[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  653162c6005b4594327029729c0bffcf7c15d58c (commit)
  from  0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit)


- Log -
commit 653162c6005b4594327029729c0bffcf7c15d58c
Author: Gregor Jasny 
Date:   Sun May 13 19:51:52 2018 +0200

NOTES.ANDROID: fix typo in build notes

CLA: trivial

Reviewed-by: Andy Polyakov 
Reviewed-by: Matthias St. Pierre 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6244)

---

Summary of changes:
 NOTES.ANDROID | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NOTES.ANDROID b/NOTES.ANDROID
index dcddc4c..103ed87 100644
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -32,7 +32,7 @@
  NDK 10d:
 
 ANDROID_NDK=/some/where/android-ndk-10d
-
PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin:$PATH
+
PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
 ./Configure android-arm -D__ANDROID_API__=14
 
  Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit)
  from  73cc84a132a08a02253ae168600fc4d16cd400d8 (commit)


- Log -
commit 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315
Author: Andy Polyakov 
Date:   Mon May 14 17:06:04 2018 +0200

windows-makefile.tmpl: delete export library prior link.

LINK can outsmart itself and choose to not update export .lib upon
corresponding .dll re-link. Since dependency is between .lib and all
.obj-s, re-compilation of any .obj makes NMAKE relink .dll and all
.exe-s over and over...

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/windows-makefile.tmpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 0752bbe..49af571 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -627,6 +627,7 @@ EOF
  return <<"EOF"
 $target: $deps
IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
+   IF EXIST \$@ DEL /F /Q \$@
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext$shared_def @<< || (DEL 
/Q \$(\@B).* $shlib.* && EXIT 1)
 $objs
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Matt Caswell]

The branch OpenSSL_1_1_0-stable has been updated
   via  7171f71ef10eb079322bbe99332f411a14f03891 (commit)
  from  f1e92861c30e91139407e65fffd0af76ef48fd34 (commit)


- Log -
commit 7171f71ef10eb079322bbe99332f411a14f03891
Author: Matt Caswell 
Date:   Wed May 2 16:07:13 2018 +0100

Mark DTLS records as read when we have finished with them

The TLS code marks records as read when its finished using a record. The 
DTLS code did
not do that. However SSL_has_pending() relies on it. So we should make DTLS 
consistent.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6160)

---

Summary of changes:
 ssl/record/rec_layer_d1.c | 37 -
 ssl/record/ssl3_record.c  | 14 --
 2 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 0eeed4f..6111a2e 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -473,6 +473,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 return -1;
 }
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 goto start;
 }
 
@@ -482,8 +483,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
  */
 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 s->rwstate = SSL_NOTHING;
-return (0);
+return 0;
 }
 
 if (type == SSL3_RECORD_get_type(rr)
@@ -508,8 +510,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 if (recvd_type != NULL)
 *recvd_type = SSL3_RECORD_get_type(rr);
 
-if (len <= 0)
-return (len);
+if (len <= 0) {
+/*
+ * Mark a zero length record as read. This ensures multiple calls 
to
+ * SSL_read() with a zero length buffer will eventually cause
+ * SSL_pending() to report data as being available.
+ */
+if (SSL3_RECORD_get_length(rr) == 0)
+SSL3_RECORD_set_read(rr);
+return len;
+}
 
 if ((unsigned int)len > SSL3_RECORD_get_length(rr))
 n = SSL3_RECORD_get_length(rr);
@@ -517,12 +527,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 n = (unsigned int)len;
 
 memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
-if (!peek) {
+if (peek) {
+if (SSL3_RECORD_get_length(rr) == 0)
+SSL3_RECORD_set_read(rr);
+} else {
 SSL3_RECORD_sub_length(rr, n);
 SSL3_RECORD_add_off(rr, n);
 if (SSL3_RECORD_get_length(rr) == 0) {
 s->rlayer.rstate = SSL_ST_READ_HEADER;
 SSL3_RECORD_set_off(rr, 0);
+SSL3_RECORD_set_read(rr);
 }
 }
 #ifndef OPENSSL_NO_SCTP
@@ -573,6 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 }
 /* Exit and notify application to read again */
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 s->rwstate = SSL_READING;
 BIO_clear_retry_flags(SSL_get_rbio(s));
 BIO_set_retry_read(SSL_get_rbio(s));
@@ -617,6 +632,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 #endif
 s->rlayer.rstate = SSL_ST_READ_HEADER;
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 goto start;
 }
 
@@ -626,6 +642,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 SSL3_RECORD_add_off(rr, 1);
 SSL3_RECORD_add_length(rr, -1);
 }
+if (SSL3_RECORD_get_length(rr) == 0)
+SSL3_RECORD_set_read(rr);
 *dest_len = dest_maxlen;
 }
 }
@@ -696,6 +714,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 }
 } else {
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
 }
 /*
@@ -720,6 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) {
 s->rlayer.d->handshake_fragment_len = 0;
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
 goto start;
 }
@@ -747,6 +767,7 @@ int 

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method

Commit log since last time:

ba8b48e Fix no-tls1_2
199dc0d Fix no-psk
986caf9 CI config: no need to make both install and install_docs
8481434 Link in passphrase-encoding(7) in relevant documentation
491c353 Docs: add general document on how pass phrases are handled
de03cc9 UI console: Restore tty settings, do not force ECHO after prompt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2

Commit log since last time:

ba8b48e Fix no-tls1_2
199dc0d Fix no-psk
986caf9 CI config: no need to make both install and install_docs
8481434 Link in passphrase-encoding(7) in relevant documentation
491c353 Docs: add general document on how pass phrases are handled
de03cc9 UI console: Restore tty settings, do not force ECHO after prompt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls

Commit log since last time:

ba8b48e Fix no-tls1_2
199dc0d Fix no-psk
986caf9 CI config: no need to make both install and install_docs
8481434 Link in passphrase-encoding(7) in relevant documentation
491c353 Docs: add general document on how pass phrases are handled
de03cc9 UI console: Restore tty settings, do not force ECHO after prompt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  73cc84a132a08a02253ae168600fc4d16cd400d8 (commit)
  from  ba8b48e98dd86851ca20733f819da5b76859e64a (commit)


- Log -
commit 73cc84a132a08a02253ae168600fc4d16cd400d8
Author: Matt Caswell 
Date:   Mon May 14 18:35:30 2018 +0100

Suport TLSv1.3 draft 28

Also retains support for drafts 27 and 26

Fixes #6257

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6258)

---

Summary of changes:
 include/openssl/tls1.h | 10 +++---
 ssl/ssl_locl.h |  2 ++
 ssl/statem/extensions_clnt.c   |  8 ++--
 ssl/statem/extensions_srvr.c   |  4 ++--
 ssl/statem/statem_lib.c| 17 -
 ssl/t1_trce.c  | 14 --
 test/recipes/70-test_sslversions.t |  7 ---
 util/perl/TLSProxy/Record.pm   |  2 +-
 8 files changed, 50 insertions(+), 14 deletions(-)

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index b9f0918..37bdc7d 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,9 +30,13 @@ extern "C" {
 # define TLS1_3_VERSION  0x0304
 # define TLS_MAX_VERSION TLS1_3_VERSION
 
-/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -26 */
-# define TLS1_3_VERSION_DRAFT0x7f1a
-# define TLS1_3_VERSION_DRAFT_TXT"TLS 1.3 (draft 26)"
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT0x7f1c
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT"TLS 1.3 (draft 28)"
 
 /* Special value for method supporting multiple versions */
 # define TLS_ANY_VERSION 0x1
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c066e14..e02f5a1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1057,6 +1057,8 @@ struct ssl_st {
  * DTLS1_VERSION)
  */
 int version;
+/* TODO(TLS1.3): Remove this before release */
+int version_draft;
 /* SSLv3 */
 const SSL_METHOD *method;
 /*
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index e4a5b3c..cc4563b 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -538,7 +538,9 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, 
WPACKET *pkt,
 for (currv = max_version; currv >= min_version; currv--) {
 /* TODO(TLS1.3): Remove this first if clause prior to release!! */
 if (currv == TLS1_3_VERSION) {
-if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) {
+if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
  ERR_R_INTERNAL_ERROR);
@@ -1789,7 +1791,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET 
*pkt, unsigned int context,
 }
 
 /* TODO(TLS1.3): Remove this before release */
-if (version == TLS1_3_VERSION_DRAFT)
+if (version == TLS1_3_VERSION_DRAFT
+|| version == TLS1_3_VERSION_DRAFT_27
+|| version == TLS1_3_VERSION_DRAFT_26)
 version = TLS1_3_VERSION;
 
 /*
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index ec4e1b8..65b9d3b 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -892,7 +892,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int 
context, X509 *x,
 if (!WPACKET_put_bytes_u16(, TLSEXT_TYPE_supported_versions)
 || !WPACKET_start_sub_packet_u16()
/* TODO(TLS1.3): Fix this before release */
-|| !WPACKET_put_bytes_u16(, TLS1_3_VERSION_DRAFT)
+|| !WPACKET_put_bytes_u16(, s->version_draft)
 || !WPACKET_close()) {
 WPACKET_cleanup();
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1606,7 +1606,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, 
WPACKET *pkt,
 if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
 || !WPACKET_start_sub_packet_u16(pkt)
 /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator 
*/
-|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+|| !WPACKET_put_bytes_u16(pkt, s->version_draft)
 || !WPACKET_close(pkt)) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl stack > 
test/buildtest_stack.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl store > 
test/buildtest_store.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > 
test/buildtest_symhacks.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > 
test/buildtest_txt_db.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > 
test/buildtest_whrlpool.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o 
../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o 
test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o 
test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  fe4fe67139bc1e1abb62035d9eb0992f614bf645 (commit)
  from  4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit)


- Log -
commit fe4fe67139bc1e1abb62035d9eb0992f614bf645
Author: Richard Levitte 
Date:   Mon May 14 05:01:54 2018 +0200

When configuring 'no-comp', zlib support should be disabled too

Fixes #6241

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/6248)

---

Summary of changes:
 Configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Configure b/Configure
index 9c1879e..c7066dc 100755
--- a/Configure
+++ b/Configure
@@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled))
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
+if (/^comp$/)  { $zlib = 0; }
}
 
print "\n";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2

[scan-admin]

Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
The results are available at 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2f2VYHeha9M-2Box5kA59JLmb-2BZtXt09WkCsb0M-2BjBzpUv-2FN2csbZFzYsjLBjfXd-2BrZz2MyrDgxHf4FGUpNjxvJsHSF2gzqvniyyHLxIAfxbo-2F6o5q0O5OD4rtE2EBcPuoZs5vmq7twNjy7xCq-2Fyj37QZlHmXWUQDTEtbZYxQRxAObmHdiXPmG4MN4tzvUQt3DY-3D

Build ID: 210768

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  8481434439e421d513350a81a01ba2e2a8e61b6e (commit)
   via  491c35324c9f4392ec3d59bb260bf9b7e588f881 (commit)
  from  de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit)


- Log -
commit 8481434439e421d513350a81a01ba2e2a8e61b6e
Author: Richard Levitte 
Date:   Sun May 13 11:35:14 2018 +0200

Link in passphrase-encoding(7) in relevant documentation

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6179)

commit 491c35324c9f4392ec3d59bb260bf9b7e588f881
Author: Richard Levitte 
Date:   Sat May 5 00:06:07 2018 +0200

Docs: add general document on how pass phrases are handled

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6179)

---

Summary of changes:
 doc/man1/openssl.pod |   3 +
 doc/man3/OSSL_STORE_open.pod |  11 ++-
 doc/man3/PEM_bytes_read_bio.pod  |   7 +-
 doc/man3/PEM_read.pod|   7 +-
 doc/man3/PEM_read_CMS.pod|   9 +-
 doc/man3/PEM_read_bio_PrivateKey.pod |   7 +-
 doc/man3/PKCS12_create.pod   |   7 +-
 doc/man3/PKCS12_newpass.pod  |   3 +-
 doc/man3/PKCS12_parse.pod|   3 +-
 doc/man3/PKCS5_PBKDF2_HMAC.pod   |   6 +-
 doc/man3/d2i_PKCS8PrivateKey_bio.pod |   7 +-
 doc/man7/passphrase-encoding.pod | 182 +++
 12 files changed, 242 insertions(+), 10 deletions(-)
 create mode 100644 doc/man7/passphrase-encoding.pod

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 03c07c0..a713269 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -439,6 +439,9 @@ password argument is given and a password is required then 
the user is
 prompted to enter one: this will typically be read from the current
 terminal with echoing turned off.
 
+Note that character encoding may be relevant, please see
+L.
+
 =over 4
 
 =item B
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 13f3722..b1467f4 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -112,6 +112,14 @@ URI, or if it's a different error (such as memory 
allocation
 failures); if the URI was parsable but the scheme unregistered, the
 top error will have the reason C.
 
+These functions make no direct assumption regarding the pass phrase received
+from the password callback.
+The loaders may make assumptions, however.
+For example, the B scheme loader inherits the assumptions made by
+OpenSSL functionality that handles the different file types; this is mostly
+relevant for PKCS#12 objects.
+See L for further information.
+
 =head1 RETURN VALUES
 
 OSSL_STORE_open() returns a pointer to a B on success, or
@@ -132,7 +140,8 @@ OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on 
success, or 0 on failure.
 
 =head1 SEE ALSO
 
-L, L, L
+L, L, L,
+L
 
 =head1 HISTORY
 
diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod
index d16ccd8..cd05582 100644
--- a/doc/man3/PEM_bytes_read_bio.pod
+++ b/doc/man3/PEM_bytes_read_bio.pod
@@ -55,6 +55,10 @@ use of BIO_s_file() indicates the use of the operating 
system stdio
 functionality, which includes buffering as a feature; BIO_s_fd() is likely
 to be more appropriate in such cases.
 
+These functions make no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 RETURN VALUES
 
 PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or
@@ -63,7 +67,8 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 
for success or
 =head1 SEE ALSO
 
 L,
-L
+L,
+L
 
 =head1 HISTORY
 
diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod
index 66cbc7d..2a017c6 100644
--- a/doc/man3/PEM_read.pod
+++ b/doc/man3/PEM_read.pod
@@ -110,10 +110,15 @@ Instead, private keys should be stored in PKCS#8 form, 
with a strong PKCS#5
 v2.0 PBE.
 See L and L.
 
+PEM_do_header() makes no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 SEE ALSO
 
 L, L,
-L.
+L,
+L
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod
index 65a114d..0c22618 100644
--- a/doc/man3/PEM_read_CMS.pod
+++ b/doc/man3/PEM_read_CMS.pod
@@ 

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC 
-DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  66e4a8944b894b9301226bad193a7d8ec330742d (commit)
  from  f54b665e29a0ed8df2ea322a1f9e1b8057f13894 (commit)


- Log -
commit 66e4a8944b894b9301226bad193a7d8ec330742d
Author: Pavel Kopyl 
Date:   Fri Nov 3 18:18:59 2017 +0300

Fix memory leaks in CA related functions.

(cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1)

Reviewed-by: Andy Polyakov 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/6238)

---

Summary of changes:
 apps/ca.c   | 5 -
 apps/verify.c   | 1 +
 crypto/conf/conf_api.c  | 2 ++
 crypto/engine/eng_lib.c | 6 --
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 4f9de54..31e8773 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
 if (j > 0) {
 total_done++;
 BIO_printf(bio_err, "\n");
-if (!BN_add_word(serial, 1))
+if (!BN_add_word(serial, 1)) {
+X509_free(x);
 goto err;
+}
 if (!sk_X509_push(cert_sk, x)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
+X509_free(x);
 goto err;
 }
 }
diff --git a/apps/verify.c b/apps/verify.c
index c4bd197..180ccf4 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
 X509_STORE_set_flags(ctx, vflags);
 if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
 ERR_print_errors(bio_err);
+X509_STORE_CTX_free(csc);
 goto end;
 }
 if (tchain)
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 4cf7553..60c9440 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char 
*section)
 
 vv = lh_CONF_VALUE_insert(conf->data, v);
 OPENSSL_assert(vv == NULL);
+if (lh_CONF_VALUE_error(conf->data) > 0)
+goto err;
 ok = 1;
  err:
 if (!ok) {
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index dc2abd2..b7a899f 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
 if (!int_cleanup_check(1))
 return;
 item = int_cleanup_item(cb);
-if (item)
-sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+if (item != NULL) {
+if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+OPENSSL_free(item);
+}
 }
 
 /* The API function that performs all cleanup */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-psk

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously

Build log ended with (last 100 lines):

clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM 
-DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR
 ="\"/usr/local/lib/engines-1.1\""   -MMD -MF crypto/x509/t_req.d.tmp -MT 
crypto/x509/t_req.o -c -o crypto/x509/t_req.o ../openssl/crypto/x509/t_req.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM 
-DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR
 ="\"/usr/local/lib/engines-1.1\""   -MMD -MF crypto/x509/t_x509.d.tmp -MT 
crypto/x509/t_x509.o -c -o crypto/x509/t_x509.o ../openssl/crypto/x509/t_x509.c
clang  -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include 
-I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM 
-DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR
 ="\"/usr/local/lib/engines-1.1\""   -MMD -MF crypto/x509/x509_att.d.tmp -MT 
crypto/x509/x509_att.o -c -o crypto/x509/x509_att.o 
../openssl/crypto/x509/x509_att.c
clang  

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl stack > 
test/buildtest_stack.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl store > 
test/buildtest_store.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > 
test/buildtest_symhacks.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > 
test/buildtest_txt_db.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > 
test/buildtest_whrlpool.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o 
../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o 
test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o 
test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare 

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  e22ce0d07496c53cd100c6d46a54d7a46c13bba9 (commit)
  from  1b261954028925c1e2c329928938dacacf0bb6c0 (commit)


- Log -
commit e22ce0d07496c53cd100c6d46a54d7a46c13bba9
Author: Pavel Kopyl 
Date:   Fri Nov 3 18:18:59 2017 +0300

Fix memory leaks in CA related functions.

(cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1)

Reviewed-by: Andy Polyakov 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/6237)

---

Summary of changes:
 apps/ca.c   | 5 -
 apps/verify.c   | 1 +
 crypto/conf/conf_api.c  | 4 
 crypto/engine/eng_lib.c | 6 --
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index eb093d0..fe9d29b 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -929,10 +929,13 @@ end_of_options:
 if (j > 0) {
 total_done++;
 BIO_printf(bio_err, "\n");
-if (!BN_add_word(serial, 1))
+if (!BN_add_word(serial, 1)) {
+X509_free(x);
 goto end;
+}
 if (!sk_X509_push(cert_sk, x)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
+X509_free(x);
 goto end;
 }
 }
diff --git a/apps/verify.c b/apps/verify.c
index 0925ee6..9ca9f33 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file,
 
 X509_STORE_set_flags(ctx, vflags);
 if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+X509_STORE_CTX_free(csc);
 printf("error %s: X.509 store context initialization failed\n",
(file == NULL) ? "stdin" : file);
 goto end;
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 5535416..afbaefb 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char 
*section)
 
 vv = lh_CONF_VALUE_insert(conf->data, v);
 OPENSSL_assert(vv == NULL);
+if (lh_CONF_VALUE_error(conf->data) > 0)
+goto err;
 return v;
 
  err:
 sk_CONF_VALUE_free(sk);
+if (v != NULL)
+OPENSSL_free(v->section);
 OPENSSL_free(v);
 return NULL;
 }
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 1b88d6f..7078876 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -144,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
 if (!int_cleanup_check(1))
 return;
 item = int_cleanup_item(cb);
-if (item)
-sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+if (item != NULL) {
+if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+OPENSSL_free(item);
+}
 }
 
 /* The API function that performs all cleanup */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl

[scan-admin]

Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3sk1pzKP4Fju0jJRTzbZ9OpExEEnelm3LjYN8lnWfKLNX4IGMRlO-2FJeb8geQ-2Fcm5hzE4AHgJVIs80jx-2F0It7-2FmQMFqTISuuaFLxn3qodsp5pQmu7hu3MHX5ZP7XgFgW7mo0qFmYsf8MwSnbEYoFQebVi5NFs3If9clgNjRmYhn1C2mbGIqU-2BVw-2BFl-2BjT6XBAw-3D

Build ID: 210763

Analysis Summary:
   New defects found: 0
   Defects eliminated: 1

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.17995

[AppVeyor]

Build openssl master.17995 completed



Commit b8c2fd1dee by Matt Caswell on 5/14/2018 11:17 AM:

fixup! Change the default number of NewSessionTickets we send to 2


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl stack > 
test/buildtest_stack.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl store > 
test/buildtest_store.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > 
test/buildtest_symhacks.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > 
test/buildtest_txt_db.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > 
test/buildtest_whrlpool.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o 
../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o 
test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o 
test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Richard Levitte]

The branch OpenSSL_1_0_2-stable has been updated
   via  4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit)
  from  66e4a8944b894b9301226bad193a7d8ec330742d (commit)


- Log -
commit 4080f4d2fefbb7186171eb620d565e91f56be5b3
Author: Richard Levitte 
Date:   Wed May 2 14:28:53 2018 +0200

UI console: Restore tty settings, do not force ECHO after prompt

The Console UI method always set echo on after prompting without
echo.  However, echo might not have been on originally, so just
restore the original TTY settings.

Fixes #2373

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6158)

---

Summary of changes:
 crypto/ui/ui_openssl.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 8a43590..5dcb91a 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -567,17 +567,13 @@ static int echo_console(UI *ui)
 {
 #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 if (is_a_tty && (TTY_set(fileno(tty_in), _new) == -1))
 return 0;
 #endif
 #ifdef OPENSSL_SYS_VMS
 if (is_a_tty) {
 tty_new[0] = tty_orig[0];
-tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+tty_new[1] = tty_orig[1];
 tty_new[2] = tty_orig[2];
 status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12,
   0, 0, 0, 0);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.17977

[AppVeyor]

Build openssl master.17977 completed



Commit 46175b4eda by Richard Levitte on 5/13/2018 7:45 PM:

fixup! UI console: Restore tty settings, do not force ECHO after prompt


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit)
  from  1c534560dc905b6d399dbde242422f0cf5543286 (commit)


- Log -
commit de03cc92d1f3758ad1a525893c93e16b15e6cf45
Author: Richard Levitte 
Date:   Wed May 2 14:18:55 2018 +0200

UI console: Restore tty settings, do not force ECHO after prompt

The Console UI method always set echo on after prompting without
echo.  However, echo might not have been on originally, so just
restore the original TTY settings.

Fixes #2373

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6156)

---

Summary of changes:
 crypto/ui/ui_openssl.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 3ccd8a7..078d10c 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -503,17 +503,13 @@ static int echo_console(UI *ui)
 {
 # if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-tty_new.TTY_FLAGS |= ECHO;
-# endif
-
-# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 if (is_a_tty && (TTY_set(fileno(tty_in), _new) == -1))
 return 0;
 # endif
 # ifdef OPENSSL_SYS_VMS
 if (is_a_tty) {
 tty_new[0] = tty_orig[0];
-tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+tty_new[1] = tty_orig[1];
 tty_new[2] = tty_orig[2];
 status = sys$qiow(0, channel, IO$_SETMODE, , 0, 0, tty_new, 12,
   0, 0, 0, 0);
@@ -534,7 +530,6 @@ static int echo_console(UI *ui)
 # if defined(_WIN32) && !defined(_WIN32_WCE)
 if (is_a_tty) {
 tty_new = tty_orig;
-tty_new |= ENABLE_ECHO_INPUT;
 SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
 }
 # endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Richard Levitte]

The branch OpenSSL_1_1_0-stable has been updated
   via  f1e92861c30e91139407e65fffd0af76ef48fd34 (commit)
  from  0ec946fda5b66fb364a784b002aee5f8b1ac678a (commit)


- Log -
commit f1e92861c30e91139407e65fffd0af76ef48fd34
Author: Richard Levitte 
Date:   Mon May 14 09:28:52 2018 +0200

CI config: no need to make both install and install_docs

'install' depends on 'install_docs', so making the latter explicit is
a waste.

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6250)

(cherry picked from commit 986caf9e34fd60366a5b3711bb12e239e43a2431)

---

Summary of changes:
 .travis.yml  | 2 +-
 appveyor.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ba06dfd..e20c208 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -186,7 +186,7 @@ script:
   fi
 - if [ -n "$DESTDIR" ]; then
   mkdir "../$DESTDIR";
-  if $make install install_docs DESTDIR="../$DESTDIR"; then
+  if $make install DESTDIR="../$DESTDIR"; then
   echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
   else
   echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
diff --git a/appveyor.yml b/appveyor.yml
index 8dd6cb6..ba291fd 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -41,5 +41,5 @@ test_script:
 - cd _build
 - nmake test
 - mkdir ..\_install
-- nmake install install_docs DESTDIR=..\_install
+- nmake install DESTDIR=..\_install
 - cd ..
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.17994

[AppVeyor]

Build openssl master.17994 failed


Commit 97d64ea039 by JeffZhao on 5/14/2018 9:36 AM:

Add support SM3 and SM4 for Zhaoxin's platform


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method

Commit log since last time:

1c53456 apps/speed: Add brainpool curves support
5c6a69f apps/speed: fix possible OOB access in some EC arrays
5f96a95 Set sess to NULL after freeing it.
a925e7d Don't memcpy the contents of an empty fragment
c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 
length
34e4a96 Fix typo: 'is an error occurred' in documentation
61fb592 Rework the decrypt ticket callback
c20e3b2 Fix mem leak in sslapi test
d0191fe Add a test for the ticket callbacks
2448bb8 Document when a new session ticket gets created on resumption
c0638ad Fix ticket callbacks in TLSv1.3
5fe3715 Flush server side unauthenticated writes
e825109 Add some more SSL_pending() and SSL_has_pending() tests
f478c8a Don't set TCP_NODELAY on a UDP socket
66fab92 Mark DTLS records as read when we have finished with them
0d8da77 Test an old style PSK callback with no cert will prefer SHA-256
9e064bc Provide documentation for the -psk_session option
48a0316 Prefer SHA-256 ciphersuites if using old style PSKs
3cb7c5c Use void in all function definitions that do not take any arguments
d4a8ba7 rsaz_avx2_eligible doesn't take parameters
c3114a7 Set the ossl_shim to auto retry if not running asynchronously

Build log ended with (last 100 lines):

/usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl stack > 
test/buildtest_stack.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl store > 
test/buildtest_store.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > 
test/buildtest_symhacks.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > 
test/buildtest_txt_db.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > 
test/buildtest_whrlpool.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > 
test/buildtest_x509_vfy.c
/usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > 
test/buildtest_x509v3.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o 
../openssl/test/casttest.c
clang  -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include 
-I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror  
-Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token 
-Wno-extended-offsetof -Wconditional-uninitialized 
-Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o 
test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef 
-Werror  -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g   -MMD 
-MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o 
test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall 
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch 

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  986caf9e34fd60366a5b3711bb12e239e43a2431 (commit)
  from  8481434439e421d513350a81a01ba2e2a8e61b6e (commit)


- Log -
commit 986caf9e34fd60366a5b3711bb12e239e43a2431
Author: Richard Levitte 
Date:   Mon May 14 09:28:52 2018 +0200

CI config: no need to make both install and install_docs

'install' depends on 'install_docs', so making the latter explicit is
a waste.

Reviewed-by: Andy Polyakov 
(Merged from https://github.com/openssl/openssl/pull/6250)

---

Summary of changes:
 .travis.yml  | 2 +-
 appveyor.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index f23f156..4affefd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -229,7 +229,7 @@ script:
   fi
 - if [ -n "$DESTDIR" ]; then
   mkdir "$top/$DESTDIR";
-  if $make install install_docs DESTDIR="$top/$DESTDIR" >~/install.log 
2>&1 ; then
+  if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
   echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK';
   else
   echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED';
diff --git a/appveyor.yml b/appveyor.yml
index 3b66f0d..24966c0 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -61,6 +61,6 @@ test_script:
 - ps: >-
 if ($env:EXTENDED_TESTS) {
 mkdir ..\_install
-cmd /c "nmake install install_docs DESTDIR=..\_install 2>&1"
+cmd /c "nmake install DESTDIR=..\_install 2>&1"
 }
 - cd ..
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec

Commit log since last time:

ba8b48e Fix no-tls1_2
199dc0d Fix no-psk
986caf9 CI config: no need to make both install and install_docs
8481434 Link in passphrase-encoding(7) in relevant documentation
491c353 Docs: add general document on how pass phrases are handled
de03cc9 UI console: Restore tty settings, do not force ECHO after prompt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.17981

[AppVeyor]

Build openssl master.17981 completed



Commit 7aacf9440f by Richard Levitte on 5/14/2018 2:34 AM:

fixup! UI console: Restore tty settings, do not force ECHO after prompt


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-psk

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-psk

Commit log since last time:

ba8b48e Fix no-tls1_2
199dc0d Fix no-psk
986caf9 CI config: no need to make both install and install_docs
8481434 Link in passphrase-encoding(7) in relevant documentation
491c353 Docs: add general document on how pass phrases are handled
de03cc9 UI console: Restore tty settings, do not force ECHO after prompt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  ba8b48e98dd86851ca20733f819da5b76859e64a (commit)
   via  199dc0d3e857fa4242d90d89a0df52e87b975c67 (commit)
  from  986caf9e34fd60366a5b3711bb12e239e43a2431 (commit)


- Log -
commit ba8b48e98dd86851ca20733f819da5b76859e64a
Author: Matt Caswell 
Date:   Mon May 14 14:37:16 2018 +0100

Fix no-tls1_2

Also fixes no-tls1_2-method, no-tls1_3, no-tls, no-ec

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6253)

commit 199dc0d3e857fa4242d90d89a0df52e87b975c67
Author: Matt Caswell 
Date:   Mon May 14 14:28:06 2018 +0100

Fix no-psk

Fixes #6239

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/6253)

---

Summary of changes:
 ssl/s3_lib.c  | 2 ++
 test/sslapitest.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c5f2235..354769b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4192,6 +4192,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, 
STACK_OF(SSL_CIPHER) *clnt,
 }
 
 if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
 int j;
 
 /*
@@ -4208,6 +4209,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, 
STACK_OF(SSL_CIPHER) *clnt,
 prefer_sha256 = 1;
 }
 }
+#endif
 } else {
 tls1_set_cert_validity(s);
 ssl_set_masks(s);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index fc7288d..06d6cb2 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4693,11 +4693,11 @@ static int test_ticket_callbacks(int tst)
 int testresult = 0;
 
 #ifdef OPENSSL_NO_TLS1_2
-if (tst % 2 == 0);
+if (tst % 2 == 0)
 return 1;
 #endif
 #ifdef OPENSSL_NO_TLS1_3
-if (tst % 2 == 1);
+if (tst % 2 == 1)
 return 1;
 #endif
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.17980

[AppVeyor]

Build openssl master.17980 failed


Commit df2b03ec1d by Richard Levitte on 5/14/2018 2:23 AM:

fixup! Adapt *.tmpl to generate docs at build time


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits