[openssl-commits] Errored: openssl/openssl#9194 (master - f2bcff4)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9194
Status: Errored

Duration: 11 minutes and 17 seconds
Commit: f2bcff4 (master)
Author: Pauli
Message: Update the cipher(1) documentation to explicitly state that the RSA 
cipher
string means the same a kRSA.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2821)

View the changeset: 
https://github.com/openssl/openssl/compare/332dc4fa5e4d...f2bcff43bcd5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207208610

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#9195 (OpenSSL_1_1_0-stable - cc92ac7)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9195
Status: Still Failing

Duration: 15 minutes and 21 seconds
Commit: cc92ac7 (OpenSSL_1_1_0-stable)
Author: Pauli
Message: Update the cipher(1) documentation to

explicitly state that the RSA cipher
string means the same a kRSA.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2821)
(cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769)

View the changeset: 
https://github.com/openssl/openssl/compare/6c34c5f30bf5...cc92ac759c5a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207208894

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9193 (master - 332dc4f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9193
Status: Errored

Duration: 12 minutes and 19 seconds
Commit: 332dc4f (master)
Author: Rich Salz
Message: sh_malloc & sh_free prototype change to match POSIX

CLA: trivial

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2823)

View the changeset: 
https://github.com/openssl/openssl/compare/42f50fdf8aaf...332dc4fa5e4d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207208232

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9192 (master - 42f50fd)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9192
Status: Errored

Duration: 25 minutes and 15 seconds
Commit: 42f50fd (master)
Author: Matt Caswell
Message: Silence some more clang warnings

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/2832)

View the changeset: 
https://github.com/openssl/openssl/compare/30d1bab146ff...42f50fdf8aaf

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207204760

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  e8e45ed49ed6f2e23f9cf5d6e2e6e1e745308b94 (commit)
  from  91350ad5ca90fd9a6b449da682c7ecd8aaf24ae5 (commit)


- Log -
commit e8e45ed49ed6f2e23f9cf5d6e2e6e1e745308b94
Author: Pauli 
Date:   Thu Mar 2 12:52:44 2017 +1000

Update the cipher(1) documentation to

explicitly state that the RSA cipher
string means the same a kRSA.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2821)
(cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769)

---

Summary of changes:
 doc/apps/ciphers.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 9224557..35d40bb 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -179,7 +179,8 @@ When in doubt, include B in your cipherlist.
 
 =item B, B
 
-cipher suites using RSA key exchange.
+cipher suites using RSA key exchange or authentication. B is an alias for
+B.
 
 =item B, B, B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  cc92ac759c5a8c7303f29a24327404f7804350b2 (commit)
  from  6c34c5f30bf528237cb15ed634dc338412b51a76 (commit)


- Log -
commit cc92ac759c5a8c7303f29a24327404f7804350b2
Author: Pauli 
Date:   Thu Mar 2 12:52:44 2017 +1000

Update the cipher(1) documentation to

explicitly state that the RSA cipher
string means the same a kRSA.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2821)
(cherry picked from commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769)

---

Summary of changes:
 doc/apps/ciphers.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index c1d1cb2..e0ab291 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -219,7 +219,8 @@ When in doubt, include B in your cipherlist.
 
 =item B, B, B
 
-Cipher suites using RSA key exchange, authentication or either respectively.
+Cipher suites using RSA key exchange or authentication. B is an alias for
+B.
 
 =item B, B, B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  f2bcff43bcd5b1e2632273ef8fea0900a15d7769 (commit)
  from  332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a (commit)


- Log -
commit f2bcff43bcd5b1e2632273ef8fea0900a15d7769
Author: Pauli 
Date:   Thu Mar 2 12:52:44 2017 +1000

Update the cipher(1) documentation to explicitly state that the RSA cipher
string means the same a kRSA.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2821)

---

Summary of changes:
 doc/man1/ciphers.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index ecd5f95..6fea824 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -219,7 +219,8 @@ When in doubt, include B in your cipherlist.
 
 =item B, B, B
 
-Cipher suites using RSA key exchange, authentication or either respectively.
+Cipher suites using RSA key exchange or authentication. B is an alias for
+B.
 
 =item B, B, B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a (commit)
  from  42f50fdf8aaff297742f0b541408a89e33e31c6e (commit)


- Log -
commit 332dc4fa5e4d7c0d94c4b68576f3872fd465ba8a
Author: Rich Salz 
Date:   Thu Mar 2 19:16:57 2017 -0500

sh_malloc & sh_free prototype change to match POSIX

CLA: trivial

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2823)

---

Summary of changes:
 crypto/mem_sec.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 4a3f2a8..93bff90 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -52,8 +52,8 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
  * These are the functions that must be implemented by a secure heap (sh).
  */
 static int sh_init(size_t size, int minsize);
-static char *sh_malloc(size_t size);
-static void sh_free(char *ptr);
+static void *sh_malloc(size_t size);
+static void sh_free(void *ptr);
 static void sh_done(void);
 static size_t sh_actual_size(char *ptr);
 static int sh_allocated(const char *ptr);
@@ -476,7 +476,7 @@ static char *sh_find_my_buddy(char *ptr, int list)
 return chunk;
 }
 
-static char *sh_malloc(size_t size)
+static void *sh_malloc(size_t size)
 {
 ossl_ssize_t list, slist;
 size_t i;
@@ -535,10 +535,10 @@ static char *sh_malloc(size_t size)
 return chunk;
 }
 
-static void sh_free(char *ptr)
+static void sh_free(void *ptr)
 {
 size_t list;
-char *buddy;
+void *buddy;
 
 if (ptr == NULL)
 return;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9190 (master - 30d1bab)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9190
Status: Errored

Duration: 18 minutes and 23 seconds
Commit: 30d1bab (master)
Author: Matt Caswell
Message: Silence some clang warnings

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2831)

View the changeset: 
https://github.com/openssl/openssl/compare/83750d9b2b51...30d1bab146ff

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207202437

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  30d1bab146ffef92376f09b7372aac7a75281627 (commit)
  from  83750d9b2b51bb622138d48fc82eb408b64d8057 (commit)


- Log -
commit 30d1bab146ffef92376f09b7372aac7a75281627
Author: Matt Caswell 
Date:   Thu Mar 2 23:53:30 2017 +

Silence some clang warnings

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2831)

---

Summary of changes:
 apps/s_server.c  | 2 +-
 ssl/statem/extensions_srvr.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 3190eab..57bae82 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -148,7 +148,7 @@ static int dtlslisten = 0;
 static char *psk_identity = "Client_identity";
 char *psk_key = NULL;   /* by default PSK is not used */
 
-int early_data = 0;
+static int early_data = 0;
 
 static unsigned int psk_server_cb(SSL *ssl, const char *identity,
   unsigned char *psk,
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index c613143..83fb713 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -681,7 +681,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int 
context, X509 *x,
 SSL_SESSION *sess = NULL;
 unsigned int id, i;
 const EVP_MD *md = NULL;
-uint32_t ticket_age, now, agesec, agems;
+uint32_t ticket_age = 0, now, agesec, agems;
 
 /*
  * If we have no PSK kex mode that we recognise then we can't resume so
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings

Commit log since last time:

83750d9 More early data documentation updates following feedback
cd9f7f6 Update the API documentation for the latest early data changes
09f2887 Update early data API for writing to unauthenticated clients
0665b4e Rename SSL_write_early() to SSL_write_early_data()
f533fbd Rename SSL_read_early() to SSL_read_early_data()
ef466ac Updates to the early data documentation
ade1e88 Updates to s_server and s_client for the latest early_data API changes
3eaa417 Make SSL_write_early_finish() an internal only function
5f98203 Add early_data tests
f7e393b Various fixes required to allow SSL_write/SSL_read during early data
d7f8783 Enable the server to call SSL_write() without stopping the ability to 
call SSL_read_early()
564547e Enable the client to call SSL_read() without stopping the ability to 
call SSL_write_early()
4004ce5 Introduce a new early_data state in the state machine
bc908c6 Improve the early data sanity check in SSL_do_handshake()
6437b80 Add documentation for the new s_client and s_server early_data options
0a5ece5 Tighten sanity checks when calling early data functions
fd6c102 Add documentation for the early data functions
f5b519c Make SSL_get_early_data_status() take a const
46dcb94 Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a 
const
fcc4757 Add a SSL_SESSION_get_max_early_data() function
7daf715 Don't attempt to write more early_data than we know the server will 
accept
f637004 Only accept early_data if the negotiated ALPN is the same
a832b5e Skip early_data if appropriate after a HelloRetryRequest
38df5a4 Don't accept early_data if we are going to issue a HelloRetryRequest
538bea6 Add extra validation parsing the server-to-client early_data extension
329114f Remove some TLSv1.3 TODOs that are no longer relevant
2c604cb Validate the ticket age for resumed sessions
6746648 Ensure the max_early_data option to s_server can be 0
bfa9a9a Provide a default value for max_early_data
70ef40a Check max_early_data against the amount of early data we actually 
receive
67f78ea Make sure we reset the read sequence when skipping records
1010936 Disallow handshake messages in the middle of early_data
c117af6 Fix seg fault when sending early_data using CCM ciphersuites
576eb39 Get s_client to report on whether early data was accepted or not
b2cc7f3 Implement client side parsing of the early_data extension
e065518 Add a "-early_data" option to s_server
fe5e20f Fix changing of the cipher state when dealing with early data
1ea4d09 Construct the server side early_data extension
d781d24 Provide an SSL_read_early() function for reading early data
6cb4226 Change the cipher state when sending early data
d49e23e Implement the early data changes required in tls13_change_cipher_state()
923ac82 Add an option to s_client to send early_data
0a87d0a Parse the early_data extension
a4f376a Construct the early_data extension
49e7fe1 Provide functions to write early data
5d5b3fb Parse the ticket_early_data_info extension
29fac54 Teach SSL_trace() about the early_data_info extension
048b189 Add a -max_early_data option to s_server
3fc8d85 Construct the ticket_early_data_info extension
73fb82b Remove ref to err(7), update copyright.
51f5930 -precert doesn't work when configured no-ct, don't try to test it then
a4c5f85 Fix the skip numbers in 80-test_ca.t
b661175 Use the built in boolean type for CompressionExpected
439db0c Add compression tests
f33f9dd Fix a compression bug
c19602b Ensure that we never select compression in TLSv1.3
398b0bb Add LDAP support (RFC 4511) to s_client ("-starttls ldap")
8cfc21f Configurations/10-main.conf: omit redundant -lresolv from Solaris 
configs.
3e49ee2 bio/b_addr.c: omit private hstrerror.
ea750b5 aes/aes_x86core.c: clarify reference implementation status.
5908555 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.
36907ea CHANGES: mention CFI annotations.
eac5414 bn/asm: clean up unused PA-RISC modules.
604c853 des/des_locl.h: clean up unused/irrelevant macros.
a3004c8 Check for zero records and return immediately
fd74aba appveyor.yml: streamline pull requests.
2844308 Configurations/50-masm.conf: add /nologo to ml64 command line.
45632ee Add NOTES.UNIX, with a description on how to deal with runpaths

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  6c34c5f30bf528237cb15ed634dc338412b51a76 (commit)
  from  fcbcb8dd80d9e3c561ea3012abcc1859c936ce15 (commit)


- Log -
commit 6c34c5f30bf528237cb15ed634dc338412b51a76
Author: Rich Salz 
Date:   Thu Mar 2 12:59:43 2017 -0500

Fix cherry-pick and put files in right place

Also SLS_set_bio.pod got copied, remove the clone.
[skip ci]

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/2828)

---

Summary of changes:
 doc/CT_POLICY_EVAL_CTX_new.pod | 111 ---
 doc/SCT_validate.pod   |  98 -
 doc/SSL_CTX_set_ct_validation_callback.pod | 142 -
 doc/crypto/CT_POLICY_EVAL_CTX_new.pod  |  21 +++-
 doc/crypto/SCT_validate.pod|  10 +-
 doc/crypto/SSL_set_bio.pod | 108 ---
 doc/ssl/SSL_CTX_set_ct_validation_callback.pod |   8 +-
 7 files changed, 30 insertions(+), 468 deletions(-)
 delete mode 100644 doc/CT_POLICY_EVAL_CTX_new.pod
 delete mode 100644 doc/SCT_validate.pod
 delete mode 100644 doc/SSL_CTX_set_ct_validation_callback.pod
 delete mode 100644 doc/crypto/SSL_set_bio.pod

diff --git a/doc/CT_POLICY_EVAL_CTX_new.pod b/doc/CT_POLICY_EVAL_CTX_new.pod
deleted file mode 100644
index fedc58d..000
--- a/doc/CT_POLICY_EVAL_CTX_new.pod
+++ /dev/null
@@ -1,111 +0,0 @@
-=pod
-
-=head1 NAME
-
-CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free,
-CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert,
-CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer,
-CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE,
-CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time -
-Encapsulates the data required to evaluate whether SCTs meet a Certificate 
Transparency policy
-
-=head1 SYNOPSIS
-
- #include 
-
- CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
- void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
- X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
- int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
- X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
- int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
- const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX 
*ctx);
- void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, 
CTLOG_STORE *log_store);
- uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
- void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t 
time_in_ms);
-
-=head1 DESCRIPTION
-
-A B is used by functions that evaluate whether Signed
-Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy.
-This policy may be, for example, that at least one valid SCT is available. To
-determine this, an SCT's timestamp and signature must be verified.
-This requires:
-
-=over
-
-=item * the public key of the log that issued the SCT
-
-=item * the certificate that the SCT was issued for
-
-=item * the issuer certificate (if the SCT was issued for a pre-certificate)
-
-=item * the current time
-
-=back
-
-The above requirements are met using the setters described below.
-
-CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
-should then be populated using:
-
-=over
-
-=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs 
were issued for
-
-Increments the reference count of the certificate.
-
-=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate
-
-Increments the reference count of the certificate.
-
-=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs 
that are trusted as sources of SCTs
-
-Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the
-CT_POLICY_EVAL_CTX.
-
-=item * CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared 
with to determine if they are valid
-
-The SCT timestamp will be compared to this time to check whether the SCT was
-issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
-timestamp is in the future". By default, this will be set to 5 minutes in the
-future (e.g. (time() + 300) * 1000), to allow for clock drift.
-
-The time should be in milliseconds since the Unix epoch.
-
-=back
-
-Each setter has a matching getter for accessing the current value.
-
-When no longer required, the B should be passed to
-CT_POLICY_EVAL_CTX_free() to delete it.
-
-=head1 NOTES
-
-The issuer certificate only needs to be provided if at least one of the SCTs
-was issued for a pre-certificate. This will be the case for SCTs embedded in a
-certificate (i.e. those in an X.509 extension), but may not be the case for 
SCTs

[openssl-commits] Still Failing: openssl/openssl#9176 (OpenSSL_1_1_0-stable - fcbcb8d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9176
Status: Still Failing

Duration: 12 minutes and 27 seconds
Commit: fcbcb8d (OpenSSL_1_1_0-stable)
Author: Rich Salz
Message: Remove ref to err(7), update copyright.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2825)
(cherry picked from commit 73fb82b72c7544cf52d95ac29d4a45b253395715)

View the changeset: 
https://github.com/openssl/openssl/compare/c81fa2e187c9...fcbcb8dd80d9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207092480

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9173 (master - 83750d9)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9173
Status: Errored

Duration: 6 minutes and 52 seconds
Commit: 83750d9 (master)
Author: Matt Caswell
Message: More early data documentation updates following feedback

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2737)

View the changeset: 
https://github.com/openssl/openssl/compare/73fb82b72c75...83750d9b2b51

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207084379

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9172 (master - 73fb82b)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9172
Status: Errored

Duration: 14 minutes and 6 seconds
Commit: 73fb82b (master)
Author: Rich Salz
Message: Remove ref to err(7), update copyright.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2825)

View the changeset: 
https://github.com/openssl/openssl/compare/51f5930ae6d1...73fb82b72c75

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207082760

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9170 (master - 51f5930)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9170
Status: Errored

Duration: 12 minutes and 50 seconds
Commit: 51f5930 (master)
Author: Richard Levitte
Message: -precert doesn't work when configured no-ct, don't try to test it then

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2827)

View the changeset: 
https://github.com/openssl/openssl/compare/b6611753a6d9...51f5930ae6d1

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207079763

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  fcbcb8dd80d9e3c561ea3012abcc1859c936ce15 (commit)
  from  c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f (commit)


- Log -
commit fcbcb8dd80d9e3c561ea3012abcc1859c936ce15
Author: Rich Salz 
Date:   Thu Mar 2 10:07:21 2017 -0500

Remove ref to err(7), update copyright.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2825)
(cherry picked from commit 73fb82b72c7544cf52d95ac29d4a45b253395715)

---

Summary of changes:
 doc/crypto/CONF_modules_load_file.pod  |  6 +++---
 doc/crypto/ERR_GET_LIB.pod |  4 ++--
 doc/crypto/ERR_clear_error.pod |  4 ++--
 doc/crypto/ERR_error_string.pod|  4 ++--
 doc/crypto/ERR_get_error.pod   |  4 ++--
 doc/crypto/ERR_load_crypto_strings.pod |  4 ++--
 doc/crypto/ERR_load_strings.pod|  4 ++--
 doc/crypto/ERR_print_errors.pod|  6 +++---
 doc/crypto/ERR_put_error.pod   |  4 ++--
 doc/crypto/ERR_remove_state.pod|  4 ++--
 doc/crypto/ERR_set_mark.pod|  6 +-
 doc/crypto/EVP_DigestSignInit.pod  | 10 +-
 doc/crypto/EVP_DigestVerifyInit.pod| 10 +-
 doc/crypto/EVP_SignInit.pod| 10 +-
 doc/crypto/EVP_VerifyInit.pod  | 12 ++--
 15 files changed, 44 insertions(+), 48 deletions(-)

diff --git a/doc/crypto/CONF_modules_load_file.pod 
b/doc/crypto/CONF_modules_load_file.pod
index 9e4071f..1149142 100644
--- a/doc/crypto/CONF_modules_load_file.pod
+++ b/doc/crypto/CONF_modules_load_file.pod
@@ -121,12 +121,12 @@ return value of the failing module (this will always be 
zero or negative).
 
 =head1 SEE ALSO
 
-L, L,
-L, L
+L, L,
+L
 
 =head1 COPYRIGHT
 
-Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod
index 7368a40..5602a8e 100644
--- a/doc/crypto/ERR_GET_LIB.pod
+++ b/doc/crypto/ERR_GET_LIB.pod
@@ -47,7 +47,7 @@ is fatal, respectively.
 
 =head1 SEE ALSO
 
-L, L
+L
 
 =head1 HISTORY
 
@@ -56,7 +56,7 @@ all versions of OpenSSL.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod
index 892c67f..c876615 100644
--- a/doc/crypto/ERR_clear_error.pod
+++ b/doc/crypto/ERR_clear_error.pod
@@ -20,11 +20,11 @@ ERR_clear_error() has no return value.
 
 =head1 SEE ALSO
 
-L, L
+L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod
index 12f4f72..695eaf2 100644
--- a/doc/crypto/ERR_error_string.pod
+++ b/doc/crypto/ERR_error_string.pod
@@ -59,12 +59,12 @@ none is registered for the error code.
 
 =head1 SEE ALSO
 
-L, L,
+L,
 L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod
index a7efc74..3b223c9 100644
--- a/doc/crypto/ERR_get_error.pod
+++ b/doc/crypto/ERR_get_error.pod
@@ -64,12 +64,12 @@ The error code, or 0 if there is no error in the queue.
 
 =head1 SEE ALSO
 
-L, L,
+L,
 L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/crypto/ERR_load_crypto_strings.pod 
b/doc/crypto/ERR_load_crypto_strings.pod
index 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  73fb82b72c7544cf52d95ac29d4a45b253395715 (commit)
  from  51f5930ae6d17c838674f3129d992a0366a63139 (commit)


- Log -
commit 73fb82b72c7544cf52d95ac29d4a45b253395715
Author: Rich Salz 
Date:   Thu Mar 2 10:07:21 2017 -0500

Remove ref to err(7), update copyright.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2825)

---

Summary of changes:
 doc/man3/CONF_modules_load_file.pod  | 4 ++--
 doc/man3/ERR_GET_LIB.pod | 4 ++--
 doc/man3/ERR_clear_error.pod | 4 ++--
 doc/man3/ERR_error_string.pod| 4 ++--
 doc/man3/ERR_get_error.pod   | 4 ++--
 doc/man3/ERR_load_crypto_strings.pod | 4 ++--
 doc/man3/ERR_load_strings.pod| 4 ++--
 doc/man3/ERR_print_errors.pod| 6 +++---
 doc/man3/ERR_put_error.pod   | 4 ++--
 doc/man3/ERR_remove_state.pod| 4 ++--
 doc/man3/ERR_set_mark.pod| 6 +-
 doc/man3/EVP_DigestSignInit.pod  | 4 ++--
 doc/man3/EVP_DigestVerifyInit.pod| 4 ++--
 doc/man3/EVP_SignInit.pod| 4 ++--
 doc/man3/EVP_VerifyInit.pod  | 4 ++--
 doc/man3/SSL_get_error.pod   | 2 +-
 doc/man3/SSL_want.pod| 2 +-
 17 files changed, 32 insertions(+), 36 deletions(-)

diff --git a/doc/man3/CONF_modules_load_file.pod 
b/doc/man3/CONF_modules_load_file.pod
index 7ddd12a..1149142 100644
--- a/doc/man3/CONF_modules_load_file.pod
+++ b/doc/man3/CONF_modules_load_file.pod
@@ -122,11 +122,11 @@ return value of the failing module (this will always be 
zero or negative).
 =head1 SEE ALSO
 
 L, L,
-L, L
+L
 
 =head1 COPYRIGHT
 
-Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ERR_GET_LIB.pod b/doc/man3/ERR_GET_LIB.pod
index 7368a40..5602a8e 100644
--- a/doc/man3/ERR_GET_LIB.pod
+++ b/doc/man3/ERR_GET_LIB.pod
@@ -47,7 +47,7 @@ is fatal, respectively.
 
 =head1 SEE ALSO
 
-L, L
+L
 
 =head1 HISTORY
 
@@ -56,7 +56,7 @@ all versions of OpenSSL.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ERR_clear_error.pod b/doc/man3/ERR_clear_error.pod
index 1c85e59..c876615 100644
--- a/doc/man3/ERR_clear_error.pod
+++ b/doc/man3/ERR_clear_error.pod
@@ -20,11 +20,11 @@ ERR_clear_error() has no return value.
 
 =head1 SEE ALSO
 
-L, L
+L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ERR_error_string.pod b/doc/man3/ERR_error_string.pod
index 7fcf2f2..695eaf2 100644
--- a/doc/man3/ERR_error_string.pod
+++ b/doc/man3/ERR_error_string.pod
@@ -59,12 +59,12 @@ none is registered for the error code.
 
 =head1 SEE ALSO
 
-L, L,
+L,
 L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index d8759a0..3b223c9 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -64,12 +64,12 @@ The error code, or 0 if there is no error in the queue.
 
 =head1 SEE ALSO
 
-L, L,
+L,
 L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ERR_load_crypto_strings.pod 
b/doc/man3/ERR_load_crypto_strings.pod
index ed3f122..56d91d5 100644
--- a/doc/man3/ERR_load_crypto_strings.pod
+++ b/doc/man3/ERR_load_crypto_strings.pod
@@ -42,7 +42,7 @@ ERR_free_strings() return no 

[openssl-commits] Errored: openssl/openssl#9168 (master - b661175)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9168
Status: Errored

Duration: 17 minutes and 13 seconds
Commit: b661175 (master)
Author: Matt Caswell
Message: Use the built in boolean type for CompressionExpected

Don't create a custom boolean type for parsing CompressionExpected. Use
the existing one instead.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2814)

View the changeset: 
https://github.com/openssl/openssl/compare/398b0bbdf71d...b6611753a6d9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207066481

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  51f5930ae6d17c838674f3129d992a0366a63139 (commit)
   via  a4c5f8593c1451aa40c814365d3a8ce54de92bd2 (commit)
  from  b6611753a6d9bef6a8c16850a9eb9215d8a84fac (commit)


- Log -
commit 51f5930ae6d17c838674f3129d992a0366a63139
Author: Richard Levitte 
Date:   Thu Mar 2 18:27:17 2017 +0100

-precert doesn't work when configured no-ct, don't try to test it then

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2827)

commit a4c5f8593c1451aa40c814365d3a8ce54de92bd2
Author: Richard Levitte 
Date:   Thu Mar 2 18:26:26 2017 +0100

Fix the skip numbers in 80-test_ca.t

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2827)

---

Summary of changes:
 test/recipes/80-test_ca.t | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index e9ff318..f62d9d5 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -13,6 +13,7 @@ use warnings;
 use POSIX;
 use File::Path 2.00 qw/rmtree/;
 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+use OpenSSL::Test::Utils;
 
 setup("test_ca");
 
@@ -25,23 +26,26 @@ rmtree("demoCA", { safe => 0 });
 plan tests => 5;
  SKIP: {
  $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
- skip "failed creating CA structure", 3
+ skip "failed creating CA structure", 4
 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
'creating CA structure');
 
  $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
- skip "failed creating new certificate request", 2
+ skip "failed creating new certificate request", 3
 if !ok(run(perlapp(["CA.pl","-newreq"])),
'creating certificate request');
 
  $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
- skip "failed to sign certificate request", 1
+ skip "failed to sign certificate request", 2
 if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
'signing certificate request');
 
  ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
 'verifying new certificate');
 
+ skip "CT not configured, can't use -precert", 1
+ if disabled("ct");
+
  $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
  ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
 'creating new pre-certificate');
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#9166 (OpenSSL_1_1_0-stable - c81fa2e)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9166
Status: Still Failing

Duration: 6 minutes and 56 seconds
Commit: c81fa2e (OpenSSL_1_1_0-stable)
Author: Andy Polyakov
Message: Configurations/10-main.conf: omit redundant -lresolv from Solaris 
configs.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(cherry picked from commit 8cfc21f53af5187497a8567bb2801c36472d7016)

View the changeset: 
https://github.com/openssl/openssl/compare/2d951d8cdef5...c81fa2e187c9

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207046692

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  b6611753a6d9bef6a8c16850a9eb9215d8a84fac (commit)
   via  439db0c97bd50cae008e876c6c8ed5e5011bf6eb (commit)
   via  f33f9ddefbb34584acb73c51e286f9913af96534 (commit)
   via  c19602b543562104b756aa6adec9bd5081207574 (commit)
  from  398b0bbdf71d852daf2e79d842cd0d307ec9f8f6 (commit)


- Log -
commit b6611753a6d9bef6a8c16850a9eb9215d8a84fac
Author: Matt Caswell 
Date:   Thu Mar 2 13:41:10 2017 +

Use the built in boolean type for CompressionExpected

Don't create a custom boolean type for parsing CompressionExpected. Use
the existing one instead.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2814)

commit 439db0c97bd50cae008e876c6c8ed5e5011bf6eb
Author: Matt Caswell 
Date:   Wed Mar 1 12:11:51 2017 +

Add compression tests

Check whether we negotiate compression in various scenarios.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2814)

commit f33f9ddefbb34584acb73c51e286f9913af96534
Author: Matt Caswell 
Date:   Wed Mar 1 11:20:30 2017 +

Fix a compression bug

do_ssl3_write() was crashing when compression was enabled. We calculate
the maximum length that a record will be after compression and reserve
those bytes in the WPACKET. Unfortunately we were adding the maximum
compression overhead onto the wrong variable resulting in a corrupted
record.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2814)

commit c19602b543562104b756aa6adec9bd5081207574
Author: Matt Caswell 
Date:   Wed Mar 1 10:36:38 2017 +

Ensure that we never select compression in TLSv1.3

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2814)

---

Summary of changes:
 ssl/record/rec_layer_s3.c |   2 +-
 ssl/statem/statem_clnt.c  |   4 +-
 ssl/statem/statem_srvr.c  |   7 +-
 test/handshake_helper.c   |   3 +
 test/handshake_helper.h   |   1 +
 test/recipes/80-test_ssl_new.t|   4 +-
 test/ssl-tests/22-compression.conf| 112 ++
 test/ssl-tests/22-compression.conf.in | 127 ++
 test/ssl_test.c   |  11 +++
 test/ssl_test_ctx.c   |   5 ++
 test/ssl_test_ctx.h   |   6 ++
 test/ssl_test_ctx_test.c  |   8 +++
 test/ssl_test_ctx_test.conf   |   3 +
 13 files changed, 287 insertions(+), 6 deletions(-)
 create mode 100644 test/ssl-tests/22-compression.conf
 create mode 100644 test/ssl-tests/22-compression.conf.in

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 37f7cd3..5aea4b3 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -791,7 +791,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char 
*buf,
 
 maxcomplen = pipelens[j];
 if (s->compress != NULL)
-pipelens[j] += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 
 /* write the header */
 if (!WPACKET_put_bytes_u8(thispkt, rectype)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 1943f55..abddc0a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1105,7 +1105,9 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
 return 0;
 }
 #ifndef OPENSSL_NO_COMP
-if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+if (ssl_allow_compression(s)
+&& s->ctx->comp_methods
+&& (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {
 int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
 for (i = 0; i < compnum; i++) {
 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 26c37c7..39e0f59 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1736,7 +1736,7 @@ static int tls_early_post_process_client_hello(SSL *s, 
int *al)
 s->s3->tmp.new_compression = NULL;
 #ifndef OPENSSL_NO_COMP
 /* This only happens if we have a cache hit */
-if (s->session->compress_meth != 0) {
+if (s->session->compress_meth != 0 && !SSL_IS_TLS13(s)) {
 int m, comp_id = s->session->compress_meth;
 unsigned int k;
 /* Perform sanity checks on resumed compression algorithm */
@@ -1770,9 +1770,10 @@ static int tls_early_post_process_client_hello(SSL *s, 
int *al)
SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
 goto err;
 }
-} else if 

[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-asm -ansi

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi

Commit log since last time:

4137161 Add NOTES.UNIX, with a description on how to deal with runpaths
4cdf91e Check that async_jobs is not negative and not too high.
1c78765 VMS: compensate for gmtime_r() parameter pointer size

Build log ended with (last 100 lines):

make[1]: Leaving directory '/home/openssl/run-checker-1.1.0/no-asm_-ansi'
make[1]: Entering directory '/home/openssl/run-checker-1.1.0/no-asm_-ansi'
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o 
../openssl/crypto/aes/aes_cbc.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o 
../openssl/crypto/aes/aes_cfb.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o 
../openssl/crypto/aes/aes_core.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o crypto/aes/aes_ecb.o 
../openssl/crypto/aes/aes_ecb.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_ige.d.tmp -MT crypto/aes/aes_ige.o -c -o 

[openssl-commits] Errored: openssl/openssl#9163 (master - 398b0bb)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9163
Status: Errored

Duration: 8 minutes and 16 seconds
Commit: 398b0bb (master)
Author: Robert Scheck
Message: Add LDAP support (RFC 4511) to s_client ("-starttls ldap")

Based on initial patch by Alex Bergmann  and new function
ldap_ExtendedResponse_parse() by Andy Polyakov . Thanks
very much to both.

Reviewed-by: Rich Salz 
Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/2293)

View the changeset: 
https://github.com/openssl/openssl/compare/8cfc21f53af5...398b0bbdf71d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207038190

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9162 (master - 8cfc21f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9162
Status: Errored

Duration: 17 minutes and 38 seconds
Commit: 8cfc21f (master)
Author: Andy Polyakov
Message: Configurations/10-main.conf: omit redundant -lresolv from Solaris 
configs.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/ea750b59297a...8cfc21f53af5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207036438

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9160 (master - ea750b5)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9160
Status: Errored

Duration: 16 minutes and 23 seconds
Commit: ea750b5 (master)
Author: Andy Polyakov
Message: aes/aes_x86core.c: clarify reference implementation status.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/36907eaef534...ea750b59297a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207035230

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9159 (master - eac5414)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9159
Status: Errored

Duration: 17 minutes and 3 seconds
Commit: eac5414 (master)
Author: Andy Polyakov
Message: bn/asm: clean up unused PA-RISC modules.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/604c853d4532...eac54143fd33

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207032970

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Andy Polyakov]

The branch OpenSSL_1_1_0-stable has been updated
   via  c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f (commit)
   via  654f7f6be617d2be316b3d60f593767105a9859a (commit)
  from  2d951d8cdef56aeeb6c08387531de943683e80ce (commit)


- Log -
commit c81fa2e187c9dfb2cf67d6e183fee3d2a726c59f
Author: Andy Polyakov 
Date:   Wed Mar 1 21:40:02 2017 +0100

Configurations/10-main.conf: omit redundant -lresolv from Solaris configs.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(cherry picked from commit 8cfc21f53af5187497a8567bb2801c36472d7016)

commit 654f7f6be617d2be316b3d60f593767105a9859a
Author: Andy Polyakov 
Date:   Wed Mar 1 21:28:05 2017 +0100

bio/b_addr.c: omit private hstrerror.

Private hstrerror was introduced to address linking problem on HP-UX,
but truth be told conemporary systems, HP-UX included, wouldn't come
to that call, they would use getaddrinfo and gai_strerror, while
gethostbyname and h_errno are there to serve legacy systems. Since
legacy systems are naturally disappearing breed, we can as well just
let user interpret number.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 
(cherry picked from commit 3e49ee23eab5c3fa57d14dc5f82f50cbea718322)

---

Summary of changes:
 Configurations/10-main.conf |  2 +-
 crypto/bio/b_addr.c | 44 +++-
 2 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 985220f..39b89e7 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -179,7 +179,7 @@ sub vms_info {
 inherit_from => [ "BASE_unix" ],
 template => 1,
 cflags   => "-DFILIO_H",
-ex_libs  => add("-lresolv -lsocket -lnsl -ldl"),
+ex_libs  => add("-lsocket -lnsl -ldl"),
 dso_scheme   => "dlfcn",
 thread_scheme=> "pthreads",
 shared_target=> "solaris-shared",
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 0f1900d..51a27d5 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -18,30 +18,6 @@
 #include 
 #include 
 
-#ifdef _HPUX_SOURCE
-static const char *ossl_hstrerror(int herr)
-{
-switch (herr) {
-case -1:
-return strerror(errno);
-case 0:
-return "No error";
-case HOST_NOT_FOUND:
-return "Host not found";
-case NO_DATA:/* NO_ADDRESS is a synonym */
-return "No data";
-case NO_RECOVERY:
-return "Non recoverable error";
-case TRY_AGAIN:
-return "Try again";
-default:
-break;
-}
-return "unknown error";
-}
-# define hstrerror(e) ossl_hstrerror(e)
-#endif
-
 CRYPTO_RWLOCK *bio_lookup_lock;
 static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
 
@@ -688,9 +664,10 @@ int BIO_lookup(const char *host, const char *service,
 return 0;
 
 if (1) {
-int gai_ret = 0;
 #ifdef AI_PASSIVE
+int gai_ret = 0;
 struct addrinfo hints;
+
 memset(, 0, sizeof hints);
 
 hints.ai_family = family;
@@ -780,8 +757,18 @@ int BIO_lookup(const char *host, const char *service,
 
 if (he == NULL) {
 #ifndef OPENSSL_SYS_WINDOWS
-BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
-ERR_add_error_data(1, hstrerror(h_errno));
+/*
+ * This might be misleading, because h_errno is used as if
+ * it was errno. To minimize mixup add 1000. Underlying
+ * reason for this is that hstrerror is declared obsolete,
+ * not to mention that a) h_errno is not always guaranteed
+ * to be meanigless; b) hstrerror can reside in yet another
+ * library, linking for sake of hstrerror is an overkill;
+ * c) this path is not executed on contemporary systems
+ * anyway [above getaddrinfo/gai_strerror is]. We just let
+ * system administrator figure this out...
+ */
+SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
 #else
 SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
@@ -830,8 +817,7 @@ int BIO_lookup(const char *host, const char *service,
 
 if (se == NULL) {
 #ifndef OPENSSL_SYS_WINDOWS
-BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
-ERR_add_error_data(1, hstrerror(h_errno));
+SYSerr(SYS_F_GETSERVBYNAME, errno);
 #else
 SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
 #endif
_
openssl-commits mailing list
To 

[openssl-commits] Errored: openssl/openssl#9158 (master - 604c853)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9158
Status: Errored

Duration: 12 minutes and 47 seconds
Commit: 604c853 (master)
Author: Andy Polyakov
Message: des/des_locl.h: clean up unused/irrelevant macros.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/a3004c820370...604c853d4532

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207032060

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  36907eaef534fa3a164c57fab802fc1f3932dc5c (commit)
  from  eac54143fd33f5f5140f3a6a55008a1453a8c369 (commit)


- Log -
commit 36907eaef534fa3a164c57fab802fc1f3932dc5c
Author: Andy Polyakov 
Date:   Sun Feb 26 21:37:50 2017 +0100

CHANGES: mention CFI annotations.

[skip ci]

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES | 4 
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index a06b1da..12a9c92 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.1.0e and 1.1.1 [xx XXX ]
 
+  *) x86_64 assembly pack: annotate code with DWARF CFI directives to
+ facilitate stack unwinding even from assembly subroutines.
+ [Andy Polyakov]
+
   *) Remove VAX C specific definitions of OPENSSL_EXPORT, OPENSSL_EXTERN.
  Also remove OPENSSL_GLOBAL entirely, as it became a no-op.
  [Richard Levitte]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  ea750b59297a7be5ed23d9ae579a3d69b6491c2c (commit)
   via  5908555c961ae5d3fc265e0961997fbe14a02091 (commit)
  from  36907eaef534fa3a164c57fab802fc1f3932dc5c (commit)


- Log -
commit ea750b59297a7be5ed23d9ae579a3d69b6491c2c
Author: Andy Polyakov 
Date:   Wed Mar 1 11:41:09 2017 +0100

aes/aes_x86core.c: clarify reference implementation status.

Reviewed-by: Richard Levitte 

commit 5908555c961ae5d3fc265e0961997fbe14a02091
Author: Andy Polyakov 
Date:   Wed Mar 1 11:40:41 2017 +0100

evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/aes/aes_x86core.c   | 17 -
 crypto/evp/e_aes_cbc_hmac_sha1.c   |  8 
 crypto/evp/e_aes_cbc_hmac_sha256.c |  8 
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
index 95b49bb..21dca9e 100644
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -7,6 +7,14 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] as well as some
+ * other assembly modules.
+ */
+
 /**
  * rijndael-alg-fst.c
  *
@@ -33,15 +41,6 @@
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*
- * This is experimental x86[_64] derivative. It assumes little-endian
- * byte order and expects CPU to sustain unaligned memory references.
- * It is used as playground for cache-time attack mitigations and
- * serves as reference C implementation for x86[_64] assembler.
- *
- *  
- */
-
 
 #include 
 
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 52c7c74..a3c8951 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -565,7 +565,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 }
 # endif
 
-# if 1
+# if 1  /* see original reference version in #else */
 len -= SHA_DIGEST_LENGTH; /* amend mac */
 if (len >= (256 + SHA_CBLOCK)) {
 j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
@@ -659,7 +659,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 }
 #  endif
 len += SHA_DIGEST_LENGTH;
-# else
+# else  /* pre-lucky-13 reference version of above */
 SHA1_Update(>md, out, inp_len);
 res = key->md.num;
 SHA1_Final(pmac->c, >md);
@@ -686,7 +686,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 /* verify HMAC */
 out += inp_len;
 len -= inp_len;
-# if 1
+# if 1  /* see original reference version in #else */
 {
 unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
 size_t off = out - p;
@@ -708,7 +708,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
 ret &= (int)~res;
 }
-# else
+# else  /* pre-lucky-13 reference version of above */
 for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
 res |= out[i] ^ pmac->c[i];
 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c 
b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 5a92e0b..4830c00 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -552,7 +552,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 key->md = key->head;
 SHA256_Update(>md, key->aux.tls_aad, plen);
 
-# if 1
+# if 1  /* see original reference version in #else */
 len -= SHA256_DIGEST_LENGTH; /* amend mac */
 if (len >= (256 + SHA256_CBLOCK)) {
 j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
@@ -680,7 +680,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 for (; inp_blocks < pad_blocks; inp_blocks++)
 sha1_block_data_order(>md, data, 1);
 }
-# endif
+# endif  /* pre-lucky-13 reference version of above */
 key->md = key->tail;
 SHA256_Update(>md, pmac->c, SHA256_DIGEST_LENGTH);
 SHA256_Final(pmac->c, >md);
@@ -688,7 +688,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 /* verify 

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  398b0bbdf71d852daf2e79d842cd0d307ec9f8f6 (commit)
  from  8cfc21f53af5187497a8567bb2801c36472d7016 (commit)


- Log -
commit 398b0bbdf71d852daf2e79d842cd0d307ec9f8f6
Author: Robert Scheck 
Date:   Mon Feb 27 00:44:14 2017 +0100

Add LDAP support (RFC 4511) to s_client ("-starttls ldap")

Based on initial patch by Alex Bergmann  and new function
ldap_ExtendedResponse_parse() by Andy Polyakov . Thanks
very much to both.

Reviewed-by: Rich Salz 
Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/2293)

---

Summary of changes:
 apps/s_client.c   | 156 +-
 doc/man1/s_client.pod |   2 +-
 2 files changed, 156 insertions(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 6e790cf..351b5b9 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -96,6 +96,7 @@ static void print_stuff(BIO *berr, SSL *con, int full);
 #ifndef OPENSSL_NO_OCSP
 static int ocsp_resp_cb(SSL *s, void *arg);
 #endif
+static int ldap_ExtendedResponse_parse(const char *buf, long rem);
 
 static int saved_errno;
 
@@ -748,7 +749,8 @@ typedef enum PROTOCOL_choice {
 PROTO_POSTGRES,
 PROTO_LMTP,
 PROTO_NNTP,
-PROTO_SIEVE
+PROTO_SIEVE,
+PROTO_LDAP
 } PROTOCOL_CHOICE;
 
 static const OPT_PAIR services[] = {
@@ -764,6 +766,7 @@ static const OPT_PAIR services[] = {
 {"lmtp", PROTO_LMTP},
 {"nntp", PROTO_NNTP},
 {"sieve", PROTO_SIEVE},
+{"ldap", PROTO_LDAP},
 {NULL, 0}
 };
 
@@ -2281,6 +2284,75 @@ int s_client_main(int argc, char **argv)
 }
 }
 break;
+case PROTO_LDAP:
+{
+/* StartTLS Operation according to RFC 4511 */
+static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n"
+"[LDAPMessage]\n"
+"messageID=INTEGER:1\n"
+"extendedReq=EXPLICIT:23A,IMPLICIT:0C,"
+"FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+long errline = -1;
+char *genstr = NULL;
+int result = -1;
+ASN1_TYPE *atyp = NULL;
+BIO *ldapbio = BIO_new(BIO_s_mem());
+CONF *cnf = NCONF_new(NULL);
+
+if (cnf == NULL) {
+BIO_free(ldapbio);
+goto end;
+}
+BIO_puts(ldapbio, ldap_tls_genconf);
+if (NCONF_load_bio(cnf, ldapbio, ) <= 0) {
+BIO_free(ldapbio);
+NCONF_free(cnf);
+if (errline <= 0) {
+BIO_printf(bio_err, "NCONF_load_bio failed\n");
+goto end;
+} else {
+BIO_printf(bio_err, "Error on line %ld\n", errline);
+goto end;
+}
+}
+BIO_free(ldapbio);
+genstr = NCONF_get_string(cnf, "default", "asn1");
+if (genstr == NULL) {
+NCONF_free(cnf);
+BIO_printf(bio_err, "NCONF_get_string failed\n");
+goto end;
+}
+atyp = ASN1_generate_nconf(genstr, cnf);
+if (atyp == NULL) {
+NCONF_free(cnf);
+BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+goto end;
+}
+NCONF_free(cnf);
+
+/* Send SSLRequest packet */
+BIO_write(sbio, atyp->value.sequence->data,
+  atyp->value.sequence->length);
+(void)BIO_flush(sbio);
+ASN1_TYPE_free(atyp);
+
+mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+if (mbuf_len < 0) {
+BIO_printf(bio_err, "BIO_read failed\n");
+goto end;
+}
+result = ldap_ExtendedResponse_parse(mbuf, mbuf_len);
+if (result < 0) {
+BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n");
+goto shut;
+} else if (result > 0) {
+BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n",
+   result);
+goto shut;
+}
+mbuf_len = 0;
+}
+break;
 }
 
 for (;;) {
@@ -2920,4 +2992,86 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 }
 # endif
 
+static int ldap_ExtendedResponse_parse(const char *buf, long rem)
+{
+const unsigned char *cur, *end;
+long len;
+int tag, xclass, inf, ret = -1;
+
+cur = (const unsigned char *)buf;
+end = cur + rem;
+
+/*
+ * From RFC 4511:
+ *
+ *LDAPMessage ::= SEQUENCE {
+ * messageID   MessageID,
+ * protocolOp  

[openssl-commits] Still Failing: openssl/openssl#9156 (OpenSSL_1_1_0-stable - 2d951d8)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9156
Status: Still Failing

Duration: 2 minutes and 28 seconds
Commit: 2d951d8 (OpenSSL_1_1_0-stable)
Author: Jon Spillett
Message: Check for zero records and return immediately

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2822)
(cherry picked from commit a3004c820370b6bee82c919721fb1cbe95f72f3f)

View the changeset: 
https://github.com/openssl/openssl/compare/41371618f72b...2d951d8cdef5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207017566

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  8cfc21f53af5187497a8567bb2801c36472d7016 (commit)
   via  3e49ee23eab5c3fa57d14dc5f82f50cbea718322 (commit)
  from  ea750b59297a7be5ed23d9ae579a3d69b6491c2c (commit)


- Log -
commit 8cfc21f53af5187497a8567bb2801c36472d7016
Author: Andy Polyakov 
Date:   Wed Mar 1 21:40:02 2017 +0100

Configurations/10-main.conf: omit redundant -lresolv from Solaris configs.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit 3e49ee23eab5c3fa57d14dc5f82f50cbea718322
Author: Andy Polyakov 
Date:   Wed Mar 1 21:28:05 2017 +0100

bio/b_addr.c: omit private hstrerror.

Private hstrerror was introduced to address linking problem on HP-UX,
but truth be told conemporary systems, HP-UX included, wouldn't come
to that call, they would use getaddrinfo and gai_strerror, while
gethostbyname and h_errno are there to serve legacy systems. Since
legacy systems are naturally disappearing breed, we can as well just
let user interpret number.

GH#2816

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configurations/10-main.conf |  2 +-
 crypto/bio/b_addr.c | 44 +++-
 2 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 59234a8..91dd65f 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -179,7 +179,7 @@ sub vms_info {
 inherit_from => [ "BASE_unix" ],
 template => 1,
 cflags   => "-DFILIO_H",
-ex_libs  => add("-lresolv -lsocket -lnsl -ldl"),
+ex_libs  => add("-lsocket -lnsl -ldl"),
 dso_scheme   => "dlfcn",
 thread_scheme=> "pthreads",
 shared_target=> "solaris-shared",
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 0f1900d..51a27d5 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -18,30 +18,6 @@
 #include 
 #include 
 
-#ifdef _HPUX_SOURCE
-static const char *ossl_hstrerror(int herr)
-{
-switch (herr) {
-case -1:
-return strerror(errno);
-case 0:
-return "No error";
-case HOST_NOT_FOUND:
-return "Host not found";
-case NO_DATA:/* NO_ADDRESS is a synonym */
-return "No data";
-case NO_RECOVERY:
-return "Non recoverable error";
-case TRY_AGAIN:
-return "Try again";
-default:
-break;
-}
-return "unknown error";
-}
-# define hstrerror(e) ossl_hstrerror(e)
-#endif
-
 CRYPTO_RWLOCK *bio_lookup_lock;
 static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
 
@@ -688,9 +664,10 @@ int BIO_lookup(const char *host, const char *service,
 return 0;
 
 if (1) {
-int gai_ret = 0;
 #ifdef AI_PASSIVE
+int gai_ret = 0;
 struct addrinfo hints;
+
 memset(, 0, sizeof hints);
 
 hints.ai_family = family;
@@ -780,8 +757,18 @@ int BIO_lookup(const char *host, const char *service,
 
 if (he == NULL) {
 #ifndef OPENSSL_SYS_WINDOWS
-BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
-ERR_add_error_data(1, hstrerror(h_errno));
+/*
+ * This might be misleading, because h_errno is used as if
+ * it was errno. To minimize mixup add 1000. Underlying
+ * reason for this is that hstrerror is declared obsolete,
+ * not to mention that a) h_errno is not always guaranteed
+ * to be meanigless; b) hstrerror can reside in yet another
+ * library, linking for sake of hstrerror is an overkill;
+ * c) this path is not executed on contemporary systems
+ * anyway [above getaddrinfo/gai_strerror is]. We just let
+ * system administrator figure this out...
+ */
+SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
 #else
 SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
@@ -830,8 +817,7 @@ int BIO_lookup(const char *host, const char *service,
 
 if (se == NULL) {
 #ifndef OPENSSL_SYS_WINDOWS
-BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
-ERR_add_error_data(1, hstrerror(h_errno));
+SYSerr(SYS_F_GETSERVBYNAME, errno);
 #else
 SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  604c853d453282a3ef4d7d1ed8cbae57097c3813 (commit)
  from  a3004c820370b6bee82c919721fb1cbe95f72f3f (commit)


- Log -
commit 604c853d453282a3ef4d7d1ed8cbae57097c3813
Author: Andy Polyakov 
Date:   Tue Feb 28 22:54:28 2017 +0100

des/des_locl.h: clean up unused/irrelevant macros.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/des/des_locl.h | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
index 53881d4..3c08ce8 100644
--- a/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
@@ -26,10 +26,6 @@
 # define ITERATIONS 16
 # define HALF_ITERATIONS 8
 
-/* used in des_read and des_write */
-# define MAXWRITE(1024*16)
-# define BSIZE   (MAXWRITE+4)
-
 # define c2l(c,l)(l =((DES_LONG)(*((c)++))), \
  l|=((DES_LONG)(*((c)++)))<< 8L, \
  l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -60,7 +56,6 @@
  * replacements for htonl and ntohl since I have no idea what to do when
  * faced with machines with 8 byte longs.
  */
-# define HDRSIZE 4
 
 # define n2l(c,l)(l =((DES_LONG)(*((c)++)))<<24L, \
  l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -87,7 +82,7 @@
 } \
 }
 
-# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+# if defined(_MSC_VER)
 #  define ROTATE(a,n) (_lrotr(a,n))
 # elif defined(__ICC)
 #  define ROTATE(a,n) (_rotr(a,n))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  eac54143fd33f5f5140f3a6a55008a1453a8c369 (commit)
  from  604c853d453282a3ef4d7d1ed8cbae57097c3813 (commit)


- Log -
commit eac54143fd33f5f5140f3a6a55008a1453a8c369
Author: Andy Polyakov 
Date:   Tue Feb 28 23:25:36 2017 +0100

bn/asm: clean up unused PA-RISC modules.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/bn/asm/pa-risc2.s  | 1624 -
 crypto/bn/asm/pa-risc2W.s | 1612 
 crypto/bn/build.info  |   11 -
 3 files changed, 3247 deletions(-)
 delete mode 100644 crypto/bn/asm/pa-risc2.s
 delete mode 100644 crypto/bn/asm/pa-risc2W.s

diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
deleted file mode 100644
index 413eac7..000
--- a/crypto/bn/asm/pa-risc2.s
+++ /dev/null
@@ -1,1624 +0,0 @@
-; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-;
-; Licensed under the OpenSSL license (the "License").  You may not use
-; this file except in compliance with the License.  You can obtain a copy
-; in the file LICENSE in the source distribution or at
-; https://www.openssl.org/source/license.html
-;
-; PA-RISC 2.0 implementation of bn_asm code, based on the
-; 64-bit version of the code.  This code is effectively the
-; same as the 64-bit version except the register model is
-; slightly different given all values must be 32-bit between
-; function calls.  Thus the 64-bit return values are returned
-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
-;
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-   .level  2.0N
-   .space  $TEXT$
-   .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 32-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;"caller save" registers: fr4-fr11, fr22-fr31
-;"callee save" registers: fr12-fr21
-;"special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-; value zero :  r0
-; "caller save" registers: r1,r19-r26
-; "callee save" registers: r3-r18
-; return register:  r2  (rp)
-; return values  ; r28,r29  (ret0,ret1)
-; Stack pointer  ; r30  (sp) 
-; millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr   .reg %r26
-a_ptr   .reg %r25
-b_ptr   .reg %r24
-num .reg %r24
-n   .reg %r23
-
-;
-; Note that the "w" argument for bn_mul_add_words and bn_mul_words
-; is passed on the stack at a delta of -56 from the top of stack
-; as the routine is entered.
-;
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r23
-high_mask.reg %r22; value 0x8000L
-
-
-;--
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;  int num, 
BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg3 = num
-; -56(sp) =  w
-;
-; Local register definitions
-;
-
-fm1  .reg %fr22
-fm   .reg %fr23
-ht_temp  .reg %fr24
-ht_temp_1.reg %fr25
-lt_temp  .reg %fr26
-lt_temp_1.reg %fr27
-fm1_1.reg %fr28
-fm_1 .reg %fr29
-
-fw_h .reg %fr7L
-fw_l .reg %fr7R
-fw   .reg %fr7
-
-fht_0.reg %fr8L
-flt_0.reg %fr8R
-t_float_0.reg %fr8
-
-fht_1.reg %fr9L
-flt_1.reg %fr9R
-t_float_1.reg %fr9
-
-tmp_0.reg %r31
-tmp_1.reg %r21
-m_0  .reg %r20 
-m_1  .reg %r19 
-ht_0 .reg %r1  
-ht_1 .reg %r3
-lt_0 .reg %r4
-lt_1 .reg %r5
-m1_0 .reg %r6 
-m1_1 .reg %r7 
-rp_val   .reg %r8
-rp_val_1 .reg %r9
-
-bn_mul_add_words
-   .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-   .proc
-   .callinfo frame=128
-.entry
-   .align 64
-
-STD %r3,0(%sp)  ; save r3  
-STD %r4,8(%sp)  ; save r4  
-   NOP ; Needed to make the loop 

[openssl-commits] Errored: openssl/openssl#9155 (master - a3004c8)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9155
Status: Errored

Duration: 14 minutes and 40 seconds
Commit: a3004c8 (master)
Author: Jon Spillett
Message: Check for zero records and return immediately

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2822)

View the changeset: 
https://github.com/openssl/openssl/compare/fd74aba83652...a3004c820370

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207017513

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: openssl/openssl#8986 (OpenSSL_1_0_2-stable - 0da68ec)

[Travis CI]

Build Update for openssl/openssl
-

Build: #8986
Status: Canceled

Duration: 6 hours, 25 minutes, and 3 seconds
Commit: 0da68ec (OpenSSL_1_0_2-stable)
Author: Adrian Vollmer
Message: Adjust the default value of the private key size

...in the man page to reflect the actual default (2048 instead of 512)

CLA: trivial
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2754)

(cherry picked from commit 013bc448672cbc3c9cd154709400c676c2955229)

View the changeset: 
https://github.com/openssl/openssl/compare/847406923534...0da68ec9a267

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/205854937

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  a3004c820370b6bee82c919721fb1cbe95f72f3f (commit)
  from  fd74aba83652a8410a74b59de0b098232af74e33 (commit)


- Log -
commit a3004c820370b6bee82c919721fb1cbe95f72f3f
Author: Jon Spillett 
Date:   Thu Mar 2 12:54:06 2017 +1000

Check for zero records and return immediately

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2822)

---

Summary of changes:
 ssl/record/ssl3_record.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 84f54cb..3868bb5 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -740,6 +740,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int 
send)
 int imac_size;
 const EVP_CIPHER *enc;
 
+if (n_recs == 0)
+return 0;
+
 if (send) {
 if (EVP_MD_CTX_md(s->write_hash)) {
 int n = EVP_MD_CTX_size(s->write_hash);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  2d951d8cdef56aeeb6c08387531de943683e80ce (commit)
  from  41371618f72b93bdf3e0a4be369e4df6b65334cd (commit)


- Log -
commit 2d951d8cdef56aeeb6c08387531de943683e80ce
Author: Jon Spillett 
Date:   Thu Mar 2 12:54:06 2017 +1000

Check for zero records and return immediately

Reviewed-by: Matt Caswell 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2822)
(cherry picked from commit a3004c820370b6bee82c919721fb1cbe95f72f3f)

---

Summary of changes:
 ssl/record/ssl3_record.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 03c5294..5da44e5 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -661,6 +661,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int 
n_recs, int send)
 const EVP_CIPHER *enc;
 unsigned int ctr;
 
+if (n_recs == 0)
+return 0;
+
 if (send) {
 if (EVP_MD_CTX_md(s->write_hash)) {
 int n = EVP_MD_CTX_size(s->write_hash);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9151 (master - fd74aba)

[Travis CI]

Build Update for openssl/openssl
-

Build: #9151
Status: Errored

Duration: 19 minutes and 33 seconds
Commit: fd74aba (master)
Author: Andy Polyakov
Message: appveyor.yml: streamline pull requests.

For pull requests not tagged with [extended tests]:

- short-curcuit most expensive fuzz and install tests;
- skip over non-shared builds;

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2810)

View the changeset: 
https://github.com/openssl/openssl/compare/45632ee3bb7a...fd74aba83652

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/206987622

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  fd74aba83652a8410a74b59de0b098232af74e33 (commit)
   via  28443085c771309898b3f4f36f3e79802c59723d (commit)
  from  45632ee3bb7ab4ed405d5251d76dd5b94d782adb (commit)


- Log -
commit fd74aba83652a8410a74b59de0b098232af74e33
Author: Andy Polyakov 
Date:   Wed Mar 1 14:33:34 2017 +0100

appveyor.yml: streamline pull requests.

For pull requests not tagged with [extended tests]:

- short-curcuit most expensive fuzz and install tests;
- skip over non-shared builds;

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2810)

commit 28443085c771309898b3f4f36f3e79802c59723d
Author: Andy Polyakov 
Date:   Wed Mar 1 14:32:25 2017 +0100

Configurations/50-masm.conf: add /nologo to ml64 command line.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2810)

---

Summary of changes:
 Configurations/50-masm.conf |  2 +-
 appveyor.yml| 35 +--
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf
index 84cf2f1..0ec5e95 100644
--- a/Configurations/50-masm.conf
+++ b/Configurations/50-masm.conf
@@ -12,7 +12,7 @@
 inherit_from=> [ "VC-WIN64-common", asm("x86_64_asm"),
  sub { $disabled{shared} ? () : "x86_64_uplink" } 
],
 as  => "ml64",
-asflags => "/c /Cp /Cx /Zi",
+asflags => "/nologo /c /Cp /Cx /Zi",
 asoutflag   => "/Fo",
 sys_id  => "WIN64A",
 bn_asm_src  => sub { return undef unless @_;
diff --git a/appveyor.yml b/appveyor.yml
index d47c6cd..9c896fc 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,14 +1,15 @@
 platform:
-- x86
 - x64
+- x86
 
 environment:
+fast_finish: true
 matrix:
 - VSVER: 14
 
 configuration:
-- plain
 - shared
+- plain
 
 before_build:
 - ps: >-
@@ -31,18 +32,32 @@ before_build:
 - cd _build
 - perl ..\Configure %TARGET% %SHARED%
 - cd ..
+- ps: >-
+if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER -or ( log -2 | 
Select-String "\[extended tests\]") ) {
+$env:EXTENDED_TESTS="yes"
+}
 
 build_script:
-- cd _build
-- nmake
-- cd ..
+- ps: >-
+If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
+cd _build
+
+cd ..
+}
 
 test_script:
-- cd _build
-- nmake test V=1
-- mkdir ..\_install
-- nmake install install_docs DESTDIR=..\_install
-- cd ..
+- ps: >-
+If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
+cd _build
+if ($env:EXTENDED_TESTS) {
+ test V=1
+mkdir ..\_install
+ install install_docs DESTDIR=..\_install
+} Else {
+ test V=1 TESTS=-test_fuzz
+}
+cd ..
+}
 
 notifications:
 - provider: Email
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-deprecated

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-deprecated

Commit log since last time:

4137161 Add NOTES.UNIX, with a description on how to deal with runpaths
4cdf91e Check that async_jobs is not negative and not too high.
1c78765 VMS: compensate for gmtime_r() parameter pointer size

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPE
 NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_enc.d.tmp -MT crypto/bf/bf_enc.o -c -o 
crypto/bf/bf_enc.o ../openssl/crypto/bf/bf_enc.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPE
 NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_ofb64.d.tmp -MT crypto/bf/bf_ofb64.o 
-c -o crypto/bf/bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPE
 NSSL_USE_NODELETE -MMD -MF crypto/bf/bf_skey.d.tmp -MT crypto/bf/bf_skey.o -c 
-o crypto/bf/bf_skey.o ../openssl/crypto/bf/bf_skey.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSL_API_COMPAT=0x1010L -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPE
 NSSL_USE_NODELETE -MMD -MF crypto/bio/b_addr.d.tmp -MT 

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi

Commit log since last time:

f8aa157 Check that async_jobs is not negative and not too high.
607c926 Code health: ssl/ssl_locl.h unused macros
48ce800 VMS: compensate for gmtime_r() parameter pointer size
15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
2f0ca54 Remove some obsolete/obscure internal define switches:
06611d0 Remove OPENSSL_indirect_call()
5c6c4c5 Don't free in cleanup routine
695ecf8 crypto/des: remove unreferenced rcp_enc.c module.

Build log ended with (last 100 lines):

make[1]: Entering directory '/home/openssl/run-checker/no-asm_-ansi'
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra 
-Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_cbc.d.tmp -MT crypto/aes/aes_cbc.o -c -o crypto/aes/aes_cbc.o 
../openssl/crypto/aes/aes_cbc.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra 
-Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o 
../openssl/crypto/aes/aes_cfb.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra 
-Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_core.d.tmp -MT crypto/aes/aes_core.o -c -o crypto/aes/aes_core.o 
../openssl/crypto/aes/aes_core.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra 
-Wswitch-default -Wno-unused-parameter -Wno-parentheses-equality 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o crypto/aes/aes_ecb.o 
../openssl/crypto/aes/aes_ecb.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat 

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method

Commit log since last time:

f8aa157 Check that async_jobs is not negative and not too high.
607c926 Code health: ssl/ssl_locl.h unused macros
48ce800 VMS: compensate for gmtime_r() parameter pointer size
15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
2f0ca54 Remove some obsolete/obscure internal define switches:
06611d0 Remove OPENSSL_indirect_call()
5c6c4c5 Don't free in cleanup routine
695ecf8 crypto/des: remove unreferenced rcp_enc.c module.

Build log ended with (last 100 lines):

../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'Comparing generated sources.'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 124.
#  got: '1'
# expected: '0'
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 05-sni.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 98.
# Looks like you failed 1 test of 21.
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/21 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_bioprint.t . ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/test/recipes/90-test_external.t . skipped: No external 
tests in this 

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1

Commit log since last time:

f8aa157 Check that async_jobs is not negative and not too high.
607c926 Code health: ssl/ssl_locl.h unused macros
48ce800 VMS: compensate for gmtime_r() parameter pointer size
15d95dd Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
2f0ca54 Remove some obsolete/obscure internal define switches:
06611d0 Remove OPENSSL_indirect_call()
5c6c4c5 Don't free in cleanup routine
695ecf8 crypto/des: remove unreferenced rcp_enc.c module.

Build log ended with (last 100 lines):

../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'Comparing generated sources.'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 124.
#  got: '1'
# expected: '0'
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 05-sni.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 98.
# Looks like you failed 1 test of 21.
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/21 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_bioprint.t . ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/test/recipes/90-test_external.t . skipped: No external 
tests in this configuration