Still Failing: openssl/openssl#28981 (OpenSSL_1_1_1-stable - f1fd279)
Travis CI
builds at travis-ci.org
Mon Oct 7 08:03:51 UTC 2019
Build Update for openssl/openssl
-------------------------------------
Build: #28981
Status: Still Failing
Duration: 33 mins and 23 secs
Commit: f1fd279 (OpenSSL_1_1_1-stable)
Author: Matt Caswell
Message: Send bad_record_mac instead of decryption_failed
The decryption failed alert was deprecated a long time ago. It can
provide an attacker too much information to be able to distinguish between
MAC failures and decryption failures and can lead to oracle attacks.
Instead we should always use the bad_record_mac alert for these issues.
This fixes one instance that still exists. It does not represent a
security issue in this case because it is only ever sent if the record is
publicly invalid, i.e. we have detected it is invalid without using any
secret material.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10093)
(cherry picked from commit 37133290832ac2d1389926eba7325125fdacbe8d)
View the changeset: https://github.com/openssl/openssl/compare/a10765c2e0e9...f1fd279cceb9
View the full build log and details: https://travis-ci.org/openssl/openssl/builds/594452416?utm_medium=notification&utm_source=email
--
You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20191007/55281312/attachment-0001.html>
More information about the openssl-commits
mailing list