[openssl-commits] Broken: openssl/openssl#6932 (OpenSSL_1_1_0-stable - b9ddc5f)

2016-11-07 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #6932
Status: Broken

Duration: 42 minutes and 53 seconds
Commit: b9ddc5f (OpenSSL_1_1_0-stable)
Author: David Benjamin
Message: Improve RSA test coverage.

MD5/SHA1 and MDC-2 have special-case logic beyond the generic DigestInfo
wrapping. Test that each of these works, including hash and length
mismatches (both input and signature). Also add VerifyRecover tests. It
appears 5824cc298174d462c827cd090675e30fc03f0caf added support for
VerifyRecover, but forgot to add the test data.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474
(cherry picked from commit f320555735af7aa52172a2b8c56181445e8490dd)

View the changeset: 
https://github.com/openssl/openssl/compare/929cc3fa6bce...b9ddc5fd0ccb

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/174011050

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl 1.0.1594

2016-11-07 Thread AppVeyor 


Build openssl 1.0.1594 completed



Commit 4188964c72 by FdaSilvaYY on 11/7/2016 10:01 PM:

Simplify and clean X509_VERIFY_PARAM new/free code.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-11-07 Thread Rich Salz 
The branch OpenSSL_1_1_0-stable has been updated
   via  6fa4d63dbf26c7ec57407edd7987d8036e0a5ee5 (commit)
  from  28304b1239eb67c5204a6c80cc5b50f715167140 (commit)


- Log -
commit 6fa4d63dbf26c7ec57407edd7987d8036e0a5ee5
Author: FdaSilvaYY 
Date:   Tue Sep 27 23:36:37 2016 +0200

Allow null in  X509_CRL_METHOD_free

and fix documentation.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1634)
(cherry picked from commit 7cb1ecec59d7c8d6628fb9bfd435306f7e06fd33)

---

Summary of changes:
 crypto/x509/x_crl.c | 2 +-
 doc/crypto/X509_dup.pod | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index f94d04c..a5871ca 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -441,7 +441,7 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) 
(X509_CRL *crl),
 
 void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
-if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
 return;
 OPENSSL_free(m);
 }
diff --git a/doc/crypto/X509_dup.pod b/doc/crypto/X509_dup.pod
index 574994d..c5d01b2 100644
--- a/doc/crypto/X509_dup.pod
+++ b/doc/crypto/X509_dup.pod
@@ -208,8 +208,6 @@ X509_CINF_free,
 X509_CINF_new,
 X509_CRL_INFO_free,
 X509_CRL_INFO_new,
-X509_CRL_METHOD_free,
-X509_CRL_METHOD_new,
 X509_CRL_dup,
 X509_CRL_free,
 X509_CRL_new,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-11-07 Thread Rich Salz 
The branch master has been updated
   via  7cb1ecec59d7c8d6628fb9bfd435306f7e06fd33 (commit)
  from  27ed73a98f88c98be996a6ffe7bda1b84bfc8be7 (commit)


- Log -
commit 7cb1ecec59d7c8d6628fb9bfd435306f7e06fd33
Author: FdaSilvaYY 
Date:   Tue Sep 27 23:36:37 2016 +0200

Allow null in  X509_CRL_METHOD_free

and fix documentation.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1634)

---

Summary of changes:
 crypto/x509/x_crl.c   | 2 +-
 doc/man3/X509_dup.pod | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index f94d04c..a5871ca 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -441,7 +441,7 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) 
(X509_CRL *crl),
 
 void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
-if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
 return;
 OPENSSL_free(m);
 }
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index d704962..7406a68 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -207,8 +207,6 @@ X509_CINF_free,
 X509_CINF_new,
 X509_CRL_INFO_free,
 X509_CRL_INFO_new,
-X509_CRL_METHOD_free,
-X509_CRL_METHOD_new,
 X509_CRL_dup,
 X509_CRL_free,
 X509_CRL_new,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-11-07 Thread Kurt Roeckx 
The branch OpenSSL_1_1_0-stable has been updated
   via  28304b1239eb67c5204a6c80cc5b50f715167140 (commit)
  from  b9ddc5fd0ccb6ec92b5178db1f169d431f2a3ff3 (commit)


- Log -
commit 28304b1239eb67c5204a6c80cc5b50f715167140
Author: Andrea Grandi 
Date:   Thu Nov 3 04:42:07 2016 +

Improve PRF documentation

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1834
(cherry picked from commit 27ed73a98f88c98be996a6ffe7bda1b84bfc8be7)

---

Summary of changes:
 doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod 
b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod
index 0d57f9f..f1f0ae4 100644
--- a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod
+++ b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod
@@ -13,14 +13,14 @@ TLS PRF key derivation algorithm
  int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
  int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
unsigned char *sec, int seclen);
- int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
  unsigned char *seed, int seedlen);
 
 =head1 DESCRIPTION
 
 The B algorithm implements the PRF key derivation function 
for
 TLS. It has no associated private key and only implements key derivation
-using EVP_PKEY_derive().
+using L.
 
 EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
 TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-11-07 Thread Kurt Roeckx 
The branch master has been updated
   via  27ed73a98f88c98be996a6ffe7bda1b84bfc8be7 (commit)
  from  f320555735af7aa52172a2b8c56181445e8490dd (commit)


- Log -
commit 27ed73a98f88c98be996a6ffe7bda1b84bfc8be7
Author: Andrea Grandi 
Date:   Thu Nov 3 04:42:07 2016 +

Improve PRF documentation

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1834

---

Summary of changes:
 doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod 
b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
index 0d57f9f..f1f0ae4 100644
--- a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
@@ -13,14 +13,14 @@ TLS PRF key derivation algorithm
  int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
  int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
unsigned char *sec, int seclen);
- int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
  unsigned char *seed, int seedlen);
 
 =head1 DESCRIPTION
 
 The B algorithm implements the PRF key derivation function 
for
 TLS. It has no associated private key and only implements key derivation
-using EVP_PKEY_derive().
+using L.
 
 EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
 TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-11-07 Thread Kurt Roeckx 
The branch OpenSSL_1_1_0-stable has been updated
   via  b9ddc5fd0ccb6ec92b5178db1f169d431f2a3ff3 (commit)
   via  439530bc571a5221ba0df983a245b525f46c9898 (commit)
   via  b71079a375116a8a52ed493afcd8f69cb08c195a (commit)
  from  929cc3fa6bceba1c6d9c362c56b89cbf2acf40bc (commit)


- Log -
commit b9ddc5fd0ccb6ec92b5178db1f169d431f2a3ff3
Author: David Benjamin 
Date:   Sun Nov 6 19:12:47 2016 -0500

Improve RSA test coverage.

MD5/SHA1 and MDC-2 have special-case logic beyond the generic DigestInfo
wrapping. Test that each of these works, including hash and length
mismatches (both input and signature). Also add VerifyRecover tests. It
appears 5824cc298174d462c827cd090675e30fc03f0caf added support for
VerifyRecover, but forgot to add the test data.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474
(cherry picked from commit f320555735af7aa52172a2b8c56181445e8490dd)

commit 439530bc571a5221ba0df983a245b525f46c9898
Author: David Benjamin 
Date:   Sat Aug 20 15:48:56 2016 -0400

Make RSA_sign.pod less confusing.

PKCS #1 v2.0 is the name of a document which specifies an algorithm
RSASSA-PKCS1-v1_5, often referred to as "PKCS #1 v1.5" after an earlier
document which specified it. This gets further confusing because the
document PKCS #1 v2.1 specifies two signature algorithms,
RSASSA-PKCS1-v1_5 and RSASSA-PSS. RSA_sign implements RSASSA-PKCS1-v1_5.

Refer to the document using the RFC number which is easier to find
anyway, and refer to the algorithm by its name.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474
(cherry picked from commit aa90ca11c930114d5c0d68a2c1f446bf97853287)

commit b71079a375116a8a52ed493afcd8f69cb08c195a
Author: David Benjamin 
Date:   Sat Aug 20 13:35:17 2016 -0400

Implement RSASSA-PKCS1-v1_5 as specified.

RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474
(cherry picked from commit 608a026494c1e7a14f6d6cfcc5e4994fe2728836)

---

Summary of changes:
 crypto/rsa/rsa_err.c|   1 +
 crypto/rsa/rsa_sign.c   | 324 ++--
 doc/crypto/RSA_sign.pod |   6 +-
 include/openssl/rsa.h   |   1 +
 test/evptests.txt   | 139 -
 5 files changed, 316 insertions(+), 155 deletions(-)

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 210709e..45e12e0 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -20,6 +20,7 @@
 
 static ERR_STRING_DATA RSA_str_functs[] = {
 {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
+{ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
 {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
 {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL),

[openssl-commits] [openssl] master update

2016-11-07 Thread Kurt Roeckx 
The branch master has been updated
   via  f320555735af7aa52172a2b8c56181445e8490dd (commit)
   via  aa90ca11c930114d5c0d68a2c1f446bf97853287 (commit)
   via  608a026494c1e7a14f6d6cfcc5e4994fe2728836 (commit)
  from  c8e2f98c97ff3327784843946c2d62761572e5d5 (commit)


- Log -
commit f320555735af7aa52172a2b8c56181445e8490dd
Author: David Benjamin 
Date:   Sun Nov 6 19:12:47 2016 -0500

Improve RSA test coverage.

MD5/SHA1 and MDC-2 have special-case logic beyond the generic DigestInfo
wrapping. Test that each of these works, including hash and length
mismatches (both input and signature). Also add VerifyRecover tests. It
appears 5824cc298174d462c827cd090675e30fc03f0caf added support for
VerifyRecover, but forgot to add the test data.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474

commit aa90ca11c930114d5c0d68a2c1f446bf97853287
Author: David Benjamin 
Date:   Sat Aug 20 15:48:56 2016 -0400

Make RSA_sign.pod less confusing.

PKCS #1 v2.0 is the name of a document which specifies an algorithm
RSASSA-PKCS1-v1_5, often referred to as "PKCS #1 v1.5" after an earlier
document which specified it. This gets further confusing because the
document PKCS #1 v2.1 specifies two signature algorithms,
RSASSA-PKCS1-v1_5 and RSASSA-PSS. RSA_sign implements RSASSA-PKCS1-v1_5.

Refer to the document using the RFC number which is easier to find
anyway, and refer to the algorithm by its name.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474

commit 608a026494c1e7a14f6d6cfcc5e4994fe2728836
Author: David Benjamin 
Date:   Sat Aug 20 13:35:17 2016 -0400

Implement RSASSA-PKCS1-v1_5 as specified.

RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 

GH: #1474

---

Summary of changes:
 crypto/rsa/rsa_err.c  |   1 +
 crypto/rsa/rsa_sign.c | 324 +++---
 doc/man3/RSA_sign.pod |   6 +-
 include/openssl/rsa.h |   1 +
 test/evptests.txt | 139 +-
 5 files changed, 316 insertions(+), 155 deletions(-)

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 210709e..45e12e0 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -20,6 +20,7 @@
 
 static ERR_STRING_DATA RSA_str_functs[] = {
 {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
+{ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
 {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
 {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 8946e19..952d24f 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -19,208 +19,230 @@
 /* Size of an SSL signature: MD5+SHA1 */
 #define

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-11-07 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  929cc3fa6bceba1c6d9c362c56b89cbf2acf40bc (commit)
  from  992b3740a1f7b24771ccf29a52b0141c51b95933 (commit)


- Log -
commit 929cc3fa6bceba1c6d9c362c56b89cbf2acf40bc
Author: Matt Caswell 
Date:   Thu Oct 27 10:46:25 2016 +0100

Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER"

This partially reverts commit c636c1c47. It also tweaks the documentation
and comments in this area. On the client side the documented interface for
SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag
SSL_VERIFY_PEER causes verfication of the server certificate to take place.
Previously what was implemented was that if *any* flag was set then
verification would take place. The above commit improved the semantics to
be as per the documented interface.

However, we have had a report of at least one application where an
application was incorrectly using the interface and used *only*
SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to
the above commit this still caused verification of the server certificate
to take place. After this commit the application silently failed to verify
the server certificate.

Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate
if invalid flags were being used. However these are void functions!

The simplest short term solution is to revert to the previous behaviour
which at least means we "fail closed" rather than "fail open".

Thanks to Cory Benfield for reporting this issue.

Reviewed-by: Richard Levitte 
(cherry picked from commit c8e2f98c97ff3327784843946c2d62761572e5d5)

---

Summary of changes:
 doc/ssl/SSL_CTX_set_verify.pod |  7 +++
 ssl/statem/statem_clnt.c   | 16 +++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
index 96a98ac..d2d3d03 100644
--- a/doc/ssl/SSL_CTX_set_verify.pod
+++ b/doc/ssl/SSL_CTX_set_verify.pod
@@ -145,6 +145,13 @@ Its return value is identical to B, so that 
any verification
 failure will lead to a termination of the TLS/SSL handshake with an
 alert message, if SSL_VERIFY_PEER is set.
 
+=head1 BUGS
+
+In client mode, it is not checked whether the SSL_VERIFY_PEER flag
+is set, but whether any flags are set. This can lead to
+unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as
+required.
+
 =head1 RETURN VALUES
 
 The SSL*_set_verify*() functions do not provide diagnostic information.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 692544b..e90a63c 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1224,7 +1224,21 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL 
*s, PACKET *pkt)
 }
 
 i = ssl_verify_cert_chain(s, sk);
-if ((s->verify_mode & SSL_VERIFY_PEER) && i <= 0) {
+/*
+ * The documented interface is that SSL_VERIFY_PEER should be set in order
+ * for client side verification of the server certificate to take place.
+ * However, historically the code has only checked that *any* flag is set
+ * to cause server verification to take place. Use of the other flags makes
+ * no sense in client mode. An attempt to clean up the semantics was
+ * reverted because at least one application *only* set
+ * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+ * server verification to take place, after the clean up it silently did
+ * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+ * sent to them because they are void functions. Therefore, we now use the
+ * (less clean) historic behaviour of performing validation if any flag is
+ * set. The *documented* interface remains the same.
+ */
+if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
 al = ssl_verify_alarm_type(s->verify_result);
 SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_CERTIFICATE_VERIFY_FAILED);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-11-07 Thread Matt Caswell 
The branch master has been updated
   via  c8e2f98c97ff3327784843946c2d62761572e5d5 (commit)
  from  d836d71b2da026b4ed9a2233657b2289ab8e4be0 (commit)


- Log -
commit c8e2f98c97ff3327784843946c2d62761572e5d5
Author: Matt Caswell 
Date:   Thu Oct 27 10:46:25 2016 +0100

Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER"

This partially reverts commit c636c1c47. It also tweaks the documentation
and comments in this area. On the client side the documented interface for
SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag
SSL_VERIFY_PEER causes verfication of the server certificate to take place.
Previously what was implemented was that if *any* flag was set then
verification would take place. The above commit improved the semantics to
be as per the documented interface.

However, we have had a report of at least one application where an
application was incorrectly using the interface and used *only*
SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to
the above commit this still caused verification of the server certificate
to take place. After this commit the application silently failed to verify
the server certificate.

Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate
if invalid flags were being used. However these are void functions!

The simplest short term solution is to revert to the previous behaviour
which at least means we "fail closed" rather than "fail open".

Thanks to Cory Benfield for reporting this issue.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 doc/man3/SSL_CTX_set_verify.pod |  7 +++
 ssl/statem/statem_clnt.c| 16 +++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod
index 96a98ac..d2d3d03 100644
--- a/doc/man3/SSL_CTX_set_verify.pod
+++ b/doc/man3/SSL_CTX_set_verify.pod
@@ -145,6 +145,13 @@ Its return value is identical to B, so that 
any verification
 failure will lead to a termination of the TLS/SSL handshake with an
 alert message, if SSL_VERIFY_PEER is set.
 
+=head1 BUGS
+
+In client mode, it is not checked whether the SSL_VERIFY_PEER flag
+is set, but whether any flags are set. This can lead to
+unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as
+required.
+
 =head1 RETURN VALUES
 
 The SSL*_set_verify*() functions do not provide diagnostic information.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d8fbf58..6a05b9d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1227,7 +1227,21 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL 
*s, PACKET *pkt)
 }
 
 i = ssl_verify_cert_chain(s, sk);
-if ((s->verify_mode & SSL_VERIFY_PEER) && i <= 0) {
+/*
+ * The documented interface is that SSL_VERIFY_PEER should be set in order
+ * for client side verification of the server certificate to take place.
+ * However, historically the code has only checked that *any* flag is set
+ * to cause server verification to take place. Use of the other flags makes
+ * no sense in client mode. An attempt to clean up the semantics was
+ * reverted because at least one application *only* set
+ * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+ * server verification to take place, after the clean up it silently did
+ * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+ * sent to them because they are void functions. Therefore, we now use the
+ * (less clean) historic behaviour of performing validation if any flag is
+ * set. The *documented* interface remains the same.
+ */
+if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
 al = ssl_verify_alarm_type(s->verify_result);
 SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_CERTIFICATE_VERIFY_FAILED);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-11-07 Thread Emilia Kasper 
The branch master has been updated
   via  d836d71b2da026b4ed9a2233657b2289ab8e4be0 (commit)
  from  8e47ee18c8f7e59575effdd8dfcfbfff1a365ede (commit)


- Log -
commit d836d71b2da026b4ed9a2233657b2289ab8e4be0
Author: Emilia Kasper 
Date:   Fri Nov 4 16:06:12 2016 +0100

Simplify tests part 2

1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)

Note that for parameterized tests, the index (test vector) usually holds 
all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 test/ct_test.c|   8 +-
 test/mdc2_internal_test.c |  69 ++---
 test/modes_internal_test.c| 603 ++
 test/poly1305_internal_test.c | 198 ++
 test/ssl_test.c   |  38 +--
 test/ssl_test_ctx_test.c  |  29 +-
 test/testutil.h   |   5 +
 7 files changed, 389 insertions(+), 561 deletions(-)

diff --git a/test/ct_test.c b/test/ct_test.c
index db03f86..2553bc6 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -507,20 +507,20 @@ static int test_encode_tls_sct()
 SCT *sct = SCT_new();
 if (!SCT_set_version(sct, SCT_VERSION_V1)) {
 fprintf(stderr, "Failed to set SCT version\n");
-return 1;
+return 0;
 }
 if (!SCT_set1_log_id(sct, log_id, 32)) {
 fprintf(stderr, "Failed to set SCT log ID\n");
-return 1;
+return 0;
 }
 SCT_set_timestamp(sct, 1);
 if (!SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256)) {
 fprintf(stderr, "Failed to set SCT signature NID\n");
-return 1;
+return 0;
 }
 if (!SCT_set1_signature(sct, signature, 71)) {
 fprintf(stderr, "Failed to set SCT signature\n");
-return 1;
+return 0;
 }
 sk_SCT_push(sct_list, sct);
 
diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c
index 3ed52de..3353507 100644
--- a/test/mdc2_internal_test.c
+++ b/test/mdc2_internal_test.c
@@ -21,46 +21,6 @@ typedef struct {
 const unsigned char expected[MDC2_DIGEST_LENGTH];
 } TESTDATA;
 
-typedef struct {
-const char *case_name;
-int num;
-const TESTDATA *data;
-} SIMPLE_FIXTURE;
-
-/**
- *
- * Test of mdc2 internal functions
- *
- ***/
-
-static SIMPLE_FIXTURE setup_mdc2(const char *const test_case_name)
-{
-SIMPLE_FIXTURE fixture;
-fixture.case_name = test_case_name;
-return fixture;
-}
-
-static int execute_mdc2(SIMPLE_FIXTURE fixture)
-{
-unsigned char md[MDC2_DIGEST_LENGTH];
-MDC2_CTX c;
-
-MDC2_Init();
-MDC2_Update(, (const unsigned char *)fixture.data->input,
-strlen(fixture.data->input));
-MDC2_Final(&(md[0]), );
-
-if (memcmp(fixture.data->expected, md, MDC2_DIGEST_LENGTH)) {
-fprintf(stderr, "mdc2 test %d: unexpected output\n", fixture.num);
-return 0;
-}
-
-return 1;
-}
-
-static void teardown_mdc2(SIMPLE_FIXTURE fixture)
-{
-}
 
 /**
  *
@@ -78,17 +38,34 @@ static TESTDATA tests[] = {
 }
 };
 
-static int drive_tests(int idx)
+/**
+ *
+ * Test of mdc2 internal functions
+ *
+ ***/
+
+static int test_mdc2(int idx)
 {
-SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, setup_mdc2);
-fixture.num = idx;
-fixture.data = [idx];
-EXECUTE_TEST(execute_mdc2, teardown_mdc2);
+unsigned char md[MDC2_DIGEST_LENGTH];
+MDC2_CTX c;
+const TESTDATA testdata = tests[idx];
+
+MDC2_Init();
+MDC2_Update(, (const unsigned char *)testdata.input,
+strlen(testdata.input));
+MDC2_Final(&(md[0]), );
+
+if (memcmp(testdata.expected, md, MDC2_DIGEST_LENGTH)) {
+fprintf(stderr, "mdc2 test %d: unexpected output\n", idx);
+return 0;
+}
+
+return 1;
 }
 
 int main(int argc, char **argv)
 {
-ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests));
+ADD_ALL_TESTS(test_mdc2, OSSL_NELEM(tests));
 
 return run_tests(argv[0]);
 }
diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c
index 1e4f6e3..5704503 100644
--- a/test/modes_internal_test.c
+++ b/test/modes_internal_test.c
@@ -29,316 +29,6 @@ typedef struct {
  *
  ***/
 
-typedef struct {
-const char *case_name;
-int num;
-const AES_KEY *encrypt_key_schedule;
-const AES_KEY *decrypt_key_schedule;
-const unsigned char *input;
-

[openssl-commits] [openssl] master update

2016-11-07 Thread Matt Caswell 
The branch master has been updated
   via  8e47ee18c8f7e59575effdd8dfcfbfff1a365ede (commit)
   via  3c9539d294b931bc430a01510753e10b7a201f11 (commit)
   via  185c29b14eafb9ddacffb82b10c4609e49686e66 (commit)
  from  5d71f7ea291761777a2b2a84f340ffb38b3ea14a (commit)


- Log -
commit 8e47ee18c8f7e59575effdd8dfcfbfff1a365ede
Author: Matt Caswell 
Date:   Mon Nov 7 14:26:41 2016 +

Add a test for the wrong version number in a record

Prior to TLS1.3 we check that the received record version number is correct.
In TLS1.3 we need to ignore the record version number. This adds a test to
make sure we do it correctly.

Reviewed-by: Rich Salz 

commit 3c9539d294b931bc430a01510753e10b7a201f11
Author: Matt Caswell 
Date:   Mon Nov 7 13:49:18 2016 +

Ignore the record version in TLS1.3

The record layer version field must be ignored in TLSv1.3, so we remove the
check when using that version.

Reviewed-by: Rich Salz 

commit 185c29b14eafb9ddacffb82b10c4609e49686e66
Author: Matt Caswell 
Date:   Mon Nov 7 14:44:38 2016 +

test_sslcbcpadding only makes sense 

---

Summary of changes:
 ssl/record/ssl3_record.c |  5 +++--
 test/recipes/70-test_sslcbcpadding.t |  1 +
 test/recipes/70-test_sslrecords.t| 32 +++-
 util/TLSProxy/Record.pm  | 13 -
 4 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index f160c06..181ebbb 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -204,8 +204,9 @@ int ssl3_get_record(SSL *s)
 rr[num_recs].rec_version = version;
 n2s(p, rr[num_recs].length);
 
-/* Lets check version */
-if (!s->first_packet && version != s->version) {
+/* Lets check version. In TLSv1.3 we ignore this field */
+if (!s->first_packet && s->version != TLS1_3_VERSION
+&& version != s->version) {
 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
 if ((s->version & 0xFF00) == (version & 0xFF00)
 && !s->enc_write_ctx && !s->write_hash) {
diff --git a/test/recipes/70-test_sslcbcpadding.t 
b/test/recipes/70-test_sslcbcpadding.t
index 22825a0..8d3d6fc 100644
--- a/test/recipes/70-test_sslcbcpadding.t
+++ b/test/recipes/70-test_sslcbcpadding.t
@@ -48,6 +48,7 @@ ok(TLSProxy::Message->success(), "Maximally-padded record 
test");
 # Test that invalid padding is rejected.
 foreach my $offset (@test_offsets) {
 $proxy->clear();
+$proxy->serverflags("-tls1_2");
 $bad_padding_offset = $offset;
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset");
diff --git a/test/recipes/70-test_sslrecords.t 
b/test/recipes/70-test_sslrecords.t
index b282dbd..cafa30c 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -39,10 +39,13 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
 my $inject_recs_num = 1;
 $proxy->serverflags("-tls1_2");
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-my $num_tests = 10;
+my $num_tests = 11;
 if (!disabled("tls1_1")) {
 $num_tests++;
 }
+if (!disabled("tls1_3")) {
+$num_tests++;
+}
 plan tests => $num_tests;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
 
@@ -137,6 +140,21 @@ if (!disabled("tls1_1")) {
 ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1");
 }
 
+#Test 12: Sending a different record version in TLS1.2 should fail
+$proxy->clear();
+$proxy->clientflags("-tls1_2");
+$proxy->filter(\_version);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");
+
+#Test 13: Sending a different record version in TLS1.3 should succeed
+if (!disabled("tls1_3")) {
+$proxy->clear();
+$proxy->filter(\_version);
+$proxy->start();
+ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
+}
+
 sub add_empty_recs_filter
 {
 my $proxy = shift;
@@ -388,3 +406,15 @@ sub add_unknown_record_type
 
 unshift @{$proxy->record_list}, $record;
 }
+
+sub change_version
+{
+my $proxy = shift;
+
+# We'll change a version after the initial version neg has taken place
+if ($proxy->flight != 2) {
+return;
+}
+
+(${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
+}
diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
index 106fa74..a4e7adc 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -278,11 +278,6 @@ sub content_type
 my $self = shift;
 return $self->{content_type};

[openssl-commits] [openssl] master update

2016-11-07 Thread Matt Caswell 
The branch master has been updated
   via  5d71f7ea291761777a2b2a84f340ffb38b3ea14a (commit)
  from  c437757466e7bef632b26eaaf429a9e693330999 (commit)


- Log -
commit 5d71f7ea291761777a2b2a84f340ffb38b3ea14a
Author: Matt Caswell 
Date:   Mon Nov 7 13:44:56 2016 +

Correct the Id for the TLS1.3 ciphersuite

We have one TLS1.3 ciphersuite, but there is a typo in the id that should
be corrected.

Reviewed-by: Rich Salz 

---

Summary of changes:
 include/openssl/tls1.h | 2 +-
 ssl/t1_trce.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 3f7e749..ba3c413 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -601,7 +601,7 @@ 
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305   0x0300CCAE
 
 /* TLS v1.3 ciphersuites */
-# define TLS1_3_CK_AES_128_GCM_SHA256 0x03000D01
+# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
 
 /*
  * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index ab5d2da..d8ad103 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -423,7 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
 {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
 {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
 {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
-{0x0D01, "TLS_AES_128_GCM_SHA256"},
+{0x1301, "TLS_AES_128_GCM_SHA256"},
 {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
 {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
 };
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-11-07 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  992b3740a1f7b24771ccf29a52b0141c51b95933 (commit)
  from  51d8e5ea866a7d606e4f2aa5e45c2f7df2270ace (commit)


- Log -
commit 992b3740a1f7b24771ccf29a52b0141c51b95933
Author: Matt Caswell 
Date:   Thu Nov 3 13:21:28 2016 +

Always ensure that init_msg is initialised for a CCS

We read it later in grow_init_buf(). If CCS is the first thing received in
a flight, then it will use the init_msg from the last flight we received. If
the init_buf has been grown in the meantime then it will point to some
arbitrary other memory location. This is likely to result in grow_init_buf()
attempting to grow to some excessively large amount which is likely to
fail. In practice this should never happen because the only time we receive
a CCS as the first thing in a flight is in an abbreviated handshake. None
of the preceding messages from the server flight would be large enough to
trigger this.

Reviewed-by: Rich Salz 
(cherry picked from commit c437757466e7bef632b26eaaf429a9e693330999)

---

Summary of changes:
 ssl/statem/statem_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 31a84e4..637c610 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -370,6 +370,7 @@ int tls_get_message_header(SSL *s, int *mt)
 }
 s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
 s->init_num = i - 1;
+s->init_msg = s->init_buf->data;
 s->s3->tmp.message_size = i;
 return 1;
 } else if (recvd_type != SSL3_RT_HANDSHAKE) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-11-07 Thread Matt Caswell 
The branch master has been updated
   via  c437757466e7bef632b26eaaf429a9e693330999 (commit)
  from  475592e2419c5cb3098dfea4c9229d0c09ea7010 (commit)


- Log -
commit c437757466e7bef632b26eaaf429a9e693330999
Author: Matt Caswell 
Date:   Thu Nov 3 13:21:28 2016 +

Always ensure that init_msg is initialised for a CCS

We read it later in grow_init_buf(). If CCS is the first thing received in
a flight, then it will use the init_msg from the last flight we received. If
the init_buf has been grown in the meantime then it will point to some
arbitrary other memory location. This is likely to result in grow_init_buf()
attempting to grow to some excessively large amount which is likely to
fail. In practice this should never happen because the only time we receive
a CCS as the first thing in a flight is in an abbreviated handshake. None
of the preceding messages from the server flight would be large enough to
trigger this.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/statem/statem_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 990510a..24159da 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -391,6 +391,7 @@ int tls_get_message_header(SSL *s, int *mt)
 }
 s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
 s->init_num = readbytes - 1;
+s->init_msg = s->init_buf->data;
 s->s3->tmp.message_size = readbytes;
 return 1;
 } else if (recvd_type != SSL3_RT_HANDSHAKE) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-11-07 Thread Mark J . Cox 
The branch master has been updated
   via  183632aa1c2541118fe7b465c05db7d364b0 (commit)
  from  5371172a04aa5a6757d77efba75d66e6c7bb636f (commit)


- Log -
commit 183632aa1c2541118fe7b465c05db7d364b0
Author: Mark J. Cox 
Date:   Mon Nov 7 11:19:31 2016 +

Use correct pasted link

---

Summary of changes:
 news/newsflash.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 5848af6..7cdd7aa 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,7 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
-07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html;>security
 release due on 10th November 2016
+07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-November/85.html;>security
 release due on 10th November 2016
 12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/;>Face to 
Face: Goodbye RT, Hello GitHub
 26-Sep-2016: Security Advisory: Two 
security fixes
 26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-11-07 Thread Mark J . Cox 
The branch master has been updated
   via  5371172a04aa5a6757d77efba75d66e6c7bb636f (commit)
  from  940e30d84bf1d54701725a1744af2df0ac081a85 (commit)


- Log -
commit 5371172a04aa5a6757d77efba75d66e6c7bb636f
Author: Mark J. Cox 
Date:   Mon Nov 7 11:18:24 2016 +

Add nov 10 details

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 92f3e01..5848af6 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html;>security
 release due on 10th November 2016
 12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/;>Face to 
Face: Goodbye RT, Hello GitHub
 26-Sep-2016: Security Advisory: Two 
security fixes
 26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_ppc64 #1043

2016-11-07 Thread openssl . sanity 
See 

Changes:

[Richard Levitte] VMS build file template: assign 'arch' to local symbol table

[Richard Levitte] constant time test: include our internal/numbers.h rather 
than limits.h

[Richard Levitte] VMS: pretend to use -znodelete

[Richard Levitte] Fix the LIBZ macro on VC config targets

[Richard Levitte] Windows: use default ZLIB1 unless --with-zlib-lib is set

--
[...truncated 2212 lines...]
LIBDEPS=' '" -L. -lcrypto"' -ldl ' \
CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DB_ENDIAN  ' \
LDFLAGS='' \
link_app.linux-shared
make[2]: Entering directory 
`
LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" 
-DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN 
-o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl
make[2]: Leaving directory 
`
powerpc64-linux-gcc  -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DB_ENDIAN   -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o 
test/ecdsatest.o test/ecdsatest.c
rm -f test/ecdsatest
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \
LIBDEPS=' '" -L. -lcrypto"' -ldl ' \
CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DB_ENDIAN  ' \
LDFLAGS='' \
link_app.linux-shared
make[2]: Entering directory 
`
LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" 
-DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN 
-o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl
make[2]: Leaving directory 
`
powerpc64-linux-gcc  -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DB_ENDIAN   -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o 
test/ectest.c
rm -f test/ectest
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ectest OBJECTS="test/ectest.o" \
LIBDEPS=' '" -L. -lcrypto"' -ldl ' \
CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DB_ENDIAN  ' \
LDFLAGS='' \
link_app.linux-shared
make[2]: Entering directory 
`
LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM 
-DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" 
-DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN 
-o test/ectest test/ectest.o -L. -lcrypto -ldl
make[2]: Leaving directory 
`
powerpc64-linux-gcc  -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG