[openssl-commits] Fixed: openssl/openssl#8561 (OpenSSL_1_1_0-stable - 19d5e48)
Build Update for openssl/openssl - Build: #8561 Status: Fixed Duration: 1 hour, 20 minutes, and 38 seconds Commit: 19d5e48 (OpenSSL_1_1_0-stable) Author: FdaSilvaYY Message: Fix a few typos Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2571) (cherry picked from commit 7e12cdb52e3f4beff050caeecf3634870bb9a7c4) View the changeset: https://github.com/openssl/openssl/compare/07bc93f479bb...19d5e48d6d56 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201654622 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.7928
Build openssl OpenSSL_1_0_2-stable.7928 completed Commit adc5447609 by Bernd Edlinger on 2/16/2017 9:13 AM: Cleanup *.S files. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0e create
The annotated tag OpenSSL_1_1_0e has been created at 7f5c1afcd8d5584422139fb0db7e09d6c07dd7c6 (tag) tagging 0453163e9a9052884cce288ff3e2acb77725a239 (commit) replaces OpenSSL_1_1_0d tagged by Matt Caswell on Thu Feb 16 11:58:19 2017 + - Log - OpenSSL 1.1.0e release tag -BEGIN PGP SIGNATURE- iQEuBAABCAAYBQJYpZPbERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESR5H4H /jlPmy7RlxEoqdytRmRemnqtYz7kkbJ/lTeiP00G/bHukcLABMPcA8PEkljQ+XTf JoZOcYfZNCOPVPHAy6/+czoV0sihhWhlTobOgsEgzYrOLI4nNuRi5UBdjEW+8WAm lIuBdu6b6mRXH44xOmbn4nqO+8steC9hQkcxC062tzmUNszVoInGPrkcbe6qZwCb NtcHElfwynx29IwjFiPlRcSZsTtoq9Fc3NKLJ+9ruTPjehArs26u93yGP5zg6onn RlLk/D4NEVzMzp08+IeTxa1kxP0wzj6w3HAf8SAW6o1AG6Fny53vZKuLBPp+JAnZ RAEMAqs/DXQlI7rWD2vrR88= =EAB4 -END PGP SIGNATURE- Andrea Grandi (3): Add test to show wrong behavior of ASYNC_WAIT_CTX Remove fd from the list when the engine clears the wait context before pause Further improvements to ASYNC_WAIT_CTX_clear_fd Andy Polyakov (2): ARMv4 assembly pack: harmonize Thumb-ification of iOS build. crypto/armcap.c: short-circuit processor capability probe in iOS builds. Bernd Edlinger (6): remove test/.rnd on make clean Combined patch against OpenSSL_1_1_0-stable branch for the following issues: Fix a crash with malformed user notice policy numbers Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. Rework error handling of custom_ext_meth_add towards strong exception safety. Darren Tucker (1): DES keys are not 7 days long. David Benjamin (1): Don't read uninitialised data for short session IDs. Dmitry Kostjuchenko (4): Compile fix on platforms with missing pthread_rwlock_t. Corrections according the review comments. Removed tab spaces. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit 5d5eed4456ebc035893eedbcc4e32a9d065cecb3) Grouped data declarations [skip ci] Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit bc1dba209533f2033a4de0d93380fc0f485e6f7e) Dr. Stephen Henson (3): Use correct signature algorithm list when sending or checking. Add server signature algorithm bug test. Make -xcert work again. Emilia Kasper (1): Travis: run on Trusty with clang 3.9 (1.1.0 branch) FdaSilvaYY (1): Fix a few typos Geoff Thorpe (3): bn: fix BN_DEBUG + BN_DEBUG_RAND support bn: catch negative zero as an error bn: fix occurances of negative zero Guido Vranken (2): Prevent allocations of size 0 in sh_init. Remove obsolete comment Kazuki Yamaguchi (1): Properly zero cipher_data for ChaCha20-Poly1305 on cleanup Lukasz Pawelczyk (1): Restore EVP_CIPH_FLAG_LENGTH_BITS working properly Matt Caswell (7): Prepare for 1.1.0e-dev Fix a typo in the X509_get0_subject_key_id() documentation Provide a test for the Encrypt-Then-Mac renegotiation crash Don't change the state of the ETM flags until CCS processing Remove an OPENSSL_assert() and replace with a soft assert and check Update CHANGES and NEWS for new release Prepare for 1.1.0e release Pauli (1): Remove unused variable Rich Salz (4): Doc fix Fix parsing of serial# in req Centralize documentation about config file location Add no-ec build Richard Levitte (8): Correct pointer to be freed X509_CRL_digest() - ensure precomputed sha1 hash before returning it Document what EXFLAG_SET is for in x509v3.h Add a couple of test to check CRL fingerprint test/evp_test.c: If no algorithm was specified, don't try to check for DES Fix faulty free bn: fix occurance of negative zero in BN_rshift1() test_rehash does nothing, have it do something Todd Short (1): Majority rules, use session_ctx vs initial_ctx Yuchi (1): mem leak on error path and error propagation fix --- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via ffb1e659b2546cb704ef56ae01176b9062ef1c6f (commit) via 0453163e9a9052884cce288ff3e2acb77725a239 (commit) via aed24635b8c3a0635448c90ebee6eb2447be4a66 (commit) via 60747ea22f8b25b2a7e54e7fe4ad47dfe8f93383 (commit) via 4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 (commit) via 9c5a691d578a4debfd6ecacc030a85900906bf0d (commit) from 3bdc1dc8fcc97a8945ddbc2748e7059207ea3914 (commit) - Log - commit ffb1e659b2546cb704ef56ae01176b9062ef1c6f Author: Matt Caswell Date: Thu Feb 16 11:59:36 2017 + Prepare for 1.1.0f-dev Reviewed-by: Richard Levitte commit 0453163e9a9052884cce288ff3e2acb77725a239 Author: Matt Caswell Date: Thu Feb 16 11:58:19 2017 + Prepare for 1.1.0e release Reviewed-by: Richard Levitte commit aed24635b8c3a0635448c90ebee6eb2447be4a66 Author: Matt Caswell Date: Thu Feb 16 09:51:56 2017 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte commit 60747ea22f8b25b2a7e54e7fe4ad47dfe8f93383 Author: Matt Caswell Date: Fri Feb 3 14:54:43 2017 + Remove an OPENSSL_assert() and replace with a soft assert and check Following on from CVE-2017-3733, this removes the OPENSSL_assert() check that failed and replaces it with a soft assert, and an explicit check of value with an error return if it fails. Reviewed-by: Richard Levitte commit 4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 Author: Matt Caswell Date: Fri Feb 3 14:06:20 2017 + Don't change the state of the ETM flags until CCS processing Changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS so this is TLS only. The problem is caused by changing the flag indicating whether to use ETM or not immediately on negotiation of ETM, rather than at CCS. Therefore, during a renegotiation, if the ETM state is changing (usually due to a change of ciphersuite), then an error/crash will occur. Due to the fact that there are separate CCS messages for read and write we actually now need two flags to determine whether to use ETM or not. CVE-2017-3733 Reviewed-by: Richard Levitte commit 9c5a691d578a4debfd6ecacc030a85900906bf0d Author: Matt Caswell Date: Fri Feb 3 11:21:07 2017 + Provide a test for the Encrypt-Then-Mac renegotiation crash Changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS so this is TLS only. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte --- Summary of changes: CHANGES| 15 +++- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 6 +- include/openssl/ssl3.h | 5 +- ssl/record/rec_layer_s3.c | 6 +- ssl/record/ssl3_record.c | 24 -- ssl/ssl_locl.h | 7 +- ssl/t1_enc.c | 15 +++- ssl/t1_lib.c | 12 +-- test/handshake_helper.c| 16 +++- test/ssl-tests/17-renegotiate.conf | 134 - test/ssl-tests/17-renegotiate.conf.in | 78 - test/ssl-tests/18-dtls-renegotiate.conf| 130 +++- test/ssl-tests/18-dtls-renegotiate.conf.in | 74 +++- test/ssl_test_ctx.c| 59 - test/ssl_test_ctx.h| 2 + 17 files changed, 515 insertions(+), 76 deletions(-) diff --git a/CHANGES b/CHANGES index d516e2c..76041ce 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,23 @@ OpenSSL CHANGES ___ - Changes between 1.1.0d and 1.1.0e [xx XXX ] + Changes between 1.1.0e and 1.1.0f [xx XXX ] *) + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read diff --git a/NEWS b/NEWS index 693bbec..582d66e 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major cha
[openssl-commits] [openssl] master update
The branch master has been updated via d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (commit) via 2c55b28a34624c18e3d05dfd7acb78895e3a64e6 (commit) via 28a31a0a10f41ef855cabab4e18c994c44225125 (commit) via cc22cd546bd0b0e1b55c1835403ab564d5f30581 (commit) from 7b3a4d610731929d4fde15411f9be9b883974980 (commit) - Log - commit d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef Author: Matt Caswell Date: Thu Feb 16 09:51:56 2017 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte commit 2c55b28a34624c18e3d05dfd7acb78895e3a64e6 Author: Matt Caswell Date: Fri Feb 3 14:45:49 2017 + Remove an OPENSSL_assert() and replace with a soft assert and check Following on from CVE-2017-3733, this removes the OPENSSL_assert() check that failed and replaces it with a soft assert, and an explicit check of value with an error return if it fails. Reviewed-by: Richard Levitte commit 28a31a0a10f41ef855cabab4e18c994c44225125 Author: Matt Caswell Date: Fri Feb 3 14:06:20 2017 + Don't change the state of the ETM flags until CCS processing In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. The problem is caused by changing the flag indicating whether to use ETM or not immediately on negotiation of ETM, rather than at CCS. Therefore, during a renegotiation, if the ETM state is changing (usually due to a change of ciphersuite), then an error/crash will occur. Due to the fact that there are separate CCS messages for read and write we actually now need two flags to determine whether to use ETM or not. CVE-2017-3733 Reviewed-by: Richard Levitte commit cc22cd546bd0b0e1b55c1835403ab564d5f30581 Author: Matt Caswell Date: Fri Feb 3 11:21:07 2017 + Provide a test for the Encrypt-Then-Mac renegotiation crash In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte --- Summary of changes: CHANGES| 15 +++- NEWS | 6 +- include/openssl/ssl3.h | 5 +- ssl/d1_lib.c | 2 +- ssl/record/rec_layer_d1.c | 4 +- ssl/record/rec_layer_s3.c | 6 +- ssl/record/ssl3_record.c | 19 ++-- ssl/ssl_locl.h | 6 +- ssl/statem/extensions.c| 4 +- ssl/statem/extensions_clnt.c | 2 +- ssl/statem/extensions_srvr.c | 6 +- ssl/t1_enc.c | 15 +++- test/dtls_mtu_test.c | 4 +- test/handshake_helper.c| 16 +++- test/ssl-tests/17-renegotiate.conf | 134 - test/ssl-tests/17-renegotiate.conf.in | 78 - test/ssl-tests/18-dtls-renegotiate.conf| 130 +++- test/ssl-tests/18-dtls-renegotiate.conf.in | 74 +++- test/ssl_test_ctx.c| 63 -- test/ssl_test_ctx.h| 2 + 20 files changed, 510 insertions(+), 81 deletions(-) diff --git a/CHANGES b/CHANGES index 8b27bd5..3e91a08 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES ___ - Changes between 1.1.0a and 1.1.1 [xx XXX ] + Changes between 1.1.0e and 1.1.1 [xx XXX ] *) Add support for SipHash [Todd Short] @@ -24,6 +24,19 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read diff --git a/NEWS b/NEWS index 34312cd..0852bd3 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file give
[openssl-commits] [web] master update
The branch master has been updated via 53ec621aa94b3b9f75cb2012178fed494819de4d (commit) from e088c8bb8449c3613e41a5200acbd56cd23268b8 (commit) - Log - commit 53ec621aa94b3b9f75cb2012178fed494819de4d Author: Matt Caswell Date: Thu Feb 16 11:54:10 2017 + Update newsflash and vulnerabilities.xml --- Summary of changes: news/newsflash.txt | 1 + news/vulnerabilities.xml | 20 +++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index a32903f..1a66cde 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Feb-2017: OpenSSL 1.1.0e is now available, including bug and security fixes 13-Feb-2017: New Blog post: https://www.openssl.org/blog/blog/2017/02/13/bylaws/";>Project Bylaws 13-Feb-2017: New https://www.openssl.org/policies/bylaws.html";>OpenSSL Bylaws published 13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 16th February 2017 diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6c32b4c..3d759a8 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,25 @@ 1.0.0 on 20100329 --> - + + + + + + + + + + + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependent on ciphersuite). Both clients + and servers are affected. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6ab0a53dba21e3d4bc94859ec6dc6624cff8f774 (commit) from 53ec621aa94b3b9f75cb2012178fed494819de4d (commit) - Log - commit 6ab0a53dba21e3d4bc94859ec6dc6624cff8f774 Author: Matt Caswell Date: Thu Feb 16 12:14:41 2017 + Add security advisory --- Summary of changes: news/secadv/20170216.txt | 39 +++ 1 file changed, 39 insertions(+) create mode 100644 news/secadv/20170216.txt diff --git a/news/secadv/20170216.txt b/news/secadv/20170216.txt new file mode 100644 index 000..da9043d --- /dev/null +++ b/news/secadv/20170216.txt @@ -0,0 +1,39 @@ + +OpenSSL Security Advisory [16 Feb 2017] + + +Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + + +Severity: High + +During a renegotiation handshake if the Encrypt-Then-Mac extension is +negotiated where it was not in the original handshake (or vice-versa) then this +can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers +are affected. + +OpenSSL 1.1.0 users should upgrade to 1.1.0e + +This issue does not affect OpenSSL version 1.0.2. + +This issue was reported to OpenSSL on 31st January 2017 by Joe Orton (Red Hat). +The fix was developed by Matt Caswell of the OpenSSL development team. + +Note + + +Support for version 1.0.1 ended on 31st December 2016. Support for versions +0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer +receiving security updates. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20170216.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via bb01f78cc17fc7fc9aba39f34e7403e0d38f4309 (commit) from 6ab0a53dba21e3d4bc94859ec6dc6624cff8f774 (commit) - Log - commit bb01f78cc17fc7fc9aba39f34e7403e0d38f4309 Author: Mark J. Cox Date: Thu Feb 16 12:18:53 2017 + Add link to advisory --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1a66cde..9667597 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Feb-2017: Security Advisory: one security fix 16-Feb-2017: OpenSSL 1.1.0e is now available, including bug and security fixes 13-Feb-2017: New Blog post: https://www.openssl.org/blog/blog/2017/02/13/bylaws/";>Project Bylaws 13-Feb-2017: New https://www.openssl.org/policies/bylaws.html";>OpenSSL Bylaws published _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 9b90ce0b46aed53fdff4d767ca5669dfac211f62 (commit) from 04d42270ba76d1c9dad2e383d109084e60a2ac12 (commit) - Log - commit 9b90ce0b46aed53fdff4d767ca5669dfac211f62 Author: Bernd Edlinger Date: Thu Feb 16 10:13:45 2017 +0100 Cleanup *.S files. Fixes #2220 Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2645) --- Summary of changes: crypto/aes/Makefile | 2 +- crypto/bn/Makefile| 2 +- crypto/des/Makefile | 2 +- crypto/md5/Makefile | 2 +- crypto/modes/Makefile | 2 +- crypto/rc4/Makefile | 2 +- crypto/sha/Makefile | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index e825c14..05e4a01 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -133,7 +133,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index c4c6409..20e8ef0 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -187,7 +187,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 8b5166c..89156ba 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -107,7 +107,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index f5240da..9942cb4 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -90,7 +90,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index a7863d9..2528f4a 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -106,7 +106,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 7434ff7..a495324 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -100,7 +100,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index de6cdde..8b8f8b2 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -135,7 +135,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ac879ed62a19f3c878f7be3020a1b93cc77f4b38 (commit) from d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (commit) - Log - commit ac879ed62a19f3c878f7be3020a1b93cc77f4b38 Author: Benjamin Kaduk Date: Thu Dec 29 11:38:24 2016 -0600 Use _WIN32 over WIN32 for preprocessor conditional The intent seems to be that the WIN32 symbol is for things that are a direct byproduct of being a windows-variant configuration and should be used for feature en/disablement on windows systems. Use of the _WIN32 symbol is more widespread, being used to implement platform portability of more generic code. We do define WIN32 in some situations in e_os.h, but that is not included universally. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2642) --- Summary of changes: crypto/seed/seed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c index c1e9285..d62da91 100644 --- a/crypto/seed/seed.c +++ b/crypto/seed/seed.c @@ -37,7 +37,7 @@ # include # include # include -# ifdef WIN32 +# ifdef _WIN32 # include # endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 88a3b5322170444d8d4003f6d8af82c3976c570b (commit) from ffb1e659b2546cb704ef56ae01176b9062ef1c6f (commit) - Log - commit 88a3b5322170444d8d4003f6d8af82c3976c570b Author: Benjamin Kaduk Date: Thu Dec 29 11:38:24 2016 -0600 Use _WIN32 over WIN32 for preprocessor conditional The intent seems to be that the WIN32 symbol is for things that are a direct byproduct of being a windows-variant configuration and should be used for feature en/disablement on windows systems. Use of the _WIN32 symbol is more widespread, being used to implement platform portability of more generic code. We do define WIN32 in some situations in e_os.h, but that is not included universally. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2642) (cherry picked from commit ac879ed62a19f3c878f7be3020a1b93cc77f4b38) --- Summary of changes: crypto/seed/seed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c index c1e9285..d62da91 100644 --- a/crypto/seed/seed.c +++ b/crypto/seed/seed.c @@ -37,7 +37,7 @@ # include # include # include -# ifdef WIN32 +# ifdef _WIN32 # include # endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 0cb8c9d85e9d5690670d6f1f02e8ccc756520210 (commit)
from ac879ed62a19f3c878f7be3020a1b93cc77f4b38 (commit)
- Log -
commit 0cb8c9d85e9d5690670d6f1f02e8ccc756520210
Author: lrns
Date: Thu Feb 16 12:27:55 2017 +0100
Change req_check_len error message, it also accepts 20 bytes, but states
'less than' in the error message
Reviewed-by: Matt Caswell
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2648)
---
Summary of changes:
apps/req.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/req.c b/apps/req.c
index 00f2a41..766a27e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1273,7 +1273,7 @@ static int req_check_len(int len, int n_min, int n_max)
}
if ((n_max >= 0) && (len > n_max)) {
BIO_printf(bio_err,
- "string is too long, it needs to be less than %d bytes
long\n",
+ "string is too long, it needs to be no more than %d bytes
long\n",
n_max);
return (0);
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via ddc311f1d345d07d8657b4538ca32cba864e7461 (commit)
from 88a3b5322170444d8d4003f6d8af82c3976c570b (commit)
- Log -
commit ddc311f1d345d07d8657b4538ca32cba864e7461
Author: lrns
Date: Thu Feb 16 12:27:55 2017 +0100
Change req_check_len error message
it also accepts 20 bytes, but states 'less than' in the error message
Reviewed-by: Matt Caswell
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2648)
(cherry picked from commit 0cb8c9d85e9d5690670d6f1f02e8ccc756520210)
---
Summary of changes:
apps/req.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/req.c b/apps/req.c
index e8951ae..a1cbfe2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1273,7 +1273,7 @@ static int req_check_len(int len, int n_min, int n_max)
}
if ((n_max >= 0) && (len > n_max)) {
BIO_printf(bio_err,
- "string is too long, it needs to be less than %d bytes
long\n",
+ "string is too long, it needs to be no more than %d bytes
long\n",
n_max);
return (0);
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.7935
Build openssl master.7935 failed Commit ffb3e03d0e by Todd Short on 2/16/2017 1:59 PM: Minutes are not optional Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 4b74b511131cf6703c82c25656bac7058d8ebe2f (commit)
from ddc311f1d345d07d8657b4538ca32cba864e7461 (commit)
- Log -
commit 4b74b511131cf6703c82c25656bac7058d8ebe2f
Author: Richard Levitte
Date: Wed Jan 4 09:34:42 2017 +0100
Don't run MSBLOB conversion tests when RSA or DSA are disabled
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2174)
(cherry picked from commit d8594555ffaf98ada08b26ce3d1138f16bc029c5)
---
Summary of changes:
test/recipes/15-test_rsa.t | 6 ++
1 file changed, 6 insertions(+)
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
index a57ce63..5988821 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -34,6 +34,12 @@ ok(run(app([ 'openssl', 'rsa', '-check', '-in',
srctop_file('test', 'testrsa.pem
subtest 'rsa conversions -- private key PKCS#8' => sub {
tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey");
};
+}
+
+ SKIP: {
+ skip "Skipping msblob conversion test", 1
+if disabled("rsa") || disabled("dsa");
+
subtest 'rsa conversions -- public key' => sub {
tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa",
"-pubin", "-pubout");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.7936
Build openssl master.7936 completed Commit 0c984ae65a by Todd Short on 2/16/2017 2:09 PM: Internal siphash tests are not run. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#8571 (master - a34a9df)
Build Update for openssl/openssl - Build: #8571 Status: Broken Duration: 1 hour, 20 minutes, and 44 seconds Commit: a34a9df (master) Author: Dr. Stephen Henson Message: Skip curve check if sigalg doesn't specify a curve. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) View the changeset: https://github.com/openssl/openssl/compare/7e12cdb52e3f...a34a9df0712a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201732639 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 86de658a84a379ad9e7b8b93bb66adb8e218f4c8 (commit)
via b4cb7eb7df2982e4f8d5a175e5c43d601ca7e727 (commit)
via ad4dd362e036b8481d51e1bfc6e9322b6cf074dc (commit)
via 717a265aa5f618fb30f857f240f6b2b0ab7ad4c7 (commit)
from 0cb8c9d85e9d5690670d6f1f02e8ccc756520210 (commit)
- Log -
commit 86de658a84a379ad9e7b8b93bb66adb8e218f4c8
Author: Dr. Stephen Henson
Date: Wed Feb 15 22:16:09 2017 +
Add client auth TLS 1.3 certificate selection tests
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2643)
commit b4cb7eb7df2982e4f8d5a175e5c43d601ca7e727
Author: Dr. Stephen Henson
Date: Wed Feb 15 22:03:04 2017 +
Add ECDSA client certificates
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2643)
commit ad4dd362e036b8481d51e1bfc6e9322b6cf074dc
Author: Dr. Stephen Henson
Date: Wed Feb 15 16:23:49 2017 +
Use tls_choose_sigalg for client auth.
For client auth call tls_choose_sigalg to select the certificate
and signature algorithm. Use the selected algorithm in
tls_construct_cert_verify.
Remove obsolete tls12_get_sigandhash.
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2643)
commit 717a265aa5f618fb30f857f240f6b2b0ab7ad4c7
Author: Dr. Stephen Henson
Date: Wed Feb 15 16:19:43 2017 +
Add client side support to tls_choose_sigalg.
Select appropriate signature algorithm and certificate for client
authentication using tls_choose_sigalg.
A lot of selection logic is very similar except not finding a
certificate is not a fatal error: we just do not present a
certificate.
For TLS 1.2 and earlier we only check the current certificate
is suitable (for compatibility with previous logic) for TLS 1.3
(where there are no compatibility issues) we support multiple
client certificates for different algorithms.
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2643)
---
Summary of changes:
ssl/ssl_locl.h | 2 -
ssl/statem/statem_clnt.c | 4 +-
ssl/statem/statem_lib.c| 27 +++--
ssl/t1_lib.c | 130 +
.../{ca-cert.pem => ee-ecdsa-client-chain.pem} | 15 +++
test/certs/ee-ecdsa-key.pem| 5 +
test/ssl-tests/20-cert-select.conf.in | 51 +++-
7 files changed, 139 insertions(+), 95 deletions(-)
copy test/certs/{ca-cert.pem => ee-ecdsa-client-chain.pem} (54%)
create mode 100644 test/certs/ee-ecdsa-key.pem
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e1bce30..6f83877 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2260,8 +2260,6 @@ __owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const
unsigned char *etick,
__owur int tls_use_ticket(SSL *s);
-__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
-const EVP_MD *md, int *ispss);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 8ca3c4c..4923e24 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3090,10 +3090,8 @@ int tls_client_key_exchange_post_work(SSL *s)
*/
static int ssl3_check_client_certificate(SSL *s)
{
-if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
-return 0;
/* If no suitable signature algorithm can't use certificate */
-if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])
+if (!tls_choose_sigalg(s, NULL) || s->s3->tmp.sigalg == NULL)
return 0;
/*
* If strict mode check suitability of chain before using it. This also
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 31156fd..ed07266 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -171,17 +171,27 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char
*tls13tbs,
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
{
-EVP_PKEY *pkey = s->cert->key->privatekey;
-const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
+EVP_PKEY *pkey = NULL;
+const EVP_MD *md = NULL;
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t hdatalen = 0, siglen = 0;
void *hdata;
unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
-int pktype, ispss = 0;
+const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
-pktype = EVP_PKEY_id(pkey);
+if (lu == NULL || s->s3->tmp.cert == NULL) {
+S
[openssl-commits] [openssl] OpenSSL-fips-2_0_14 create
The annotated tag OpenSSL-fips-2_0_14 has been created at f7d736d01b6032d3042cd609d9c1d58dfa5c0c9f (tag) tagging e1a9268d81238aa12acfb9725a13c858c8937cd7 (commit) replaces OpenSSL-fips-2_0_13 tagged by Dr. Stephen Henson on Thu Feb 16 17:14:58 2017 + - Log - OpenSSL FIPS 2.0.14 release tag Andy Polyakov (1): FIPS MIPS assembly pack refresh. Steve Marquess (1): Update to match latest CAVS --- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d605fc3a0ce4103ca6660904795bf1209cdb55b7 (commit) from 86de658a84a379ad9e7b8b93bb66adb8e218f4c8 (commit) - Log - commit d605fc3a0ce4103ca6660904795bf1209cdb55b7 Author: Matt Caswell Date: Thu Feb 16 14:47:26 2017 + Fix a mem leak in ssl_test_ctx.c Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2650) --- Summary of changes: test/ssl_test_ctx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 1f3495f..c5b9a3e 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -585,6 +585,7 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->client.alpn_protocols); OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); +OPENSSL_free(conf->client.reneg_ciphers); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via d52c9b58a6e6c6dba62221b469e1576fe26b3c20 (commit) from 4b74b511131cf6703c82c25656bac7058d8ebe2f (commit) - Log - commit d52c9b58a6e6c6dba62221b469e1576fe26b3c20 Author: Matt Caswell Date: Thu Feb 16 14:47:26 2017 + Fix a mem leak in ssl_test_ctx.c Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2650) (cherry picked from commit d605fc3a0ce4103ca6660904795bf1209cdb55b7) --- Summary of changes: test/ssl_test_ctx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index c21decf..28ee5c7 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -507,6 +507,7 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->client.alpn_protocols); OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); +OPENSSL_free(conf->client.reneg_ciphers); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl 1.0.1839
Build openssl 1.0.1839 failed Commit 085d6d3764 by FdaSilvaYY on 2/16/2017 10:21 PM: Add comments about Max Fragment Length extension layout. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Failed: openssl/openssl#8575 (master - bb90d02)
Build Update for openssl/openssl - Build: #8575 Status: Failed Duration: 50 minutes and 36 seconds Commit: bb90d02 (master) Author: Matt Caswell Message: Fix merge issue Causes make update to fail. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2634) View the changeset: https://github.com/openssl/openssl/compare/a34a9df0712a...bb90d02a71c6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201825823 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.7953
Build openssl master.7953 failed Commit 12a3c0aed2 by Richard Levitte on 2/16/2017 8:07 PM: Add a test of the X509_STORE / X509_LOOKUP API Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.7954
Build openssl master.7954 completed Commit dd051513c2 by Benjamin Kaduk on 2/16/2017 7:54 PM: Fix tests with enable-dtls no-dtls1 no-dtls1_2 Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#8577 (master - ed874fa)
Build Update for openssl/openssl - Build: #8577 Status: Broken Duration: 46 minutes and 39 seconds Commit: ed874fa (master) Author: Bernd Edlinger Message: Rework error handling of custom_ext_meth_add towards strong exception safety. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2636) View the changeset: https://github.com/openssl/openssl/compare/bb90d02a71c6...ed874fac6399 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201868605 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.7957
Build openssl master.7957 failed Commit 1c20880959 by FdaSilvaYY on 12/24/2016 7:04 PM: Add comments about Max Fragment Length extension layout. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.7958
Build openssl master.7958 completed Commit e7016b68ba by David Benjamin on 2/16/2017 10:39 PM: Fix typo in x86_64-mont5.pl CFI directives Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#8578 (OpenSSL_1_1_0-stable - c9c1a63)
Build Update for openssl/openssl - Build: #8578 Status: Passed Duration: 2 hours, 59 minutes, and 10 seconds Commit: c9c1a63 (OpenSSL_1_1_0-stable) Author: Bernd Edlinger Message: Rework error handling of custom_ext_meth_add towards strong exception safety. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2636) (cherry picked from commit ed874fac6399d5064d6eb8fe2022b918aeaf75af) View the changeset: https://github.com/openssl/openssl/compare/19d5e48d6d56...c9c1a63d58c7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201869123 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.7962
Build openssl master.7962 failed Commit 3247b45494 by Todd Short on 2/17/2017 4:42 AM: More doc updates Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.7963
Build openssl master.7963 completed Commit 290f2cb855 by Todd Short on 2/16/2017 9:08 PM: Fix offset calculation. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#8580 (master - 399976c)
Build Update for openssl/openssl - Build: #8580 Status: Broken Duration: 19 minutes and 19 seconds Commit: 399976c (master) Author: Andy Polyakov Message: sha/asm/*-x86_64.pl: add CFI annotations. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/ed874fac6399...399976c7ba8d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/201889535 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 59088e4 Set current certificate to selected certificate. 399976c sha/asm/*-x86_64.pl: add CFI annotations. ed874fa Rework error handling of custom_ext_meth_add towards strong exception safety. bb90d02 Fix merge issue a34a9df Skip curve check if sigalg doesn't specify a curve. a497cf2 Use CERT_PKEY pointer instead of index f695571 Simplify tls_construct_server_key_exchange f365a3e Use cert_index and sigalg 0972bc5 Add sigalg for earlier TLS versions 4a419f6 Change tls_choose_sigalg so it can set errors and alerts. 4020c0b add ssl_has_cert Build log ended with (last 100 lines): ../../openssl/test/recipes/15-test_ecdh.t . ok ../../openssl/test/recipes/15-test_ecdsa.t ok ../../openssl/test/recipes/15-test_rsa.t .. ok ../../openssl/test/recipes/20-test_enc.t .. ok ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs TLS1.2 or TLS1.3 enabled ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 59088e4 Set current certificate to selected certificate. 399976c sha/asm/*-x86_64.pl: add CFI annotations. ed874fa Rework error handling of custom_ext_meth_add towards strong exception safety. bb90d02 Fix merge issue a34a9df Skip curve check if sigalg doesn't specify a curve. a497cf2 Use CERT_PKEY pointer instead of index f695571 Simplify tls_construct_server_key_exchange f365a3e Use cert_index and sigalg 0972bc5 Add sigalg for earlier TLS versions 4a419f6 Change tls_choose_sigalg so it can set errors and alerts. 4020c0b add ssl_has_cert Build log ended with (last 100 lines): ../../openssl/test/recipes/15-test_ecdh.t . ok ../../openssl/test/recipes/15-test_ecdsa.t ok ../../openssl/test/recipes/15-test_rsa.t .. ok ../../openssl/test/recipes/20-test_enc.t .. ok ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t ...
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 59088e4 Set current certificate to selected certificate. 399976c sha/asm/*-x86_64.pl: add CFI annotations. ed874fa Rework error handling of custom_ext_meth_add towards strong exception safety. bb90d02 Fix merge issue a34a9df Skip curve check if sigalg doesn't specify a curve. a497cf2 Use CERT_PKEY pointer instead of index f695571 Simplify tls_construct_server_key_exchange f365a3e Use cert_index and sigalg 0972bc5 Add sigalg for earlier TLS versions 4a419f6 Change tls_choose_sigalg so it can set errors and alerts. 4020c0b add ssl_has_cert Build log ended with (last 100 lines): ../../openssl/test/recipes/15-test_ecdh.t . ok ../../openssl/test/recipes/15-test_ecdsa.t ok ../../openssl/test/recipes/15-test_rsa.t .. ok ../../openssl/test/recipes/20-test_enc.t .. ok ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs TLS1.2 or TLS1.3 enabled ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../opens
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 59088e4 Set current certificate to selected certificate. 399976c sha/asm/*-x86_64.pl: add CFI annotations. ed874fa Rework error handling of custom_ext_meth_add towards strong exception safety. bb90d02 Fix merge issue a34a9df Skip curve check if sigalg doesn't specify a curve. a497cf2 Use CERT_PKEY pointer instead of index f695571 Simplify tls_construct_server_key_exchange f365a3e Use cert_index and sigalg 0972bc5 Add sigalg for earlier TLS versions 4a419f6 Change tls_choose_sigalg so it can set errors and alerts. 4020c0b add ssl_has_cert Build log ended with (last 100 lines): ../../openssl/test/recipes/15-test_ecdh.t . ok ../../openssl/test/recipes/15-test_ecdsa.t ok ../../openssl/test/recipes/15-test_rsa.t .. ok ../../openssl/test/recipes/20-test_enc.t .. ok ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t
[openssl-commits] [openssl] master update
The branch master has been updated
via bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638 (commit)
via 532e7b36d9622ac06a96fb3557b5bc16016e5ca8 (commit)
from d605fc3a0ce4103ca6660904795bf1209cdb55b7 (commit)
- Log -
commit bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638
Author: Richard Levitte
Date: Thu Feb 16 21:07:33 2017 +0100
Add a test of the X509_STORE / X509_LOOKUP API
Fortunately, "openssl verify" makes good use of that API
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2652)
commit 532e7b36d9622ac06a96fb3557b5bc16016e5ca8
Author: Richard Levitte
Date: Thu Feb 16 21:06:42 2017 +0100
test/README: clarify test number groups
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2652)
---
Summary of changes:
test/README | 20
test/recipes/60-test_x509_store.t | 48 +++
2 files changed, 59 insertions(+), 9 deletions(-)
create mode 100644 test/recipes/60-test_x509_store.t
diff --git a/test/README b/test/README
index bca7ab8..ef39d38 100644
--- a/test/README
+++ b/test/README
@@ -19,15 +19,17 @@ digit number and {name} is a unique name of your choice.
The number {nn} is (somewhat loosely) grouped as follows:
-05 individual symmetric cipher algorithms
-10 math (bignum)
-15 individual asymmetric cipher algorithms
-20 openssl commands (some otherwise not tested)
-25 certificate forms, generation and verification
-30 engine and evp
-70 PACKET layer
-80 "larger" protocols (CA, CMS, OCSP, SSL, TSA)
-90 misc
+00-04 sanity, internal and essential API tests
+05-09 individual symmetric cipher algorithms
+10-14 math (bignum)
+15-19 individual asymmetric cipher algorithms
+20-24 openssl commands (some otherwise not tested)
+25-29 certificate forms, generation and verification
+30-35 engine and evp
+60-79 APIs
+ 70 PACKET layer
+80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA)
+90-99 misc
A recipe that just runs a test executable
diff --git a/test/recipes/60-test_x509_store.t
b/test/recipes/60-test_x509_store.t
new file mode 100644
index 000..b084ed9
--- /dev/null
+++ b/test/recipes/60-test_x509_store.t
@@ -0,0 +1,48 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Copy;
+use File::Spec::Functions qw/:DEFAULT canonpath/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_x509_store");
+
+# We use 'openssl verify' for these tests, as it contains everything
+# we need to conduct these tests. The tests here are a subset of the
+# ones found in 25-test_verify.t
+
+sub verify {
+my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
+my @args = qw(openssl verify -auth_level 1 -purpose);
+my @path = qw(test certs);
+push(@args, "$purpose", @opts);
+push(@args, "-CApath", $trustedpath);
+for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path,
"$_.pem")) }
+push(@args, srctop_file(@path, "$cert.pem"));
+run(app([@args]));
+}
+
+plan tests => 3;
+
+indir "60-test_x509_store" => sub {
+for (("root-cert")) {
+copy(srctop_file("test", "certs", "$_.pem"), curdir());
+}
+ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
+
+# Canonical success
+ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
+ "verify ee-cert");
+
+# Failure because root cert not present in CApath
+ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
+}, create => 1, cleanup => 1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi
Platform and configuration command: $ uname -a Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi Commit log since last time: d605fc3 Fix a mem leak in ssl_test_ctx.c 86de658 Add client auth TLS 1.3 certificate selection tests b4cb7eb Add ECDSA client certificates ad4dd36 Use tls_choose_sigalg for client auth. 717a265 Add client side support to tls_choose_sigalg. 0cb8c9d Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message ac879ed Use _WIN32 over WIN32 for preprocessor conditional d4da1bb Update CHANGES and NEWS for new release 2c55b28 Remove an OPENSSL_assert() and replace with a soft assert and check 28a31a0 Don't change the state of the ETM flags until CCS processing cc22cd5 Provide a test for the Encrypt-Then-Mac renegotiation crash 7b3a4d6 Fix warning af7e05c Handle negative reply for NNTP STARTTLS in s_client a8f9576 Properly zero cipher_data for ChaCha20-Poly1305 on cleanup 8653e78 crypto/armcap.c: short-circuit processor capability probe in iOS builds. c93f06c ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 59088e4 Set current certificate to selected certificate. 399976c sha/asm/*-x86_64.pl: add CFI annotations. ed874fa Rework error handling of custom_ext_meth_add towards strong exception safety. bb90d02 Fix merge issue a34a9df Skip curve check if sigalg doesn't specify a curve. a497cf2 Use CERT_PKEY pointer instead of index f695571 Simplify tls_construct_server_key_exchange f365a3e Use cert_index and sigalg 0972bc5 Add sigalg for earlier TLS versions 4a419f6 Change tls_choose_sigalg so it can set errors and alerts. 4020c0b add ssl_has_cert Build log ended with (last 100 lines): make[1]: Entering directory '/home/openssl/run-checker/no-asm_-ansi' clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o ../openssl/crypto/aes/aes_cbc.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o ../openssl/crypto/aes/aes_cfb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wno-parentheses-equality -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o ../openssl/crypto/aes/aes_core.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSE
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 949bd8e45eb4d2697d20c2249fa42cba545da2ac (commit)
via 6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d (commit)
from d52c9b58a6e6c6dba62221b469e1576fe26b3c20 (commit)
- Log -
commit 949bd8e45eb4d2697d20c2249fa42cba545da2ac
Author: Richard Levitte
Date: Thu Feb 16 21:07:33 2017 +0100
Add a test of the X509_STORE / X509_LOOKUP API
Fortunately, "openssl verify" makes good use of that API
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2652)
(cherry picked from commit bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638)
commit 6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d
Author: Richard Levitte
Date: Thu Feb 16 21:06:42 2017 +0100
test/README: clarify test number groups
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/2652)
(cherry picked from commit 532e7b36d9622ac06a96fb3557b5bc16016e5ca8)
---
Summary of changes:
test/README | 20
test/recipes/60-test_x509_store.t | 48 +++
2 files changed, 59 insertions(+), 9 deletions(-)
create mode 100644 test/recipes/60-test_x509_store.t
diff --git a/test/README b/test/README
index bca7ab8..ef39d38 100644
--- a/test/README
+++ b/test/README
@@ -19,15 +19,17 @@ digit number and {name} is a unique name of your choice.
The number {nn} is (somewhat loosely) grouped as follows:
-05 individual symmetric cipher algorithms
-10 math (bignum)
-15 individual asymmetric cipher algorithms
-20 openssl commands (some otherwise not tested)
-25 certificate forms, generation and verification
-30 engine and evp
-70 PACKET layer
-80 "larger" protocols (CA, CMS, OCSP, SSL, TSA)
-90 misc
+00-04 sanity, internal and essential API tests
+05-09 individual symmetric cipher algorithms
+10-14 math (bignum)
+15-19 individual asymmetric cipher algorithms
+20-24 openssl commands (some otherwise not tested)
+25-29 certificate forms, generation and verification
+30-35 engine and evp
+60-79 APIs
+ 70 PACKET layer
+80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA)
+90-99 misc
A recipe that just runs a test executable
diff --git a/test/recipes/60-test_x509_store.t
b/test/recipes/60-test_x509_store.t
new file mode 100644
index 000..b084ed9
--- /dev/null
+++ b/test/recipes/60-test_x509_store.t
@@ -0,0 +1,48 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Copy;
+use File::Spec::Functions qw/:DEFAULT canonpath/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_x509_store");
+
+# We use 'openssl verify' for these tests, as it contains everything
+# we need to conduct these tests. The tests here are a subset of the
+# ones found in 25-test_verify.t
+
+sub verify {
+my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
+my @args = qw(openssl verify -auth_level 1 -purpose);
+my @path = qw(test certs);
+push(@args, "$purpose", @opts);
+push(@args, "-CApath", $trustedpath);
+for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path,
"$_.pem")) }
+push(@args, srctop_file(@path, "$cert.pem"));
+run(app([@args]));
+}
+
+plan tests => 3;
+
+indir "60-test_x509_store" => sub {
+for (("root-cert")) {
+copy(srctop_file("test", "certs", "$_.pem"), curdir());
+}
+ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
+
+# Canonical success
+ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
+ "verify ee-cert");
+
+# Failure because root cert not present in CApath
+ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
+}, create => 1, cleanup => 1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
