[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Rich Salz rsalz at openssl.org
Wed Mar 8 15:16:52 UTC 2017 

The branch OpenSSL_1_0_2-stable has been updated
       via  201015ee4f38e5d216a7625282c6b8a395b680b7 (commit)
      from  178b9be8eccffca66434299bf986494c449b10ee (commit)


- Log -----------------------------------------------------------------
commit 201015ee4f38e5d216a7625282c6b8a395b680b7
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Mar 8 11:18:55 2017 +1000

    Limit the output of the enc -ciphers command
    
    to just the ciphers enc can
    process.  This means no AEAD ciphers and no XTS mode.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2876)
    (cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)
    
    (cherry picked from commit b97324dbcb12e8b509d513ded9ba3f71c14547d8)

-----------------------------------------------------------------------

Summary of changes:
 apps/enc.c                         |   7 +++++++
 crypto/include/internal/bn_conf.h  |  28 ++++++++++++++++++++++++++++
 crypto/include/internal/dso_conf.h |  16 ++++++++++++++++
 doc-nits                           |   0
 fuzz/asn1-test                     | Bin 0 -> 36892 bytes
 fuzz/asn1parse-test                | Bin 0 -> 18402 bytes
 fuzz/bignum-test                   | Bin 0 -> 19593 bytes
 fuzz/bndiv-test                    | Bin 0 -> 20310 bytes
 fuzz/client-test                   | Bin 0 -> 20298 bytes
 fuzz/cms-test                      | Bin 0 -> 18846 bytes
 fuzz/conf-test                     | Bin 0 -> 19368 bytes
 fuzz/crl-test                      | Bin 0 -> 18816 bytes
 fuzz/ct-test                       | Bin 0 -> 18783 bytes
 fuzz/server-test                   | Bin 0 -> 31129 bytes
 fuzz/x509-test                     | Bin 0 -> 18793 bytes
 test/ssltest_old                   | Bin 0 -> 114814 bytes
 test/v3ext                         | Bin 0 -> 10543 bytes
 test/x509aux                       | Bin 0 -> 21871 bytes
 18 files changed, 51 insertions(+)
 create mode 100644 crypto/include/internal/bn_conf.h
 create mode 100644 crypto/include/internal/dso_conf.h
 create mode 100644 doc-nits
 create mode 100755 fuzz/asn1-test
 create mode 100755 fuzz/asn1parse-test
 create mode 100755 fuzz/bignum-test
 create mode 100755 fuzz/bndiv-test
 create mode 100755 fuzz/client-test
 create mode 100755 fuzz/cms-test
 create mode 100755 fuzz/conf-test
 create mode 100755 fuzz/crl-test
 create mode 100755 fuzz/ct-test
 create mode 100755 fuzz/server-test
 create mode 100755 fuzz/x509-test
 create mode 100755 test/ssltest_old
 create mode 100755 test/v3ext
 create mode 100755 test/x509aux

diff --git a/apps/enc.c b/apps/enc.c
index 8c8f1ef..69fb3f9 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -89,6 +89,13 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
diff --git a/crypto/include/internal/bn_conf.h b/crypto/include/internal/bn_conf.h
new file mode 100644
index 0000000..34bd8b7
--- /dev/null
+++ b/crypto/include/internal/bn_conf.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/crypto/include/internal/dso_conf.h b/crypto/include/internal/dso_conf.h
new file mode 100644
index 0000000..7a52dd1
--- /dev/null
+++ b/crypto/include/internal/dso_conf.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/dso_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/doc-nits b/doc-nits
new file mode 100644
index 0000000..e69de29
diff --git a/fuzz/asn1-test b/fuzz/asn1-test
new file mode 100755
index 0000000..213ae9b
Binary files /dev/null and b/fuzz/asn1-test differ
diff --git a/fuzz/asn1parse-test b/fuzz/asn1parse-test
new file mode 100755
index 0000000..8a09d26
Binary files /dev/null and b/fuzz/asn1parse-test differ
diff --git a/fuzz/bignum-test b/fuzz/bignum-test
new file mode 100755
index 0000000..9fdbae9
Binary files /dev/null and b/fuzz/bignum-test differ
diff --git a/fuzz/bndiv-test b/fuzz/bndiv-test
new file mode 100755
index 0000000..f3325e6
Binary files /dev/null and b/fuzz/bndiv-test differ
diff --git a/fuzz/client-test b/fuzz/client-test
new file mode 100755
index 0000000..fed6d93
Binary files /dev/null and b/fuzz/client-test differ
diff --git a/fuzz/cms-test b/fuzz/cms-test
new file mode 100755
index 0000000..a21e911
Binary files /dev/null and b/fuzz/cms-test differ
diff --git a/fuzz/conf-test b/fuzz/conf-test
new file mode 100755
index 0000000..99514e2
Binary files /dev/null and b/fuzz/conf-test differ
diff --git a/fuzz/crl-test b/fuzz/crl-test
new file mode 100755
index 0000000..857fc61
Binary files /dev/null and b/fuzz/crl-test differ
diff --git a/fuzz/ct-test b/fuzz/ct-test
new file mode 100755
index 0000000..ee3b2e2
Binary files /dev/null and b/fuzz/ct-test differ
diff --git a/fuzz/server-test b/fuzz/server-test
new file mode 100755
index 0000000..ee56e43
Binary files /dev/null and b/fuzz/server-test differ
diff --git a/fuzz/x509-test b/fuzz/x509-test
new file mode 100755
index 0000000..e7c90b2
Binary files /dev/null and b/fuzz/x509-test differ
diff --git a/test/ssltest_old b/test/ssltest_old
new file mode 100755
index 0000000..3e3a27d
Binary files /dev/null and b/test/ssltest_old differ
diff --git a/test/v3ext b/test/v3ext
new file mode 100755
index 0000000..09a0c3a
Binary files /dev/null and b/test/v3ext differ
diff --git a/test/x509aux b/test/x509aux
new file mode 100755
index 0000000..35378a8
Binary files /dev/null and b/test/x509aux differ

More information about the openssl-commits mailing list