[openssl-commits] Build failed: openssl master.466
Build openssl master.466 failed Commit 7a77bd9de7 by Matt Caswell on 1/15/2016 11:01 AM: Update Windows installation instructions Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.467
Build openssl OpenSSL_1_0_1-stable.467 completed Commit ccfb7b4934 by Hubert Kario on 1/15/2016 11:58 AM: clarify pkeyutl man page Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#1165 (master - 87c00c9)
Build Update for openssl/openssl - Build: #1165 Status: Errored Duration: 42 minutes and 28 seconds Commit: 87c00c9 (master) Author: Rich Salz Message: Fix typo Reviewed-by: Matt CaswellView the changeset: https://github.com/openssl/openssl/compare/7a77bd9de7d3...87c00c93c4d4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/102638096 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 87c00c93c4d47525f1838ea7c6c544122ff0ca1a (commit) from 7a77bd9de7d3cdc16cfb151efe22b40eb48f1ece (commit) - Log - commit 87c00c93c4d47525f1838ea7c6c544122ff0ca1a Author: Rich SalzDate: Fri Jan 15 11:41:27 2016 -0500 Fix typo Reviewed-by: Matt Caswell --- Summary of changes: CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cc5a0df..bd2e52c 100644 --- a/CHANGES +++ b/CHANGES @@ -6,7 +6,7 @@ *) EGD is no longer supported by default; use enable-egd when configuring. - [Ben Kaduv and Rich Salz] + [Ben Kaduk and Rich Salz] *) The distribution now has Makefile.in files, which are used to create Makefile's when Configure is run. *Configure must be run _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2d24b7d0d03b8986f5f4ef021a7448e30fad9fc4 (commit) from 9b88450ea84dc68f1c6b761dfa1e1888a5544e78 (commit) - Log - commit 2d24b7d0d03b8986f5f4ef021a7448e30fad9fc4 Author: Richard LevitteDate: Fri Jan 15 19:31:47 2016 +0100 Consider old 1.1.0 as well --- Summary of changes: Makefile | 4 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 6446582..42c8d8d 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,7 @@ SRCLISTS = \ source/old/1.0.0/index.inc \ source/old/1.0.1/index.inc \ source/old/1.0.2/index.inc \ + source/old/1.1.0/index.inc \ source/old/fips/index.inc \ all: $(SIMPLE) $(SRCLISTS) manmaster @@ -153,6 +154,9 @@ source/old/1.0.1/index.inc: $(wildcard source/old/1.0.1/*.gz) source/old/1.0.2/index.inc: $(wildcard source/old/1.0.2/*.gz) @rm -f $@ ./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@ +source/old/1.1.0/index.inc: $(wildcard source/old/1.1.0/*.gz) + @rm -f $@ + ./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@ source/old/fips/index.inc: $(wildcard source/old/fips/*.gz) @rm -f $@ ./bin/mk-filelist source/old/fips '' '*.gz' >$@ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 200883aff484ba6f67a7251ea12e5e2b8825a37b (commit) from 23969fc00f3730936c866797ff20beacd12db7c5 (commit) - Log - commit 200883aff484ba6f67a7251ea12e5e2b8825a37b Author: Richard LevitteDate: Fri Jan 15 19:38:32 2016 +0100 Title the 1.1.0 directory correctly --- Summary of changes: source/old/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/old/index.html b/source/old/index.html index 7a28a2b..058bd20 100644 --- a/source/old/index.html +++ b/source/old/index.html @@ -15,7 +15,7 @@ 1.0.0 1.0.1 1.0.2 -1.0.2 +1.1.0 fips _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.470
Build openssl master.470 failed Commit 87c00c93c4 by Rich Salz on 1/15/2016 4:41 PM: Fix typo Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9f9a39267f6c752af0905d77062b00671b1b60c6 (commit) from 87c00c93c4d47525f1838ea7c6c544122ff0ca1a (commit) - Log - commit 9f9a39267f6c752af0905d77062b00671b1b60c6 Author: Zi LinDate: Fri Jan 15 14:31:11 2016 -0500 NGX-2040 - fix wildcard match on punycode/IDNA DNS names - bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain Signed-off-by: Viktor Dukhovni Reviewed-by: Rich Salz --- Summary of changes: crypto/x509v3/v3_utl.c | 3 ++- test/v3nametest.c | 10 ++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index c9e74f4..a5058be 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -840,7 +840,8 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, state = LABEL_START; ++dots; } else if (p[i] == '-') { -if ((state & LABEL_HYPHEN) != 0) +/* no domain/subdomain starts with '-' */ +if ((state & LABEL_START) != 0) return NULL; state |= LABEL_HYPHEN; } else diff --git a/test/v3nametest.c b/test/v3nametest.c index 7b5c1c8..ac5c9ff 100644 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -6,12 +6,16 @@ static const char *const names[] = { "a", "b", ".", "*", "@", ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", +"-example.com", "example-.com", "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com", "*@example.com", "test@*.example.com", "example.com", "www.example.com", "test.www.example.com", "*.example.com", "*.www.example.com", "test.*.example.com", "www.*.com", ".www.example.com", "*www.example.com", "example.net", "xn--rger-koa.example.com", +"*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com", +"*.good--example.com", "www.good--example.com", +"*.xn--bar.com", "xn--foo.xn--bar.com", "a.example.com", "b.example.com", "postmas...@example.com", "postmas...@example.com", "postmas...@example.com", @@ -27,6 +31,9 @@ static const char *const exceptions[] = { "set CN: host: [*.www.example.com] matches [.www.example.com]", "set CN: host: [*www.example.com] matches [www.example.com]", "set CN: host: [test.www.example.com] matches [.www.example.com]", +"set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", +"set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", +"set CN: host: [*.good--example.com] matches [www.good--example.com]", "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", "set emailAddress: email: [postmas...@example.com] does not match [postmas...@example.com]", @@ -43,6 +50,9 @@ static const char *const exceptions[] = { "set dnsName: host: [*.www.example.com] matches [.www.example.com]", "set dnsName: host: [*www.example.com] matches [www.example.com]", "set dnsName: host: [test.www.example.com] matches [.www.example.com]", +"set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", +"set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", +"set dnsName: host: [*.good--example.com] matches [www.good--example.com]", "set rfc822Name: email: [postmas...@example.com] does not match [postmas...@example.com]", "set rfc822Name: email: [postmas...@example.com] does not match [postmas...@example.com]", "set rfc822Name: email: [postmas...@example.com] does not match [postmas...@example.com]", _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#1166 (master - 9f9a392)
Build Update for openssl/openssl - Build: #1166 Status: Passed Duration: 41 minutes and 2 seconds Commit: 9f9a392 (master) Author: Zi Lin Message: NGX-2040 - fix wildcard match on punycode/IDNA DNS names - bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain Signed-off-by: Viktor DukhovniReviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/87c00c93c4d4...9f9a39267f6c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/102676237 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.471
Build openssl master.471 failed Commit 9f9a39267f by Zi Lin on 1/15/2016 7:46 PM: NGX-2040 - fix wildcard match on punycode/IDNA DNS names Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit) via c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (commit) from 9f9a39267f6c752af0905d77062b00671b1b60c6 (commit) - Log - commit 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 Author: Dr. Stephen HensonDate: Thu Jan 14 22:13:37 2016 + free up gost ciphers Reviewed-by: Viktor Dukhovni commit c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 Author: Dr. Stephen Henson Date: Thu Jan 14 23:56:50 2016 + Add lookup_certs for a trusted stack. Reviewed-by: Viktor Dukhovni --- Summary of changes: crypto/x509/x509_vfy.c | 21 + engines/ccgost/gost_crypt.c | 8 engines/ccgost/gost_eng.c | 1 + engines/ccgost/gost_lcl.h | 1 + 4 files changed, 31 insertions(+) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 972760c..48d9367 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -344,6 +344,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; } +static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) +{ +STACK_OF(X509) *sk = NULL; +X509 *x; +int i; +for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { +x = sk_X509_value(ctx->other_ctx, i); +if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { +if (sk == NULL) +sk = sk_X509_new_null(); +if (sk == NULL || sk_X509_push(sk, x) == 0) { +sk_X509_pop_free(sk, X509_free); +return NULL; +} +X509_up_ref(x); +} +} +return sk; +} + /* * Check a certificate chains extensions for consistency with the supplied * purpose @@ -2226,6 +2246,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { ctx->other_ctx = sk; ctx->get_issuer = get_issuer_sk; +ctx->lookup_certs = lookup_certs_sk; } void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index 9c6dcc5..63009a2 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -109,6 +109,14 @@ const EVP_CIPHER *cipher_gost_cpacnt(void) return _hidden_gost89_cnt; } +void cipher_gost_destroy(void) +{ +EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher); +_hidden_Gost28147_89_cipher = NULL; +EVP_CIPHER_meth_free(_hidden_gost89_cnt); +_hidden_gost89_cnt = NULL; +} + /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */ /* Init functions which set specific parameters */ static int gost_imit_init_cpa(EVP_MD_CTX *ctx); diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index bc43848..38ed25c 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -77,6 +77,7 @@ static int gost_engine_finish(ENGINE *e) static int gost_engine_destroy(ENGINE *e) { digest_gost_destroy(); +cipher_gost_destroy(); imit_gost_cpa_destroy(); gost_param_free(); diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h index 895e2d6..61f657c 100644 --- a/engines/ccgost/gost_lcl.h +++ b/engines/ccgost/gost_lcl.h @@ -145,6 +145,7 @@ struct ossl_gost_digest_ctx { /* EVP_MD structure for GOST R 34.11 */ EVP_MD *digest_gost(void); void digest_gost_destroy(void); +void cipher_gost_destroy(void); /* EVP_MD structure for GOST 28147 in MAC mode */ const EVP_MD *imit_gost_cpa(void); void imit_gost_cpa_destroy(void); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.475
Build openssl master.475 failed Commit ecdd0ff733 by Rich Salz on 1/16/2016 3:47 AM: RT4247: Fix EVP_CIPHER_CTX opaque on sparc Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.474
Build openssl master.474 failed Commit 25be7a0fea by Dr. Stephen Henson on 1/15/2016 10:38 PM: free up gost ciphers Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 36
Build openssl 36 failed Commit 7889910d61 by Alessandro Ghedini on 1/14/2016 10:47 PM: Make "nm" executable configurable during configure Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit) from 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit) - Log - commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8 Author: Rich SalzDate: Fri Jan 15 22:37:11 2016 -0500 RT4247: Fix EVP_CIPHER_CTX opaque on sparc Via Rainer Jung Reviewed-by: Dr. Stephen Henson --- Summary of changes: crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 5536f62..929151c 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(key, >ks.ks); diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 16407e8..8b6c2b5 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand([0], >ks1); @@ -297,7 +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand([0], >ks1); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.472
Build openssl OpenSSL_1_0_2-stable.472 completed Commit 15debc128a by Zi Lin on 1/15/2016 7:48 PM: NGX-2040 - fix wildcard match on punycode/IDNA DNS names Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.476
Build openssl OpenSSL_1_0_2-stable.476 completed Commit eb2ab59867 by Mouse on 1/16/2016 3:13 AM: pkeyutl: allow peerkey for EC_DERIVE to reside on a hardware token (public key for now) Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits