[openssl-commits] FAILED build of OpenSSL branch master with options no-ocsp

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ocsp

Commit log since last time:

3e5d9da Make X509_Digest,others public
d49661c Rename file so "ls" works on 80 columns
a68d8c7 Add documentation
f7edece Add "random malloc failure" tooling
329f2f4 GH2176: Add X509_VERIFY_PARAM_get_time
65c1f97 Review comments; fail build if nits found
29ee1be Run find-doc-nits in travis
23103a5 UI documentation fixup
6a15d5b UI: fix uitest for VMS
027609f UI: fix uitest for no-ui configuration
928933f Fix no-dh builds

Build log ended with (last 100 lines):

clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations  -MMD -MF apps/dgst.d.tmp -MT apps/dgst.o -c -o 
apps/dgst.o ../openssl/
 apps/dgst.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations  -MMD -MF apps/dhparam.d.tmp -MT apps/dhparam.o 
-c -o apps/dhparam.o ..
 /openssl/apps/dhparam.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations  -MMD -MF apps/dsa.d.tmp -MT apps/dsa.o -c -o 
apps/dsa.o ../openssl/app
 s/dsa.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wall -O0 -g -pthread -m64 
-DL_ENDIAN -Wextra -Qunused-arguments  -DDEBUG_UNUSED -Wswitch -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow 
-Wformat -Wtype-limits -Werror -Qunused-arguments -Wextra -Wswitch-default 
-Wno-unused-parameter -Wno-missing-field-initializers 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations  -MMD -MF apps/dsaparam.d.tmp -MT 
apps/dsaparam.o -c -o apps/dsaparam.o
  ../openssl/apps/dsaparam.c
clang  -I. -Iinclude -I../openssl -I../openssl/include -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_IA32_SSE2 

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options no-ui

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui

Commit log since last time:

3e5d9da Make X509_Digest,others public
d49661c Rename file so "ls" works on 80 columns
a68d8c7 Add documentation
f7edece Add "random malloc failure" tooling
329f2f4 GH2176: Add X509_VERIFY_PARAM_get_time
65c1f97 Review comments; fail build if nits found
29ee1be Run find-doc-nits in travis
23103a5 UI documentation fixup
6a15d5b UI: fix uitest for VMS
027609f UI: fix uitest for no-ui configuration
928933f Fix no-dh builds
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#7890 (OpenSSL_1_1_0-stable - ff7256e)

[Travis CI]

Build Update for openssl/openssl
-

Build: #7890
Status: Errored

Duration: 1 hour, 0 minutes, and 59 seconds
Commit: ff7256e (OpenSSL_1_1_0-stable)
Author: Rich Salz
Message: GH2176: Add X509_VERIFY_PARAM_get_time

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2208)
(cherry picked from commit 329f2f4a428b0acb7a579869a13f6cd6bf0a3551)

View the changeset: 
https://github.com/openssl/openssl/compare/d257b86caadb...ff7256e75928

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/191334303

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.7222

[AppVeyor]

Build openssl master.7222 failed


Commit 6caa6af722 by Rich Salz on 1/12/2017 5:22 PM:

Add documentation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options no-dh

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux test 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dh

Commit log since last time:

3e5d9da Make X509_Digest,others public
d49661c Rename file so "ls" works on 80 columns
a68d8c7 Add documentation
f7edece Add "random malloc failure" tooling
329f2f4 GH2176: Add X509_VERIFY_PARAM_get_time
65c1f97 Review comments; fail build if nits found
29ee1be Run find-doc-nits in travis
23103a5 UI documentation fixup
6a15d5b UI: fix uitest for VMS
027609f UI: fix uitest for no-ui configuration
928933f Fix no-dh builds
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  d49661ced5c2b426ce57f1016077674bfcfa7daf (commit)
  from  a68d8c7b77a3d46d591b89cfd0ecd2a2242e4613 (commit)


- Log -
commit d49661ced5c2b426ce57f1016077674bfcfa7daf
Author: Rich Salz 
Date:   Thu Jan 12 14:15:13 2017 -0500

Rename file so "ls" works on 80 columns

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2221)

---

Summary of changes:
 ..._rsa_pss_keygen_mgf1_md.pod => EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename doc/man3/{EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.pod => 
EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod} (100%)

diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.pod 
b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
similarity index 100%
rename from doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.pod
rename to doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  3e5d9da5fc45a5d129e0daa7211125eba097c3dd (commit)
  from  d49661ced5c2b426ce57f1016077674bfcfa7daf (commit)


- Log -
commit 3e5d9da5fc45a5d129e0daa7211125eba097c3dd
Author: Rich Salz 
Date:   Thu Jan 12 16:39:41 2017 -0500

Make X509_Digest,others public

Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2223)

---

Summary of changes:
 crypto/x509/x_all.c  | 14 +++
 doc/man3/X509_digest.pod | 65 
 2 files changed, 79 insertions(+)
 create mode 100644 doc/man3/X509_digest.pod

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index d9f42ed..86f4d70 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -362,6 +362,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD 
*type,
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 unsigned int *len)
 {
+if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+/* Asking for SHA1 and we already computed it. */
+if (len != NULL)
+*len = sizeof(data->sha1_hash);
+memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+return 1;
+}
 return (ASN1_item_digest
 (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
 }
@@ -369,6 +376,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, 
unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
 unsigned char *md, unsigned int *len)
 {
+if (type == EVP_sha1()) {
+/* Asking for SHA1; always computed in CRL d2i. */
+if (len != NULL)
+*len = sizeof(data->sha1_hash);
+memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+return 1;
+}
 return (ASN1_item_digest
 (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
 }
diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod
new file mode 100644
index 000..267e7bd
--- /dev/null
+++ b/doc/man3/X509_digest.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+X509_digest, X509_CRL_digest,
+X509_pubkey_digest,
+X509_NAME_digest,
+X509_REQ_digest
+PKCS7_ISSUER_AND_SERIAL_digest,
+- get digest of various objects
+
+=head1 SYNOPSIS
+
+ #include 
+
+ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len);
+
+ int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char 
*md,
+ unsigned int *len);
+
+ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+unsigned char *md, unsigned int *len);
+
+ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+
+ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+  unsigned char *md, unsigned int *len);
+
+ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+const EVP_MD *type, unsigned char *md,
+unsigned int *len);
+
+=head1 DESCRIPTION
+
+X509_pubkey_digest() returns a digest of the DER representation of the public
+key in the specified X509 B object.
+All other functions described here return a digest of the DER representation
+of their entire B objects.
+
+The B parameter specifies the digest to
+be used, such as EVP_sha1(). The B is a pointer to the buffer where the
+digest will be copied and is assumed to be large enough; the constant
+B is suggested. The B parameter, if not NULL, points
+to a place where the digest size will be stored.
+
+=head1 RETURN VALUES
+
+All functions described here return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L.
+
+=cut
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  550f0f99600194cacd10ca43584a9744e27dbe0f (commit)
  from  ff7256e75928be74101f3ce2d1fbf62f7e10a1f3 (commit)


- Log -
commit 550f0f99600194cacd10ca43584a9744e27dbe0f
Author: Rich Salz 
Date:   Thu Jan 12 16:39:41 2017 -0500

Make X509_Digest,others public

Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2223)
(cherry picked from commit 3e5d9da5fc45a5d129e0daa7211125eba097c3dd)

---

Summary of changes:
 crypto/x509/x_all.c| 14 ++
 doc/crypto/X509_digest.pod | 65 ++
 2 files changed, 79 insertions(+)
 create mode 100644 doc/crypto/X509_digest.pod

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index d9f42ed..86f4d70 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -362,6 +362,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD 
*type,
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 unsigned int *len)
 {
+if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+/* Asking for SHA1 and we already computed it. */
+if (len != NULL)
+*len = sizeof(data->sha1_hash);
+memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+return 1;
+}
 return (ASN1_item_digest
 (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
 }
@@ -369,6 +376,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, 
unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
 unsigned char *md, unsigned int *len)
 {
+if (type == EVP_sha1()) {
+/* Asking for SHA1; always computed in CRL d2i. */
+if (len != NULL)
+*len = sizeof(data->sha1_hash);
+memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+return 1;
+}
 return (ASN1_item_digest
 (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
 }
diff --git a/doc/crypto/X509_digest.pod b/doc/crypto/X509_digest.pod
new file mode 100644
index 000..267e7bd
--- /dev/null
+++ b/doc/crypto/X509_digest.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+X509_digest, X509_CRL_digest,
+X509_pubkey_digest,
+X509_NAME_digest,
+X509_REQ_digest
+PKCS7_ISSUER_AND_SERIAL_digest,
+- get digest of various objects
+
+=head1 SYNOPSIS
+
+ #include 
+
+ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len);
+
+ int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char 
*md,
+ unsigned int *len);
+
+ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+unsigned char *md, unsigned int *len);
+
+ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+
+ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+  unsigned char *md, unsigned int *len);
+
+ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+const EVP_MD *type, unsigned char *md,
+unsigned int *len);
+
+=head1 DESCRIPTION
+
+X509_pubkey_digest() returns a digest of the DER representation of the public
+key in the specified X509 B object.
+All other functions described here return a digest of the DER representation
+of their entire B objects.
+
+The B parameter specifies the digest to
+be used, such as EVP_sha1(). The B is a pointer to the buffer where the
+digest will be copied and is assumed to be large enough; the constant
+B is suggested. The B parameter, if not NULL, points
+to a place where the digest size will be stored.
+
+=head1 RETURN VALUES
+
+All functions described here return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L.
+
+=cut
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  a68d8c7b77a3d46d591b89cfd0ecd2a2242e4613 (commit)
   via  f7edeced4d8d3f650c5ee32f20ba7165da4e3067 (commit)
  from  329f2f4a428b0acb7a579869a13f6cd6bf0a3551 (commit)


- Log -
commit a68d8c7b77a3d46d591b89cfd0ecd2a2242e4613
Author: Rich Salz 
Date:   Thu Jan 12 12:22:12 2017 -0500

Add documentation

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1252)

commit f7edeced4d8d3f650c5ee32f20ba7165da4e3067
Author: Rich Salz 
Date:   Fri Jul 8 13:40:08 2016 -0400

Add "random malloc failure" tooling

Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/1252)

---

Summary of changes:
 crypto/include/internal/cryptlib_int.h |  1 +
 crypto/init.c  |  3 ++
 crypto/mem.c   | 89 ++
 doc/man3/OPENSSL_malloc.pod| 32 +++-
 4 files changed, 124 insertions(+), 1 deletion(-)

diff --git a/crypto/include/internal/cryptlib_int.h 
b/crypto/include/internal/cryptlib_int.h
index 8e2a719..60241d1 100644
--- a/crypto/include/internal/cryptlib_int.h
+++ b/crypto/include/internal/cryptlib_int.h
@@ -29,3 +29,4 @@ int ossl_init_thread_start(uint64_t opts);
 # define OPENSSL_INIT_THREAD_ASYNC   0x01
 # define OPENSSL_INIT_THREAD_ERR_STATE   0x02
 
+void ossl_malloc_setup_failures(void);
diff --git a/crypto/init.c b/crypto/init.c
index 3f91119..8036654 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -68,6 +68,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
 #ifdef OPENSSL_INIT_DEBUG
 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop 
handlers\n");
 #endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ossl_malloc_setup_failures();
+#endif
 /*
  * We use a dummy thread local key here. We use the destructor to detect
  * when the thread is going to stop (where that feature is available)
diff --git a/crypto/mem.c b/crypto/mem.c
index 02aa43a..2e8a00c 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -12,6 +12,10 @@
 #include 
 #include 
 #include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include 
+#endif
 
 /*
  * the following pointers may be changed as long as 'allow_customize' is set
@@ -26,9 +30,21 @@ static void (*free_impl)(void *, const char *, int)
 = CRYPTO_free;
 
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static char *md_failstring;
+static long md_count;
+static int md_percent = 100;
+static int md_tracefd = -1;
 static int call_malloc_debug = 1;
+
+static void parseit(void);
+static int shouldfail(void);
+
+# define FAILTEST() if (shouldfail()) return NULL
+
 #else
 static int call_malloc_debug = 0;
+
+# define FAILTEST() /* empty */
 #endif
 
 int CRYPTO_set_mem_functions(
@@ -68,6 +84,76 @@ void CRYPTO_get_mem_functions(
 *f = free_impl;
 }
 
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+/*
+ * Parse a "malloc failure spec" string.  This likes like a set of fields
+ * separated by semicolons.  Each field has a count and an optional failure
+ * percentage.  For example:
+ *  100;100@25;@100
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
+{
+char *semi = strchr(md_failstring, ';');
+char *atsign;
+
+if (semi != NULL)
+*semi++ = '\0';
+
+/* Get the count (atol will stop at the @ if there), and percentage */
+md_count = atol(md_failstring);
+atsign = strchr(md_failstring, '@');
+md_percent = atsign == NULL ? 100 : atoi(atsign + 1);
+
+if (semi != NULL)
+md_failstring = semi;
+}
+
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
+{
+int roll = (int)(random() % 100);
+int shouldfail = roll > 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  928933f92fa214fb8b4f9bbcd242ad2c3d16d46f (commit)
  from  e3bc1305ec97d4ad4ab05fa59a288e92df2b2025 (commit)


- Log -
commit 928933f92fa214fb8b4f9bbcd242ad2c3d16d46f
Author: Matt Caswell 
Date:   Thu Jan 12 09:48:38 2017 +

Fix no-dh builds

One of the new tests uses a DH based ciphersuite. That test should be
disabled if DH is disabled.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2217)

---

Summary of changes:
 test/recipes/70-test_sslsignature.t | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/test/recipes/70-test_sslsignature.t 
b/test/recipes/70-test_sslsignature.t
index 732e17e..7892823 100755
--- a/test/recipes/70-test_sslsignature.t
+++ b/test/recipes/70-test_sslsignature.t
@@ -93,14 +93,19 @@ SKIP: {
 $proxy->start();
 ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 CertVerify");
 
-#Test 4: Corrupting a ServerKeyExchange signature in <=TLSv1.2 should fail
-$proxy->clear();
-$testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE;
-$proxy->clientflags("-no_tls1_3");
-$proxy->cipherc('DHE-RSA-AES128-SHA');
-$proxy->ciphers('DHE-RSA-AES128-SHA');
-$proxy->start();
-ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange");
+SKIP: {
+skip "DH disabled", 1 if disabled("dh");
+
+#Test 4: Corrupting a ServerKeyExchange signature in <=TLSv1.2 should
+#fail
+$proxy->clear();
+$testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE;
+$proxy->clientflags("-no_tls1_3");
+$proxy->cipherc('DHE-RSA-AES128-SHA');
+$proxy->ciphers('DHE-RSA-AES128-SHA');
+$proxy->start();
+ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange");
+}
 }
 
 sub signature_filter
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  65c1f979ee9346d63bb6e81f25bb7dffda99b342 (commit)
   via  29ee1be50ca2bc8feb3efa1d75740bd539566516 (commit)
  from  23103a52e96d6126400ca135421e67c7d664dfe5 (commit)


- Log -
commit 65c1f979ee9346d63bb6e81f25bb7dffda99b342
Author: Rich Salz 
Date:   Thu Jan 12 08:20:54 2017 -0500

Review comments; fail build if nits found

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2202)

commit 29ee1be50ca2bc8feb3efa1d75740bd539566516
Author: Richard Levitte 
Date:   Mon Jan 9 22:41:26 2017 -0500

Run find-doc-nits in travis

Reviewed-by: Richard Levitte 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2202)

---

Summary of changes:
 .gitignore| 1 +
 .travis.yml   | 5 -
 Configurations/unix-Makefile.tmpl | 4 
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 0a7edfc..bf4a9de 100644
--- a/.gitignore
+++ b/.gitignore
@@ -177,3 +177,4 @@ pod2htmd.tmp
 
 # Windows manifest files
 *.manifest
+doc-nits
diff --git a/.travis.yml b/.travis.yml
index c46956b..a60c402 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -31,7 +31,7 @@ compiler:
 env:
 - CONFIG_OPTS="" DESTDIR="_install"
 - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 
enable-md2"
-- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
+- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
 - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
 - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
 
@@ -110,6 +110,9 @@ script:
   cd _build;
   fi
 - $make update
+- if [ -n "$CHECKDOCS" ]; then
+  $make doc-nits;
+  fi
 - $make
 - if [ -z "$BUILDONLY" ]; then
   if [ -n "$CROSS_COMPILE" ]; then
diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 84ceb76..a2b197d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -674,6 +674,10 @@ update: generate errors ordinals
 generate: generate_apps generate_crypto_bn generate_crypto_objects \
   generate_crypto_conf generate_crypto_asn1
 
+doc-nits:
+   (cd $(SRCDIR); $(PERL) util/find-doc-nits.pl -n ) >doc-nits
+   if [ -s doc-nits ] ; then cat doc-nits; exit 1; fi
+
 # Test coverage is a good idea for the future
 #coverage: $(PROGRAMS) $(TESTPROGRAMS)
 #  ...
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  329f2f4a428b0acb7a579869a13f6cd6bf0a3551 (commit)
  from  65c1f979ee9346d63bb6e81f25bb7dffda99b342 (commit)


- Log -
commit 329f2f4a428b0acb7a579869a13f6cd6bf0a3551
Author: Rich Salz 
Date:   Tue Jan 10 16:18:33 2017 -0500

GH2176: Add X509_VERIFY_PARAM_get_time

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2208)

---

Summary of changes:
 crypto/x509/x509_vpm.c   | 5 +
 doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 ++
 include/openssl/x509_vfy.h   | 1 +
 test/crltest.c   | 8 +++-
 util/libcrypto.num   | 1 +
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 9e1b7c6..95f1c5b 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -320,6 +320,11 @@ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM 
*param, int auth_level)
 param->auth_level = auth_level;
 }
 
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+return param->check_time;
+}
+
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
 param->check_time = t;
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod 
b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 388fdc2..76f1901 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -9,6 +9,7 @@ X509_VERIFY_PARAM_get_inh_flags, 
X509_VERIFY_PARAM_set_inh_flags,
 X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
 X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
 X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
+X509_VERIFY_PARAM_get_time,
 X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
 X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
 X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
@@ -34,6 +35,7 @@ X509_VERIFY_PARAM_set1_ip_asc
  int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 
  void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
 ASN1_OBJECT *policy);
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 5dc9d06..64f56df 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -459,6 +459,7 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, 
int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int 
auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
   ASN1_OBJECT *policy);
diff --git a/test/crltest.c b/test/crltest.c
index d95f060..11585ea 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -19,6 +19,8 @@
 #include "testutil.h"
 #include "test_main.h"
 
+#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
+
 static const char *kCRLTestRoot[] = {
 "-BEGIN CERTIFICATE-\n",
 "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
@@ -253,7 +255,11 @@ static int verify(X509 *leaf, X509 *root, 
STACK_OF(X509_CRL) *crls,
 goto err;
 X509_STORE_CTX_set0_trusted_stack(ctx, roots);
 X509_STORE_CTX_set0_crls(ctx, crls);
-X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
+X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
+if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) {
+fprintf(stderr, "set_time/get_time mismatch.\n");
+goto err;
+}
 X509_VERIFY_PARAM_set_depth(param, 16);
 if (flags)
 X509_VERIFY_PARAM_set_flags(param, flags);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1c81545..f30b5d9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4227,3 +4227,4 @@ RSA_pkey_ctx_ctrl   4177  1_1_1   
EXIST::FUNCTION:RSA
 UI_method_set_ex_data   4178   1_1_1   EXIST::FUNCTION:UI
 UI_method_get_ex_data   4179   1_1_1   EXIST::FUNCTION:UI
 UI_UTIL_wrap_read_pem_callback  4180   1_1_1   EXIST::FUNCTION:UI
+X509_VERIFY_PARAM_get_time  4181   1_1_0d  EXIST::FUNCTION:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  ff7256e75928be74101f3ce2d1fbf62f7e10a1f3 (commit)
  from  d257b86caadb4f6cb2ca723b75452e0fc8c8bb15 (commit)


- Log -
commit ff7256e75928be74101f3ce2d1fbf62f7e10a1f3
Author: Rich Salz 
Date:   Tue Jan 10 16:18:33 2017 -0500

GH2176: Add X509_VERIFY_PARAM_get_time

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2208)
(cherry picked from commit 329f2f4a428b0acb7a579869a13f6cd6bf0a3551)

---

Summary of changes:
 crypto/x509/x509_vpm.c | 5 +
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 ++
 include/openssl/x509_vfy.h | 1 +
 test/crltest.c | 8 +++-
 util/libcrypto.num | 1 +
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 245b3fa..b506722 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -337,6 +337,11 @@ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM 
*param, int auth_level)
 param->auth_level = auth_level;
 }
 
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+return param->check_time;
+}
+
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
 param->check_time = t;
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 
b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 388fdc2..76f1901 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -9,6 +9,7 @@ X509_VERIFY_PARAM_get_inh_flags, 
X509_VERIFY_PARAM_set_inh_flags,
 X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
 X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
 X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
+X509_VERIFY_PARAM_get_time,
 X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
 X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
 X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
@@ -34,6 +35,7 @@ X509_VERIFY_PARAM_set1_ip_asc
  int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 
  void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
 ASN1_OBJECT *policy);
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 5dc9d06..64f56df 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -459,6 +459,7 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, 
int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int 
auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
   ASN1_OBJECT *policy);
diff --git a/test/crltest.c b/test/crltest.c
index ddcc785..74db944 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -18,6 +18,8 @@
 
 #include "testutil.h"
 
+#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
+
 static const char *kCRLTestRoot[] = {
 "-BEGIN CERTIFICATE-\n",
 "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
@@ -252,7 +254,11 @@ static int verify(X509 *leaf, X509 *root, 
STACK_OF(X509_CRL) *crls,
 goto err;
 X509_STORE_CTX_set0_trusted_stack(ctx, roots);
 X509_STORE_CTX_set0_crls(ctx, crls);
-X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
+X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
+if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) {
+fprintf(stderr, "set_time/get_time mismatch.\n");
+goto err;
+}
 X509_VERIFY_PARAM_set_depth(param, 16);
 if (flags)
 X509_VERIFY_PARAM_set_flags(param, flags);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1955350..b0de30a 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4212,3 +4212,4 @@ CT_POLICY_EVAL_CTX_get_time 4172  1_1_0d  
EXIST::FUNCTION:CT
 CT_POLICY_EVAL_CTX_set_time 4173   1_1_0d  EXIST::FUNCTION:CT
 X509_VERIFY_PARAM_set_inh_flags 4174   1_1_0d  EXIST::FUNCTION:
 X509_VERIFY_PARAM_get_inh_flags 4175   1_1_0d  EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_time  4181   1_1_0d  EXIST::FUNCTION:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  23103a52e96d6126400ca135421e67c7d664dfe5 (commit)
   via  6a15d5b637638c37046d90c02e717543fa63f6da (commit)
   via  027609f9563014a6f5bc6917f085bd77e8dc8dc7 (commit)
  from  928933f92fa214fb8b4f9bbcd242ad2c3d16d46f (commit)


- Log -
commit 23103a52e96d6126400ca135421e67c7d664dfe5
Author: Richard Levitte 
Date:   Thu Jan 12 15:17:42 2017 +0100

UI documentation fixup

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2218)

commit 6a15d5b637638c37046d90c02e717543fa63f6da
Author: Richard Levitte 
Date:   Thu Jan 12 13:07:39 2017 +0100

UI: fix uitest for VMS

- On VMS, apps/apps.c depends on apps/vms_term_sock.c, so add it to
  the build
- On VMS, apps/*.c are compiled with default symbol settings,
  i.e. uppercased and truncated symbols, which differs from test
  programs.  Make sure uitest.c knows that with a few pragmas.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2218)

commit 027609f9563014a6f5bc6917f085bd77e8dc8dc7
Author: Richard Levitte 
Date:   Thu Jan 12 11:08:36 2017 +0100

UI: fix uitest for no-ui configuration

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/2218)

---

Summary of changes:
 doc/man3/UI_UTIL_read_pw.pod |  5 ++---
 test/build.info  |  6 +-
 test/uitest.c| 26 +-
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/doc/man3/UI_UTIL_read_pw.pod b/doc/man3/UI_UTIL_read_pw.pod
index f0b4a69..5c88001 100644
--- a/doc/man3/UI_UTIL_read_pw.pod
+++ b/doc/man3/UI_UTIL_read_pw.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 UI_UTIL_read_pw_string, UI_UTIL_read_pw,
-*UI_UTIL_wrap_read_pem_callback - user interface utilities
+UI_UTIL_wrap_read_pem_callback - user interface utilities
 
 =head1 SYNOPSIS
 
@@ -13,8 +13,7 @@ UI_UTIL_read_pw_string, UI_UTIL_read_pw,
 int verify);
  int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
  int verify);
- UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int
- rwflag);
+ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
 
 =head1 DESCRIPTION
 
diff --git a/test/build.info b/test/build.info
index eed8aa5..c116238 100644
--- a/test/build.info
+++ b/test/build.info
@@ -5,6 +5,9 @@
  my ($base, $files) = @_;
  return join(" ", map { "$base/$_" } split(/\s+/, $files));
  }
+ our $apps_extra =
+ $config{target} =~ /^vms-/ ? "../apps/vms_term_sock.c" : "";
+ ""
 -}
 IF[{- !$disabled{tests} -}]
   PROGRAMS_NO_INST=\
@@ -316,7 +319,8 @@ IF[{- !$disabled{tests} -}]
 DEPEND[cipher_overhead_test]=../libcrypto ../libssl
   ENDIF
 
-  SOURCE[uitest]=uitest.c testutil.c test_main_custom.c ../apps/apps.c 
../apps/opt.c
+  SOURCE[uitest]=uitest.c testutil.c test_main_custom.c \
+../apps/apps.c ../apps/opt.c {- $apps_extra -}
   INCLUDE[uitest]=.. ../include
   DEPEND[uitest]=../libcrypto ../libssl
 
diff --git a/test/uitest.c b/test/uitest.c
index 84fe71b..0a7420d 100644
--- a/test/uitest.c
+++ b/test/uitest.c
@@ -9,10 +9,27 @@
 
 #include 
 #include 
+#include 
 #include 
-#include 
+
+/*
+ * We know that on VMS, the [.apps] object files are compiled with uppercased
+ * symbols.  We must therefore follow suit, or there will be linking errors.
+ * Additionally, the VMS build does stdio via a socketpair.
+ */
+#ifdef __VMS
+# pragma names save
+# pragma names uppercase, truncated
+
+# include "../apps/vms_term_sock.h"
+#endif
+
 #include "../apps/apps.h"
 
+#ifdef __VMS
+# pragma names restore
+#endif
+
 #include "testutil.h"
 #include "test_main_custom.h"
 
@@ -20,6 +37,9 @@
 char *default_config_file = NULL;
 BIO *bio_err = NULL;
 
+#ifndef OPENSSL_NO_UI
+# include 
+
 /* Old style PEM password callback */
 static int test_pem_password_cb(char *buf, int size, int rwflag, void 
*userdata)
 {
@@ -99,14 +119,18 @@ static int test_new_ui()
 return ok;
 }
 
+#endif
+
 int test_main(int argc, char *argv[])
 {
 int ret;
 
 bio_err = dup_bio_err(FORMAT_TEXT);
 
+#ifndef OPENSSL_NO_UI
 ADD_TEST(test_old);
 ADD_TEST(test_new_ui);
+#endif
 
 ret = run_tests(argv[0]);
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  1f234f71357a6bac7b8b2a54649c07bfe55e9c39 (commit)
  from  0ecb682a674c69caee4b8da1c08d23305f484cd8 (commit)


- Log -
commit 1f234f71357a6bac7b8b2a54649c07bfe55e9c39
Author: Rich Salz 
Date:   Tue Jan 10 16:53:35 2017 -0500

GH1986: Document -header flag.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/2209)

---

Summary of changes:
 doc/apps/ocsp.pod | 9 +
 1 file changed, 9 insertions(+)

diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 9833f08..1bb7958 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -26,6 +26,7 @@ B B
 [B<-no_nonce>]
 [B<-url URL>]
 [B<-host host:n>]
+[B<-header name value>]
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
@@ -135,6 +136,14 @@ if the B option is present then the OCSP request is 
sent to the host
 B on port B. B specifies the HTTP path name to use
 or "/" by default.
 
+=item B<-header name value>
+
+If sending a request to an OCSP server, then the specified header name and
+value are added to the HTTP request.  Note that the B and B must
+be specified as two separate parameters, not as a single quoted string, and
+that the header name does not have the trailing colon.
+Some OCSP responders require a Host header; use this flag to provide it.
+
 =item B<-timeout seconds>
 
 connection timeout to the OCSP responder in seconds
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits