[openssl-commits] Errored: openssl/openssl#9194 (master - f2bcff4)
Build Update for openssl/openssl - Build: #9194 Status: Errored Duration: 11 minutes and 17 seconds Commit: f2bcff4 (master) Author: Pauli Message: Update the cipher(1) documentation to explicitly state that the RSA cipher string means the same a kRSA. Reviewed-by: Andy PolyakovReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2821) View the changeset: https://github.com/openssl/openssl/compare/332dc4fa5e4d...f2bcff43bcd5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207208610 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#9195 (OpenSSL_1_1_0-stable - cc92ac7)
Build Update for openssl/openssl - Build: #9195 Status: Still Failing Duration: 15 minutes and 21 seconds Commit: cc92ac7 (OpenSSL_1_1_0-stable) Author: Pauli Message: Update the cipher(1) documentation to explicitly state that the RSA cipher string means the same a kRSA. Reviewed-by: Andy PolyakovReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2821) (cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769) View the changeset: https://github.com/openssl/openssl/compare/6c34c5f30bf5...cc92ac759c5a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207208894 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9193 (master - 332dc4f)
Build Update for openssl/openssl - Build: #9193 Status: Errored Duration: 12 minutes and 19 seconds Commit: 332dc4f (master) Author: Rich Salz Message: sh_malloc & sh_free prototype change to match POSIX CLA: trivial Reviewed-by: Andy PolyakovReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2823) View the changeset: https://github.com/openssl/openssl/compare/42f50fdf8aaf...332dc4fa5e4d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207208232 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9192 (master - 42f50fd)
Build Update for openssl/openssl - Build: #9192 Status: Errored Duration: 25 minutes and 15 seconds Commit: 42f50fd (master) Author: Matt Caswell Message: Silence some more clang warnings Reviewed-by: Tim Hudson(Merged from https://github.com/openssl/openssl/pull/2832) View the changeset: https://github.com/openssl/openssl/compare/30d1bab146ff...42f50fdf8aaf View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207204760 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via e8e45ed49ed6f2e23f9cf5d6e2e6e1e745308b94 (commit) from 91350ad5ca90fd9a6b449da682c7ecd8aaf24ae5 (commit) - Log - commit e8e45ed49ed6f2e23f9cf5d6e2e6e1e745308b94 Author: PauliDate: Thu Mar 2 12:52:44 2017 +1000 Update the cipher(1) documentation to explicitly state that the RSA cipher string means the same a kRSA. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2821) (cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769) --- Summary of changes: doc/apps/ciphers.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 9224557..35d40bb 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -179,7 +179,8 @@ When in doubt, include B in your cipherlist. =item B, B -cipher suites using RSA key exchange. +cipher suites using RSA key exchange or authentication. B is an alias for +B. =item B, B, B _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via cc92ac759c5a8c7303f29a24327404f7804350b2 (commit) from 6c34c5f30bf528237cb15ed634dc338412b51a76 (commit) - Log - commit cc92ac759c5a8c7303f29a24327404f7804350b2 Author: PauliDate: Thu Mar 2 12:52:44 2017 +1000 Update the cipher(1) documentation to explicitly state that the RSA cipher string means the same a kRSA. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2821) (cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769) --- Summary of changes: doc/apps/ciphers.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index c1d1cb2..e0ab291 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -219,7 +219,8 @@ When in doubt, include B in your cipherlist. =item B, B, B -Cipher suites using RSA key exchange, authentication or either respectively. +Cipher suites using RSA key exchange or authentication. B is an alias for +B. =item B, B, B _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f2bcff43bcd5b1e2632273ef8fea0900a15d7769 (commit) from 332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a (commit) - Log - commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769 Author: PauliDate: Thu Mar 2 12:52:44 2017 +1000 Update the cipher(1) documentation to explicitly state that the RSA cipher string means the same a kRSA. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2821) --- Summary of changes: doc/man1/ciphers.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index ecd5f95..6fea824 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -219,7 +219,8 @@ When in doubt, include B in your cipherlist. =item B, B, B -Cipher suites using RSA key exchange, authentication or either respectively. +Cipher suites using RSA key exchange or authentication. B is an alias for +B. =item B, B, B _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a (commit) from 42f50fdf8aaff297742f0b541408a89e33e31c6e (commit) - Log - commit 332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a Author: Rich SalzDate: Thu Mar 2 19:16:57 2017 -0500 sh_malloc & sh_free prototype change to match POSIX CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2823) --- Summary of changes: crypto/mem_sec.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 4a3f2a8..93bff90 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -52,8 +52,8 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL; * These are the functions that must be implemented by a secure heap (sh). */ static int sh_init(size_t size, int minsize); -static char *sh_malloc(size_t size); -static void sh_free(char *ptr); +static void *sh_malloc(size_t size); +static void sh_free(void *ptr); static void sh_done(void); static size_t sh_actual_size(char *ptr); static int sh_allocated(const char *ptr); @@ -476,7 +476,7 @@ static char *sh_find_my_buddy(char *ptr, int list) return chunk; } -static char *sh_malloc(size_t size) +static void *sh_malloc(size_t size) { ossl_ssize_t list, slist; size_t i; @@ -535,10 +535,10 @@ static char *sh_malloc(size_t size) return chunk; } -static void sh_free(char *ptr) +static void sh_free(void *ptr) { size_t list; -char *buddy; +void *buddy; if (ptr == NULL) return; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9190 (master - 30d1bab)
Build Update for openssl/openssl - Build: #9190 Status: Errored Duration: 18 minutes and 23 seconds Commit: 30d1bab (master) Author: Matt Caswell Message: Silence some clang warnings Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/2831) View the changeset: https://github.com/openssl/openssl/compare/83750d9b2b51...30d1bab146ff View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207202437 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 30d1bab146ffef92376f09b7372aac7a75281627 (commit) from 83750d9b2b51bb622138d48fc82eb408b64d8057 (commit) - Log - commit 30d1bab146ffef92376f09b7372aac7a75281627 Author: Matt CaswellDate: Thu Mar 2 23:53:30 2017 + Silence some clang warnings Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2831) --- Summary of changes: apps/s_server.c | 2 +- ssl/statem/extensions_srvr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 3190eab..57bae82 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -148,7 +148,7 @@ static int dtlslisten = 0; static char *psk_identity = "Client_identity"; char *psk_key = NULL; /* by default PSK is not used */ -int early_data = 0; +static int early_data = 0; static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c613143..83fb713 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -681,7 +681,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSL_SESSION *sess = NULL; unsigned int id, i; const EVP_MD *md = NULL; -uint32_t ticket_age, now, agesec, agems; +uint32_t ticket_age = 0, now, agesec, agems; /* * If we have no PSK kex mode that we recognise then we can't resume so _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings Commit log since last time: 83750d9 More early data documentation updates following feedback cd9f7f6 Update the API documentation for the latest early data changes 09f2887 Update early data API for writing to unauthenticated clients 0665b4e Rename SSL_write_early() to SSL_write_early_data() f533fbd Rename SSL_read_early() to SSL_read_early_data() ef466ac Updates to the early data documentation ade1e88 Updates to s_server and s_client for the latest early_data API changes 3eaa417 Make SSL_write_early_finish() an internal only function 5f98203 Add early_data tests f7e393b Various fixes required to allow SSL_write/SSL_read during early data d7f8783 Enable the server to call SSL_write() without stopping the ability to call SSL_read_early() 564547e Enable the client to call SSL_read() without stopping the ability to call SSL_write_early() 4004ce5 Introduce a new early_data state in the state machine bc908c6 Improve the early data sanity check in SSL_do_handshake() 6437b80 Add documentation for the new s_client and s_server early_data options 0a5ece5 Tighten sanity checks when calling early data functions fd6c102 Add documentation for the early data functions f5b519c Make SSL_get_early_data_status() take a const 46dcb94 Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a const fcc4757 Add a SSL_SESSION_get_max_early_data() function 7daf715 Don't attempt to write more early_data than we know the server will accept f637004 Only accept early_data if the negotiated ALPN is the same a832b5e Skip early_data if appropriate after a HelloRetryRequest 38df5a4 Don't accept early_data if we are going to issue a HelloRetryRequest 538bea6 Add extra validation parsing the server-to-client early_data extension 329114f Remove some TLSv1.3 TODOs that are no longer relevant 2c604cb Validate the ticket age for resumed sessions 6746648 Ensure the max_early_data option to s_server can be 0 bfa9a9a Provide a default value for max_early_data 70ef40a Check max_early_data against the amount of early data we actually receive 67f78ea Make sure we reset the read sequence when skipping records 1010936 Disallow handshake messages in the middle of early_data c117af6 Fix seg fault when sending early_data using CCM ciphersuites 576eb39 Get s_client to report on whether early data was accepted or not b2cc7f3 Implement client side parsing of the early_data extension e065518 Add a "-early_data" option to s_server fe5e20f Fix changing of the cipher state when dealing with early data 1ea4d09 Construct the server side early_data extension d781d24 Provide an SSL_read_early() function for reading early data 6cb4226 Change the cipher state when sending early data d49e23e Implement the early data changes required in tls13_change_cipher_state() 923ac82 Add an option to s_client to send early_data 0a87d0a Parse the early_data extension a4f376a Construct the early_data extension 49e7fe1 Provide functions to write early data 5d5b3fb Parse the ticket_early_data_info extension 29fac54 Teach SSL_trace() about the early_data_info extension 048b189 Add a -max_early_data option to s_server 3fc8d85 Construct the ticket_early_data_info extension 73fb82b Remove ref to err(7), update copyright. 51f5930 -precert doesn't work when configured no-ct, don't try to test it then a4c5f85 Fix the skip numbers in 80-test_ca.t b661175 Use the built in boolean type for CompressionExpected 439db0c Add compression tests f33f9dd Fix a compression bug c19602b Ensure that we never select compression in TLSv1.3 398b0bb Add LDAP support (RFC 4511) to s_client ("-starttls ldap") 8cfc21f Configurations/10-main.conf: omit redundant -lresolv from Solaris configs. 3e49ee2 bio/b_addr.c: omit private hstrerror. ea750b5 aes/aes_x86core.c: clarify reference implementation status. 5908555 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code. 36907ea CHANGES: mention CFI annotations. eac5414 bn/asm: clean up unused PA-RISC modules. 604c853 des/des_locl.h: clean up unused/irrelevant macros. a3004c8 Check for zero records and return immediately fd74aba appveyor.yml: streamline pull requests. 2844308 Configurations/50-masm.conf: add /nologo to ml64 command line. 45632ee Add NOTES.UNIX, with a description on how to deal with runpaths Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\""
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 6c34c5f30bf528237cb15ed634dc338412b51a76 (commit) from fcbcb8dd80d9e3c561ea3012abcc1859c936ce15 (commit) - Log - commit 6c34c5f30bf528237cb15ed634dc338412b51a76 Author: Rich SalzDate: Thu Mar 2 12:59:43 2017 -0500 Fix cherry-pick and put files in right place Also SLS_set_bio.pod got copied, remove the clone. [skip ci] Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2828) --- Summary of changes: doc/CT_POLICY_EVAL_CTX_new.pod | 111 --- doc/SCT_validate.pod | 98 - doc/SSL_CTX_set_ct_validation_callback.pod | 142 - doc/crypto/CT_POLICY_EVAL_CTX_new.pod | 21 +++- doc/crypto/SCT_validate.pod| 10 +- doc/crypto/SSL_set_bio.pod | 108 --- doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 8 +- 7 files changed, 30 insertions(+), 468 deletions(-) delete mode 100644 doc/CT_POLICY_EVAL_CTX_new.pod delete mode 100644 doc/SCT_validate.pod delete mode 100644 doc/SSL_CTX_set_ct_validation_callback.pod delete mode 100644 doc/crypto/SSL_set_bio.pod diff --git a/doc/CT_POLICY_EVAL_CTX_new.pod b/doc/CT_POLICY_EVAL_CTX_new.pod deleted file mode 100644 index fedc58d..000 --- a/doc/CT_POLICY_EVAL_CTX_new.pod +++ /dev/null @@ -1,111 +0,0 @@ -=pod - -=head1 NAME - -CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, -CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, -CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, -CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, -CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time - -Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy - -=head1 SYNOPSIS - - #include - - CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); - void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); - X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); - int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); - X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); - int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); - const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); - void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, CTLOG_STORE *log_store); - uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); - void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); - -=head1 DESCRIPTION - -A B is used by functions that evaluate whether Signed -Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. -This policy may be, for example, that at least one valid SCT is available. To -determine this, an SCT's timestamp and signature must be verified. -This requires: - -=over - -=item * the public key of the log that issued the SCT - -=item * the certificate that the SCT was issued for - -=item * the issuer certificate (if the SCT was issued for a pre-certificate) - -=item * the current time - -=back - -The above requirements are met using the setters described below. - -CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This -should then be populated using: - -=over - -=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for - -Increments the reference count of the certificate. - -=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate - -Increments the reference count of the certificate. - -=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs - -Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the -CT_POLICY_EVAL_CTX. - -=item * CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid - -The SCT timestamp will be compared to this time to check whether the SCT was -issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose -timestamp is in the future". By default, this will be set to 5 minutes in the -future (e.g. (time() + 300) * 1000), to allow for clock drift. - -The time should be in milliseconds since the Unix epoch. - -=back - -Each setter has a matching getter for accessing the current value. - -When no longer required, the B should be passed to -CT_POLICY_EVAL_CTX_free() to delete it. - -=head1 NOTES - -The issuer certificate only needs to be provided if at least one of the SCTs -was issued for a pre-certificate. This will be the case for SCTs embedded in a -certificate (i.e. those in an X.509 extension), but may not be the case for SCTs
[openssl-commits] Still Failing: openssl/openssl#9176 (OpenSSL_1_1_0-stable - fcbcb8d)
Build Update for openssl/openssl - Build: #9176 Status: Still Failing Duration: 12 minutes and 27 seconds Commit: fcbcb8d (OpenSSL_1_1_0-stable) Author: Rich Salz Message: Remove ref to err(7), update copyright. Reviewed-by: Richard Levitte(Merged from https://github.com/openssl/openssl/pull/2825) (cherry picked from commit 73fb82b72c7544cf52d95ac29d4a45b253395715) View the changeset: https://github.com/openssl/openssl/compare/c81fa2e187c9...fcbcb8dd80d9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207092480 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9173 (master - 83750d9)
Build Update for openssl/openssl - Build: #9173 Status: Errored Duration: 6 minutes and 52 seconds Commit: 83750d9 (master) Author: Matt Caswell Message: More early data documentation updates following feedback Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/2737) View the changeset: https://github.com/openssl/openssl/compare/73fb82b72c75...83750d9b2b51 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207084379 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9172 (master - 73fb82b)
Build Update for openssl/openssl - Build: #9172 Status: Errored Duration: 14 minutes and 6 seconds Commit: 73fb82b (master) Author: Rich Salz Message: Remove ref to err(7), update copyright. Reviewed-by: Richard Levitte(Merged from https://github.com/openssl/openssl/pull/2825) View the changeset: https://github.com/openssl/openssl/compare/51f5930ae6d1...73fb82b72c75 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207082760 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9170 (master - 51f5930)
Build Update for openssl/openssl - Build: #9170 Status: Errored Duration: 12 minutes and 50 seconds Commit: 51f5930 (master) Author: Richard Levitte Message: -precert doesn't work when configured no-ct, don't try to test it then Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/2827) View the changeset: https://github.com/openssl/openssl/compare/b6611753a6d9...51f5930ae6d1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207079763 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via fcbcb8dd80d9e3c561ea3012abcc1859c936ce15 (commit) from c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f (commit) - Log - commit fcbcb8dd80d9e3c561ea3012abcc1859c936ce15 Author: Rich SalzDate: Thu Mar 2 10:07:21 2017 -0500 Remove ref to err(7), update copyright. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2825) (cherry picked from commit 73fb82b72c7544cf52d95ac29d4a45b253395715) --- Summary of changes: doc/crypto/CONF_modules_load_file.pod | 6 +++--- doc/crypto/ERR_GET_LIB.pod | 4 ++-- doc/crypto/ERR_clear_error.pod | 4 ++-- doc/crypto/ERR_error_string.pod| 4 ++-- doc/crypto/ERR_get_error.pod | 4 ++-- doc/crypto/ERR_load_crypto_strings.pod | 4 ++-- doc/crypto/ERR_load_strings.pod| 4 ++-- doc/crypto/ERR_print_errors.pod| 6 +++--- doc/crypto/ERR_put_error.pod | 4 ++-- doc/crypto/ERR_remove_state.pod| 4 ++-- doc/crypto/ERR_set_mark.pod| 6 +- doc/crypto/EVP_DigestSignInit.pod | 10 +- doc/crypto/EVP_DigestVerifyInit.pod| 10 +- doc/crypto/EVP_SignInit.pod| 10 +- doc/crypto/EVP_VerifyInit.pod | 12 ++-- 15 files changed, 44 insertions(+), 48 deletions(-) diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 9e4071f..1149142 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -121,12 +121,12 @@ return value of the failing module (this will always be zero or negative). =head1 SEE ALSO -L , L , -L , L +L , L , +L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod index 7368a40..5602a8e 100644 --- a/doc/crypto/ERR_GET_LIB.pod +++ b/doc/crypto/ERR_GET_LIB.pod @@ -47,7 +47,7 @@ is fatal, respectively. =head1 SEE ALSO -L , L +L =head1 HISTORY @@ -56,7 +56,7 @@ all versions of OpenSSL. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod index 892c67f..c876615 100644 --- a/doc/crypto/ERR_clear_error.pod +++ b/doc/crypto/ERR_clear_error.pod @@ -20,11 +20,11 @@ ERR_clear_error() has no return value. =head1 SEE ALSO -L , L +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod index 12f4f72..695eaf2 100644 --- a/doc/crypto/ERR_error_string.pod +++ b/doc/crypto/ERR_error_string.pod @@ -59,12 +59,12 @@ none is registered for the error code. =head1 SEE ALSO -L , L , +L , L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod index a7efc74..3b223c9 100644 --- a/doc/crypto/ERR_get_error.pod +++ b/doc/crypto/ERR_get_error.pod @@ -64,12 +64,12 @@ The error code, or 0 if there is no error in the queue. =head1 SEE ALSO -L , L , +L , L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod index
[openssl-commits] [openssl] master update
The branch master has been updated via 73fb82b72c7544cf52d95ac29d4a45b253395715 (commit) from 51f5930ae6d17c838674f3129d992a0366a63139 (commit) - Log - commit 73fb82b72c7544cf52d95ac29d4a45b253395715 Author: Rich SalzDate: Thu Mar 2 10:07:21 2017 -0500 Remove ref to err(7), update copyright. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2825) --- Summary of changes: doc/man3/CONF_modules_load_file.pod | 4 ++-- doc/man3/ERR_GET_LIB.pod | 4 ++-- doc/man3/ERR_clear_error.pod | 4 ++-- doc/man3/ERR_error_string.pod| 4 ++-- doc/man3/ERR_get_error.pod | 4 ++-- doc/man3/ERR_load_crypto_strings.pod | 4 ++-- doc/man3/ERR_load_strings.pod| 4 ++-- doc/man3/ERR_print_errors.pod| 6 +++--- doc/man3/ERR_put_error.pod | 4 ++-- doc/man3/ERR_remove_state.pod| 4 ++-- doc/man3/ERR_set_mark.pod| 6 +- doc/man3/EVP_DigestSignInit.pod | 4 ++-- doc/man3/EVP_DigestVerifyInit.pod| 4 ++-- doc/man3/EVP_SignInit.pod| 4 ++-- doc/man3/EVP_VerifyInit.pod | 4 ++-- doc/man3/SSL_get_error.pod | 2 +- doc/man3/SSL_want.pod| 2 +- 17 files changed, 32 insertions(+), 36 deletions(-) diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index 7ddd12a..1149142 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -122,11 +122,11 @@ return value of the failing module (this will always be zero or negative). =head1 SEE ALSO L , L , -L , L +L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_GET_LIB.pod b/doc/man3/ERR_GET_LIB.pod index 7368a40..5602a8e 100644 --- a/doc/man3/ERR_GET_LIB.pod +++ b/doc/man3/ERR_GET_LIB.pod @@ -47,7 +47,7 @@ is fatal, respectively. =head1 SEE ALSO -L , L +L =head1 HISTORY @@ -56,7 +56,7 @@ all versions of OpenSSL. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_clear_error.pod b/doc/man3/ERR_clear_error.pod index 1c85e59..c876615 100644 --- a/doc/man3/ERR_clear_error.pod +++ b/doc/man3/ERR_clear_error.pod @@ -20,11 +20,11 @@ ERR_clear_error() has no return value. =head1 SEE ALSO -L , L +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_error_string.pod b/doc/man3/ERR_error_string.pod index 7fcf2f2..695eaf2 100644 --- a/doc/man3/ERR_error_string.pod +++ b/doc/man3/ERR_error_string.pod @@ -59,12 +59,12 @@ none is registered for the error code. =head1 SEE ALSO -L , L , +L , L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod index d8759a0..3b223c9 100644 --- a/doc/man3/ERR_get_error.pod +++ b/doc/man3/ERR_get_error.pod @@ -64,12 +64,12 @@ The error code, or 0 if there is no error in the queue. =head1 SEE ALSO -L , L , +L , L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_load_crypto_strings.pod b/doc/man3/ERR_load_crypto_strings.pod index ed3f122..56d91d5 100644 --- a/doc/man3/ERR_load_crypto_strings.pod +++ b/doc/man3/ERR_load_crypto_strings.pod @@ -42,7 +42,7 @@ ERR_free_strings() return no
[openssl-commits] Errored: openssl/openssl#9168 (master - b661175)
Build Update for openssl/openssl - Build: #9168 Status: Errored Duration: 17 minutes and 13 seconds Commit: b661175 (master) Author: Matt Caswell Message: Use the built in boolean type for CompressionExpected Don't create a custom boolean type for parsing CompressionExpected. Use the existing one instead. Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/2814) View the changeset: https://github.com/openssl/openssl/compare/398b0bbdf71d...b6611753a6d9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207066481 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 51f5930ae6d17c838674f3129d992a0366a63139 (commit) via a4c5f8593c1451aa40c814365d3a8ce54de92bd2 (commit) from b6611753a6d9bef6a8c16850a9eb9215d8a84fac (commit) - Log - commit 51f5930ae6d17c838674f3129d992a0366a63139 Author: Richard LevitteDate: Thu Mar 2 18:27:17 2017 +0100 -precert doesn't work when configured no-ct, don't try to test it then Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2827) commit a4c5f8593c1451aa40c814365d3a8ce54de92bd2 Author: Richard Levitte Date: Thu Mar 2 18:26:26 2017 +0100 Fix the skip numbers in 80-test_ca.t Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2827) --- Summary of changes: test/recipes/80-test_ca.t | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index e9ff318..f62d9d5 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -13,6 +13,7 @@ use warnings; use POSIX; use File::Path 2.00 qw/rmtree/; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; +use OpenSSL::Test::Utils; setup("test_ca"); @@ -25,23 +26,26 @@ rmtree("demoCA", { safe => 0 }); plan tests => 5; SKIP: { $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; - skip "failed creating CA structure", 3 + skip "failed creating CA structure", 4 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), 'creating CA structure'); $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; - skip "failed creating new certificate request", 2 + skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq"])), 'creating certificate request'); $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"'; - skip "failed to sign certificate request", 1 + skip "failed to sign certificate request", 2 if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, 'signing certificate request'); ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), 'verifying new certificate'); + skip "CT not configured, can't use -precert", 1 + if disabled("ct"); + $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf"); ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)), 'creating new pre-certificate'); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#9166 (OpenSSL_1_1_0-stable - c81fa2e)
Build Update for openssl/openssl - Build: #9166 Status: Still Failing Duration: 6 minutes and 56 seconds Commit: c81fa2e (OpenSSL_1_1_0-stable) Author: Andy Polyakov Message: Configurations/10-main.conf: omit redundant -lresolv from Solaris configs. GH#2816 Reviewed-by: Rich SalzReviewed-by: Richard Levitte (cherry picked from commit 8cfc21f53af5187497a8567bb2801c36472d7016) View the changeset: https://github.com/openssl/openssl/compare/2d951d8cdef5...c81fa2e187c9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207046692 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b6611753a6d9bef6a8c16850a9eb9215d8a84fac (commit) via 439db0c97bd50cae008e876c6c8ed5e5011bf6eb (commit) via f33f9ddefbb34584acb73c51e286f9913af96534 (commit) via c19602b543562104b756aa6adec9bd5081207574 (commit) from 398b0bbdf71d852daf2e79d842cd0d307ec9f8f6 (commit) - Log - commit b6611753a6d9bef6a8c16850a9eb9215d8a84fac Author: Matt CaswellDate: Thu Mar 2 13:41:10 2017 + Use the built in boolean type for CompressionExpected Don't create a custom boolean type for parsing CompressionExpected. Use the existing one instead. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2814) commit 439db0c97bd50cae008e876c6c8ed5e5011bf6eb Author: Matt Caswell Date: Wed Mar 1 12:11:51 2017 + Add compression tests Check whether we negotiate compression in various scenarios. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2814) commit f33f9ddefbb34584acb73c51e286f9913af96534 Author: Matt Caswell Date: Wed Mar 1 11:20:30 2017 + Fix a compression bug do_ssl3_write() was crashing when compression was enabled. We calculate the maximum length that a record will be after compression and reserve those bytes in the WPACKET. Unfortunately we were adding the maximum compression overhead onto the wrong variable resulting in a corrupted record. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2814) commit c19602b543562104b756aa6adec9bd5081207574 Author: Matt Caswell Date: Wed Mar 1 10:36:38 2017 + Ensure that we never select compression in TLSv1.3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2814) --- Summary of changes: ssl/record/rec_layer_s3.c | 2 +- ssl/statem/statem_clnt.c | 4 +- ssl/statem/statem_srvr.c | 7 +- test/handshake_helper.c | 3 + test/handshake_helper.h | 1 + test/recipes/80-test_ssl_new.t| 4 +- test/ssl-tests/22-compression.conf| 112 ++ test/ssl-tests/22-compression.conf.in | 127 ++ test/ssl_test.c | 11 +++ test/ssl_test_ctx.c | 5 ++ test/ssl_test_ctx.h | 6 ++ test/ssl_test_ctx_test.c | 8 +++ test/ssl_test_ctx_test.conf | 3 + 13 files changed, 287 insertions(+), 6 deletions(-) create mode 100644 test/ssl-tests/22-compression.conf create mode 100644 test/ssl-tests/22-compression.conf.in diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 37f7cd3..5aea4b3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -791,7 +791,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, maxcomplen = pipelens[j]; if (s->compress != NULL) -pipelens[j] += SSL3_RT_MAX_COMPRESSED_OVERHEAD; +maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD; /* write the header */ if (!WPACKET_put_bytes_u8(thispkt, rectype) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1943f55..abddc0a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1105,7 +1105,9 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) return 0; } #ifndef OPENSSL_NO_COMP -if (ssl_allow_compression(s) && s->ctx->comp_methods) { +if (ssl_allow_compression(s) +&& s->ctx->comp_methods +&& (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) { int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 26c37c7..39e0f59 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1736,7 +1736,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *al) s->s3->tmp.new_compression = NULL; #ifndef OPENSSL_NO_COMP /* This only happens if we have a cache hit */ -if (s->session->compress_meth != 0) { +if (s->session->compress_meth != 0 && !SSL_IS_TLS13(s)) { int m, comp_id = s->session->compress_meth; unsigned int k; /* Perform sanity checks on resumed compression algorithm */ @@ -1770,9 +1770,10 @@ static int tls_early_post_process_client_hello(SSL *s, int *al) SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); goto err; } -} else if
[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-asm -ansi
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi Commit log since last time: 4137161 Add NOTES.UNIX, with a description on how to deal with runpaths 4cdf91e Check that async_jobs is not negative and not too high. 1c78765 VMS: compensate for gmtime_r() parameter pointer size Build log ended with (last 100 lines): make[1]: Leaving directory '/home/openssl/run-checker-1.1.0/no-asm_-ansi' make[1]: Entering directory '/home/openssl/run-checker-1.1.0/no-asm_-ansi' clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o ../openssl/crypto/aes/aes_cbc.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o ../openssl/crypto/aes/aes_cfb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o ../openssl/crypto/aes/aes_core.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o crypto/aes/aes_ecb.o ../openssl/crypto/aes/aes_ecb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_ige.d.tmp -MT crypto/aes/aes_ige.o -c -o
[openssl-commits] Errored: openssl/openssl#9163 (master - 398b0bb)
Build Update for openssl/openssl - Build: #9163 Status: Errored Duration: 8 minutes and 16 seconds Commit: 398b0bb (master) Author: Robert Scheck Message: Add LDAP support (RFC 4511) to s_client ("-starttls ldap") Based on initial patch by Alex Bergmannand new function ldap_ExtendedResponse_parse() by Andy Polyakov . Thanks very much to both. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2293) View the changeset: https://github.com/openssl/openssl/compare/8cfc21f53af5...398b0bbdf71d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207038190 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9162 (master - 8cfc21f)
Build Update for openssl/openssl - Build: #9162 Status: Errored Duration: 17 minutes and 38 seconds Commit: 8cfc21f (master) Author: Andy Polyakov Message: Configurations/10-main.conf: omit redundant -lresolv from Solaris configs. GH#2816 Reviewed-by: Rich SalzReviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/ea750b59297a...8cfc21f53af5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207036438 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9160 (master - ea750b5)
Build Update for openssl/openssl - Build: #9160 Status: Errored Duration: 16 minutes and 23 seconds Commit: ea750b5 (master) Author: Andy Polyakov Message: aes/aes_x86core.c: clarify reference implementation status. Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/36907eaef534...ea750b59297a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207035230 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9159 (master - eac5414)
Build Update for openssl/openssl - Build: #9159 Status: Errored Duration: 17 minutes and 3 seconds Commit: eac5414 (master) Author: Andy Polyakov Message: bn/asm: clean up unused PA-RISC modules. Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/604c853d4532...eac54143fd33 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207032970 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f (commit) via 654f7f6be617d2be316b3d60f593767105a9859a (commit) from 2d951d8cdef56aeeb6c08387531de943683e80ce (commit) - Log - commit c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f Author: Andy PolyakovDate: Wed Mar 1 21:40:02 2017 +0100 Configurations/10-main.conf: omit redundant -lresolv from Solaris configs. GH#2816 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit 8cfc21f53af5187497a8567bb2801c36472d7016) commit 654f7f6be617d2be316b3d60f593767105a9859a Author: Andy Polyakov Date: Wed Mar 1 21:28:05 2017 +0100 bio/b_addr.c: omit private hstrerror. Private hstrerror was introduced to address linking problem on HP-UX, but truth be told conemporary systems, HP-UX included, wouldn't come to that call, they would use getaddrinfo and gai_strerror, while gethostbyname and h_errno are there to serve legacy systems. Since legacy systems are naturally disappearing breed, we can as well just let user interpret number. GH#2816 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit 3e49ee23eab5c3fa57d14dc5f82f50cbea718322) --- Summary of changes: Configurations/10-main.conf | 2 +- crypto/bio/b_addr.c | 44 +++- 2 files changed, 16 insertions(+), 30 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 985220f..39b89e7 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -179,7 +179,7 @@ sub vms_info { inherit_from => [ "BASE_unix" ], template => 1, cflags => "-DFILIO_H", -ex_libs => add("-lresolv -lsocket -lnsl -ldl"), +ex_libs => add("-lsocket -lnsl -ldl"), dso_scheme => "dlfcn", thread_scheme=> "pthreads", shared_target=> "solaris-shared", diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 0f1900d..51a27d5 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -18,30 +18,6 @@ #include #include -#ifdef _HPUX_SOURCE -static const char *ossl_hstrerror(int herr) -{ -switch (herr) { -case -1: -return strerror(errno); -case 0: -return "No error"; -case HOST_NOT_FOUND: -return "Host not found"; -case NO_DATA:/* NO_ADDRESS is a synonym */ -return "No data"; -case NO_RECOVERY: -return "Non recoverable error"; -case TRY_AGAIN: -return "Try again"; -default: -break; -} -return "unknown error"; -} -# define hstrerror(e) ossl_hstrerror(e) -#endif - CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; @@ -688,9 +664,10 @@ int BIO_lookup(const char *host, const char *service, return 0; if (1) { -int gai_ret = 0; #ifdef AI_PASSIVE +int gai_ret = 0; struct addrinfo hints; + memset(, 0, sizeof hints); hints.ai_family = family; @@ -780,8 +757,18 @@ int BIO_lookup(const char *host, const char *service, if (he == NULL) { #ifndef OPENSSL_SYS_WINDOWS -BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -ERR_add_error_data(1, hstrerror(h_errno)); +/* + * This might be misleading, because h_errno is used as if + * it was errno. To minimize mixup add 1000. Underlying + * reason for this is that hstrerror is declared obsolete, + * not to mention that a) h_errno is not always guaranteed + * to be meanigless; b) hstrerror can reside in yet another + * library, linking for sake of hstrerror is an overkill; + * c) this path is not executed on contemporary systems + * anyway [above getaddrinfo/gai_strerror is]. We just let + * system administrator figure this out... + */ +SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno); #else SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); #endif @@ -830,8 +817,7 @@ int BIO_lookup(const char *host, const char *service, if (se == NULL) { #ifndef OPENSSL_SYS_WINDOWS -BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -ERR_add_error_data(1, hstrerror(h_errno)); +SYSerr(SYS_F_GETSERVBYNAME, errno); #else SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError()); #endif _ openssl-commits mailing list To
[openssl-commits] Errored: openssl/openssl#9158 (master - 604c853)
Build Update for openssl/openssl - Build: #9158 Status: Errored Duration: 12 minutes and 47 seconds Commit: 604c853 (master) Author: Andy Polyakov Message: des/des_locl.h: clean up unused/irrelevant macros. Reviewed-by: Richard LevitteView the changeset: https://github.com/openssl/openssl/compare/a3004c820370...604c853d4532 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207032060 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 36907eaef534fa3a164c57fab802fc1f3932dc5c (commit) from eac54143fd33f5f5140f3a6a55008a1453a8c369 (commit) - Log - commit 36907eaef534fa3a164c57fab802fc1f3932dc5c Author: Andy PolyakovDate: Sun Feb 26 21:37:50 2017 +0100 CHANGES: mention CFI annotations. [skip ci] Reviewed-by: Tim Hudson Reviewed-by: Rich Salz --- Summary of changes: CHANGES | 4 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index a06b1da..12a9c92 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 1.1.0e and 1.1.1 [xx XXX ] + *) x86_64 assembly pack: annotate code with DWARF CFI directives to + facilitate stack unwinding even from assembly subroutines. + [Andy Polyakov] + *) Remove VAX C specific definitions of OPENSSL_EXPORT, OPENSSL_EXTERN. Also remove OPENSSL_GLOBAL entirely, as it became a no-op. [Richard Levitte] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ea750b59297a7be5ed23d9ae579a3d69b6491c2c (commit) via 5908555c961ae5d3fc265e0961997fbe14a02091 (commit) from 36907eaef534fa3a164c57fab802fc1f3932dc5c (commit) - Log - commit ea750b59297a7be5ed23d9ae579a3d69b6491c2c Author: Andy PolyakovDate: Wed Mar 1 11:41:09 2017 +0100 aes/aes_x86core.c: clarify reference implementation status. Reviewed-by: Richard Levitte commit 5908555c961ae5d3fc265e0961997fbe14a02091 Author: Andy Polyakov Date: Wed Mar 1 11:40:41 2017 +0100 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code. Reviewed-by: Richard Levitte --- Summary of changes: crypto/aes/aes_x86core.c | 17 - crypto/evp/e_aes_cbc_hmac_sha1.c | 8 crypto/evp/e_aes_cbc_hmac_sha256.c | 8 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 95b49bb..21dca9e 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -7,6 +7,14 @@ * https://www.openssl.org/source/license.html */ +/* + * This is experimental x86[_64] derivative. It assumes little-endian + * byte order and expects CPU to sustain unaligned memory references. + * It is used as playground for cache-time attack mitigations and + * serves as reference C implementation for x86[_64] as well as some + * other assembly modules. + */ + /** * rijndael-alg-fst.c * @@ -33,15 +41,6 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* - * This is experimental x86[_64] derivative. It assumes little-endian - * byte order and expects CPU to sustain unaligned memory references. - * It is used as playground for cache-time attack mitigations and - * serves as reference C implementation for x86[_64] assembler. - * - * - */ - #include diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 52c7c74..a3c8951 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -565,7 +565,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } # endif -# if 1 +# if 1 /* see original reference version in #else */ len -= SHA_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA_CBLOCK)) { j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); @@ -659,7 +659,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } # endif len += SHA_DIGEST_LENGTH; -# else +# else /* pre-lucky-13 reference version of above */ SHA1_Update(>md, out, inp_len); res = key->md.num; SHA1_Final(pmac->c, >md); @@ -686,7 +686,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 +# if 1 /* see original reference version in #else */ { unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; size_t off = out - p; @@ -708,7 +708,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else +# else /* pre-lucky-13 reference version of above */ for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 5a92e0b..4830c00 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -552,7 +552,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, key->md = key->head; SHA256_Update(>md, key->aux.tls_aad, plen); -# if 1 +# if 1 /* see original reference version in #else */ len -= SHA256_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA256_CBLOCK)) { j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); @@ -680,7 +680,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(>md, data, 1); } -# endif +# endif /* pre-lucky-13 reference version of above */ key->md = key->tail; SHA256_Update(>md, pmac->c, SHA256_DIGEST_LENGTH); SHA256_Final(pmac->c, >md); @@ -688,7 +688,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* verify
[openssl-commits] [openssl] master update
The branch master has been updated via 398b0bbdf71d852daf2e79d842cd0d307ec9f8f6 (commit) from 8cfc21f53af5187497a8567bb2801c36472d7016 (commit) - Log - commit 398b0bbdf71d852daf2e79d842cd0d307ec9f8f6 Author: Robert ScheckDate: Mon Feb 27 00:44:14 2017 +0100 Add LDAP support (RFC 4511) to s_client ("-starttls ldap") Based on initial patch by Alex Bergmann and new function ldap_ExtendedResponse_parse() by Andy Polyakov . Thanks very much to both. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/2293) --- Summary of changes: apps/s_client.c | 156 +- doc/man1/s_client.pod | 2 +- 2 files changed, 156 insertions(+), 2 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 6e790cf..351b5b9 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -96,6 +96,7 @@ static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg); #endif +static int ldap_ExtendedResponse_parse(const char *buf, long rem); static int saved_errno; @@ -748,7 +749,8 @@ typedef enum PROTOCOL_choice { PROTO_POSTGRES, PROTO_LMTP, PROTO_NNTP, -PROTO_SIEVE +PROTO_SIEVE, +PROTO_LDAP } PROTOCOL_CHOICE; static const OPT_PAIR services[] = { @@ -764,6 +766,7 @@ static const OPT_PAIR services[] = { {"lmtp", PROTO_LMTP}, {"nntp", PROTO_NNTP}, {"sieve", PROTO_SIEVE}, +{"ldap", PROTO_LDAP}, {NULL, 0} }; @@ -2281,6 +2284,75 @@ int s_client_main(int argc, char **argv) } } break; +case PROTO_LDAP: +{ +/* StartTLS Operation according to RFC 4511 */ +static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n" +"[LDAPMessage]\n" +"messageID=INTEGER:1\n" +"extendedReq=EXPLICIT:23A,IMPLICIT:0C," +"FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n"; +long errline = -1; +char *genstr = NULL; +int result = -1; +ASN1_TYPE *atyp = NULL; +BIO *ldapbio = BIO_new(BIO_s_mem()); +CONF *cnf = NCONF_new(NULL); + +if (cnf == NULL) { +BIO_free(ldapbio); +goto end; +} +BIO_puts(ldapbio, ldap_tls_genconf); +if (NCONF_load_bio(cnf, ldapbio, ) <= 0) { +BIO_free(ldapbio); +NCONF_free(cnf); +if (errline <= 0) { +BIO_printf(bio_err, "NCONF_load_bio failed\n"); +goto end; +} else { +BIO_printf(bio_err, "Error on line %ld\n", errline); +goto end; +} +} +BIO_free(ldapbio); +genstr = NCONF_get_string(cnf, "default", "asn1"); +if (genstr == NULL) { +NCONF_free(cnf); +BIO_printf(bio_err, "NCONF_get_string failed\n"); +goto end; +} +atyp = ASN1_generate_nconf(genstr, cnf); +if (atyp == NULL) { +NCONF_free(cnf); +BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); +goto end; +} +NCONF_free(cnf); + +/* Send SSLRequest packet */ +BIO_write(sbio, atyp->value.sequence->data, + atyp->value.sequence->length); +(void)BIO_flush(sbio); +ASN1_TYPE_free(atyp); + +mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); +if (mbuf_len < 0) { +BIO_printf(bio_err, "BIO_read failed\n"); +goto end; +} +result = ldap_ExtendedResponse_parse(mbuf, mbuf_len); +if (result < 0) { +BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n"); +goto shut; +} else if (result > 0) { +BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n", + result); +goto shut; +} +mbuf_len = 0; +} +break; } for (;;) { @@ -2920,4 +2992,86 @@ static int ocsp_resp_cb(SSL *s, void *arg) } # endif +static int ldap_ExtendedResponse_parse(const char *buf, long rem) +{ +const unsigned char *cur, *end; +long len; +int tag, xclass, inf, ret = -1; + +cur = (const unsigned char *)buf; +end = cur + rem; + +/* + * From RFC 4511: + * + *LDAPMessage ::= SEQUENCE { + * messageID MessageID, + * protocolOp
[openssl-commits] Still Failing: openssl/openssl#9156 (OpenSSL_1_1_0-stable - 2d951d8)
Build Update for openssl/openssl - Build: #9156 Status: Still Failing Duration: 2 minutes and 28 seconds Commit: 2d951d8 (OpenSSL_1_1_0-stable) Author: Jon Spillett Message: Check for zero records and return immediately Reviewed-by: Matt CaswellReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2822) (cherry picked from commit a3004c820370b6bee82c919721fb1cbe95f72f3f) View the changeset: https://github.com/openssl/openssl/compare/41371618f72b...2d951d8cdef5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207017566 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8cfc21f53af5187497a8567bb2801c36472d7016 (commit) via 3e49ee23eab5c3fa57d14dc5f82f50cbea718322 (commit) from ea750b59297a7be5ed23d9ae579a3d69b6491c2c (commit) - Log - commit 8cfc21f53af5187497a8567bb2801c36472d7016 Author: Andy PolyakovDate: Wed Mar 1 21:40:02 2017 +0100 Configurations/10-main.conf: omit redundant -lresolv from Solaris configs. GH#2816 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit 3e49ee23eab5c3fa57d14dc5f82f50cbea718322 Author: Andy Polyakov Date: Wed Mar 1 21:28:05 2017 +0100 bio/b_addr.c: omit private hstrerror. Private hstrerror was introduced to address linking problem on HP-UX, but truth be told conemporary systems, HP-UX included, wouldn't come to that call, they would use getaddrinfo and gai_strerror, while gethostbyname and h_errno are there to serve legacy systems. Since legacy systems are naturally disappearing breed, we can as well just let user interpret number. GH#2816 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- Summary of changes: Configurations/10-main.conf | 2 +- crypto/bio/b_addr.c | 44 +++- 2 files changed, 16 insertions(+), 30 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 59234a8..91dd65f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -179,7 +179,7 @@ sub vms_info { inherit_from => [ "BASE_unix" ], template => 1, cflags => "-DFILIO_H", -ex_libs => add("-lresolv -lsocket -lnsl -ldl"), +ex_libs => add("-lsocket -lnsl -ldl"), dso_scheme => "dlfcn", thread_scheme=> "pthreads", shared_target=> "solaris-shared", diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 0f1900d..51a27d5 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -18,30 +18,6 @@ #include #include -#ifdef _HPUX_SOURCE -static const char *ossl_hstrerror(int herr) -{ -switch (herr) { -case -1: -return strerror(errno); -case 0: -return "No error"; -case HOST_NOT_FOUND: -return "Host not found"; -case NO_DATA:/* NO_ADDRESS is a synonym */ -return "No data"; -case NO_RECOVERY: -return "Non recoverable error"; -case TRY_AGAIN: -return "Try again"; -default: -break; -} -return "unknown error"; -} -# define hstrerror(e) ossl_hstrerror(e) -#endif - CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; @@ -688,9 +664,10 @@ int BIO_lookup(const char *host, const char *service, return 0; if (1) { -int gai_ret = 0; #ifdef AI_PASSIVE +int gai_ret = 0; struct addrinfo hints; + memset(, 0, sizeof hints); hints.ai_family = family; @@ -780,8 +757,18 @@ int BIO_lookup(const char *host, const char *service, if (he == NULL) { #ifndef OPENSSL_SYS_WINDOWS -BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -ERR_add_error_data(1, hstrerror(h_errno)); +/* + * This might be misleading, because h_errno is used as if + * it was errno. To minimize mixup add 1000. Underlying + * reason for this is that hstrerror is declared obsolete, + * not to mention that a) h_errno is not always guaranteed + * to be meanigless; b) hstrerror can reside in yet another + * library, linking for sake of hstrerror is an overkill; + * c) this path is not executed on contemporary systems + * anyway [above getaddrinfo/gai_strerror is]. We just let + * system administrator figure this out... + */ +SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno); #else SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); #endif @@ -830,8 +817,7 @@ int BIO_lookup(const char *host, const char *service, if (se == NULL) { #ifndef OPENSSL_SYS_WINDOWS -BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -ERR_add_error_data(1, hstrerror(h_errno)); +SYSerr(SYS_F_GETSERVBYNAME, errno); #else SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError()); #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 604c853d453282a3ef4d7d1ed8cbae57097c3813 (commit) from a3004c820370b6bee82c919721fb1cbe95f72f3f (commit) - Log - commit 604c853d453282a3ef4d7d1ed8cbae57097c3813 Author: Andy PolyakovDate: Tue Feb 28 22:54:28 2017 +0100 des/des_locl.h: clean up unused/irrelevant macros. Reviewed-by: Richard Levitte --- Summary of changes: crypto/des/des_locl.h | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h index 53881d4..3c08ce8 100644 --- a/crypto/des/des_locl.h +++ b/crypto/des/des_locl.h @@ -26,10 +26,6 @@ # define ITERATIONS 16 # define HALF_ITERATIONS 8 -/* used in des_read and des_write */ -# define MAXWRITE(1024*16) -# define BSIZE (MAXWRITE+4) - # define c2l(c,l)(l =((DES_LONG)(*((c)++))), \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ @@ -60,7 +56,6 @@ * replacements for htonl and ntohl since I have no idea what to do when * faced with machines with 8 byte longs. */ -# define HDRSIZE 4 # define n2l(c,l)(l =((DES_LONG)(*((c)++)))<<24L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ @@ -87,7 +82,7 @@ } \ } -# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) +# if defined(_MSC_VER) # define ROTATE(a,n) (_lrotr(a,n)) # elif defined(__ICC) # define ROTATE(a,n) (_rotr(a,n)) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via eac54143fd33f5f5140f3a6a55008a1453a8c369 (commit) from 604c853d453282a3ef4d7d1ed8cbae57097c3813 (commit) - Log - commit eac54143fd33f5f5140f3a6a55008a1453a8c369 Author: Andy PolyakovDate: Tue Feb 28 23:25:36 2017 +0100 bn/asm: clean up unused PA-RISC modules. Reviewed-by: Rich Salz --- Summary of changes: crypto/bn/asm/pa-risc2.s | 1624 - crypto/bn/asm/pa-risc2W.s | 1612 crypto/bn/build.info | 11 - 3 files changed, 3247 deletions(-) delete mode 100644 crypto/bn/asm/pa-risc2.s delete mode 100644 crypto/bn/asm/pa-risc2W.s diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s deleted file mode 100644 index 413eac7..000 --- a/crypto/bn/asm/pa-risc2.s +++ /dev/null @@ -1,1624 +0,0 @@ -; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -; -; Licensed under the OpenSSL license (the "License"). You may not use -; this file except in compliance with the License. You can obtain a copy -; in the file LICENSE in the source distribution or at -; https://www.openssl.org/source/license.html -; -; PA-RISC 2.0 implementation of bn_asm code, based on the -; 64-bit version of the code. This code is effectively the -; same as the 64-bit version except the register model is -; slightly different given all values must be 32-bit between -; function calls. Thus the 64-bit return values are returned -; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit -; -; -; This code is approximately 2x faster than the C version -; for RSA/DSA. -; -; See http://devresource.hp.com/ for more details on the PA-RISC -; architecture. Also see the book "PA-RISC 2.0 Architecture" -; by Gerry Kane for information on the instruction set architecture. -; -; Code written by Chris Ruemmler (with some help from the HP C -; compiler). -; -; The code compiles with HP's assembler -; - - .level 2.0N - .space $TEXT$ - .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY - -; -; Global Register definitions used for the routines. -; -; Some information about HP's runtime architecture for 32-bits. -; -; "Caller save" means the calling function must save the register -; if it wants the register to be preserved. -; "Callee save" means if a function uses the register, it must save -; the value before using it. -; -; For the floating point registers -; -;"caller save" registers: fr4-fr11, fr22-fr31 -;"callee save" registers: fr12-fr21 -;"special" registers: fr0-fr3 (status and exception registers) -; -; For the integer registers -; value zero : r0 -; "caller save" registers: r1,r19-r26 -; "callee save" registers: r3-r18 -; return register: r2 (rp) -; return values ; r28,r29 (ret0,ret1) -; Stack pointer ; r30 (sp) -; millicode return ptr ; r31 (also a caller save register) - - -; -; Arguments to the routines -; -r_ptr .reg %r26 -a_ptr .reg %r25 -b_ptr .reg %r24 -num .reg %r24 -n .reg %r23 - -; -; Note that the "w" argument for bn_mul_add_words and bn_mul_words -; is passed on the stack at a delta of -56 from the top of stack -; as the routine is entered. -; - -; -; Globals used in some routines -; - -top_overflow .reg %r23 -high_mask.reg %r22; value 0x8000L - - -;-- -; -; bn_mul_add_words -; -;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, -; int num, BN_ULONG w) -; -; arg0 = r_ptr -; arg1 = a_ptr -; arg3 = num -; -56(sp) = w -; -; Local register definitions -; - -fm1 .reg %fr22 -fm .reg %fr23 -ht_temp .reg %fr24 -ht_temp_1.reg %fr25 -lt_temp .reg %fr26 -lt_temp_1.reg %fr27 -fm1_1.reg %fr28 -fm_1 .reg %fr29 - -fw_h .reg %fr7L -fw_l .reg %fr7R -fw .reg %fr7 - -fht_0.reg %fr8L -flt_0.reg %fr8R -t_float_0.reg %fr8 - -fht_1.reg %fr9L -flt_1.reg %fr9R -t_float_1.reg %fr9 - -tmp_0.reg %r31 -tmp_1.reg %r21 -m_0 .reg %r20 -m_1 .reg %r19 -ht_0 .reg %r1 -ht_1 .reg %r3 -lt_0 .reg %r4 -lt_1 .reg %r5 -m1_0 .reg %r6 -m1_1 .reg %r7 -rp_val .reg %r8 -rp_val_1 .reg %r9 - -bn_mul_add_words - .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN - .proc - .callinfo frame=128 -.entry - .align 64 - -STD %r3,0(%sp) ; save r3 -STD %r4,8(%sp) ; save r4 - NOP ; Needed to make the loop
[openssl-commits] Errored: openssl/openssl#9155 (master - a3004c8)
Build Update for openssl/openssl - Build: #9155 Status: Errored Duration: 14 minutes and 40 seconds Commit: a3004c8 (master) Author: Jon Spillett Message: Check for zero records and return immediately Reviewed-by: Matt CaswellReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2822) View the changeset: https://github.com/openssl/openssl/compare/fd74aba83652...a3004c820370 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/207017513 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Canceled: openssl/openssl#8986 (OpenSSL_1_0_2-stable - 0da68ec)
Build Update for openssl/openssl - Build: #8986 Status: Canceled Duration: 6 hours, 25 minutes, and 3 seconds Commit: 0da68ec (OpenSSL_1_0_2-stable) Author: Adrian Vollmer Message: Adjust the default value of the private key size ...in the man page to reflect the actual default (2048 instead of 512) CLA: trivial Reviewed-by: Richard LevitteReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2754) (cherry picked from commit 013bc448672cbc3c9cd154709400c676c2955229) View the changeset: https://github.com/openssl/openssl/compare/847406923534...0da68ec9a267 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/205854937 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a3004c820370b6bee82c919721fb1cbe95f72f3f (commit) from fd74aba83652a8410a74b59de0b098232af74e33 (commit) - Log - commit a3004c820370b6bee82c919721fb1cbe95f72f3f Author: Jon SpillettDate: Thu Mar 2 12:54:06 2017 +1000 Check for zero records and return immediately Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2822) --- Summary of changes: ssl/record/ssl3_record.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 84f54cb..3868bb5 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -740,6 +740,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send) int imac_size; const EVP_CIPHER *enc; +if (n_recs == 0) +return 0; + if (send) { if (EVP_MD_CTX_md(s->write_hash)) { int n = EVP_MD_CTX_size(s->write_hash); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 2d951d8cdef56aeeb6c08387531de943683e80ce (commit) from 41371618f72b93bdf3e0a4be369e4df6b65334cd (commit) - Log - commit 2d951d8cdef56aeeb6c08387531de943683e80ce Author: Jon SpillettDate: Thu Mar 2 12:54:06 2017 +1000 Check for zero records and return immediately Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2822) (cherry picked from commit a3004c820370b6bee82c919721fb1cbe95f72f3f) --- Summary of changes: ssl/record/ssl3_record.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 03c5294..5da44e5 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -661,6 +661,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) const EVP_CIPHER *enc; unsigned int ctr; +if (n_recs == 0) +return 0; + if (send) { if (EVP_MD_CTX_md(s->write_hash)) { int n = EVP_MD_CTX_size(s->write_hash); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#9151 (master - fd74aba)
Build Update for openssl/openssl - Build: #9151 Status: Errored Duration: 19 minutes and 33 seconds Commit: fd74aba (master) Author: Andy Polyakov Message: appveyor.yml: streamline pull requests. For pull requests not tagged with [extended tests]: - short-curcuit most expensive fuzz and install tests; - skip over non-shared builds; Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/2810) View the changeset: https://github.com/openssl/openssl/compare/45632ee3bb7a...fd74aba83652 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/206987622 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via fd74aba83652a8410a74b59de0b098232af74e33 (commit) via 28443085c771309898b3f4f36f3e79802c59723d (commit) from 45632ee3bb7ab4ed405d5251d76dd5b94d782adb (commit) - Log - commit fd74aba83652a8410a74b59de0b098232af74e33 Author: Andy PolyakovDate: Wed Mar 1 14:33:34 2017 +0100 appveyor.yml: streamline pull requests. For pull requests not tagged with [extended tests]: - short-curcuit most expensive fuzz and install tests; - skip over non-shared builds; Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2810) commit 28443085c771309898b3f4f36f3e79802c59723d Author: Andy Polyakov Date: Wed Mar 1 14:32:25 2017 +0100 Configurations/50-masm.conf: add /nologo to ml64 command line. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2810) --- Summary of changes: Configurations/50-masm.conf | 2 +- appveyor.yml| 35 +-- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf index 84cf2f1..0ec5e95 100644 --- a/Configurations/50-masm.conf +++ b/Configurations/50-masm.conf @@ -12,7 +12,7 @@ inherit_from=> [ "VC-WIN64-common", asm("x86_64_asm"), sub { $disabled{shared} ? () : "x86_64_uplink" } ], as => "ml64", -asflags => "/c /Cp /Cx /Zi", +asflags => "/nologo /c /Cp /Cx /Zi", asoutflag => "/Fo", sys_id => "WIN64A", bn_asm_src => sub { return undef unless @_; diff --git a/appveyor.yml b/appveyor.yml index d47c6cd..9c896fc 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,14 +1,15 @@ platform: -- x86 - x64 +- x86 environment: +fast_finish: true matrix: - VSVER: 14 configuration: -- plain - shared +- plain before_build: - ps: >- @@ -31,18 +32,32 @@ before_build: - cd _build - perl ..\Configure %TARGET% %SHARED% - cd .. +- ps: >- +if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER -or ( log -2 | Select-String "\[extended tests\]") ) { +$env:EXTENDED_TESTS="yes" +} build_script: -- cd _build -- nmake -- cd .. +- ps: >- +If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { +cd _build + +cd .. +} test_script: -- cd _build -- nmake test V=1 -- mkdir ..\_install -- nmake install install_docs DESTDIR=..\_install -- cd .. +- ps: >- +If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { +cd _build +if ($env:EXTENDED_TESTS) { + test V=1 +mkdir ..\_install + install install_docs DESTDIR=..\_install +} Else { + test V=1 TESTS=-test_fuzz +} +cd .. +} notifications: - provider: Email _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-deprecated
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-deprecated Commit log since last time: 4137161 Add NOTES.UNIX, with a description on how to deal with runpaths 4cdf91e Check that async_jobs is not negative and not too high. 1c78765 VMS: compensate for gmtime_r() parameter pointer size Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -fPIC -DOPE NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_enc.d.tmp -MT crypto/bf/bf_enc.o -c -o crypto/bf/bf_enc.o ../openssl/crypto/bf/bf_enc.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -fPIC -DOPE NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_ofb64.d.tmp -MT crypto/bf/bf_ofb64.o -c -o crypto/bf/bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -fPIC -DOPE NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_skey.d.tmp -MT crypto/bf/bf_skey.o -c -o crypto/bf/bf_skey.o ../openssl/crypto/bf/bf_skey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -fPIC -DOPE NSSL_USE_NODELETE -MMD -MF crypto/bio/b_addr.d.tmp -MT
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi Commit log since last time: f8aa157 Check that async_jobs is not negative and not too high. 607c926 Code health: ssl/ssl_locl.h unused macros 48ce800 VMS: compensate for gmtime_r() parameter pointer size 15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2f0ca54 Remove some obsolete/obscure internal define switches: 06611d0 Remove OPENSSL_indirect_call() 5c6c4c5 Don't free in cleanup routine 695ecf8 crypto/des: remove unreferenced rcp_enc.c module. Build log ended with (last 100 lines): make[1]: Entering directory '/home/openssl/run-checker/no-asm_-ansi' clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o ../openssl/crypto/aes/aes_cbc.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o ../openssl/crypto/aes/aes_cfb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o ../openssl/crypto/aes/aes_core.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o crypto/aes/aes_ecb.o ../openssl/crypto/aes/aes_ecb.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method Commit log since last time: f8aa157 Check that async_jobs is not negative and not too high. 607c926 Code health: ssl/ssl_locl.h unused macros 48ce800 VMS: compensate for gmtime_r() parameter pointer size 15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2f0ca54 Remove some obsolete/obscure internal define switches: 06611d0 Remove OPENSSL_indirect_call() 5c6c4c5 Don't free in cleanup routine 695ecf8 crypto/des: remove unreferenced rcp_enc.c module. Build log ended with (last 100 lines): ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok # Failed test 'Comparing generated sources.' # at ../../openssl/test/recipes/80-test_ssl_new.t line 124. # got: '1' # expected: '0' # Looks like you failed 1 test of 3. # Failed test 'Test configuration 05-sni.conf' # at ../../openssl/test/recipes/80-test_ssl_new.t line 98. # Looks like you failed 1 test of 21. ../../openssl/test/recipes/80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/21 subtests ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_bioprint.t . ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl/test/recipes/90-test_external.t . skipped: No external tests in this
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1
Platform and configuration command: $ uname -a Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1 Commit log since last time: f8aa157 Check that async_jobs is not negative and not too high. 607c926 Code health: ssl/ssl_locl.h unused macros 48ce800 VMS: compensate for gmtime_r() parameter pointer size 15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2f0ca54 Remove some obsolete/obscure internal define switches: 06611d0 Remove OPENSSL_indirect_call() 5c6c4c5 Don't free in cleanup routine 695ecf8 crypto/des: remove unreferenced rcp_enc.c module. Build log ended with (last 100 lines): ../../openssl/test/recipes/20-test_passwd.t ... ok ../../openssl/test/recipes/25-test_crl.t .. ok ../../openssl/test/recipes/25-test_d2i.t .. ok ../../openssl/test/recipes/25-test_pkcs7.t ok ../../openssl/test/recipes/25-test_req.t .. ok ../../openssl/test/recipes/25-test_sid.t .. ok ../../openssl/test/recipes/25-test_verify.t ... ok ../../openssl/test/recipes/25-test_x509.t . ok ../../openssl/test/recipes/30-test_afalg.t ok ../../openssl/test/recipes/30-test_engine.t ... ok ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_key_share.t skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok # Failed test 'Comparing generated sources.' # at ../../openssl/test/recipes/80-test_ssl_new.t line 124. # got: '1' # expected: '0' # Looks like you failed 1 test of 3. # Failed test 'Test configuration 05-sni.conf' # at ../../openssl/test/recipes/80-test_ssl_new.t line 98. # Looks like you failed 1 test of 21. ../../openssl/test/recipes/80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/21 subtests ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_bioprint.t . ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl/test/recipes/90-test_external.t . skipped: No external tests in this configuration