Failed: openssl/openssl#33206 (master - cde63b7)
Build Update for openssl/openssl - Build: #33206 Status: Failed Duration: 1 hr, 15 mins, and 56 secs Commit: cde63b7 (master) Author: Rich Salz Message: Extend Travis build time-out - Add travis_wait to the build command - And travis_retry to some apt-get commands. - Use `make _tests` instead of `make test` Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11319) View the changeset: https://github.com/openssl/openssl/compare/244bc29746c8...cde63b731575 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/663720437?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Failed: openssl/openssl#33205 (master - 244bc29)
Build Update for openssl/openssl - Build: #33205 Status: Failed Duration: 1 hr, 12 mins, and 9 secs Commit: 244bc29 (master) Author: Matt Caswell Message: Implement serializers for ED25519 and ED448 This is largely based on the existing X25519 and X448 serializers - but a few adjustments were necessary so that we can identify what type of key we are using. Previously we used the keylen for this but X25519 and ED25519 have the same keylen. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11272) View the changeset: https://github.com/openssl/openssl/compare/b3e6d666e351...244bc29746c8 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/663719200?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via cde63b731575e6be41b3f94bcd9fa941cdc45488 (commit) from 244bc29746c83e76e2fba542ca87552b8aef5c5f (commit) - Log - commit cde63b731575e6be41b3f94bcd9fa941cdc45488 Author: Rich Salz Date: Wed Mar 11 14:17:00 2020 -0400 Extend Travis build time-out - Add travis_wait to the build command - And travis_retry to some apt-get commands. - Use `make _tests` instead of `make test` Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11319) --- Summary of changes: .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index f77f8c7586..e6817e4d82 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,10 +11,10 @@ git: before_install: - if [ -n "$COVERALLS" ]; then - pip install --user cpp-coveralls; + travis_retry pip install --user cpp-coveralls; fi; - if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then - git submodule update --init --recursive; + travis_retry git submodule update --init --recursive; fi; - eval "${MATRIX_EVAL}" @@ -246,7 +246,7 @@ script: if [ -e krb5/src ]; then sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh; fi; - if ! HARNESS_VERBOSE_FAILURE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then + if ! HARNESS_VERBOSE_FAILURE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner travis_wait 60 make _tests; then echo -e '\052\052 FAILED -- MAKE TEST'; travis_terminate 1; fi;
[openssl] master update
The branch master has been updated via 244bc29746c83e76e2fba542ca87552b8aef5c5f (commit) from b3e6d666e351d45e93d29fe3813245b92a0f5815 (commit) - Log - commit 244bc29746c83e76e2fba542ca87552b8aef5c5f Author: Matt Caswell Date: Wed Mar 18 08:40:33 2020 +1000 Implement serializers for ED25519 and ED448 This is largely based on the existing X25519 and X448 serializers - but a few adjustments were necessary so that we can identify what type of key we are using. Previously we used the keylen for this but X25519 and ED25519 have the same keylen. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11272) --- Summary of changes: crypto/ec/ecx_key.c| 18 +++- crypto/ec/ecx_meth.c | 15 ++-- include/crypto/ecx.h | 20 - providers/defltprov.c | 26 ++ .../implementations/include/prov/implementations.h | 14 +++ providers/implementations/keymgmt/ecx_kmgmt.c | 8 +- .../serializers/serializer_common.c| 1 + .../implementations/serializers/serializer_ecx.c | 32 +-- .../serializers/serializer_ecx_priv.c | 25 -- .../serializers/serializer_ecx_pub.c | 21 - .../implementations/serializers/serializer_local.h | 7 +- test/evp_pkey_provided_test.c | 96 +++-- .../30-test_evp_pkey_provided/ED25519.priv.der | Bin 0 -> 48 bytes .../30-test_evp_pkey_provided/ED25519.priv.pem | 3 + .../30-test_evp_pkey_provided/ED25519.priv.txt | 9 ++ .../30-test_evp_pkey_provided/ED25519.pub.der | Bin 0 -> 44 bytes .../30-test_evp_pkey_provided/ED25519.pub.pem | 3 + .../30-test_evp_pkey_provided/ED25519.pub.txt | 5 ++ .../30-test_evp_pkey_provided/ED448.priv.der | Bin 0 -> 73 bytes .../30-test_evp_pkey_provided/ED448.priv.pem} | 0 .../30-test_evp_pkey_provided/ED448.priv.txt | 11 +++ .../30-test_evp_pkey_provided/ED448.pub.der| Bin 0 -> 69 bytes .../30-test_evp_pkey_provided/ED448.pub.pem} | 0 .../30-test_evp_pkey_provided/ED448.pub.txt| 6 ++ 24 files changed, 279 insertions(+), 41 deletions(-) create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.priv.der create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.priv.pem create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.priv.txt create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.pub.der create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.pub.pem create mode 100644 test/recipes/30-test_evp_pkey_provided/ED25519.pub.txt create mode 100644 test/recipes/30-test_evp_pkey_provided/ED448.priv.der copy test/{tested448.pem => recipes/30-test_evp_pkey_provided/ED448.priv.pem} (100%) create mode 100644 test/recipes/30-test_evp_pkey_provided/ED448.priv.txt create mode 100644 test/recipes/30-test_evp_pkey_provided/ED448.pub.der copy test/{tested448pub.pem => recipes/30-test_evp_pkey_provided/ED448.pub.pem} (100%) create mode 100644 test/recipes/30-test_evp_pkey_provided/ED448.pub.txt diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index 59643cc6ad..0b43d26ae4 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -10,7 +10,7 @@ #include #include "crypto/ecx.h" -ECX_KEY *ecx_key_new(size_t keylen, int haspubkey) +ECX_KEY *ecx_key_new(ECX_KEY_TYPE type, int haspubkey) { ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -18,7 +18,21 @@ ECX_KEY *ecx_key_new(size_t keylen, int haspubkey) return NULL; ret->haspubkey = haspubkey; -ret->keylen = keylen; +switch (type) { +case ECX_KEY_TYPE_X25519: +ret->keylen = X25519_KEYLEN; +break; +case ECX_KEY_TYPE_X448: +ret->keylen = X448_KEYLEN; +break; +case ECX_KEY_TYPE_ED25519: +ret->keylen = ED25519_KEYLEN; +break; +case ECX_KEY_TYPE_ED448: +ret->keylen = ED448_KEYLEN; +break; +} +ret->type = type; ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index f107df3aa4..5f85927bd0 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -31,6 +31,11 @@ #define KEYLENID(id)(IS25519(id) ? X25519_KEYLEN \ : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ : ED448_KEYLEN)) +#define KEYNID2TYPE(id) \ +(IS25519(id) ? ECX_KEY_TYPE_X25519 \ + : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ + : ((id) == EVP_PKEY_ED25519 ? ECX_KEY_TYPE_ED25519 \ +
Still FAILED build of OpenSSL branch master with options -d --strict-warnings
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Commit log since last time: b3e6d666e3 sslapitest: don't leak the SSL_CTX pair Build log ended with (last 100 lines):
Passed: openssl/openssl#33200 (OpenSSL_1_1_1e - a61eba4)
Build Update for openssl/openssl - Build: #33200 Status: Passed Duration: 28 mins and 47 secs Commit: a61eba4 (OpenSSL_1_1_1e) Author: Matt Caswell Message: Prepare for 1.1.1e release Reviewed-by: Paul Yang View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_1e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/663541877?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[web] master update
