When fips is enabled, the build aborts with
t1_lib.c:473:17: error: invalid type argument of unary '*' (have 'size_t')

In version openssl-1.0.h

In case of malloc error, the buffer is not tested here

In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL s)
{
.....
/ Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
buffer = OPENSSL_malloc(write_length);
bp = buffer;

    /* Enter response type, length and copy payload */
    *bp++ = TLS1_HB_RESPONSE;

Here neither
In ssl/d1_both.c
int
dtls1_heartbeat(SSL s)
{
.......
buf = OPENSSL_malloc(1 + 2 + payload + padding);
p = buf;
/ Message Type */
*p++ = TLS1_HB_REQUEST;

Here neither in ssl/s3_enc.c
int ssl3_digest_cached_records(SSL *s)
{
....

/* Allocate handshake_dgst array */
ssl3_free_digest_list(s);
s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));

Here neither in ssl/ssl_ciph.c
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
.....
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;

Here neither in ssl/ssl_sess.c
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
....
s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
session->krb5_client_princ_len);

(Not sure if this is where this should go, but anyways...)

I cannot see any of the downloads on OpenSSL.org, and trying to connect to the FTP server fails with a 425 Could Not Create Connection error.

I am using Firefox whatever-the-latest-stable-is.

A screenshot is attached.

Did no dev ever test openssl on windows?
I doesn't find the config file, because it looks in /etc/ssl/openssl.cnf.

The command line parameter -config is ignored, what works is an environment variable, which is really tricky to set up on Windows 8 however (you need to locate explorer.exe, run with elevated rights, switch over to control panel and go to system settings > advanced).

http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html results in a 404! I need to know how to fill out a TSU notification!

I am interfacing openssl with a custom version of pyca/pyopenssl.

When doing cffi compilation (CentOs 6.5) it fails for srtp.h reporting an error to the lines using SRTP_PROTECTION_PROFILE.

By adding

include <openssl/ssl.h>

in srtp.h (as this struct is defined in ssl.h) it is working fine.
Is this patch valid?
And if yes could it be included in the official source stream?

perl Configure VC-WIN32 --prefix=..\master
ms\do_ms
nmake -f ms\nt.mak

if replace ms\do_ms with ms\do_nt, fail same.
but build with nasm sucessful

...
        perl crypto\sha\asm\sha1-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS
  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_
MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL
_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -
DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH
_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOP
ENSSL_NO_DYNAMIC_ENGINE >tmp32\sha1-586.asm
        ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\sha1-586.obj tmp32\sha1-586.asm

 Assembling: tmp32\sha1-586.asm
tmp32\sha1-586.asm(1432) : error A2070:invalid instruction operands
tmp32\sha1-586.asm(1576) : error A2070:invalid instruction operands
NMAKE : fatal error U1077: “"C:\Program Files (x86)\Microsoft Visual Studio 10.
0\VC\BIN\ml.EXE"”: 返回代码“0x1”
Stop.

int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
V649 There are two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless. Check lines: 466, 468. cms_lib.c 468

int CMS_add0_cert(CMS_ContentInfo _cms, X509 *cert)
{
CMS_CertificateChoices *cch;
STACK_OF(CMS_CertificateChoices) *_pcerts;
int i;
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return 0;
if (!pcerts)
return 0;

For c/cpp syntax analysis ambiguities, is it possible to change
in int ssl3_digest_cached_records(SSL *s)
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
to
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
(space added)
Thanks
Didier CRUETTE

The GOST engine DLL gets named: gosteay32.dll, but loading the engine only works when renamed to gost.dll. This makes the gost test fail by default in make test.

After renaming the file in engines/ccgost/ to gost.dll the test works.

Is this a bug in the engine loader or should the name be gost.dll in Windows OS?

If I try to use -ssl2 it tells me: unknown parameter. Do you have the same issue or does anyone know, why its not working? ssl3 and the tls versions are working properly.

I've started seeing segmentation faults during test runs of the Grocer server on local and on CI platform as well. My local and CI platform are Ubuntu 14.04 and the Ruby version is 2.1.5.

Ran same test suite on Mac and it worked without segmentation fault.

/home/varun/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:61: [BUG] Segmentation fault at 0x736f7288
ruby 2.1.5p273 (2014-11-13 revision 48405) [i686-linux]

-- Control frame information -----------------------------------------------
c:0007 p:---- s:0029 e:000028 CFUNC  :sysread
c:0006 p:0019 s:0025 e:000023 METHOD /home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:61
c:0005 p:0085 s:0021 e:000020 METHOD /home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:102
c:0004 p:0010 s:0015 e:000014 METHOD /home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/notification_reader.rb:21
c:0003 p:0020 s:0008 e:000007 METHOD /home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/notification_reader.rb:13
c:0002 p:0026 s:0004 e:000003 BLOCK  /home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/server.rb:25 [FINISH]
c:0001 p:---- s:0002 e:000001 TOP    [FINISH]

/home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/server.rb:25:in `block (3 levels) in accept'
/home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/notification_reader.rb:13:in `each'
/home/kiprosh007/.rvm/gems/ruby-2.1.5@gogovan/gems/grocer-0.6.0/lib/grocer/notification_reader.rb:21:in `read_notification'
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:102:in `read'
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:61:in `fill_rbuff'
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/openssl/buffering.rb:61:in `sysread'

-- C level backtrace information -------------------------------------------
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/libruby.so.2.1(+0x1ea390) [0xb760b390] vm_dump.c:690
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/libruby.so.2.1(+0x6c18d) [0xb748d18d] error.c:312
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/libruby.so.2.1(rb_bug+0x40) [0xb748dc40] error.c:339
/home/kiprosh007/.rvm/rubies/ruby-2.1.5/lib/libruby.so.2.1(+0x159883) [0xb757a883] signal.c:812

There is already one issue posted on Grocer - grocer/grocer#87.

I read few blogs and github issues, as per those it could be due to thread locking.(Reference issue - rubinius/rubinius#2674).

Is the issue really because of OpenSSL or I need to look at somewhere else?

Thanks.

libeay32.lib can't be linked with a Qt for WinRT app qbittorrent/qBittorrent#2684 (comment)

can u add a config that remove dependecy on getenv and _getch?

Linking 1.0.2 statically to an app with mingw x86/32-bit (4.9.2)
LTO option enabled, this warning is displayed at link phase:

gcm128.c:697:0: warning: type of 'OPENSSL_ia32cap_P' does not match original declaration 
cryptlib.c:656:0: note: previously declared here 

Referenced declarations:
gcm128.c: extern unsigned int OPENSSL_ia32cap_P[2];
cryptlib.c: extern unsigned int OPENSSL_ia32cap_P[4];

Also reported here: https://groups.google.com/d/msg/mailing.openssl.dev/xii2zuBCR7c/HZ7eX1fIvw0J

Since 1.0.2 openssl fails to build with no-ec due to an unconditional include of ec.h in ssl/t1_lib.c

Offending line: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/t1_lib.c#L117

Example fix: https://dev.openwrt.org/browser/trunk/package/libs/openssl/patches/220-fix-no-ec-build.patch

The information within the README on notification requirements for export controls on encryption is likely out of date and potentially unnecessarily burdensome. For one, the link provided for BIS on the TSU no longer works, but the notification requirements have probably changed since this was written. OpenSSL could probably resolve this matter through emailing the BIS and NSA addresses a link to this repository. Otherwise, the maintainers are responsible for notifying BIS of every update to OpenSSL. It may be useful to consult the regulations again:

(3) Notification requirement. You must notify BIS and the ENC Encryption Request Coordinator via e-mail of the Internet location (e.g., URL or Internet address) of the publicly available encryption source code or provide each of them a copy of the publicly available encryption source code. If you update or modify the source code, you must also provide additional copies to each of them each time the cryptographic functionality of the source code is updated or modified. In addition, if you posted the source code on the Internet, you must notify BIS and the ENC Encryption Request Coordinator each time the Internet location is changed, but you are not required to notify them of updates or modifications made to the encryption source code at the previously notified location. In all instances, submit the notification or copy to [email protected] and to [email protected].

http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=68098bc2e5baf66160cb14b37313c68f&rgn=div8&view=text&node=15:2.1.3.4.25.0.1.13&idno=15

The problem can be reproduced using

#include <openssl/engine.h>
#include <openssl/ssl.h>

#define GOST    "gost"

void load(void)
{
    ENGINE *e = ENGINE_by_id(GOST);
    ENGINE_set_default(e, ENGINE_METHOD_ALL);
    ENGINE_free(e);
}

int main(void)
{
    ENGINE_load_builtin_engines();
    load();
    load();
    SSL_CTX *ctx = SSL_CTX_new(SSLv3_client_method());
    return 0;
}

compile with

gcc -O0 -g -std=c99 -Wall -Werror gost.c -o gost -lcrypto -lssl

and it will crash similar to

==10725== Invalid read of size 8
==10725==    at 0x4F0EF53: look_str_cb (tb_asnmth.c:216)
==10725==    by 0x4F1BDDE: lh_doall_arg (lhash.c:292)
==10725==    by 0x4F0D71B: engine_table_doall (eng_table.c:349)
==10725==    by 0x4F0F312: ENGINE_pkey_asn1_find_str (tb_asnmth.c:236)
==10725==    by 0x4F417C4: EVP_PKEY_asn1_find_str (ameth_lib.c:213)
==10725==    by 0x524A2E3: get_optional_pkey_id (ssl_ciph.c:356)
==10725==    by 0x524B41E: ssl_create_cipher_list (ssl_ciph.c:733)
==10725==    by 0x5244D2F: SSL_CTX_new (ssl_lib.c:1762)
==10725==    by 0x40079C: main (in /tmp/gost)
==10725==  Address 0x5c45f50 is 96 bytes inside a block of size 216 free'd
==10725==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10725==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==10725==    by 0x4F0BB67: engine_free_util (eng_lib.c:136)
==10725==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==10725==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==10725==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==10725==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==10725==    by 0x40076A: load (in /tmp/gost)
==10725==    by 0x40078F: main (in /tmp/gost)
==10725== 

adding ENGINE_cleanup instead of creating an SSL_CTX, it will crash in the ENGINE_cleanup.

Finishing the first engine after initializing the second,
https://github.com/openssl/openssl/blob/master/crypto/engine/eng_table.c#L130
free's the registered methods gost uses,
https://github.com/openssl/openssl/blob/master/crypto/engine/eng_lib.c#L128
but does not unregister them.

I'll submit a patch to address this.

Using 1.0.1l I can successfully create a server using SSLv23_server_method() in conjunction with SSL_OP_NO_SSLv3 to allow only protocols >= TLSv1.

However, employing the same strategy in 1.0.2 seems to break clients using SSLv23_client_method(). Consider the following output when attempting to connect to a server of this type:

$ openssl version
OpenSSL 1.1.0-dev xx XXX xxxx

$ openssl s_client -quiet

depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = test
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = test
verify error:num=21:unable to verify the first certificate
verify return:1
140515927004816:error:1408C095:SSL routines:ssl3_get_finished:digest check failed:s3_both.c:266:
140515927004816:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:157:

$ openssl s_client -quiet -tls1
... works fine ...

$ openssl s_client -quiet -tls1 -tls1_1
... works fine ...

$ openssl s_client -quiet -tls1 -tls1_1 -tls1_2

depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = phptest
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = phptest
verify error:num=21:unable to verify the first certificate
verify return:1
139822279181968:error:1408C095:SSL routines:ssl3_get_finished:digest check failed:s3_both.c:266:
139822279181968:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:664:

The only way I've been able to connect successfully to a server using SSLv23_server_method() with SSL_OP_NO_SSLv3 is to use a specific client method such as SSLv3_client_method(), TLSv1_client_method(), etc. The TLSv1_2_client_method(), however, does not appear to work.

I can't seem to determine if this is the expected result of a breaking API change of which I'm unaware or if there is some bug introduced between 1.0.1l and 1.0.2 causing the failure. Note again that building OpenSSL 1.0.1l and using its s_client does not exhibit the same failure against the same server.

Any guidance would be appreciated.

Neither SSL_CTX_set_alpn_protos nor SSL_set_alpn_protos update the error stack when OPENSSL_malloc fails.

Should probably add something like:
SSLerr(SSL_F_SSL_CTX_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);

The Build fails in cryptlib.h/bio.h for 0.9.8zd and 1.0.0p with the following message:

1.0.0p

C:\OpenSSL\Temp\openssl-1.0.0p-x32\tmp32dll\cryptlib.h(68) : error C2220: warning treated as error - no 'object' file generated

C:\OpenSSL\Temp\openssl-1.0.0p-x32\tmp32dll\cryptlib.h(68) : warning C4005: 'BIO_FLAGS_UPLINK' : macro redefinition
C:\OpenSSL\Temp\openssl-1.0.0p-x32\inc32\openssl/bio.h(182) : see previous definition of 'BIO_FLAGS_UPLINK'

0.9.8zd

tmp32dll\cryptlib.h(68) : error C2220: warning treated as error - no 'object' file generated

tmp32dll\cryptlib.h(68) : warning C4005: 'BIO_FLAGS_UPLINK' : macro redefinition inc32\openssl/bio.h(180) : see previous definition of 'BIO_FLAGS_UPLINK'

Platform Win 7 x64. Building for Win32:

perl configure VC-WIN32
ms\do_nasm.bat

Previous versions built fine (0.9.8zc, 1.0.1o).

Using Microsoft Visual C++ 2008 Express Edition and The Netwide Assembler (NASM) v2.11.05 for Win32.

command:

openssl req -x509 -newkey rsa:1024 -subj "/CN=中文/OU=中文/O=中文/L=中文/ST=中文/C=CN" -passout pass:123456 -keyout private/S1234567_key.pem -out certs/S1234567.cer -outform PEM -days 365 -utf8

error message:
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.......++++++
.....++++++

problems making Certificate Request
6004:error:0D07A086:asn1 encoding routines:ASN1_mbstring_ncopy:invalid utf8string:.\crypto\asn1\a_mbstr.c:132:

use openssl-1.0.1j

Looking last commits, looks like its gone. However I dont see any mention in CHANGES.. are you planning to put in a separate project?

doc\HOWTO\keys.txt has a section on DSA keys that is poorly worded.

Here is my proposed change:

A DSA key can be used for signing only. It is important to
know what a certificate request with a DSA key can really be used for.

Instead of:

A DSA key can be used for signing only. This is important to keep
in mind to know what kind of purposes a certificate request with a
DSA key can really be used for.

I think my version is clearer and more helpful.

In s3_clnt.c and s3_srvr.c, two (identical) functions are present to retreive supplemental data after certificate: tls1_get_server_supplemental_data and tls1_get_client_supplemental_data.
The length of supp data is readen with a n2l3(p, supp_data_len).
supp_data_len is not checked against the message's length, and a data pointer located outside the buffer could be passed an argument to a srv_supp_data_records handler.
I suggest checking if supp_data_len+3 < n before the parsing loop.

edit: actually if (n<supp_data_len)

forom msys console i run
perl Configure mingw
after finish i run make and have error

$ make
making all in crypto...
mingw32-make[1]: Entering directory 'c:/worktools/build/openssl-1.0.2/crypto'
C:/worktools/msys/bin/perl.exe ../util/mkbuildinf.pl "gcc -I. -I./.. -I../include -DOPENSSL_THREADS -D_MT -DDSO_WIN32 -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-f
rame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_
ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM" "mingw" >buildinf.h
g++ -m32 -march=i686 -mtune=core2 -mcx16 -msahf -mfpmath=sse -mstackrealign -mmmx -msse -msse2 -mms-bitfields -O2 -fms-extensions -fomit-frame-pointer -Wall -fu
nswitch-loops -fpredictive-commoning -ftree-vectorize -fvect-cost-model -fgcse-after-reload -ftree-loop-vectorize -ftree-slp-vectorize -fvisibility-ms-compat -
ftemplate-depth-256 -std=gnu++11 -c -o cryptlib.o cryptlib.c
In file included from cryptlib.c:117:0:
cryptlib.h:65:19: fatal error: e_os.h: No such file or directory

include "e_os.h"

               ^

compilation terminated.
: recipe for target 'cryptlib.o' failed
mingw32-make[1]: *** [cryptlib.o] Error 1
mingw32-make[1]: Leaving directory 'c:/worktools/build/openssl-1.0.2/crypto'
make: *** [build_crypto] Error 1

if i copy e_os.h from parent directory - this not fix error - i have some alse errors

cryptlib.c:170:3: error: #error "Inconsistency between crypto.h and cryptlib.c"

error "Inconsistency between crypto.h and cryptlib.c"

^
cryptlib.c:172:1: error: too many initializers for 'const char* const [36]'
};

Add support to be able to compile OpenSSL with musl. Currently it has too much dependence with glibc, so it's needed to apply some patches to make it to work, being the first one the use of TERMIOS macro instead of the non-standard TERMIO. Also, it's not possible to compile it statically with the -static flag due to linking errors:

/home/piranna/Dropbox/Proyectos/NodeOS/NodeOS-QEmu/Layer2-nodejs/deps/node/out/Release/libopenssl.a(eng_all.o): En la función `ENGINE_load_builtin_engines':
eng_all.c:(.text.ENGINE_load_builtin_engines+0x46): referencia a `ENGINE_load_padlock' sin definir
eng_all.c:(.text.ENGINE_load_builtin_engines+0x4b): referencia a `ENGINE_load_gost' sin definir
collect2: error: ld returned 1 exit status

There is a repeatable problem with building of openssl cloned with GIT on Windows.
When source comes from official distribution all line endings are preserved and remain normal unix style endings. But when git clones repository it may convert these into windows style endings.
MinGW comes bundled with pretty outdated Perl (5.8.8 if memory serves...) which could get confused by these different styles and produce unexpected behavior. This is what happening during execution of Configure script. When ignored ciphers are determined this code is executed:

    if ($sdirs) {
        my $dir;
        foreach $dir (@skip) {
            s/(\s)$dir /$1/;
            s/\s$dir$//;
            }
        }
    $sdirs = 0 unless /\\$/;

In code $sdirs = 0 unless /$/; under normal circumstances pattern /$/ returns 1 if it is still processing these directories but if line ending is not normal unix style it will return nothing and allow $sdirs = 0. So only the first line of *SDIRS= * gets processed and the rest ... objects \ md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ … is skipped.

Result of this error is a Makefile which is trying to process ALL ciphers disregarding no-cipher attributes and will produce this error:

gcc -I.. -I../.. -I../asn1 -I../evp -I../../include  -DOPENSSL_THREADS 
-DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG 
-fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM   -c -o 
md2_dgst.o md2_dgst.c 
In file included from md2_dgst.c:62: 
../../include/openssl/md2.h:64:2: #error MD2 is disabled. 
make[2]: *** [md2_dgst.o] Error 1 
make[2]: Leaving directory 

Unfortunately I am not that good with Perl and could not provide constructive solution for the problem. The best would be to fix Perl itself but I do not think that will fly. So the next best thing would be the different means of checking if end of the list is reached.

My server is not responding to properly-constructed heartbeat messages with a payload size of less than 4073. I've also observed this behavior on other sites, e.g., duckduckgo.com.

Version details:

• Ubuntu 12.04
• Apache/2.2.22
• OpenSSL 1.01 (Built on: Mon Apr 7)

You can run this script with the following command to reproduce the behavior:

# Send a heartbeat with a payload of 4096 bytes 
./ssltest.py duckduckgo.com -l 4096

# Send a payload of 1024, should not receive response
./ssltest.py duckduckgo.com -l 1024

By default, the script will use a padding of 16 bytes. The code used for creating the message is:

def build_heartbeat(payload_len=4096, padding_len=16):
    record_header = h2bin('18 03 02') + struct.pack("!H", payload_len + padding_len + 3)
    heartbeat_header = '\x01' + struct.pack("!H", payload_len)
    message = record_header + heartbeat_header + 'R' * payload_len + 'J' * padding_len

    return message

I would like to know if it would be possible to extend the code to support default cipher suite definition over config file. Today it is defined via #define SSL_DEFAULT_CIPHER_LIST, it would be great to have it on openssl.cnf.

When I loop with X509_REQ_to_X509, memory grows infinite,
And I see extension assign not finished.

Any plan on it.

X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
    {
    X509 *ret=NULL;
    X509_CINF *xi=NULL;
    X509_NAME *xn;

    if ((ret=X509_new()) == NULL)
        {
        X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
        goto err;
        }

    /* duplicate the request */
    xi=ret->cert_info;

    if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
        {
        if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
        if (!ASN1_INTEGER_set(xi->version,2)) goto err;
/*      xi->extensions=ri->attributes; <- bad, should not ever be done
        ri->attributes=NULL; */
        }

    xn=X509_REQ_get_subject_name(r);
    if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
        goto err;
    if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
        goto err;

    if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
        goto err;
    if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
        goto err;

    X509_set_pubkey(ret,X509_REQ_get_pubkey(r));

    if (!X509_sign(ret,pkey,EVP_md5()))
        goto err;
    if (0)
        {
err:
        X509_free(ret);
        ret=NULL;
        }
    return(ret);
    }

While checking interoperation between openssl and gnutls, I noticed that openssl (in master but also 1.0.1k) would not negotiate TLS_DHE_RSA_WITH_AES_128_CBC_SHA if the server only supports TLS 1.0. If the server enables TLS 1.2, negotiation with openssl client is successful.

How to verify:
$ gnutls-serv --port 5555 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --x509certfile cert-rsa.pem --x509keyfile key-rsa.pem --dhparams params.pem

$ openssl s_client -host via -port 5555 -CAfile ca.pem

Output:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in SSLv3 read server hello B
SSL_connect:error in SSLv3 read server hello B
140528280028816:error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned:s3_clnt.c:1011:

Note that "openssl s_client -host via -port 5555 -CAfile ca.pem -tls1" works.

I could not reproduce the issue with openssl as server because the command:
openssl s_server -key key-rsa.pem -cert cert-rsa.pem -port 5555 -cipher DHE-RSA-AES256-SHA256 -dhparam params.pem -tls1
did not create a working server.

See: https://github.com/openssl/openssl/blob/master/apps/pkcs8.c#L210

PKCS#8 only allows you to set the password iterations to 1, but it doesn't allow you to actively change the iteration count.

I already tried to write on the mailing list, but it didn't work.

The current suggested stable 1.0.1g download won't compile on up2date systems as there are many errors in the documentation pod files.

Here's the patch file I created: https://gist.github.com/martensms/10107481

cl /Fotmp32\cversion.obj  -Iinc32 -Itmp32 /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -DMK1MF_BUILD -DMK1MF_PLATFORM_VC_WIN64A -c .\crypto\cversion.c
cversion.c
.\crypto\cversion.c(80) : error C2065: 'cflags' : undeclared identifier
.\crypto\cversion.c(80) : warning C4047: 'return' : 'const char *' differs in levels of indirection from 'int'

Changing line 80 to ...

return(CFLAGS);

... fixes it.

I'm sure many questions have been asked since the whole heartbleed thing come about but I couldn't find an answer anywhere..

The whole point of the heartbeat is to ensure the other end is still there.. why not just send a PING and wait for a PONG or something simple, why does it need to send a buffer and expect that in response? It seems like its more complicated than it needs to be...

It is related to the memory issue fixed in 3462896

I don't have a test application to reproduce this right now (can do it if necessary though). Valgrind output after receiving renegotiation request from remote side:

==19297== 3,444 (192 direct, 3,252 indirect) bytes in 4 blocks are definitely lost in loss record 99 of 100
==19297==    at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19297==    by 0x5C0412: CRYPTO_malloc (in /our/app)
==19297==    by 0x629E56: EVP_MD_CTX_create (in /our/app)
==19297==    by 0x6D1437: tls1_change_cipher_state (t1_enc.c:424)
==19297==    by 0x68DC27: dtls1_accept (d1_srvr.c:738)
==19297==    by 0x69FA78: SSL_do_handshake (ssl_lib.c:2605)

I tried to add

if (s->write_hash)
            EVP_MD_CTX_destroy(s->write_hash);

but it results in corrupted memory:

==25772== Invalid read of size 8
==25772==    at 0x62A1F1: EVP_MD_CTX_cleanup (in /our/app)
==25772==    by 0x62A5CD: EVP_MD_CTX_destroy (in /our/app)
==25772==    by 0x696A52: dtls1_hm_fragment_free (d1_both.c:221)
==25772==    by 0x6994F6: dtls1_clear_record_buffer (d1_both.c:1351)
==25772==    by 0x69392B: dtls1_stop_timer (d1_lib.c:413)
==25772==    by 0x690DB2: dtls1_connect (d1_clnt.c:662)
==25772==    by 0x69FA78: SSL_do_handshake (ssl_lib.c:2605)

ghash build error on PowerPC target

-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM   -c -o gcm128.o gcm128.c
gcm128.c: In function 'CRYPTO_gcm128_init':
gcm128.c:875:22: error: 'gcm_ghash_4bit' undeclared (first use in this function)
         ctx->ghash = gcm_ghash_4bit;
                      ^
gcm128.c:875:22: note: each undeclared identifier is reported only once for each function it appears in
make[5]: *** [gcm128.o] Error 1
make[5]: Leaving directory `/home/user/gamma/build_dir/target-powerpc_8540_uClibc-0.9.33.2/openssl-1.0.2/crypto/modes'
make[4]: *** [subdirs] Error 1
make[4]: Leaving directory `/home/user/gamma/build_dir/target-powerpc_8540_uClibc-0.9.33.2/openssl-1.0.2/crypto'
make[3]: *** [build_crypto] Error 1
make[3]: Leaving directory `/home/user/gamma/build_dir/target-powerpc_8540_uClibc-0.9.33.2/openssl-1.0.2'
make[2]: *** [/home/user/gamma/build_dir/target-powerpc_8540_uClibc-0.9.33.2/openssl-1.0.2/.built] Error 2
make[2]: Leaving directory `/home/user/gamma/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2

Compiles fine if http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6cd13f70bb51eb7982db8ab9f56c776b0c32b3ed
is applied but I don't think that is right.

In a vanity bitcoin generator, OpenSSL thread support enabled and OpenSSL threading configured (i.e. 41 CRYPTO_num_locks), running multiple pthreads with EC_POINT_mul() creates duplicate EC_POINT randomly, i.e. say after ~1000 or so iterations.

Each thread has their own EC_GROUP etc, no global variables. Thread context "tctx" has an integer indicating thread# i.e. 0,1,2,3 etc.

    EC_POINT_mul(pgroup, ppnt, &bnpriv, NULL, NULL, ctx);
    BIGNUM *x = BN_new();
    BIGNUM *y = BN_new();
    EC_POINT_get_affine_coordinates_GFp(pgroup, ppnt, x, y, ctx);
    char *x_hex =  BN_bn2hex(x);
    char *y_hex = BN_bn2hex(y);
    printf("thread:%d x: %s \t y: %s\n", tctx->id, x_hex, y_hex);

   // Omitted: hash-table is used to check for dupes..

Result:

thread:0 x: 90A7D0BA3BBB6DAD0A98BC357E7AD07F2B43230F46D3D93C39BA4B60D2706207 y: F1F80FADC0ED6AA378A9506B596DBBBB5C8079A030F362B45F76FC1F4B09B72A
thread:1 x: 45B86811303821AC07B143321BE788B07CDE6B5510B4D4FE379DC407EA739268 y: C7C29440FCEF2F2B7692B5BE85737D9E9B5CFE10B0816EBBC2F01722A2275E3A
thread:0 x: B7261BC5292F2F50C0B4D5E59B163E2B486CBF81B7FC3DECF157F262BDD5CA93 y: 8257A13565B01DDD692E695A92191C13B74EC04ADC6413B5BA63EBCA3E76E0A3
thread:1 x: 6F3056658F0B99D00F6A34F38B8C84200FB7544C44109B9FA8C61F5E3D20083F y: 0A621B41D5B50CC8664229C679071AC8EC9BC5C6B7647AC6312725B95139A244
thread:1 x: 47C6CAFD11FCCFEE0697AA5C8B9FE0292F35E77FE762DCC34C1CC3DB9127D3EC y: 3040F605A0E1CD5CD0D1E144D0A8F13656FDE7AA6EFF59F5D2F0CEA2BFD783B3
thread:0 x: 47C6CAFD11FCCFEE0697AA5C8B9FE0292F35E77FE762DCC34C1CC3DB9127D3EC y: 3040F605A0E1CD5CD0D1E144D0A8F13656FDE7AA6EFF59F5D2F0CEA2BFD783B3

ERROR: duplicate detected: 47C6CAFD11FCCFEE0697AA5C8B9FE0292F35E77FE762DCC34C1CC3DB9127D3EC

Notice how the last two are duplicates. Is this a bug or am I missing some sort of OpenSSL config?

The interface for the ALPN/NPN protocol selection callbacks and protocol selection notification callbacks do not allow for the handshake to fail. It is requested that the return value support for these methods be expanded to allow the handshake to fail. This may be desirable (and explicitly called out in the ALPN specification) in the event there are no common protocols found during the selection process, or if the select protocol is not acceptable.

For example:
ALPN RFC Section 3.2 specifies a new fatal alert definition no_application_protocol(120) which can be used. This is currently not defined in openssl.

The NPN specification is not as explicit about the alert to be used in this case but it could just result in a generic handshake_failure alert (if the callbacks return the new failure value)?

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. asn1_gen.c 371

    case ASN1_GEN_FLAG_FORMAT:
    if (!strncmp(vstart, "ASCII", 5))
        arg->format = ASN1_GEN_FORMAT_ASCII;
    else if (!strncmp(vstart, "UTF8", 4))
        arg->format = ASN1_GEN_FORMAT_UTF8;
    else if (!strncmp(vstart, "HEX", 3))
        arg->format = ASN1_GEN_FORMAT_HEX;
    else if (!strncmp(vstart, "BITLIST", 3))
        arg->format = ASN1_GEN_FORMAT_BITLIST;

fix:
if (!strncmp(vstart, "BITLIST", 3)) -> if (!strncmp(vstart, "BITLIST", 7))

I'm using a Node.js client to connect to thirdparty SSL servers. Currently, memory footprint is about ~130kb per connection. Node.js uses OpenSSL for this.
How can I reduce this footprint to the minimal possible size?
I've read that Google has done some work on the subject a while back:
https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

Is this still relevant? Any pointers?
Many thanks!

ec_pmeth.c#L274 does not seem to handle the case pkey_ec_derive returns negative values from ec_pmeth.c#L248.

Line 247-248 should be

if (ret <= 0)
    return 0;

Correct?

I described issue Alexey-T/SynFTP#65
To repeat it,

• install SynWrite editor ( uvviewsoft.com/synwrite/ )
• open FTP tab in left panel (near Tree/Project)
• call gear icon and make connection to test.rebex.net / FTPES / demo/password
• connect to this
• start downloading zip (one zip there)
• press Abort--> cannot abort, no red line in FTP log and queue item remains

@tbeu comment:

Please see CUT_WSClient::DisconnectSSL in ut_clnt.cpp. First call of SSL_shutdown in line 711 returns 0. Then it never returns from the while loop and calls SSL_read repeatedly with SSL_read returning 256.

While building openssl current git revision for x64 using Microsoft Visual Studio 2003 update 3 (18.00.30723 for x64) there are conflict on ecp_nistz256-x86_64.pl#L3154 with alignment value at perlasm/x86_64-xlate.pl#L544

Code in question generated at tmp32dll\ecp_nistz256-x86_64.asm as following:

OPTION  DOTNAME
.text$  SEGMENT ALIGN(256) 'CODE'
PUBLIC  ecp_nistz256_precomputed

ALIGN   4096   ; <-- bug here. 4096 is more then 256 for segment.
...

Error text:

Building OpenSSL
        ml64 /c /Cp /Cx /Zi /Fotmp32dll\ecp_nistz256-x86_64.obj tmp32dll\ecp_nistz256-x86_64.asm
Microsoft (R) Macro Assembler (x64) Version 12.00.30723.0

Assembling: tmp32dll\ecp_nistz256-x86_64.asm
tmp32dll\ecp_nistz256-x86_64.asm(5) size
tmp32dll\ecp_nistz256-x86_64.asm(5) : error A2189:invalid combination with segment alignment
Stop.

I want to use Sourcegraph code search and code review with openssl. A project maintainer needs to enable it to set up a webhook so the code is up-to-date there.

Could you please enable openssl on @sourcegraph by going to https://sourcegraph.com/github.com/openssl/openssl and clicking on Settings? (It should only take 15 seconds.)

Thank you!

Error on make

ec_ameth.c:70:29: error: unknown type name 'CMS_RecipientInfo'
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
                            ^
ec_ameth.c:71:29: error: unknown type name 'CMS_RecipientInfo'
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
                            ^
2 errors generated.
make[2]: *** [ec_ameth.o] Error 1
make[1]: *** [subdirs] Error 1
make: *** [build_crypto] Error 1

Steps to reproduce

(Home)brew + OSX

env CONFIGURE_OPTS='no-cms' \
brew install https://gist.githubusercontent.com/steakknife/8228264/raw/openssl.rb \
-v -d

Equivalent manual build commands

perl ./Configure --prefix=/usr/local/Cellar/openssl/1.0.2 \
  --openssldir=/usr/local/etc/openssl \
  shared \
  no-cms \
  no-bf no-camellia no-cast no-dtls no-exp no-fips no-engine \
  no-gost no-hw no-idea no-krb5 no-md2 no-md4 no-mdc2 \
  no-psk no-rc4 no-rc5 no-rfc3779 no-rmd160 no-sctp no-seed \
  no-sha0 no-srp no-srtp no-ssl2 no-ssl3 no-whirlpool no-zlib \
  enable-ec enable-md5 enable-sha1 \
  darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 \
&& make depend && make && make test && make install

This works (s/no-cms/enable-cms/)

perl ./Configure --prefix=/usr/local/Cellar/openssl/1.0.2 \
  --openssldir=/usr/local/etc/openssl \
  shared \
  enable-cms \
  no-bf no-camellia no-cast no-dtls no-exp no-fips no-engine \
  no-gost no-hw no-idea no-krb5 no-md2 no-md4 no-mdc2 \
  no-psk no-rc4 no-rc5 no-rfc3779 no-rmd160 no-sctp no-seed \
  no-sha0 no-srp no-srtp no-ssl2 no-ssl3 no-whirlpool no-zlib \
  enable-ec enable-md5 enable-sha1 \
  darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 \
&& make depend && make && make test && make install

Patches on various discussion groups don't seem to fix both the build AND the tests.

e:\work\openssl>nmake -f ms\nt.mak
VC2010,32 bits

Microsoft (R) 程序维护实用工具 10.00.30319.01 版
版权所有(C) Microsoft Corporation。保留所有权利。

Building OpenSSL
perl e:/work/openssl\util\copy-if-different.pl "e:/work/openssl\crypto\b
uildinf.h" "tmp32\buildinf.h"
Copying: e:/work/openssl/crypto/buildinf.h to tmp32/buildinf.h
perl crypto\sha\asm\sha256-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREA
DS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AN
D_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENS
SL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHA
SH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -D
OPENSSL_NO_DYNAMIC_ENGINE >tmp32\sha256-586.asm
ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\sha256-586.obj tmp32\sha256-586
.asm
Assembling: tmp32\sha256-586.asm
tmp32\sha256-586.asm(264) : error A2042:statement too complex
tmp32\sha256-586.asm(264) : error A2039:line too long
tmp32\sha256-586.asm(4422) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4424) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4425) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4426) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4559) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4712) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(4865) : error A2070:invalid instruction operands
tmp32\sha256-586.asm(5018) : error A2070:invalid instruction operands
NMAKE : fatal error U1077: “"C:\Program Files (x86)\Microsoft Visual Studio 10.
0\VC\BIN\ml.EXE"”: 返回代码“0x1”
Stop.

I found two unsued variables which are static const.

static const char EC_version[] in /crypto/ec/ec_lib.c
static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] in /crypto/engine/eng_dyn.c

I think these are unnecessary.

The resolution for #1754 states that:

Thu Jul 03 22:28:04 2014 Rich Salz: Was fixed awhile ago by someone.

However, this does not appear to in fact be the case, as make install_sw in release 1.0.1j (October 15, 2014) still fails in the same manner:

...
making install in engines...
make[2]: Entering directory `/src/openssl/1.0.1j/engines'
installing 4758cca
cp: cannot stat ‘lib4758cca.bad’: No such file or directory
make[2]: *** [install] Error 1
make[2]: Leaving directory `/src/openssl/1.0.1j/engines'
make[1]: *** [install_sw] Error 1
make[1]: Leaving directory `/src/openssl/1.0.1j'
make: *** [install] Error 2

The aforementioned build was configured with ./config no-hw threads shared zlib-dynamic no-dso no-krb5.