[openssl-commits] Build failed in Jenkins: 1_0_2_fips #315

[openssl . sanity]

See 

Changes:

[Matt Caswell] Disable SSLv2 default build, default negotiation and weak 
ciphers.

[Matt Caswell] Bring SSL method documentation up to date

[Matt Caswell] Add a test for SSLv2 configuration

[Matt Caswell] Disable EXPORT and LOW SSLv3+ ciphers by default

[Matt Caswell] bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.

[Matt Caswell] bn/asm/rsax-x86_64.pl: constant-time gather procedure.

[Matt Caswell] bn/asm/rsaz-avx2.pl: constant-time gather procedure.

[Matt Caswell] crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

[Matt Caswell] bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used 
path

[Matt Caswell] Update CHANGES and NEWS for new release

[Matt Caswell] Ensure mk1mf.pl is aware of no-weak-ssl-ciphers option

[Matt Caswell] make update

[Matt Caswell] Prepare for 1.0.2g release

[Matt Caswell] Prepare for 1.0.2h-dev

[rsalz] RT4358: Extra ] in doc/ocsp.pod

--
[...truncated 6472 lines...]
0140 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f
0150 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f
0160 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f
0170 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f
0180 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f
0190 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f
01a0 a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af
01b0 b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf
01c0 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
01d0 d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df
01e0 e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef
01f0 f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff
Ciphertext
 64 49 7e 5a 83 1e 4a 93 2c 09 be 3e 53 93 37 6d
0010 aa 59 95 48 b8 16 03 1d 22 4b bf 50 a8 18 ed 23
0020 50 ea e7 e9 60 87 c8 a0 db 51 ad 29 0b d0 0c 1a
0030 c1 62 08 57 63 5b f2 46 c1 76 ab 46 3b e3 0b 80
0040 8d a5 48 08 1a c8 47 b1 58 e1 26 4b e2 5b b0 91
0050 0b bc 92 64 71 08 08 94 15 d4 5f ab 1b 3d 26 04
0060 e8 a8 ef f1 ae 40 20 cf a3 99 36 b6 68 27 b2 3f
0070 37 1b 92 20 0b e9 02 51 e6 d7 3c 5f 86 de 5f d4
0080 a9 50 78 19 33 d7 9a 28 27 2b 78 2a 2e c3 13 ef
0090 df cc 06 28 f4 3d 74 4c 2d c2 ff 3d cb 66 99 9b
00a0 50 c7 ca 89 5b 0c 64 79 1e ea a5 f2 94 99 fb 1c
00b0 02 6f 84 ce 5b 5c 72 ba 10 83 cd db 5c e4 54 34
00c0 63 16 65 c3 33 b6 0b 11 59 3f b2 53 c5 17 9a 2c
00d0 8d b8 13 78 2a 00 48 56 a1 65 30 11 e9 3f b6 d8
00e0 76 c1 83 66 dd 86 83 f5 34 12 c0 c1 80 f9 c8 48
00f0 59 2d 59 3f 86 09 ca 73 63 17 d3 56 e1 3e 2b ff
0100 3a 9f 59 cd 9a eb 19 cd 48 25 93 d8 c4 61 28 bb
0110 32 42 3b 37 a9 ad fb 48 2b 99 45 3f be 25 a4 1b
0120 f6 fe b4 aa 0b ef 5e d2 4b f7 3c 76 29 78 02 54
0130 82 c1 31 15 e4 01 5a ac 99 2e 56 13 a3 b5 c2 f6
0140 85 b8 47 95 cb 6e 9b 26 56 d8 c8 81 57 e5 2c 42
0150 f9 78 d8 63 4c 43 d0 6f ea 92 8f 28 22 e4 65 aa
0160 65 76 e9 bf 41 93 84 50 6c c3 ce 3c 54 ac 1a 6f
0170 67 dc 66 f3 b3 01 91 e6 98 38 0b c9 99 b0 5a bc
0180 e1 9d c0 c6 dc c2 dd 00 1e c5 35 ba 18 de b2 df
0190 1a 10 10 23 10 83 18 c7 5d c9 86 11 a0 9d c4 8a
01a0 0a cd ec 67 6f ab df 22 2f 07 e0 26 f0 59 b6 72
01b0 b5 6e 5c bc 8e 1d 21 bb d8 67 dd 92 72 12 05 46
01c0 81 d7 0e a7 37 13 4c df ce 93 b6 f8 2a e2 24 23
01d0 27 4e 58 a0 82 1c c5 50 2e 2d 0a b4 58 5e 94 de
01e0 69 75 be 5e 0b 4e fc e5 1c d3 e7 0c 25 a1 fb bb
01f0 d6 09 d2 73 ad 5b 0d 59 63 1c 53 1f 6a 0a 57 b9

Testing cipher AES-128-XTS(encrypt/decrypt)
Key
 ff fe fd fc fb fa f9 f8 f7 f6 f5 f4 f3 f2 f1 f0
0010 bf be bd bc bb ba b9 b8 b7 b6 b5 b4 b3 b2 b1 b0
IV
 9a 78 56 34 12 00 00 00 00 00 00 00 00 00 00 00
Plaintext
 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
0010 10
Ciphertext
 6c 16 25 db 46 71 52 2d 3d 75 99 60 1d e7 ca 09
0010 ed

Testing cipher AES-128-XTS(encrypt/decrypt)
Key
 ff fe fd fc fb fa f9 f8 f7 f6 f5 f4 f3 f2 f1 f0
0010 bf be bd bc bb ba b9 b8 b7 b6 b5 b4 b3 b2 b1 b0
IV
 9a 78 56 34 12 00 00 00 00 00 00 00 00 00 00 00
Plaintext
 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
0010 10 11
Ciphertext
 d0 69 44 4b 7a 7e 0c ab 09 e2 44 47 d2 4d eb 1f
0010 ed bf

Testing cipher AES-128-XTS(encrypt/decrypt)
Key
 ff fe fd fc fb fa f9 f8 f7 f6 f5 f4 f3 f2 f1 f0
0010 bf be bd bc bb ba b9 b8 b7 b6 b5 b4 b3 b2 b1 b0
IV
 9a 78 56 34 12 00 00 00 00 00 00 00 00 00 00 00
Plaintext
 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
0010 10 11 12
Ciphertext
 e5 df 13 51 c0 54 4b a1 35 0b 33 63 cd 8e f4 be
0010 ed bf 9d

Testing cipher AES-128-XTS(encrypt/decrypt)
Key
 ff fe fd fc fb fa f9 f8 f7 f6 f5 f4 f3 f2 f1 f0
0010 bf be bd bc bb ba b9 b8 b7 b6 b5 b4 b3 b2 b1 b0
IV
 9a 78 56 34 12 00 00 00 00 00 00 00 00 00 00 00
Plaintext
 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
0010 10 11 12 13
Ciphertext
 9d 84 c8 13 f7 19 aa 2c 7b e3 f6 61 71 c7 c5 c2
0010 ed bf 9d ac

Testing cipher AES-128-XTS(encrypt/decrypt)
Key
 e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef
0010 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca 

[openssl-commits] Build failed: openssl ct_ssl.153

[AppVeyor]

Build openssl ct_ssl.153 failed


Commit 96521292f2 by Rob Percival on 3/1/2016 7:19 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1682

[AppVeyor]

Build openssl master.1682 failed


Commit 962e098c38 by Todd Short on 10/8/2015 6:53 PM:

RT4186: Add DSA_dup() function


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.151

[AppVeyor]

Build openssl ct_x509_log_names.151 failed


Commit 36d5cf3175 by Rob Percival on 3/1/2016 7:03 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_ssl.150

[AppVeyor]

Build openssl ct_ssl.150 failed


Commit d15354f930 by Rob Percival on 3/1/2016 7:01 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.149

[AppVeyor]

Build openssl ct_policy.149 failed


Commit 939bba5a19 by Rob Percival on 3/1/2016 6:58 PM:

Addresses review comments from richsalz


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_x509_log_names.148

[AppVeyor]

Build openssl ct_x509_log_names.148 failed


Commit 7bda58782c by Rob Percival on 3/1/2016 6:49 PM:

Makes x509 app show name of CT log that each SCT came from


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: 1_0_2_abi #42

[openssl . sanity]

See 

Changes:

[Matt Caswell] Disable SSLv2 default build, default negotiation and weak 
ciphers.

[Matt Caswell] Bring SSL method documentation up to date

[Matt Caswell] Add a test for SSLv2 configuration

[Matt Caswell] Disable EXPORT and LOW SSLv3+ ciphers by default

[Matt Caswell] bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.

[Matt Caswell] bn/asm/rsax-x86_64.pl: constant-time gather procedure.

[Matt Caswell] bn/asm/rsaz-avx2.pl: constant-time gather procedure.

[Matt Caswell] crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

[Matt Caswell] bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used 
path

[Matt Caswell] Update CHANGES and NEWS for new release

[Matt Caswell] Ensure mk1mf.pl is aware of no-weak-ssl-ciphers option

[Matt Caswell] make update

[Matt Caswell] Prepare for 1.0.2g release

[Matt Caswell] Prepare for 1.0.2h-dev

[rsalz] RT4358: Extra ] in doc/ocsp.pod

--
[...truncated 1914 lines...]
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
dgst.o dgst.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
dh.o dh.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
dhparam.o dhparam.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
enc.o enc.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
passwd.o passwd.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
gendh.o gendh.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
errstr.o errstr.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
ca.o ca.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o 
pkcs7.o pkcs7.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM 

[openssl-commits] Build completed: openssl ct_verify.146

[AppVeyor]

Build openssl ct_verify.146 completed



Commit 0f97a12112 by Rob Percival on 3/1/2016 4:59 PM:

Move macros for reading/writing integers into ct_locl.h


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#113 (thread_lock_new-leak - 7e18f4e)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #113
Status: Errored

Duration: 1 hour, 2 minutes, and 12 seconds
Commit: 7e18f4e (thread_lock_new-leak)
Author: FdaSilvaYY
Message: Possible leak on CRYPTO_THREAD_lock_new failure

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/8b98093682fa...7e18f4e375aa

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/112963806

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#2349 (OpenSSL_1_0_2g - 902f3f5)

[Travis CI]

Build Update for openssl/openssl
-

Build: #2349
Status: Passed

Duration: 5 minutes and 22 seconds
Commit: 902f3f5 (OpenSSL_1_0_2g)
Author: Matt Caswell
Message: Prepare for 1.0.2g release

Reviewed-by: Richard Levitte 

View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_0_2g

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/112861433

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#110 (ex_data-fixes - d8b3e02)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #110
Status: Errored

Duration: 34 minutes and 13 seconds
Commit: d8b3e02 (ex_data-fixes)
Author: FdaSilvaYY
Message: Add checks on CRYPTO_set_ex_data return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/aebb4d138ef7...d8b3e02a19ba

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/112954150

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.145

[AppVeyor]

Build openssl ct_policy.145 failed


Commit 41644c90fe by Rob Percival on 3/1/2016 6:13 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  83f0e802abf4e3f9b4f3e815cf81c41637cb79f1 (commit)
   via  9ff9bccc41c385ec2aa8ee2123f083b52b56b7b4 (commit)
   via  77470e989cf3c502ee00eb060b197d0241f33a22 (commit)
  from  7d054e5ab2aeaead14c0c19b808d62221020b0e1 (commit)


- Log -
commit 83f0e802abf4e3f9b4f3e815cf81c41637cb79f1
Author: Dr. Stephen Henson 
Date:   Mon Feb 29 13:06:45 2016 +

make errors

Reviewed-by: Rich Salz 

commit 9ff9bccc41c385ec2aa8ee2123f083b52b56b7b4
Author: Dr. Stephen Henson 
Date:   Sun Feb 28 17:48:48 2016 +

Add default operations to EC_METHOD

Reviewed-by: Rich Salz 

commit 77470e989cf3c502ee00eb060b197d0241f33a22
Author: Dr. Stephen Henson 
Date:   Sun Feb 28 17:47:06 2016 +

Replace overrides.

Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/ec/ec2_smpl.c | 13 ++--
 crypto/ec/ec_asn1.c  |  8 ++---
 crypto/ec/ec_err.c   |  6 
 crypto/ec/ec_key.c   | 86 ++--
 crypto/ec/ec_lcl.h   | 12 +++
 crypto/ec/ec_lib.c   | 14 +---
 crypto/ec/ecdh_ossl.c| 50 +---
 crypto/ec/ecp_mont.c | 13 ++--
 crypto/ec/ecp_nist.c | 13 ++--
 crypto/ec/ecp_nistp224.c | 13 ++--
 crypto/ec/ecp_nistp256.c | 13 ++--
 crypto/ec/ecp_nistp521.c | 13 ++--
 crypto/ec/ecp_nistz256.c | 13 ++--
 crypto/ec/ecp_smpl.c | 13 ++--
 include/openssl/ec.h |  5 +++
 15 files changed, 213 insertions(+), 72 deletions(-)

diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 4204366..8d8d853 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -85,7 +85,7 @@ const EC_METHOD *EC_GF2m_simple_method(void)
 ec_GF2m_simple_group_set_curve,
 ec_GF2m_simple_group_get_curve,
 ec_GF2m_simple_group_get_degree,
-0, /* group_order_bits */
+ec_group_simple_order_bits,
 ec_GF2m_simple_group_check_discriminant,
 ec_GF2m_simple_point_init,
 ec_GF2m_simple_point_finish,
@@ -118,7 +118,16 @@ const EC_METHOD *EC_GF2m_simple_method(void)
 ec_GF2m_simple_field_div,
 0 /* field_encode */ ,
 0 /* field_decode */ ,
-0   /* field_set_to_one */
+0,  /* field_set_to_one */
+ec_key_simple_priv2oct,
+ec_key_simple_oct2priv,
+0, /* set private */
+ec_key_simple_generate_key,
+ec_key_simple_check_key,
+ec_key_simple_generate_public_key,
+0, /* keycopy */
+0, /* keyfinish */
+ecdh_simple_compute_key
 };
 
 return 
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 4e02e5a..b2ae892 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1044,13 +1044,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char 
**in, long len)
 goto err;
 }
 } else {
-if (ret->group->meth->keygenpub != NULL) {
-if (ret->group->meth->keygenpub(ret) == 0)
+if (ret->group->meth->keygenpub == NULL
+|| ret->group->meth->keygenpub(ret) == 0)
 goto err;
-} else if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL,
- NULL, NULL)) {
-goto err;
-}
 /* Remember the original private-key-only encoding. */
 ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 }
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 399e4c7..8508c11 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
 {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"},
 {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"},
 {ERR_FUNC(EC_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+{ERR_FUNC(EC_F_ECDH_SIMPLE_COMPUTE_KEY), "ecdh_simple_compute_key"},
 {ERR_FUNC(EC_F_ECDSA_DO_SIGN_EX), "ECDSA_do_sign_ex"},
 {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
 {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
@@ -212,6 +213,9 @@ static ERR_STRING_DATA EC_str_functs[] = {
 {ERR_FUNC(EC_F_EC_KEY_PRIV2OCT), "EC_KEY_priv2oct"},
 {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),
  "EC_KEY_set_public_key_affine_coordinates"},
+{ERR_FUNC(EC_F_EC_KEY_SIMPLE_CHECK_KEY), "ec_key_simple_check_key"},
+{ERR_FUNC(EC_F_EC_KEY_SIMPLE_OCT2PRIV), "ec_key_simple_oct2priv"},
+{ERR_FUNC(EC_F_EC_KEY_SIMPLE_PRIV2OCT), "ec_key_simple_priv2oct"},
 

[openssl-commits] Build failed: openssl ct_policy.144

[AppVeyor]

Build openssl ct_policy.144 failed


Commit e97d6b94e8 by Rob Percival on 3/1/2016 5:57 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#109 (more-zalloc2 - 3f35687)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #109
Status: Still Failing

Duration: 43 minutes and 58 seconds
Commit: 3f35687 (more-zalloc2)
Author: FdaSilvaYY
Message: a few more zalloc

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/d81fd36a872a...3f35687cdfe1

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/112950503

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#2343 (master - 2e0956b)

[Travis CI]

Build Update for openssl/openssl
-

Build: #2343
Status: Errored

Duration: 10 minutes and 56 seconds
Commit: 2e0956b (master)
Author: Richard Levitte
Message: Unified - have configdata.pm depend on a few more things

Reviewed-by: Andy Polyakov 

View the changeset: 
https://github.com/openssl/openssl/compare/edae9834b6ee...2e0956ba6dd0

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/112778267

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#108 (ex_data-fixes - aebb4d1)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #108
Status: Errored

Duration: 19 minutes and 34 seconds
Commit: aebb4d1 (ex_data-fixes)
Author: FdaSilvaYY
Message: Add checks on CRYPTO_set_ex_data return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/f696e307a6ea...aebb4d138ef7

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/112950236

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 99

[AppVeyor]

Build openssl 99 failed


Commit 294d56724b by Alessandro Ghedini on 3/1/2016 6:47 PM:

Convert CRYPTO_LOCK_X509_* to CRYPTO_RWLOCK


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 98

[AppVeyor]

Build openssl 98 failed


Commit 5c972c5c83 by Alessandro Ghedini on 3/1/2016 5:40 PM:

Convert CRYPTO_LOCK_SSL_* to CRYPTO_RWLOCK


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 96

[AppVeyor]

Build openssl 96 failed


Commit cb118b6dee by Alessandro Ghedini on 3/1/2016 1:22 PM:

Convert CRYPTO_LOCK_SSL_* to CRYPTO_RWLOCK


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  7852414967b87400b08bfdf321732cfbd07286e2 (commit)
  from  09977dd095f3c655c99b9e1810a213f7eafa7364 (commit)


- Log -
commit 7852414967b87400b08bfdf321732cfbd07286e2
Author: Dr. Stephen Henson 
Date:   Tue Mar 1 17:22:51 2016 +

Fix -pkeyopt and fix error check.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/pkeyutl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 91ef8d7..3d78499 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -217,7 +217,7 @@ int pkeyutl_main(int argc, char **argv)
 case OPT_PKEYOPT:
 if ((pkeyopts == NULL &&
  (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
-sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) {
+sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
 BIO_puts(bio_err, "out of memory\n");
 goto end;
 }
@@ -334,7 +334,8 @@ int pkeyutl_main(int argc, char **argv)
   buf_out, (size_t *)_outlen,
   buf_in, (size_t)buf_inlen);
 }
-if (rv < 0) {
+if (rv <= 0) {
+BIO_puts(bio_err, "Public Key operation error\n");
 ERR_print_errors(bio_err);
 goto end;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  09977dd095f3c655c99b9e1810a213f7eafa7364 (commit)
  from  0f97a12112bf748474662080848f75804a8fddc4 (commit)


- Log -
commit 09977dd095f3c655c99b9e1810a213f7eafa7364
Author: David Woodhouse 
Date:   Thu Feb 25 23:19:06 2016 +

RT4347: Fix GCC unused-value warnings with HOST_c2l()

The HOST_c2l() macro assigns the value to the specified variable, but also
evaluates to the same value. Which we ignore, triggering a warning.

To fix this, just cast it to void like we did in commit 08e553644
("Fix some clang warnings.") for a bunch of other instances.

Signed-off-by: Rich Salz 
Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/md5/md5_dgst.c | 32 
 crypto/sha/sha256.c   | 34 +-
 crypto/sha/sha_locl.h |  2 +-
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
index 18a3262..37b0d31 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -102,52 +102,52 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, 
size_t num)
 D = c->D;
 
 for (; num--;) {
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(0) = l;
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(1) = l;
 /* Round 0 */
 R0(A, B, C, D, X(0), 7, 0xd76aa478L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(2) = l;
 R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(3) = l;
 R0(C, D, A, B, X(2), 17, 0x242070dbL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(4) = l;
 R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(5) = l;
 R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(6) = l;
 R0(D, A, B, C, X(5), 12, 0x4787c62aL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(7) = l;
 R0(C, D, A, B, X(6), 17, 0xa8304613L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(8) = l;
 R0(B, C, D, A, X(7), 22, 0xfd469501L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(9) = l;
 R0(A, B, C, D, X(8), 7, 0x698098d8L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(10) = l;
 R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(11) = l;
 R0(C, D, A, B, X(10), 17, 0x5bb1L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(12) = l;
 R0(B, C, D, A, X(11), 22, 0x895cd7beL);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(13) = l;
 R0(A, B, C, D, X(12), 7, 0x6b901122L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(14) = l;
 R0(D, A, B, C, X(13), 12, 0xfd987193L);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 X(15) = l;
 R0(C, D, A, B, X(14), 17, 0xa679438eL);
 R0(B, C, D, A, X(15), 22, 0x49b40821L);
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index d7d33d5..53b6054 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -181,7 +181,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const 
void *in,
 h = ctx->h[7];
 
 for (i = 0; i < 16; i++) {
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[i] = l;
 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
 T2 = Sigma0(a) + Maj(a, b, c);
@@ -305,52 +305,52 @@ static void sha256_block_data_order(SHA256_CTX *ctx, 
const void *in,
 } else {
 SHA_LONG l;
 
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[0] = l;
 ROUND_00_15(0, a, b, c, d, e, f, g, h);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[1] = l;
 ROUND_00_15(1, h, a, b, c, d, e, f, g);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[2] = l;
 ROUND_00_15(2, g, h, a, b, c, d, e, f);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[3] = l;
 ROUND_00_15(3, f, g, h, a, b, c, d, e);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[4] = l;
 ROUND_00_15(4, e, f, g, h, a, b, c, d);
-HOST_c2l(data, l);
+(void)HOST_c2l(data, l);
 T1 = X[5] = l;
 

[openssl-commits] Errored: agrandi/openssl#12 (speed-async - 7d5bbf9)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #12
Status: Errored

Duration: 59 minutes and 33 seconds
Commit: 7d5bbf9 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/5fc97b29602d...7d5bbf936892

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112883601

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  0f97a12112bf748474662080848f75804a8fddc4 (commit)
   via  0dfd6cf901d34b5774fa406c44fcfbe9e3ef6d5e (commit)
   via  e9fd74ac96c27cbee33d4b91a2caa0017c304975 (commit)
   via  8c6afbc55cc8e2d036c0af5adbaff82d8117c6b2 (commit)
  from  09375d12fb684c6991c06b473664a0630b8b2edf (commit)


- Log -
commit 0f97a12112bf748474662080848f75804a8fddc4
Author: Rob Percival 
Date:   Mon Feb 29 20:26:36 2016 +

Move macros for reading/writing integers into ct_locl.h

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

commit 0dfd6cf901d34b5774fa406c44fcfbe9e3ef6d5e
Author: Rob Percival 
Date:   Mon Feb 29 20:25:08 2016 +

Addresses review comments from richsalz

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

commit e9fd74ac96c27cbee33d4b91a2caa0017c304975
Author: Rob Percival 
Date:   Mon Feb 22 14:42:09 2016 +

Fixes potential double free and memory leak in ct_b64.c

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

commit 8c6afbc55cc8e2d036c0af5adbaff82d8117c6b2
Author: Rob Percival 
Date:   Thu Feb 25 13:33:48 2016 +

Verify SCT signatures

Tests included in future commit, which adds CT policy validation.

Reviewed-by: Ben Laurie 
Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/ct/Makefile.in  |   6 +-
 crypto/ct/build.info   |   3 +-
 crypto/ct/ct_b64.c | 195 ++
 crypto/ct/ct_err.c |  22 +++
 crypto/ct/ct_locl.h|  72 
 crypto/ct/ct_log.c | 325 +
 crypto/ct/ct_oct.c |  24 ---
 crypto/ct/ct_prn.c |   5 +
 crypto/ct/ct_sct.c |  67 +++-
 crypto/ct/ct_sct_ctx.c | 298 ++
 crypto/ct/ct_vfy.c | 226 ++
 crypto/include/internal/cryptlib.h |   3 +
 include/openssl/ct.h   | 169 +++
 include/openssl/ossl_typ.h |   3 +
 test/ct/log_list.conf  |  38 +
 util/libeay.num|  22 +++
 16 files changed, 1450 insertions(+), 28 deletions(-)
 create mode 100644 crypto/ct/ct_b64.c
 create mode 100644 crypto/ct/ct_log.c
 create mode 100644 crypto/ct/ct_sct_ctx.c
 create mode 100644 crypto/ct/ct_vfy.c
 create mode 100644 test/ct/log_list.conf

diff --git a/crypto/ct/Makefile.in b/crypto/ct/Makefile.in
index 21ff231..de122df 100644
--- a/crypto/ct/Makefile.in
+++ b/crypto/ct/Makefile.in
@@ -15,8 +15,10 @@ CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
 GENERAL=Makefile
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= ct_err.c ct_oct.c ct_prn.c ct_sct.c ct_x509v3.c
-LIBOBJ= ct_err.o ct_oct.o ct_prn.o ct_sct.o ct_x509v3.o
+LIBSRC= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_prn.c ct_sct.c ct_sct_ctx.c \
+ct_vfy.c ct_x509v3.c
+LIBOBJ= ct_b64.o ct_err.o ct_log.o ct_oct.o ct_prn.o ct_sct.o ct_sct_ctx.o \
+ct_vfy.o ct_x509v3.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/ct/build.info b/crypto/ct/build.info
index b7766b6..fbf2495 100644
--- a/crypto/ct/build.info
+++ b/crypto/ct/build.info
@@ -1,2 +1,3 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]= ct_err.c ct_oct.c ct_prn.c ct_sct.c ct_x509v3.c
+SOURCE[../../libcrypto]= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_prn.c ct_sct.c 
\
+ ct_sct_ctx.c ct_vfy.c ct_x509v3.c
diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
new file mode 100644
index 000..a1693a6
--- /dev/null
+++ b/crypto/ct/ct_b64.c
@@ -0,0 +1,195 @@
+/*
+ * Written by Rob Stradling (r...@comodo.com) and Stephen Henson
+ * (st...@openssl.org) for the OpenSSL project 2014.
+ */
+/* 
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *software must display the following acknowledgment:
+ *"This product includes software developed by the OpenSSL Project
+ * 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  dd8518214f97041411ad2af93fd3add4f0886b64 (commit)
  from  a5006916587ef6b3969ec4d42542cd64c5230f3a (commit)


- Log -
commit dd8518214f97041411ad2af93fd3add4f0886b64
Author: Eric S. Raymond 
Date:   Mon Feb 29 14:54:47 2016 -0500

RT4358: Extra ] in doc/ocsp.pod

Reviewed-by: Richard Levitte 

---

Summary of changes:
 doc/apps/ocsp.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 4639502..9833f08 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -29,7 +29,7 @@ B B
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
-[B<-no_alt_chains>]]
+[B<-no_alt_chains>]
 [B<-VAfile file>]
 [B<-validity_period n>]
 [B<-status_age n>]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.10

[AppVeyor]

Build openssl 1.0.10 failed


Commit 5fc97b2960 by Andrea Grandi on 3/1/2016 7:16 AM:

Add support to ASYNC_WAIT_CTX to speed


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 21 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 1 minute and 12 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 40 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 40 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 40 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Canceled

Duration: 40 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: agrandi/openssl#11 (speed-async - 5fc97b2)

[Travis CI]

Build Update for agrandi/openssl
-

Build: #11
Status: Failed

Duration: 34 minutes and 54 seconds
Commit: 5fc97b2 (speed-async)
Author: Andrea Grandi
Message: Add support to ASYNC_WAIT_CTX to speed

View the changeset: 
https://github.com/agrandi/openssl/compare/bfe02ea5122c...5fc97b29602d

View the full build log and details: 
https://travis-ci.org/agrandi/openssl/builds/112860546

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Mark J . Cox]

The branch master has been updated
   via  16ef6d8e1199935f2a35b8f3f8244b24dac8603d (commit)
  from  77d5a49c12876ed984fc15225b90c5320ac145d6 (commit)


- Log -
commit 16ef6d8e1199935f2a35b8f3f8244b24dac8603d
Author: Mark J. Cox 
Date:   Tue Mar 1 14:27:58 2016 +

Missing link to advisory

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 9cbb1f2..7221ce3 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+01-Mar-2016: Security Advisory: 
several security fixes
 01-Mar-2016: OpenSSL 1.0.2g is now available, including bug and security fixes
 01-Mar-2016: OpenSSL 1.0.1s is now available, including bug and security fixes
 25-Feb-2016: OpenSSL 1.0.2g and 1.0.1s https://mta.openssl.org/pipermail/openssl-announce/2016-February/63.html;>security
 releases due 1st Mar 2016
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Matt Caswell]

The branch master has been updated
   via  77d5a49c12876ed984fc15225b90c5320ac145d6 (commit)
  from  c141014db4abc964a8247f0314a368f494df5e23 (commit)


- Log -
commit 77d5a49c12876ed984fc15225b90c5320ac145d6
Author: Matt Caswell <m...@openssl.org>
Date:   Tue Mar 1 13:52:30 2016 +

Updates for the new release

---

Summary of changes:
 news/newsflash.txt   |   2 +
 news/secadv/20160301.txt | 286 +++
 news/vulnerabilities.xml | 505 ++-
 3 files changed, 792 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20160301.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 3cdf185..9cbb1f2 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+01-Mar-2016: OpenSSL 1.0.2g is now available, including bug and security fixes
+01-Mar-2016: OpenSSL 1.0.1s is now available, including bug and security fixes
 25-Feb-2016: OpenSSL 1.0.2g and 1.0.1s https://mta.openssl.org/pipermail/openssl-announce/2016-February/63.html;>security
 releases due 1st Mar 2016
 15-Feb-2016: Alpha 3 of OpenSSL 1.1.0 is now available: please download and 
test it
 28-Jan-2016: Security Advisory: two 
security fixes
diff --git a/news/secadv/20160301.txt b/news/secadv/20160301.txt
new file mode 100644
index 000..719351b
--- /dev/null
+++ b/news/secadv/20160301.txt
@@ -0,0 +1,286 @@
+OpenSSL Security Advisory [1st March 2016]
+=
+
+NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as
+well as removing SSLv2 EXPORT ciphers.  We strongly advise against the use of
+SSLv2 due not only to the issues described below, but to the other known
+deficiencies in the protocol as described at
+https://tools.ietf.org/html/rfc6176
+
+
+Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
+
+
+Severity: High
+
+A cross-protocol attack was discovered that could lead to decryption of TLS
+sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
+Bleichenbacher RSA padding oracle.  Note that traffic between clients and
+non-vulnerable servers can be decrypted provided another server supporting
+SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or
+POP) shares the RSA keys of the non-vulnerable server. This vulnerability is
+known as DROWN (CVE-2016-0800).
+
+Recovering one session key requires the attacker to perform approximately 2^50
+computation, as well as thousands of connections to the affected server. A more
+efficient variant of the DROWN attack exists against unpatched OpenSSL servers
+using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on
+19/Mar/2015 (see CVE-2016-0703 below).
+
+Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS
+servers, if they've not done so already. Disabling all SSLv2 ciphers is also
+sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and
+1.0.2f) have been deployed.  Servers that have not disabled the SSLv2 protocol,
+and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
+ciphers are nominally disabled, because malicious clients can force the use of
+SSLv2 with EXPORT ciphers.
+
+OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN:
+
+SSLv2 is now by default disabled at build-time.  Builds that are not configured
+with "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
+users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will
+need to explicitly call either of:
+
+   SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+   or
+   SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+as appropriate.  Even if either of those is used, or the application explicitly
+uses the version-specific SSLv2_method() or its client or server variants,
+SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed.
+Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no
+longer available.
+
+In addition, weak ciphers in SSLv3 and up are now disabled in default builds of
+OpenSSL.  Builds that are not configured with "enable-weak-ssl-ciphers" will
+not provide any "EXPORT" or "LOW" strength ciphers.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2g
+OpenSSL 1.0.1 users should upgrade to 1.0.1s
+
+This issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram and
+Sebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswell
+of OpenSSL.
+
+
+Double-free in DSA code (CVE-2016-0705)
+==

[openssl-commits] [openssl] OpenSSL_1_0_2g create

[Matt Caswell]

The annotated tag OpenSSL_1_0_2g has been created
at  de4cfc08f3089d3a1f9d1eefb74850468c9a51a2 (tag)
   tagging  902f3f50d051dfd6ebf009d352aaf581195caabf (commit)
  replaces  OpenSSL_1_0_2f
 tagged by  Matt Caswell
on  Tue Mar 1 13:36:54 2016 +

- Log -
OpenSSL 1.0.2g release tag

Andy Polyakov (14):
  ms/uplink-x86.pl: make it work.
  util/mk1mf.pl: use LINK_CMD instead of LINK variable.
  perlasm/x86_64-xlate.pl: pass pure constants verbatim.
  modes/ctr128.c: pay attention to ecount_buf alignment in 
CRYPTO_ctr128_encrypt.
  evp/e_des[3].c: address compiler warnings, fix formatting.
  evp/e_des3.c: address compiler warning.
  Makefile.shared: limit .dll image base pinning to FIPS builds.
  ec/asm/ecp_nistz256-x86_64.pl: get corner case logic right.
  modes/asm/ghash-x86_64.pl: refine GNU assembler version detection.
  bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
  bn/asm/rsax-x86_64.pl: constant-time gather procedure.
  bn/asm/rsaz-avx2.pl: constant-time gather procedure.
  crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
  bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path 
and reorganize/harmonize post-conditions.

Corinna Vinschen (1):
  Don't strip object files on Cygwin

Daniel Kahn Gillmor (1):
  RT4129: BUF_new_mem_buf should take const void *

David Woodhouse (1):
  RT4175: Fix PKCS7_verify() regression with Authenticode signatures

Dr. Stephen Henson (5):
  Backport SHA2 support for capi engine
  if no comparison function set make sk_sort no op
  Switch to FIPS implementation for CMAC.
  typo
  Fix double free in DSA private key parsing.

Emilia Kasper (2):
  RT 3854: Update apps/req
  CVE-2016-0798: avoid memory leak in SRP

FdaSilvaYY (3):
  GH714: missing field initialisation
  Fix possible memory leak on BUF_MEM_grow_clean failure
  Fix two possible leaks

Hubert Kario (1):
  GH554: Improve pkeyutl doc

Kurt Roeckx (4):
  Fix CHANGES entry about DSA_generate_parameters_ex
  Restore xmm7 from the correct address on win64
  Revert "Don't check RSA_FLAG_SIGN_VER."
  Fix invalid free

Matt Caswell (13):
  Prepare for 1.0.2g-dev
  Correct value of DH_CHECK_PUBKEY_INVALID
  Add missing return value checks
  Fix bug in nistp224/256/521 where have_precompute_mult always returns 0
  Add have_precompute_mult tests
  Handle SSL_shutdown while in init more appropriately #2
  Fix memory issues in BIO_*printf functions
  Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption
  Add a test for SSLv2 configuration
  Update CHANGES and NEWS for new release
  Ensure mk1mf.pl is aware of no-weak-ssl-ciphers option
  make update
  Prepare for 1.0.2g release

Rich Salz (2):
  GH102: Add volatile to CRYPTO_memcmp
  GH611: s_client help message bug

Richard Levitte (2):
  Correct number of arguments in BIO_get_conn_int_port macro
  Recognise Cygwin-x86_64 in config

Viktor Dukhovni (5):
  Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling
  Fix missing ok=0 with locally blacklisted CAs
  Disable SSLv2 default build, default negotiation and weak ciphers.
  Bring SSL method documentation up to date
  Disable EXPORT and LOW SSLv3+ ciphers by default

---
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  09375d12fb684c6991c06b473664a0630b8b2edf (commit)
   via  317be63875e59efa34be0075eaff3c033ef6969f (commit)
   via  8fc8f486f7fa098c9fbb6a6ae399e3c6856e0d87 (commit)
   via  d6d422e1ec48fac1c6194ab672e320281a214a32 (commit)
   via  5ea08bd2fe6538cbccd89f07e6f1cdd5d3e75e3f (commit)
   via  d6482a82bc2228327aa4ba98aeeecd9979542a31 (commit)
  from  2e0956ba6dd04ae80d54eb4e03bed5a59e2a94c7 (commit)


- Log -
commit 09375d12fb684c6991c06b473664a0630b8b2edf
Author: Matt Caswell 
Date:   Tue Mar 1 11:12:47 2016 +

Updates to CHANGES and NEWS for 1.0.2 and 1.0.1 release

Reviewed-by: Richard Levitte 

commit 317be63875e59efa34be0075eaff3c033ef6969f
Author: Andy Polyakov 
Date:   Tue Jan 26 16:50:10 2016 +0100

bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path
and reorganize/harmonize post-conditions.

Additional hardening following on from CVE-2016-0702

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit 8fc8f486f7fa098c9fbb6a6ae399e3c6856e0d87
Author: Andy Polyakov 
Date:   Mon Jan 25 23:41:01 2016 +0100

crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit d6d422e1ec48fac1c6194ab672e320281a214a32
Author: Andy Polyakov 
Date:   Mon Jan 25 23:25:40 2016 +0100

bn/asm/rsaz-avx2.pl: constant-time gather procedure.

Performance penalty is 2%.

CVE-2016-0702

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit 5ea08bd2fe6538cbccd89f07e6f1cdd5d3e75e3f
Author: Andy Polyakov 
Date:   Mon Jan 25 23:06:45 2016 +0100

bn/asm/rsax-x86_64.pl: constant-time gather procedure.

Performance penalty is 2% on Linux and 5% on Windows.

CVE-2016-0702

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

commit d6482a82bc2228327aa4ba98aeeecd9979542a31
Author: Andy Polyakov 
Date:   Mon Jan 25 20:38:38 2016 +0100

bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.

Performance penalty varies from platform to platform, and even
key length. For rsa2048 sign it was observed to reach almost 10%.

CVE-2016-0702

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   |  134 -
 NEWS  |   15 +-
 crypto/bn/asm/rsaz-avx2.pl|  219 ---
 crypto/bn/asm/rsaz-x86_64.pl  |  375 +---
 crypto/bn/asm/x86_64-mont.pl  |  227 +---
 crypto/bn/asm/x86_64-mont5.pl | 1276 +++--
 crypto/bn/bn_exp.c|  103 ++--
 7 files changed, 1501 insertions(+), 848 deletions(-)

diff --git a/CHANGES b/CHANGES
index 41926e9..0b8c558 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.2f and 1.1.0  [xx XXX ]
+ Changes between 1.0.2g and 1.1.0  [xx XXX ]
 
   *) Add X25519 support.
  Integrate support for X25519 into EC library. This includes support
@@ -858,6 +858,138 @@
  whose return value is often ignored. 
  [Steve Henson]
 
+ Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
+
+  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+Builds that are not configured with "enable-weak-ssl-ciphers" will not
+provide any "EXPORT" or "LOW" strength ciphers.
+[Viktor Dukhovni]
+
+  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
+is by default disabled at build-time.  Builds that are not configured with
+"enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
+users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
+will need to explicitly call either of:
+
+SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+or
+SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+as appropriate.  Even if either of those is used, or the application
+explicitly uses the version-specific SSLv2_method() or its client and
+server variants, SSLv2 ciphers vulnerable to exhaustive search key
+recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
+ciphers, and SSLv2 56-bit DES are no 

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated
   via  73158771aa1d44b0904dc4b2f600969b4290f54f (commit)
   via  57ac73fb5d0a878f282cbcd9e7951c77fdc59e3c (commit)
   via  5d2b93ad7b57bd421579bf111882a0f495f03e38 (commit)
   via  f588db901705adfa774bf3e2604ffd60e55d16a5 (commit)
   via  8954b54182d45fde2d991e7ed80471457d5b2c16 (commit)
   via  c582e9d2139b9c9311718c20bbfeac37718e0b21 (commit)
   via  7f98aa7403a1244cf17d1aa489f5bb0f39bae431 (commit)
   via  d7a854c055ff22fb7da80c3b0e7cb08d248591d0 (commit)
   via  abd5d8fbef7085499ba7785622da4e8288068f46 (commit)
   via  a82cfd612b30258c7d720153298846727b06b046 (commit)
   via  56f1acf5ef8a432992497a04792ff4b3b2c6f286 (commit)
  from  8f651326a5cbec5ca7cf0bad0205d4c87dc8c2d0 (commit)


- Log -
commit 73158771aa1d44b0904dc4b2f600969b4290f54f
Author: Matt Caswell 
Date:   Tue Mar 1 13:42:02 2016 +

Prepare for 1.0.1t-dev

Reviewed-by: Richard Levitte 

commit 57ac73fb5d0a878f282cbcd9e7951c77fdc59e3c
Author: Matt Caswell 
Date:   Tue Mar 1 13:40:46 2016 +

Prepare for 1.0.1s release

Reviewed-by: Richard Levitte 

commit 5d2b93ad7b57bd421579bf111882a0f495f03e38
Author: Matt Caswell 
Date:   Tue Mar 1 13:40:45 2016 +

make update

Reviewed-by: Richard Levitte 

commit f588db901705adfa774bf3e2604ffd60e55d16a5
Author: Matt Caswell 
Date:   Tue Mar 1 12:08:33 2016 +

Ensure mk1mf.pl is aware of no-weak-ssl-ciphers option

Update mk1mf.pl to properly handle no-weak-ssl-ciphers

Reviewed-by: Richard Levitte 

commit 8954b54182d45fde2d991e7ed80471457d5b2c16
Author: Matt Caswell 
Date:   Tue Mar 1 11:00:48 2016 +

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte 

commit c582e9d2139b9c9311718c20bbfeac37718e0b21
Author: Andy Polyakov 
Date:   Fri Sep 12 00:06:00 2014 +0200

perlasm/x86_64-xlate.pl: handle inter-bank movd.

Reviewed-by: Rich Salz 
(cherry picked from commit 902b30df193afc3417a96ba72a81ed390bd50de3)

commit 7f98aa7403a1244cf17d1aa489f5bb0f39bae431
Author: Andy Polyakov 
Date:   Tue Jan 26 16:25:02 2016 +0100

crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

[Backport from master]

CVE-2016-0702

Reviewed-by: Richard Levitte 

commit d7a854c055ff22fb7da80c3b0e7cb08d248591d0
Author: Andy Polyakov 
Date:   Tue Jan 26 11:34:41 2016 +0100

bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.

Performance penalty varies from platform to platform, and even
key length. For rsa2048 sign it was observed to reach almost 10%.

CVE-2016-0702

Reviewed-by: Richard Levitte 

commit abd5d8fbef7085499ba7785622da4e8288068f46
Author: Viktor Dukhovni 
Date:   Fri Feb 19 13:05:11 2016 -0500

Disable EXPORT and LOW SSLv3+ ciphers by default

Reviewed-by: Emilia Käsper 

commit a82cfd612b30258c7d720153298846727b06b046
Author: Viktor Dukhovni 
Date:   Wed Feb 17 23:22:59 2016 -0500

Bring SSL method documentation up to date

Reviewed-by: Emilia Käsper 

commit 56f1acf5ef8a432992497a04792ff4b3b2c6f286
Author: Viktor Dukhovni 
Date:   Wed Feb 17 21:37:15 2016 -0500

Disable SSLv2 default build, default negotiation and weak ciphers.

SSLv2 is by default disabled at build-time.  Builds that are not
configured with "enable-ssl2" will not support SSLv2.  Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:

SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

as appropriate.  Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed.  Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.

Mitigation for CVE-2016-0800

Reviewed-by: Emilia Käsper 

---

Summary of changes:
 CHANGES | 117 -
 Configure   |   8 +-
 NEWS|  15 +-
 README  |   2 +-
 crypto/bn/Makefile  |   3 +-
 crypto/bn/asm/x86_64-mont5.pl   | 513 

[openssl-commits] Build failed: openssl ct_ssl.141

[AppVeyor]

Build openssl ct_ssl.141 failed


Commit abc2c014bd by Rob Percival on 2/29/2016 9:58 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.140

[AppVeyor]

Build openssl ct_policy.140 failed


Commit d66a569044 by Rob Percival on 2/29/2016 9:47 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits