date:20160823

[openssl-commits] Broken: openssl/openssl#5703 (master - eb96e8b)

2016-08-23 Thread Travis CI

Build Update for openssl/openssl
-

Build: #5703
Status: Broken

Duration: 39 minutes and 55 seconds
Commit: eb96e8b (master)
Author: Rob Percival
Message: Document that o2i_SCT_signature can leave the SCT in an inconsistent 
state

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/986dbbbeffb0...eb96e8b5fd1a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/154550915

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#5701 (master - cdb2a60)

2016-08-23 Thread Travis CI

Build Update for openssl/openssl
-

Build: #5701
Status: Broken

Duration: 38 minutes and 44 seconds
Commit: cdb2a60 (master)
Author: Rob Percival
Message: Internalizes SCT_verify and removes SCT_verify_v1

SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/5579eab9efd2...cdb2a60347f9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/154548185

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#1862 (openssl/master - c588542)

2016-08-23 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1862
Status: Passed

Duration: 40 minutes and 52 seconds
Commit: c588542 (openssl/master)
Author: FdaSilvaYY
Message: Clean whitespaces on line ending

View the changeset: https://github.com/FdaSilvaYY/openssl/commit/c5885424850c

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/154594084

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#1861 (master - 1b34cbc)

2016-08-23 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1861
Status: Fixed

Duration: 43 minutes and 21 seconds
Commit: 1b34cbc (master)
Author: FdaSilvaYY
Message: Clean whitespaces on line ending

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/652c52a602b4...1b34cbca161a

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/154593898

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : 1_0_2_abi #217

2016-08-23 Thread openssl . sanity

See 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.5037

2016-08-23 Thread AppVeyor




Build openssl OpenSSL_1_0_1-stable.5037 failed


Commit 1bbe48ab14 by Dr. Stephen Henson on 8/23/2016 10:34 PM:

Sanity check ticket length.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#1857 (oss_add_cb_args - d375c50)

2016-08-23 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1857
Status: Fixed

Duration: 1 hour, 17 minutes, and 49 seconds
Commit: d375c50 (oss_add_cb_args)
Author: FdaSilvaYY
Message: Move global 'ctx' pointers and BIO variables into callback context ...

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/4d678cdc4326...d375c50532a2

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/154589349

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#1855 (pack_argv_options - b6528ad)

2016-08-23 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1855
Status: Passed

Duration: 51 minutes and 2 seconds
Commit: b6528ad (pack_argv_options)
Author: FdaSilvaYY
Message: Simplifiy computation of buffer limits

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/27c4811ea917...b6528adddc51

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/154579177

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#1856 (master - 652c52a)

2016-08-23 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1856
Status: Fixed

Duration: 1 hour, 40 minutes, and 39 seconds
Commit: 652c52a (master)
Author: Andy Polyakov
Message: 80-test_pkcs12.t: skip the test on Windows with non-Greek locale.

Test doesn't work on Windows with non-Greek locale, because of
Win32 perl[!] limitation, not OpenSSL. For example it passes on
Cygwin and MSYS...

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/b1b22b0b77c2...652c52a602b4

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/154587197

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-08-23 Thread Matt Caswell

The branch OpenSSL_1_0_2-stable has been updated
   via  baaabfd8fdcec04a691695fad9a664bea43202b6 (commit)
  from  3cb28d188803c7768f767f0da40bbea61449521c (commit)


- Log -
commit baaabfd8fdcec04a691695fad9a664bea43202b6
Author: Dr. Stephen Henson 
Date:   Tue Aug 23 18:14:54 2016 +0100

Sanity check ticket length.

If a ticket callback changes the HMAC digest to SHA512 the existing
sanity checks are not sufficient and an attacker could perform a DoS
attack with a malformed ticket. Add additional checks based on
HMAC size.

Thanks to Shi Lei for reporting this bug.

CVE-2016-6302

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/t1_lib.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7d322d0..fbcf2e6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3401,9 +3401,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char 
*etick,
 HMAC_CTX hctx;
 EVP_CIPHER_CTX ctx;
 SSL_CTX *tctx = s->initial_ctx;
-/* Need at least keyname + iv + some encrypted data */
-if (eticklen < 48)
-return 2;
+
 /* Initialize session ticket encryption and HMAC contexts */
 HMAC_CTX_init();
 EVP_CIPHER_CTX_init();
@@ -3437,6 +3435,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned 
char *etick,
 if (mlen < 0) {
 goto err;
 }
+/* Sanity check ticket length: must exceed keyname + IV + HMAC */
+if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length() + mlen) {
+HMAC_CTX_cleanup();
+EVP_CIPHER_CTX_cleanup();
+return 2;
+}
+
 eticklen -= mlen;
 /* Check HMAC of encrypted ticket */
 if (HMAC_Update(, etick, eticklen) <= 0
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-08-23 Thread Matt Caswell

The branch OpenSSL_1_0_1-stable has been updated
   via  1bbe48ab149893a78bf99c8eb8895c928900a16f (commit)
  from  3612ff6fcec0e3d1f2a598135fe12177c0419582 (commit)


- Log -
commit 1bbe48ab149893a78bf99c8eb8895c928900a16f
Author: Dr. Stephen Henson 
Date:   Tue Aug 23 18:14:54 2016 +0100

Sanity check ticket length.

If a ticket callback changes the HMAC digest to SHA512 the existing
sanity checks are not sufficient and an attacker could perform a DoS
attack with a malformed ticket. Add additional checks based on
HMAC size.

Thanks to Shi Lei for reporting this bug.

CVE-2016-6302

Reviewed-by: Rich Salz 
(cherry picked from commit baaabfd8fdcec04a691695fad9a664bea43202b6)

---

Summary of changes:
 ssl/t1_lib.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d961e4a..7680491 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2273,9 +2273,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char 
*etick,
 HMAC_CTX hctx;
 EVP_CIPHER_CTX ctx;
 SSL_CTX *tctx = s->initial_ctx;
-/* Need at least keyname + iv + some encrypted data */
-if (eticklen < 48)
-return 2;
+
 /* Initialize session ticket encryption and HMAC contexts */
 HMAC_CTX_init();
 EVP_CIPHER_CTX_init();
@@ -2309,6 +2307,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned 
char *etick,
 if (mlen < 0) {
 goto err;
 }
+/* Sanity check ticket length: must exceed keyname + IV + HMAC */
+if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length() + mlen) {
+HMAC_CTX_cleanup();
+EVP_CIPHER_CTX_cleanup();
+return 2;
+}
+
 eticklen -= mlen;
 /* Check HMAC of encrypted ticket */
 if (HMAC_Update(, etick, eticklen) <= 0
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  e97763c92c655dcf4af2860b3abd2bc4c8a267f9 (commit)
  from  652c52a602b4c88cfadb99e85ef175441b7f5d18 (commit)


- Log -
commit e97763c92c655dcf4af2860b3abd2bc4c8a267f9
Author: Dr. Stephen Henson 
Date:   Mon Aug 22 17:20:01 2016 +0100

Sanity check ticket length.

If a ticket callback changes the HMAC digest to SHA512 the existing
sanity checks are not sufficient and an attacker could perform a DoS
attack with a malformed ticket. Add additional checks based on
HMAC size.

Thanks to Shi Lei for reporting this bug.

CVE-2016-6302

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 ssl/t1_lib.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 938f8be..b8f8fd2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2969,9 +2969,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char 
*etick,
 HMAC_CTX *hctx = NULL;
 EVP_CIPHER_CTX *ctx;
 SSL_CTX *tctx = s->initial_ctx;
-/* Need at least keyname + iv + some encrypted data */
-if (eticklen < 48)
-return 2;
+
 /* Initialize session ticket encryption and HMAC contexts */
 hctx = HMAC_CTX_new();
 if (hctx == NULL)
@@ -3018,6 +3016,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned 
char *etick,
 if (mlen < 0) {
 goto err;
 }
+/* Sanity check ticket length: must exceed keyname + IV + HMAC */
+if (eticklen <=
+TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+ret = 2;
+goto err;
+}
 eticklen -= mlen;
 /* Check HMAC of encrypted ticket */
 if (HMAC_Update(hctx, etick, eticklen) <= 0
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5031

2016-08-23 Thread AppVeyor




Build openssl master.5031 failed


Commit 2338ad8885 by David Benjamin on 8/23/2016 7:37 PM:

Fix math in BN_bn2dec comment.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl 1.0.1131

2016-08-23 Thread AppVeyor



Build openssl 1.0.1131 completed



Commit b6528adddc by FdaSilvaYY on 8/23/2016 9:18 PM:

Simplifiy computation of buffer limits


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5030

2016-08-23 Thread AppVeyor




Build openssl master.5030 failed


Commit fa515410aa by Rob Percival on 8/23/2016 7:31 PM:

SCT_set_source resets validation_status


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5029

2016-08-23 Thread AppVeyor




Build openssl master.5029 failed


Commit eb96e8b5fd by Rob Percival on 8/23/2016 7:23 PM:

Document that o2i_SCT_signature can leave the SCT in an inconsistent state


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5028

2016-08-23 Thread AppVeyor




Build openssl master.5028 failed


Commit 986dbbbeff by Rob Percival on 8/23/2016 7:17 PM:

Prevent double-free of CTLOG public key


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: mouse07410/openssl#44 (OpenSSL_1_0_2-stable - 3cb28d1)

2016-08-23 Thread Travis CI

Build Update for mouse07410/openssl
-

Build: #44
Status: Passed

Duration: 9 minutes and 15 seconds
Commit: 3cb28d1 (OpenSSL_1_0_2-stable)
Author: Richard Levitte
Message: mk1mf: dtlstest needs ssltestlib, include it with a hack

We don't really have a mechanism to include other object files into a given
test program.  For now, a simple hack in mk1mf.pl will do.

RT#4653

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/mouse07410/openssl/compare/ff5537c25565...3cb28d188803

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/154540907

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5027

2016-08-23 Thread AppVeyor




Build openssl master.5027 failed


Commit cdb2a60347 by Rob Percival on 8/23/2016 7:12 PM:

Internalizes SCT_verify and removes SCT_verify_v1


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  652c52a602b4c88cfadb99e85ef175441b7f5d18 (commit)
  from  2338ad88859313922e3a861e07aec441a90464de (commit)


- Log -
commit 652c52a602b4c88cfadb99e85ef175441b7f5d18
Author: Andy Polyakov 
Date:   Tue Aug 23 09:45:03 2016 +0200

80-test_pkcs12.t: skip the test on Windows with non-Greek locale.

Test doesn't work on Windows with non-Greek locale, because of
Win32 perl[!] limitation, not OpenSSL. For example it passes on
Cygwin and MSYS...

Reviewed-by: Matt Caswell 

---

Summary of changes:
 test/recipes/80-test_pkcs12.t | 30 --
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index 4a65268..95d1e69 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -19,20 +19,28 @@ setup("test_pkcs12");
 plan skip_all => "The PKCS12 command line utility is not supported by this 
OpenSSL build"
 if disabled("des");
 
-plan tests => 1;
-
 my $pass = "σύνθημα γνώρισμα";
 
 my $savedcp;
-if (eval { require Win32::Console; 1; }) {
+if (eval { require Win32::API; 1; }) {
 # Trouble is that Win32 perl uses CreateProcessA, which
-# makes it problematic to pass non-ASCII arguments. The only
-# feasible option is to pick one language, set corresponding
-# code page and reencode the problematic string...
+# makes it problematic to pass non-ASCII arguments, from perl[!]
+# that is. This is because CreateProcessA is just a wrapper for
+# CreateProcessW and will call MultiByteToWideChar and use
+# system default locale. Since we attempt Greek pass-phrase
+# conversion can be done only with Greek locale.
 
-$savedcp = Win32::Console::OutputCP();
-Win32::Console::OutputCP(1253);
-$pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass));
+Win32::API->Import("kernel32","UINT GetSystemDefaultLCID()");
+if (GetSystemDefaultLCID() != 0x408) {
+plan skip_all => "Non-Greek system locale";
+} else {
+# Ensure correct code page so that VERBOSE output is right.
+Win32::API->Import("kernel32","UINT GetConsoleOutputCP()");
+Win32::API->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)");
+$savedcp = GetConsoleOutputCP();
+SetConsoleOutputCP(1253);
+$pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass));
+}
 } else {
 # Running MinGW tests transparenly under Wine apparently requires
 # UTF-8 locale...
@@ -46,10 +54,12 @@ if (eval { require Win32::Console; 1; }) {
 }
 }
 
+plan tests => 1;
+
 # just see that we can read shibboleth.pfx protected with $pass
 ok(run(app(["openssl", "pkcs12", "-noout",
 "-password", "pass:$pass",
 "-in", srctop_file("test", "shibboleth.pfx")])),
"test_pkcs12");
 
-Win32::Console::OutputCP($savedcp) if (defined($savedcp));
+SetConsoleOutputCP($savedcp) if (defined($savedcp));
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5026

2016-08-23 Thread AppVeyor




Build openssl master.5026 failed


Commit 761a26b49a by Rob Percival on 8/23/2016 5:41 PM:

Updates the CT_POLICY_EVAL_CTX POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_pods.287

2016-08-23 Thread AppVeyor




Build openssl ct_pods.287 failed


Commit 86513745a5 by Rob Percival on 8/23/2016 5:41 PM:

Updates the CT_POLICY_EVAL_CTX POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  2338ad88859313922e3a861e07aec441a90464de (commit)
  from  fa515410aae2cf4ced2cf41cc6715fee6c6db344 (commit)


- Log -
commit 2338ad88859313922e3a861e07aec441a90464de
Author: David Benjamin 
Date:   Mon Aug 22 22:39:24 2016 -0700

Fix math in BN_bn2dec comment.

The bound on log(2)/3 on the second line is incorrect and has an extra
zero compared to the divisions in the third line. log(2)/3 = 0.10034...
which is bounded by 0.101 and not 0.1001. The divisions actually
correspond to 0.101 which is fine. The third line also dropped a factor
of three.

The actual code appears to be fine. Just the comments are wrong.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/bn/bn_print.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index e5f641b..39fb034 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -67,8 +67,8 @@ char *BN_bn2dec(const BIGNUM *a)
 /*-
  * get an upper bound for the length of the decimal integer
  * num <= (BN_num_bits(a) + 1) * log(2)
- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error)
+ * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
  */
 i = BN_num_bits(a) * 3;
 num = (i / 10 + i / 1000 + 1) + 1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5024

2016-08-23 Thread AppVeyor




Build openssl master.5024 failed


Commit 38079afd61 by Rob Percival on 8/23/2016 5:30 PM:

Correct documentation about SCT setters resetting validation status


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  eb96e8b5fd1ad4eeae0b0330ca465ca462e0f6c1 (commit)
   via  63e27d4d0f3ff698013dd8f5c5b71f923366c288 (commit)
  from  986dbbbeffb0f998aa1e9aa80d24ddb4d10d0f73 (commit)


- Log -
commit eb96e8b5fd1ad4eeae0b0330ca465ca462e0f6c1
Author: Rob Percival 
Date:   Tue Aug 23 17:35:14 2016 +0100

Document that o2i_SCT_signature can leave the SCT in an inconsistent state

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

commit 63e27d4d0f3ff698013dd8f5c5b71f923366c288
Author: Rob Percival 
Date:   Tue Aug 23 17:27:35 2016 +0100

Removes {i2o,o2i}_SCT_signature from the CT public API

They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ct/ct_locl.h  | 25 +
 include/openssl/ct.h | 19 ---
 util/libcrypto.num   |  2 --
 3 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
index 6b2fa3e..7adc496 100644
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -171,6 +171,31 @@ __owur int SCT_is_complete(const SCT *sct);
  */
 __owur int SCT_signature_is_complete(const SCT *sct);
 
+/*
+ * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
+ * and o2i_SCT_signature conform to the i2d/d2i conventions.
+ */
+
+/*
+* Serialize (to TLS format) an |sct| signature and write it to |out|.
+* If |out| is null, no signature will be output but the length will be 
returned.
+* If |out| points to a null pointer, a string will be allocated to hold the
+* TLS-format signature. It is the responsibility of the caller to free it.
+* If |out| points to an allocated string, the signature will be written to it.
+* The length of the signature in TLS format will be returned.
+*/
+__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+
+/*
+* Parses an SCT signature in TLS format and populates the |sct| with it.
+* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| will be advanced to the end of the signature if parsing succeeds.
+* |len| should be the length of the signature in |in|.
+* Returns the number of bytes parsed, or a negative integer if an error occurs.
+* If an error occurs, the SCT's signature NID may be updated whilst the
+* signature field itself remains unset.
+*/
+__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
 
 /*
  * Handlers for Certificate Transparency X509v3/OCSP extensions
diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index a0314f0..70a0586 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -378,25 +378,6 @@ __owur int i2o_SCT(const SCT *sct, unsigned char **out);
  */
 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
 
-/*
-* Serialize (to TLS format) an |sct| signature and write it to |out|.
-* If |out| is null, no signature will be output but the length will be 
returned.
-* If |out| points to a null pointer, a string will be allocated to hold the
-* TLS-format signature. It is the responsibility of the caller to free it.
-* If |out| points to an allocated string, the signature will be written to it.
-* The length of the signature in TLS format will be returned.
-*/
-__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
-
-/*
-* Parses an SCT signature in TLS format and populates the |sct| with it.
-* |in| should be a pointer to a string containing the TLS-format signature.
-* |in| will be advanced to the end of the signature if parsing succeeds.
-* |len| should be the length of the signature in |in|.
-* Returns the number of bytes parsed, or a negative integer if an error occurs.
-*/
-__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
-
 /
  * CT log functions *
  /
diff --git a/util/libcrypto.num b/util/libcrypto.num
index e9709f6..c176346 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2536,7 +2536,6 @@ d2i_ECPKParameters  2501  1_1_0   
EXIST::FUNCTION:EC
 IDEA_ofb64_encrypt  2502   1_1_0   EXIST::FUNCTION:IDEA
 CAST_decrypt2503   1_1_0   EXIST::FUNCTION:CAST
 TS_STATUS_INFO_get0_failure_info2504   1_1_0   EXIST::FUNCTION:TS
-o2i_SCT_signature   2505   1_1_0   EXIST::FUNCTION:CT
 ENGINE_unregister_pkey_meths2506   1_1_0   EXIST::FUNCTION:ENGINE
 DISPLAYTEXT_new 2507   1_1_0   EXIST::FUNCTION:
 CMS_final

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  fa515410aae2cf4ced2cf41cc6715fee6c6db344 (commit)
  from  eb96e8b5fd1ad4eeae0b0330ca465ca462e0f6c1 (commit)


- Log -
commit fa515410aae2cf4ced2cf41cc6715fee6c6db344
Author: Rob Percival 
Date:   Tue Aug 23 18:31:16 2016 +0100

SCT_set_source resets validation_status

This makes it consistent with all of the other SCT setters.

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ct/ct_sct.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index 65a20c6..67adcfa 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -262,6 +262,7 @@ sct_source_t SCT_get_source(const SCT *sct)
 int SCT_set_source(SCT *sct, sct_source_t source)
 {
 sct->source = source;
+sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
 switch (source) {
 case SCT_SOURCE_TLS_EXTENSION:
 case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl sct_set_source_reset_validation.286

2016-08-23 Thread AppVeyor




Build openssl sct_set_source_reset_validation.286 failed


Commit b52a90fb8d by Rob Percival on 8/23/2016 5:31 PM:

SCT_set_source resets validation_status


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  986dbbbeffb0f998aa1e9aa80d24ddb4d10d0f73 (commit)
  from  cdb2a60347f988037d29adc7e4415e9c66c8a5a5 (commit)


- Log -
commit 986dbbbeffb0f998aa1e9aa80d24ddb4d10d0f73
Author: Rob Percival 
Date:   Tue Aug 23 16:55:09 2016 +0100

Prevent double-free of CTLOG public key

Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by
CTLOG_free at the end of the function, and then again by the caller (who
would assume ownership was not transferred when CTLOG_new returned NULL).

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ct/ct_log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 13f7f39..6db4c3e 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -247,10 +247,10 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
 goto err;
 }
 
-ret->public_key = public_key;
 if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
 goto err;
 
+ret->public_key = public_key;
 return ret;
 err:
 CTLOG_free(ret);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  cdb2a60347f988037d29adc7e4415e9c66c8a5a5 (commit)
  from  5579eab9efd2c8e2f21340f9b9fe20ee89f25857 (commit)


- Log -
commit cdb2a60347f988037d29adc7e4415e9c66c8a5a5
Author: Rob Percival 
Date:   Tue Aug 23 12:52:43 2016 +0100

Internalizes SCT_verify and removes SCT_verify_v1

SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ct/ct_err.c   |  3 +--
 crypto/ct/ct_locl.h  |  7 +++
 crypto/ct/ct_sct.c   |  2 +-
 crypto/ct/ct_vfy.c   | 46 +-
 include/openssl/ct.h | 16 +---
 util/libcrypto.num   |  2 --
 6 files changed, 15 insertions(+), 61 deletions(-)

diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c
index 4349eb4..df232dc 100644
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
@@ -45,8 +45,7 @@ static ERR_STRING_DATA CT_str_functs[] = {
 {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
 {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
 {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
-{ERR_FUNC(CT_F_SCT_VERIFY), "SCT_verify"},
-{ERR_FUNC(CT_F_SCT_VERIFY_V1), "SCT_verify_v1"},
+{ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"},
 {0, NULL}
 };
 
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
index 1180455..6b2fa3e 100644
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -151,6 +151,13 @@ __owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, 
X509_PUBKEY *pubkey);
 __owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 
 /*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
  * Does this SCT have the minimum fields populated to be usable?
  * Returns 1 if so, 0 otherwise.
  */
diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index 0867680..65a20c6 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -349,7 +349,7 @@ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
 if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
 else
-sct->validation_status = SCT_verify(sctx, sct) == 1 ?
+sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
 SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
 
 end:
diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c
index 8305ce6..724f655 100644
--- a/crypto/ct/ct_vfy.c
+++ b/crypto/ct/ct_vfy.c
@@ -93,7 +93,7 @@ static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX 
*sctx, const SCT *sct)
 return 1;
 }
 
-int SCT_verify(const SCT_CTX *sctx, const SCT *sct)
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
 {
 EVP_MD_CTX *ctx = NULL;
 int ret = 0;
@@ -101,16 +101,16 @@ int SCT_verify(const SCT_CTX *sctx, const SCT *sct)
 if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) 
{
-CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET);
+CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
 return 0;
 }
 if (sct->version != SCT_VERSION_V1) {
-CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
 return 0;
 }
 if (sct->log_id_len != sctx->pkeyhashlen ||
 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
-CTerr(CT_F_SCT_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
 return 0;
 }
 
@@ -128,45 +128,9 @@ int SCT_verify(const SCT_CTX *sctx, const SCT *sct)
 ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
 /* If ret < 0 some other error: fall through without setting error */
 if (ret == 0)
-CTerr(CT_F_SCT_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
 
 end:
 EVP_MD_CTX_free(ctx);
 return ret;
 }
-
-int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
-  X509_PUBKEY *log_pubkey, X509 *issuer_cert)
-{
-int ret = 0;
-SCT_CTX *sctx = NULL;
-
-if

[openssl-commits] Build failed: openssl master.5023

2016-08-23 Thread AppVeyor




Build openssl master.5023 failed


Commit 5778c3a095 by Rob Percival on 8/23/2016 5:11 PM:

Removes the SCT_verify* POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5022

2016-08-23 Thread AppVeyor




Build openssl master.5022 failed


Commit 6a4d590cb3 by Rob Percival on 8/23/2016 5:11 PM:

Removes the SCT_verify* POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_pods.284

2016-08-23 Thread AppVeyor




Build openssl ct_pods.284 failed


Commit 3215115f42 by Rob Percival on 8/23/2016 5:15 PM:

Removes the SCT_verify* POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5021

2016-08-23 Thread AppVeyor




Build openssl master.5021 failed


Commit 2727f04c2a by Rob Percival on 8/23/2016 5:05 PM:

Documents the SCT validation functions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_pods.283

2016-08-23 Thread AppVeyor




Build openssl ct_pods.283 failed


Commit 9e75cb58e3 by Rob Percival on 8/23/2016 5:11 PM:

Removes the SCT_verify* POD


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_pods.281

2016-08-23 Thread AppVeyor




Build openssl ct_pods.281 failed


Commit 5e0aa4b96c by Rob Percival on 8/23/2016 4:39 PM:

Removes {o2i,i2o}_SCT_signature from PODs


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl internalize_i2o_sct_sig.280

2016-08-23 Thread AppVeyor




Build openssl internalize_i2o_sct_sig.280 failed


Commit 7f9ddf25de by Rob Percival on 8/23/2016 4:35 PM:

Document that o2i_SCT_signature can leave the SCT in an inconsistent state


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5020

2016-08-23 Thread AppVeyor




Build openssl master.5020 failed


Commit 1750ba79f4 by Rob Percival on 8/23/2016 4:39 PM:

Removes {o2i,i2o}_SCT_signature from PODs


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl internalize_i2o_sct_sig.279

2016-08-23 Thread AppVeyor




Build openssl internalize_i2o_sct_sig.279 failed


Commit cf4979d15c by Rob Percival on 8/23/2016 4:27 PM:

Removes {i2o,o2i}_SCT_signature from the CT public API


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5019

2016-08-23 Thread AppVeyor




Build openssl master.5019 failed


Commit 8e8f1c6d95 by Rob Percival on 8/23/2016 4:35 PM:

Document that o2i_SCT_signature can leave the SCT in an inconsistent state


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.278

2016-08-23 Thread AppVeyor




Build openssl master.278 failed


Commit 0fe9123687 by FdaSilvaYY on 8/23/2016 9:47 AM:

Constify a bit X509_NAME_get_entry


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5018

2016-08-23 Thread AppVeyor




Build openssl master.5018 failed


Commit c6885b7283 by Rob Percival on 8/23/2016 4:27 PM:

Removes {i2o,o2i}_SCT_signature from the CT public API


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5017

2016-08-23 Thread AppVeyor




Build openssl master.5017 failed


Commit 0ab85f19ea by Rob Percival on 8/23/2016 3:55 PM:

Prevent double-free of CTLOG public key


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5016

2016-08-23 Thread AppVeyor




Build openssl master.5016 failed


Commit cf2d502354 by Rob Percival on 8/23/2016 3:51 PM:

Documents the CTLOG functions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5015

2016-08-23 Thread AppVeyor




Build openssl master.5015 failed


Commit 7017def22c by Rob Percival on 8/23/2016 3:17 PM:

Document the i2o and o2i SCT functions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5014

2016-08-23 Thread AppVeyor




Build openssl master.5014 failed


Commit d3e60b0e23 by Richard Levitte on 8/23/2016 1:50 PM:

fixup, to be squashed


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl ct_pods.274

2016-08-23 Thread AppVeyor



Build openssl ct_pods.274 completed



Commit c3d121f6f1 by Rob Percival on 8/21/2016 8:48 PM:

Document that SCT_set_source returns 0 on failure.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5012

2016-08-23 Thread AppVeyor




Build openssl master.5012 failed


Commit 4e578731ae by Rob Percival on 8/5/2016 12:40 PM:

Document that SCT_set_source returns 0 on failure.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl refactor_sct_verify.273

2016-08-23 Thread AppVeyor




Build openssl refactor_sct_verify.273 failed


Commit bfd93a442f by Rob Percival on 8/23/2016 11:52 AM:

Internalizes SCT_verify and removes SCT_verify_v1


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5011

2016-08-23 Thread AppVeyor




Build openssl master.5011 failed


Commit f634fab2ec by Rob Percival on 8/23/2016 11:52 AM:

Internalizes SCT_verify and removes SCT_verify_v1


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl refactor_sct_verify.272

2016-08-23 Thread AppVeyor




Build openssl refactor_sct_verify.272 failed


Commit ca6d948de2 by Rob Percival on 8/23/2016 11:49 AM:

Internalizes SCT_verify and removes SCT_verify_v1


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.5010

2016-08-23 Thread AppVeyor




Build openssl master.5010 failed


Commit 0fe9123687 by FdaSilvaYY on 8/23/2016 9:47 AM:

Constify a bit X509_NAME_get_entry


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Richard Levitte

The branch master has been updated
   via  0fe9123687096b6ec7c3c4337095c6e4a94e9867 (commit)
   via  9f5466b9b86607bb62239873e6be2de1fe9f71fb (commit)
   via  bf9d5e483db0683178f43ef74a4ae6577482db83 (commit)
   via  a026fbf977ccac5c59597c9b2e1e1c288d0b1b69 (commit)
   via  35da893f86a40d3711ed785bd8777c18238aee45 (commit)
  from  61884b8140893cb75c62f7303df67291ada360fe (commit)


- Log -
commit 0fe9123687096b6ec7c3c4337095c6e4a94e9867
Author: FdaSilvaYY 
Date:   Fri Aug 19 19:44:10 2016 +0200

Constify a bit X509_NAME_get_entry

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

commit 9f5466b9b86607bb62239873e6be2de1fe9f71fb
Author: FdaSilvaYY 
Date:   Thu Jul 7 23:45:55 2016 +0200

Constify some X509_NAME, ASN1 printing code

 ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

commit bf9d5e483db0683178f43ef74a4ae6577482db83
Author: FdaSilvaYY 
Date:   Fri Aug 12 00:40:49 2016 +0200

Constify some input parameters.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

commit a026fbf977ccac5c59597c9b2e1e1c288d0b1b69
Author: FdaSilvaYY 
Date:   Sat Aug 6 17:54:32 2016 +0200

Constify some inputs buffers

remove useless cast to call ASN1_STRING_set

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

commit 35da893f86a40d3711ed785bd8777c18238aee45
Author: FdaSilvaYY 
Date:   Tue Aug 2 20:19:00 2016 +0200

Constify ASN1_PCTX_*

... add a static keyword.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/asn1/a_gentm.c |  3 +--
 crypto/asn1/a_strex.c | 18 +-
 crypto/asn1/a_utctm.c |  3 +--
 crypto/asn1/tasn_prn.c| 18 +-
 crypto/ocsp/ocsp_ext.c|  4 ++--
 crypto/x509/x509_obj.c|  4 ++--
 crypto/x509/x509name.c| 16 ++--
 crypto/x509/x_name.c  |  4 ++--
 crypto/x509/x_x509a.c |  4 ++--
 crypto/x509v3/v3_enum.c   |  4 +++-
 crypto/x509v3/v3_ncons.c  |  3 ++-
 crypto/x509v3/v3_skey.c   |  5 +++--
 crypto/x509v3/v3_utl.c| 19 +--
 doc/crypto/ASN1_STRING_print_ex.pod   |  6 +++---
 doc/crypto/X509_NAME_ENTRY_get_object.pod |  4 ++--
 doc/crypto/X509_NAME_add_entry_by_txt.pod |  2 +-
 doc/crypto/X509_NAME_get_index_by_NID.pod |  2 +-
 doc/crypto/X509_NAME_print_ex.pod |  8 
 include/openssl/asn1.h| 14 +++---
 include/openssl/ocsp.h|  4 ++--
 include/openssl/x509.h| 22 +++---
 include/openssl/x509v3.h  | 14 +++---
 22 files changed, 93 insertions(+), 88 deletions(-)

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 8d43ee5..c02c8d9 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -148,8 +148,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME 
*s, const char *str)
 t.data = (unsigned char *)str;
 if (ASN1_GENERALIZEDTIME_check()) {
 if (s != NULL) {
-if (!ASN1_STRING_set((ASN1_STRING *)s,
- (unsigned char *)str, t.length))
+if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length))
 return 0;
 s->type = V_ASN1_GENERALIZEDTIME;
 }
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 7bcc6cd..9839f5c 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -238,7 +238,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned 
char *buf,
  */
 
 static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
-   ASN1_STRING *str)
+   const ASN1_STRING *str)
 {
 /*
  * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
@@ -296,7 +296,7 @@ static const signed char tag2nbyte[] = {
  */
 
 static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
-   ASN1_STRING *str)
+   const ASN1_STRING *str)
 {
 int outlen, len;
 int type;
@@ -388,14 +388,14 @@ static int do_indent(char_io *io_ch, void *arg, int 
indent)
 #define FN_WIDTH_LN 25
 #define FN_WIDTH_SN 10
 
-static int do_name_ex(char_io *io_ch, void *arg,

[openssl-commits] Build failed: openssl master.5009

2016-08-23 Thread AppVeyor




Build openssl master.5009 failed


Commit 61884b8140 by Matt Caswell on 8/23/2016 8:24 AM:

Fix bio_enc_test


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-08-23 Thread Matt Caswell

The branch master has been updated
   via  61884b8140893cb75c62f7303df67291ada360fe (commit)
  from  8b7c51a0e4a03895a657cf2eb8d5c2aa1ca3586f (commit)


- Log -
commit 61884b8140893cb75c62f7303df67291ada360fe
Author: Matt Caswell 
Date:   Mon Aug 22 16:11:55 2016 +0100

Fix bio_enc_test

There was a block of code at the start that used the Camellia cipher. The
original idea behind this was to fill the buffer with non-zero data so that
oversteps can be detected. However this block failed when using no-camellia.
This has been replaced with a RAND_bytes() call.

I also updated the the CTR test section, since it seems to be using a CBC
cipher instead of a CTR cipher.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 test/bio_enc_test.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c
index ce55318..fad1a19 100644
--- a/test/bio_enc_test.c
+++ b/test/bio_enc_test.c
@@ -10,6 +10,7 @@
 #include 
 #include 
 #include 
+#include 
 
 int main()
 {
@@ -19,12 +20,9 @@ int main()
 unsigned char out[1024], ref[1024];
 int i, lref, len;
 
-b = BIO_new(BIO_f_cipher());
-if (!BIO_set_cipher(b, EVP_camellia_128_ctr(), key, NULL, 0))
+/* Fill buffer with non-zero data so that over steps can be detected */
+if (RAND_bytes(inp, sizeof(inp)) <= 0)
 return -1;
-BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
-lref = BIO_read(b, inp, sizeof(inp));
-BIO_free_all(b);
 
 /*
  * Exercise CBC cipher
@@ -87,7 +85,7 @@ int main()
 
 /* reference output for single-chunk operation */
 b = BIO_new(BIO_f_cipher());
-if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
  return -1;
 BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
 lref = BIO_read(b, ref, sizeof(ref));
@@ -96,7 +94,7 @@ int main()
 /* perform split operations and compare to reference */
 for (i = 1; i < lref; i++) {
 b = BIO_new(BIO_f_cipher());
-if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
  return -1;
 BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
 memset(out, 0, sizeof(out));
@@ -121,7 +119,7 @@ int main()
 int delta;
 
 b = BIO_new(BIO_f_cipher());
-if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
  return -1;
 BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
 memset(out, 0, sizeof(out));
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#5674 (OpenSSL_1_0_2-stable - 01f879d)

2016-08-23 Thread Travis CI

Build Update for openssl/openssl
-

Build: #5674
Status: Fixed

Duration: 5 minutes and 20 seconds
Commit: 01f879d (OpenSSL_1_0_2-stable)
Author: David Benjamin
Message: Don't check for malloc failure twice.

a03f81f4ead24c234dc26e388d86a352685f3948 added a malloc failure check to
EVP_PKEY_keygen, but there already was one.

Signed-off-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1473

View the changeset: 
https://github.com/openssl/openssl/compare/67e11f1d44b8...01f879d3e3fe

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/154247532

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

55 matches

Mail list logo