[openssl-commits] Build failed in Jenkins: 1_0_2_abi #352

2017-01-26 Thread openssl . sanity 
See 

Changes:

[Matt Caswell] crypto/evp: harden RC4_MD5 cipher.

[Matt Caswell] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

[Matt Caswell] Better check of DH parameters in TLS data

[Matt Caswell] Update CHANGES and NEWS for new release

[Matt Caswell] Prepare for 1.0.2k release

[Matt Caswell] Prepare for 1.0.2l-dev

[steve] Use correct signature algorithm list when sending or checking.

--
[...truncated 1928 lines...]
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o genrsa.o genrsa.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o gendsa.o gendsa.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o genpkey.o genpkey.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o s_server.o s_server.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o s_client.o s_client.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o speed.o speed.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o s_time.o s_time.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o apps.o apps.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o s_cb.o s_cb.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM   -c -o s_socket.o s_socket.c
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -Wa,--noexecstack -m64 -DL_ENDIAN 
-Og -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

[openssl-commits] Build completed: openssl master.7507

2017-01-26 Thread AppVeyor 


Build openssl master.7507 completed



Commit f2337ad8bd by Robert Scheck on 1/26/2017 10:21 PM:

Suggested changes by Richard Salz for PR #2300:


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options no-ec

2017-01-26 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec

Commit log since last time:

26a39fa Avoid over-long strings.  Fix a mem leak.
9cf847d Add server signature algorithm bug test.
a9669dd Use correct signature algorithm list when sending or checking.
536454e Update CHANGES and NEWS for new release
3f4bcf5 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
3e7a496 test/bntest.c: regression test for carry bug in bn_sqr8x_internal.
6f8950a Document DH_check_params()
2650515 Better check of DH parameters in TLS data
2198b3a crypto/evp: harden AEAD ciphers.
8e20499 crypto/evp: harden RC4_MD5 cipher.

Build log ended with (last 100 lines):

../../openssl/test/recipes/15-test_ec.t ... ok
../../openssl/test/recipes/15-test_ecdh.t . skipped: ec is not 
supported by this OpenSSL build
../../openssl/test/recipes/15-test_ecdsa.t  skipped: ec is not 
supported by this OpenSSL build
../../openssl/test/recipes/15-test_rsa.t .. ok
../../openssl/test/recipes/20-test_enc.t .. ok
../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. skipped: Only supported 
in no-shared builds
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... skipped: ct and ec are 
not supported by this OpenSSL build
../../openssl/test/recipes/80-test_dane.t . skipped: test_dane uses 
ec which is not supported by this OpenSSL build
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'running ssl_test 01-simple.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 126.
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 01-simple.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 92.
# Looks like you failed 1 test of 20.
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/20 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. skipped: test_dane uses

[openssl-commits] Still FAILED build of OpenSSL branch master with options no-des

2017-01-26 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

26a39fa Avoid over-long strings.  Fix a mem leak.
9cf847d Add server signature algorithm bug test.
a9669dd Use correct signature algorithm list when sending or checking.
536454e Update CHANGES and NEWS for new release
3f4bcf5 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
3e7a496 test/bntest.c: regression test for carry bug in bn_sqr8x_internal.
6f8950a Document DH_check_params()
2650515 Better check of DH parameters in TLS data
2198b3a crypto/evp: harden AEAD ciphers.
8e20499 crypto/evp: harden RC4_MD5 cipher.

Build log ended with (last 100 lines):

../../openssl/test/recipes/10-test_bn.t ... ok
../../openssl/test/recipes/10-test_exp.t .. ok
../../openssl/test/recipes/15-test_dh.t ... ok
../../openssl/test/recipes/15-test_dsa.t .. ok
../../openssl/test/recipes/15-test_ec.t ... ok
../../openssl/test/recipes/15-test_ecdh.t . ok
../../openssl/test/recipes/15-test_ecdsa.t  ok
../../openssl/test/recipes/15-test_rsa.t .. ok
../../openssl/test/recipes/20-test_enc.t .. ok
../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok

#   Failed test 'running evp_test evptests.txt'
#   at ../../openssl/test/recipes/30-test_evp.t line 18.
# Looks like you failed 1 test of 1.
../../openssl/test/recipes/30-test_evp.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. skipped: Only supported 
in no-shared builds
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... skipped: The PKCS12 
command line utility is not supported by this OpenSSL build
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t

[openssl-commits] [openssl] master update

2017-01-26 Thread Rich Salz 
The branch master has been updated
   via  26a39fa953c11c4257471570655b0193828d4721 (commit)
  from  9cf847d7056877f3d6b3f20c11ead8110eae951f (commit)


- Log -
commit 26a39fa953c11c4257471570655b0193828d4721
Author: Rich Salz 
Date:   Thu Jan 26 14:42:56 2017 -0500

Avoid over-long strings.  Fix a mem leak.

Reviewed-by: Stephen Henson 
(Merged from https://github.com/openssl/openssl/pull/2299)

---

Summary of changes:
 test/bntest.c | 98 ++-
 1 file changed, 64 insertions(+), 34 deletions(-)

diff --git a/test/bntest.c b/test/bntest.c
index 8c090ee..f9e3686 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -291,6 +291,62 @@ static int test_mod()
 return 1;
 }
 
+static const char *bn1strings[] = {
+"",
+"",
+"",
+"",
+"",
+"",
+"",
+"0000",
+"",
+"",
+"",
+"",
+"",
+"",
+"",
+"00FF",
+NULL
+};
+
+static const char *bn2strings[] = {
+"",
+"",
+"",
+"",
+"",
+"",
+"",
+"0000",
+"",
+"",
+"",
+"",
+"",
+"",
+"",
+"00FF",
+NULL
+};
+
+static char *glue(const char *list[])
+{
+size_t len = 0;
+char *p, *save;
+int i;
+
+for (i = 0; list[i] != NULL; i++)
+len += strlen(list[i]);
+p = save = OPENSSL_malloc(len + 1);
+if (p != NULL) {
+for (i = 0; list[i] != NULL; i++)
+p += strlen(strcpy(p, list[i]));
+}
+return save;
+}
+
 /*
  * Test constant-time modular exponentiation with 1024-bit inputs, which on
  * x86_64 cause a different code branch to be taken.
@@ -299,6 +355,7 @@ static int test_modexp_mont5()
 {
 BIGNUM *a, *p, *m, *d, *e, *b, *n, *c;
 BN_MONT_CTX *mont;
+char *bigstring;
 
 a = BN_new();
 p = BN_new();
@@ -347,40 +404,13 @@ static int test_modexp_mont5()
 }
 
 /* Regression test for carry bug in sqr[x]8x_mont */
-BN_hex2bn(,
-""
-""
-""
-""
-""
-""
-""
-"0000"
-""
-""
-

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2017-01-26 Thread Dr . Stephen Henson 
The branch OpenSSL_1_0_2-stable has been updated
   via  e93f7d9c9873e8e9538c0be0b0d3b6851344dd6d (commit)
  from  f24fcf291219ebb839218f5ce65b0faabdf41eb4 (commit)


- Log -
commit e93f7d9c9873e8e9538c0be0b0d3b6851344dd6d
Author: Dr. Stephen Henson 
Date:   Thu Jan 26 17:39:48 2017 +

Use correct signature algorithm list when sending or checking.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2298)

---

Summary of changes:
 ssl/s3_lib.c   |  2 +-
 ssl/s3_srvr.c  |  2 +-
 ssl/ssl_locl.h |  2 +-
 ssl/t1_lib.c   | 12 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0385e03..1014a3f 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 return (int)s->cert->ctype_num;
 }
 /* get configured sigalgs */
-siglen = tls12_get_psigalgs(s, );
+siglen = tls12_get_psigalgs(s, 1, );
 if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
 nostrict = 0;
 for (i = 0; i < siglen; i += 2, sig += 2) {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ea56f9c..e5ee384 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s)
 
 if (SSL_USE_SIGALGS(s)) {
 const unsigned char *psigs;
-nl = tls12_get_psigalgs(s, );
+nl = tls12_get_psigalgs(s, 1, );
 s2n(nl, p);
 memcpy(p, psigs, nl);
 p += nl;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d50edd1..f582d5f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, 
unsigned char *d, int len,
 long ssl_get_algorithm2(SSL *s);
 int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
 int tls1_process_sigalgs(SSL *s);
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
 int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 const unsigned char *sig, EVP_PKEY *pkey);
 void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e60c88b..5355f0e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1035,7 +1035,7 @@ static unsigned char suiteb_sigalgs[] = {
 tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
 # endif
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
 {
 /*
  * If Suite B mode use Suite B sigalgs only, ignore any other
@@ -1057,7 +1057,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char 
**psigs)
 }
 # endif
 /* If server use client authentication sigalgs if not NULL */
-if (s->server && s->cert->client_sigalgs) {
+if (s->server == sent && s->cert->client_sigalgs) {
 *psigs = s->cert->client_sigalgs;
 return s->cert->client_sigalgslen;
 } else if (s->cert->conf_sigalgs) {
@@ -1121,7 +1121,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 # endif
 
 /* Check signature matches a type we sent */
-sent_sigslen = tls12_get_psigalgs(s, _sigs);
+sent_sigslen = tls12_get_psigalgs(s, 1, _sigs);
 for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
 if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
 break;
@@ -1169,7 +1169,7 @@ void ssl_set_client_disabled(SSL *s)
  * Now go through all signature algorithms seeing if we support any for
  * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
  */
-sigalgslen = tls12_get_psigalgs(s, );
+sigalgslen = tls12_get_psigalgs(s, 1, );
 for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
 switch (sigalgs[1]) {
 # ifndef OPENSSL_NO_RSA
@@ -1440,7 +1440,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 if (SSL_CLIENT_USE_SIGALGS(s)) {
 size_t salglen;
 const unsigned char *salg;
-salglen = tls12_get_psigalgs(s, );
+salglen = tls12_get_psigalgs(s, 1, );
 
 /*-
  * check for enough space.
@@ -3803,7 +3803,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
 conf = c->conf_sigalgs;
 conflen = c->conf_sigalgslen;
 } else
-conflen = tls12_get_psigalgs(s, );
+conflen = tls12_get_psigalgs(s, 0, );
 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
 pref = conf;
 preflen = conflen;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2017-01-26 Thread Dr . Stephen Henson 
The branch OpenSSL_1_1_0-stable has been updated
   via  89d0853a7fe12d6ae79d148425717fed740ae136 (commit)
   via  3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2 (commit)
  from  fa7130eb6832bcdccb335dd0f6bb535fe9a3e868 (commit)


- Log -
commit 89d0853a7fe12d6ae79d148425717fed740ae136
Author: Dr. Stephen Henson 
Date:   Wed Jan 25 18:43:13 2017 +

Add server signature algorithm bug test.

Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2297)

commit 3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2
Author: Dr. Stephen Henson 
Date:   Thu Jan 26 17:11:14 2017 +

Use correct signature algorithm list when sending or checking.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2297)

---

Summary of changes:
 ssl/ssl_locl.h   |  2 +-
 ssl/statem/statem_srvr.c |  2 +-
 ssl/t1_lib.c | 12 +--
 test/ssl-tests/01-simple.conf| 44 
 test/ssl-tests/01-simple.conf.in |  8 
 5 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 4079b31..9a997cf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2062,7 +2062,7 @@ __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char 
*out,
  const unsigned char *psig, size_t psiglen);
 __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
 __owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char 
**psigs);
 __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey);
 void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d36d194..ad89e93 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2002,7 +2002,7 @@ int tls_construct_certificate_request(SSL *s)
 if (SSL_USE_SIGALGS(s)) {
 const unsigned char *psigs;
 unsigned char *etmp = p;
-nl = tls12_get_psigalgs(s, );
+nl = tls12_get_psigalgs(s, 1, );
 /* Skip over length for now */
 p += 2;
 nl = tls12_copy_sigalgs(s, p, psigs, nl);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1205f99..b75e568 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -711,7 +711,7 @@ static const unsigned char suiteb_sigalgs[] = {
 tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
 #endif
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
 {
 /*
  * If Suite B mode use Suite B sigalgs only, ignore any other
@@ -733,7 +733,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char 
**psigs)
 }
 #endif
 /* If server use client authentication sigalgs if not NULL */
-if (s->server && s->cert->client_sigalgs) {
+if (s->server == sent && s->cert->client_sigalgs) {
 *psigs = s->cert->client_sigalgs;
 return s->cert->client_sigalgslen;
 } else if (s->cert->conf_sigalgs) {
@@ -797,7 +797,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 #endif
 
 /* Check signature matches a type we sent */
-sent_sigslen = tls12_get_psigalgs(s, _sigs);
+sent_sigslen = tls12_get_psigalgs(s, 1, _sigs);
 for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
 if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
 break;
@@ -1189,7 +1189,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, 
unsigned char *buf,
 size_t salglen;
 const unsigned char *salg;
 unsigned char *etmp;
-salglen = tls12_get_psigalgs(s, );
+salglen = tls12_get_psigalgs(s, 1, );
 
 /*-
  * check for enough space.
@@ -3396,7 +3396,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
  * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
  * down calls to security callback only check if we have to.
  */
-sigalgslen = tls12_get_psigalgs(s, );
+sigalgslen = tls12_get_psigalgs(s, 1, );
 for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
 switch (sigalgs[1]) {
 #ifndef OPENSSL_NO_RSA
@@ -3491,7 +3491,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
 conf =

[openssl-commits] [openssl] master update

2017-01-26 Thread Dr . Stephen Henson 
The branch master has been updated
   via  9cf847d7056877f3d6b3f20c11ead8110eae951f (commit)
   via  a9669ddc64e9e383b48bfb7f802c845616d5f66e (commit)
  from  536454e53bd8ae6a9025e47a7706fa42d9dbfc2f (commit)


- Log -
commit 9cf847d7056877f3d6b3f20c11ead8110eae951f
Author: Dr. Stephen Henson 
Date:   Wed Jan 25 18:43:13 2017 +

Add server signature algorithm bug test.

Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2290)

commit a9669ddc64e9e383b48bfb7f802c845616d5f66e
Author: Dr. Stephen Henson 
Date:   Wed Jan 25 19:12:48 2017 +

Use correct signature algorithm list when sending or checking.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2290)

---

Summary of changes:
 ssl/ssl_locl.h   |  2 +-
 ssl/statem/extensions_clnt.c |  2 +-
 ssl/statem/statem_srvr.c |  2 +-
 ssl/t1_lib.c | 17 +---
 test/ssl-tests/01-simple.conf| 44 
 test/ssl-tests/01-simple.conf.in |  8 
 6 files changed, 56 insertions(+), 19 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c7e7872..39e27ea 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2188,7 +2188,7 @@ __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
   const unsigned int *psig, size_t psiglen);
 __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
 __owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs);
 __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int 
sig,
EVP_PKEY *pkey);
 void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 18f5ca3..fe00749 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -231,7 +231,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 
*x, size_t chainidx,
 if (!SSL_CLIENT_USE_SIGALGS(s))
 return 1;
 
-salglen = tls12_get_psigalgs(s, );
+salglen = tls12_get_psigalgs(s, 1, );
 if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
/* Sub-packet for sig-algs extension */
 || !WPACKET_start_sub_packet_u16(pkt)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 3bde0d6..0043b05 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2310,7 +2310,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET 
*pkt)
 
 if (SSL_USE_SIGALGS(s)) {
 const unsigned int *psigs;
-size_t nl = tls12_get_psigalgs(s, );
+size_t nl = tls12_get_psigalgs(s, 1, );
 
 if (!WPACKET_start_sub_packet_u16(pkt)
 || !tls12_copy_sigalgs(s, pkt, psigs, nl)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d59d32c..b05d148 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -773,8 +773,7 @@ static int tls_sigalg_get_sig(unsigned int sigalg)
 
 return 0;
 }
-
-size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs)
 {
 /*
  * If Suite B mode use Suite B sigalgs only, ignore any other
@@ -795,8 +794,12 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned int 
**psigs)
 return 1;
 }
 #endif
-/* If server use client authentication sigalgs if not NULL */
-if (s->server && s->cert->client_sigalgs) {
+/*
+ *  We use client_sigalgs (if not NULL) if we're a server
+ *  and sending a certificate request or if we're a client and
+ *  determining which shared algorithm to use.
+ */
+if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
 *psigs = s->cert->client_sigalgs;
 return s->cert->client_sigalgslen;
 } else if (s->cert->conf_sigalgs) {
@@ -861,7 +864,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, 
unsigned int sig,
 #endif
 
 /* Check signature matches a type we sent */
-sent_sigslen = tls12_get_psigalgs(s, _sigs);
+sent_sigslen = tls12_get_psigalgs(s, 1, _sigs);
 for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
 if (sig == *sent_sigs)
 break;
@@ -1429,7 +1432,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
  * RSA, DSA, ECDSA. Do

[openssl-commits] [openssl] OpenSSL_1_1_0d create

2017-01-26 Thread Matt Caswell 
The annotated tag OpenSSL_1_1_0d has been created
at  518c111dd059d4eefbbc4f9cbc4ea669c0063447 (tag)
   tagging  8a4d96ac8227f39043735faa9e9a30e22818f5e8 (commit)
  replaces  OpenSSL_1_1_0c
 tagged by  Matt Caswell
on  Thu Jan 26 13:10:20 2017 +

- Log -
OpenSSL 1.1.0d release tag
-BEGIN PGP SIGNATURE-

iQEuBAABCAAYBQJYifU8ERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRz7AH
/AhO//7koMSCCJ2Zj6eYhDlnIiuM1mMgoxUxKWMnEZpctydqcwWtBw6WZr/y/cfb
7U4cmbZeD/p7qOJkIuJm70RaApcnj6mXI1oxAygQhu2xbNbSVLyRLbRpHmk2ThF1
dGK7SrCc7muoblhuuQVOshTl6/tDETDXq+/OqdOJzcIoAJAUtS7PF8a4iewQNsht
+QGooTQIrak4zPNAVmUKN6fH9d5Ztdg56rbeoxqFKzaOmCanfUJ8WK3MimYVWdMp
HdeaA6KM5ZFO7yrWxXjNd6CQ0CbntQkqytW89eXDTYtoV1N3ba1gSdliLCql2ug2
CtV++IPoyXVOtyF80X25kLQ=
=EkVg
-END PGP SIGNATURE-

Andy Polyakov (11):
  PPC assembler pack: add some PPC970/G5 performance data.
  chacha/asm/chacha-x86.pl: improve [backward] portability.
  Configurations/10-main.conf: document GCC for Solaris config constraint.
  test/evptests.txt: add regression test for false carry in ctr128.c.
  modes/ctr128.c: fix false carry in counter increment procedure.
  INSTALL: clarify 386 and no-sse2 options.
  perlasm/x86_64-xlate.pl: refine sign extension in ea package.
  Replace div-spoiler hack with simpler code, GH#1027,2253.
  crypto/evp: harden RC4_MD5 cipher.
  crypto/evp: harden AEAD ciphers.
  bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

Azat Khuzhin (1):
  Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)

Beat Bolli (1):
  Use consistent variable names

Benjamin Kaduk (2):
  Restore the ERR_FATAL_ERROR() macro
  Do not overallocate for tmp.ciphers_raw

Bernd Edlinger (5):
  Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
  Check the exit code from the server process
  fix a memory leak in ssl3_generate_key_block fix the error handling in 
ssl3_change_cipher_state
  Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
  Fix error handling in compute_key, BN_CTX_get can return NULL

DK (1):
  Fixed deadlock in CRYPTO_THREAD_run_once for Windows

Davide Galassi (1):
  Avoid the call to OPENSSL_malloc with a negative value (then casted to 
unsigned)

Dmitry Belyavskiy (1):
  Typo fixed

Dr. Stephen Henson (15):
  Add conversion test for MSBLOB format.
  Make MSBLOB format work with dsa utility.
  Fix MSBLOB format with RSA.
  Support MSBLOB format if RC4 is disabled
  add CMS SHA1 signing test
  Fix ctrl operation for SHA1/MD5SHA1.
  Add RSA PSS tests
  Check input length to pkey_rsa_verify()
  Additional error tests in evp_test.c
  Add function and reason checking to evp_test
  Add RSA decrypt and OAEP tests.
  evptests.txt is not a shell script
  Remove BIO_seek/BIO_tell from evp_test.c
  Add server temp key type checks
  Add new ssl_test option.

EasySec (3):
  Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems 
not being referenced from elsewhere
  Update s_client and s_server documentation about some missing arguments
  Fix list -disabled for blake2 alg

FdaSilvaYY (5):
  Missing free item on push failure
  Raise an error on memory alloc failure.
  Clean one unused variable, plus an useless one.
  Clean dead macros and defines
  Fix use before assignment

Finn Hakansson (1):
  Fix typo.

Kazuki Yamaguchi (1):
  Add missing flags for EVP_chacha20()

Kurt Roeckx (11):
  Cast to an unsigned type before negating
  Make async_read and async_write return -1 on failure.
  Make SSL_read and SSL_write return the old behaviour and document it.
  Add missing -zdelete for some linux arches
  Only call memcpy when the length is larger than 0.
  Don't call memcpy with NULL as source
  Print the X509 version signed, and convert to unsigned for the hex 
version.
  Fix undefined behaviour when printing the X509 serial
  Fix VC warnings about unary minus to an unsigned type.
  Fix undefined behaviour when printing the X509 and CRL version
  Add missing braces.

Markus Triska (4):
  Fix reference to SSL_set_max_proto_version.
  replace "will lookup up" by "will look up"
  Correct reference to SSL_get_peer_cert_chain().
  correct 3 mistakes

Matt Caswell (26):
  Prepare for 1.1.0d-dev
  Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"
  Remove a hack from ssl_test_old
  Fix missing NULL checks in CKE processing
  Fix a missing function prototype in AFALG engine
  Ensure we are in accept state in DTLSv1_listen
  Fix a leak in SSL_clear()
  Fix the SSL_set1_sigalgs() macro
  Provide some tests for the sig algs API
  Mark a HelloRequest record as read if we ignore it
  Fix a bug in TLSProxy where zero length messages were not being

[openssl-commits] [openssl] OpenSSL_1_0_2k create

2017-01-26 Thread Matt Caswell 
The annotated tag OpenSSL_1_0_2k has been created
at  76599d516c660f785b503b6e256ecda43c3f89b4 (tag)
   tagging  081314d07705aa58912845c213a48414d8f616a9 (commit)
  replaces  OpenSSL_1_0_2j
 tagged by  Matt Caswell
on  Thu Jan 26 13:22:36 2017 +

- Log -
OpenSSL 1.0.2k release tag
-BEGIN PGP SIGNATURE-

iQEuBAABCAAYBQJYifgcERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESReOIH
/23ErvXiEDM375DOuM8k/+uAdhHxlkEUSLzOzbco25ck7z5B7TugOLw3SMNyrl39
4+6b4EHVC1PRnc6NhJ73XXbirIIFRBeeeZGdPs28Q2ZP68zOujrDVa7PX+CoQDav
x/qAKgPa9ngQW69GQb6mL1+vNyA4XVr7r6qsM2ZzVcOiStKozZ5nGjnFU99DFjvX
iT/heVZwJLaFZR54/oyT4EZBTUJv/JK52IkqH9BR/UxDpp/+UuSSCGn9j4jjpU88
DyaenkrDb4nOdncGLJ5cf2ex0tJi04sgOU6dWE+vwYY3hhv2nHJpAPZIpTf5Vr/L
dAQIjatRUuoMJXWmJiR2Apc=
=p+ix
-END PGP SIGNATURE-

Andy Polyakov (7):
  Makefile.org: clear APPS environment variable.
  bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
  modes/ctr128.c: fix false carry in counter increment procedure.
  INSTALL: clarify 386 and no-sse2 options.
  perlasm/x86_64-xlate.pl: refine sign extension in ea package.
  crypto/evp: harden RC4_MD5 cipher.
  bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

Beat Bolli (1):
  Use consistent variable names

Benjamin Kaduk (2):
  Fix grammar-o in CONTRIBUTING
  Fix a bug in clienthello processing

Bernd Edlinger (4):
  Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
  Fix error handling in SSL_CTX_new
  Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
  Fix error handling in compute_key, BN_CTX_get can return NULL

Cristian Stoica (1):
  remove redundant zero assignments

David Woodhouse (1):
  Call ENGINE_init() before trying to use keys from engine

Dr. Matthias St. Pierre (1):
  Fix leak of secrecy in ecdh_compute_key()

Dr. Stephen Henson (1):
  Check input length to pkey_rsa_verify()

FdaSilvaYY (1):
  Clean one unused variable, plus an useless one.

Finn Hakansson (1):
  Fix typo.

Kurt Cancemi (1):
  Add missing error string for SSL_R_TOO_MANY_WARN_ALERTS

Kurt Roeckx (1):
  Make SSL_read and SSL_write return the old behaviour and document it.

Markus Triska (1):
  replace "will lookup up" by "will look up"

Matt Caswell (16):
  Prepare for 1.0.2k-dev
  Fix NEWS error
  Ensure we handle len == 0 in ERR_err_string_n
  A zero return from BIO_read/BIO_write() could be retryable
  Fix a double free in ca command line
  Fix length check writing status request extension
  Ensure we have length checks for all extensions
  Implement length checks as a macro
  Fix heartbeat_test
  Fail if an unrecognised record type is received
  Add a CHANGES entry for the unrecognised record type change
  Update CHANGES and NEWS
  Revert "Fix heartbeat_test"
  Fix SSL_VERIFY_CLIENT_ONCE
  Update CHANGES and NEWS for new release
  Prepare for 1.0.2k release

Matthias Kraft (1):
  Solution proposal for issue #1647.

Orgad Shaneh (5):
  Configure: Improve incremental build time
  mklink: Do not needlessly overwrite linked files...
  domd: Do not needlessly overwrite Makefiles
  mklink: Do not needlessly overwrite linked files...
  domd: Preserve Makefile time when it is unchanged

Patrick Steuer (2):
  Fix strict-warnings build
  Fix strict-warnings build

Rich Salz (8):
  Revert "Call ENGINE_init() before trying to use keys from engine"
  RT is put out to pasture
  Correctly find all critical CRL extensions
  Fix typo (reported by Matthias St. Pierre)
  Missed a mention of RT
  Check return value of some BN functions.
  GH1986: Document -header flag.
  Add missing va_end

Richard Levitte (19):
  apps/apps.c: initialize and de-initialize engine around key loading
  Make 'openssl prime ""' not segfault
  Fix no-des
  If an engine comes up explicitely, it must also come down explicitely
  apps: make setup_engine() and release_engine() available always
  %p takes void*, so make sure to cast arguments to void*
  Add $(EX_LIBS) to the LIBDEPS for libgost.so, just as for all other 
engines
  Secure our notification email.
  Clarify what X509_NAME_online does with the given buffer and size
  UI code style cleanup
  Remove extra bang
  VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
  UI_OpenSSL()'s session opener fails on MacOS X
  Make 'err' lable in ssl_cert_dup unconditional
  Fix ssl_cert_dup: change one 'return NULL' to 'goto err'
  M_check_autoarg: sanity check the key
  Reformat M_check_autoarg to match our coding style
  Fix DSA parameter generation control error
  Better check of DH parameters in TLS data

Steven Fackler (1):
  Fix signatures of EVP_Digest{Sign,Verify}Update

Vitezslav Cizek (2):
  Degrade 3DES to

[openssl-commits] [web] master update

2017-01-26 Thread Matt Caswell 
The branch master has been updated
   via  895849e51989857491d7a0f817585b52d55f5fa7 (commit)
   via  ccce450786377de0859518403f22be655bc48687 (commit)
   via  e280d47ec748c8386e2cd88460b6b5235954a1fe (commit)
  from  8962398f72a4c4c04caf80069dcc59cb7a544c48 (commit)


- Log -
commit 895849e51989857491d7a0f817585b52d55f5fa7
Author: Matt Caswell <m...@openssl.org>
Date:   Thu Jan 26 13:44:13 2017 +

Update vulnerabilities.xml for new release

commit ccce450786377de0859518403f22be655bc48687
Author: Matt Caswell <m...@openssl.org>
Date:   Thu Jan 26 13:33:26 2017 +

Add security advisory for new release

commit e280d47ec748c8386e2cd88460b6b5235954a1fe
Author: Matt Caswell <m...@openssl.org>
Date:   Thu Jan 26 13:32:33 2017 +

Update newsflash for new release

---

Summary of changes:
 news/newsflash.txt   |  2 +
 news/secadv/20170126.txt | 97 
 news/vulnerabilities.xml | 93 +-
 3 files changed, 191 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20170126.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 525a960..35c30de 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+26-Sep-2017: OpenSSL 1.1.0d is now available, including bug and security fixes
+26-Sep-2017: OpenSSL 1.0.2k is now available, including bug and security fixes
 23-Jan-2017: OpenSSL 1.1.0d, 1.0.2k https://mta.openssl.org/pipermail/openssl-announce/2017-January/91.html;>security
 release due on 26th January 2017
 02-Jan-2017: The OpenSSL 1.0.1 series of releases are now out of support. 
Please upgrade to 1.1.0 or 1.0.2.
 10-Nov-2016: Security Advisory: 
several security fixes
diff --git a/news/secadv/20170126.txt b/news/secadv/20170126.txt
new file mode 100644
index 000..5f69359
--- /dev/null
+++ b/news/secadv/20170126.txt
@@ -0,0 +1,97 @@
+
+OpenSSL Security Advisory [26 Jan 2017]
+
+
+Truncated packet could crash via OOB read (CVE-2017-3731)
+=
+
+Severity: Moderate
+
+If an SSL/TLS server or client is running on a 32-bit host, and a specific
+cipher is being used, then a truncated packet can cause that server or client
+to perform an out-of-bounds read, usually resulting in a crash.
+
+For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
+users should upgrade to 1.1.0d
+
+For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who 
have
+not disabled that algorithm should update to 1.0.2k
+
+This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of
+Google. The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+===
+
+Severity: Moderate
+
+If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
+then this can result in the client attempting to dereference a NULL pointer
+leading to a client crash. This could be exploited in a Denial of Service
+attack.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0d
+
+This issue does not affect OpenSSL version 1.0.2.
+
+Note that this issue was fixed prior to it being recognised as a security
+concern. This means the git commit with the fix does not contain the CVE
+identifier. The relevant fix commit can be identified by commit hash efbe126e3.
+
+This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The
+fix was developed by Matt Caswell of the OpenSSL development team.
+
+BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+==
+
+Severity: Moderate
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure. 
No
+EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+as a result of this defect would be very difficult to perform and are not
+believed likely. Attacks against DH are considered just feasible (although very
+difficult) because most of the work necessary to deduce information
+about a private key may be performed offline. The amount of resources
+required for such an attack would be very significant and likely only
+accessible to a limited number of attackers. An attacker would
+additionally need online access to an unpatched system using the target
+private key in a scenario with persistent DH parameters and a private
+key that is shared between multiple clients. For example this can occur by
+default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+sim

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2017-01-26 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  f24fcf291219ebb839218f5ce65b0faabdf41eb4 (commit)
   via  081314d07705aa58912845c213a48414d8f616a9 (commit)
   via  06f87e9685bb2faa033f682aa66b70059e398f71 (commit)
   via  918d8eadb35746456fd1a9d4e219c63ff706173e (commit)
   via  760d04342a495ee86bf5adc71a91d126af64397f (commit)
   via  51d009043670a627d6abe66894126851cf3690e9 (commit)
  from  8957adda165f77589090627d6563796331c0c94b (commit)


- Log -
commit f24fcf291219ebb839218f5ce65b0faabdf41eb4
Author: Matt Caswell 
Date:   Thu Jan 26 13:23:37 2017 +

Prepare for 1.0.2l-dev

Reviewed-by: Richard Levitte 

commit 081314d07705aa58912845c213a48414d8f616a9
Author: Matt Caswell 
Date:   Thu Jan 26 13:22:36 2017 +

Prepare for 1.0.2k release

Reviewed-by: Richard Levitte 

commit 06f87e9685bb2faa033f682aa66b70059e398f71
Author: Matt Caswell 
Date:   Tue Jan 24 16:34:40 2017 +

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte 

commit 918d8eadb35746456fd1a9d4e219c63ff706173e
Author: Richard Levitte 
Date:   Thu Jan 26 11:47:36 2017 +0100

Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check
as follows:

check that p is odd
check that 1 < g < p - 1

Reviewed-by: Matt Caswell 

commit 760d04342a495ee86bf5adc71a91d126af64397f
Author: Andy Polyakov 
Date:   Sat Jan 21 21:30:49 2017 +0100

bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

CVE-2017-3732

Reviewed-by: Rich Salz 

commit 51d009043670a627d6abe66894126851cf3690e9
Author: Andy Polyakov 
Date:   Thu Jan 19 00:17:30 2017 +0100

crypto/evp: harden RC4_MD5 cipher.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   | 36 ++-
 NEWS  |  8 +++-
 README|  2 +-
 crypto/bn/asm/x86_64-mont5.pl | 16 +++-
 crypto/evp/e_rc4_hmac_md5.c   |  2 ++
 crypto/opensslv.h |  6 +++---
 openssl.spec  |  2 +-
 ssl/s3_clnt.c | 44 ---
 8 files changed, 89 insertions(+), 27 deletions(-)

diff --git a/CHANGES b/CHANGES
index 15c9277..1c5c288 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,41 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.0.2j and 1.0.2k [xx XXX ]
+ Changes between 1.0.2k and 1.0.2l [xx XXX ]
+
+  *)
+
+ Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
+
+  *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS path is running on a 32-bit host and a specific
+ cipher is being used, then a truncated packet can cause that host to
+ perform an out-of-bounds read, usually resulting in a crash.
+
+ This issue was reported to OpenSSL by Robert Święcki of Google.
+ (CVE-2017-3731)
+ [Andy Polyakov]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered 
just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The 
amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is 
very
+ similar to CVE-2015-3193 but must be treated as a separate problem.
+
+ This issue was

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2017-01-26 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  fa7130eb6832bcdccb335dd0f6bb535fe9a3e868 (commit)
   via  8a4d96ac8227f39043735faa9e9a30e22818f5e8 (commit)
   via  09272c56f14bcce1ae15bd902ab395a8fc71deee (commit)
   via  a59b90bf491410f1f2bc4540cc21f1980fd14c5b (commit)
   via  20b69f66f72e1bf76a77ca075b7d6854db25eae4 (commit)
   via  a39aa18644d3338087a827c6555b18bc857346fe (commit)
   via  00d965474b22b54e4275232bc71ee0c699c5cd21 (commit)
   via  f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0 (commit)
  from  b8552dc80a611083754493283e72d51f3015753a (commit)


- Log -
commit fa7130eb6832bcdccb335dd0f6bb535fe9a3e868
Author: Matt Caswell 
Date:   Thu Jan 26 13:11:26 2017 +

Prepare for 1.1.0e-dev

Reviewed-by: Richard Levitte 

commit 8a4d96ac8227f39043735faa9e9a30e22818f5e8
Author: Matt Caswell 
Date:   Thu Jan 26 13:10:20 2017 +

Prepare for 1.1.0d release

Reviewed-by: Richard Levitte 

commit 09272c56f14bcce1ae15bd902ab395a8fc71deee
Author: Matt Caswell 
Date:   Tue Jan 24 16:34:40 2017 +

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte 

commit a59b90bf491410f1f2bc4540cc21f1980fd14c5b
Author: Andy Polyakov 
Date:   Sat Jan 21 21:30:49 2017 +0100

bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

CVE-2017-3732

Reviewed-by: Rich Salz 

commit 20b69f66f72e1bf76a77ca075b7d6854db25eae4
Author: Richard Levitte 
Date:   Sun Jan 15 18:20:49 2017 +0100

Document DH_check_params()

Reviewed-by: Viktor Dukhovni 

commit a39aa18644d3338087a827c6555b18bc857346fe
Author: Richard Levitte 
Date:   Fri Dec 30 21:57:28 2016 +0100

Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

check that p is odd
check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni 

commit 00d965474b22b54e4275232bc71ee0c699c5cd21
Author: Andy Polyakov 
Date:   Thu Jan 19 00:20:49 2017 +0100

crypto/evp: harden AEAD ciphers.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz 

commit f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
Author: Andy Polyakov 
Date:   Thu Jan 19 00:17:30 2017 +0100

crypto/evp: harden RC4_MD5 cipher.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   | 45 ++-
 NEWS  |  8 ++-
 README|  2 +-
 crypto/bn/asm/x86_64-mont5.pl | 16 ++---
 crypto/dh/dh_check.c  | 40 +++
 crypto/evp/e_aes.c| 14 +--
 crypto/evp/e_chacha20_poly1305.c  |  5 ++--
 crypto/evp/e_rc4_hmac_md5.c   |  2 ++
 doc/crypto/DH_generate_parameters.pod | 34 ++
 include/openssl/dh.h  |  1 +
 include/openssl/opensslv.h|  6 ++---
 ssl/statem/statem_clnt.c  | 11 -
 util/libcrypto.num|  1 +
 13 files changed, 161 insertions(+), 24 deletions(-)

diff --git a/CHANGES b/CHANGES
index e8b890d..d516e2c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,53 @@
  OpenSSL CHANGES
  ___
 
- Changes between 1.1.0c and 1.1.0d [xx XXX ]
+ Changes between 1.1.0d and 1.1.0e [xx XXX ]
 
   *)
 
+ Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
+
+  *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS

[openssl-commits] [openssl] master update

2017-01-26 Thread Matt Caswell 
The branch master has been updated
   via  536454e53bd8ae6a9025e47a7706fa42d9dbfc2f (commit)
   via  3f4bcf5bb664b47ed369a70b99fac4e0ad141bb3 (commit)
   via  3e7a496307ab1174c1f8f64eed4454c1c9cde1a8 (commit)
   via  6f8950a3cc466a7e2660dd9d7c8e9d11f47643ed (commit)
   via  2650515394537ad30110f322e56d3afe710d0886 (commit)
   via  2198b3a55de681e1f3c23edb0586afe13f438051 (commit)
   via  8e20499629b6bcf868d0072c7011e590b5c2294d (commit)
  from  f0deb4d352774491919f1b1ba861014659651d66 (commit)


- Log -
commit 536454e53bd8ae6a9025e47a7706fa42d9dbfc2f
Author: Matt Caswell 
Date:   Tue Jan 24 16:44:30 2017 +

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte 

commit 3f4bcf5bb664b47ed369a70b99fac4e0ad141bb3
Author: Andy Polyakov 
Date:   Sat Jan 21 21:30:49 2017 +0100

bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

CVE-2017-3732

Reviewed-by: Rich Salz 

commit 3e7a496307ab1174c1f8f64eed4454c1c9cde1a8
Author: Andy Polyakov 
Date:   Sat Jan 21 21:28:18 2017 +0100

test/bntest.c: regression test for carry bug in bn_sqr8x_internal.

Reviewed-by: Rich Salz 

commit 6f8950a3cc466a7e2660dd9d7c8e9d11f47643ed
Author: Richard Levitte 
Date:   Sun Jan 15 18:20:49 2017 +0100

Document DH_check_params()

Reviewed-by: Viktor Dukhovni 

commit 2650515394537ad30110f322e56d3afe710d0886
Author: Richard Levitte 
Date:   Fri Dec 30 21:57:28 2016 +0100

Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

check that p is odd
check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni 

commit 2198b3a55de681e1f3c23edb0586afe13f438051
Author: Andy Polyakov 
Date:   Thu Jan 19 00:20:49 2017 +0100

crypto/evp: harden AEAD ciphers.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz 

commit 8e20499629b6bcf868d0072c7011e590b5c2294d
Author: Andy Polyakov 
Date:   Thu Jan 19 00:17:30 2017 +0100

crypto/evp: harden RC4_MD5 cipher.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES | 45 -
 NEWS| 11 -
 crypto/bn/asm/x86_64-mont5.pl   | 16 ++---
 crypto/dh/dh_check.c| 40 +
 crypto/evp/e_aes.c  | 14 ++--
 crypto/evp/e_chacha20_poly1305.c|  5 +++--
 crypto/evp/e_rc4_hmac_md5.c |  2 ++
 doc/man3/DH_generate_parameters.pod | 32 +++---
 include/openssl/dh.h|  1 +
 ssl/statem/statem_clnt.c| 11 -
 test/bntest.c   | 45 +
 util/libcrypto.num  |  1 +
 12 files changed, 204 insertions(+), 19 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0916a27..8b817e3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,7 +21,50 @@
   *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
  [Emilia Käsper]
 
- Changes between 1.1.0b and 1.1.0c [xx XXX ]
+ Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
+
+  *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS path is running on a 32-bit host and a specific
+ cipher is being used, then a truncated packet can cause that host to
+ perform an out-of-bounds read, usually resulting in a crash.
+
+ This issue was reported to OpenSSL by Robert Święcki of Google.
+ (CVE-2017-3731)
+ [Andy

[openssl-commits] Errored: openssl/openssl#8106 (OpenSSL_1_1_0-stable - b8552dc)

2017-01-26 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #8106
Status: Errored

Duration: 1 hour, 1 minute, and 20 seconds
Commit: b8552dc (OpenSSL_1_1_0-stable)
Author: Matt Caswell
Message: Remove assert from is_partially_overlapping()

This function is used to validate application supplied parameters. An
assert should be used to check for an error that is internal to OpenSSL.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2275)
(cherry picked from commit b153f0921bea38127de0b9440b0487db3004330d)

View the changeset: 
https://github.com/openssl/openssl/compare/07cd2f84d148...b8552dc80a61

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/195207588

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#8105 (master - b153f09)

2017-01-26 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #8105
Status: Broken

Duration: 29 minutes and 57 seconds
Commit: b153f09 (master)
Author: Matt Caswell
Message: Remove assert from is_partially_overlapping()

This function is used to validate application supplied parameters. An
assert should be used to check for an error that is internal to OpenSSL.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2275)

View the changeset: 
https://github.com/openssl/openssl/compare/5ee289eaf6fa...b153f0921bea

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/195207467

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.7473

2017-01-26 Thread AppVeyor 


Build openssl master.7473 completed



Commit f10a2fe28e by Rich Salz on 1/25/2017 7:01 PM:

More build variant fixups


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.7472

2017-01-26 Thread AppVeyor 



Build openssl master.7472 failed


Commit e729c9deaf by Cory Benfield on 1/25/2017 9:19 PM:

Test TLSv1.3 logging functionality.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.7471

2017-01-26 Thread AppVeyor 



Build openssl master.7471 failed


Commit 1dd419bc35 by Cory Benfield on 1/25/2017 9:19 PM:

Test TLSv1.3 logging functionality.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : master_noec #1117

2017-01-26 Thread openssl . sanity 
See 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : master_make_errors #2117

2017-01-26 Thread openssl . sanity 
See 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#8097 (master - 0fe2a0a)

2017-01-26 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #8097
Status: Passed

Duration: 1 hour, 2 minutes, and 55 seconds
Commit: 0fe2a0a (master)
Author: FdaSilvaYY
Message: Fix a few double ;

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/1618)

View the changeset: 
https://github.com/openssl/openssl/compare/ec2a0e60652c...0fe2a0af8976

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/195107543

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#8094 (OpenSSL_1_1_0-stable - 07cd2f8)

2017-01-26 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #8094
Status: Errored

Duration: 1 hour, 2 minutes, and 39 seconds
Commit: 07cd2f8 (OpenSSL_1_1_0-stable)
Author: Richard Levitte
Message: s_client: Better response success check for CONNECT

Instead of looking for "200" and "established" (and failing all other
2xx responses or "Established"), let's look for a line that's not a
header (i.e. doesn't contain a ':') and where the first space is
followed by a '2'.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1664)
(cherry picked from commit ec2a0e60652c0e61e90dde367756c5d92cd882d3)

View the changeset: 
https://github.com/openssl/openssl/compare/0e3200b59d2d...07cd2f84d148

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/195008363

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits