[openssl-commits] Build failed in Jenkins: master_aarch64 #234

[osslsanity]

See 


Changes:

[matt] extending afalg with aes-cbc-192/256, afalgtest.c also updated

[matt] fix  --strict-warnings

[matt] make get_cipher_handle static

[matt] putting the missing static

[levitte] Remove unicode characters from source

[levitte] Fix some issues in apps/req

[levitte] Leave a message in doc to indicate 0 is not acceptable

[appro] crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X.

[appro] chacha/asm/chacha-x86_64.pl: add AVX512VL code path.

[kaduk] Fix no-ec

[bernd.edlinger] Add missing range checks on number of multi primes in 
rsa_ossl_mod_exp

[levitte] In OPENSSL_init_ssl(), run the base ssl init before

[levitte] In apps_startup(), call OPENSSL_init_ssl() rather than

[kaduk] Fix coverity-reported errors in ocspapitest

[kaduk] Fix coverity nit in handshake_helper.c

[kaduk] Wrap more of ocspapitest.c in OPENSSL_NO_OCSP

[kaduk] Fix test_tls13messages with no-ocsp

[rsalz] Fix an incoherent test.

[rsalz] Address some code-analysis issues.

[matt] Update ssl3_get_record() to use SSLfatal()

[matt] Convert ssl3_read_bytes() to use SSLfatal()

[matt] More record layer conversions to use SSLfatal()

[matt] Convert dlts1_write_bytes() to use SSLfatal()

[matt] Convert the remaining functions in the record layer to use SSLfatal()

[rsalz] Correct minor typo in ssl_locl.h comment

--
Started by upstream project "1_0_2_basic" build number 239
originally caused by:
 Started by timer
Building in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git fetch --tags --progress https://github.com/openssl/openssl.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 6aff543b9bf14bdac7f5385a9e56b8785b30f6d8 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 6aff543b9bf14bdac7f5385a9e56b8785b30f6d8
 > git rev-list cbe2964821bb063f61ed2544cfce196ec1c0d62b # timeout=10
[master_aarch64] $ /bin/sh -xe /tmp/jenkins7097924918322872216.sh
+ export 
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/usr/local/buildroot-2017.02/output/host/usr/bin/
+ export CROSS_COMPILE=aarch64-linux-
+ ./Configure linux-aarch64
Using implicit seed configuration
Configuring OpenSSL version 1.1.1-dev (0x10101000L)
for linux-aarch64
no-aria [default]  OPENSSL_NO_ARIA (skip dir)
no-asan [default]  OPENSSL_NO_ASAN
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG
no-crypto-mdebug-backtrace [default]  OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
no-devcryptoeng [default]  OPENSSL_NO_DEVCRYPTOENG
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128
no-egd  [default]  OPENSSL_NO_EGD
no-external-tests [default]  OPENSSL_NO_EXTERNAL_TESTS
no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL
no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-msan [default]  OPENSSL_NO_MSAN
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE
no-ssl3 [default]  OPENSSL_NO_SSL3
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD
no-tls13downgrade [default]  OPENSSL_NO_TLS13DOWNGRADE
no-tls1_3   [default]  OPENSSL_NO_TLS1_3
no-ubsan[default]  OPENSSL_NO_UBSAN
no-unit-test[default]  OPENSSL_NO_UNIT_TEST
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS
no-zlib [default] 
no-zlib-dynamic [default] 

PERL  =/usr/bin/perl
PERLVERSION   =5.18.2 for x86_64-linux-gnu-thread-multi
HASHBANGPERL  =/usr/bin/env perl
CC=aarch64-linux-gcc
CFLAG =-Wall -O3 -pthread 
CXX   =aarch64-linux-g++
CXXFLAG   =-Wall -O3 -pthread 
DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT SHA1_ASM SHA256_ASM 
SHA512_ASM VPAES_ASM ECP_NISTZ256_ASM POLY1305_ASM
EX_LIBS   =-ldl 
+ make depend
+ make clean
rm -f libcrypto.so.1.1
rm -f libcrypto.so
rm -f libssl.so.1.1
rm -f libssl.so
rm -f
rm -f libcrypto.a libssl.a test/libtestutil.a
rm -f *.map
rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test 
fuzz/bndiv-test fuzz/client-test fuzz/cms-test fuzz/conf-test fuzz/crl-test 
fuzz/ct-test fuzz/server-

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  a836f9fa951e33a5186e2421413de0b50ed2233a (commit)
  from  62f494408dc87a264ecb8e94b59dde42d52dfefd (commit)


- Log -
commit a836f9fa951e33a5186e2421413de0b50ed2233a
Author: Rich Salz 
Date:   Fri Dec 8 15:17:12 2017 -0500

Standardize syntax of sizeof(foo)

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/4876)

---

Summary of changes:
 apps/app_rand.c   |   4 +-
 apps/apps.c   |  48 -
 apps/ciphers.c|   2 +-
 apps/dhparam.c|   4 +-
 apps/dsaparam.c   |   6 +--
 apps/ecparam.c|  12 ++---
 apps/enc.c|  22 
 apps/errstr.c |   2 +-
 apps/ocsp.c   |   4 +-
 apps/openssl.c|   2 +-
 apps/opt.c|  18 +++
 apps/passwd.c |  20 +++
 apps/pkcs12.c |  10 ++--
 apps/pkcs8.c  |   4 +-
 apps/rand.c   |   2 +-
 apps/req.c|  36 ++---
 apps/s_client.c   |   8 +--
 apps/s_server.c   |  10 ++--
 apps/s_time.c |   6 +--
 apps/speed.c  |  10 ++--
 apps/vms_term_sock.c  |  12 ++---
 apps/x509.c   |   4 +-
 crypto/asn1/a_mbstr.c |   4 +-
 crypto/asn1/a_object.c|   4 +-
 crypto/asn1/a_strex.c |   8 +--
 crypto/asn1/asn1_par.c|   8 +--
 crypto/asn1/tasn_prn.c|   2 +-
 crypto/async/async.c  |   6 +--
 crypto/async/async_wait.c |   2 +-
 crypto/bio/b_addr.c   |   2 +-
 crypto/bio/b_dump.c   |  24 -
 crypto/bio/b_print.c  |   4 +-
 crypto/bio/bio_cb.c   |   2 +-
 crypto/bio/bss_file.c |  10 ++--
 crypto/bn/bn_print.c  |   4 +-
 crypto/conf/conf_def.c|   2 +-
 crypto/conf/conf_mod.c|   2 +-
 crypto/des/ecb_enc.c  |   2 +-
 crypto/des/fcrypt.c   |   2 +-
 crypto/des/set_key.c  |   2 +-
 crypto/ec/ec_mult.c   |  12 ++---
 crypto/ec/ecp_nistp224.c  |   6 +--
 crypto/ec/ecp_nistp256.c  |   6 +--
 crypto/ec/ecp_nistp521.c  |   6 +--
 crypto/ec/ecp_smpl.c  |   2 +-
 crypto/err/err_prn.c  |   2 +-
 crypto/evp/evp_enc.c  |   6 +--
 crypto/evp/evp_pbe.c  |   4 +-
 crypto/evp/p5_crpt2.c |   2 +-
 crypto/init.c |   2 +-
 crypto/mem_dbg.c  |   8 +--
 crypto/mem_sec.c  |   6 +--
 crypto/objects/obj_dat.c  |   2 +-
 crypto/pem/pem_info.c |   2 +-
 crypto/pem/pem_lib.c  |   2 +-
 crypto/rand/md_rand.c |  10 ++--
 crypto/rand/rand_egd.c|   2 +-
 crypto/rand/rand_unix.c   |  10 ++--
 crypto/rsa/rsa_pss.c  |   4 +-
 crypto/x509/t_x509.c  |   4 +-
 crypto/x509v3/v3_alt.c|   4 +-
 crypto/x509v3/v3_info.c   |   2 +-
 ssl/record/rec_layer_d1.c |   4 +-
 ssl/record/rec_layer_s3.c |   8 +--
 ssl/s3_lib.c  |   2 +-
 ssl/ssl_cert.c|   6 +--
 ssl/ssl_lib.c |   6 +--
 ssl/ssl_sess.c|   6 +--
 ssl/statem/statem_clnt.c  |   2 +-
 test/bftest.c |   2 +-
 test/bntest.c |   2 +-
 test/d2i_test.c   |   2 +-
 test/dhtest.c |   2 +-
 test/dsatest.c|   2 +-
 test/ectest.c |  14 ++---
 test/exptest.c|   8 +--
 test/igetest.c| 134 +++---
 test/rsa_test.c   |   2 +-
 test/sanitytest.c |   2 +-
 test/ssltest_old.c|  24 -
 80 files changed, 335 insertions(+), 333 deletions(-)

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 0d44af9..ff0771c 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -20,7 +20,7 @@ int app_RAND_load_file(const char *file, int dont_warn)
 char buffer[200];
 
 if (file == NULL)
-file = RAND_file_name(buffer, sizeof buffer);
+file = RAND_file_name(buffer, sizeof(buffer));
 #ifndef OPENSSL_NO_EGD
 else if (RAND_egd(file) > 0) {
 /*
@@ -101,7 +101,7 @@ int app_RAND_write_file(const char *file)
 return 0;
 
 if (file == NULL)
-file = RAND_file_name(buffer, sizeof buffer);
+file = RAND_file_name(buffer, sizeof(buffer));
 if (file == NULL || !RAND_write_file(file)) {
 BIO_printf(bio_err, "unable to write 'random state'\n");
 return 0;
diff --git a/apps/apps.c b/apps/apps.c
index d93b83b..8703d0c 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1388,9 +1388,9 @@ int save_serial(const char *serialfile, const char 
*suffix, const BIGNUM *serial
 OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
 else {
 #ifndef OPENSSL_SYS_VMS
-j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
 #else
-j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+j = B

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  6aff543b9bf14bdac7f5385a9e56b8785b30f6d8 (commit)
  from  921d84a0ad2e70ad91b6e1b06573e97162387f8a (commit)


- Log -
commit 6aff543b9bf14bdac7f5385a9e56b8785b30f6d8
Author: Daniel Bevenius 
Date:   Fri Dec 8 14:13:30 2017 +0100

Correct minor typo in ssl_locl.h comment

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4880)

---

Summary of changes:
 ssl/ssl_locl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c812eef..952a8f9 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -733,7 +733,7 @@ struct ssl_ctx_st {
 /*
  * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
  * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
- * means only SSL_accept which cache SSL_SESSIONS.
+ * means only SSL_accept will cache SSL_SESSIONS.
  */
 uint32_t session_cache_mode;
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  62f494408dc87a264ecb8e94b59dde42d52dfefd (commit)
  from  6ebcdb354ebcc6a54fb49d4eff8d20f114e43313 (commit)


- Log -
commit 62f494408dc87a264ecb8e94b59dde42d52dfefd
Author: Daniel Bevenius 
Date:   Fri Dec 8 14:13:30 2017 +0100

Correct minor typo in ssl_locl.h comment

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4880)

(cherry picked from commit 6aff543b9bf14bdac7f5385a9e56b8785b30f6d8)

---

Summary of changes:
 ssl/ssl_locl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index de4a520..d86bd7e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -616,7 +616,7 @@ struct ssl_ctx_st {
 /*
  * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
  * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
- * means only SSL_accept which cache SSL_SESSIONS.
+ * means only SSL_accept will cache SSL_SESSIONS.
  */
 uint32_t session_cache_mode;
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-tls1_3

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-tls1_3

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  ok
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/7 subtests 
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. ok
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade not run in pre TLSv1.3 RFC implementation
../../openssl/test/recipes/70-test_tls13hrr.t . ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  ok
../../openssl/test/recipes/70-test_tls13messages.t  ok
../../openssl/test/recipes/70-test_tls13psk.t . ok
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_asn1_time.t  ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/tes

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  921d84a0ad2e70ad91b6e1b06573e97162387f8a (commit)
   via  5591a6132ea210b89813d18a852ec2f28b5e2486 (commit)
   via  c28533829395183eec027969c0c8d28574f2a3cc (commit)
   via  99dd374055e9179eea082d4c37fd19ed8814fb22 (commit)
   via  196f2cbb789333ee1ac1a1ec0de654c8bef4eb59 (commit)
  from  a0fda2cf2dac8bc0d309261b3aaf4027a188b08c (commit)


- Log -
commit 921d84a0ad2e70ad91b6e1b06573e97162387f8a
Author: Matt Caswell 
Date:   Mon Dec 4 16:54:59 2017 +

Convert the remaining functions in the record layer to use SSLfatal()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4841)

commit 5591a6132ea210b89813d18a852ec2f28b5e2486
Author: Matt Caswell 
Date:   Mon Dec 4 16:21:53 2017 +

Convert dlts1_write_bytes() to use SSLfatal()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4841)

commit c28533829395183eec027969c0c8d28574f2a3cc
Author: Matt Caswell 
Date:   Mon Dec 4 16:16:37 2017 +

More record layer conversions to use SSLfatal()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4841)

commit 99dd374055e9179eea082d4c37fd19ed8814fb22
Author: Matt Caswell 
Date:   Mon Dec 4 14:47:04 2017 +

Convert ssl3_read_bytes() to use SSLfatal()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4841)

commit 196f2cbb789333ee1ac1a1ec0de654c8bef4eb59
Author: Matt Caswell 
Date:   Mon Dec 4 14:28:35 2017 +

Update ssl3_get_record() to use SSLfatal()

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4841)

---

Summary of changes:
 crypto/err/openssl.txt |   2 +
 include/openssl/sslerr.h   |   2 +
 ssl/d1_lib.c   |   8 +-
 ssl/record/rec_layer_d1.c  | 156 +---
 ssl/record/rec_layer_s3.c  | 252 --
 ssl/record/record_locl.h   |   2 +-
 ssl/record/ssl3_buffer.c   |  27 ++-
 ssl/record/ssl3_record.c   | 393 +++--
 ssl/record/ssl3_record_tls13.c |  29 ++-
 ssl/ssl_err.c  |   2 +
 ssl/statem/statem_dtls.c   |   2 +-
 11 files changed, 522 insertions(+), 353 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 932fc46..308abae 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1043,6 +1043,7 @@ SSL_F_SSL3_CTRL:213:ssl3_ctrl
 SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
 SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
 SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
+SSL_F_SSL3_ENC:608:ssl3_enc
 SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
 SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
 SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
@@ -1197,6 +1198,7 @@ SSL_F_STATE_MACHINE:353:state_machine
 SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
 SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
 SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_ENC:609:tls13_enc
 SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac
 SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
 SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index ef6b9dd..b54459b 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -97,6 +97,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_SSL3_CTX_CTRL  133
 # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
+# define SSL_F_SSL3_ENC   608
 # define SSL_F_SSL3_FINAL_FINISH_MAC  285
 # define SSL_F_SSL3_FINISH_MAC587
 # define SSL_F_SSL3_GENERATE_KEY_BLOCK238
@@ -249,6 +250,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS12_CHECK_PEER_SIGALG333
 # define SSL_F_TLS12_COPY_SIGALGS 533
 # define SSL_F_TLS13_CHANGE_CIPHER_STATE  440
+# define SSL_F_TLS13_ENC  609
 # define SSL_F_TLS13_FINAL_FINISH_MAC 605
 # define SSL_F_TLS13_GENERATE_SECRET  591
 # define SSL_F_TLS13_HKDF_EXPAND  561
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 7f0fea5..f808512 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -378,7 +378,8 @@ int dtls1_check_timeout_num(SSL *s)
 
 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
 /* fail the connection, enough alerts have been sent */
-SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHE

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-siphash

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-siphash

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/2 subtests 
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-te

[openssl-commits] FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings enable-ssl-trace

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ssl-trace

Commit log since last time:

64b5b5b Fix the buffer sizing in the fatalerrtest
4749aba Update CHANGES and NEWS for the new release
b9ddcd7 Add a test for CVE-2017-3737
e502cc8 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/05-test_idea.t . ok
../../openssl/test/recipes/05-test_md2.t .. skipped: md2 is not 
supported by this OpenSSL build
../../openssl/test/recipes/05-test_md4.t .. ok
../../openssl/test/recipes/05-test_md5.t .. ok
../../openssl/test/recipes/05-test_mdc2.t . ok
../../openssl/test/recipes/05-test_rand.t . ok
../../openssl/test/recipes/05-test_rc2.t .. ok
../../openssl/test/recipes/05-test_rc4.t .. ok
../../openssl/test/recipes/05-test_rc5.t .. skipped: rc5 is not 
supported by this OpenSSL build
../../openssl/test/recipes/05-test_rmd.t .. ok
../../openssl/test/recipes/05-test_sha1.t . ok
../../openssl/test/recipes/05-test_sha256.t ... ok
../../openssl/test/recipes/05-test_sha512.t ... ok
../../openssl/test/recipes/05-test_wp.t ... ok
../../openssl/test/recipes/10-test_bn.t ... ok
../../openssl/test/recipes/10-test_exp.t .. ok
../../openssl/test/recipes/15-test_dh.t ... ok
../../openssl/test/recipes/15-test_dsa.t .. ok
../../openssl/test/recipes/15-test_ec.t ... ok
../../openssl/test/recipes/15-test_ecdsa.t  ok
../../openssl/test/recipes/15-test_genrsa.t ... ok
../../openssl/test/recipes/15-test_rsa.t .. ok
../../openssl/test/recipes/15-test_rsapss.t ... ok
../../openssl/test/recipes/20-test_enc.t .. ok
../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. 
Dubious, test returned 4 (wstat 1024, 0x400)
Failed 4/5 subtests 
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_sslskewith0p.t . skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_sslvertol.t  skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_tlsextms.t . skipped: Unable to 
start up Proxy for tests
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  a1daedd88445397a4aebf22ba63e92c3f1977870 (commit)
  from  e167fd05b8b781bf04fcd462c0d28fae386116fe (commit)


- Log -
commit a1daedd88445397a4aebf22ba63e92c3f1977870
Author: FdaSilvaYY 
Date:   Fri Dec 8 10:25:38 2017 -0500

Fix an incoherent test.

Pointer 'o' is set inside a local buffer, so it can't be NULL.
Also fix coding style and add comments

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4754)
(cherry picked from commit cef115ff0ca4255d3decc1dda87c5418a961fd2c)

---

Summary of changes:
 crypto/objects/obj_dat.c | 21 ++---
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index aca382a..8dae9e8 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -725,6 +725,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void 
*base_, int num,
 return (p);
 }
 
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:
+ */
 int OBJ_create_objects(BIO *in)
 {
 MS_STATIC char buf[512];
@@ -746,9 +750,9 @@ int OBJ_create_objects(BIO *in)
 *(s++) = '\0';
 while (isspace((unsigned char)*s))
 s++;
-if (*s == '\0')
+if (*s == '\0') {
 s = NULL;
-else {
+} else {
 l = s;
 while ((*l != '\0') && !isspace((unsigned char)*l))
 l++;
@@ -756,15 +760,18 @@ int OBJ_create_objects(BIO *in)
 *(l++) = '\0';
 while (isspace((unsigned char)*l))
 l++;
-if (*l == '\0')
+if (*l == '\0') {
 l = NULL;
-} else
+}
+} else {
 l = NULL;
+}
 }
-} else
+} else {
 s = NULL;
-if ((o == NULL) || (*o == '\0'))
-return (num);
+}
+if (*o == '\0')
+return num;
 if (!OBJ_create(o, s, l))
 return (num);
 num++;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  6ebcdb354ebcc6a54fb49d4eff8d20f114e43313 (commit)
  from  ea4e868a3c6872f4944dd5469518f8b10ee3432c (commit)


- Log -
commit 6ebcdb354ebcc6a54fb49d4eff8d20f114e43313
Author: FdaSilvaYY 
Date:   Fri Dec 8 10:25:38 2017 -0500

Fix an incoherent test.

Pointer 'o' is set inside a local buffer, so it can't be NULL.
Also fix coding style and add comments

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4754)
(cherry picked from commit cef115ff0ca4255d3decc1dda87c5418a961fd2c)

---

Summary of changes:
 crypto/objects/obj_dat.c | 21 ++---
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index fd833be..eb9c470 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -632,6 +632,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void 
*base_, int num,
 return (p);
 }
 
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:
+ */
 int OBJ_create_objects(BIO *in)
 {
 char buf[512];
@@ -653,9 +657,9 @@ int OBJ_create_objects(BIO *in)
 *(s++) = '\0';
 while (isspace((unsigned char)*s))
 s++;
-if (*s == '\0')
+if (*s == '\0') {
 s = NULL;
-else {
+} else {
 l = s;
 while ((*l != '\0') && !isspace((unsigned char)*l))
 l++;
@@ -663,15 +667,18 @@ int OBJ_create_objects(BIO *in)
 *(l++) = '\0';
 while (isspace((unsigned char)*l))
 l++;
-if (*l == '\0')
+if (*l == '\0') {
 l = NULL;
-} else
+}
+} else {
 l = NULL;
+}
 }
-} else
+} else {
 s = NULL;
-if ((o == NULL) || (*o == '\0'))
-return (num);
+}
+if (*o == '\0')
+return num;
 if (!OBJ_create(o, s, l))
 return (num);
 num++;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . skipped: 
test_comp needs TLSv1.3 or TLSv1.2 enabled
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: 
test_sslcbcpadding needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: 
test_sslrecords needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: 
test_sslsigalgs needs TLS1.2 or TLS1.3 enabled
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/25 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  a0fda2cf2dac8bc0d309261b3aaf4027a188b08c (commit)
  from  cef115ff0ca4255d3decc1dda87c5418a961fd2c (commit)


- Log -
commit a0fda2cf2dac8bc0d309261b3aaf4027a188b08c
Author: FdaSilvaYY 
Date:   Fri Dec 8 10:49:41 2017 -0500

Address some code-analysis issues.

Expression '...' is always true.
The 'b->init' variable is assigned values twice successively

Reviewed-by: Kurt Roeckx 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4753)

---

Summary of changes:
 crypto/asn1/x_algor.c  | 11 ++-
 crypto/bio/bss_acpt.c  |  1 -
 crypto/bio/bss_mem.c   | 28 
 crypto/ec/ec2_smpl.c   | 10 --
 crypto/err/err.c   |  8 +++-
 crypto/store/loader_file.c |  4 ++--
 6 files changed, 27 insertions(+), 35 deletions(-)

diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 72378db..853d45b 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -28,18 +28,19 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
-if (!alg)
+if (alg == NULL)
 return 0;
+
 if (ptype != V_ASN1_UNDEF) {
 if (alg->parameter == NULL)
 alg->parameter = ASN1_TYPE_new();
 if (alg->parameter == NULL)
 return 0;
 }
-if (alg) {
-ASN1_OBJECT_free(alg->algorithm);
-alg->algorithm = aobj;
-}
+
+ASN1_OBJECT_free(alg->algorithm);
+alg->algorithm = aobj;
+
 if (ptype == 0)
 return 1;
 if (ptype == V_ASN1_UNDEF) {
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index f795b89..e49c7ce 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -450,7 +450,6 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
 break;
 case BIO_C_SET_FD:
-b->init = 1;
 b->num = *((int *)ptr);
 data->accept_sock = b->num;
 data->state = ACPT_S_ACCEPT;
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 6214725..a50d416 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -147,23 +147,19 @@ static int mem_buf_free(BIO *a, int free_all)
 {
 if (a == NULL)
 return 0;
-if (a->shutdown) {
-if ((a->init) && (a->ptr != NULL)) {
-BUF_MEM *b;
-BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
-
-if (bb != NULL) {
-b = bb->buf;
-if (a->flags & BIO_FLAGS_MEM_RDONLY)
-b->data = NULL;
-BUF_MEM_free(b);
-if (free_all) {
-OPENSSL_free(bb->readp);
-OPENSSL_free(bb);
-}
-}
-a->ptr = NULL;
+
+if (a->shutdown && a->init && a->ptr != NULL) {
+BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+BUF_MEM *b = bb->buf;
+
+if (a->flags & BIO_FLAGS_MEM_RDONLY)
+b->data = NULL;
+BUF_MEM_free(b);
+if (free_all) {
+OPENSSL_free(bb->readp);
+OPENSSL_free(bb);
 }
+a->ptr = NULL;
 }
 return 1;
 }
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 08e4592..6bd5f9d 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -603,9 +603,9 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const 
EC_POINT *point,
 if (!BN_GF2m_add(lh, lh, y2))
 goto err;
 ret = BN_is_zero(lh);
+
  err:
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(new_ctx);
 return ret;
 }
@@ -656,8 +656,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const 
EC_POINT *a,
 ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
 
  err:
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(new_ctx);
 return ret;
 }
@@ -698,8 +697,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, 
EC_POINT *point,
 ret = 1;
 
  err:
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(new_ctx);
 return ret;
 }
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 75dc715..bd9e062 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -502,15 +502,13 @@ static unsigned long get_error_values(int inc, int top, 
const char **file,
 es->err_buffer[i] = 0;
 }
 
-if ((file != NULL) && (line != NULL)) {
+if (file != NULL && line != NULL) {
 if (es->err_file[i] == NULL) {
 *file = "NA";
-if (line != NULL)
-*line = 0;
+*line = 0;
 } else {
 *file = es->err_file[i];
-if (line != NULL)
-*line = es->err_line[i];
+*line = es-

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/25 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipe

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  cef115ff0ca4255d3decc1dda87c5418a961fd2c (commit)
  from  5f21b440681db5aecf29fbd930d1d8c912fc99b4 (commit)


- Log -
commit cef115ff0ca4255d3decc1dda87c5418a961fd2c
Author: FdaSilvaYY 
Date:   Fri Dec 8 10:25:38 2017 -0500

Fix an incoherent test.

Pointer 'o' is set inside a local buffer, so it can't be NULL.
Also fix coding style and add comments

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4754)

---

Summary of changes:
 crypto/objects/obj_dat.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 3f65d37..06a3fb3 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -632,6 +632,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void 
*base_, int num,
 return p;
 }
 
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:
+ */
 int OBJ_create_objects(BIO *in)
 {
 char buf[512];
@@ -653,9 +657,9 @@ int OBJ_create_objects(BIO *in)
 *(s++) = '\0';
 while (ossl_isspace(*s))
 s++;
-if (*s == '\0')
+if (*s == '\0') {
 s = NULL;
-else {
+} else {
 l = s;
 while (*l != '\0' && !ossl_isspace(*l))
 l++;
@@ -663,14 +667,17 @@ int OBJ_create_objects(BIO *in)
 *(l++) = '\0';
 while (ossl_isspace(*l))
 l++;
-if (*l == '\0')
+if (*l == '\0') {
 l = NULL;
-} else
+}
+} else {
 l = NULL;
+}
 }
-} else
+} else {
 s = NULL;
-if ((o == NULL) || (*o == '\0'))
+}
+if (*o == '\0')
 return num;
 if (!OBJ_create(o, s, l))
 return num;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Jenkins build is back to normal : master_noec #307

[osslsanity]

See 


_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . skipped: 
test_comp needs TLSv1.3 or TLSv1.2 enabled
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: 
test_sslcbcpadding needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: 
test_sslrecords needs TLSv1.2 enabled
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: 
test_sslsigalgs needs TLS1.2 or TLS1.3 enabled
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/25 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_s

[openssl-commits] [openssl] master update

[kaduk]

The branch master has been updated
   via  5f21b440681db5aecf29fbd930d1d8c912fc99b4 (commit)
   via  cb091295a9ff16f4de1a8b00be444d40ac068d04 (commit)
   via  88e09fe79b909fbfe266e87a2731f96c197726fb (commit)
   via  b6306d8049b04dca7fa738a86c892c43ba6a5fc4 (commit)
  from  0488c0bbbe87eee3a800797b91350c653e9f1711 (commit)


- Log -
commit 5f21b440681db5aecf29fbd930d1d8c912fc99b4
Author: Benjamin Kaduk 
Date:   Thu Dec 7 16:45:47 2017 -0600

Fix test_tls13messages with no-ocsp

s_client -status is not available in this configuration.

While here, remove an outdated TODO(TLS1.3) comment.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4873)

commit cb091295a9ff16f4de1a8b00be444d40ac068d04
Author: Benjamin Kaduk 
Date:   Thu Dec 7 16:37:54 2017 -0600

Wrap more of ocspapitest.c in OPENSSL_NO_OCSP

make_dummy_resp() uses OCSP types, and get_cert_and_key() is unused
once make_dummy_resp() is compiled out, so neither can be included
in the build when OCSP is disabled and strict warnings are active.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4873)

commit 88e09fe79b909fbfe266e87a2731f96c197726fb
Author: Benjamin Kaduk 
Date:   Thu Dec 7 14:23:35 2017 -0600

Fix coverity nit in handshake_helper.c

There's no reason to wrap this call in TEST_true() if we're not
checking the return value of TEST_true() -- all of the surrounding
similar calls do not have the macro wrapping them.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4873)

commit b6306d8049b04dca7fa738a86c892c43ba6a5fc4
Author: Benjamin Kaduk 
Date:   Thu Dec 7 14:14:47 2017 -0600

Fix coverity-reported errors in ocspapitest

Avoid memory leaks in error paths, and correctly apply
parentheses to function calls in a long if-chain.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4873)

---

Summary of changes:
 test/handshake_helper.c  |  4 +--
 test/ocspapitest.c   | 36 -
 test/recipes/70-test_tls13messages.t | 61 ++--
 3 files changed, 55 insertions(+), 46 deletions(-)

diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 78eaa01..0add973 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -497,8 +497,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, 
SSL_CTX *server2_ctx,
 case TLSEXT_max_fragment_length_2048:
 case TLSEXT_max_fragment_length_4096:
 case TLSEXT_max_fragment_length_DISABLED:
-TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
-client_ctx, extra->client.max_fragment_len_mode));
+SSL_CTX_set_tlsext_max_fragment_length(
+  client_ctx, extra->client.max_fragment_len_mode);
 break;
 }
 
diff --git a/test/ocspapitest.c b/test/ocspapitest.c
index e76f7243..43b03e3 100644
--- a/test/ocspapitest.c
+++ b/test/ocspapitest.c
@@ -21,6 +21,7 @@
 static const char *certstr;
 static const char *privkeystr;
 
+#ifndef OPENSSL_NO_OCSP
 static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
 {
 BIO *certbio, *keybio;
@@ -51,7 +52,8 @@ static OCSP_BASICRESP *make_dummy_resp(void)
 const unsigned char namestr[] = "openssl.example.com";
 unsigned char keybytes[128] = {7};
 OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
-OCSP_CERTID *cid;
+OCSP_BASICRESP *bs_out = NULL;
+OCSP_CERTID *cid = NULL;
 ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
 ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
 X509_NAME *name = X509_NAME_new();
@@ -60,9 +62,9 @@ static OCSP_BASICRESP *make_dummy_resp(void)
 
 if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
namestr, -1, -1, 1)
-|| !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)
-|| !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
-return NULL;
+|| !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))
+|| !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))
+goto err;
 cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
 if (!TEST_ptr(bs)
 || !TEST_ptr(thisupd)
@@ -71,23 +73,27 @@ static OCSP_BASICRESP *make_dummy_resp(void)
 || !TEST_true(OCSP_basic_add1_status(bs, cid,
  V_OCSP_CERTSTATUS_UNKNOWN,
  0, NULL, thisupd, nextupd)))
-return NULL;
+goto err;
+bs_out = bs;
+bs = NULL;
+ err:
 ASN1_TIME_free(thisupd);
 ASN1_TIME_free(nextupd);
 ASN1_BIT_STRING_free(key);
 ASN1_INTEGER_free(serial);
 OCSP_CERTID_f

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_1

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/25 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-te

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  ea4e868a3c6872f4944dd5469518f8b10ee3432c (commit)
   via  ad74ff046bea5b1f77ff7425598802b91924652d (commit)
  from  fae00c9321e9d843355b37358a12756634e267e6 (commit)


- Log -
commit ea4e868a3c6872f4944dd5469518f8b10ee3432c
Author: Richard Levitte 
Date:   Sat Nov 25 12:08:47 2017 +0100

In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()

Otherwise, any command that relies on ssl modules may fail, because
SSL_add_ssl_module() will be called after the config file has already
been loaded.

Fixes #4788

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4792)

(cherry picked from commit 0488c0bbbe87eee3a800797b91350c653e9f1711)

commit ad74ff046bea5b1f77ff7425598802b91924652d
Author: Richard Levitte 
Date:   Sat Nov 25 12:02:58 2017 +0100

In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()

IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms).  Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called.  The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.

Fixes #4788

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4792)

(cherry picked from commit 0a90a6831e02e00d9043ada635421cfd3da5ffe2)

---

Summary of changes:
 apps/openssl.c | 4 ++--
 ssl/ssl_init.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/openssl.c b/apps/openssl.c
index b99bfa8..6e7b02c 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -69,8 +69,8 @@ static int apps_startup()
 #endif
 
 /* Set non-default library initialisation settings */
-if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_LOAD_CONFIG, NULL))
+if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+  | OPENSSL_INIT_LOAD_CONFIG, NULL))
 return 0;
 
 #ifndef OPENSSL_NO_UI
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index b286a98..3e62d48 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -191,11 +191,11 @@ int OPENSSL_init_ssl(uint64_t opts, const 
OPENSSL_INIT_SETTINGS * settings)
 return 0;
 }
 
-if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
- | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
 return 0;
 
-if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
 return 0;
 
 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  0488c0bbbe87eee3a800797b91350c653e9f1711 (commit)
   via  0a90a6831e02e00d9043ada635421cfd3da5ffe2 (commit)
  from  a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8 (commit)


- Log -
commit 0488c0bbbe87eee3a800797b91350c653e9f1711
Author: Richard Levitte 
Date:   Sat Nov 25 12:08:47 2017 +0100

In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()

Otherwise, any command that relies on ssl modules may fail, because
SSL_add_ssl_module() will be called after the config file has already
been loaded.

Fixes #4788

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4792)

commit 0a90a6831e02e00d9043ada635421cfd3da5ffe2
Author: Richard Levitte 
Date:   Sat Nov 25 12:02:58 2017 +0100

In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()

IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms).  Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called.  The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.

Fixes #4788

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4792)

---

Summary of changes:
 apps/openssl.c | 4 ++--
 ssl/ssl_init.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/openssl.c b/apps/openssl.c
index 1c86827..2cb49cb 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -80,8 +80,8 @@ static int apps_startup()
 #endif
 
 /* Set non-default library initialisation settings */
-if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_LOAD_CONFIG, NULL))
+if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+  | OPENSSL_INIT_LOAD_CONFIG, NULL))
 return 0;
 
 setup_ui_method();
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 8eb6ef1..34e6773 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -195,11 +195,11 @@ int OPENSSL_init_ssl(uint64_t opts, const 
OPENSSL_INIT_SETTINGS * settings)
 return 0;
 }
 
-if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
- | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
 return 0;
 
-if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
 return 0;
 
 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ssl3

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ssl3

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/2 subtests 
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_

[openssl-commits] FAILED build of OpenSSL branch OpenSSL_1_1_0-stable with options -d --strict-warnings no-md4

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-md4

Commit log since last time:

64b5b5b Fix the buffer sizing in the fatalerrtest
4749aba Update CHANGES and NEWS for the new release
b9ddcd7 Add a test for CVE-2017-3737
e502cc8 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/05-test_idea.t . ok
../../openssl/test/recipes/05-test_md2.t .. skipped: md2 is not 
supported by this OpenSSL build
../../openssl/test/recipes/05-test_md4.t .. skipped: md4 is not 
supported by this OpenSSL build
../../openssl/test/recipes/05-test_md5.t .. ok
../../openssl/test/recipes/05-test_mdc2.t . ok
../../openssl/test/recipes/05-test_rand.t . ok
../../openssl/test/recipes/05-test_rc2.t .. ok
../../openssl/test/recipes/05-test_rc4.t .. ok
../../openssl/test/recipes/05-test_rc5.t .. skipped: rc5 is not 
supported by this OpenSSL build
../../openssl/test/recipes/05-test_rmd.t .. ok
../../openssl/test/recipes/05-test_sha1.t . ok
../../openssl/test/recipes/05-test_sha256.t ... ok
../../openssl/test/recipes/05-test_sha512.t ... ok
../../openssl/test/recipes/05-test_wp.t ... ok
../../openssl/test/recipes/10-test_bn.t ... ok
../../openssl/test/recipes/10-test_exp.t .. ok
../../openssl/test/recipes/15-test_dh.t ... ok
../../openssl/test/recipes/15-test_dsa.t .. ok
../../openssl/test/recipes/15-test_ec.t ... ok
../../openssl/test/recipes/15-test_ecdsa.t  ok
../../openssl/test/recipes/15-test_genrsa.t ... ok
../../openssl/test/recipes/15-test_rsa.t .. ok
../../openssl/test/recipes/15-test_rsapss.t ... ok
../../openssl/test/recipes/20-test_enc.t .. ok
../../openssl/test/recipes/20-test_passwd.t ... ok
../../openssl/test/recipes/25-test_crl.t .. ok
../../openssl/test/recipes/25-test_d2i.t .. ok
../../openssl/test/recipes/25-test_pkcs7.t  ok
../../openssl/test/recipes/25-test_req.t .. ok
../../openssl/test/recipes/25-test_sid.t .. ok
../../openssl/test/recipes/25-test_verify.t ... ok
../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tlsextms.t . 
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/9 subtests 
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_async.t  ok
../../openssl/test/recipes/90-test_bio_enc.t .. ok
../../openssl/test/recipes/90-test_bioprint.t . ok
../../openssl/test/recipes/90-test_constant_time.t  ok
../../openssl/test/recipes/90-test_fataler

[openssl-commits] [openssl] master update

[bernd . edlinger]

The branch master has been updated
   via  a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8 (commit)
  from  8a8bc665626113005f39121d582fd96104fb84cf (commit)


- Log -
commit a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8
Author: Bernd Edlinger 
Date:   Thu Dec 7 13:03:15 2017 +0100

Add missing range checks on number of multi primes in rsa_ossl_mod_exp

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/4862)

---

Summary of changes:
 crypto/rsa/rsa_ossl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index ced11ad..f7b5cdc 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -604,7 +604,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned 
char *from,
 
 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
-BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM];
+BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
 int ret = 0, i, ex_primes = 0;
 RSA_PRIME_INFO *pinfo;
 
@@ -618,7 +618,8 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, 
RSA *rsa, BN_CTX *ctx)
 goto err;
 
 if (rsa->version == RSA_ASN1_VERSION_MULTI
-&& (ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0)
+&& ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+ || ex_primes > RSA_MAX_PRIME_NUM - 2))
 goto err;
 
 {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[kaduk]

The branch master has been updated
   via  8a8bc665626113005f39121d582fd96104fb84cf (commit)
  from  cded951378069a478391843f5f8653c1eb5128da (commit)


- Log -
commit 8a8bc665626113005f39121d582fd96104fb84cf
Author: Benjamin Kaduk 
Date:   Thu Dec 7 17:57:21 2017 -0600

Fix no-ec

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/4874)

---

Summary of changes:
 test/evp_extra_test.c  | 4 
 test/recipes/80-test_ssl_new.t | 1 +
 2 files changed, 5 insertions(+)

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 1e1fa17..e63d683 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -498,7 +498,9 @@ static int test_EVP_PKEY_check(int i)
 int ret = 0;
 const unsigned char *p;
 EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_EC
 EC_KEY *eckey = NULL;
+#endif
 EVP_PKEY_CTX *ctx = NULL;
 EVP_PKEY_CTX *ctx2 = NULL;
 const APK_DATA *ak = &keycheckdata[i];
@@ -519,6 +521,7 @@ static int test_EVP_PKEY_check(int i)
  || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)))
 goto done;
 
+#ifndef OPENSSL_NO_EC
 if (type == 1 &&
 (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
  || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
@@ -532,6 +535,7 @@ static int test_EVP_PKEY_check(int i)
  || !TEST_ptr(pkey = EVP_PKEY_new())
  || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey
 goto done;
+#endif
 
 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
 goto done;
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 3b1447b..caf3536 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -94,6 +94,7 @@ my %skip = (
   "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1")
 && disabled("tls1_2")) || disabled("srp"),
   "24-padding.conf" => disabled("tls1_3"),
+  "25-cipher.conf" => disabled("ec"),
 );
 
 foreach my $conf (@conf_files) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_noec #306

[osslsanity]

See 


Changes:

[levitte] Fix some issues in apps/req

[levitte] Leave a message in doc to indicate 0 is not acceptable

[appro] crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X.

[appro] chacha/asm/chacha-x86_64.pl: add AVX512VL code path.

--
[...truncated 866.05 KB...]
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall 
-O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -o test/crltest test/crltest.o 
test/libtestutil.a -L. -lcrypto -ldl
make[2]: Leaving directory 
`
gcc  -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  -MMD -MF 
test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o test/ct_test.c
rm -f test/ct_test
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ct_test OBJECTS="test/ct_test.o" \
LIBDEPS=' '" test/libtestutil.a -L. -lcrypto"' -ldl ' \
CC='gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack ' \
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/ct_test} test/ct_test.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/ct_test} test/ct_test.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  cded951378069a478391843f5f8653c1eb5128da (commit)
   via  79337628702dc5ff5570f02d6b92eeb02a310e18 (commit)
  from  05de3a5be975b2834fd249005ceb0e886e9f39d1 (commit)


- Log -
commit cded951378069a478391843f5f8653c1eb5128da
Author: Andy Polyakov 
Date:   Mon Dec 4 14:16:19 2017 +0100

chacha/asm/chacha-x86_64.pl: add AVX512VL code path.

256-bit AVX512VL was estimated to deliver ~50% improvement over AVX2
and it did live up to the expectations.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4838)

commit 79337628702dc5ff5570f02d6b92eeb02a310e18
Author: Andy Polyakov 
Date:   Mon Dec 4 14:03:05 2017 +0100

crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X.

It was observed that AVX512 code paths can negatively affect overall
Skylake-X system performance. But we are talking specifically about
512-bit code, while AVX512VL, 256-bit variant of AVX512F instructions,
is supposed to fly as smooth as AVX2. Which is why it remains unmasked.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/4838)

---

Summary of changes:
 crypto/chacha/asm/chacha-x86_64.pl | 592 -
 crypto/x86_64cpuid.pl  |   8 +
 2 files changed, 596 insertions(+), 4 deletions(-)

diff --git a/crypto/chacha/asm/chacha-x86_64.pl 
b/crypto/chacha/asm/chacha-x86_64.pl
index 0510363..51bb6a9 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -22,6 +22,10 @@
 #
 # Add AVX512F code path.
 #
+# December 2017
+#
+# Add AVX512VL code path.
+#
 # Performance in cycles per byte out of large buffer.
 #
 #  IALU/gcc 4.8(i) 1xSSSE3/SSE24xSSSE3 NxAVX(v)
@@ -32,7 +36,7 @@
 # Sandy Bridge 8.31/+42%   5.45/6.76   2.72
 # Ivy Bridge   6.71/+46%   5.40/6.49   2.41
 # Haswell  5.92/+43%   5.20/6.45   2.421.23
-# Skylake[-X]  5.87/+39%   4.70/-  2.311.19[0.57]
+# Skylake[-X]  5.87/+39%   4.70/-  2.311.19[0.80(vi)]
 # Silvermont   12.0/+33%   7.75/7.40   7.03(iii)
 # Knights L11.7/-  -   9.60(iii)   0.80
 # Goldmont 10.6/+17%   5.10/-  3.28
@@ -51,7 +55,9 @@
 #  limitations, SSE2 can do better, but gain is considered too
 #  low to justify the [maintenance] effort;
 # (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20;
-# (v)  8xAVX2 or 16xAVX-512, whichever best applicable;
+# (v)  8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable;
+# (vi) even though Skylake-X can execute AVX512F code and deliver 0.57
+#  cpb in single thread, the corresponding capability is suppressed;
 
 $flavour = shift;
 $output  = shift;
@@ -112,8 +118,8 @@ $code.=<<___;
 .byte  0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
 .Lrot24:
 .byte  0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
-.Lsigma:
-.asciz "expand 32-byte k"
+.Ltwoy:
+.long  2,0,0,0, 2,0,0,0
 .align 64
 .Lzeroz:
 .long  0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0
@@ -123,6 +129,8 @@ $code.=<<___;
 .long  0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
 .Lsixteen:
 .long  16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
+.Lsigma:
+.asciz "expand 32-byte k"
 .asciz "ChaCha20 for x86_64, CRYPTOGAMS by "
 ___
 
@@ -253,6 +261,8 @@ ___
 $code.=<<___   if ($avx>2);
bt  \$48,%r10   # check for AVX512F
jc  .LChaCha20_avx512
+   test%r10,%r10   # check for AVX512VL
+   js  .LChaCha20_avx512vl
 ___
 $code.=<<___;
test\$`1<<(41-32)`,%r10d
@@ -2292,6 +2302,19 @@ if ($avx>2) {
 my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20));
 my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
 
+sub vpxord()   # size optimization
+{ my $opcode = "vpxor";# adhere to vpxor when possible
+
+foreach (@_) {
+   if (/%([zy])mm([0-9]+)/ && ($1 eq "z" || $2>=16)) {
+   $opcode = "vpxord";
+   last;
+   }
+}
+
+$code .= "\t$opcode\t".join(',',reverse @_)."\n";
+}
+
 sub AVX512ROUND {  # critical path is 14 "SIMD ticks" per round
&vpaddd ($a,$a,$b);
&vpxord ($d,$d,$a);
@@ -2505,6 +2528,159 @@ $code.=<<___;
 .cfi_endproc
 .size  ChaCha20_avx512,.-ChaCha20_avx512
 ___
+
+map(s/%z/%y/, $a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz);
+
+$code.=<<___;
+.type  ChaCha20_avx512vl,\@function,5
+.align 32
+ChaCha20_avx512vl:
+.cfi_startproc
+.LChaCha20_avx512vl:
+   mov %rsp,%r9# frame pointer
+.cfi_def_cfa_register  %r9
+   cmp \$128,$len
+   ja  .LChaCha20_8xvl
+
+   sub \$64+$xframe,%rsp
+___
+$code.=<<___   if ($win64);
+   movaps  %xmm6,-0x28(%r9)
+   movaps  %xmm7,-0x1

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  05de3a5be975b2834fd249005ceb0e886e9f39d1 (commit)
   via  b1c05a504964a01ca54bd37e11c1ebac0f6fafdc (commit)
  from  d68a0eaf45f12392065f3cf716a1a2682d55d3ce (commit)


- Log -
commit 05de3a5be975b2834fd249005ceb0e886e9f39d1
Author: Paul Yang 
Date:   Tue Nov 21 23:43:03 2017 +0800

Leave a message in doc to indicate 0 is not acceptable

[to be squashed]

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/4767)

commit b1c05a504964a01ca54bd37e11c1ebac0f6fafdc
Author: Paul Yang 
Date:   Tue Nov 21 22:37:23 2017 +0800

Fix some issues in apps/req

1. the 'ignore -days' warning should not be printed without '-x509'
2. the 'ignore -days' warning should terminate with new-line

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/4767)

---

Summary of changes:
 apps/req.c   | 8 ++--
 doc/man1/req.pod | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 8dcfbce..989a6ad 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -159,7 +159,7 @@ int req_main(int argc, char **argv)
 char *template = default_config_file, *keyout = NULL;
 const char *keyalg = NULL;
 OPTION_CHOICE o;
-int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = 0;
+int ret = 1, x509 = 0, days = 0, i = 0, newreq = 0, verbose = 0;
 int pkey_type = -1, private = 0;
 int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
 int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
@@ -334,7 +334,7 @@ int req_main(int argc, char **argv)
 goto opthelp;
 
 if (days && !x509)
-BIO_printf(bio_err, "Ignoring -days; not generating a certificate");
+BIO_printf(bio_err, "Ignoring -days; not generating a certificate\n");
 if (x509 && infile == NULL)
 newreq = 1;
 
@@ -617,6 +617,10 @@ int req_main(int argc, char **argv)
 
 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
 goto end;
+if (days == 0) {
+/* set default days if it's not specified */
+days = 30;
+}
 if (!set_cert_times(x509ss, NULL, NULL, days))
 goto end;
 if (!X509_set_subject_name
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index d0d471f..5ed90ad 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -247,8 +247,8 @@ to the self signed certificate otherwise new request is 
created.
 =item B<-days n>
 
 When the B<-x509> option is being used this specifies the number of
-days to certify the certificate for, otherwise it is ignored.
-The default is 30 days.
+days to certify the certificate for, otherwise it is ignored. B should
+be a positive integer. The default is 30 days.
 
 =item B<-set_serial n>
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_noec #305

[osslsanity]

See 


Changes:

[matt] extending afalg with aes-cbc-192/256, afalgtest.c also updated

[matt] fix  --strict-warnings

[matt] make get_cipher_handle static

[matt] putting the missing static

[levitte] Remove unicode characters from source

--
[...truncated 866.05 KB...]
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall 
-O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -o test/crltest test/crltest.o 
test/libtestutil.a -L. -lcrypto -ldl
make[2]: Leaving directory 
`
gcc  -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  -MMD -MF 
test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o test/ct_test.c
rm -f test/ct_test
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ct_test OBJECTS="test/ct_test.o" \
LIBDEPS=' '" test/libtestutil.a -L. -lcrypto"' -ldl ' \
CC='gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack ' \
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/ct_test} test/ct_test.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/ct_test} test/ct_test.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_AS

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  e167fd05b8b781bf04fcd462c0d28fae386116fe (commit)
  from  18df0adda98f8f21cc494b4835c2817bcadbeb8a (commit)


- Log -
commit e167fd05b8b781bf04fcd462c0d28fae386116fe
Author: Richard Levitte 
Date:   Fri Dec 8 11:40:30 2017 +0100

Remove unicode characters from source

Some compilers react badly to non-ASCII characters

Fixes #4877

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4879)

---

Summary of changes:
 ssl/bad_dtls_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c
index 34af37d..ff754e1 100644
--- a/ssl/bad_dtls_test.c
+++ b/ssl/bad_dtls_test.c
@@ -19,7 +19,7 @@
  * Note that unlike other SSL tests, we don't test against our own SSL
  * server method. Firstly because we don't have one; we *only* support
  * DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
  * are made in generic DTLS code which don't take DTLS1_BAD_VER into
  * account, there's plenty of scope for making those changes such that
  * they break *both* the client and the server in the same way.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  fae00c9321e9d843355b37358a12756634e267e6 (commit)
  from  64b5b5bd7cfdef1f1204fa305e9d685de8bf5b7f (commit)


- Log -
commit fae00c9321e9d843355b37358a12756634e267e6
Author: Richard Levitte 
Date:   Fri Dec 8 11:40:30 2017 +0100

Remove unicode characters from source

Some compilers react badly to non-ASCII characters

Fixes #4877

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4879)

(cherry picked from commit d68a0eaf45f12392065f3cf716a1a2682d55d3ce)

---

Summary of changes:
 test/bad_dtls_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index 1408a13..2e33010 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -19,7 +19,7 @@
  * Note that unlike other SSL tests, we don't test against our own SSL
  * server method. Firstly because we don't have one; we *only* support
  * DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
  * are made in generic DTLS code which don't take DTLS1_BAD_VER into
  * account, there's plenty of scope for making those changes such that
  * they break *both* the client and the server in the same way.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  d68a0eaf45f12392065f3cf716a1a2682d55d3ce (commit)
  from  f1138840cbdcdacbb737d7802eb774f6cbc5762b (commit)


- Log -
commit d68a0eaf45f12392065f3cf716a1a2682d55d3ce
Author: Richard Levitte 
Date:   Fri Dec 8 11:40:30 2017 +0100

Remove unicode characters from source

Some compilers react badly to non-ASCII characters

Fixes #4877

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4879)

---

Summary of changes:
 test/bad_dtls_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index 5bd4e22..1c836b9 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -19,7 +19,7 @@
  * Note that unlike other SSL tests, we don't test against our own SSL
  * server method. Firstly because we don't have one; we *only* support
  * DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
  * are made in generic DTLS code which don't take DTLS1_BAD_VER into
  * account, there's plenty of scope for making those changes such that
  * they break *both* the client and the server in the same way.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f1138840cbdcdacbb737d7802eb774f6cbc5762b (commit)
   via  7e8a5e30902b3e3f10aeaae8dcde283eb7224abc (commit)
   via  a3d7fd2837ab7341e58862df95af8532f23d4d51 (commit)
   via  49ea0f09833fb526a12f9402fa2fcf0f4b735d5e (commit)
  from  cbe2964821bb063f61ed2544cfce196ec1c0d62b (commit)


- Log -
commit f1138840cbdcdacbb737d7802eb774f6cbc5762b
Author: JitendraLulla 
Date:   Wed Nov 15 16:14:36 2017 +0530

putting the missing static

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4717)

commit 7e8a5e30902b3e3f10aeaae8dcde283eb7224abc
Author: JitendraLulla 
Date:   Wed Nov 15 06:43:48 2017 +0530

make get_cipher_handle static

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4717)

commit a3d7fd2837ab7341e58862df95af8532f23d4d51
Author: JitendraLulla 
Date:   Wed Nov 15 06:03:07 2017 +0530

fix  --strict-warnings

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4717)

commit 49ea0f09833fb526a12f9402fa2fcf0f4b735d5e
Author: JitendraLulla 
Date:   Sat Nov 11 12:01:58 2017 +0530

extending afalg with aes-cbc-192/256, afalgtest.c also updated accordingly. 
comments from matt, Stephen considered

fix  indentation, remove printf from afalgtest.c

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4717)

---

Summary of changes:
 engines/e_afalg.c | 104 --
 engines/e_afalg.h |  15 
 test/afalgtest.c  |  51 --
 3 files changed, 125 insertions(+), 45 deletions(-)

diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index 982a53d..49b0173 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -18,6 +18,7 @@
 #include 
 #include 
 #include 
+#include "internal/nelem.h"
 
 #include 
 #include 
@@ -78,7 +79,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char 
*ciphertype,
 static int afalg_destroy(ENGINE *e);
 static int afalg_init(ENGINE *e);
 static int afalg_finish(ENGINE *e);
-const EVP_CIPHER *afalg_aes_128_cbc(void);
+const EVP_CIPHER *afalg_aes_cbc(int nid);
+static cbc_handles *get_cipher_handle(int nid);
 static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  const int **nids, int nid);
 static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -93,10 +95,14 @@ static const char *engine_afalg_id = "afalg";
 static const char *engine_afalg_name = "AFALG engine support";
 
 static int afalg_cipher_nids[] = {
-NID_aes_128_cbc
+NID_aes_128_cbc,
+NID_aes_192_cbc,
+NID_aes_256_cbc,
 };
 
-static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+{AES_KEY_SIZE_192, NULL},
+{AES_KEY_SIZE_256, NULL}};
 
 static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
 {
@@ -350,7 +356,6 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const 
unsigned char *key,
 AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
 return 0;
 }
-
 return 1;
 }
 
@@ -515,6 +520,8 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 ciphertype = EVP_CIPHER_CTX_nid(ctx);
 switch (ciphertype) {
 case NID_aes_128_cbc:
+case NID_aes_192_cbc:
+case NID_aes_256_cbc:
 strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
 break;
 default:
@@ -637,29 +644,45 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
 return 1;
 }
 
-const EVP_CIPHER *afalg_aes_128_cbc(void)
+static cbc_handles *get_cipher_handle(int nid)
+{
+switch (nid) {
+case NID_aes_128_cbc:
+return &cbc_handle[AES_CBC_128];
+case NID_aes_192_cbc:
+return &cbc_handle[AES_CBC_192];
+case NID_aes_256_cbc:
+return &cbc_handle[AES_CBC_256];
+default:
+return NULL;
+}
+}
+
+const EVP_CIPHER *afalg_aes_cbc(int nid)
 {
-if (_hidden_aes_128_cbc == NULL
-&& ((_hidden_aes_128_cbc =
- EVP_CIPHER_meth_new(NID_aes_128_cbc,
- AES_BLOCK_SIZE,
- AES_KEY_SIZE_128)) == NULL
-|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN)
-|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
-  EVP_CIPH_CBC_MODE |
-  EVP_CIPH_FLAG_DEFAULT_ASN1)
-|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
- afalg_cipher_init)
-

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  9c2a1bcbb06f1075307267fe16bd34e43f750cd4 (commit)
  from  c1388cc424c5c1aaab2b1193e7d9a82310a0e6de (commit)


- Log -
commit 9c2a1bcbb06f1075307267fe16bd34e43f750cd4
Author: Matt Caswell 
Date:   Fri Dec 8 09:48:09 2017 +

Ignore case when checking author against cladb

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5)

---

Summary of changes:
 review-tools/gitaddrev | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index a53d9ad..2beb48a 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -30,7 +30,7 @@ my @unknown_reviewers;
 my $skip_reviewer;
 my $omccount = 0;
 sub try_add_reviewer {
-my $id = shift;
+my $id = lc(shift);
 my $rc = undef;
 my $id2 = $id =~ /^\@(.*)$/ ? { github => $1 } : $id;
 my $rev = $query->find_person_tag($id2, 'rev');
@@ -123,7 +123,7 @@ if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) {
 # In case the author is unknown to our databases or is lacking a CLA,
 # we need to be extra careful to check if this is supposed to be a
 # trivial commit.
-my $author = $ENV{GIT_AUTHOR_EMAIL};
+my $author = lc($ENV{GIT_AUTHOR_EMAIL});
 
 # Note: it really should be enough to check if $author is unknown, since
 # the databases are supposed to be consistent with each other.  However,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
   via  18df0adda98f8f21cc494b4835c2817bcadbeb8a (commit)
  from  6957d91f0eed10859dff26311592b326a07a1d73 (commit)


- Log -
commit 18df0adda98f8f21cc494b4835c2817bcadbeb8a
Author: Dr. Matthias St. Pierre 
Date:   Mon Sep 26 14:23:29 2016 +0200

Add missing prototype for FIPS callback

Fixes #2533

The call to FIPS_crypto_set_id_callback() was added in revision 
a43cfd7bb1fc681d563e,
but there is no prototype for it in .

Signed-off-by: Dr. Matthias St. Pierre 

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/4870)

---

Summary of changes:
 crypto/o_init.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/crypto/o_init.c b/crypto/o_init.c
index 185841e..18bb858 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -58,6 +58,11 @@
 #ifdef OPENSSL_FIPS
 # include 
 # include 
+
+# ifndef OPENSSL_NO_DEPRECATED
+/* the prototype is missing in  */
+void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
+# endif
 #endif
 
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-poly1305

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t . ok
../../openssl/test/recipes/30-test_afalg.t  ok
../../openssl/test/recipes/30-test_engine.t ... ok
../../openssl/test/recipes/30-test_evp.t .. ok
../../openssl/test/recipes/30-test_evp_extra.t  ok
../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/25 subtests 
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-

[openssl-commits] Build failed in Jenkins: master_noec #304

[osslsanity]

See 


Changes:

[matt] Fix the buffer sizing in the fatalerrtest

[levitte] Save away the environment variables we rely on

[levitte] Make it possible to add env var assignments as Configure options

[levitte] Document the possibility for command line argument env assignments

[levitte] Have all relevant config targets use the env() function rather than 
$ENV

[levitte] Make sure ./config passes options to ./Configure correctly

[levitte] Configure: die if there are other arguments with 'reconf'

[levitte] Document how the configuration option 'reconf' works

[rsalz] Consistent formatting for sizeof(foo)

--
[...truncated 866.05 KB...]
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o 
${APPNAME:=test/crltest} test/crltest.o ${LIBDEPS} )
LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall 
-O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -o test/crltest test/crltest.o 
test/libtestutil.a -L. -lcrypto -ldl
make[2]: Leaving directory 
`
gcc  -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  -MMD -MF 
test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o test/ct_test.c
rm -f test/ct_test
make -f ./Makefile.shared -e \
PERL="/usr/bin/perl" SRCDIR=. \
APPNAME=test/ct_test OBJECTS="test/ct_test.o" \
LIBDEPS=' '" test/libtestutil.a -L. -lcrypto"' -ldl ' \
CC='gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack ' \
LDFLAGS='' \
link_app.
make[2]: Entering directory 
`
( :; LIBDEPS="${LIBDEPS:-test/libtestutil.a -L. -lcrypto -ldl }"; 
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG 
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack  }"; LIBPATH=`for x in 
$LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo 
$LIBPATH | sed -e 's/ /:/g'`; echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH 
${LDCMD} ${LDFLAGS} -o ${APPNAME:=test/ct_test} test/ct_test.o ${LIBDEPS}; 
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFL

[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ocsp

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ocsp

Commit log since last time:

e84282c Fix the buffer sizing in the fatalerrtest
f47270e Update CHANGES and NEWS for new release
97652f0 Add a test for CVE-2017-3737
77d7599 test/bntest.c: add rsaz_1024_mul_avx2 regression test.
5630661 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > 
test/buildtest_whrlpool.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509err > 
test/buildtest_x509err.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3err > 
test/buildtest_x509v3err.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra  -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option  -MMD -MF 
test/casttest.d.tm
 p -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" 
-Wall -O0 -g -pthread -m64 -DL_ENDIAN -Wextra  -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror 
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknow
 n-warning-option  -MMD -MF test/chacha_internal_test.d.tmp -MT 
test/chacha_internal_test.o -c -o test/chacha_internal_test.o 
../openssl/test/chacha_internal_test.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra  -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option  -MMD -MF 
test/cipherbytes_t
 est.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o 
../openssl/test/cipherbytes_test.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra  -Qunused-arguments -