[openssl-commits] Build failed: openssl master.466

[AppVeyor]

Build openssl master.466 failed


Commit 7a77bd9de7 by Matt Caswell on 1/15/2016 11:01 AM:

Update Windows installation instructions


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.467

[AppVeyor]

Build openssl OpenSSL_1_0_1-stable.467 completed



Commit ccfb7b4934 by Hubert Kario on 1/15/2016 11:58 AM:

clarify pkeyutl man page


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#1165 (master - 87c00c9)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1165
Status: Errored

Duration: 42 minutes and 28 seconds
Commit: 87c00c9 (master)
Author: Rich Salz
Message: Fix typo

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/7a77bd9de7d3...87c00c93c4d4

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/102638096

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  87c00c93c4d47525f1838ea7c6c544122ff0ca1a (commit)
  from  7a77bd9de7d3cdc16cfb151efe22b40eb48f1ece (commit)


- Log -
commit 87c00c93c4d47525f1838ea7c6c544122ff0ca1a
Author: Rich Salz 
Date:   Fri Jan 15 11:41:27 2016 -0500

Fix typo

Reviewed-by: Matt Caswell 

---

Summary of changes:
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index cc5a0df..bd2e52c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,7 +6,7 @@
 
   *) EGD is no longer supported by default; use enable-egd when
  configuring.
- [Ben Kaduv and Rich Salz]
+ [Ben Kaduk and Rich Salz]
 
   *) The distribution now has Makefile.in files, which are used to
  create Makefile's when Configure is run.  *Configure must be run
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Richard Levitte]

The branch master has been updated
   via  2d24b7d0d03b8986f5f4ef021a7448e30fad9fc4 (commit)
  from  9b88450ea84dc68f1c6b761dfa1e1888a5544e78 (commit)


- Log -
commit 2d24b7d0d03b8986f5f4ef021a7448e30fad9fc4
Author: Richard Levitte 
Date:   Fri Jan 15 19:31:47 2016 +0100

Consider old 1.1.0 as well

---

Summary of changes:
 Makefile | 4 
 1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index 6446582..42c8d8d 100644
--- a/Makefile
+++ b/Makefile
@@ -27,6 +27,7 @@ SRCLISTS = \
   source/old/1.0.0/index.inc \
   source/old/1.0.1/index.inc \
   source/old/1.0.2/index.inc \
+  source/old/1.1.0/index.inc \
   source/old/fips/index.inc \
 
 all: $(SIMPLE) $(SRCLISTS) manmaster
@@ -153,6 +154,9 @@ source/old/1.0.1/index.inc: $(wildcard 
source/old/1.0.1/*.gz)
 source/old/1.0.2/index.inc: $(wildcard source/old/1.0.2/*.gz)
@rm -f $@
./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@
+source/old/1.1.0/index.inc: $(wildcard source/old/1.1.0/*.gz)
+   @rm -f $@
+   ./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@
 source/old/fips/index.inc: $(wildcard source/old/fips/*.gz)
@rm -f $@
./bin/mk-filelist source/old/fips '' '*.gz' >$@
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Richard Levitte]

The branch master has been updated
   via  200883aff484ba6f67a7251ea12e5e2b8825a37b (commit)
  from  23969fc00f3730936c866797ff20beacd12db7c5 (commit)


- Log -
commit 200883aff484ba6f67a7251ea12e5e2b8825a37b
Author: Richard Levitte 
Date:   Fri Jan 15 19:38:32 2016 +0100

Title the 1.1.0 directory correctly

---

Summary of changes:
 source/old/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/old/index.html b/source/old/index.html
index 7a28a2b..058bd20 100644
--- a/source/old/index.html
+++ b/source/old/index.html
@@ -15,7 +15,7 @@
 1.0.0
 1.0.1
 1.0.2
-1.0.2
+1.1.0
 fips
   
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.470

[AppVeyor]

Build openssl master.470 failed


Commit 87c00c93c4 by Rich Salz on 1/15/2016 4:41 PM:

Fix typo


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Viktor Dukhovni]

The branch master has been updated
   via  9f9a39267f6c752af0905d77062b00671b1b60c6 (commit)
  from  87c00c93c4d47525f1838ea7c6c544122ff0ca1a (commit)


- Log -
commit 9f9a39267f6c752af0905d77062b00671b1b60c6
Author: Zi Lin 
Date:   Fri Jan 15 14:31:11 2016 -0500

NGX-2040 - fix wildcard match on punycode/IDNA DNS names

- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain

Signed-off-by: Viktor Dukhovni 
Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/x509v3/v3_utl.c |  3 ++-
 test/v3nametest.c  | 10 ++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index c9e74f4..a5058be 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -840,7 +840,8 @@ static const unsigned char *valid_star(const unsigned char 
*p, size_t len,
 state = LABEL_START;
 ++dots;
 } else if (p[i] == '-') {
-if ((state & LABEL_HYPHEN) != 0)
+/* no domain/subdomain starts with '-' */
+if ((state & LABEL_START) != 0)
 return NULL;
 state |= LABEL_HYPHEN;
 } else
diff --git a/test/v3nametest.c b/test/v3nametest.c
index 7b5c1c8..ac5c9ff 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -6,12 +6,16 @@
 static const char *const names[] = {
 "a", "b", ".", "*", "@",
 ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
+"-example.com", "example-.com",
 "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com",
 "*@example.com", "test@*.example.com", "example.com", "www.example.com",
 "test.www.example.com", "*.example.com", "*.www.example.com",
 "test.*.example.com", "www.*.com",
 ".www.example.com", "*www.example.com",
 "example.net", "xn--rger-koa.example.com",
+"*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com",
+"*.good--example.com", "www.good--example.com",
+"*.xn--bar.com", "xn--foo.xn--bar.com",
 "a.example.com", "b.example.com",
 "postmas...@example.com", "postmas...@example.com",
 "postmas...@example.com",
@@ -27,6 +31,9 @@ static const char *const exceptions[] = {
 "set CN: host: [*.www.example.com] matches [.www.example.com]",
 "set CN: host: [*www.example.com] matches [www.example.com]",
 "set CN: host: [test.www.example.com] matches [.www.example.com]",
+"set CN: host: [*.xn--rger-koa.example.com] matches 
[www.xn--rger-koa.example.com]",
+"set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
+"set CN: host: [*.good--example.com] matches [www.good--example.com]",
 "set CN: host-no-wildcards: [*.www.example.com] matches 
[.www.example.com]",
 "set CN: host-no-wildcards: [test.www.example.com] matches 
[.www.example.com]",
 "set emailAddress: email: [postmas...@example.com] does not match 
[postmas...@example.com]",
@@ -43,6 +50,9 @@ static const char *const exceptions[] = {
 "set dnsName: host: [*.www.example.com] matches [.www.example.com]",
 "set dnsName: host: [*www.example.com] matches [www.example.com]",
 "set dnsName: host: [test.www.example.com] matches [.www.example.com]",
+"set dnsName: host: [*.xn--rger-koa.example.com] matches 
[www.xn--rger-koa.example.com]",
+"set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
+"set dnsName: host: [*.good--example.com] matches [www.good--example.com]",
 "set rfc822Name: email: [postmas...@example.com] does not match 
[postmas...@example.com]",
 "set rfc822Name: email: [postmas...@example.com] does not match 
[postmas...@example.com]",
 "set rfc822Name: email: [postmas...@example.com] does not match 
[postmas...@example.com]",
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#1166 (master - 9f9a392)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1166
Status: Passed

Duration: 41 minutes and 2 seconds
Commit: 9f9a392 (master)
Author: Zi Lin
Message: NGX-2040 - fix wildcard match on punycode/IDNA DNS names

- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain

Signed-off-by: Viktor Dukhovni 
Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/87c00c93c4d4...9f9a39267f6c

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/102676237

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.471

[AppVeyor]

Build openssl master.471 failed


Commit 9f9a39267f by Zi Lin on 1/15/2016 7:46 PM:

NGX-2040 - fix wildcard match on punycode/IDNA DNS names


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit)
   via  c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (commit)
  from  9f9a39267f6c752af0905d77062b00671b1b60c6 (commit)


- Log -
commit 25be7a0feacdbd3326774f0da8aaeb966c1f57f8
Author: Dr. Stephen Henson 
Date:   Thu Jan 14 22:13:37 2016 +

free up gost ciphers

Reviewed-by: Viktor Dukhovni 

commit c864e7611f7bf0011fd0cb64b3fdfc42eb15e807
Author: Dr. Stephen Henson 
Date:   Thu Jan 14 23:56:50 2016 +

Add lookup_certs for a trusted stack.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 crypto/x509/x509_vfy.c  | 21 +
 engines/ccgost/gost_crypt.c |  8 
 engines/ccgost/gost_eng.c   |  1 +
 engines/ccgost/gost_lcl.h   |  1 +
 4 files changed, 31 insertions(+)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 972760c..48d9367 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -344,6 +344,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX 
*ctx, X509 *x)
 return 0;
 }
 
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+STACK_OF(X509) *sk = NULL;
+X509 *x;
+int i;
+for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+x = sk_X509_value(ctx->other_ctx, i);
+if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+if (sk == NULL)
+sk = sk_X509_new_null();
+if (sk == NULL || sk_X509_push(sk, x) == 0) {
+sk_X509_pop_free(sk, X509_free);
+return NULL;
+}
+X509_up_ref(x);
+}
+}
+return sk;
+}
+
 /*
  * Check a certificate chains extensions for consistency with the supplied
  * purpose
@@ -2226,6 +2246,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, 
STACK_OF(X509) *sk)
 {
 ctx->other_ctx = sk;
 ctx->get_issuer = get_issuer_sk;
+ctx->lookup_certs = lookup_certs_sk;
 }
 
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index 9c6dcc5..63009a2 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -109,6 +109,14 @@ const EVP_CIPHER *cipher_gost_cpacnt(void)
 return _hidden_gost89_cnt;
 }
 
+void cipher_gost_destroy(void)
+{
+EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
+_hidden_Gost28147_89_cipher = NULL;
+EVP_CIPHER_meth_free(_hidden_gost89_cnt);
+_hidden_gost89_cnt = NULL;
+}
+
 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
 /* Init functions which set specific parameters */
 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index bc43848..38ed25c 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -77,6 +77,7 @@ static int gost_engine_finish(ENGINE *e)
 static int gost_engine_destroy(ENGINE *e)
 {
 digest_gost_destroy();
+cipher_gost_destroy();
 imit_gost_cpa_destroy();
 
 gost_param_free();
diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index 895e2d6..61f657c 100644
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -145,6 +145,7 @@ struct ossl_gost_digest_ctx {
 /* EVP_MD structure for GOST R 34.11 */
 EVP_MD *digest_gost(void);
 void digest_gost_destroy(void);
+void cipher_gost_destroy(void);
 /* EVP_MD structure for GOST 28147 in MAC mode */
 const EVP_MD *imit_gost_cpa(void);
 void imit_gost_cpa_destroy(void);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.475

[AppVeyor]

Build openssl master.475 failed


Commit ecdd0ff733 by Rich Salz on 1/16/2016 3:47 AM:

RT4247: Fix EVP_CIPHER_CTX opaque on sparc


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.474

[AppVeyor]

Build openssl master.474 failed


Commit 25be7a0fea by Dr. Stephen Henson on 1/15/2016 10:38 PM:

free up gost ciphers


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 36

[AppVeyor]

Build openssl 36 failed


Commit 7889910d61 by Alessandro Ghedini on 1/14/2016 10:47 PM:

Make "nm" executable configurable during configure


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit)
  from  25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit)


- Log -
commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8
Author: Rich Salz 
Date:   Fri Jan 15 22:37:11 2016 -0500

RT4247: Fix EVP_CIPHER_CTX opaque on sparc

Via Rainer Jung

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 crypto/evp/e_des.c  | 2 +-
 crypto/evp/e_des3.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 5536f62..929151c 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned 
char *key,
 dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
 if (SPARC_DES_CAPABLE) {
-int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+int mode = EVP_CIPHER_CTX_mode(ctx);
 
 if (mode == EVP_CIPH_CBC_MODE) {
 des_t4_key_expand(key, >ks.ks);
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 16407e8..8b6c2b5 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
 if (SPARC_DES_CAPABLE) {
-int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+int mode = EVP_CIPHER_CTX_mode(ctx);
 
 if (mode == EVP_CIPH_CBC_MODE) {
 des_t4_key_expand([0], >ks1);
@@ -297,7 +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
 if (SPARC_DES_CAPABLE) {
-int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+int mode = EVP_CIPHER_CTX_mode(ctx);
 
 if (mode == EVP_CIPH_CBC_MODE) {
 des_t4_key_expand([0], >ks1);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.472

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.472 completed



Commit 15debc128a by Zi Lin on 1/15/2016 7:48 PM:

NGX-2040 - fix wildcard match on punycode/IDNA DNS names


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.476

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.476 completed



Commit eb2ab59867 by Mouse on 1/16/2016 3:13 AM:

pkeyutl: allow peerkey for EC_DERIVE to reside on a hardware token (public key for now)


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits