[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.4417

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.4417 completed



Commit f4d3fe420e by Benjamin Kaduk on 7/22/2016 2:55 PM:

Fix a bug in clienthello processing


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#5100 (OpenSSL_1_0_2-stable - 325da82)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5100
Status: Still Failing

Duration: 30 minutes and 33 seconds
Commit: 325da82 (OpenSSL_1_0_2-stable)
Author: Dr. Stephen Henson
Message: Use newest CRL.

If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz 
(cherry picked from commit 626aa24849be549b7ef4f049d8427989940c8a37)

View the changeset: 
https://github.com/openssl/openssl/compare/02f873c5410e...325da8231c8d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146674370

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4416

[AppVeyor]

Build openssl master.4416 failed


Commit e685802f4c by Richard Levitte on 7/22/2016 2:45 PM:

Make it possible for external code to flag a certificate as a proxy one.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#5098 (OpenSSL_1_0_2-stable - 02f873c)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5098
Status: Still Failing

Duration: 12 minutes and 32 seconds
Commit: 02f873c (OpenSSL_1_0_2-stable)
Author: Dr. Stephen Henson
Message: Send alert for bad DH CKE

RT#4511

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/b746aa3fe05b...02f873c5410e

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146673413

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#5092 (OpenSSL_1_0_2-stable - b746aa3)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5092
Status: Still Failing

Duration: 23 minutes and 21 seconds
Commit: b746aa3 (OpenSSL_1_0_2-stable)
Author: Dr. Stephen Henson
Message: Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell 
(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)

View the changeset: 
https://github.com/openssl/openssl/compare/b88028368395...b746aa3fe05b

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146659151

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  626aa24849be549b7ef4f049d8427989940c8a37 (commit)
  from  31a7d80d0ddb9e45c112316057a83e743c15 (commit)


- Log -
commit 626aa24849be549b7ef4f049d8427989940c8a37
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 13:43:41 2016 +0100

Use newest CRL.

If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/x509/x509_vfy.c | 20 ++--
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ee1c9af..2a15702 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -971,13 +971,21 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL 
**pcrl, X509_CRL **pdcrl,
 crl = sk_X509_CRL_value(crls, i);
 reasons = *preasons;
 crl_score = get_crl_score(ctx, _issuer, , crl, x);
-
-if (crl_score > best_score) {
-best_crl = crl;
-best_crl_issuer = crl_issuer;
-best_score = crl_score;
-best_reasons = reasons;
+if (crl_score < best_score)
+continue;
+/* If current CRL is equivalent use it if it is newer */
+if (crl_score == best_score) {
+int day, sec;
+if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl),
+   X509_CRL_get_lastUpdate(crl)) == 0)
+continue;
+if (day < 0 || sec <= 0)
+continue;
 }
+best_crl = crl;
+best_crl_issuer = crl_issuer;
+best_score = crl_score;
+best_reasons = reasons;
 }
 
 if (best_crl) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  325da8231c8d441e6bb7f15d1a5a23ff63c842e5 (commit)
  from  02f873c5410e8b96c6a55cc906b8f10cd84b0835 (commit)


- Log -
commit 325da8231c8d441e6bb7f15d1a5a23ff63c842e5
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 13:43:41 2016 +0100

Use newest CRL.

If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz 
(cherry picked from commit 626aa24849be549b7ef4f049d8427989940c8a37)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 20 ++--
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 389b1c2..5873ad4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1122,13 +1122,21 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL 
**pcrl, X509_CRL **pdcrl,
 crl = sk_X509_CRL_value(crls, i);
 reasons = *preasons;
 crl_score = get_crl_score(ctx, _issuer, , crl, x);
-
-if (crl_score > best_score) {
-best_crl = crl;
-best_crl_issuer = crl_issuer;
-best_score = crl_score;
-best_reasons = reasons;
+if (crl_score < best_score)
+continue;
+/* If current CRL is equivalent use it if it is newer */
+if (crl_score == best_score) {
+int day, sec;
+if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl),
+   X509_CRL_get_lastUpdate(crl)) == 0)
+continue;
+if (day < 0 || sec <= 0)
+continue;
 }
+best_crl = crl;
+best_crl_issuer = crl_issuer;
+best_score = crl_score;
+best_reasons = reasons;
 }
 
 if (best_crl) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  31a7d80d0ddb9e45c112316057a83e743c15 (commit)
  from  0ed26acce328ec16a3aa635f1ca37365e8c7403a (commit)


- Log -
commit 31a7d80d0ddb9e45c112316057a83e743c15
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 15:55:38 2016 +0100

Send alert for bad DH CKE

RT#4511

Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/statem/statem_srvr.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e56d791..b7f2a0f 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2269,17 +2269,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int 
*al)
 EVP_PKEY *ckey = NULL;
 int ret = 0;
 
-if (!PACKET_get_net_2(pkt, )) {
+if (!PACKET_get_net_2(pkt, ) || PACKET_remaining(pkt) != i) {
 *al = SSL_AD_HANDSHAKE_FAILURE;
 SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
 goto err;
 }
-if (PACKET_remaining(pkt) != i) {
-SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
-   SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-goto err;
-}
 skey = s->s3->tmp.pkey;
 if (skey == NULL) {
 *al = SSL_AD_HANDSHAKE_FAILURE;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  02f873c5410e8b96c6a55cc906b8f10cd84b0835 (commit)
  from  b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 (commit)


- Log -
commit 02f873c5410e8b96c6a55cc906b8f10cd84b0835
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 16:02:07 2016 +0100

Send alert for bad DH CKE

RT#4511

Reviewed-by: Matt Caswell 

---

Summary of changes:
 ssl/s3_srvr.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 803afd8..c95d610 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2325,7 +2325,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-goto err;
+al = SSL_AD_HANDSHAKE_FAILURE;
+goto f_err;
 } else {
 p -= 2;
 i = (int)n;
@@ -2378,9 +2379,10 @@ int ssl3_get_client_key_exchange(SSL *s)
 i = DH_compute_key(p, pub, dh_srvr);
 
 if (i <= 0) {
+al = SSL_AD_HANDSHAKE_FAILURE;
 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
 BN_clear_free(pub);
-goto err;
+goto f_err;
 }
 
 DH_free(s->s3->tmp.dh);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: mouse07410/openssl#31 (OpenSSL_1_0_2-stable - b746aa3)

[Travis CI]

Build Update for mouse07410/openssl
-

Build: #31
Status: Failed

Duration: 16 minutes and 48 seconds
Commit: b746aa3 (OpenSSL_1_0_2-stable)
Author: Dr. Stephen Henson
Message: Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell 
(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)

View the changeset: 
https://github.com/mouse07410/openssl/compare/941d9fb6bdfa...b746aa3fe05b

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/146660487

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#5090 (OpenSSL_1_0_2-stable - b880283)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5090
Status: Still Failing

Duration: 21 minutes and 58 seconds
Commit: b880283 (OpenSSL_1_0_2-stable)
Author: Dr. Stephen Henson
Message: Clarify digest change in HMAC_Init_ex()

RT#4603

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/941d9fb6bdfa...b88028368395

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146658596

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  b880283683958c873ce8363892c44277ec5081f8 (commit)
  from  941d9fb6bdfacbdab6325d24d65402b75afc20c5 (commit)


- Log -
commit b880283683958c873ce8363892c44277ec5081f8
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 14:11:13 2016 +0100

Clarify digest change in HMAC_Init_ex()

RT#4603

Reviewed-by: Rich Salz 

---

Summary of changes:
 doc/crypto/hmac.pod | 18 +++---
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
index 58a57f4..2c8f20a 100644
--- a/doc/crypto/hmac.pod
+++ b/doc/crypto/hmac.pod
@@ -60,13 +60,17 @@ function B and the key B which is B 
bytes
 long. It is deprecated and only included for backward compatibility
 with OpenSSL 0.9.6b.
 
-HMAC_Init_ex() initializes or reuses a B structure to use
-the function B and key B. Either can be NULL, in which
-case the existing one will be reused. HMAC_CTX_init() must have been
-called before the first use of an B in this
-function. B.
+HMAC_Init_ex() initializes or reuses a B structure to use the hash
+function B and key B. If both are NULL (or B is the same
+as the previous digest used by B and B is NULL) the existing key is
+reused. B must have been created with HMAC_CTX_new() before the first use
+of an B in this function. B.
+
+B NULL and B is not the
+same as the previous digest used by B then an error is returned
+because reuse of an existing key with a different digest is not supported.>
 
 HMAC_Update() can be called repeatedly with chunks of the message to
 be authenticated (B bytes at B).
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  0ed26acce328ec16a3aa635f1ca37365e8c7403a (commit)
  from  d0c4415de5eaa555ead6eb99660e46410b45e181 (commit)


- Log -
commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a
Author: Dr. Stephen Henson 
Date:   Thu Jul 21 15:24:16 2016 +0100

Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ts/ts_lib.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index bde1bd7..e18f1f3 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -40,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
 {
 char obj_txt[128];
 
-int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-BIO_write(bio, obj_txt, len);
-BIO_write(bio, "\n", 1);
+OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+BIO_printf(bio, "%s\n", obj_txt);
 
 return 1;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated
   via  6adf409c7432b90c06d9890787fe56c48f2a16e7 (commit)
  from  beaa2c03e70b523f006003a489497a18b4d53e6c (commit)


- Log -
commit 6adf409c7432b90c06d9890787fe56c48f2a16e7
Author: Dr. Stephen Henson 
Date:   Thu Jul 21 15:24:16 2016 +0100

Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell 
(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)

---

Summary of changes:
 crypto/ts/ts_lib.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index c51538a..e0f1063 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
 {
 char obj_txt[128];
 
-int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-BIO_write(bio, obj_txt, len);
-BIO_write(bio, "\n", 1);
+OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+BIO_printf(bio, "%s\n", obj_txt);
 
 return 1;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Emilia Kasper]

The branch master has been updated
   via  d0c4415de5eaa555ead6eb99660e46410b45e181 (commit)
   via  d972af2b5e6b8c266f878ce28e60badcbc402311 (commit)
  from  bd19d1aa04d14233c037386a2c969b0164c2cc37 (commit)


- Log -
commit d0c4415de5eaa555ead6eb99660e46410b45e181
Author: Emilia Kasper 
Date:   Thu Jul 21 19:19:07 2016 +0200

SSL tests: compress generated output a little

Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.

Reviewed-by: Rich Salz 

commit d972af2b5e6b8c266f878ce28e60badcbc402311
Author: Emilia Kasper 
Date:   Thu Jul 21 16:32:07 2016 +0200

Make boolean SSL test conf values case-insensitive

Undo review mistake: I changed the wrong strcmp in a previous pull
request. Add test.

Reviewed-by: Rich Salz 

---

Summary of changes:
 test/generate_ssl_tests.pl |  31 +--
 test/ssl-tests/05-sni.conf |  35 +---
 test/ssl-tests/06-sni-ticket.conf  |  34 ++--
 test/ssl-tests/08-npn.conf |  10 +-
 test/ssl-tests/09-alpn.conf|   8 +-
 test/ssl-tests/10-resumption.conf  | 342 +++--
 test/ssl-tests/11-dtls_resumption.conf | 152 +++
 test/ssl_test.tmpl |  10 +-
 test/ssl_test_ctx.c|   6 +-
 test/ssl_test_ctx_test.conf|   2 +-
 10 files changed, 164 insertions(+), 466 deletions(-)

diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
index 951421b..f103e8e 100644
--- a/test/generate_ssl_tests.pl
+++ b/test/generate_ssl_tests.pl
@@ -45,32 +45,35 @@ sub print_templates {
 $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
 if (defined $test->{"server2"}) {
 $test->{"server2"} = { (%ssltests::base_server, 
%{$test->{"server2"}}) };
-} elsif (defined $test->{"test"}->{"ServerNameCallback"}) {
-# Default is the same as server.
-$test->{"server2"} = { (%ssltests::base_server, 
%{$test->{"server"}}) };
 } else {
-# Do not emit an empty "server2" section.
+if (defined $test->{"test"}->{"ServerNameCallback"}) {
+# Default is the same as server.
+$test->{"reuse_server2"} = 1;
+}
+# Do not emit an empty/duplicate "server2" section.
 $test->{"server2"} = { };
 }
 if (defined $test->{"resume_server"}) {
 $test->{"resume_server"} = { (%ssltests::base_server, 
%{$test->{"resume_server"}}) };
-} elsif (defined $test->{"test"}->{"HandshakeMode"} &&
- $test->{"test"}->{"HandshakeMode"} eq "Resume") {
-# Default is the same as server.
-$test->{"resume_server"} = { (%ssltests::base_server, 
%{$test->{"server"}}) };
 } else {
-# Do not emit an empty "resume-server" section.
+if (defined $test->{"test"}->{"HandshakeMode"} &&
+ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
+# Default is the same as server.
+$test->{"reuse_resume_server"} = 1;
+}
+# Do not emit an empty/duplicate "resume-server" section.
 $test->{"resume_server"} = { };
 }
 $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
 if (defined $test->{"resume_client"}) {
 $test->{"resume_client"} = { (%ssltests::base_client, 
%{$test->{"resume_client"}}) };
-} elsif (defined $test->{"test"}->{"HandshakeMode"} &&
- $test->{"test"}->{"HandshakeMode"} eq "Resume") {
-# Default is the same as client.
-$test->{"resume_client"} = { (%ssltests::base_client, 
%{$test->{"client"}}) };
 } else {
-# Do not emit an empty "resume-client" section.
+if (defined $test->{"test"}->{"HandshakeMode"} &&
+ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
+# Default is the same as client.
+$test->{"reuse_resume_client"} = 1;
+}
+# Do not emit an empty/duplicate "resume-client" section.
 $test->{"resume_client"} = { };
 }
 }
diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf
index ef6db27..3fbb169 100644
--- a/test/ssl-tests/05-sni.conf
+++ b/test/ssl-tests/05-sni.conf
@@ -15,19 +15,14 @@ ssl_conf = 0-SNI-switch-context-ssl
 
 [0-SNI-switch-context-ssl]
 server = 0-SNI-switch-context-server
-server2 = 0-SNI-switch-context-server2
 client = 0-SNI-switch-context-client
+server2 = 0-SNI-switch-context-server
 
 [0-SNI-switch-context-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  bd19d1aa04d14233c037386a2c969b0164c2cc37 (commit)
  from  3770b877ea7b7fa08e88395e8c472c102f9e707e (commit)


- Log -
commit bd19d1aa04d14233c037386a2c969b0164c2cc37
Author: Dr. Stephen Henson 
Date:   Tue Jul 19 18:40:14 2016 +0100

Clarify digest change in HMAC_Init_ex()

RT#4603

Reviewed-by: Rich Salz 

---

Summary of changes:
 doc/crypto/HMAC.pod | 18 +++---
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/doc/crypto/HMAC.pod b/doc/crypto/HMAC.pod
index fdafec8..91d0bdc 100644
--- a/doc/crypto/HMAC.pod
+++ b/doc/crypto/HMAC.pod
@@ -79,13 +79,17 @@ function B and the key B which is B 
bytes
 long. It is deprecated and only included for backward compatibility
 with OpenSSL 0.9.6b.
 
-HMAC_Init_ex() initializes or reuses a B structure to use
-the function B and key B. Either can be NULL, in which
-case the existing one will be reused. B must have been created
-with HMAC_CTX_new() before the first use of an B in this
-function. B.
+HMAC_Init_ex() initializes or reuses a B structure to use the hash
+function B and key B. If both are NULL (or B is the same
+as the previous digest used by B and B is NULL) the existing key is
+reused. B must have been created with HMAC_CTX_new() before the first use
+of an B in this function. B.
+
+B NULL and B is not the
+same as the previous digest used by B then an error is returned
+because reuse of an existing key with a different digest is not supported.>
 
 HMAC_Update() can be called repeatedly with chunks of the message to
 be authenticated (B bytes at B).
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  3770b877ea7b7fa08e88395e8c472c102f9e707e (commit)
   via  ee8f785873232583114981b5b44c64826b52116e (commit)
   via  f22ff0eb169dcf8e49180b1c052d5c388c3a7197 (commit)
  from  912c258fc921fd100b5da3dc25773ecc507891b4 (commit)


- Log -
commit 3770b877ea7b7fa08e88395e8c472c102f9e707e
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 01:09:52 2016 +0100

Add mask for newly created symlink.

Reviewed-by: Rich Salz 

commit ee8f785873232583114981b5b44c64826b52116e
Author: Dr. Stephen Henson 
Date:   Fri Jul 22 01:09:04 2016 +0100

Check suffixes properly.

Reviewed-by: Rich Salz 

commit f22ff0eb169dcf8e49180b1c052d5c388c3a7197
Author: Dr. Stephen Henson 
Date:   Thu Jul 21 16:23:48 2016 +0100

use correct name for duplicate

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/rehash.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/apps/rehash.c b/apps/rehash.c
index 4686b53..aacb169 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -114,8 +114,8 @@ static int add_entry(enum Type type, unsigned int hash, 
const char *filename,
 for (ep = bp->first_entry; ep; ep = ep->next) {
 if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
 BIO_printf(bio_err,
-   "%s: skipping duplicate certificate in %s\n",
-   opt_getprog(), filename);
+   "%s: skipping duplicate %s in %s\n", opt_getprog(),
+   type == TYPE_CERT ? "certificate" : "CRL", filename);
 return 1;
 }
 if (strcmp(filename, ep->filename) == 0) {
@@ -174,9 +174,11 @@ static int handle_symlink(const char *filename, const char 
*fullpath)
 }
 if (filename[i++] != '.')
 return -1;
-for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--)
-if (strcasecmp(suffixes[type], [i]) == 0)
+for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
+const char *suffix = suffixes[type];
+if (strncasecmp(suffix, [i], strlen(suffix)) == 0)
 break;
+}
 i += strlen(suffixes[type]);
 
 id = strtoul([i], , 10);
@@ -364,6 +366,7 @@ static int do_dir(const char *dirname, enum Hash h)
strerror(errno));
 errs++;
 }
+bit_set(idmask, nextid);
 } else if (remove_links) {
 /* Link to be deleted */
 snprintf(buf, buflen, "%s%s%n%08x.%s%d",
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#5086 (master - 912c258)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5086
Status: Fixed

Duration: 26 minutes and 59 seconds
Commit: 912c258 (master)
Author: Richard Levitte
Message: Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/82c78ee48034...912c258fc921

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146602530

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  912c258fc921fd100b5da3dc25773ecc507891b4 (commit)
  from  82c78ee480346f6a2e88a7fa4964ab090b0d8b69 (commit)


- Log -
commit 912c258fc921fd100b5da3dc25773ecc507891b4
Author: Richard Levitte 
Date:   Wed Jul 20 17:52:35 2016 +0200

Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/ssl_ciph.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 2a54f9d..2f036c3 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -502,9 +502,9 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
 return 1;
 }
 
-static void load_builtin_compressions(void)
+static int load_builtin_compressions(void)
 {
-RUN_ONCE(_load_builtin_comp_once, do_load_builtin_compressions);
+return RUN_ONCE(_load_builtin_comp_once, do_load_builtin_compressions);
 }
 #endif
 
@@ -521,7 +521,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const 
EVP_CIPHER **enc,
 if (comp != NULL) {
 SSL_COMP ctmp;
 #ifndef OPENSSL_NO_COMP
-load_builtin_compressions();
+if (!load_builtin_compressions()) {
+/*
+ * Currently don't care, since a failure only means that
+ * ssl_comp_methods is NULL, which is perfectly OK
+ */
+}
 #endif
 *comp = NULL;
 ctmp.id = s->compress_meth;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5085 (master - 82c78ee)

[Travis CI]

Build Update for openssl/openssl
-

Build: #5085
Status: Broken

Duration: 29 minutes and 30 seconds
Commit: 82c78ee (master)
Author: Richard Levitte
Message: VMS: Rearrange installation targets for shared libraries

The way it was implemented before this change, the shared libraries
were installed twice.  On a file system that supports file
generations, that's a waste.  Slightly rearranging the install targets
solves the problem.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/11279b13f586...82c78ee48034

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/146575376

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  82c78ee480346f6a2e88a7fa4964ab090b0d8b69 (commit)
  from  11279b13f586441a8fcc5109ee1907f33eb0cc24 (commit)


- Log -
commit 82c78ee480346f6a2e88a7fa4964ab090b0d8b69
Author: Richard Levitte 
Date:   Thu Jul 21 12:33:23 2016 +0200

VMS: Rearrange installation targets for shared libraries

The way it was implemented before this change, the shared libraries
were installed twice.  On a file system that supports file
generations, that's a waste.  Slightly rearranging the install targets
solves the problem.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/descrip.mms.tmpl | 40 ++--
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index bf1f248..8993097 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -353,9 +353,13 @@ descrip.mms : FORCE
 
 # Install helper targets #
 
-install_sw : all install_dev install_engines install_runtime install_startup 
install_ivp
+install_sw : all install_shared _install_dev_ns -
+ install_engines _install_runtime_ns -
+ install_startup install_ivp
 
-uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime 
uninstall_startup uninstall_ivp
+uninstall_sw : uninstall_shared _uninstall_dev_ns -
+   uninstall_engines _uninstall_runtime_ns -
+   uninstall_startup uninstall_ivp
 
 install_docs : install_html_docs
 
@@ -374,7 +378,17 @@ install_ssldirs : check_INSTALLTOP
 COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} -
 ossl_dataroot:[00]openssl.cnf
 
-install_dev : check_INSTALLTOP
+install_shared : check_INSTALLTOP
+@ {- output_off() if $disabled{shared}; "" -} !
+@ WRITE SYS$OUTPUT "*** Installing shareable images"
+@ ! Install shared (runtime) libraries
+- CREATE/DIR ossl_installroot:[LIB.'arch']
+{- join("\n",
+map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
+@install_shlibs) -}
+@ {- output_on() if $disabled{shared}; "" -} !
+
+_install_dev_ns : check_INSTALLTOP
 @ WRITE SYS$OUTPUT "*** Installing development files"
 @ ! Install header files
 - CREATE/DIR ossl_installroot:[include.openssl]
@@ -384,22 +398,10 @@ install_dev : check_INSTALLTOP
 {- join("\n",
 map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
 @{$unified_info{install}->{libraries}}) -}
-@ {- output_off() if $disabled{shared}; "" -} !
-@ ! Install shared (runtime) libraries
-{- join("\n",
-map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
-@install_shlibs) -}
-@ {- output_on() if $disabled{shared}; "" -} !
 
-install_runtime : check_INSTALLTOP
-@ ! {- output_off() if $disabled{apps}; "" -}
-@ WRITE SYS$OUTPUT "*** Installing runtime files"
-@ {- output_off() if $disabled{shared}; "" -} !
-@ ! Install shared (runtime) libraries
-{- join("\n",
-map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
-@install_shlibs) -}
-@ {- output_on() if $disabled{shared}; "" -} !
+install_dev : install_shared _install_dev_ns
+
+_install_runtime_ns : check_INSTALLTOP
 @ ! Install the main program
 - CREATE/DIR ossl_installroot:[EXE.'arch']
 COPY/PROT=W:RE [.APPS]openssl.EXE -
@@ -408,6 +410,8 @@ install_runtime : check_INSTALLTOP
 COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
 @ ! {- output_on() if $disabled{apps}; "" -}
 
+install_runtime : install_shared _install_runtime_ns
+
 install_engines : check_INSTALLTOP
 @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
 @ WRITE SYS$OUTPUT "*** Installing engines"
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits