date:20170304

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3

Build log ended with (last 100 lines):

../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'Comparing generated sources.'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 126.
#  got: '1'
# expected: '0'
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 05-sni.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 100.
# Looks like you failed 1 test of 22.
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/22 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_bioprint.t . ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/test/recipes/90-test_external.t . skipped: No external 
tests in this configuration
../../openssl/test/recipes/90-test_gmdiff.t ... ok
../../openssl/test/recipes/90-test_ige.t

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1-method

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1-method

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3

Build log ended with (last 100 lines):

../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'Comparing generated sources.'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 126.
#  got: '1'
# expected: '0'
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 05-sni.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 100.
# Looks like you failed 1 test of 22.
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/22 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_bioprint.t . ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/test/recipes/90-test_external.t . skipped: No external 
tests in this configuration
../../openssl/test/recipes/90-test_gmdiff.t ... ok
../../openssl/test/recipes/90-test_ige.t ..

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3

Build log ended with (last 100 lines):

../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. skipped: No TLS/SSL 
protocols are supported by this OpenSSL build
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. skipped: No TLS/SSL 
protocols are supported by this OpenSSL build
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  skipped: 
test_renegotiation needs TLS <= 1.2 enabled
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: 
test_sslcbcpadding needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslcertstatus.t  skipped: 
test_sslcertstatus needs TLS enabled
../../openssl/test/recipes/70-test_sslextension.t . skipped: 
test_sslextension needs TLS enabled
../../openssl/test/recipes/70-test_sslmessages.t .. skipped: 
test_sslmessages needs TLS enabled
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: 
test_sslrecords needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: 
test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: 
test_sslsigalgs needs TLS1.2 or TLS1.3 enabled
../../openssl/test/recipes/70-test_sslsignature.t . skipped: 
test_sslsignature needs TLS enabled
../../openssl/test/recipes/70-test_sslskewith0p.t . skipped: 
test_sslskewith0p needs TLS enabled
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  skipped: 
test_sslextension needs TLS enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . skipped: test_tlsextms 
needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. skipped: No SSL/TLS 
protocol is supported by this OpenSSL build.
../../openssl/test/recipes/80-test_cipherlist.t ... skipped: No SSL/TLS 
protocol is supported by this OpenSSL build.
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok

#   Failed test 'Comparing generated sources.'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 126.
#  got: '1'
# expected: '0'
# Looks like you failed 1 test of 3.

#   Failed test 'Test configuration 05-sni.conf'
#   at ../../openssl/test/recipes/80-test_ssl_new.t line 100.
# Looks like you failed 1 test of 22.

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -fno-sanitize=alignment

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC 
-fno-sanitize=alignment

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-psk

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3

Build log ended with (last 100 lines):

link_dso.linux-shared
make[2]: Entering directory '/home/openssl/run-checker/no-psk'
LD_LIBRARY_PATH=.: clang -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall 
-O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED 
-Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror 
-Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter 
-Wno-parentheses-equality -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPENSSL_USE_NODELETE -Wl,-znodelete 
-m64 -shared -Wl,-Bsymbolic -Wl,
 -soname=capi.so -o engines/capi.so engines/e_capi.o -L. -lcrypto -ldl
make[2]: Leaving directory '/home/openssl/run-checker/no-psk'
clang  -Iinclude -I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H 
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter 
-Wno-parentheses-equality -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
engines/e_dasync
 .d.tmp -MT engines/e_dasync.o -c -o engines/e_dasync.o 
../openssl/engines/e_dasync.c
make -f ../openssl/Makefile.shared -e \
PLATFORM=linux-x86_64-clang \
PERL="/usr/bin/perl" SRCDIR='../openssl' DSTDIR="engines" \
LIBDEPS=' '" -L. -lcrypto"' -ldl ' \
LIBNAME=dasync LDFLAGS='' \
CC='clang' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments  
-DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror -Qunused-arguments -Wextra -Wswitch-default -Wno-unused-parameter 
-Wno-parentheses-equality -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -fPIC -DOPENSSL_USE_NODELETE' \
SHARED_LDFLAGS='-Wl,-znodelete -m64 ' \
SHLIB_EXT=.so \
LIBEXTRAS="engines/e_dasync.o" \
link_dso.linux-shared
make[2]: Entering directory '/home/openssl/run-checker/no-psk'
LD_LIBRARY_PATH=.: clang -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall 
-O0 -g -pthread -m64 -DL_ENDIAN -Wextra -Qunused-arguments -DDEBUG_UNUSED 
-Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec

Commit log since last time:

312e938 Fix a memory leak on an error path
d080866 Ensure we don't call memcpy with a NULL pointer
8336ca1 Update and add test
5528d68 Set specific error is we have no valid signature algorithms set
b0e9ab9 Signature algorithm enhancement.
8f12296 Disallow zero length signature algorithms
224b4e3 Don't allow DSA for TLS 1.3

Build log ended with (last 100 lines):

../../openssl/test/recipes/15-test_dh.t ... ok
../../openssl/test/recipes/15-test_dsa.t .. ok
../../openssl/test/recipes/15-test_ec.t ... ok
../../openssl/test/recipes/15-test_ecdh.t . skipped: ec is not 
supported by this OpenSSL build
../../openssl/test/recipes/15-test_ecdsa.t  skipped: ec is not 
supported by this OpenSSL build
../../openssl/test/recipes/15-test_rsa.t .. ok
../../openssl/test/recipes/20-test_enc.t .. ok
../../openssl/test/recipes/20-test_enc_more.t . ok
../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. skipped: test_sid needs 
EC to run
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_key_share.t  skipped: test_key_share 
needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
# Looks like you planned 16 tests but ran 15.
../../openssl/test/recipes/70-test_sslsigalgs.t ... 
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 1/16 subtests 
(less 14 skipped subtests: 1 okay)
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... skipped: ct and ec are 
not supported by this OpenSSL build
../../openssl/test/recipes/80-test_dane.t . skipped: test_dane uses 
ec which is not supported by this OpenSSL build
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t ..

[openssl-commits] [openssl] master update

2017-03-04 Thread Matt Caswell

The branch master has been updated
   via  ee7002266cbdcfcfe002c94396795c9fb3d5a337 (commit)
   via  cfef5027bf27a74098588e48829f0d058b4b0aea (commit)
  from  6356716ac09d94a0c85fd6e5ad12f088c54d75c0 (commit)


- Log -
commit ee7002266cbdcfcfe002c94396795c9fb3d5a337
Author: Matt Caswell 
Date:   Fri Mar 3 10:28:02 2017 +

Add a test for TLSv1.3 cookies

We just check that if we insert a cookie into an HRR it gets echoed back
in the subsequent ClientHello.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2839)

commit cfef5027bf27a74098588e48829f0d058b4b0aea
Author: Matt Caswell 
Date:   Thu Mar 2 17:37:03 2017 +

Add basic TLSv1.3 cookie support

We do not allow the generation of TLSv1.3 cookies. But if we receive one
in an HRR we will echo it back in the ClientHello.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2839)

---

Summary of changes:
 include/openssl/ssl.h  |  2 +
 include/openssl/tls1.h |  1 +
 ssl/ssl_err.c  |  2 +
 ssl/ssl_lib.c  |  1 +
 ssl/ssl_locl.h |  5 +++
 ssl/statem/extensions.c|  7 
 ssl/statem/extensions_clnt.c   | 43 
 ssl/statem/statem_locl.h   |  4 ++
 test/recipes/70-test_tls13cookie.t | 81 ++
 util/TLSProxy/Message.pm   |  1 +
 10 files changed, 147 insertions(+)
 create mode 100644 test/recipes/70-test_tls13cookie.t

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 64a312c..c569407 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2348,6 +2348,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY489
 # define SSL_F_TLS_CONSTRUCT_CTOS_ALPN466
 # define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355
+# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE  535
 # define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA  530
 # define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS   467
 # define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468
@@ -2408,6 +2409,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_PARSE_CTOS_PSK 505
 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP465
+# define SSL_F_TLS_PARSE_STOC_COOKIE  534
 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528
 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE   445
 # define SSL_F_TLS_PARSE_STOC_PSK 502
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 1054487..280d131 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -181,6 +181,7 @@ extern "C" {
 # define TLSEXT_TYPE_psk 41
 # define TLSEXT_TYPE_early_data  42
 # define TLSEXT_TYPE_supported_versions  43
+# define TLSEXT_TYPE_cookie  44
 # define TLSEXT_TYPE_psk_kex_modes   45
 # define TLSEXT_TYPE_early_data_info 46
 
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 0ace985..ee1ca62 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -304,6 +304,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_ALPN), "tls_construct_ctos_alpn"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE),
  "TLS_CONSTRUCT_CTOS_CERTIFICATE"},
+{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_COOKIE), "tls_construct_ctos_cookie"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA),
  "tls_construct_ctos_early_data"},
 {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS),
@@ -401,6 +402,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
 {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE),
  "tls_parse_ctos_renegotiate"},
 {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
+{ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"},
 {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
  "tls_parse_stoc_early_data_info"},
 {ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fcf4f4d..f0e8639 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1017,6 +1017,7 @@ void SSL_free(SSL *s)
 #endif
 OPENSSL_free(s->ext.ocsp.resp);
 OPENSSL_free(s->ext.alpn);
+OPENSSL_free(s->ext.tls13_cookie);
 OPENSSL_free(s->clienthello);
 
 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6811b4f..f4860ea 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1211,6 +1211,10 @@ struct ssl_st {

[openssl-commits] Passed: openssl/openssl#9225 (master - 6356716)

2017-03-04 Thread Travis CI

Build Update for openssl/openssl
-

Build: #9225
Status: Passed

Duration: 14 minutes and 24 seconds
Commit: 6356716 (master)
Author: Andy Polyakov
Message: appveyor.yml: call upon cmd to redirect stderr.

If stderr is not redirected an uncatchable exception is thrown.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/8b0d4242404f...6356716ac09d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207776533

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9224 (master - 8b0d424)

2017-03-04 Thread Travis CI

Build Update for openssl/openssl
-

Build: #9224
Status: Errored

Duration: 14 minutes and 22 seconds
Commit: 8b0d424 (master)
Author: Andy Polyakov
Message: apps/s_client.c: harden ldap_ExtendedResponse_parse.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/312e9387fdda...8b0d4242404f

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207775758

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2017-03-04 Thread Andy Polyakov

The branch master has been updated
   via  6356716ac09d94a0c85fd6e5ad12f088c54d75c0 (commit)
  from  8b0d4242404f9e5da26e7594fa0864b2df4601af (commit)


- Log -
commit 6356716ac09d94a0c85fd6e5ad12f088c54d75c0
Author: Andy Polyakov 
Date:   Thu Mar 2 14:07:45 2017 +0100

appveyor.yml: call upon cmd to redirect stderr.

If stderr is not redirected an uncatchable exception is thrown.

Reviewed-by: Rich Salz 

---

Summary of changes:
 appveyor.yml | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/appveyor.yml b/appveyor.yml
index 9c896fc..a5d05c6 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -33,7 +33,8 @@ before_build:
 - perl ..\Configure %TARGET% %SHARED%
 - cd ..
 - ps: >-
-if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER -or ( log -2 | 
Select-String "\[extended tests\]") ) {
+if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
+-or ( log -2 | Select-String "\[extended tests\]") ) {
 $env:EXTENDED_TESTS="yes"
 }
 
@@ -41,7 +42,7 @@ build_script:
 - ps: >-
 If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
 cd _build
-
+cmd /c "nmake 2>&1"
 cd ..
 }
 
@@ -50,11 +51,11 @@ test_script:
 If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
 cd _build
 if ($env:EXTENDED_TESTS) {
- test V=1
+cmd /c "nmake test V=1 2>&1"
 mkdir ..\_install
- install install_docs DESTDIR=..\_install
+cmd /c "nmake install install_docs DESTDIR=..\_install 2>&1"
 } Else {
- test V=1 TESTS=-test_fuzz
+cmd /c "nmake test V=1 TESTS=-test_fuzz 2>&1"
 }
 cd ..
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2017-03-04 Thread Andy Polyakov

The branch master has been updated
   via  8b0d4242404f9e5da26e7594fa0864b2df4601af (commit)
  from  312e9387fddacbcef4148bd3ace25c7db89e374e (commit)


- Log -
commit 8b0d4242404f9e5da26e7594fa0864b2df4601af
Author: Andy Polyakov 
Date:   Thu Mar 2 16:56:44 2017 +0100

apps/s_client.c: harden ldap_ExtendedResponse_parse.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/s_client.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/s_client.c b/apps/s_client.c
index b48c306..e180772 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3091,6 +3091,8 @@ static int ldap_ExtendedResponse_parse(const char *buf, 
long rem)
 goto end;
 }
 
+rem = len;  /* ensure that we don't overstep the SEQUENCE */
+
 /* pull MessageID */
 inf = ASN1_get_object(, , , , rem);
 if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER ||
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#9222 (master - 312e938)

2017-03-04 Thread Travis CI

Build Update for openssl/openssl
-

Build: #9222
Status: Errored

Duration: 4 minutes and 57 seconds
Commit: 312e938 (master)
Author: Matt Caswell
Message: Fix a memory leak on an error path

A leak of an SSL_SESSION object can occur when decoding a psk extension on
an error path when using TLSv1.3

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2843)

View the changeset: 
https://github.com/openssl/openssl/compare/d08086645f72...312e9387fdda

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/207706211

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-asm -ansi

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi

Commit log since last time:

0b6b011 Reset executable bits on files where not needed.
bf9ee8a Don't use deprecated EVP_CIPHER_CTX_cleanup() internally

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/asn1/asn1_lib.d.tmp -MT crypto/asn1/asn1_lib.o -c -o 
crypto/asn1/asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/asn1/asn1_par.d.tmp -MT crypto/asn1/asn1_par.o -c -o 
crypto/asn1/asn1_par.o ../openssl/crypto/asn1/asn1_par.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/asn1/asn_mime.d.tmp -MT crypto/asn1/asn_mime.o -c -o 
crypto/asn1/asn_mime.o ../openssl/crypto/asn1/asn_mime.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/asn1/asn_moid.d.tmp -MT crypto/asn1/asn_moid.o -c -o 
crypto/asn1/asn_moid.o ../openssl/crypto/asn1/asn_moid.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Qunused-arguments -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -ansi -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
crypto/asn1/asn_mstbl.d.tmp -MT crypto/asn1/asn_mstbl.o -c -o 
crypto/asn1/asn_mstbl.o ../openssl/crypto/asn1/asn_mstbl.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H

[openssl-commits] [openssl] master update

2017-03-04 Thread Matt Caswell

The branch master has been updated
   via  312e9387fddacbcef4148bd3ace25c7db89e374e (commit)
  from  d08086645f72ab890c6ef996bb513076752431f0 (commit)


- Log -
commit 312e9387fddacbcef4148bd3ace25c7db89e374e
Author: Matt Caswell 
Date:   Sat Mar 4 15:45:40 2017 +

Fix a memory leak on an error path

A leak of an SSL_SESSION object can occur when decoding a psk extension on
an error path when using TLSv1.3

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2843)

---

Summary of changes:
 ssl/statem/extensions_srvr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 83fb713..ab3ad46 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -796,6 +796,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int 
context, X509 *x,
 s->session = sess;
 return 1;
 err:
+SSL_SESSION_free(sess);
 return 0;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm -ansi

Commit log since last time:

dbaa069 use OSSLzu instead of lu format for size_t display
d734582 Reset executable bits on files where not needed.
f2bcff4 Update the cipher(1) documentation to explicitly state that the RSA 
cipher string means the same a kRSA.
332dc4f sh_malloc & sh_free prototype change to match POSIX
42f50fd Silence some more clang warnings
30d1bab Silence some clang warnings
83750d9 More early data documentation updates following feedback
cd9f7f6 Update the API documentation for the latest early data changes
09f2887 Update early data API for writing to unauthenticated clients
0665b4e Rename SSL_write_early() to SSL_write_early_data()
f533fbd Rename SSL_read_early() to SSL_read_early_data()
ef466ac Updates to the early data documentation
ade1e88 Updates to s_server and s_client for the latest early_data API changes
3eaa417 Make SSL_write_early_finish() an internal only function
5f98203 Add early_data tests
f7e393b Various fixes required to allow SSL_write/SSL_read during early data
d7f8783 Enable the server to call SSL_write() without stopping the ability to 
call SSL_read_early()
564547e Enable the client to call SSL_read() without stopping the ability to 
call SSL_write_early()
4004ce5 Introduce a new early_data state in the state machine
bc908c6 Improve the early data sanity check in SSL_do_handshake()
6437b80 Add documentation for the new s_client and s_server early_data options
0a5ece5 Tighten sanity checks when calling early data functions
fd6c102 Add documentation for the early data functions
f5b519c Make SSL_get_early_data_status() take a const
46dcb94 Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a 
const
fcc4757 Add a SSL_SESSION_get_max_early_data() function
7daf715 Don't attempt to write more early_data than we know the server will 
accept
f637004 Only accept early_data if the negotiated ALPN is the same
a832b5e Skip early_data if appropriate after a HelloRetryRequest
38df5a4 Don't accept early_data if we are going to issue a HelloRetryRequest
538bea6 Add extra validation parsing the server-to-client early_data extension
329114f Remove some TLSv1.3 TODOs that are no longer relevant
2c604cb Validate the ticket age for resumed sessions
6746648 Ensure the max_early_data option to s_server can be 0
bfa9a9a Provide a default value for max_early_data
70ef40a Check max_early_data against the amount of early data we actually 
receive
67f78ea Make sure we reset the read sequence when skipping records
1010936 Disallow handshake messages in the middle of early_data
c117af6 Fix seg fault when sending early_data using CCM ciphersuites
576eb39 Get s_client to report on whether early data was accepted or not
b2cc7f3 Implement client side parsing of the early_data extension
e065518 Add a "-early_data" option to s_server
fe5e20f Fix changing of the cipher state when dealing with early data
1ea4d09 Construct the server side early_data extension
d781d24 Provide an SSL_read_early() function for reading early data
6cb4226 Change the cipher state when sending early data
d49e23e Implement the early data changes required in tls13_change_cipher_state()
923ac82 Add an option to s_client to send early_data
0a87d0a Parse the early_data extension
a4f376a Construct the early_data extension
49e7fe1 Provide functions to write early data
5d5b3fb Parse the ticket_early_data_info extension
29fac54 Teach SSL_trace() about the early_data_info extension
048b189 Add a -max_early_data option to s_server
3fc8d85 Construct the ticket_early_data_info extension
73fb82b Remove ref to err(7), update copyright.
51f5930 -precert doesn't work when configured no-ct, don't try to test it then
a4c5f85 Fix the skip numbers in 80-test_ca.t
b661175 Use the built in boolean type for CompressionExpected
439db0c Add compression tests
f33f9dd Fix a compression bug
c19602b Ensure that we never select compression in TLSv1.3
398b0bb Add LDAP support (RFC 4511) to s_client ("-starttls ldap")
8cfc21f Configurations/10-main.conf: omit redundant -lresolv from Solaris 
configs.
3e49ee2 bio/b_addr.c: omit private hstrerror.
ea750b5 aes/aes_x86core.c: clarify reference implementation status.
5908555 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.
36907ea CHANGES: mention CFI annotations.
eac5414 bn/asm: clean up unused PA-RISC modules.
604c853 des/des_locl.h: clean up unused/irrelevant macros.
a3004c8 Check for zero records and return immediately
fd74aba appveyor.yml: streamline pull requests.
2844308 Configurations/50-masm.conf: add /nologo to ml64 command line.
45632ee Add NOTES.UNIX, with a description on how to deal with runpaths

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -DDSO_DLFCN -DHAVE_DLFCN_H

[openssl-commits] SUCCESSFUL build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-deprecated

2017-03-04 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux test 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-deprecated

Commit log since last time:

0b6b011 Reset executable bits on files where not needed.
bf9ee8a Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1-method

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -fno-sanitize=alignment

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec

[openssl-commits] [openssl] master update

[openssl-commits] Passed: openssl/openssl#9225 (master - 6356716)

[openssl-commits] Errored: openssl/openssl#9224 (master - 8b0d424)

[openssl-commits] [openssl] master update

[openssl-commits] [openssl] master update

[openssl-commits] Errored: openssl/openssl#9222 (master - 312e938)

[openssl-commits] Still FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-asm -ansi

[openssl-commits] [openssl] master update

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm -ansi

[openssl-commits] SUCCESSFUL build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-deprecated

17 matches

Site Navigation

Mail list logo

Footer information