellia * AES-XTS, OCB, CTR * Key wrap for 3DES, AES * RC4-MD5 AD * CFB modes with 1-bit and 8-bit shifts
bbda8ce EVP digest list: one hash algorithm per file, synchronize EVP list, overall cleanup.
287f555 Fix EVP_PKEY_ASN1_METHOD manual
e433ac3 testutil.h: Remove duplicate test macros
3ba7023 afalg: Fix kernel version check
bee9c8a afalg: Use eventfd2 syscall instead of eventfd
f19a5ff SM4: Add SM4 block cipher to EVP
ffd2320 Only reset the ctx when a cipher is given
79204b9 make update
d85722d EVP_PKEY_asn1_add0(): Check that this method isn't already registered
751148e Document EVP_PKEY_ASN1_METHOD and associated functions
5e00608 EVP_PKEY_ASN1_METHOD: add functions to set siginf_set and pkey_check methods
f403fee Prevent NULL dereference in async clear-fd code
8515534 Fix memory leak in crltest error case
23fa978 [packettest] Fix misplaced parentheses
3be08e3 Provide SSL_CTX.stats.sess_accept for switched ctxs
0e6161b Normalize on session_ctx for stats where possible
1fcb4e4 Use atomics for SSL_CTX statistics
ce01b18 Whitespace and indent fixes
bc4e831 s390x assembly pack: extend s390x capability vector.
7a90820 Simplify the stack reservation
689c178 Fix a couple nits in DEFINE_STACK_OF.pod
9cde5f8 Don't use strcasecmp and strncasecmp for IA5 strings
d9c989f Fix doc-nits in doc/man3/DEFINE_STACK_OF.pod
62f45e3 Fix mismatch of function prototype and document
3ceab37 Add sk_TYPE_new_reserve() function
82d89ef doc/man3/d2i_X509.pod: add {d2i,i2d}_DSA_PUBKEY in NAME section
7f111b8 CHANGES: remove empty whitespaces
e6b10c3 Fix error handling in SSL_new
fe6fcd3 asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free()
03996c1 asn1_item_embed_new(): don't free an embedded item
4ce8beb Don't make any changes to the lhash structure if we are going to fail
04761b5 Fix memory leak in GENERAL_NAME_set0_othername.
590bbdf asn1_item_embed_new(): don't free an embedded item
c9fe362 Correct value for BN_security_bits()
fb9163b e_os.h: add prandom and hwrng to the list of random devices on s390x.
f84a648 apps/s_client.c: add missing null check apps/s_server.c: remove unnecessary null check
0c1aaa2 Remove duplicate assignment.
b255516 Various clean-ups
9b02dc9 ECDSA_* is deprecated. EC_KEY_* is used instead
3f2181e Additional name for all commands
26a7d93 Remove parentheses of return.
2139145 Add missing RAND_DRBG locking
e0b625f Remove unnecessary DRBG_RESEED state
c16de9d Fix reseeding issues of the public RAND_DRBG
af1d638 s390x assembly pack: remove capability double-checking.
4c5100c crypto/aes/asm/aes-s390x.pl: fix $softonly=1 code path.
fe7a4d7 Update RAND_load_file return value.
432f868 x509v3/v3_utl.c: avoid double-free.
f5791af modes/gcm128.c: harmonize GCM_MUL macro with GHASH.
b589581 Some cleanups to apps/ca.c
8176431 Make '-name' option of the 's_client' more generic
cc1c473 Remove unused variable.
1f83edd Cleaning secret data after use
fdc83a7 added cmcCA and cmcRA as per rfc6402, capitalized per RFC7030 author
e680311 Code hygiene; initialize some pointers.
beb3094 Tweak the comment regarding record version check with respect to TLSv1.3
61278ff Sanity check the HRR version field
a2b97bd Don't do version neg on an HRR
aeb3e4a Fix incorrect function name in BN_bn2bin manpage
0bd42fd Fix a bug in ALPN comparation code of a test case
c7558d5 Fix reading heap overflow in a test case
21c2154 Add branch coverage to coveralls statistics
e3713c3 Remove email addresses from source code.
0e598a3 Add CRYPTO_get_alloc_counts.
8abeefe Fix memory leak in DH_get_nid()
141e470 Add a test for setting initial SNI in CH but not using it with early_data
9fb6cb8 Fix bug where early_data does not work if no SNI callback is present
549be25 make update
5368bf0 Add RFC7919 documentation.
dcb7e48 Add RFC7919 tests.
f4403a1 Add pad support
9b82c8b Don't assume shared key length matches expected length
d59d853 Add RFC7919 support to EVP
b6eae14 Add objects for RFC7919 parameters
7806a78 DH named parameter support
f682bd6 Add primes from RFC7919
5f2d9c4 Support constant BN for DH parameters
8e826a3 Document EVP_PKEY_set1_engine()
e366207 Add EVP_PKEY_METHOD redirection test
3f8b368 make update
d19b01a Add EVP_PKEY_set1_engine() function.
918a27f Fix memory leak on lookup failure
c2976ed Don't ignore passed ENGINE.
e913d11 Ensure we test all parameters for BN_FLG_CONSTTIME
be9b311 Remove an unused file
165cc51 Appease -Werror=maybe-uninitialized
f9df0a7 Move supportedgroup ext-block fields out of NO_EC
f49452c Return a value from atomic read on Windows. Use a read lock when reading using pthreads.
19f05eb Fix typos
32f3b98 crypto/x509v3/v3_utl.c, ssl/ssl_cert.c: fix Coverity problems.
65e6b9a apps/speed.c: add 'rand' algo to enable DRBG performance measurements.
751b26b Don't change client random in Client Hello in its second flight
30ff41b Add atomic write call
94683b7 Add a CRYPTO_atomic_read call which allows an int variable to be read in an atomic fashion.
338ead0 EVP_EncryptInit.pod: EVP_CIPHER_mode and EVP_CIPHER_CTX_mode update
fe4f66d apps/speed.c: fix ccm performance measurements.
d5961b2 set_hex() behaviour change
d2068e3 Reduce the things we ignore in test/
41f571e Use the possibility to have test results in a different directory
9b9a8a7 Fix util/perl/OpenSSL/Test.pm input variable overwrite
0ed78e7 Fix util/find-doc-nits to correctly parse function signature typedefs
5bf6d41 Correct some typedef documentation
208fb89 Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1;
2e8b5d7 Document that lhash isn't thread safe under any circumstances and indicate the level of locking required for various operations.
24b0be1 Fix doc for i2d/d2i private/public key
32cd473 Anchor the regexp match
fa4dd54 Rewrite some code
6447e81 Merge tls1_check_curve into tls1_check_group_id
f48d826 Change curves to groups where relevant
ff6d20a Use separate functions for supported and peer groups lists
f0b843c doc/man1/openssl.pod: Add missing commands and links
36cf10c Fixes #4459 "issuserAltName" documentation typo.
fbb7b33 stack/stack.c: various cleanups.
c8b749c Remove some commented out code
786b4df Remove an incorrect comment
dc6a62d Configurations/windows-makefile.tmpl: canonicalise configured paths
a84e5c9 Session resume broken switching contexts
270a4bb Use more pre-allocation
8e8e507 Postpone allocation of STACK internal storage ... until a first push(), insert() or an explicit call to OPENSSL_sk_reserve
2dbfa84 nistp521: add a comment to the P+P exceptional case in point_add.
c55b786 Fix the return type of felem_is_zero_int which should be int. Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts.
6364475 Added const-time flag to DSA key decoding to avoid potential leak of privkey
681acb3 doc: note that the BN_new() initialises the BIGNUM
af3e5e1 Put back the #include <openssl/safestack.h> lines in public headers. the latter includes the former.
f32b0ab Remove unnecessary #include <openssl/lhash.h> directives.
1f5e0f9 Use safestack.h exclusively internally. Remove all stack headers from some includes that don't use them.
e431363 Add stack space reservations.
1b3e2bb Add a reserve call to the stack data structure.
9f94429 BN_copy now propagates BN_FLG_CONSTTIME
3de81a5 Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
7966101 Allow DH_set0_key with only private key.
b50951d Add and use function tls1_in_list to avoid code duplication.
5ce5f78 Use tls1_group_id_lookup in tls1_curve_allowed
34e5292 Rename tls1_get_curvelist.
4a1b428 Rewrite compression and group checks.
612f9d2 New function ssl_generate_param_group
43b95d7 Replace tls1_ec_curve_id2nid.
0e464d9 Rename tls_curve_info to TLS_GROUP_INFO, move to ssl_locl.h
8841154 Return group id in tls1_shared_group
1483b85 Return correct Suite B curve, fix comment.
4881d84 Make sure that a cert with extensions gets version number 2 (v3)
28c0a61 Update comments to match function parameter names
b92d7b6 Use size of entries, not size of the pointer.
9b01779 Use curve_id not the nid
4708afc Remove dhparam from SSL_CONF list.
75c445e Fix 'key' option in s_server can be in ENGINE keyform
9e84a42 Store groups as uint16_t
6d50589 Configure: add -Wmisleading-indentation to strict warnings flags.
8545051 Guard against DoS in name constraints handling.
79b4444 Cleanup whitespace in ssl_lib.c (tabs to spaces)
b9ff048 Fix strict-warnings build
3a15486 Configure: unify clang's -Qunused-arguments option treatment.
51ac827 Reenable s_server -dhparam option
800c488 Add RSA-PSS certificate type TLS tests
613816f Add RSA-PSS test certificates
6aaa29f Allow use of RSA-PSS certificates in TLS 1.2
b46867d Allow RSA certificates to be used for RSA-PSS
045d078 Add RSA-PSS key certificate type.
6b1c820 Fix overflow in c2i_ASN1_BIT_STRING.
d2ef6e4 Stack sorting safety
9be34ee Null pointer used. Address coverity report of null pointer being dereferenced.
3edabd3 Provide getters for min/max proto version
53a7376 Avoid signed vs unsigned comparison error. Introduced by #4372
44589b5 Add explanatory comment about fitting into a size_t.
6ffaf15 Remote unrequited casts Also use strndup instead of a malloc/memcpy pair.
297002a Replace malloc+strcpy with strdup
6807b84 Fix function name in ECerr call
f5d270c Fix no-ec no-dh build
a8f730d Fix doc nits
0822e89 Support EVP_PKEY_meth_remove and pmeth internal cleanup
76b2ae8 Ensure that the requested memory size cannot exceed the limit imposed by a size_t variable.
f4eb248 Manually revert "Ensure allocation size fits into size_t"
582e2ed Revert "Reuse strndup(), simplify code"
4cacc9d Revert "GH614: Use memcpy()/strdup() when possible"

More information about the openssl-commits mailing list