The branch master has been updated via b0b2c557bf523fc71a3f0393fb77fcd84b68c7a1 (commit) from 2e05fdcbb7391972e356b5ea43174e346b9ceca1 (commit) - Log - commit b0b2c557bf523fc71a3f0393fb77fcd84b68c7a1 Author: Matt Caswell Date: Tue Mar 17 13:31:21 2020 + Update website for new release Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/158) --- Summary of changes: news/newsflash.txt | 1 + news/vulnerabilities.xml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 3ca8706..b07108b 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +17-Mar-2020: OpenSSL 1.1.1e is now available, including bug and security fixes 17-Feb-2020: New Blog post: https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/;>QUIC and OpenSSL 20-Dec-2019: OpenSSL 1.0.2u is now available, including security fixes 06-Dec-2019: Security Advisory: one low severity fix diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 60bfd33..08897ed 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -37,7 +37,7 @@ - +
[openssl] OpenSSL_1_1_1e create
The annotated tag OpenSSL_1_1_1e has been created at b1632d3a3eb3a7a70e6cbec3a06bf0d43878d953 (tag) tagging a61eba4814fb748ad67e90e81c005ffb09b67d3d (commit) replaces OpenSSL_1_1_1d tagged by Matt Caswell on Tue Mar 17 14:31:17 2020 + - Log - OpenSSL 1.1.1e release tag -BEGIN PGP SIGNATURE- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5w3zURHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJEvEAf+IJjR6gOC9PNg1fQC8+KGBT8Dh5R0Xja5 Uuo3/qY6XWgjy/E24LtNZuENHRWeq9YpS0zY8alGIlpIjhVrsTvCn4QooWctvgB6 ctaK9nDxCsqmGTGx6fQnyvjOSzV959kEkRonrIhoovhxXcXOWyewOC0c2nUG9fhW glkxEKjFy191XwpTqzSw4pyt7ri/be8hhB/e1LBmST5uaMOAQzEvebwfZV7CWb0z PUTruj6OFLE/jsoZuoz42nNwixmH1dAddDqqj0oS87WBW7C7WlBbLo/IuHCpCXfX mVid93EOOJ0sagDh300KMHpz3E7KlFmPyVL1uD90+kfPUJ2Zk8wuyw== =8V3x -END PGP SIGNATURE- Andrew Hoang (1): Fix incorrect return code on ECDSA key verification Andy Polyakov (1): Fix an overflow bug in rsaz_512_sqr Anthony Hu (1): Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify Antoine Salon (1): Add missing EVP_MD documentation Artiom Vaskov (1): ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds. Bastian Germann (2): apps x509: restrict CAkeyform option to OPT_FMT_PDE apps x509: passing PKCS#11 URL as -signkey Ben Kaduk (1): sslapitest: don't leak the SSL_CTX pair Benjamin Kaduk (10): Fix a race condition in SNI handling Update the krb5 submodule Update SSL_CTX_sess_set_new_cb(3) docs for refcounts openssl-config: add example libssl system-defaults Additional updates to SSL_CTX_sess_set_get_cb.pod doc: fix spelling of TYPE_get_ex_new_index Fix whitespace nit in ssl_generate_master_secret() Don't write to the session when computing TLS 1.3 keys Code to thread-safety in ChangeCipherState Add test that changes ciphers on CCS Bernd Edlinger (32): Fix potential memory leaks with BN_to_ASN1_INTEGER Add a minimal windows build config for AppVeyor Add a minimal linux build target for Travis Fix building statically without any dso support Fix iOS simulator build Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read Fix sha512_block_data_order_avx2 backtrace info Improve the overflow handling in rsaz_512_sqr Add a test case for rsaz_512_sqr overflow handling Add a CHANGES entry for CVE-2019-1551 Fix unwind info for some trivial functions Add some missing cfi frame info in camellia-x86_64.pl Add some missing cfi frame info in x86_64-mont5.pl Add some missing cfi frame info in rsaz-x86_64 Add some missing cfi frame info in aesni-x86_64.pl Add some missing cfi frame info in keccak1600-x86_64.pl Add some missing cfi frame info in aesni-sha and sha-x86_64.pl Add some missing cfi frame info in ecp_nistz256-x86_64.pl Fix aesni_cbc_sha256_enc_avx2 backtrace info Add some missing cfi frame info in x25519-x86_64.pl Add some missing cfi frame info in aesni-gcm-x86_64.pl Add some missing cfi frame info in poly1305-x86_64.pl Add some missing cfi frame info in rc4-md5-x86_64.pl Fix a race condition in the speed command Fix side channel in ecp_nistz256-x86.pl Fix side channel in ecp_nistz256-armv4.pl Improve side channel fix in ecp_nistz256-x86_64.pl Fix side channel in the ecp_nistz256.c reference implementation Fix TLS not using aes_cbc_hmac_sha ciphers Remove remaining references to crypto/include Adjust minimal build config in 1.1.1 branch This works around a gcc-9 crash Billy Brumley (1): [crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1 Cesar Pereida Garcia (6): [crypto/asn1/x_bignum.c] Explicit test against NULL Unify BN_rshift design Constant-time GCD function. Add GCD testing infrastructure. Update control logic for BN_gcd Enable runtime testing of no-deprecated builds in Travis Christian Heimes (2): doc: EVP_DigestInit clears all flags Add test cases for min/max protocol API Daniil Zotkin (1): Do not print extensions in Certificate message for TLS1.2 and lower David Benjamin (3): Document and add macros for additional DSA options Avoid leaking intermediate states in point doubling special case. Do not silently truncate files on perlasm errors David Makepeace (1): Fix type name typo in d2i/i2d documentation. Davide Galassi (1): Prevent compiler warning for unused static function. Dmitry Belyavskiy (3): Workaround for Windows-based GOST implementations Difference between EVP_CipherInit and EVP_CipherInit_ex Parse large GOST ClientKeyExchange messages Dr. David von Oheimb (1): fix a glitch in the documentation of
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 9e1eaa4a400633409322ed843ca63be799cad341 (commit) via a61eba4814fb748ad67e90e81c005ffb09b67d3d (commit) from e7ff223a20697e5a401d2d9bb7a75e699ed46633 (commit) - Log - commit 9e1eaa4a400633409322ed843ca63be799cad341 Author: Matt Caswell Date: Tue Mar 17 14:32:46 2020 + Prepare for 1.1.1f-dev Reviewed-by: Paul Yang commit a61eba4814fb748ad67e90e81c005ffb09b67d3d Author: Matt Caswell Date: Tue Mar 17 14:31:17 2020 + Prepare for 1.1.1e release Reviewed-by: Paul Yang --- Summary of changes: CHANGES| 6 +- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 005ea56d40..2d1d13f7fb 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1d and 1.1.1e [xx XXX ] + Changes between 1.1.1e and 1.1.1f [xx XXX ] + + *) + + Changes between 1.1.1d and 1.1.1e [17 Mar 2020] *) Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add diff --git a/NEWS b/NEWS index 2d2cf66c60..64722d5e92 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development] + Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] + + o + + Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] o Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1551) diff --git a/README b/README index dc608cc25e..01a6af9ec2 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1e-dev + OpenSSL 1.1.1f-dev Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 032fb78c1c..4af9a41c75 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101050L -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1e-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10101060L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1f-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...)
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via e7ff223a20697e5a401d2d9bb7a75e699ed46633 (commit) from 48a09ebc273f98380a7578c4243adc0e14f8f2db (commit) - Log - commit e7ff223a20697e5a401d2d9bb7a75e699ed46633 Author: Matt Caswell Date: Tue Mar 17 13:59:29 2020 + Update copyright year Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/11344) --- Summary of changes: Configure | 2 +- apps/pkeyutl.c | 2 +- apps/s_cb.c | 2 +- apps/speed.c| 2 +- apps/x509.c | 2 +- config | 2 +- crypto/aes/asm/aes-armv4.pl | 2 +- crypto/aes/asm/aes-c64xplus.pl | 2 +- crypto/aes/asm/aes-mips.pl | 2 +- crypto/aes/asm/aes-parisc.pl| 2 +- crypto/aes/asm/aes-ppc.pl | 2 +- crypto/aes/asm/aes-s390x.pl | 2 +- crypto/aes/asm/aes-sparcv9.pl | 2 +- crypto/aes/asm/aesfx-sparcv9.pl | 2 +- crypto/aes/asm/aesni-mb-x86_64.pl | 2 +- crypto/aes/asm/aesni-sha1-x86_64.pl | 2 +- crypto/aes/asm/aesni-sha256-x86_64.pl | 2 +- crypto/aes/asm/aesni-x86.pl | 2 +- crypto/aes/asm/aesni-x86_64.pl | 2 +- crypto/aes/asm/aesp8-ppc.pl | 2 +- crypto/aes/asm/aest4-sparcv9.pl | 2 +- crypto/aes/asm/aesv8-armx.pl| 2 +- crypto/aes/asm/bsaes-armv7.pl | 2 +- crypto/aes/asm/vpaes-armv8.pl | 2 +- crypto/aes/asm/vpaes-ppc.pl | 2 +- crypto/aes/asm/vpaes-x86.pl | 2 +- crypto/aes/asm/vpaes-x86_64.pl | 2 +- crypto/alphacpuid.pl| 2 +- crypto/arm64cpuid.pl| 2 +- crypto/armv4cpuid.pl| 2 +- crypto/asn1/asn1_par.c | 2 +- crypto/asn1/asn_mime.c | 2 +- crypto/bf/asm/bf-586.pl | 2 +- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_conn.c | 2 +- crypto/bio/bss_fd.c | 2 +- crypto/bio/bss_sock.c | 2 +- crypto/bn/asm/alpha-mont.pl | 2 +- crypto/bn/asm/armv4-gf2m.pl | 2 +- crypto/bn/asm/armv4-mont.pl | 2 +- crypto/bn/asm/armv8-mont.pl | 2 +- crypto/bn/asm/bn-586.pl | 2 +- crypto/bn/asm/c64xplus-gf2m.pl | 2 +- crypto/bn/asm/co-586.pl | 2 +- crypto/bn/asm/ia64-mont.pl | 2 +- crypto/bn/asm/mips-mont.pl | 2 +- crypto/bn/asm/mips.pl | 2 +- crypto/bn/asm/parisc-mont.pl| 2 +- crypto/bn/asm/ppc-mont.pl | 2 +- crypto/bn/asm/ppc.pl| 2 +- crypto/bn/asm/ppc64-mont.pl | 2 +- crypto/bn/asm/rsaz-avx2.pl | 2 +- crypto/bn/asm/rsaz-x86_64.pl| 2 +- crypto/bn/asm/s390x-gf2m.pl | 2 +- crypto/bn/asm/s390x-mont.pl | 2 +- crypto/bn/asm/sparct4-mont.pl | 2 +- crypto/bn/asm/sparcv9-gf2m.pl | 2 +- crypto/bn/asm/sparcv9-mont.pl | 2 +- crypto/bn/asm/sparcv9a-mont.pl | 2 +- crypto/bn/asm/via-mont.pl | 2 +- crypto/bn/asm/vis3-mont.pl | 2 +- crypto/bn/asm/x86-gf2m.pl | 2 +- crypto/bn/asm/x86-mont.pl | 2 +- crypto/bn/asm/x86_64-gf2m.pl| 2 +- crypto/bn/asm/x86_64-mont.pl| 2 +- crypto/bn/asm/x86_64-mont5.pl | 2 +- crypto/c64xpluscpuid.pl | 2 +- crypto/camellia/asm/cmll-x86.pl | 2 +- crypto/camellia/asm/cmll-x86_64.pl | 2 +- crypto/camellia/asm/cmllt4-sparcv9.pl | 2 +- crypto/cast/asm/cast-586.pl | 2 +- crypto/chacha/asm/chacha-armv4.pl | 2 +- crypto/chacha/asm/chacha-armv8.pl | 2 +- crypto/chacha/asm/chacha-c64xplus.pl
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 48a09ebc273f98380a7578c4243adc0e14f8f2db (commit) via 5a77b55cdc142acad28b8e78db0d8990c0f48724 (commit) from 19599138463e910a9ee4cfa122e941752491ffc3 (commit) - Log - commit 48a09ebc273f98380a7578c4243adc0e14f8f2db Author: Matt Caswell Date: Tue Mar 17 11:24:20 2020 + Update CHANGES for the new release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/openssl/pull/11342) commit 5a77b55cdc142acad28b8e78db0d8990c0f48724 Author: Matt Caswell Date: Tue Mar 17 10:11:28 2020 + Update NEWS for the new release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/openssl/pull/11342) --- Summary of changes: CHANGES | 19 +++ NEWS| 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 8c29dfae55..005ea56d40 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,25 @@ release branch. Changes between 1.1.1d and 1.1.1e [xx XXX ] + *) Properly detect EOF while reading in libssl. Previously if we hit an EOF + while reading in libssl then we would report an error back to the + application (SSL_ERROR_SYSCALL) but errno would be 0. We now add + an error to the stack (which means we instead return SSL_ERROR_SSL) and + therefore give a hint as to what went wrong. + [Matt Caswell] + + *) Check that ed25519 and ed448 are allowed by the security level. Previously + signature algorithms not using an MD were not being checked that they were + allowed by the security level. + [Kurt Roeckx] + + *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() + was not quite right. The behaviour was not consistent between resumption + and normal handshakes, and also not quite consistent with historical + behaviour. The behaviour in various scenarios has been clarified and + it has been updated to make it match historical behaviour as closely as + possible. + [Matt Caswell] *) [VMS only] The header files that the VMS compilers include automatically, __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that diff --git a/NEWS b/NEWS index 4af390505d..2d2cf66c60 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development] - o + o Fixed an overflow bug in the x64_64 Montgomery squaring procedure +used in exponentiation with 512-bit moduli (CVE-2019-1551) Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
Errored: openssl/openssl#33184 (master - b3e6d66)
Build Update for openssl/openssl - Build: #33184 Status: Errored Duration: 50 mins and 30 secs Commit: b3e6d66 (master) Author: Ben Kaduk Message: sslapitest: don't leak the SSL_CTX pair We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11336) View the changeset: https://github.com/openssl/openssl/compare/0acaa795b3f5...b3e6d666e351 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/663432157?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Fixed: openssl/openssl#33185 (OpenSSL_1_1_1-stable - 1959913)
Build Update for openssl/openssl - Build: #33185 Status: Fixed Duration: 33 mins and 30 secs Commit: 1959913 (OpenSSL_1_1_1-stable) Author: Ben Kaduk Message: sslapitest: don't leak the SSL_CTX pair We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11336) (cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815) View the changeset: https://github.com/openssl/openssl/compare/2f0dab7e59cc...19599138463e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/663432191?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via b3e6d666e351d45e93d29fe3813245b92a0f5815 (commit) from 0acaa795b3f5e7f2d00c9adbcbf1a766ea179d64 (commit) - Log - commit b3e6d666e351d45e93d29fe3813245b92a0f5815 Author: Ben Kaduk Date: Mon Mar 16 11:02:14 2020 -0700 sslapitest: don't leak the SSL_CTX pair We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11336) --- Summary of changes: test/sslapitest.c | 10 +++--- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 642f676a45..886ed9ad67 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -655,7 +655,7 @@ end: * Very focused test to exercise a single case in the server-side state * machine, when the ChangeCipherState message needs to actually change * from one cipher to a different cipher (i.e., not changing from null - * encryption to reall encryption). + * encryption to real encryption). */ static int test_ccs_change_cipher(void) { @@ -710,12 +710,8 @@ static int test_ccs_change_cipher(void) * Now create a fresh connection and try to renegotiate a different * cipher on it. */ -if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, TLS1_2_VERSION, - , , cert, privkey)) -|| !TEST_true(create_ssl_objects(sctx, cctx, , , - NULL, NULL)) +if (!TEST_true(create_ssl_objects(sctx, cctx, , , + NULL, NULL)) || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 19599138463e910a9ee4cfa122e941752491ffc3 (commit) from 2f0dab7e59cc50c89b6d54962b81cf96c30fe725 (commit) - Log - commit 19599138463e910a9ee4cfa122e941752491ffc3 Author: Ben Kaduk Date: Mon Mar 16 11:02:14 2020 -0700 sslapitest: don't leak the SSL_CTX pair We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11336) (cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815) --- Summary of changes: test/sslapitest.c | 10 +++--- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index f109563325..21773aa934 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -596,7 +596,7 @@ end: * Very focused test to exercise a single case in the server-side state * machine, when the ChangeCipherState message needs to actually change * from one cipher to a different cipher (i.e., not changing from null - * encryption to reall encryption). + * encryption to real encryption). */ static int test_ccs_change_cipher(void) { @@ -651,12 +651,8 @@ static int test_ccs_change_cipher(void) * Now create a fresh connection and try to renegotiate a different * cipher on it. */ -if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, TLS1_2_VERSION, - , , cert, privkey)) -|| !TEST_true(create_ssl_objects(sctx, cctx, , , - NULL, NULL)) +if (!TEST_true(create_ssl_objects(sctx, cctx, , , + NULL, NULL)) || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))