[openssl-commits] [openssl] master update

2016-05-03 Thread Andy Polyakov 
The branch master has been updated
   via  39199fb3b052bd19a5c2a65c51721222e6d856b5 (commit)
  from  b4de72bf641ca195588cc7f758edda171709fdfe (commit)


- Log -
commit 39199fb3b052bd19a5c2a65c51721222e6d856b5
Author: Andy Polyakov 
Date:   Mon May 2 23:38:11 2016 +0200

Configurations/unix-Makefile.tmpl: don't count on -E -P.

Some non-Gnu compilers interpret -E -P combination differently.
some prioritize -E over -P, others -P over -E (in which case .i
file is generated and sometimes truncated because of redirection).

Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 974a978..ea3b708 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -846,7 +846,9 @@ EOF
 $target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
  $generator \$@.S; \\
- \$(CC) \$(CFLAGS) $incs -E -P \$@.S > \$@.i && mv -f \$@.i \$@ )
+ \$(CC) \$(CFLAGS) $incs -E \$@.S | \\
+ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
+ mv -f \$@.i \$@ )
 EOF
   }
   # Otherwise
@@ -857,7 +859,8 @@ EOF
   }
   return <<"EOF";
 $args{src}: $args{generator}->[0] $deps
-   \$(CC) \$(CFLAGS) $incs -E -P \$< > \$@
+   \$(CC) \$(CFLAGS) $incs -E \$< | \\
+   \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
 EOF
   }
   }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-03 Thread Andy Polyakov 
The branch master has been updated
   via  b4de72bf641ca195588cc7f758edda171709fdfe (commit)
  from  7b7eb4725ead9440e5f68c999e0792098ea82239 (commit)


- Log -
commit b4de72bf641ca195588cc7f758edda171709fdfe
Author: Andy Polyakov 
Date:   Mon May 2 10:33:42 2016 +0200

Tru64 fixes.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configurations/10-main.conf | 26 +++---
 crypto/alphacpuid.pl|  2 +-
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 601dbe5..4c58f05 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -595,23 +595,18 @@ sub vms_info {
 bn_ops   => "BN_LLONG",
 },
 
- DEC Alpha OSF/1/Tru64 targets.
-"osf1-alpha-gcc" => {
+ DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4
+ and forward. In reality 'uname -s' still returns "OSF1". Originally
+ there were even osf1-* configs targeting prior versions provided,
+ but not anymore...
+"tru64-alpha-gcc" => {
 inherit_from => [ "BASE_unix", asm("alpha_asm") ],
 cc   => "gcc",
-cflags   => "-O3",
-bn_ops   => "SIXTY_FOUR_BIT_LONG",
-thread_scheme=> "(unknown)",
-dso_scheme   => "dlfcn",
-shared_target=> "alpha-osf1-shared",
-shared_extension => ".so",
-},
-"osf1-alpha-cc" => {
-inherit_from => [ "BASE_unix", asm("alpha_asm") ],
-cc   => "cc",
-cflags   => "-std1 -tune host -O4 -readonly_strings",
+cflags   => combine("-std=c9x -D_XOPEN_SOURCE=500 
-D_OSF_SOURCE -O3",
+threads("-pthread")),
+ex_libs  => "-lrt",# for mlock(2)
 bn_ops   => "SIXTY_FOUR_BIT_LONG",
-thread_scheme=> "(unknown)",
+thread_scheme=> "pthreads",
 dso_scheme   => "dlfcn",
 shared_target=> "alpha-osf1-shared",
 shared_extension => ".so",
@@ -619,8 +614,9 @@ sub vms_info {
 "tru64-alpha-cc" => {
 inherit_from => [ "BASE_unix", asm("alpha_asm") ],
 cc   => "cc",
-cflags   => combine("-std1 -tune host -fast -readonly_strings",
+cflags   => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE 
-tune host -fast -readonly_strings",
 threads("-pthread")),
+ex_libs  => "-lrt",# for mlock(2)
 bn_ops   => "SIXTY_FOUR_BIT_LONG",
 thread_scheme=> "pthreads",
 dso_scheme   => "dlfcn",
diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl
index 6b51731..6356b00 100644
--- a/crypto/alphacpuid.pl
+++ b/crypto/alphacpuid.pl
@@ -8,7 +8,7 @@
 
 
 $output = pop;
-open STDOUT,">$stdout";
+open STDOUT,">$output";
 
 print <<'___';
 .text
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-05-03 Thread Richard Levitte 
The branch master has been updated
   via  6801bb4227003da48f34d559138c6af6c4cc2581 (commit)
  from  2fb6133d074d20f9620ebc23f090cef1a1f1ace8 (commit)


- Log -
commit 6801bb4227003da48f34d559138c6af6c4cc2581
Author: Richard Levitte 
Date:   Tue May 3 19:42:49 2016 +0200

Add missing link to security advisory

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 215a57c..44bbdea 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+03-May-2016: Security Advisory: 
several security fixes
 03-May-2016: OpenSSL 1.0.2h is now available, including bug and security fixes
 03-May-2016: OpenSSL 1.0.1t is now available, including bug and security fixes
 28-Apr-2016: OpenSSL 1.0.2h and 1.0.1t https://mta.openssl.org/pipermail/openssl-announce/2016-April/69.html;>security
 releases due 3rd May 2016
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1598

2016-05-03 Thread openssl . sanity 
See 

Changes:

[Matt Caswell] Fix ASN1_INTEGER handling.

[Matt Caswell] Add test for CVE-2016-2018

[Matt Caswell] add ASN1_INTEGER type to d2i_test

[Matt Caswell] Add ASN.1 INTEGER tests.

[Matt Caswell] Check that we have enough padding characters.

[Matt Caswell] Update CHANGES and NEWS for the new release

[rsalz] Update Diffie-Hellman parameters to IANA standards

[openssl-users] Drop duplicate  ctx->verify_cb assignment

--
Started by upstream project "master_basic" build number 1863
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 7b7eb4725ead9440e5f68c999e0792098ea82239 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 7b7eb4725ead9440e5f68c999e0792098ea82239
 > git rev-list d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson3242408202508912976.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson300551138170756573.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program Maintenance Utility Version

[openssl-commits] [web] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  2fb6133d074d20f9620ebc23f090cef1a1f1ace8 (commit)
  from  55c8718b30ea218af975fd1c6d2a8fb202aec9b5 (commit)


- Log -
commit 2fb6133d074d20f9620ebc23f090cef1a1f1ace8
Author: Matt Caswell 
Date:   Tue May 3 15:58:23 2016 +0100

Fix copy error in vulnerabilities.xml

---

Summary of changes:
 news/vulnerabilities.xml | 41 +++--
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index b18d98c..da6d047 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -31,16 +31,37 @@
 
 
 
-  A MITM attacker can use a padding oracle attack to decrypt traffic
-  when the connection uses an AES CBC cipher and the server support
-  AES-NI.
-
-  This issue was introduced as part of the fix for Lucky 13 padding
-  attack (CVE-2013-0169). The padding check was rewritten to be in
-  constant time by making sure that always the same bytes are read and
-  compared against either the MAC or padding bytes. But it no longer
-  checked that there was enough data to have both the MAC and padding
-  bytes.
+  This issue affected versions of OpenSSL prior to April 2015. The bug
+  causing the vulnerability was fixed on April 18th 2015, and released
+  as part of the June 11th 2015 security releases. The security impact
+  of the bug was not known at the time.
+
+  In previous versions of OpenSSL, ASN.1 encoding the value zero
+  represented as a negative integer can cause a buffer underflow
+  with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does
+  not normally create "negative zeroes" when parsing ASN.1 input, and
+  therefore, an attacker cannot trigger this bug.
+
+  However, a second, independent bug revealed that the ASN.1 parser
+  (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag
+  as a negative zero value. Large universal tags are not present in any
+  common ASN.1 structures (such as X509) but are accepted as part of ANY
+  structures.
+
+  Therefore, if an application deserializes untrusted ASN.1 structures
+  containing an ANY field, and later reserializes them, an attacker may
+  be able to trigger an out-of-bounds write. This has been shown to
+  cause memory corruption that is potentially exploitable with some
+  malloc implementations.
+
+  Applications that parse and re-encode X509 certificates are known to
+  be vulnerable. Applications that verify RSA signatures on X509
+  certificates may also be vulnerable; however, only certificates with
+  valid signatures trigger ASN.1 re-encoding and hence the
+  bug. Specifically, since OpenSSL's default TLS X509 chain verification
+  code verifies the certificate chain from root to leaf, TLS handshakes
+  could only be targeted with valid certificates issued by trusted
+  Certification Authorities.
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  7b7eb4725ead9440e5f68c999e0792098ea82239 (commit)
  from  fb015ca6f05e09b11a3932f89d25bae697c8af1e (commit)


- Log -
commit 7b7eb4725ead9440e5f68c999e0792098ea82239
Author: Viktor Dukhovni 
Date:   Fri Apr 29 16:36:32 2016 -0400

Drop duplicate  ctx->verify_cb assignment

The right variant is ~18 lines below.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/x509/x509_vfy.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2b17b29..6fc08c4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2171,11 +2171,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE 
*store, X509 *x509,
 /* Zero ex_data to make sure we're cleanup-safe */
 memset(>ex_data, 0, sizeof(ctx->ex_data));
 
-if (store) {
-ctx->verify_cb = store->verify_cb;
-/* Seems to always be 0 in OpenSSL, else must be idempotent */
+/* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
+if (store)
 ctx->cleanup = store->cleanup;
-} else
+else
 ctx->cleanup = 0;
 
 if (store && store->check_issued)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-03 Thread Rich Salz 
The branch master has been updated
   via  fb015ca6f05e09b11a3932f89d25bae697c8af1e (commit)
  from  6ac8377901b6cb9d5da8953d090e2ab43d65e8b5 (commit)


- Log -
commit fb015ca6f05e09b11a3932f89d25bae697c8af1e
Author: Christian Bundy 
Date:   Tue Mar 1 23:48:12 2016 -0500

Update Diffie-Hellman parameters to IANA standards

This replaces the old SKIP primes with the most current Diffie-Hellman
MODP groups defined by RFC 7296 and RFC 3526.

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from GitHub https://github.com/openssl/openssl/pull/775)

---

Summary of changes:
 apps/dh1024.pem | 14 +++---
 apps/dh2048.pem | 20 +++-
 apps/dh4096.pem | 31 ---
 3 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/apps/dh1024.pem b/apps/dh1024.pem
index 6eaeca9..f1a5e18 100644
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,10 +1,10 @@
 -BEGIN DH PARAMETERS-
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
+MIGHAoGBAP//yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//AgEC
 -END DH PARAMETERS-
 
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe 
prime.
+These are the 1024-bit DH parameters from "Internet Key Exchange 
+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/apps/dh2048.pem b/apps/dh2048.pem
index dcd0b8d..e899f2e 100644
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@@ -1,12 +1,14 @@
 -BEGIN DH PARAMETERS-
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
+MIIBCAKCAQEA///JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqsqmj//wIBAg==
 -END DH PARAMETERS-
 
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
+These are the 2048-bit DH parameters from "More Modular Exponential 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/apps/dh4096.pem b/apps/dh4096.pem
index 1b35ad8..adada2b 100644
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@@ -1,18 +1,19 @@
 -BEGIN DH PARAMETERS-
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
+MIICCAKCAgEA///JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI

[openssl-commits] Build completed: openssl master.2959

2016-05-03 Thread AppVeyor 


Build openssl master.2959 completed



Commit 3f3582139f by Matt Caswell on 5/3/2016 7:57 AM:

Fix encrypt overflow


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  55c8718b30ea218af975fd1c6d2a8fb202aec9b5 (commit)
  from  6103cfde4c81027cd857c7ec92b695933e514c00 (commit)


- Log -
commit 55c8718b30ea218af975fd1c6d2a8fb202aec9b5
Author: Matt Caswell <m...@openssl.org>
Date:   Tue May 3 14:54:04 2016 +0100

Update for new release

---

Summary of changes:
 news/newsflash.txt   |   2 +
 news/secadv/20160503.txt | 200 
 news/vulnerabilities.xml | 289 ++-
 3 files changed, 490 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20160503.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index b7c782e..215a57c 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+03-May-2016: OpenSSL 1.0.2h is now available, including bug and security fixes
+03-May-2016: OpenSSL 1.0.1t is now available, including bug and security fixes
 28-Apr-2016: OpenSSL 1.0.2h and 1.0.1t https://mta.openssl.org/pipermail/openssl-announce/2016-April/69.html;>security
 releases due 3rd May 2016
 19-Apr-2016: Beta 2 (pre-release 5) of OpenSSL 1.1.0 is now available: please 
download and test it
 16-Mar-2016: Beta 1 (pre-release 4) of OpenSSL 1.1.0 is now available: please 
download and test it
diff --git a/news/secadv/20160503.txt b/news/secadv/20160503.txt
new file mode 100644
index 000..98ec0c0
--- /dev/null
+++ b/news/secadv/20160503.txt
@@ -0,0 +1,200 @@
+OpenSSL Security Advisory [3rd May 2016]
+
+
+Memory corruption in the ASN.1 encoder (CVE-2016-2108)
+==
+
+Severity: High
+
+This issue affected versions of OpenSSL prior to April 2015. The bug
+causing the vulnerability was fixed on April 18th 2015, and released
+as part of the June 11th 2015 security releases. The security impact
+of the bug was not known at the time.
+
+In previous versions of OpenSSL, ASN.1 encoding the value zero
+represented as a negative integer can cause a buffer underflow
+with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does
+not normally create "negative zeroes" when parsing ASN.1 input, and
+therefore, an attacker cannot trigger this bug.
+
+However, a second, independent bug revealed that the ASN.1 parser
+(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag
+as a negative zero value. Large universal tags are not present in any
+common ASN.1 structures (such as X509) but are accepted as part of ANY
+structures.
+
+Therefore, if an application deserializes untrusted ASN.1 structures
+containing an ANY field, and later reserializes them, an attacker may
+be able to trigger an out-of-bounds write. This has been shown to
+cause memory corruption that is potentially exploitable with some
+malloc implementations.
+
+Applications that parse and re-encode X509 certificates are known to
+be vulnerable. Applications that verify RSA signatures on X509
+certificates may also be vulnerable; however, only certificates with
+valid signatures trigger ASN.1 re-encoding and hence the
+bug. Specifically, since OpenSSL's default TLS X509 chain verification
+code verifies the certificate chain from root to leaf, TLS handshakes
+could only be targeted with valid certificates issued by trusted
+Certification Authorities.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2c
+OpenSSL 1.0.1 users should upgrade to 1.0.1o
+
+This vulnerability is a combination of two bugs, neither of which
+individually has security impact. The first bug (mishandling of
+negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala
+(Red Hat) and independently by Hanno Böck in April 2015. The second
+issue (mishandling of large universal tags) was found using libFuzzer,
+and reported on the public issue tracker on March 1st 2016. The fact
+that these two issues combined present a security vulnerability was
+reported by David Benjamin (Google) on March 31st 2016. The fixes were
+developed by Steve Henson of the OpenSSL development team, and David
+Benjamin.  The OpenSSL team would also like to thank Mark Brand and
+Ian Beer from the Google Project Zero team for their careful analysis
+of the impact.
+
+The fix for the "negative zero" memory corruption bug can be
+identified by commits
+
+3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)
+and
+32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)
+
+Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+==
+
+Severity: High
+
+A MITM attacker can use a padding oracle attack to decrypt traffic
+when the connection uses an AES CBC cipher and the server support
+AES-NI.
+
+This

[openssl-commits] [openssl] OpenSSL_1_0_2h create

2016-05-03 Thread Matt Caswell 
The annotated tag OpenSSL_1_0_2h has been created
at  2bf3af72664b963ee5702efd561d63ae2dc507f6 (tag)
   tagging  5dd94f1847c744929a3bd24819f1c99644bb18c7 (commit)
  replaces  OpenSSL_1_0_2g
 tagged by  Matt Caswell
on  Tue May 3 14:46:41 2016 +0100

- Log -
OpenSSL 1.0.2h release tag

Andy Polyakov (4):
  perlasm/x86_64-xlate.pl: handle binary constants early.
  bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
  PPC assembly pack: remove branch hints.
  s390x assembly pack: cache capability query results.

David Benjamin (1):
  Fix memory leak on invalid CertificateRequest.

Dr. Stephen Henson (11):
  Sanity check PVK file fields.
  Don't shift serial number into sign bit
  Fix FIPS SSLv2 test
  Harden ASN.1 BIO handling of large amounts of data.
  Reject inappropriate private key encryption ciphers.
  Add size limit to X509_NAME structure.
  Sanity check buffer length.
  Add checks to X509_NAME_oneline()
  Don't free ret->data if malloc fails.
  Fix i2d_X509_AUX: pp can be NULL.
  Fix ASN1_INTEGER handling.

Eric S. Raymond (1):
  RT4358: Extra ] in doc/ocsp.pod

Kurt Roeckx (3):
  Remove LOW from the default
  Add no-ssl2-method
  Check that we have enough padding characters.

Matt Caswell (16):
  Prepare for 1.0.2h-dev
  Fix a potential double free in EVP_DigestInit_ex
  Ensure that memory allocated for the ticket is freed
  Add a check for a failed malloc
  Fix the no-comp option for Windows
  Fix a signed/unsigned warning
  Ensure we check i2d_X509 return val
  Fix encrypt overflow
  Prevent EBCDIC overread for very long strings
  Avoid overflow in EVP_EncodeUpdate
  Ensure EVP_EncodeUpdate handles an output length that is too long
  Add documentation for EVP_EncodeInit() and similar functions
  Remove some documentation for functions not in 1.0.x
  Update CHANGES and NEWS for the new release
  make update
  Prepare for 1.0.2h release

Rich Salz (1):
  Fix NULL deref in apps/pkcs7

Richard Levitte (2):
  Recognise 32-bit Solaris in util/shlib_wrap.sh
  Touch the correct variables for the system; shlib_wrap.sh on Solaris

TJ Saunders (2):
  Issue #719:
  Remove confusing comment.

Todd Short (1):
  Fix ALPN

Viktor Dukhovni (3):
  Retain SSLv2 methods as functions that return NULL
  expose SSLv2 method prototypes
  Fix buffer overrun in ASN1_parse().

---
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1t create

2016-05-03 Thread Matt Caswell 
The annotated tag OpenSSL_1_0_1t has been created
at  82aa4a2104c3456a66aed4c55da51f6ddecf3648 (tag)
   tagging  3d2e575b3f71b4d66c0b948d411d8e936f192127 (commit)
  replaces  OpenSSL_1_0_1s
 tagged by  Matt Caswell
on  Tue May 3 14:49:52 2016 +0100

- Log -
OpenSSL 1.0.1t release tag

Andy Polyakov (1):
  bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.

David Benjamin (1):
  Fix memory leak on invalid CertificateRequest.

Dr. Stephen Henson (11):
  Sanity check PVK file fields.
  Don't shift serial number into sign bit
  Fix FIPS SSLv2 test
  Harden ASN.1 BIO handling of large amounts of data.
  Reject inappropriate private key encryption ciphers.
  Add size limit to X509_NAME structure.
  Sanity check buffer length.
  Add checks to X509_NAME_oneline()
  Don't free ret->data if malloc fails.
  Fix i2d_X509_AUX: pp can be NULL.
  Fix ASN1_INTEGER handling.

Kurt Roeckx (3):
  Remove LOW from the default
  Add no-ssl2-method
  Check that we have enough padding characters.

Matt Caswell (16):
  Prepare for 1.0.1t-dev
  Fix a potential double free in EVP_DigestInit_ex
  Ensure that memory allocated for the ticket is freed
  Add a check for a failed malloc
  Fix the no-comp option for Windows
  Fix a signed/unsigned warning
  Ensure we check i2d_X509 return val
  Fix encrypt overflow
  Prevent EBCDIC overread for very long strings
  Avoid overflow in EVP_EncodeUpdate
  Ensure EVP_EncodeUpdate handles an output length that is too long
  Add documentation for EVP_EncodeInit() and similar functions
  Remove some documentation for functions not in 1.0.x
  Update CHANGES and NEWS for the new release
  make update
  Prepare for 1.0.1t release

Rich Salz (1):
  Fix NULL deref in apps/pkcs7

Viktor Dukhovni (3):
  Retain SSLv2 methods as functions that return NULL
  expose SSLv2 method prototypes
  Fix buffer overrun in ASN1_parse().

---
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  5c6944593d3125800ae1a9b28d2efb6f870273c2 (commit)
   via  5dd94f1847c744929a3bd24819f1c99644bb18c7 (commit)
   via  76564c8e7865ef45aa45d44d4d99979f181f8a74 (commit)
   via  b4d56b8ecb985ed8c8d3b757b5a728aa52143e41 (commit)
   via  d4b25980020821d4685752ecb9105c0902109ab5 (commit)
   via  68595c0c2886e7942a14f98c17a55a88afb6c292 (commit)
  from  643e8e972e54fa358935e5f8b7f5a8be9616d56b (commit)


- Log -
commit 5c6944593d3125800ae1a9b28d2efb6f870273c2
Author: Matt Caswell 
Date:   Tue May 3 14:47:32 2016 +0100

Prepare for 1.0.2i-dev

Reviewed-by: Rich Salz 

commit 5dd94f1847c744929a3bd24819f1c99644bb18c7
Author: Matt Caswell 
Date:   Tue May 3 14:46:41 2016 +0100

Prepare for 1.0.2h release

Reviewed-by: Rich Salz 

commit 76564c8e7865ef45aa45d44d4d99979f181f8a74
Author: Matt Caswell 
Date:   Tue May 3 14:46:41 2016 +0100

make update

Reviewed-by: Rich Salz 

commit b4d56b8ecb985ed8c8d3b757b5a728aa52143e41
Author: Matt Caswell 
Date:   Tue May 3 09:37:23 2016 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit d4b25980020821d4685752ecb9105c0902109ab5
Author: Dr. Stephen Henson 
Date:   Fri Apr 15 02:37:09 2016 +0100

Fix ASN1_INTEGER handling.

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin  for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper 

commit 68595c0c2886e7942a14f98c17a55a88afb6c292
Author: Kurt Roeckx 
Date:   Sat Apr 16 23:08:56 2016 +0200

Check that we have enough padding characters.

Reviewed-by: Emilia Käsper 

CVE-2016-2107

MR: #2572

---

Summary of changes:
 CHANGES| 89 +-
 NEWS   | 15 ++-
 README |  2 +-
 crypto/asn1/a_type.c   |  2 -
 crypto/asn1/tasn_dec.c |  2 -
 crypto/asn1/tasn_enc.c |  2 -
 crypto/evp/Makefile| 13 +++---
 crypto/evp/e_aes_cbc_hmac_sha1.c   |  3 ++
 crypto/evp/e_aes_cbc_hmac_sha256.c |  3 ++
 crypto/opensslv.h  |  6 +--
 openssl.spec   |  2 +-
 11 files changed, 120 insertions(+), 19 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2d73627..c3d3d7a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,94 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.2g and 1.0.2h [xx XXX ]
+ Changes between 1.0.2h and 1.0.2i [xx XXX ]
+
+  *)
+
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+ A MITM attacker can use a padding oracle attack to decrypt traffic
+ when the connection uses an AES CBC cipher and the server support
+ AES-NI.
+
+ This issue was introduced as part of the fix for Lucky 13 padding
+ attack (CVE-2013-0169). The padding check was rewritten to be in
+ constant time by making sure that always the same bytes are read and
+ compared against either the MAC or padding bytes. But it no longer
+ checked that there was enough data to have both the MAC and padding
+ bytes.
+
+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
+ (CVE-2016-2107)
+ [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
+ Base64 encoding of binary data. If an attacker is able to supply very 
large
+ amounts of input data then a length check can overflow resulting in a heap
+ corruption.
+
+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+ the PEM_write_bio* family of functions. These are mainly used within the
+ OpenSSL command line applications, so any application which processes data
+ from an untrusted source and outputs it as a PEM file should be considered
+ vulnerable to this issue. User applications that call these APIs directly
+ with large amounts of untrusted data may also be vulnerable.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2105)
+ [Matt Caswell]
+
+  *) Fix EVP_EncryptUpdate overflow
+
+ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+ is able to supply very large amounts of input data after a previous

[openssl-commits] [openssl] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  6ac8377901b6cb9d5da8953d090e2ab43d65e8b5 (commit)
   via  70428eada9bc4cf31424d723d1f992baffeb0dfb (commit)
   via  2c7fe4dc9ae0c84d2c398d57143983800cc3f18d (commit)
   via  1b96ec100226e24c2969ff586aabf4dcd942c694 (commit)
   via  106cb9505746ddb69dc07ef45232084e620940ec (commit)
   via  d7ab691bc479d3cf2eea07329db6ce0e2589f0b9 (commit)
  from  d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (commit)


- Log -
commit 6ac8377901b6cb9d5da8953d090e2ab43d65e8b5
Author: Matt Caswell 
Date:   Tue May 3 09:49:13 2016 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit 70428eada9bc4cf31424d723d1f992baffeb0dfb
Author: Kurt Roeckx 
Date:   Sat Apr 16 23:08:56 2016 +0200

Check that we have enough padding characters.

Reviewed-by: Emilia Käsper 

CVE-2016-2107

MR: #2572

commit 2c7fe4dc9ae0c84d2c398d57143983800cc3f18d
Author: Dr. Stephen Henson 
Date:   Tue Apr 26 12:12:40 2016 +0100

Add ASN.1 INTEGER tests.

Add tests for ASN.1 INTEGER: invalid tag, valid 0, 1, -1 and 0, -1 with
illegal padding.

Also add ASN1_ANY tests for 0, 1 and -1.

Reviewed-by: Emilia Käsper 

commit 1b96ec100226e24c2969ff586aabf4dcd942c694
Author: Dr. Stephen Henson 
Date:   Tue Apr 26 12:04:42 2016 +0100

add ASN1_INTEGER type to d2i_test

Reviewed-by: Emilia Käsper 

commit 106cb9505746ddb69dc07ef45232084e620940ec
Author: Dr. Stephen Henson 
Date:   Sat Apr 23 13:52:43 2016 +0100

Add test for CVE-2016-2018

Reviewed-by: Emilia Käsper 

commit d7ab691bc479d3cf2eea07329db6ce0e2589f0b9
Author: Dr. Stephen Henson 
Date:   Fri Apr 15 02:37:09 2016 +0100

Fix ASN1_INTEGER handling.

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin  for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper 

---

Summary of changes:
 CHANGES  |  97 +++
 NEWS |  15 +-
 crypto/asn1/a_type.c |   2 -
 crypto/asn1/tasn_dec.c   |   2 -
 crypto/asn1/tasn_enc.c   |   2 -
 crypto/evp/e_aes_cbc_hmac_sha1.c |   3 ++
 crypto/evp/e_aes_cbc_hmac_sha256.c   |   3 ++
 test/d2i-tests/bad-int-pad0.der  | Bin 0 -> 4 bytes
 test/d2i-tests/bad-int-padminus1.der |   1 +
 test/d2i-tests/high_tag.der  | Bin 0 -> 6 bytes
 test/d2i-tests/int0.der  | Bin 0 -> 3 bytes
 test/d2i-tests/int1.der  |   1 +
 test/d2i-tests/intminus1.der |   1 +
 test/d2i_test.c  |   3 +-
 test/recipes/25-test_d2i.t   |  53 ++-
 15 files changed, 174 insertions(+), 9 deletions(-)
 create mode 100644 test/d2i-tests/bad-int-pad0.der
 create mode 100644 test/d2i-tests/bad-int-padminus1.der
 create mode 100644 test/d2i-tests/high_tag.der
 create mode 100644 test/d2i-tests/int0.der
 create mode 100644 test/d2i-tests/int1.der
 create mode 100644 test/d2i-tests/intminus1.der

diff --git a/CHANGES b/CHANGES
index 41bc9a4..fe16b0b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -995,6 +995,103 @@
  validated when establishing a connection.
  [Rob Percival ]
 
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+ A MITM attacker can use a padding oracle attack to decrypt traffic
+ when the connection uses an AES CBC cipher and the server support
+ AES-NI.
+
+ This issue was introduced as part of the fix for Lucky 13 padding
+ attack (CVE-2013-0169). The padding check was rewritten to be in
+ constant time by making sure that always the same bytes are read and
+ compared against either the MAC or padding bytes. But it no longer
+ checked that there was enough data to have both the MAC and padding
+ bytes.
+
+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
+ (CVE-2016-2107)
+ [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
+ Base64 encoding of binary data. If an attacker is able to supply very 
large
+ amounts of input data then a length check can overflow resulting in a heap
+ corruption.
+
+ Internally to OpenSSL the EVP_EncodeUpdate()

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  c33e68971fa5a37ecb443755da22db9af5c35c80 (commit)
   via  3d2e575b3f71b4d66c0b948d411d8e936f192127 (commit)
   via  289cc052d3d8c4790264c2f7f10c8152b473bb67 (commit)
   via  0e6b8bf4bb83d9ebf8371cf2fde92438d31a6699 (commit)
   via  f5da52e308a6aeea6d5f3df98c4da295d7e9cc27 (commit)
   via  4159f311671cf3bac03815e5de44681eb758304a (commit)
  from  e903aaf894d542c02dc9bfd5065f906dc720d841 (commit)


- Log -
commit c33e68971fa5a37ecb443755da22db9af5c35c80
Author: Matt Caswell 
Date:   Tue May 3 14:50:37 2016 +0100

Prepare for 1.0.1u-dev

Reviewed-by: Rich Salz 

commit 3d2e575b3f71b4d66c0b948d411d8e936f192127
Author: Matt Caswell 
Date:   Tue May 3 14:49:52 2016 +0100

Prepare for 1.0.1t release

Reviewed-by: Rich Salz 

commit 289cc052d3d8c4790264c2f7f10c8152b473bb67
Author: Matt Caswell 
Date:   Tue May 3 14:49:52 2016 +0100

make update

Reviewed-by: Rich Salz 

commit 0e6b8bf4bb83d9ebf8371cf2fde92438d31a6699
Author: Matt Caswell 
Date:   Tue May 3 09:37:23 2016 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte 

commit f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
Author: Dr. Stephen Henson 
Date:   Fri Apr 15 02:37:09 2016 +0100

Fix ASN1_INTEGER handling.

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin  for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper 

commit 4159f311671cf3bac03815e5de44681eb758304a
Author: Kurt Roeckx 
Date:   Sat Apr 16 23:08:56 2016 +0200

Check that we have enough padding characters.

Reviewed-by: Emilia Käsper 

CVE-2016-2107

MR: #2572

---

Summary of changes:
 CHANGES  | 93 +++-
 NEWS | 15 ++-
 README   |  2 +-
 crypto/asn1/a_type.c |  2 -
 crypto/asn1/tasn_dec.c   |  2 -
 crypto/asn1/tasn_enc.c   |  2 -
 crypto/evp/Makefile  |  8 ++--
 crypto/evp/e_aes_cbc_hmac_sha1.c |  3 ++
 crypto/opensslv.h|  6 +--
 openssl.spec |  2 +-
 10 files changed, 118 insertions(+), 17 deletions(-)

diff --git a/CHANGES b/CHANGES
index d4e9887..9442f3d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,98 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.1s and 1.0.1t [xx XXX ]
+ Changes between 1.0.1t and 1.0.1u [xx XXX ]
+
+  *)
+
+ Changes between 1.0.1s and 1.0.1t [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+ A MITM attacker can use a padding oracle attack to decrypt traffic
+ when the connection uses an AES CBC cipher and the server support
+ AES-NI.
+
+ This issue was introduced as part of the fix for Lucky 13 padding
+ attack (CVE-2013-0169). The padding check was rewritten to be in
+ constant time by making sure that always the same bytes are read and
+ compared against either the MAC or padding bytes. But it no longer
+ checked that there was enough data to have both the MAC and padding
+ bytes.
+
+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
+ (CVE-2016-2107)
+ [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
+ Base64 encoding of binary data. If an attacker is able to supply very 
large
+ amounts of input data then a length check can overflow resulting in a heap
+ corruption.
+
+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+ the PEM_write_bio* family of functions. These are mainly used within the
+ OpenSSL command line applications, so any application which processes data
+ from an untrusted source and outputs it as a PEM file should be considered
+ vulnerable to this issue. User applications that call these APIs directly
+ with large amounts of untrusted data may also be vulnerable.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2105)
+ [Matt Caswell]
+
+  *) Fix EVP_EncryptUpdate overflow
+
+ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+ is able to supply very large amounts of input data after a previous call 
to
+ EVP_EncryptUpdate() with a partial block then a

[openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.2958

2016-05-03 Thread AppVeyor 



Build openssl OpenSSL_1_0_1-stable.2958 failed


Commit 1d29506fe0 by Dr. Stephen Henson on 5/2/2016 9:50 PM:

Fix i2d_X509_AUX: pp can be NULL.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  e903aaf894d542c02dc9bfd5065f906dc720d841 (commit)
  from  fec6d1e868aad9c133e9096fc089ff52293612bf (commit)


- Log -
commit e903aaf894d542c02dc9bfd5065f906dc720d841
Author: Matt Caswell 
Date:   Tue May 3 12:45:45 2016 +0100

Remove some documentation for functions not in 1.0.x

A few functions in the recently added EVP_EncodeInit docs don't apply to
the 1.0.x branches.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 doc/crypto/EVP_EncodeInit.pod | 25 +++--
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
index bc35acf..c6f1267 100644
--- a/doc/crypto/EVP_EncodeInit.pod
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -2,18 +2,14 @@
 
 =head1 NAME
 
-EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
-EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
-EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
-routines
+EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
+EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 
64
+encode/decode routines
 
 =head1 SYNOPSIS
 
  #include 
 
- EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
- void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
- int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
  void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
  void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
@@ -37,12 +33,6 @@ plus some occasional newlines (see below). If the input data 
length is not a
 multiple of 3 then the output data will be padded at the end using the "="
 character.
 
-EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used 
for
-the encode/decode functions.
-
-EVP_ENCODE_CTX_free() cleans up an encode/decode context B and frees up 
the
-space allocated to it.
-
 Encoding of binary data is performed in blocks of 48 input bytes (or less for
 the final block). For each 48 byte input block encoded 64 bytes of base 64 data
 is output plus an additional newline character (i.e. 65 bytes in total). The
@@ -75,9 +65,6 @@ in B<*outl>. It is the caller's responsibility to ensure that 
B is
 sufficiently large to accommodate the output data which will never be more than
 65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
 
-EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still 
to
-be encoded or decoded that are pending in the B object.
-
 EVP_EncodeBlock() encodes a full block of input data in B and of length
 B and stores it in B. For every 3 bytes of input provided 4 bytes of
 output data will be produced. If B is not divisible by 3 then the block 
is
@@ -123,12 +110,6 @@ the data decoded or -1 on error.
 
 =head1 RETURN VALUES
 
-EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
-object or NULL on error.
-
-EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding 
in
-B.
-
 EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
 terminator.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  643e8e972e54fa358935e5f8b7f5a8be9616d56b (commit)
  from  0b3762a342bef77fcd8c2d712eae4860af706b20 (commit)


- Log -
commit 643e8e972e54fa358935e5f8b7f5a8be9616d56b
Author: Matt Caswell 
Date:   Tue May 3 12:45:45 2016 +0100

Remove some documentation for functions not in 1.0.x

A few functions in the recently added EVP_EncodeInit docs don't apply to
the 1.0.x branches.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 doc/crypto/EVP_EncodeInit.pod | 25 +++--
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
index bc35acf..c6f1267 100644
--- a/doc/crypto/EVP_EncodeInit.pod
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -2,18 +2,14 @@
 
 =head1 NAME
 
-EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
-EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
-EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
-routines
+EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
+EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 
64
+encode/decode routines
 
 =head1 SYNOPSIS
 
  #include 
 
- EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
- void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
- int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
  void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
  void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
@@ -37,12 +33,6 @@ plus some occasional newlines (see below). If the input data 
length is not a
 multiple of 3 then the output data will be padded at the end using the "="
 character.
 
-EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used 
for
-the encode/decode functions.
-
-EVP_ENCODE_CTX_free() cleans up an encode/decode context B and frees up 
the
-space allocated to it.
-
 Encoding of binary data is performed in blocks of 48 input bytes (or less for
 the final block). For each 48 byte input block encoded 64 bytes of base 64 data
 is output plus an additional newline character (i.e. 65 bytes in total). The
@@ -75,9 +65,6 @@ in B<*outl>. It is the caller's responsibility to ensure that 
B is
 sufficiently large to accommodate the output data which will never be more than
 65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
 
-EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still 
to
-be encoded or decoded that are pending in the B object.
-
 EVP_EncodeBlock() encodes a full block of input data in B and of length
 B and stores it in B. For every 3 bytes of input provided 4 bytes of
 output data will be produced. If B is not divisible by 3 then the block 
is
@@ -123,12 +110,6 @@ the data decoded or -1 on error.
 
 =head1 RETURN VALUES
 
-EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
-object or NULL on error.
-
-EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding 
in
-B.
-
 EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
 terminator.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1597

2016-05-03 Thread openssl . sanity 
See 

Changes:

[Matt Caswell] Prevent EBCDIC overread for very long strings

[Richard Levitte] Try 'make install' with one of the Travis configurations

[Richard Levitte] Improve comment

[Richard Levitte] Properly own the duplicated string

[Matt Caswell] Avoid overflow in EVP_EncodeUpdate

[Matt Caswell] Ensure EVP_EncodeUpdate handles an output length that is too long

[Matt Caswell] Add documentation for EVP_EncodeInit() and similar functions

--
Started by upstream project "master_basic" build number 1862
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f d202a602e07b7090e3e5d75216b47cc7eb6fd4b6
 > git rev-list 3f3582139fbb259a1c3cbb0a25236500a409bf26 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson8882449190278543850.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson4464632904362210524.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  fec6d1e868aad9c133e9096fc089ff52293612bf (commit)
   via  5d20e98465ad2d9af52190d42ca2b9deedcf9e8e (commit)
   via  5b814481f3573fa9677f3a31ee51322e2a22ee6a (commit)
  from  2919516136a4227d9e6d8f2fe66ef976aaf8c561 (commit)


- Log -
commit fec6d1e868aad9c133e9096fc089ff52293612bf
Author: Matt Caswell 
Date:   Mon Apr 25 11:54:30 2016 +0100

Add documentation for EVP_EncodeInit() and similar functions

Reviewed-by: Richard Levitte 

commit 5d20e98465ad2d9af52190d42ca2b9deedcf9e8e
Author: Matt Caswell 
Date:   Mon Apr 25 09:06:29 2016 +0100

Ensure EVP_EncodeUpdate handles an output length that is too long

With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.

Reviewed-by: Richard Levitte 

commit 5b814481f3573fa9677f3a31ee51322e2a22ee6a
Author: Matt Caswell 
Date:   Fri Mar 4 10:17:17 2016 +

Avoid overflow in EVP_EncodeUpdate

An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/evp/encode.c   |  12 +++-
 doc/crypto/EVP_EncodeInit.pod | 146 ++
 doc/crypto/evp.pod|   5 ++
 3 files changed, 160 insertions(+), 3 deletions(-)
 create mode 100644 doc/crypto/EVP_EncodeInit.pod

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index c6abc4a..c6c775e 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -57,6 +57,7 @@
  */
 
 #include 
+#include 
 #include "cryptlib.h"
 #include 
 
@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
   const unsigned char *in, int inl)
 {
 int i, j;
-unsigned int total = 0;
+size_t total = 0;
 
 *outl = 0;
 if (inl <= 0)
 return;
 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-if ((ctx->num + inl) < ctx->length) {
+if (ctx->length - ctx->num > inl) {
 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
 ctx->num += inl;
 return;
@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total = j + 1;
 }
-while (inl >= ctx->length) {
+while (inl >= ctx->length && total <= INT_MAX) {
 j = EVP_EncodeBlock(out, in, ctx->length);
 in += ctx->length;
 inl -= ctx->length;
@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total += j + 1;
 }
+if (total > INT_MAX) {
+/* Too much output data! */
+*outl = 0;
+return;
+}
 if (inl != 0)
 memcpy(&(ctx->enc_data[0]), in, inl);
 ctx->num = inl;
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
index 000..bc35acf
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,146 @@
+=pod
+
+=head1 NAME
+
+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
+EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
+EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
+routines
+
+=head1 SYNOPSIS
+
+ #include 
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+   const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  0b3762a342bef77fcd8c2d712eae4860af706b20 (commit)
   via  3850c2b9d55fb91ea1d9b8228fd8a761d0ba1780 (commit)
   via  172c6e1e14defe7d49d62f5fc9ea6a79b225424f (commit)
  from  9f2ccf1d718ab66c778a623f9aed3cddf17503a2 (commit)


- Log -
commit 0b3762a342bef77fcd8c2d712eae4860af706b20
Author: Matt Caswell 
Date:   Mon Apr 25 11:54:30 2016 +0100

Add documentation for EVP_EncodeInit() and similar functions

Reviewed-by: Richard Levitte 

commit 3850c2b9d55fb91ea1d9b8228fd8a761d0ba1780
Author: Matt Caswell 
Date:   Mon Apr 25 09:06:29 2016 +0100

Ensure EVP_EncodeUpdate handles an output length that is too long

With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.

Reviewed-by: Richard Levitte 

commit 172c6e1e14defe7d49d62f5fc9ea6a79b225424f
Author: Matt Caswell 
Date:   Fri Mar 4 10:17:17 2016 +

Avoid overflow in EVP_EncodeUpdate

An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/evp/encode.c   |  12 +++-
 doc/crypto/EVP_EncodeInit.pod | 146 ++
 doc/crypto/evp.pod|   5 ++
 3 files changed, 160 insertions(+), 3 deletions(-)
 create mode 100644 doc/crypto/EVP_EncodeInit.pod

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index c6abc4a..c6c775e 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -57,6 +57,7 @@
  */
 
 #include 
+#include 
 #include "cryptlib.h"
 #include 
 
@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
   const unsigned char *in, int inl)
 {
 int i, j;
-unsigned int total = 0;
+size_t total = 0;
 
 *outl = 0;
 if (inl <= 0)
 return;
 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-if ((ctx->num + inl) < ctx->length) {
+if (ctx->length - ctx->num > inl) {
 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
 ctx->num += inl;
 return;
@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total = j + 1;
 }
-while (inl >= ctx->length) {
+while (inl >= ctx->length && total <= INT_MAX) {
 j = EVP_EncodeBlock(out, in, ctx->length);
 in += ctx->length;
 inl -= ctx->length;
@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total += j + 1;
 }
+if (total > INT_MAX) {
+/* Too much output data! */
+*outl = 0;
+return;
+}
 if (inl != 0)
 memcpy(&(ctx->enc_data[0]), in, inl);
 ctx->num = inl;
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
index 000..bc35acf
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,146 @@
+=pod
+
+=head1 NAME
+
+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
+EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
+EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
+routines
+
+=head1 SYNOPSIS
+
+ #include 
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+   const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int

[openssl-commits] [openssl] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (commit)
   via  2bd5d70ce5943e0085c1f886ed8ea4c34ca0f133 (commit)
   via  ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920 (commit)
  from  b7b8e948014d93e1eb6d954d0799ae68ab0e068b (commit)


- Log -
commit d202a602e07b7090e3e5d75216b47cc7eb6fd4b6
Author: Matt Caswell 
Date:   Mon Apr 25 11:54:30 2016 +0100

Add documentation for EVP_EncodeInit() and similar functions

Reviewed-by: Richard Levitte 

commit 2bd5d70ce5943e0085c1f886ed8ea4c34ca0f133
Author: Matt Caswell 
Date:   Mon Apr 25 09:06:29 2016 +0100

Ensure EVP_EncodeUpdate handles an output length that is too long

With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.

Reviewed-by: Richard Levitte 

commit ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
Author: Matt Caswell 
Date:   Fri Mar 4 10:17:17 2016 +

Avoid overflow in EVP_EncodeUpdate

An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/evp/encode.c   |  12 +++-
 doc/crypto/EVP_EncodeInit.pod | 146 ++
 doc/crypto/evp.pod|   5 ++
 3 files changed, 160 insertions(+), 3 deletions(-)
 create mode 100644 doc/crypto/EVP_EncodeInit.pod

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index ed85f89..ee10543 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -56,6 +56,7 @@
  */
 
 #include 
+#include 
 #include "internal/cryptlib.h"
 #include 
 #include "evp_locl.h"
@@ -165,13 +166,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
   const unsigned char *in, int inl)
 {
 int i, j;
-unsigned int total = 0;
+size_t total = 0;
 
 *outl = 0;
 if (inl <= 0)
 return;
 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-if ((ctx->num + inl) < ctx->length) {
+if (ctx->length - ctx->num > inl) {
 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
 ctx->num += inl;
 return;
@@ -188,7 +189,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total = j + 1;
 }
-while (inl >= ctx->length) {
+while (inl >= ctx->length && total <= INT_MAX) {
 j = EVP_EncodeBlock(out, in, ctx->length);
 in += ctx->length;
 inl -= ctx->length;
@@ -197,6 +198,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char 
*out, int *outl,
 *out = '\0';
 total += j + 1;
 }
+if (total > INT_MAX) {
+/* Too much output data! */
+*outl = 0;
+return;
+}
 if (inl != 0)
 memcpy(&(ctx->enc_data[0]), in, inl);
 ctx->num = inl;
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
index 000..bc35acf
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,146 @@
+=pod
+
+=head1 NAME
+
+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
+EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
+EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
+routines
+
+=head1 SYNOPSIS
+
+ #include 
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+   const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+

[openssl-commits] [openssl] master update

2016-05-03 Thread Richard Levitte 
The branch master has been updated
   via  d227a302a3f5fcf15b1bf6c24a633eb661e74c4d (commit)
  from  ea96ad5a206b7b5f25dad230333e8ff032df3219 (commit)


- Log -
commit d227a302a3f5fcf15b1bf6c24a633eb661e74c4d
Author: Richard Levitte 
Date:   Tue Mar 29 17:50:53 2016 +0200

Try 'make install' with one of the Travis configurations

Reviewed-by: Matt Caswell 

---

Summary of changes:
 .travis.yml | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 86a0dcb..78cee30 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -23,7 +23,7 @@ compiler:
 - gcc
 
 env:
-- CONFIG_OPTS=""
+- CONFIG_OPTS="" DESTDIR="_install"
 - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 
enable-md2"
 - CONFIG_OPTS="--strict-warnings no-shared" BUILDONLY="yes"
 - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
@@ -85,6 +85,10 @@ script:
   else
   make build_tests;
   fi
+- if [ -n "$DESTDIR" ]; then
+  mkdir "../$DESTDIR";
+  make install DESTDIR="../$DESTDIR";
+  fi
 - cd ..
 
 notifications:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  9f2ccf1d718ab66c778a623f9aed3cddf17503a2 (commit)
  from  3ab937bc440371fbbe74318ce494ba95021f850a (commit)


- Log -
commit 9f2ccf1d718ab66c778a623f9aed3cddf17503a2
Author: Matt Caswell 
Date:   Thu Apr 28 10:46:55 2016 +0100

Prevent EBCDIC overread for very long strings

ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.

Issue reported by Guido Vranken.

CVE-2016-2176

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/x509/x509_obj.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index f7daac2..3de3ac7 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 type == V_ASN1_PRINTABLESTRING ||
 type == V_ASN1_TELETEXSTRING ||
 type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+if (num > (int)sizeof(ebcdic_buf))
+num = sizeof(ebcdic_buf);
+ascii2ebcdic(ebcdic_buf, q, num);
 q = ebcdic_buf;
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  2919516136a4227d9e6d8f2fe66ef976aaf8c561 (commit)
  from  56ea22458f3f5f1d0148b0a97957de4d56f3d328 (commit)


- Log -
commit 2919516136a4227d9e6d8f2fe66ef976aaf8c561
Author: Matt Caswell 
Date:   Thu Apr 28 10:46:55 2016 +0100

Prevent EBCDIC overread for very long strings

ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.

Issue reported by Guido Vranken.

CVE-2016-2176

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/x509/x509_obj.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index f7daac2..3de3ac7 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 type == V_ASN1_PRINTABLESTRING ||
 type == V_ASN1_TELETEXSTRING ||
 type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+if (num > (int)sizeof(ebcdic_buf))
+num = sizeof(ebcdic_buf);
+ascii2ebcdic(ebcdic_buf, q, num);
 q = ebcdic_buf;
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  ea96ad5a206b7b5f25dad230333e8ff032df3219 (commit)
  from  3f3582139fbb259a1c3cbb0a25236500a409bf26 (commit)


- Log -
commit ea96ad5a206b7b5f25dad230333e8ff032df3219
Author: Matt Caswell 
Date:   Thu Apr 28 10:46:55 2016 +0100

Prevent EBCDIC overread for very long strings

ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.

Issue reported by Guido Vranken.

CVE-2016-2176

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/x509/x509_obj.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index f6c348f..eaa03f2 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 type == V_ASN1_PRINTABLESTRING ||
 type == V_ASN1_TELETEXSTRING ||
 type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-ascii2ebcdic(ebcdic_buf, q, (num > (int)sizeof(ebcdic_buf))
- ? (int)sizeof(ebcdic_buf) : num);
+if (num > (int)sizeof(ebcdic_buf))
+num = sizeof(ebcdic_buf);
+ascii2ebcdic(ebcdic_buf, q, num);
 q = ebcdic_buf;
 }
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1596

2016-05-03 Thread openssl . sanity 
See 

Changes:

[rsalz] Secure memory fixes

[Richard Levitte] Remove personal configs from version control

[Richard Levitte] Add the possibility to have an extra local OpenSSL configs 
directory

[Richard Levitte] Add the possibility for local build file templates

[Richard Levitte] Document the addition of OPENSSL_LOCAL_CONFIG_DIR

[rsalz] Issue #719:

[rsalz] Remove confusing comment.

[rsalz] GH875: Document -no_check_time

[steve] Fix i2d_X509_AUX: pp can be NULL.

[Matt Caswell] Fix encrypt overflow

--
Started by upstream project "master_basic" build number 1861
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 3f3582139fbb259a1c3cbb0a25236500a409bf26 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 3f3582139fbb259a1c3cbb0a25236500a409bf26
 > git rev-list fbaf30d087a2db2b4e22279e819d481fca21ac5c # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson6732910456083130547.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson8776343192873595583.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  56ea22458f3f5f1d0148b0a97957de4d56f3d328 (commit)
  from  1d29506fe0cfd585afcb17dfdf3ac42a30ab4087 (commit)


- Log -
commit 56ea22458f3f5f1d0148b0a97957de4d56f3d328
Author: Matt Caswell 
Date:   Thu Mar 3 23:36:23 2016 +

Fix encrypt overflow

An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson 
(cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)

---

Summary of changes:
 crypto/evp/evp_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4e983c4..1831572 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 bl = ctx->cipher->block_size;
 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
 if (i != 0) {
-if (i + inl < bl) {
+if (bl - i > inl) {
 memcpy(&(ctx->buf[i]), in, inl);
 ctx->buf_len += inl;
 *outl = 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-03 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  3ab937bc440371fbbe74318ce494ba95021f850a (commit)
  from  c5e603ee182b40ede7713c6e229c15a8f3fdb58a (commit)


- Log -
commit 3ab937bc440371fbbe74318ce494ba95021f850a
Author: Matt Caswell 
Date:   Thu Mar 3 23:36:23 2016 +

Fix encrypt overflow

An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson 
(cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)

---

Summary of changes:
 crypto/evp/evp_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 65f0e02..7d7be24 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 bl = ctx->cipher->block_size;
 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
 if (i != 0) {
-if (i + inl < bl) {
+if (bl - i > inl) {
 memcpy(&(ctx->buf[i]), in, inl);
 ctx->buf_len += inl;
 *outl = 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-03 Thread Matt Caswell 
The branch master has been updated
   via  3f3582139fbb259a1c3cbb0a25236500a409bf26 (commit)
  from  05aef4bbdbc18e7b9490512cdee41e8a608bcc0e (commit)


- Log -
commit 3f3582139fbb259a1c3cbb0a25236500a409bf26
Author: Matt Caswell 
Date:   Thu Mar 3 23:36:23 2016 +

Fix encrypt overflow

An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson 

---

Summary of changes:
 crypto/evp/evp_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index d7cc1f4..e02e801 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -332,7 +332,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 bl = ctx->cipher->block_size;
 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
 if (i != 0) {
-if (i + inl < bl) {
+if (bl - i > inl) {
 memcpy(&(ctx->buf[i]), in, inl);
 ctx->buf_len += inl;
 *outl = 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits