[openssl-commits] Build completed: openssl master.21343

[AppVeyor]

Build openssl master.21343 completed



Commit 11c6a4ad97 by Richard Levitte on 11/29/2018 11:05 PM:

Refactor the computation of API version limits


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.21342

[AppVeyor]

Build openssl master.21342 failed


Commit 6227d83610 by Todd Short on 7/10/2017 5:28 PM:

Add option to disable Extended Master Secret


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.21341

[AppVeyor]

Build openssl master.21341 failed


Commit a654dd1010 by Richard Levitte on 12/5/2018 9:08 PM:

fixup! Refactor the computation of API version limits


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Kurt Roeckx]

The branch master has been updated
   via  0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit)
  from  be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit)


- Log -
commit 0d92547742c3da2f066f4babaacf8a51bb2f5e3c
Author: Kurt Roeckx 
Date:   Wed Dec 5 22:22:04 2018 +0100

Update PGP key

---

Summary of changes:
 news/openssl-security.asc | 80 +++
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/news/openssl-security.asc b/news/openssl-security.asc
index fb0482f..9dddc89 100644
--- a/news/openssl-security.asc
+++ b/news/openssl-security.asc
@@ -11,33 +11,33 @@ 
Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO
 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc
 zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK
 eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB
-tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+
-AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9
-efUFAlvEwBgFCQmW/3kACgkQ2JTizos9efV3tBAAg/XTimvGMtCvMawu+ymbXshC
-W+PTt3tH2oI7parnm8F0DY3c70rwKN1uu28Cds0QOpAUR8wsYe9HbXXfT7w+4JG6
-qJm3mfAin9QA49D99SN3TgSTOK7qU1p88nCpEs0dib4aF5gO2zaqRiIEbTkiQSjQ
-lTzLS0kfznNmfynJI25XWNddLM2munn9ZS7XPQqzZ0G/RkDbuIayG0axRRcr8iG/
-uOkfFz3Iwk58MnzKVqPf+n7ZPTG6Z7EEcLF92Lo58x+s9tJ5afr0bTRG1wn5L8+I
-++OEIn32CwPQ0B6FeI42jeXGdd4rGjgzZyBbqvUD2zei85Sa306ZUOLoD5iuSAXt
-VkyK2rRRqfGy8m+R0TV1TQ25SkQadUf1fz1gS+QtyA4MhuM4f9PYR6kNUzjHkGAw
-w6KTG+bHiiQdAOKCEDYZgz9bY9wSD53fQTh8r5DhQ9edgFQAZsJ5R5jouZu+5beG
-8VP1OuvgKA478y/VWX6xnKLCqAfiF+p4ae0WDTm2cQiZyskTLQ2NaC0xEmAg9DgT
-d0v9NteVVMKeVppaGsE21vaX7s228Pj2sf8EAwl5iqtcJZMVVMHdmMerojd0HnmW
-PplbBVowaTTxLcMz/Xqlrxl7ylh6NqA3hFK1BwhFkAH6IEvXYmuAZNEtzFl+t4m5
-lsGHrlH+lstQuSl25v+0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z
-ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
-AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAJwUJCZb/eQAKCRDY
-lOLOiz159bbcEACpio13Jc6porVHoi5izZ9w9xCYiv6whrhgjdBCPm+JP6bPb0aN
-T0EkhQ4oBsOh3iCtVrBXjeagXK1NR1Sze/PH/kxARg9Nx6rafv9jRF2irO0E8+fY
-U2nV2z8Sjuej2uAIfMEJW0GnOJsR/pnn+a6P2Na8qwuwoEoWW2rTwqgCNOPwTWAW
-qgB5sYrt5M8RhmSZXW0v6NmCAQVrnGbEsqgCuBLo0WqyPszW6BEQqUsvj4aAAucS
-IZr2vaN4TnXhg0VdlI1f1E32ms2lSkNXECdSYWeT1eWVn2nPKibpePrJXuHHEP1G
-qM9z70+otqNn7qbIIr2aCu9aoAkcqbNCM6WN6FgZb0BH/XLByZM6ksLjO5OD1BHS
-PkK7HDTLDaTQFYbzH1ItpuWWvVh+l95a5Amm3Ic4JZyTbw0I7S4n0lo+JG4l89Wr
-WsYwAJsj1Chn0TitF/VTMG7JOtFHKBKzNvXOY7H85zU8AxvC5lis5vLepSc41NXw
-JoR7l+Cwi1hFIJIRO6RSVp3BwI+mASRZAn9ZaCqNyfDHhFQntpn607pRl2eHvO57
-KN1r1fJOZBx8P9p4S0sqBs9QXF4wNlBM2v/Te4MGq+wzQQFtofJuBSEpN0jHpVup
-HGZRWkCSydM4ToCRrwEhclv3GvUmi1WAzy25SBbaR408/BgEAT2Xr6TUXLQnT3Bl
+tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz
+bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck
+Z9YTy4PH7W0w2JTizos9efUFAlvEwCcFCQmW/3kACgkQ2JTizos9efW23BAAqYqN
+dyXOqaK1R6IuYs2fcPcQmIr+sIa4YI3QQj5viT+mz29GjU9BJIUOKAbDod4grVaw
+V43moFytTUdUs3vzx/5MQEYPTceq2n7/Y0RdoqztBPPn2FNp1ds/Eo7no9rgCHzB
+CVtBpzibEf6Z5/muj9jWvKsLsKBKFltq08KoAjTj8E1gFqoAebGK7eTPEYZkmV1t
+L+jZggEFa5xmxLKoArgS6NFqsj7M1ugREKlLL4+GgALnEiGa9r2jeE514YNFXZSN
+X9RN9prNpUpDVxAnUmFnk9XllZ9pzyom6Xj6yV7hxxD9RqjPc+9PqLajZ+6myCK9
+mgrvWqAJHKmzQjOljehYGW9AR/1ywcmTOpLC4zuTg9QR0j5Cuxw0yw2k0BWG8x9S
+Labllr1YfpfeWuQJptyHOCWck28NCO0uJ9JaPiRuJfPVq1rGMACbI9QoZ9E4rRf1
+UzBuyTrRRygSszb1zmOx/Oc1PAMbwuZYrOby3qUnONTV8CaEe5fgsItYRSCSETuk
+UladwcCPpgEkWQJ/WWgqjcnwx4RUJ7aZ+tO6UZdnh7zueyjda9XyTmQcfD/aeEtL
+KgbPUFxeMDZQTNr/03uDBqvsM0EBbaHybgUhKTdIx6VbqRxmUVpAksnTOE6Aka8B
+IXJb9xr1JotVgM8tuUgW2keNPPwYBAE9l6+k1Fy0JU9wZW5TU0wgT01DIDxvcGVu
+c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAGAUJCZb/eQAKCRDY
+lOLOiz159Xe0EACD9dOKa8Yy0K8xrC77KZteyEJb49O3e0fagjulquebwXQNjdzv
+SvAo3W67bwJ2zRA6kBRHzCxh70dtdd9PvD7gkbqombeZ8CKf1ADj0P31I3dOBJM4
+rupTWnzycKkSzR2JvhoXmA7bNqpGIgRtOSJBKNCVPMtLSR/Oc2Z/KckjbldY110s
+zaa6ef1lLtc9CrNnQb9GQNu4hrIbRrFFFyvyIb+46R8XPcjCTnwyfMpWo9/6ftk9
+MbpnsQRwsX3YujnzH6z20nlp+vRtNEbXCfkvz4j744QiffYLA9DQHoV4jjaN5cZ1
+3isaODNnIFuq9QPbN6LzlJrfTplQ4ugPmK5IBe1WTIratFGp8bLyb5HRNXVNDblK
+RBp1R/V/PWBL5C3IDgyG4zh/09hHqQ1TOMeQYDDDopMb5seKJB0A4oIQNhmDP1tj
+3BIPnd9BOHyvkOFD152AVABmwnlHmOi5m77lt4bxU/U66+AoDjvzL9VZfrGcosKo
+B+IX6nhp7RYNObZxCJnKyRMtDY1oLTESYCD0OBN3S/0215VUwp5WmloawTbW9pfu
+zbbw+Pax/wQDCXmKq1wlkxVUwd2Yx6uiN3QeeZY+mVsFWjBpNPEtwzP9eqWvGXvK
+WHo2oDeEUrUHCEWQAfogS9dia4Bk0S3MWX63ibmWwYeuUf6Wy1C5KXbm/7QnT3Bl
 blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE
 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns
 LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr
@@ -63,17 +63,17 @@ 
ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO
 w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g
 

[openssl-commits] Build completed: openssl master.21337

[AppVeyor]

Build openssl master.21337 completed



Commit e3155c1b36 by Simo Sorce on 9/19/2018 8:23 PM:

Implement SSH KDF


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.21336

[AppVeyor]

Build openssl master.21336 failed


Commit 5eeac34089 by Richard Levitte on 12/5/2018 8:24 PM:

fixup! Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Matt Caswell]

The branch master has been updated
   via  be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit)
  from  af5e14f2df748257775c39faa63fcc755b81b1b9 (commit)


- Log -
commit be4639ae76f20fccfd718dea2aaa7def1dbe8a55
Author: Dr. Matthias St. Pierre 
Date:   Tue Nov 6 12:12:26 2018 +0100

cla.html: make CLA download links and email address more prominent

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/92)

---

Summary of changes:
 policies/cla.html | 28 +---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/policies/cla.html b/policies/cla.html
index f234dde..efe0445 100644
--- a/policies/cla.html
+++ b/policies/cla.html
@@ -25,7 +25,8 @@
  
  OpenSSL requires that all non-trivial contributors of ideas, code, or
  documentation complete, sign, and submit (via postal mail, fax
- or email) an Individual CLA [PDF].
+ or email) an
+ Individual Contributor License Agreement 
(ICLA).
  The purpose of this agreement is to clearly define
  the terms under which intellectual property has been contributed
  to OpenSSL and thereby allow us to defend the project should
@@ -39,8 +40,8 @@
  
 
  
- For a corporation that has assigned employees to work on OpenSSL,
- a Corporate CLA [PDF]
+ For a corporation that has assigned employees to work on OpenSSL, a
+ Corporate Contributor License Agreement 
(CCLA)
  is available for contributing intellectual property via
  the corporation, that may have been assigned as part of an
  employment agreement. Note that a Corporate CLA does not
@@ -49,6 +50,27 @@
  
 
  
+ If you have not already done so, please complete and sign a printout 
of the above
+ ICLA (and CCLA if necessary), then scan and email a pdf file of the 
Agreement(s) to
+ mailto:le...@opensslfoundation.org;>le...@opensslfoundation.org.
+ 
+
+ 
+ If you prefer snail mail, send an original signed Agreement to the
+ 
+
+ 
+ OpenSSL Software Foundation
+ 40 East Main Street
+ Suite 744
+ Newark, DE 19711
+ United States
+ 
+
+ Please read the document(s) carefully before signing and keep a copy 
for your records.
+ 
+
+ 
  Your Full name will be published unless you provide an alternative
  Public name. For example if your full name is Andrew Bernard Charles
  Dickens, but you wish to be known as Andrew Dickens, please enter
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#22046 (master - 3a4a88f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #22046
Status: Fixed

Duration: 16 mins and 49 secs
Commit: 3a4a88f (master)
Author: Andy Polyakov
Message: bn/bn_{div|shift}.c: introduce fixed-top interfaces.

Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

View the changeset: 
https://github.com/openssl/openssl/compare/871493a2bed8...3a4a88f436ed

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/46315?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  0fb2815b873304d145ed00283454fc9f3bd35e6b (commit)
   via  ed371b8cbac0d0349667558c061c1ae380cf75eb (commit)
  from  3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690 (commit)


- Log -
commit 0fb2815b873304d145ed00283454fc9f3bd35e6b
Author: Matt Caswell 
Date:   Tue Dec 4 08:37:04 2018 +

Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7755)

commit ed371b8cbac0d0349667558c061c1ae380cf75eb
Author: Matt Caswell 
Date:   Mon Dec 3 18:14:57 2018 +

Revert "Reduce stack usage in tls13_hkdf_expand"

This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7755)

---

Summary of changes:
 doc/man3/SSL_export_keying_material.pod |  3 +-
 ssl/ssl_locl.h  |  2 +-
 ssl/statem/extensions.c |  2 +-
 ssl/statem/statem_clnt.c|  2 +-
 ssl/statem/statem_srvr.c|  2 +-
 ssl/tls13_enc.c | 73 -
 test/sslapitest.c   | 48 --
 test/tls13secretstest.c |  2 +-
 8 files changed, 88 insertions(+), 46 deletions(-)

diff --git a/doc/man3/SSL_export_keying_material.pod 
b/doc/man3/SSL_export_keying_material.pod
index abebf91..4c81a60 100644
--- a/doc/man3/SSL_export_keying_material.pod
+++ b/doc/man3/SSL_export_keying_material.pod
@@ -59,7 +59,8 @@ B and should be B bytes long. Typically this 
will be a value from
 the IANA Exporter Label Registry
 
(L).
 Alternatively labels beginning with "EXPERIMENTAL" are permitted by the 
standard
-to be used without registration.
+to be used without registration. TLSv1.3 imposes a maximum label length of
+249 bytes.
 
 Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
 above. Attempting to use it in SSLv3 will result in an error.
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 70e5a17..307131d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2461,7 +2461,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
  const unsigned char *secret,
  const unsigned char *label, size_t labellen,
  const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outlen);
+ unsigned char *out, size_t outlen, int fatal);
 __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
 const unsigned char *secret, unsigned char *key,
 size_t keylen);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 63e61c6..716d6d2 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const 
unsigned char *msgstart,
 
 /* Generate the binder key */
 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
-   hashsize, binderkey, hashsize)) {
+   hashsize, binderkey, hashsize, 1)) {
 /* SSLfatal() already called */
 goto err;
 }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5a8f116..a0e495d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, 
PACKET *pkt)
PACKET_data(),
PACKET_remaining(),
s->session->master_key,
-   hashlen)) {
+   hashlen, 1)) {
 /* SSLfatal() already called */
 goto err;
 }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4..a8e862c 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
tick_nonce,
TICKET_NONCE_SIZE,
s->session->master_key,
-   hashlen)) {
+   hashlen, 1)) {
 /* SSLfatal() already called */
 goto err;
 }
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

[Matt Caswell]

The branch OpenSSL_1_1_1-stable has been updated
   via  db860ea3dcf56a1993c66da22bd44460d7ac4914 (commit)
   via  56e0f123dc17cb99f50efbae4bbbab77f360818f (commit)
  from  8df98cd98812dff67aa93a3f760860ac91f7f24a (commit)


- Log -
commit db860ea3dcf56a1993c66da22bd44460d7ac4914
Author: Matt Caswell 
Date:   Tue Dec 4 08:37:04 2018 +

Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7755)

(cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)

commit 56e0f123dc17cb99f50efbae4bbbab77f360818f
Author: Matt Caswell 
Date:   Mon Dec 3 18:14:57 2018 +

Revert "Reduce stack usage in tls13_hkdf_expand"

This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/7755)

(cherry picked from commit ed371b8cbac0d0349667558c061c1ae380cf75eb)

---

Summary of changes:
 doc/man3/SSL_export_keying_material.pod |  3 +-
 ssl/ssl_locl.h  |  2 +-
 ssl/statem/extensions.c |  2 +-
 ssl/statem/statem_clnt.c|  2 +-
 ssl/statem/statem_srvr.c|  2 +-
 ssl/tls13_enc.c | 73 -
 test/sslapitest.c   | 48 --
 test/tls13secretstest.c |  2 +-
 8 files changed, 88 insertions(+), 46 deletions(-)

diff --git a/doc/man3/SSL_export_keying_material.pod 
b/doc/man3/SSL_export_keying_material.pod
index abebf91..4c81a60 100644
--- a/doc/man3/SSL_export_keying_material.pod
+++ b/doc/man3/SSL_export_keying_material.pod
@@ -59,7 +59,8 @@ B and should be B bytes long. Typically this 
will be a value from
 the IANA Exporter Label Registry
 
(L).
 Alternatively labels beginning with "EXPERIMENTAL" are permitted by the 
standard
-to be used without registration.
+to be used without registration. TLSv1.3 imposes a maximum label length of
+249 bytes.
 
 Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
 above. Attempting to use it in SSLv3 will result in an error.
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 70e5a17..307131d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2461,7 +2461,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
  const unsigned char *secret,
  const unsigned char *label, size_t labellen,
  const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outlen);
+ unsigned char *out, size_t outlen, int fatal);
 __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
 const unsigned char *secret, unsigned char *key,
 size_t keylen);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 63e61c6..716d6d2 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const 
unsigned char *msgstart,
 
 /* Generate the binder key */
 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
-   hashsize, binderkey, hashsize)) {
+   hashsize, binderkey, hashsize, 1)) {
 /* SSLfatal() already called */
 goto err;
 }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5a8f116..a0e495d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, 
PACKET *pkt)
PACKET_data(),
PACKET_remaining(),
s->session->master_key,
-   hashlen)) {
+   hashlen, 1)) {
 /* SSLfatal() already called */
 goto err;
 }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4..a8e862c 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
tick_nonce,
TICKET_NONCE_SIZE,
s->session->master_key,
-   hashlen)) {
+

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

[Matt Caswell]

The branch OpenSSL_1_1_1-stable has been updated
   via  8df98cd98812dff67aa93a3f760860ac91f7f24a (commit)
   via  a7e8ab41fd6d53abba3f63cb34c9bcccb31efda7 (commit)
   via  2007474f19fa434e669b944895b22af32f934933 (commit)
   via  9b2a219caeff0522995e5453dedf729bba666ffa (commit)
  from  cc4e37f1e4af060dc41a3c84041a183ecd7aa80e (commit)


- Log -
commit 8df98cd98812dff67aa93a3f760860ac91f7f24a
Author: Andy Polyakov 
Date:   Fri Nov 23 17:23:31 2018 +0100

bn/bn_{div|shift}.c: introduce fixed-top interfaces.

Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

(cherry picked from commit 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690)

commit a7e8ab41fd6d53abba3f63cb34c9bcccb31efda7
Author: Andy Polyakov 
Date:   Wed Nov 7 22:18:33 2018 +0100

bn/bn_div.c: make conditional addition unconditional

and add template for constant-time bn_div_3_words.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

(cherry picked from commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de)

commit 2007474f19fa434e669b944895b22af32f934933
Author: Andy Polyakov 
Date:   Mon Nov 12 15:13:48 2018 +0100

Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

(cherry picked from commit 31703da3b8e743c07a9fdb6025aa526594c2a319)

commit 9b2a219caeff0522995e5453dedf729bba666ffa
Author: Andy Polyakov 
Date:   Mon Nov 12 15:03:39 2018 +0100

Configurations/10-main.conf: remove MIPS bn_div_3_words.

It's being replaced with constant-time alternative.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

(cherry picked from commit b34446cca2b1814fa674adc8076707d2b65a697f)

---

Summary of changes:
 Configurations/10-main.conf  |   5 +-
 Configure|   1 +
 crypto/bn/asm/mips.pl|   6 +
 crypto/bn/bn_div.c   | 319 ++-
 crypto/bn/bn_shift.c | 130 +---
 crypto/include/internal/bn_int.h |   9 +-
 6 files changed, 301 insertions(+), 169 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index f0cf6c1..ac8828e 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -360,7 +360,7 @@ my %targets = (
 inherit_from => [ "BASE_unix" ],
 template => 1,
 cppflags => threads("-D_SGI_MP_SOURCE"),
-lib_cppflags => "-DB_ENDIAN -DBN_DIV3W",
+lib_cppflags => "-DB_ENDIAN",
 ex_libs  => add(threads("-lpthread")),
 thread_scheme=> "pthreads",
 dso_scheme   => "dlfcn",
@@ -733,7 +733,6 @@ my %targets = (
 inherit_from => [ "linux-generic32", asm("mips32_asm") ],
 cflags   => add("-mabi=32"),
 cxxflags => add("-mabi=32"),
-lib_cppflags => add("-DBN_DIV3W"),
 perlasm_scheme   => "o32",
 },
 # mips32 and mips64 below refer to contemporary MIPS Architecture
@@ -742,7 +741,6 @@ my %targets = (
 inherit_from => [ "linux-generic32", asm("mips64_asm") ],
 cflags   => add("-mabi=n32"),
 cxxflags => add("-mabi=n32"),
-lib_cppflags => add("-DBN_DIV3W"),
 bn_ops   => "SIXTY_FOUR_BIT RC4_CHAR",
 perlasm_scheme   => "n32",
 multilib => "32",
@@ -751,7 +749,6 @@ my %targets = (
 inherit_from => [ "linux-generic64", asm("mips64_asm") ],
 cflags   => add("-mabi=64"),
 cxxflags => add("-mabi=64"),
-lib_cppflags => add("-DBN_DIV3W"),
 perlasm_scheme   => "64",
 multilib => "64",
 },
diff --git a/Configure b/Configure
index d5dc36c..28f6eb7 100755
--- a/Configure
+++ b/Configure
@@ -1370,6 +1370,7 @@ unless ($disabled{asm}) {
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if 
($target{bn_asm_src} =~ /-mont/);
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if 
($target{bn_asm_src} =~ /-mont5/);
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if 
($target{bn_asm_src} =~ /-gf2m/);
+push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ 
/-div3w/);
 
 if ($target{sha1_asm_src}) {
push 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690 (commit)
   via  3da2e9c4ee45989a426ff513dc6c6250d1e460de (commit)
   via  31703da3b8e743c07a9fdb6025aa526594c2a319 (commit)
   via  b34446cca2b1814fa674adc8076707d2b65a697f (commit)
  from  871493a2bed80310169ec4ba7cc428bc194623bf (commit)


- Log -
commit 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690
Author: Andy Polyakov 
Date:   Fri Nov 23 17:23:31 2018 +0100

bn/bn_{div|shift}.c: introduce fixed-top interfaces.

Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de
Author: Andy Polyakov 
Date:   Wed Nov 7 22:18:33 2018 +0100

bn/bn_div.c: make conditional addition unconditional

and add template for constant-time bn_div_3_words.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

commit 31703da3b8e743c07a9fdb6025aa526594c2a319
Author: Andy Polyakov 
Date:   Mon Nov 12 15:13:48 2018 +0100

Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

commit b34446cca2b1814fa674adc8076707d2b65a697f
Author: Andy Polyakov 
Date:   Mon Nov 12 15:03:39 2018 +0100

Configurations/10-main.conf: remove MIPS bn_div_3_words.

It's being replaced with constant-time alternative.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7589)

---

Summary of changes:
 Configurations/10-main.conf  |   5 +-
 Configure|   1 +
 crypto/bn/asm/mips.pl|   6 +
 crypto/bn/bn_div.c   | 319 ++-
 crypto/bn/bn_shift.c | 130 +---
 crypto/include/internal/bn_int.h |   9 +-
 6 files changed, 301 insertions(+), 169 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index d86691c..6506203 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -360,7 +360,7 @@ my %targets = (
 inherit_from => [ "BASE_unix" ],
 template => 1,
 cppflags => threads("-D_SGI_MP_SOURCE"),
-lib_cppflags => "-DB_ENDIAN -DBN_DIV3W",
+lib_cppflags => "-DB_ENDIAN",
 ex_libs  => add(threads("-lpthread")),
 thread_scheme=> "pthreads",
 dso_scheme   => "dlfcn",
@@ -733,7 +733,6 @@ my %targets = (
 inherit_from => [ "linux-generic32", asm("mips32_asm") ],
 cflags   => add("-mabi=32"),
 cxxflags => add("-mabi=32"),
-lib_cppflags => add("-DBN_DIV3W"),
 perlasm_scheme   => "o32",
 },
 # mips32 and mips64 below refer to contemporary MIPS Architecture
@@ -742,7 +741,6 @@ my %targets = (
 inherit_from => [ "linux-generic32", asm("mips64_asm") ],
 cflags   => add("-mabi=n32"),
 cxxflags => add("-mabi=n32"),
-lib_cppflags => add("-DBN_DIV3W"),
 bn_ops   => "SIXTY_FOUR_BIT RC4_CHAR",
 perlasm_scheme   => "n32",
 multilib => "32",
@@ -751,7 +749,6 @@ my %targets = (
 inherit_from => [ "linux-generic64", asm("mips64_asm") ],
 cflags   => add("-mabi=64"),
 cxxflags => add("-mabi=64"),
-lib_cppflags => add("-DBN_DIV3W"),
 perlasm_scheme   => "64",
 multilib => "64",
 },
diff --git a/Configure b/Configure
index cc061dc..65bbec1 100755
--- a/Configure
+++ b/Configure
@@ -1354,6 +1354,7 @@ unless ($disabled{asm}) {
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if 
($target{bn_asm_src} =~ /-mont/);
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if 
($target{bn_asm_src} =~ /-mont5/);
 push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if 
($target{bn_asm_src} =~ /-gf2m/);
+push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ 
/-div3w/);
 
 if ($target{sha1_asm_src}) {
push @{$config{lib_defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ 
/sx86/ || $target{sha1_asm_src} =~ /sha1/);
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index da35ec1..3875132 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -798,6 +798,11 @@ $code.=<<___;
move$a0,$v0
 .end