[openssl-commits] [openssl] master update

2018-03-28 Thread Andy Polyakov 
The branch master has been updated
   via  8eb399fb25a6ef68b2a9e8d34b242b9767c46abe (commit)
   via  258689931ef9f25f282b550367f9c815b91069d7 (commit)
   via  74d38a8677ac10f7368c12079af9a27e959ee295 (commit)
   via  dacd2a87b550923524e80554b3a4869ea0351f66 (commit)
   via  55bd169fd874f65fa15b20ce4feae2e8ed5e77f1 (commit)
  from  c6d38183d6754b0a7b90527d085a500680e7d2ea (commit)


- Log -
commit 8eb399fb25a6ef68b2a9e8d34b242b9767c46abe
Author: Patrick Steuer 
Date:   Wed Mar 28 13:23:56 2018 +0100

crypto/e_aes.c: use S390X_AES_FC macro

... to compute s390x aes function code from keylength.

Signed-off-by: Patrick Steuer 

Reviewed-by: Richard Levitte 
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5250)

commit 258689931ef9f25f282b550367f9c815b91069d7
Author: Patrick Steuer 
Date:   Wed Mar 28 13:21:29 2018 +0100

crypto/evp/e_aes.c: add size_t casts to increase readability

Signed-off-by: Patrick Steuer 

Reviewed-by: Richard Levitte 
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5250)

commit 74d38a8677ac10f7368c12079af9a27e959ee295
Author: Patrick Steuer 
Date:   Wed Mar 28 13:09:24 2018 +0100

s390x assembly pack: add KMF code path for aes-cfb/cfb8

Signed-off-by: Patrick Steuer 

Reviewed-by: Richard Levitte 
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5250)

commit dacd2a87b550923524e80554b3a4869ea0351f66
Author: Patrick Steuer 
Date:   Wed Mar 28 12:54:50 2018 +0100

s390x assembly pack: add KMO code path for aes-ofb

Signed-off-by: Patrick Steuer 

Reviewed-by: Richard Levitte 
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5250)

commit 55bd169fd874f65fa15b20ce4feae2e8ed5e77f1
Author: Patrick Steuer 
Date:   Wed Mar 28 12:43:15 2018 +0100

s390x assembly pack: add KM code path for aes-ecb

Signed-off-by: Patrick Steuer 

Reviewed-by: Richard Levitte 
Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5250)

---

Summary of changes:
 crypto/evp/e_aes.c   | 316 ---
 crypto/s390x_arch.h  |   4 +
 crypto/s390xcpuid.pl |  42 +++
 3 files changed, 319 insertions(+), 43 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1d5007a..a914a6e 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -960,6 +960,57 @@ typedef struct {
 union {
 double align;
 /*-
+ * KM-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-06)
+ */
+struct {
+unsigned char k[32];
+} param;
+/* KM-AES parameter block - end */
+} km;
+unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+union {
+double align;
+/*-
+ * KMO-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+struct {
+unsigned char cv[16];
+unsigned char k[32];
+} param;
+/* KMO-AES parameter block - end */
+} kmo;
+unsigned int fc;
+
+int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+union {
+double align;
+/*-
+ * KMF-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+struct {
+unsigned char cv[16];
+unsigned char k[32];
+} param;
+/* KMF-AES parameter block - end */
+} kmf;
+unsigned int fc;
+
+int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+union {
+double align;
+/*-
  * KMA-GCM-AES parameter block - begin
  * (see z/Architecture Principles of Operation >= SA22-7832-11)
  */
@@ -1056,18 +1107,16 @@ typedef struct {
 } aes;
 } S390X_AES_CCM_CTX;
 
-# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P.km[0] &\
-

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-03-28 Thread Andy Polyakov 
The branch OpenSSL_1_0_2-stable has been updated
   via  6a285edd520f9508efb76f30aff9812ce7115fa8 (commit)
  from  46c815a97d21135561d2204574bbd7c184b1f0b5 (commit)


- Log -
commit 6a285edd520f9508efb76f30aff9812ce7115fa8
Author: Miroslav Suk 
Date:   Thu Mar 22 09:20:43 2018 +0100

o_time.c: use gmtime_s with MSVC

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5719)

---

Summary of changes:
 crypto/o_time.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/crypto/o_time.c b/crypto/o_time.c
index 6192743..a763b2c 100755
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -109,6 +109,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm 
*result)
 if (gmtime_r(timer, result) == NULL)
 return NULL;
 ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
+if (gmtime_s(result, timer))
+return NULL;
+ts = result;
 #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
 ts = gmtime(timer);
 if (ts == NULL)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-28 Thread Rich Salz 
The branch master has been updated
   via  c6d38183d6754b0a7b90527d085a500680e7d2ea (commit)
  from  92565101ca7bc1587ff1d87f9efa8aa1cfbe62f7 (commit)


- Log -
commit c6d38183d6754b0a7b90527d085a500680e7d2ea
Author: Rich Salz 
Date:   Wed Mar 28 15:34:16 2018 -0400

Rewrite the X509->alert mapping code

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/5780)

---

Summary of changes:
 ssl/ssl_locl.h   |   2 +-
 ssl/statem/statem_clnt.c |   2 +-
 ssl/statem/statem_lib.c  | 124 ++-
 ssl/statem/statem_srvr.c |   2 +-
 4 files changed, 62 insertions(+), 68 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1c3ee35..a9ef6c3 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2262,7 +2262,7 @@ __owur int ssl_get_server_cert_serverinfo(SSL *s,
   size_t *serverinfo_length);
 void ssl_set_masks(SSL *s);
 __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-__owur int ssl_verify_alarm_type(long type);
+__owur int ssl_x509err2alert(int type);
 void ssl_sort_cipher_list(void);
 int ssl_load_ciphers(void);
 __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 29db4bc..91b986f 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1898,7 +1898,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, 
PACKET *pkt)
  * set. The *documented* interface remains the same.
  */
 if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
-SSLfatal(s, ssl_verify_alarm_type(s->verify_result),
+SSLfatal(s, ssl_x509err2alert(s->verify_result),
  SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
  SSL_R_CERTIFICATE_VERIFY_FAILED);
 goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 190050c..44c9c2c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -19,6 +19,14 @@
 #include 
 #include 
 
+/*
+ * Map error codes to TLS/SSL alart types.
+ */
+typedef struct x509err2alert_st {
+int x509err;
+int alert;
+} X509ERR2ALERT;
+
 /* Fixed value used in the ServerHello random field to identify an HRR */
 const unsigned char hrrrandom[] = {
 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02,
@@ -1277,73 +1285,59 @@ int tls_get_message_body(SSL *s, size_t *len)
 return 1;
 }
 
-int ssl_verify_alarm_type(long type)
+static const X509ERR2ALERT x509table[] = {
+{X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
+{X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+{X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED},
+{X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+{X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+{X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+{X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE},
+{X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR},
+{X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+{X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA},
+{X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,

[openssl-commits] Build completed: openssl master.16821

2018-03-28 Thread AppVeyor 


Build openssl master.16821 completed



Commit 737be1d0b3 by Dr. Matthias St. Pierre on 3/28/2018 2:23 PM:

RAND_DRBG_new.pod: fix doc-nits  [fixup]


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.16820

2018-03-28 Thread AppVeyor 



Build openssl master.16820 failed


Commit af3d76476a by Richard Levitte on 3/28/2018 2:19 PM:

fixup! Faster fuzz test: teach the fuzz test programs to handle directories


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-28 Thread Matt Caswell 
The branch master has been updated
   via  92565101ca7bc1587ff1d87f9efa8aa1cfbe62f7 (commit)
  from  dcf8b01f44c4dc5f76ea72093261b61d8a34601b (commit)


- Log -
commit 92565101ca7bc1587ff1d87f9efa8aa1cfbe62f7
Author: Matt Caswell 
Date:   Tue Mar 27 17:31:56 2018 +0100

Remove some code

This commit removes the contribution of a user that we cannot trace to
gain their consent for the licence change.

After this commit the various IS_*() macros in the auto-generated file
conf_def.h may incorrectly return true if the supplied character has its
most significant bit set. The IS_*() macros should be able to correctly
handle 8-bit characters. Note that UTF-8 support is not a requirement.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/5767)

---

Summary of changes:
 crypto/conf/conf_def.h | 42 --
 crypto/conf/keysets.pl | 19 +++
 2 files changed, 11 insertions(+), 50 deletions(-)

diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index f0734ec..aa14d4a 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -21,7 +21,6 @@
 #define CONF_COMMENT  128
 #define CONF_FCOMMENT 2048
 #define CONF_EOF  8
-#define CONF_HIGHBIT  4096
 #define CONF_ALPHA(CONF_UPPER|CONF_LOWER)
 #define CONF_ALNUM(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
 #define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
@@ -29,9 +28,9 @@
 #define KEYTYPES(c)   ((const unsigned short *)((c)->meth_data))
 
 #ifndef CHARSET_EBCDIC
-# define CVT(a) ((a) & 0xFF)
+# define CVT(a) ((a) & 0x7F)
 #else
-# define CVT(a) os_toascci[(a) & 0FF]
+# define CVT(a) os_toascci[(a) & 0x7F]
 #endif
 
 #define IS_COMMENT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_COMMENT)
@@ -44,9 +43,8 @@
 #define IS_ALNUM_PUNCT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ALNUM_PUNCT)
 #define IS_QUOTE(c,a)   (KEYTYPES(c)[CVT(a)] & CONF_QUOTE)
 #define IS_DQUOTE(c,a)  (KEYTYPES(c)[CVT(a)] & CONF_DQUOTE)
-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_HIGHBIT)
 
-static const unsigned short CONF_type_default[256] = {
+static const unsigned short CONF_type_default[128] = {
 0x0008, 0x, 0x, 0x, 0x, 0x, 0x, 0x,
 0x, 0x0010, 0x0010, 0x, 0x, 0x0010, 0x, 0x,
 0x, 0x, 0x, 0x, 0x, 0x, 0x, 0x,
@@ -63,25 +61,9 @@ static const unsigned short CONF_type_default[256] = {
 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
 0x0004, 0x0004, 0x0004, 0x, 0x0200, 0x, 0x0200, 0x,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
 };
 
-static const unsigned short CONF_type_win32[256] = {
+static const unsigned short CONF_type_win32[128] = {
 0x0008, 0x, 0x, 0x, 0x, 0x, 0x, 0x,
 0x, 0x0010, 0x0010, 0x, 0x, 0x0010, 0x, 0x,
 0x, 0x, 0x, 0x, 0x, 0x, 0x, 0x,
@@ -98,20 +80,4 @@ static const unsigned short CONF_type_win32[256] = {
 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
 0x0004, 0x0004, 0x0004, 0x, 0x0200, 0x, 0x0200, 0x,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-0x1000, 0x1000, 0x1000, 0x1000, 0x1000,

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-03-28 Thread Matt Caswell 
The branch OpenSSL_1_1_0-stable has been updated
   via  e9d26dc85238c071117d911704f5f769e79b46a1 (commit)
  from  cdabf89acf65040560e0242cb70d945f3f3bdd5c (commit)


- Log -
commit e9d26dc85238c071117d911704f5f769e79b46a1
Author: Matt Caswell 
Date:   Tue Mar 13 17:23:10 2018 +

Tolerate a Certificate using a non-supported group on server side

If a server has been configured to use an ECDSA certificate, we should
allow it regardless of whether the server's own supported groups list
includes the certificate's group.

Fixes #2033

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5607)

---

Summary of changes:
 ssl/t1_lib.c | 30 +-
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7a5721a..dc4e652 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -490,13 +490,16 @@ static int tls1_set_ec_id(unsigned char *curve_id, 
unsigned char *comp_id,
 return 1;
 }
 
+# define DONT_CHECK_OWN_GROUPS  0
+# define CHECK_OWN_GROUPS   1
 /* Check an EC key is compatible with extensions */
-static int tls1_check_ec_key(SSL *s,
- unsigned char *curve_id, unsigned char *comp_id)
+static int tls1_check_ec_key(SSL *s, unsigned char *curve_id,
+ unsigned char *comp_id, int check_own_groups)
 {
 const unsigned char *pformats, *pcurves;
 size_t num_formats, num_curves, i;
 int j;
+
 /*
  * If point formats extension present check it, otherwise everything is
  * supported (see RFC4492).
@@ -513,8 +516,12 @@ static int tls1_check_ec_key(SSL *s,
 }
 if (!curve_id)
 return 1;
+
+if (!s->server && !check_own_groups)
+return 1;
+
 /* Check curve is consistent with client and server preferences */
-for (j = 0; j <= 1; j++) {
+for (j = check_own_groups ? 0 : 1; j <= 1; j++) {
 if (!tls1_get_curvelist(s, j, , _curves))
 return 0;
 if (j == 1 && num_curves == 0) {
@@ -579,9 +586,12 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int 
set_ee_md)
 return 0;
 /*
  * Can't check curve_id for client certs as we don't have a supported
- * curves extension.
+ * curves extension. For server certs we will tolerate certificates that
+ * aren't in our own list of curves. If we've been configured to use an EC
+ * cert then we should use it - therefore we use DONT_CHECK_OWN_GROUPS 
here.
  */
-rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, _id);
+rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, _id,
+   DONT_CHECK_OWN_GROUPS);
 if (!rv)
 return 0;
 /*
@@ -644,7 +654,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 return 0;
 curve_id[0] = 0;
 /* Check this curve is acceptable */
-if (!tls1_check_ec_key(s, curve_id, NULL))
+if (!tls1_check_ec_key(s, curve_id, NULL, CHECK_OWN_GROUPS))
 return 0;
 return 1;
 }
@@ -746,8 +756,9 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned 
char **psigs)
 }
 
 /*
- * Check signature algorithm is consistent with sent supported signature
- * algorithms and if so return relevant digest.
+ * Check signature algorithm received from the peer with a signature is
+ * consistent with the sent supported signature algorithms and if so return
+ * relevant digest.
  */
 int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 const unsigned char *sig, EVP_PKEY *pkey)
@@ -769,7 +780,8 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 /* Check compression and curve matches extensions */
 if (!tls1_set_ec_id(curve_id, _id, EVP_PKEY_get0_EC_KEY(pkey)))
 return 0;
-if (!s->server && !tls1_check_ec_key(s, curve_id, _id)) {
+if (!s->server && !tls1_check_ec_key(s, curve_id, _id,
+ CHECK_OWN_GROUPS)) {
 SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
 return 0;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.16815

2018-03-28 Thread AppVeyor 


Build openssl master.16815 completed



Commit 13b9dfcc19 by Richard Levitte on 3/28/2018 12:46 PM:

Revert "util/dofile.pl: only quote stuff that actually needs quoting"


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-28 Thread Matt Caswell 
The branch master has been updated
   via  dcf8b01f44c4dc5f76ea72093261b61d8a34601b (commit)
  from  7814cdf3ebc0bae649cc46f279ac4e4369d309de (commit)


- Log -
commit dcf8b01f44c4dc5f76ea72093261b61d8a34601b
Author: Matt Caswell 
Date:   Mon Mar 12 17:15:25 2018 +

Tolerate a Certificate using a non-supported group on server side

If a server has been configured to use an ECDSA certificate, we should
allow it regardless of whether the server's own supported groups list
includes the certificate's group.

Fixes #2033

Reviewed-by: Rich Salz 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/5601)

---

Summary of changes:
 ssl/ssl_locl.h|   2 +-
 ssl/statem/statem_clnt.c  |   3 +-
 ssl/t1_lib.c  |  24 +-
 test/ssl-tests/20-cert-select.conf| 859 ++
 test/ssl-tests/20-cert-select.conf.in |  44 ++
 5 files changed, 524 insertions(+), 408 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index eae5788..1c3ee35 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2453,7 +2453,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 #  ifndef OPENSSL_NO_EC
 
 __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
-__owur int tls1_check_group_id(SSL *s, uint16_t group_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int 
check_own_curves);
 __owur uint16_t tls1_shared_group(SSL *s, int nmatch);
 __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index e940fc8..29db4bc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2192,7 +2192,8 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, 
EVP_PKEY **pkey)
  * Check curve is named curve type and one of our preferences, if not
  * server has sent an invalid curve.
  */
-if (curve_type != NAMED_CURVE_TYPE || !tls1_check_group_id(s, curve_id)) {
+if (curve_type != NAMED_CURVE_TYPE
+|| !tls1_check_group_id(s, curve_id, 1)) {
 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
  SSL_R_WRONG_CURVE);
 return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 174d7de..cf5f783 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -467,7 +467,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 }
 
 /* Check a group id matches preferences */
-int tls1_check_group_id(SSL *s, uint16_t group_id)
+int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
 {
 const uint16_t *groups;
 size_t groups_len;
@@ -491,10 +491,12 @@ int tls1_check_group_id(SSL *s, uint16_t group_id)
 }
 }
 
-/* Check group is one of our preferences */
-tls1_get_supported_groups(s, , _len);
-if (!tls1_in_list(group_id, groups, groups_len))
-return 0;
+if (check_own_groups) {
+/* Check group is one of our preferences */
+tls1_get_supported_groups(s, , _len);
+if (!tls1_in_list(group_id, groups, groups_len))
+return 0;
+}
 
 if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
 return 0;
@@ -554,7 +556,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int 
check_ee_md)
 if (!tls1_check_pkey_comp(s, pkey))
 return 0;
 group_id = tls1_get_group_id(pkey);
-if (!tls1_check_group_id(s, group_id))
+/*
+ * For a server we allow the certificate to not be in our list of supported
+ * groups.
+ */
+if (!tls1_check_group_id(s, group_id, !s->server))
 return 0;
 /*
  * Special case for suite B. We *MUST* sign using SHA256+P-256 or
@@ -601,9 +607,9 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
  * curves permitted.
  */
 if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-return tls1_check_group_id(s, TLSEXT_curve_P_256);
+return tls1_check_group_id(s, TLSEXT_curve_P_256, 1);
 if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-return tls1_check_group_id(s, TLSEXT_curve_P_384);
+return tls1_check_group_id(s, TLSEXT_curve_P_384, 1);
 
 return 0;
 }
@@ -979,7 +985,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY 
*pkey)
 }
 if (!SSL_IS_TLS13(s)) {
 /* Check curve matches extensions */
-if (!tls1_check_group_id(s, tls1_get_group_id(pkey))) {
+if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
  SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
 return 0;

[openssl-commits] [openssl] master update

2018-03-28 Thread Matt Caswell 
The branch master has been updated
   via  7814cdf3ebc0bae649cc46f279ac4e4369d309de (commit)
  from  e6e9170d6e28038768895e1af18e3aad8093bf4b (commit)


- Log -
commit 7814cdf3ebc0bae649cc46f279ac4e4369d309de
Author: Matt Caswell 
Date:   Tue Mar 27 22:37:19 2018 +0100

Revert "Temporarily disable some tests that hang"

This reverts commit 37a385956461ab526ecea2739a8a40364a8db259.

These tests should now be fixed by commit e6e9170d6.

Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/5765)

---

Summary of changes:
 test/recipes/99-test_fuzz.t | 4 
 util/perl/TLSProxy/Proxy.pm | 5 -
 2 files changed, 9 deletions(-)

diff --git a/test/recipes/99-test_fuzz.t b/test/recipes/99-test_fuzz.t
index 02fa140..9322ff7 100644
--- a/test/recipes/99-test_fuzz.t
+++ b/test/recipes/99-test_fuzz.t
@@ -15,10 +15,6 @@ use OpenSSL::Test::Utils;
 
 setup("test_fuzz");
 
-# TODO  Remove this line
-plan skip_all => "TLSProxy isn't usable on $^O";
-# TODO  Remove this line
-
 my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'client', 'conf', 
'crl', 'server', 'x509');
 if (!disabled("cms")) {
 push @fuzzers, 'cms';
diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index 55d45a8..0b90159 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -68,11 +68,6 @@ sub new
 message_list => [],
 };
 
-### TODO  REMOVE THIS AGAIN
-warn "Proxy tests temporarily disabled!\n";
-$self->{proxy_sock} = 0;
-return bless $self, $class;
-### TODO  REMOVE THIS AGAIN
 # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
 # However, IO::Socket::INET6 is older and is said to be more widely
 # deployed for the moment, and may have less bugs, so we try the latter
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.16814

2018-03-28 Thread AppVeyor 



Build openssl master.16814 failed


Commit c2e2d6fa38 by Richard Levitte on 3/28/2018 8:38 AM:

.travis.yml: with fast fuzz testing, there is no point avoiding it


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

2018-03-28 Thread Matt Caswell 
The branch master has been updated
   via  fbf4b00f0993c7922ceb639f281a501169464f75 (commit)
  from  3c38191688d11d556dee96ddf3c9edf87491d52b (commit)


- Log -
commit fbf4b00f0993c7922ceb639f281a501169464f75
Author: Matt Caswell 
Date:   Wed Mar 28 10:39:04 2018 +0100

Add a reminder to include a link to the advisory in newflash.txt

---

Summary of changes:
 release-tools/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index 93888cf..c10cb75 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -94,7 +94,8 @@ The changes in this section should be made in your copy of 
the web repo.
 
 Update the news/newsflash.txt file. This normally is one or two lines. Just
 copy and paste existing announcements making minor changes for the date and
-version number as necessary.
+version number as necessary. If there is an advisory then ensure you include a
+link to it.
 
 Update the news/vulnerabilities.xml file if appropriate.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2018-03-28 Thread Matt Caswell 
The branch master has been updated
   via  4ac275863a6dc09118532264420face062534d74 (commit)
  from  b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit)


- Log -
commit 4ac275863a6dc09118532264420face062534d74
Author: Matt Caswell 
Date:   Wed Mar 28 10:37:47 2018 +0100

Add a link to the advisory

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index f7fd9a1..c48a7e4 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+27-Mar-2018: Security Advisory: 
several security fixes
 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
 27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security
 release due on 27th March 2018
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits