[openssl-commits] Build failed: openssl master.1037

[AppVeyor]

Build openssl master.1037 failed


Commit 04b76df3f7 by Richard Levitte on 2/12/2016 3:42 AM:

make generate


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  27f172d9a3f3ec9901439b4823c95788598fa367 (commit)
  from  143e5e50f22eaff58e90dd20bdb66eae6ab3b53e (commit)


- Log -
commit 27f172d9a3f3ec9901439b4823c95788598fa367
Author: Rich Salz 
Date:   Thu Feb 11 09:33:51 2016 -0500

GH620: second diff from rt-2275, adds error code

clean up and apply patches from RT-2275

Signed-off-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/bio/b_sock.c   | 32 
 include/openssl/err.h |  1 +
 2 files changed, 33 insertions(+)

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 3e17bec..4ae08d2 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -379,8 +379,40 @@ int BIO_socket_nbio(int s, int mode)
 
 l = mode;
 # ifdef FIONBIO
+l = mode;
+
 ret = BIO_socket_ioctl(s, FIONBIO, );
+# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || 
defined(FNDELAY))
+/* make sure this call always pushes an error level; BIO_socket_ioctl() 
does so, so we do too. */
+
+l = fcntl(s, F_GETFL, 0);
+if (l == -1) {
+SYSerr(SYS_F_FCNTL, get_last_rtl_error());
+ret = -1;
+} else {
+#  if defined(O_NONBLOCK)
+l &= ~O_NONBLOCK;
+#  else
+l &= ~FNDELAY; /* BSD4.x */
+#  endif
+if (mode) {
+#  if defined(O_NONBLOCK)
+l |= O_NONBLOCK;
+#  else
+l |= FNDELAY; /* BSD4.x */
+#  endif
+}
+ret = fcntl(s, F_SETFL, l);
+
+if (ret < 0) {
+SYSerr(SYS_F_FCNTL, get_last_rtl_error());
+}
+}
+# else
+/* make sure this call always pushes an error level; BIO_socket_ioctl() 
does so, so we do too. */
+BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT);
 # endif
+
 return (ret == 0);
 }
 
diff --git a/include/openssl/err.h b/include/openssl/err.h
index bdf8308..390ee74 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -310,6 +310,7 @@ typedef struct err_state_st {
 # define ERR_R_INTERNAL_ERROR(4|ERR_R_FATAL)
 # define ERR_R_DISABLED  (5|ERR_R_FATAL)
 # define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT   (7) 
 
 /*
  * 99 is the maximum possible ERR_R_... code, higher values are reserved for
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Viktor Dukhovni]

The branch master has been updated
   via  17a723885e8a875fc19d5140f580f80a113ba78f (commit)
  from  27f172d9a3f3ec9901439b4823c95788598fa367 (commit)


- Log -
commit 17a723885e8a875fc19d5140f580f80a113ba78f
Author: Viktor Dukhovni 
Date:   Wed Feb 10 23:53:54 2016 -0500

Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/statem/statem_lib.c | 51 +++--
 1 file changed, 20 insertions(+), 31 deletions(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 49b5e48..6d4a536 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -599,43 +599,32 @@ int tls_get_message_body(SSL *s, unsigned long *len)
 return 1;
 }
 
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+int ssl_cert_type(X509 *x, EVP_PKEY *pk)
 {
-EVP_PKEY *pk;
-int ret = -1, i;
-
-if (pkey == NULL)
-pk = X509_get_pubkey(x);
-else
-pk = pkey;
-if (pk == NULL)
-goto err;
-
-i = EVP_PKEY_id(pk);
-if (i == EVP_PKEY_RSA) {
-ret = SSL_PKEY_RSA_ENC;
-} else if (i == EVP_PKEY_DSA) {
-ret = SSL_PKEY_DSA_SIGN;
-}
+if (pk == NULL &&
+(pk = X509_get0_pubkey(x)) == NULL)
+return -1;
+
+switch (EVP_PKEY_id(pk)) {
+default:
+return -1;
+case EVP_PKEY_RSA:
+return SSL_PKEY_RSA_ENC;
+case EVP_PKEY_DSA:
+return SSL_PKEY_DSA_SIGN;
 #ifndef OPENSSL_NO_EC
-else if (i == EVP_PKEY_EC) {
-ret = SSL_PKEY_ECC;
-}
+case EVP_PKEY_EC:
+return SSL_PKEY_ECC;
 #endif
 #ifndef OPENSSL_NO_GOST
-else if (i == NID_id_GostR3410_2001) {
-ret = SSL_PKEY_GOST01;
-} else if (i == NID_id_GostR3410_2012_256) {
-ret = SSL_PKEY_GOST12_256;
-} else if (i == NID_id_GostR3410_2012_512) {
-ret = SSL_PKEY_GOST12_512;
+case NID_id_GostR3410_2001:
+return SSL_PKEY_GOST01;
+case NID_id_GostR3410_2012_256:
+return SSL_PKEY_GOST12_256;
+case NID_id_GostR3410_2012_512:
+return SSL_PKEY_GOST12_512;
 }
 #endif
-
- err:
-if (!pkey)
-EVP_PKEY_free(pk);
-return (ret);
 }
 
 int ssl_verify_alarm_type(long type)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1693 (master - 124cbe1)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1693
Status: Still Failing

Duration: 1 hour, 41 minutes, and 50 seconds
Commit: 124cbe1 (master)
Author: Richard Levitte
Message: Make comment match reality

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/b1a99374aec1...124cbe188753

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108439417

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Richard Levitte]

The branch master has been updated
   via  efd801418710d1bb5c74aeab2cf3c9ac9ea094b1 (commit)
  from  d9af9e693bbd976b1afa3a8719bcf096930361f0 (commit)


- Log -
commit efd801418710d1bb5c74aeab2cf3c9ac9ea094b1
Author: Richard Levitte 
Date:   Thu Feb 11 16:19:40 2016 +0100

Update the support info in some OpenSSL versions

---

Summary of changes:
 policies/releasestrat.html | 14 +-
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 1df590a..9f7ffee 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -52,14 +52,11 @@
  project has adopted the following policy:
 
  
-   Support for version 0.9.8 will cease on 2015-12-31. No
-   further releases of 0.9.8 will be made after that
-   date. Security fixes only will be applied to 0.9.8 until
-   then.
-   Support for version 1.0.0 will cease on 2015-12-31. No
-   further releases of 1.0.0 will be made after that
-   date. Security fixes only will be applied to 1.0.0 until
-   then.
+   Support for version 1.0.1 will cease on 2016-12-31. No
+   further releases of 1.0.1 will be made after that date.
+   Security fixes only will be applied to 1.0.1 until then.
+   Version 1.0.0 is no longer supported.
+   Version 0.9.8 is no longer supported.
  
 
  We may designate a release as a Long Term Support (LTS)
@@ -73,7 +70,6 @@
  as appropriate.
 
  
-   Version 1.0.1 will be supported until 2016-12-31.
Version 1.0.2 will be supported until 2019-12-31.
  
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit)
  from  ce023e77d7b208016276157fa14a6e2636649e85 (commit)


- Log -
commit 221c7b55e35a952f517c3c2237feb3c1044b7dd9
Author: Dr. Stephen Henson 
Date:   Thu Feb 11 15:25:11 2016 +

Don't check self signed certificate signature security.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/t1_lib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e0e0cb9..d7a6f95 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, 
X509 *x, int op)
 {
 /* Lookup signature algorithm digest */
 int secbits = -1, md_nid = NID_undef, sig_nid;
+/* Don't check signature if self signed */
+if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+return 1;
 sig_nid = X509_get_signature_nid(x);
 if (sig_nid && OBJ_find_sigid_algs(sig_nid, _nid, NULL)) {
 const EVP_MD *md;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  6bb2106e24a16e12ce03a244a56c7c5fc7eab96a (commit)
  from  221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit)


- Log -
commit 6bb2106e24a16e12ce03a244a56c7c5fc7eab96a
Author: Richard Levitte 
Date:   Thu Feb 11 20:00:57 2016 +0100

Add the generate mechanism from unixmake to unix-Makefile.tmpl

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 44 ++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 75516cc..2b495e9 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -474,7 +474,9 @@ uninstall_html_docs:
 
 # Developer targets (note: these are only available on Unix) #
 
-update: errors ordinals tags test_ordinals
+update: generate errors ordinals
+
+generate: generate_apps generate_crypto_bn generate_crypto_objects
 
 # Test coverage is a good idea for the future
 #coverage: $(PROGRAMS) $(TESTPROGRAMS)
@@ -487,6 +489,14 @@ update: errors ordinals tags test_ordinals
 lint:
lint -DLINT $(INCLUDES) $(SRCS)
 
+generate_apps: $(SRCDIR)/apps/openssl-vms.cnf
+
+generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h
+
+generate_crypto_objects: $(SRCDIR)/crypto/objects/obj_dat.h \
+ $(SRCDIR)/include/openssl/obj_mac.h \
+ $(SRCDIR)/crypto/objects/obj_xref.h
+
 errors:
( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
@@ -569,6 +579,38 @@ copy-certs: FORCE
cp -R "$(SRCDIR)/certs" "$(BLDDIR)/"; \
fi
 
+$(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf
+   $(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \
+< $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf
+
+$(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl
+   $(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h
+
+$(SRCDIR)/crypto/objects/obj_dat.h: $(SRCDIR)/crypto/objects/obj_dat.pl \
+$(SRCDIR)/include/openssl/obj_mac.h
+   $(PERL) $(SRCDIR)/crypto/objects/obj_dat.pl \
+$(SRCDIR)/include/openssl/obj_mac.h \
+$(SRCDIR)/crypto/objects/obj_dat.h
+
+# objects.pl both reads and writes obj_mac.num
+$(SRCDIR)/include/openssl/obj_mac.h: $(SRCDIR)/crypto/objects/objects.pl \
+ $(SRCDIR)/crypto/objects/objects.txt \
+ $(SRCDIR)/crypto/objects/obj_mac.num
+   $(PERL) $(SRCDIR)/crypto/objects/objects.pl \
+$(SRCDIR)/crypto/objects/objects.txt \
+$(SRCDIR)/crypto/objects/obj_mac.num \
+$(SRCDIR)/include/openssl/obj_mac.h
+   @sleep 1; touch $(SRCDIR)/include/openssl/obj_mac.h; sleep 1
+
+$(SRCDIR)/crypto/objects/obj_xref.h: $(SRCDIR)/crypto/objects/objxref.pl \
+ $(SRCDIR)/crypto/objects/obj_xref.txt \
+ $(SRCDIR)/crypto/objects/obj_mac.num
+   $(PERL) $(SRCDIR)/crypto/objects/objxref.pl \
+$(SRCDIR)/crypto/objects/obj_mac.num \
+$(SRCDIR)/crypto/objects/obj_xref.txt \
+> $(SRCDIR)/crypto/objects/obj_xref.h
+   @sleep 1; touch $(SRCDIR)/crypto/objects/obj_xref.h; sleep 1
+
 FORCE :
 
 # Building targets ###
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  4ef29667abafae1726269fa1b4397443792d0326 (commit)
   via  a85dbf115c34dfd0eaee7d73d7271f3673fd2286 (commit)
  from  6bb2106e24a16e12ce03a244a56c7c5fc7eab96a (commit)


- Log -
commit 4ef29667abafae1726269fa1b4397443792d0326
Author: Andy Polyakov 
Date:   Thu Feb 11 09:39:37 2016 +0100

poly1305/asm/poly1305-x86_64.pl: MacOS X portability fix.

Reviewed-by: Viktor Dukhovni 

commit a85dbf115c34dfd0eaee7d73d7271f3673fd2286
Author: Andy Polyakov 
Date:   Thu Feb 11 00:36:48 2016 +0100

poly1305/asm/poly1305-x86_64.pl: fix mingw64 build.

Reviewed-by: Tim Hudson 

---

Summary of changes:
 crypto/poly1305/asm/poly1305-x86_64.pl | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl 
b/crypto/poly1305/asm/poly1305-x86_64.pl
index d991365..b827d24 100755
--- a/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -129,7 +129,9 @@ $code.=<<___;
 .externOPENSSL_ia32cap_P
 
 .globl poly1305_init
-.type  poly1305_init,\@function,2
+.globl poly1305_blocks
+.globl poly1305_emit
+.type  poly1305_init,\@function,3
 .align 32
 poly1305_init:
xor %rax,%rax
@@ -172,10 +174,10 @@ $code.=<<___;
ret
 .size  poly1305_init,.-poly1305_init
 
-.globl poly1305_blocks
 .type  poly1305_blocks,\@function,4
 .align 32
 poly1305_blocks:
+.Lblocks:
sub \$16,$len   # too short?
jc  .Lno_data
 
@@ -231,10 +233,10 @@ $code.=<<___;
ret
 .size  poly1305_blocks,.-poly1305_blocks
 
-.globl poly1305_emit
 .type  poly1305_emit,\@function,3
 .align 32
 poly1305_emit:
+.Lemit:
mov 0($ctx),%r8 # load hash value
mov 8($ctx),%r9
mov 16($ctx),%r10
@@ -453,7 +455,7 @@ poly1305_blocks_avx:
cmp \$128,$len
jae .Lblocks_avx
test%r8d,%r8d
-   jz  poly1305_blocks
+   jz  .Lblocks
 
 .Lblocks_avx:
and \$-16,$len
@@ -1275,7 +1277,7 @@ $code.=<<___;
 .align 32
 poly1305_emit_avx:
cmpl\$0,20($ctx)# is_base2_26?
-   je  poly1305_emit
+   je  .Lemit
 
mov 0($ctx),%eax# load hash value base 2^26
mov 4($ctx),%ecx
@@ -1339,7 +1341,7 @@ poly1305_blocks_avx2:
cmp \$128,$len
jae .Lblocks_avx2
test%r8d,%r8d
-   jz  poly1305_blocks
+   jz  .Lblocks
 
 .Lblocks_avx2:
and \$-16,$len
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_1-stable has been updated
   via  b0b9f693b422ddc643840859a0755b7b4fde92de (commit)
  from  9b6e183925bda28dde4a1efb8df4c8862e22e6d9 (commit)


- Log -
commit b0b9f693b422ddc643840859a0755b7b4fde92de
Author: Andy Polyakov 
Date:   Wed Feb 3 18:21:00 2016 +0100

util/mk1mf.pl: use LINK_CMD instead of LINK variable.

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte 
(cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d)

Resolved conflicts:
util/pl/VC-32.pl

(cherry picked from commit 0fffd522426c7fc022894c8dd079dc2625c04096)

---

Summary of changes:
 util/mk1mf.pl  |  2 +-
 util/pl/BC-32.pl   |  4 ++--
 util/pl/Mingw32.pl |  2 +-
 util/pl/OS2-EMX.pl |  4 ++--
 util/pl/VC-32.pl   | 10 +-
 util/pl/linux.pl   |  2 +-
 util/pl/netware.pl |  8 
 util/pl/ultrix.pl  |  2 +-
 util/pl/unix.pl|  2 +-
 9 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 5b86aa7..5280780 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -459,7 +459,7 @@ EX_LIBS=$ex_libs
 # The OpenSSL directory
 SRC_D=$src_dir
 
-LINK=$link
+LINK_CMD=$link
 LFLAGS=$lflags
 RSC=$rsc
 
diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl
index 6d03664..e124821 100644
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@@ -118,7 +118,7 @@ ___
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' ws2_32.lib gdi32.lib';
-   $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+   $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target 
/def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
}
$ret.="\n";
return($ret);
@@ -132,7 +132,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
+   $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
return($ret);
}
 
diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl
index fe3fb27..55c85f6 100644
--- a/util/pl/Mingw32.pl
+++ b/util/pl/Mingw32.pl
@@ -98,7 +98,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+   $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
return($ret);
}
 1;
diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl
index 28cd116..92a332e 100644
--- a/util/pl/OS2-EMX.pl
+++ b/util/pl/OS2-EMX.pl
@@ -99,7 +99,7 @@ sub do_lib_rule
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' -lsocket';
-   $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target 
\$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+   $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) 
$efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
}
@@ -113,7 +113,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files 
$libs\n\n";
+   $ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files 
$libs\n\n";
return($ret);
}
 
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index 88f0f7a..2f33ebc 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -314,7 +314,7 @@ sub do_lib_rule
if ($fips && $target =~ /O_CRYPTO/)
{
$ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-   $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+   $ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET 
FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
@@ -328,7 +328,7 @@ sub do_lib_rule
else
{
$ret.="$target: $objs";
-   $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+   

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  d44bb1c31ca00f4359090daa15659c0dd1a08f0d (commit)
  from  4ef29667abafae1726269fa1b4397443792d0326 (commit)


- Log -
commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d
Author: Andy Polyakov 
Date:   Wed Feb 3 18:21:00 2016 +0100

util/mk1mf.pl: use LINK_CMD instead of LINK variable.

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte 

---

Summary of changes:
 util/mk1mf.pl  |  2 +-
 util/pl/BC-32.pl   |  4 ++--
 util/pl/Mingw32.pl |  2 +-
 util/pl/OS2-EMX.pl |  4 ++--
 util/pl/VC-32.pl   | 10 +-
 util/pl/linux.pl   |  2 +-
 util/pl/netware.pl |  8 
 util/pl/ultrix.pl  |  2 +-
 util/pl/unix.pl|  2 +-
 9 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 07968c4..4144130 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -670,7 +670,7 @@ EX_LIBS=$ex_libs
 # The OpenSSL directory
 SRC_D=$src_dir
 
-LINK=$link
+LINK_CMD=$link
 LFLAGS=$lflags
 RSC=$rsc
 FIPSLINK=\$(PERL) util${o}fipslink.pl
diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl
index 98bd0ff..59a597d 100644
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@@ -143,7 +143,7 @@ ___
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' ws2_32.lib gdi32.lib';
-   $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+   $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target 
/def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
}
$ret.="\n";
return($ret);
@@ -157,7 +157,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
+   $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
return($ret);
}
 
diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl
index fe3fb27..55c85f6 100644
--- a/util/pl/Mingw32.pl
+++ b/util/pl/Mingw32.pl
@@ -98,7 +98,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+   $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
return($ret);
}
 1;
diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl
index 28cd116..92a332e 100644
--- a/util/pl/OS2-EMX.pl
+++ b/util/pl/OS2-EMX.pl
@@ -99,7 +99,7 @@ sub do_lib_rule
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' -lsocket';
-   $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target 
\$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+   $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) 
$efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
}
@@ -113,7 +113,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files 
$libs\n\n";
+   $ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files 
$libs\n\n";
return($ret);
}
 
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index b9ae8a5..2c11184 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -362,7 +362,7 @@ sub do_lib_rule
if ($fips && $target =~ /O_CRYPTO/)
{
$ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-   $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+   $ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET 
FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
@@ -376,7 +376,7 @@ sub do_lib_rule
else
{
$ret.="$target: $objs";
-   $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+   $ret.="\n\t\$(LINK_CMD) \$(MLFLAGS) $efile$target $name 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
}
 
$ret.="\tIF EXIST \$@.manifest mt 

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
   via  10c639a8a56c90bec9e332c7ca76ef552b3952ac (commit)
   via  0fffd522426c7fc022894c8dd079dc2625c04096 (commit)
  from  52464477be1d7af557479f55cf6b09838450a8fa (commit)


- Log -
commit 10c639a8a56c90bec9e332c7ca76ef552b3952ac
Author: Andy Polyakov 
Date:   Wed Feb 10 15:11:40 2016 +0100

perlasm/x86_64-xlate.pl: pass pure constants verbatim.

RT#3885

Reviewed-by: Rich Salz 
(cherry picked from commit fd7dc201d3b9d43972de6a0e659f7ef6421c99cc)

commit 0fffd522426c7fc022894c8dd079dc2625c04096
Author: Andy Polyakov 
Date:   Wed Feb 3 18:21:00 2016 +0100

util/mk1mf.pl: use LINK_CMD instead of LINK variable.

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte 
(cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d)

Resolved conflicts:
util/pl/VC-32.pl

---

Summary of changes:
 crypto/perlasm/x86_64-xlate.pl |  7 +--
 util/mk1mf.pl  |  2 +-
 util/pl/BC-32.pl   |  4 ++--
 util/pl/Mingw32.pl |  2 +-
 util/pl/OS2-EMX.pl |  4 ++--
 util/pl/VC-32.pl   | 10 +-
 util/pl/linux.pl   |  2 +-
 util/pl/netware.pl |  8 
 util/pl/ultrix.pl  |  2 +-
 util/pl/unix.pl|  2 +-
 10 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index 9c70b8c..ee04221 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -198,8 +198,11 @@ my %globals;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
-   $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+   my $value = $self->{value};
+   $value =~ s/(?{value} = $value;
+   }
sprintf "\$%s",$self->{value};
} else {
$self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 99652af..973ad75 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -482,7 +482,7 @@ EX_LIBS=$ex_libs
 # The OpenSSL directory
 SRC_D=$src_dir
 
-LINK=$link
+LINK_CMD=$link
 LFLAGS=$lflags
 RSC=$rsc
 
diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl
index f7161d7..375b0a7 100644
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@@ -118,7 +118,7 @@ ___
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' ws2_32.lib gdi32.lib';
-   $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def 
@<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+   $ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target 
/def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
}
$ret.="\n";
return($ret);
@@ -132,7 +132,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
+   $ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, 
$libs\n\n";
return($ret);
}
 
diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl
index fe3fb27..55c85f6 100644
--- a/util/pl/Mingw32.pl
+++ b/util/pl/Mingw32.pl
@@ -98,7 +98,7 @@ sub do_link_rule
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($target);
$ret.="$target: $files $dep_libs\n";
-   $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+   $ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
return($ret);
}
 1;
diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl
index 28cd116..92a332e 100644
--- a/util/pl/OS2-EMX.pl
+++ b/util/pl/OS2-EMX.pl
@@ -99,7 +99,7 @@ sub do_lib_rule
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
$ex.=' -lsocket';
-   $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target 
\$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+   $ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) 
$efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
}
@@ 

[openssl-commits] Build failed: openssl ct_api.28

[AppVeyor]

Build openssl ct_api.28 failed


Commit 4bfaa7c63f by Rob Percival on 2/11/2016 3:49 PM:

WIP: Certificate Transparency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Viktor Dukhovni]

The branch master has been updated
   via  ce023e77d7b208016276157fa14a6e2636649e85 (commit)
  from  24f0b10462792c202a0fe1952974fcace1e2c563 (commit)


- Log -
commit ce023e77d7b208016276157fa14a6e2636649e85
Author: Viktor Dukhovni 
Date:   Thu Feb 11 13:44:53 2016 -0500

Fix MacOS/X build warnings

Commit 7823d792d0cad3b44ad5389a8d3381becefe7f44 added DEFINE_LHASH_OF
to a C source file.  DEFINE_LHASH_OF() and DEFINE_STACK_OF() must
be used only in header files to avoid clang warnings for unused
static-inline functions.

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/ssl_cert.c | 2 --
 ssl/ssl_locl.h | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index cc82fff..faa7a95 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -647,8 +647,6 @@ static unsigned long xname_hash(const X509_NAME *a)
 return X509_NAME_hash((X509_NAME *)a);
 }
 
-DEFINE_LHASH_OF(X509_NAME);
-
 /**
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d7a7d01..7fdb263 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -685,7 +685,8 @@ struct ssl_comp_st {
 };
 
 DEFINE_LHASH_OF(SSL_SESSION);
-
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
 
 struct ssl_ctx_st {
 const SSL_METHOD *method;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Andy Polyakov]

The branch master has been updated
   via  fd7dc201d3b9d43972de6a0e659f7ef6421c99cc (commit)
  from  d44bb1c31ca00f4359090daa15659c0dd1a08f0d (commit)


- Log -
commit fd7dc201d3b9d43972de6a0e659f7ef6421c99cc
Author: Andy Polyakov 
Date:   Wed Feb 10 15:11:40 2016 +0100

perlasm/x86_64-xlate.pl: pass pure constants verbatim.

RT#3885

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/perlasm/x86_64-xlate.pl | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index 87f6956..1f5bced 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -198,8 +198,11 @@ my %globals;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
-   $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+   my $value = $self->{value};
+   $value =~ s/(?{value} = $value;
+   }
sprintf "\$%s",$self->{value};
} else {
$self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: openssl/openssl#1713 (master - 22e3dcb)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1713
Status: Failed

Duration: 1 hour, 2 minutes, and 1 second
Commit: 22e3dcb (master)
Author: Rich Salz
Message: Remove TLS heartbeat, disable DTLS heartbeat

To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/f3f1cf8444f4...22e3dcb7808b

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108598896

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1690 (master - e3e6a72)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1690
Status: Still Failing

Duration: 1 hour, 38 minutes, and 56 seconds
Commit: e3e6a72 (master)
Author: Richard Levitte
Message: After auto init, check that the deprecated functions exist before using

The functions that have been deprecated by the auto init changes are
now guarded with deprecation checks, so it's fairly easy to see if
they can be used.

In test/dtlsv1listentest, we simply remove all init and cleanup code,
as they are call automatically when needed.

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/fe072ed77cd8...e3e6a72ec800

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108422791

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_api.23

[AppVeyor]

Build openssl ct_api.23 failed


Commit 42b8f4be84 by Rob Percival on 2/11/2016 1:10 PM:

WIP: Certificate Transparency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7 (commit)
   via  c72fb77ff2644cf7edc9821a431c2faf123d4daf (commit)
  from  210ac6824670b4d207f6ea7257d21adb44986ee4 (commit)


- Log -
commit d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7
Author: Richard Levitte 
Date:   Wed Feb 10 22:36:02 2016 +0100

The protocol variable has lost its use, remove it

Reviewed-by: Kurt Roeckx 

commit c72fb77ff2644cf7edc9821a431c2faf123d4daf
Author: Richard Levitte 
Date:   Wed Feb 10 22:33:44 2016 +0100

Rework BIO_ADDRINFO_protocol() to return correct values

As noted already, some platforms don't fill in ai_protocol as
expected.  To circumvent that, we have BIO_ADDRINFO_protocol() to
compute a sensible answer in that case.

Reviewed-by: Kurt Roeckx 

---

Summary of changes:
 apps/s_socket.c | 14 ++
 crypto/bio/b_addr.c | 20 ++--
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/apps/s_socket.c b/apps/s_socket.c
index 20c6626..6d781f4 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -167,11 +167,6 @@ int init_client(int *sock, const char *host, const char 
*port,
 
 ret = 0;
 for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
-int protocol = (type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP);
-# ifdef AF_UNIX
-if (BIO_ADDRINFO_family(ai) == AF_UNIX)
-protocol = 0;
-# endif
 /* Admitedly, these checks are quite paranoid, we should
not get anything in the BIO_ADDRINFO chain that we haven't
asked for */
@@ -179,7 +174,7 @@ int init_client(int *sock, const char *host, const char 
*port,
&& (type == 0 || type == BIO_ADDRINFO_socktype(res)));
 
 *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
-   protocol, 0);
+   BIO_ADDRINFO_protocol(res), 0);
 if (*sock == INVALID_SOCKET) {
 /* Maybe the kernel doesn't support the socket family, even if
  * BIO_lookup() added it in the returned result...
@@ -236,7 +231,6 @@ int do_server(int *accept_sock, const char *host, const 
char *port,
 int i;
 BIO_ADDRINFO *res = NULL;
 int ret = 0;
-int protocol = (type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP);
 
 if (!BIO_sock_init())
 return 0;
@@ -246,10 +240,6 @@ int do_server(int *accept_sock, const char *host, const 
char *port,
 return 0;
 }
 
-# ifdef AF_UNIX
-if (BIO_ADDRINFO_family(res) == AF_UNIX)
-protocol = 0;
-# endif
 /* Admitedly, these checks are quite paranoid, we should
not get anything in the BIO_ADDRINFO chain that we haven't
asked for */
@@ -257,7 +247,7 @@ int do_server(int *accept_sock, const char *host, const 
char *port,
&& (type == 0 || type == BIO_ADDRINFO_socktype(res)));
 
 asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
-   protocol, 0);
+   BIO_ADDRINFO_protocol(res), 0);
 if (asock == INVALID_SOCKET
 || !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) {
 BIO_ADDRINFO_free(res);
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 9131dcd..459443b 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -379,8 +379,24 @@ int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai)
 
 int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
 {
-if (bai != NULL)
-return bai->bai_protocol;
+if (bai != NULL) {
+if (bai->bai_protocol != 0)
+return bai->bai_protocol;
+
+#ifdef AF_UNIX
+if (bai->bai_family == AF_UNIX)
+return 0;
+#endif
+
+switch (bai->bai_socktype) {
+case SOCK_STREAM:
+return IPPROTO_TCP;
+case SOCK_DGRAM:
+return IPPROTO_UDP;
+default:
+break;
+}
+}
 return 0;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  5caef3b5028599958bfddbdb86ea4f47df9f315b (commit)
  from  d94c444bcdc12f63ed122fa7ad0d1b71fa319ce7 (commit)


- Log -
commit 5caef3b5028599958bfddbdb86ea4f47df9f315b
Author: Richard Levitte 
Date:   Thu Feb 11 12:28:26 2016 +0100

Add inclusion directory crypto/include for BN compilations

Some files in crypto/bn depend on internal/bn_conf.h, and so does
test/bntest.  Therefore, we add another inclusion directory.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/bn/build.info | 2 ++
 test/build.info  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 66f62dc..bb410f2 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -1,3 +1,4 @@
+{- use File::Spec::Functions qw/catdir rel2abs/; -}
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
 bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
@@ -6,6 +7,7 @@ SOURCE[../../libcrypto]=\
 {- $target{bn_asm_src} -} \
 bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
 bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
+INCLUDE[../../libcrypto]={- 
rel2abs(catdir($builddir,"..","..","crypto","include")) -}
 
 BEGINRAW[Makefile]
 # BN assembler implementations
diff --git a/test/build.info b/test/build.info
index bf9fead..a321692 100644
--- a/test/build.info
+++ b/test/build.info
@@ -20,7 +20,7 @@ INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} 
../include
 DEPEND[nptest]=../libcrypto
 
 SOURCE[bntest]=bntest.c
-INCLUDE[bntest]={- rel2abs(catdir($builddir,"../include")) -} .. 
../crypto/include ../include
+INCLUDE[bntest]={- rel2abs(catdir($builddir,"../crypto/include")) -} {- 
rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include
 DEPEND[bntest]=../libcrypto
 
 SOURCE[ectest]=ectest.c
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 (commit)
  from  5caef3b5028599958bfddbdb86ea4f47df9f315b (commit)


- Log -
commit 7253fd550c768979ecd3df8f4dbbedd6e9dd76b0
Author: Rich Salz 
Date:   Wed Feb 10 09:55:48 2016 -0500

Hide OPENSSL_INIT_SETTINGS.

Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/conf/conf_lib.c | 28 
 crypto/conf/conf_sap.c | 10 --
 crypto/init.c  | 25 ++---
 doc/crypto/OPENSSL_init_crypto.pod | 29 -
 doc/ssl/OPENSSL_init_ssl.pod   |  7 ++-
 include/internal/conf.h|  5 +
 include/openssl/conf.h |  1 +
 include/openssl/crypto.h   | 28 ++--
 include/openssl/ossl_typ.h |  1 +
 ssl/ssl_init.c |  1 +
 util/libeay.num|  3 +++
 11 files changed, 65 insertions(+), 73 deletions(-)

diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 849b670..29357b2 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -57,6 +57,8 @@
  */
 
 #include 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -370,3 +372,29 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
 
 return conf->meth->dump(conf, out);
 }
+
+/*
+ * These routines call the C malloc/free, to avoid intermixing with
+ * OpenSSL function pointers before the library is initialized.
+ */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
+{
+OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
+
+memset(ret, 0, sizeof(*ret));
+return ret;
+}
+
+
+void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+  const char *config_file)
+{
+free(settings->config_name);
+settings->config_name = config_file == NULL ? NULL : strdup(config_file);
+}
+
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
+{
+free(settings->config_name);
+free(settings);
+}
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 3b42993..45c08e6 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -77,13 +77,11 @@ static int openssl_configured = 0;
 
 void OPENSSL_config(const char *config_name)
 {
-OPENSSL_INIT_SETTINGS settings[2];
+OPENSSL_INIT_SETTINGS settings;
 
-settings[0].name = OPENSSL_INIT_SET_CONF_FILENAME;
-settings[0].value.type_string = config_name;
-settings[1].name = OPENSSL_INIT_SET_END;
-settings[1].value.type_int = 0;
-OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
+memset(, 0, sizeof(settings));
+settings.config_name = strdup(config_name);
+OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, );
 }
 
 void openssl_config_internal(const char *config_name)
diff --git a/crypto/init.c b/crypto/init.c
index e6dd084..e58b119 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -253,6 +253,7 @@ static struct thread_local_inits_st 
*ossl_init_get_thread_local(int alloc)
 
 #endif
 
+typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
 struct ossl_init_stop_st {
 void (*handler)(void);
 OPENSSL_INIT_STOP *next;
@@ -606,21 +607,6 @@ void OPENSSL_cleanup(void)
 base_inited = 0;
 }
 
-static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
-const OPENSSL_INIT_SETTINGS *settings, int name)
-{
-if (settings == NULL)
-return NULL;
-
-while (settings->name != OPENSSL_INIT_SET_END) {
-if (settings->name == name)
-return settings;
-settings++;
-}
-
-return NULL;
-}
-
 /*
  * If this function is called with a non NULL settings value then it must be
  * called prior to any threads making calls to any OpenSSL functions,
@@ -670,14 +656,7 @@ int OPENSSL_init_crypto(uint64_t opts, const 
OPENSSL_INIT_SETTINGS *settings)
 
 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
 CRYPTO_w_lock(CRYPTO_LOCK_INIT);
-if (settings != NULL) {
-const OPENSSL_INIT_SETTINGS *curr;
-curr = ossl_init_get_setting(settings,
- OPENSSL_INIT_SET_CONF_FILENAME);
-config_filename = (curr == NULL) ? NULL : curr->value.type_string;
-} else {
-config_filename = NULL;
-}
+config_filename = (settings == NULL) ? NULL : settings->config_name;
 ossl_init_once_run(, ossl_init_config);
 CRYPTO_w_unlock(CRYPTO_LOCK_INIT);
 }
diff --git a/doc/crypto/OPENSSL_init_crypto.pod 
b/doc/crypto/OPENSSL_init_crypto.pod
index 943f44c..4da6551 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -15,6 +15,10 @@ initialisation and deinitialisation functions
  int 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  3577398360ba38a7dbfbedd8db9ebdd8eadce062 (commit)
  from  7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 (commit)


- Log -
commit 3577398360ba38a7dbfbedd8db9ebdd8eadce062
Author: Rich Salz 
Date:   Thu Feb 11 08:27:53 2016 -0500

Missing header include.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/bn/rsaz_exp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
index 7fb70e4..d85e612 100644
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@@ -40,6 +40,7 @@
 * (2) University of Haifa, Israel*
 */
 
+#include 
 #include "rsaz_exp.h"
 
 #ifndef RSAZ_ENABLED
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  e737d7b197e153775735f700cd6c31cb55d803de (commit)
  from  d20bb611d90df0dc3561a6972ba6bf0e3c65b3e5 (commit)


- Log -
commit e737d7b197e153775735f700cd6c31cb55d803de
Author: Richard Levitte 
Date:   Thu Feb 11 15:22:27 2016 +0100

Unified build: Keep track of generated header files

If someone runs a mixed unixmake / unified environment (the unified
build tree would obviously be out of the source tree), the unified
build will pick up on the unixmake crypto/buildinf.h because of
assumptions made around this sort of declaration (found in
crypto/build.info):

DEPENDS[cversion.o]=buildinf.h

The assumption was that if such a header could be found in the source
tree, that was the one to depend on, otherwise it would assume it
should be in the build tree.

This change makes sure that sort of mix-up won't happen again.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configure | 33 ++---
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/Configure b/Configure
index f74355c..f617df5 100755
--- a/Configure
+++ b/Configure
@@ -395,6 +395,15 @@ my @default_depdefines =
 # We will collect such requests in @experimental.
 # To avoid accidental use of experimental features, applications will have to 
use -DOPENSSL_EXPERIMENTAL_FOO.
 
+my @generated_headers = (
+"include/openssl/opensslconf.h",
+"crypto/include/internal/bn_conf.h"
+);
+
+my @generated_by_make_headers = (
+"crypto/buildinf.h"
+);
+
 
 my $no_sse2=0;
 
@@ -1481,9 +1490,15 @@ EOF
 foreach (@{$depends{$dest}}) {
 my $d = cleanfile($sourced, $_, $blddir);
 
-# If it isn't found in the source, let's assume it's generated
-# and that the Makefile template has the lines
-if (! -f $d) {
+# If we know it's generated, or assume it is because we can't
+# find it in the source tree, we set file we depend on to be
+# in the build tree rather than the source tree, and assume
+# and that there are lines to build it in a BEGINRAW..ENDRAW
+# section or in the Makefile template.
+if (! -f $d
+|| !(grep { $d eq $_ }
+ map { cleanfile($srcdir, $_, $blddir) }
+ (@generated_headers, @generated_by_make_headers))) {
 $d = cleanfile($buildd, $_, $blddir);
 }
 # Take note if the file to depend on is being renamed
@@ -1697,14 +1712,10 @@ print "THIRTY_TWO_BIT mode\n" if $config{b32};
 print "BN_LLONG mode\n" if $config{bn_ll};
 print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} != $def_int;
 
-mkpath(catdir($blddir, "include/openssl"));
-run_dofile(catfile($blddir, "include/openssl/opensslconf.h"),
-   catfile($srcdir, "include/openssl/opensslconf.h.in"));
-
-mkpath(catdir($blddir, "crypto/include/internal"));
-foreach my $alg ( 'bn' ) {
-run_dofile(catfile($blddir, "crypto/include/internal/${alg}_conf.h"),
-   catfile($srcdir, "crypto/include/internal/${alg}_conf.h.in"));
+for (@generated_headers) {
+mkpath(catdir($blddir, dirname($_)));
+run_dofile(catfile($blddir, $_),
+   catfile($srcdir, $_.".in"));
 }
 
 ###
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  1407f856ab790f8028db1ecfb354d64bfb8ca054 (commit)
   via  cedbb1462a1732bf255c4b7767d8a0e4e0d20e30 (commit)
  from  43db7aa2de68e04c5b5894e7af5dba54ee1fa363 (commit)


- Log -
commit 1407f856ab790f8028db1ecfb354d64bfb8ca054
Author: Richard Levitte 
Date:   Thu Feb 11 12:59:33 2016 +0100

Make util/mkrc.pl location agnostic and adapt Makefile.shared

With this, Cygwin and Mingw builds stand a much better chance to be
able to build outside of the source tree with the unified build.

Reviewed-by: Rich Salz 

commit cedbb1462a1732bf255c4b7767d8a0e4e0d20e30
Author: Richard Levitte 
Date:   Thu Feb 11 13:10:11 2016 +0100

Make shared library targets more consistent

On Windows POSIX layers, two files are produced for a shared library,
there's {shlibname}.dll and there's the import library {libname}.dll.a

On some/most Unix platforms, a {shlibname}.{sover}.so and a symlink
{shlibname}.so are produced.

For each of them, unix-Makefile.tmpl was entirely consistent on which
to have as a target when building a shared library or which to use as
dependency.

This change clears this up and makes it consistent, we use the
simplest form possible, {lib}.dll.a on Windows POSIX layers and
{shlibname}.so on Unix platforms.  No exception.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 101 --
 Makefile.shared   |   2 +-
 util/mkrc.pl  |   9 +++-
 3 files changed, 72 insertions(+), 40 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 65f179d..75516cc 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -630,6 +630,26 @@ Makefile: {- $config{build_file_template} -} 
$(SRCDIR)/Configure $(SRCDIR)/confi
 {-
   use File::Basename;
   use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+  # Helper function to figure out dependencies on libraries
+  # It takes a list of library names and outputs a list of dependencies
+  sub compute_lib_depends {
+  if ($config{no_shared}) {
+  return map { $_."\$(LIB_EXT)" } @_;
+  }
+
+  # Depending on shared libraries:
+  # On Windows POSIX layers, we depend on {libname}.dll.a
+  # On Unix platforms, we depend on {shlibname}.so
+  return map { if (windowsdll()) {
+   "$_\$(SHLIB_EXT_SIMPLE).a"
+  } else {
+  my $libname =
+  $unified_info{sharednames}->{$_} || $_;
+  "$libname\$(SHLIB_EXT_SIMPLE)"
+  } } @_;
+  }
+
   sub src2dep {
   my %args = @_;
   my $dep = $args{obj}.'$(DEP_EXT)';
@@ -674,28 +694,35 @@ EOF
   my $libd = dirname($lib);
   my $libn = basename($lib);
   (my $libname = $libn) =~ s/^lib//;
-  my $shlibdeps = join("", map { my $d = dirname($_);
- my $f = basename($_);
- (my $l = $f) =~ s/^lib//;
- " -L$d -l$l" } @{$args{deps}});
-  my $deps = join(" ",map { $_."\$(SHLIB_EXT_SIMPLE)" } @{$args{deps}});
+  my $linklibs = join("", map { my $d = dirname($_);
+my $f = basename($_);
+(my $l = $f) =~ s/^lib//;
+" -L$d -l$l" } @{$args{deps}});
+  my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
   my $shlib_target = $target{shared_target};
   my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
-  my $targets =
- "$shlib".shlib_ext() .
- (shlib_ext() ne shlib_ext_simple()
-  ? " $shlib".shlib_ext_simple() : "");
+  my $shlibtarget = windowsdll() ?
+ "$lib\$(SHLIB_EXT_SIMPLE).a" : "$shlib\$(SHLIB_EXT_SIMPLE)";
   return <<"EOF"
-$targets : $lib\$(LIB_EXT) $deps $ordinalsfile
+# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
+# that two files get produced, {shlibname}.dll and {libname}.dll.a.
+# With all other Unix platforms, we often build a shared library with the
+# SO version built into the file name and a symlink without the SO version
+# It's not necessary to have both as targets.  The choice falls on the
+# simplest, {libname}\$(SHLIB_EXT_SIMPLE).a for Windows POSIX layers and
+# {libname}\$(SHLIB_EXT_SIMPLE) for the Unix platforms.
+$shlibtarget : $lib\$(LIB_EXT) $deps $ordinalsfile
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
+   PLATFORM=\$(PLATFORM) \\
PERL=\$(PERL) SRCDIR="\$(SRCDIR)" 

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  7b548d3f11adccc67123e1f6f5c118aef857a8d2 (commit)
  from  64c443e3f0057946ddd8f37a36821a7f9c0e0493 (commit)


- Log -
commit 7b548d3f11adccc67123e1f6f5c118aef857a8d2
Author: Dr Stephen Henson 
Date:   Tue Feb 9 14:33:51 2016 +

Test for and use AES CSP for RSA if present.

Some keys are attached to the full RSA CSP which doesn't support SHA2
algorithms: uses the AES CSP if present.

Reviewed-by: Tim Hudson 

---

Summary of changes:
 engines/e_capi.c | 24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/engines/e_capi.c b/engines/e_capi.c
index 62c4ad3..8e78354 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -133,6 +133,10 @@
 #  define CALG_SHA_512(ALG_CLASS_HASH | ALG_TYPE_ANY | 
ALG_SID_SHA_512)
 # endif
 
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
+# endif
+
 # include 
 # include 
 # include 
@@ -458,11 +462,14 @@ static DSA_METHOD capi_dsa_method = {
 0   /* dsa_keygen */
 };
 
+static int use_aes_csp = 0;
+
 static int capi_init(ENGINE *e)
 {
 CAPI_CTX *ctx;
 const RSA_METHOD *ossl_rsa_meth;
 const DSA_METHOD *ossl_dsa_meth;
+HCRYPTPROV hprov;
 
 if (capi_idx < 0) {
 capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
@@ -509,6 +516,14 @@ static int capi_init(ENGINE *e)
 }
 # endif
 
+/* See if we support AES CSP */
+
+if (CryptAcquireContext(, NULL, NULL, PROV_RSA_AES,
+CRYPT_VERIFYCONTEXT)) {
+use_aes_csp = 1;
+CryptReleaseContext(hprov, 0);
+}
+
 return 1;
 
  memerr:
@@ -1454,10 +1469,15 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const 
TCHAR *contname,
 
 if (key == NULL)
 return NULL;
-if (sizeof(TCHAR) == sizeof(char))
+/* If PROV_RSA_AES supported use it instead */
+if (ptype == PROV_RSA_FULL && use_aes_csp) {
+provname = NULL;
+ptype = PROV_RSA_AES;
+CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname);
+} else if (sizeof(TCHAR) == sizeof(char)) {
 CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
-else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+} else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
 /* above 'if' is optimization to minimize malloc-ations */
 char *_contname = wide_to_asc((WCHAR *)contname);
 char *_provname = wide_to_asc((WCHAR *)provname);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  43db7aa2de68e04c5b5894e7af5dba54ee1fa363 (commit)
  from  7b548d3f11adccc67123e1f6f5c118aef857a8d2 (commit)


- Log -
commit 43db7aa2de68e04c5b5894e7af5dba54ee1fa363
Author: Dr. Stephen Henson 
Date:   Thu Feb 11 15:51:31 2016 +

Fix engine key support in cms and req utilities.

PR#4246 and PR#4266

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/cms.c | 2 +-
 apps/req.c | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index bcfcd54..e732757 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -206,7 +206,7 @@ OPTIONS cms_options[] = {
 {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
 {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
 {"md", OPT_MD, 's'},
-{"inkey", OPT_INKEY, '<',
+{"inkey", OPT_INKEY, 's',
  "Input private key (if not signer or recipient)"},
 {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
 {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
diff --git a/apps/req.c b/apps/req.c
index d6d46a9..3ced170 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -136,8 +136,8 @@ OPTIONS req_options[] = {
 {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
 {"in", OPT_IN, '<', "Input file"},
 {"out", OPT_OUT, '>', "Output file"},
-{"key", OPT_KEY, '<', "Use the private key contained in file"},
-{"keyform", OPT_KEYFORM, 'F', "Key file format"},
+{"key", OPT_KEY, 's', "Private key to use"},
+{"keyform", OPT_KEYFORM, 'f', "Key file format"},
 {"pubkey", OPT_PUBKEY, '-', "Output public key"},
 {"new", OPT_NEW, '-', "New request"},
 {"config", OPT_CONFIG, '<', "Request template file"},
@@ -235,7 +235,7 @@ int req_main(int argc, char **argv)
 goto opthelp;
 break;
 case OPT_ENGINE:
-(void)setup_engine(opt_arg(), 0);
+e = setup_engine(opt_arg(), 0);
 break;
 case OPT_KEYGEN_ENGINE:
 #ifndef OPENSSL_NO_ENGINE
@@ -259,7 +259,7 @@ int req_main(int argc, char **argv)
 template = opt_arg();
 break;
 case OPT_KEYFORM:
-if (!opt_format(opt_arg(), OPT_FMT_PEMDER, ))
+if (!opt_format(opt_arg(), OPT_FMT_ANY, ))
 goto opthelp;
 break;
 case OPT_IN:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6 (commit)
   via  ce0c1f2bb2fd296f10a2847844205df0ed95fb8e (commit)
  from  fd7dc201d3b9d43972de6a0e659f7ef6421c99cc (commit)


- Log -
commit c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6
Author: Dr. Stephen Henson 
Date:   Thu Feb 11 18:41:11 2016 +

update ciphers manual page

Reviewed-by: Viktor Dukhovni 

commit ce0c1f2bb2fd296f10a2847844205df0ed95fb8e
Author: Dr. Stephen Henson 
Date:   Thu Feb 11 18:19:27 2016 +

Remove static ECDH support.

Remove support for static ECDH ciphersuites. They require ECDH keys
in certificates and don't support forward secrecy.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 doc/apps/ciphers.pod |  39 +-
 ssl/s3_lib.c | 341 ---
 ssl/ssl_ciph.c   |  37 +
 ssl/ssl_lib.c|  54 +---
 ssl/ssl_locl.h   |  30 ++---
 ssl/statem/statem_clnt.c |  18 +--
 ssl/statem/statem_srvr.c |  16 +--
 ssl/t1_lib.c |  18 +--
 8 files changed, 31 insertions(+), 522 deletions(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index e3fa4c0..02fc57a 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -207,11 +207,6 @@ Curve DH (ECDH) cipher suites.
 
 cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
 
-=item B, B, B
-
-cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
-keys or either respectively.
-
 =item B, B
 
 cipher suites using ephemeral ECDH key agreement, including anonymous
@@ -227,8 +222,7 @@ anonymous Elliptic Curve Diffie Hellman cipher suites.
 
 =item B
 
-cipher suites using ECDH key exchange, including anonymous, ephemeral and
-fixed ECDH.
+cipher suites using ECDH key exchange, including anonymous and ephemeral.
 
 =item B, B
 
@@ -239,11 +233,6 @@ cipher suites using DSS authentication, i.e. the 
certificates carry DSS keys.
 cipher suites effectively using DH authentication, i.e. the certificates carry
 DH keys.
 
-=item B
-
-cipher suites effectively using ECDH authentication, i.e. the certificates
-carry ECDH keys.
-
 =item B, B
 
 cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
@@ -479,18 +468,6 @@ Note: these ciphers can also be used in SSL v3.
 
 =head2 Elliptic curve cipher suites.
 
- TLS_ECDH_RSA_WITH_NULL_SHA  ECDH-RSA-NULL-SHA
- TLS_ECDH_RSA_WITH_RC4_128_SHA   ECDH-RSA-RC4-SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA  ECDH-RSA-DES-CBC3-SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA   ECDH-RSA-AES128-SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA   ECDH-RSA-AES256-SHA
- 
- TLS_ECDH_ECDSA_WITH_NULL_SHAECDH-ECDSA-NULL-SHA
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHAECDH-ECDSA-DES-CBC3-SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
- 
  TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
  TLS_ECDHE_RSA_WITH_RC4_128_SHA  ECDHE-RSA-RC4-SHA
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
@@ -538,16 +515,6 @@ Note: these ciphers can also be used in SSL v3.
  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256   DHE-DSS-AES128-GCM-SHA256
  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384   DHE-DSS-AES256-GCM-SHA384
 
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256  ECDH-RSA-AES128-SHA256
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384  ECDH-RSA-AES256-SHA384
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256  ECDH-RSA-AES128-GCM-SHA256
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384  ECDH-RSA-AES256-GCM-SHA384
-
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256ECDH-ECDSA-AES128-SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384ECDH-ECDSA-AES256-SHA384
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256ECDH-ECDSA-AES128-GCM-SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384ECDH-ECDSA-AES256-GCM-SHA384
-
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
@@ -580,12 +547,8 @@ Note: these ciphers can also be used in SSL v3.
 
  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
- TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  ECDH-ECDSA-CAMELLIA128-SHA256
- TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  ECDH-ECDSA-CAMELLIA256-SHA384
  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
- 

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  de8128203a5340db397dadaee91bc504c2a539bc (commit)
   via  9ba96fbb2523cb12747c559c704c58bd8f9e7982 (commit)
  from  c15e95a61dacfc326cf9cdf05935ae8c6c97bcf6 (commit)


- Log -
commit de8128203a5340db397dadaee91bc504c2a539bc
Author: Richard Levitte 
Date:   Thu Feb 11 22:06:17 2016 +0100

State the minimum Perl version that our scripts will work with

Reviewed-by: Rich Salz 

commit 9ba96fbb2523cb12747c559c704c58bd8f9e7982
Author: Richard Levitte 
Date:   Thu Feb 11 21:47:30 2016 +0100

Perl's chop / chomp considered bad, use a regexp instead

Once upon a time, there was chop, which somply chopped off the last
character of $_ or a given variable, and it was used to take off the
EOL character (\n) of strings.

... but then, you had to check for the presence of such character.

So came chomp, the better chop which checks for \n before chopping it
off.  And this worked well, as long as Perl made internally sure that
all EOLs were converted to \n.

These days, though, there seems to be a mixture of perls, so lines
from files in the "wrong" environment might have \r\n as EOL, or just
\r (Mac OS, unless I'm misinformed).

So it's time we went for the more generic variant and use s|\R$||, the
better chomp which recognises all kinds of known EOLs and chops them
off.

A few chops were left alone, as they are use as surgical tools to
remove one last slash or one last comma.

NOTE: \R came with perl 5.10.0.  It means that from now on, our
scripts will fail with any older version.

Reviewed-by: Rich Salz 

---

Summary of changes:
 README.PERL|  5 +++--
 VMS/VMSify-conf.pl |  2 +-
 VMS/translatesyms.pl   |  2 +-
 apps/CA.pl.in  |  2 +-
 crypto/lhash/num.pl|  2 +-
 crypto/objects/obj_dat.pl  |  2 +-
 crypto/objects/objects.pl  |  4 ++--
 crypto/objects/objxref.pl  |  6 +++---
 crypto/perlasm/x86_64-xlate.pl |  4 ++--
 util/check-buildinfo.pl|  2 +-
 util/extract-names.pl  |  2 +-
 util/files.pl  | 10 +-
 util/fipslink.pl   |  6 +++---
 util/mk1mf.pl  |  4 ++--
 util/mkdef.pl  | 12 +---
 util/mkerr.pl  |  2 +-
 util/mkfiles.pl|  6 +++---
 util/selftest.pl   |  2 +-
 util/sp-diff.pl|  2 +-
 19 files changed, 38 insertions(+), 39 deletions(-)

diff --git a/README.PERL b/README.PERL
index c2db019..184b377 100644
--- a/README.PERL
+++ b/README.PERL
@@ -23,8 +23,9 @@
  - on Linux distributions based on RPMs, you will need to install
'perl-core' rather than just 'perl'.
 
- It is highly recommended that you have at least Perl version 5.10
- installed.
+ You MUST have at least Perl version 5.10.0 installed.  This minimum
+ requirement is due to our use of regexp backslash sequence \R among
+ other features that didn't exist in core Perl before that version.
 
  Notes on Perl on Windows
  
diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl
index d3be6a2..9890362 100644
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -7,7 +7,7 @@ my @directory_vars = ( "dir", "certs", "crl_dir", 
"new_certs_dir" );
 my @file_vars = ( "database", "certificate", "serial", "crlnumber",
  "crl", "private_key", "RANDFILE" );
 while() {
-chomp;
+s|\R$||;
 foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl
index 8ffdbd8..de3db6c 100644
--- a/VMS/translatesyms.pl
+++ b/VMS/translatesyms.pl
@@ -28,7 +28,7 @@ my %translations = ();
 open DEMANGLER_DATA, $ARGV[0]
 or die "Couldn't open $ARGV[0]: $!\n";
 while() {
-chomp;
+s|\R$||;
 (my $translated, my $original) = split /\$/;
 $translations{$original} = $translated.'$';
 }
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 52a97d7..fbba457 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -121,7 +121,7 @@ if ($WHAT eq '-newcert' ) {
 # ask user for existing CA certificate
 print "CA certificate filename (or enter to create)\n";
 $FILE = ;
-chop $FILE if $FILE;
+$FILE = s|\R$|| if $FILE;
 if ($FILE) {
 copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
 copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl
index 30fedf9..4440a99 100644
--- a/crypto/lhash/num.pl
+++ b/crypto/lhash/num.pl
@@ -5,7 +5,7 @@
 while (<>)
{
next unless /^node/;
-   chop;
+   

[openssl-commits] Failed: openssl/openssl#1725 (master - de81282)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1725
Status: Failed

Duration: 1 hour, 20 minutes, and 27 seconds
Commit: de81282 (master)
Author: Richard Levitte
Message: State the minimum Perl version that our scripts will work with

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/c15e95a61dac...de8128203a53

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108641512

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  b3ca51559b1a6cd80dc179ee54613f00190d1cb4 (commit)
  from  de8128203a5340db397dadaee91bc504c2a539bc (commit)


- Log -
commit b3ca51559b1a6cd80dc179ee54613f00190d1cb4
Author: Dr. Stephen Henson 
Date:   Thu Feb 11 22:46:01 2016 +

Typo: only return error if unrecognise bag type.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 crypto/pkcs12/p12_sbag.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index 62703b4..57e2bf4 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -107,7 +107,7 @@ int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
 {
 int btype = PKCS12_SAFEBAG_get_nid(bag);
 
-if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag)
+if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
 return -1;
 return OBJ_obj2nid(bag->value.bag->type);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#1720 (master - d44bb1c)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1720
Status: Passed

Duration: 4 minutes and 9 seconds
Commit: d44bb1c (master)
Author: Andy Polyakov
Message: util/mk1mf.pl: use LINK_CMD instead of LINK variable.

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/4ef29667abaf...d44bb1c31ca0

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108625419

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ctnextpatch.29

[AppVeyor]

Build openssl ctnextpatch.29 failed


Commit 564b55d003 by Rob Percival on 2/11/2016 3:04 PM:

Addresses review comments from richsalz, bar comments about testing


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Failed: openssl/openssl#1720 (master - d44bb1c)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1720
Status: Failed

Duration: 1 hour, 41 minutes, and 39 seconds
Commit: d44bb1c (master)
Author: Andy Polyakov
Message: util/mk1mf.pl: use LINK_CMD instead of LINK variable.

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/4ef29667abaf...d44bb1c31ca0

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108625419

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#1726 (master - b3ca515)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1726
Status: Passed

Duration: 1 hour, 27 minutes, and 36 seconds
Commit: b3ca515 (master)
Author: Dr. Stephen Henson
Message: Typo: only return error if unrecognise bag type.

Reviewed-by: Viktor Dukhovni 

View the changeset: 
https://github.com/openssl/openssl/compare/de8128203a53...b3ca51559b1a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108671136

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1035

[AppVeyor]

Build openssl master.1035 failed


Commit b3ca51559b by Dr. Stephen Henson on 2/11/2016 11:27 PM:

Typo: only return error if unrecognise bag type.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  04b76df3f72de65625c84eac2a00b4e3596c1102 (commit)
   via  fb3e2a88eed124b1a74ebed89c20283780ee2bc6 (commit)
  from  b3ca51559b1a6cd80dc179ee54613f00190d1cb4 (commit)


- Log -
commit 04b76df3f72de65625c84eac2a00b4e3596c1102
Author: Richard Levitte 
Date:   Fri Feb 12 00:38:53 2016 +0100

make generate

Reviewed-by: Rich Salz 

commit fb3e2a88eed124b1a74ebed89c20283780ee2bc6
Author: Richard Levitte 
Date:   Fri Feb 12 00:34:40 2016 +0100

Generate progs.h from a bunch of files instead of internal knowledge

apps/progs.pl counted on the caller to provide the exact command
files.  The unified build doesn't have that knowledge, and the easier
and more flexible thing to do is to feed it all the apps/*.c files and
let it figure out the command names by looking inside (looking for
/int ([a-z0-9][a-z0-9_]*)_main\(int argc,/).

Also, add it to the generate command, since it's a versioned file.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 13 -
 apps/Makefile.in  | 11 +--
 apps/build.info   |  6 --
 apps/progs.h  | 24 
 apps/progs.pl | 33 ++---
 5 files changed, 51 insertions(+), 36 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 2b495e9..c94a3a1 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -489,7 +489,7 @@ generate: generate_apps generate_crypto_bn 
generate_crypto_objects
 lint:
lint -DLINT $(INCLUDES) $(SRCS)
 
-generate_apps: $(SRCDIR)/apps/openssl-vms.cnf
+generate_apps: $(SRCDIR)/apps/openssl-vms.cnf $(SRCDIR)/apps/progs.h
 
 generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h
 
@@ -583,6 +583,17 @@ $(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf
$(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \
 < $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf
 
+{- # because the program apps/openssl has object files as sources, and
+   # they then have the corresponding C files as source, we need to chain
+   # the lookups in %unified_info
+   my $apps_openssl = catfile("apps","openssl");
+   our @openssl_source = map { @{$unified_info{sources}->{$_}} }
+ @{$unified_info{sources}->{$apps_openssl}};
+   ""; -}
+$(SRCDIR)/apps/progs.h:
+   $(RM) $@
+   $(PERL) $(SRCDIR)/apps/progs.pl {- join(" ", @openssl_source) -} > $@
+
 $(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl
$(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h
 
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 9668684..e3f485d 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -50,7 +50,7 @@ SRC   = \
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
-   srp.c ts.c verify.c version.c x509.c
+   srp.c ts.c verify.c version.c x509.c rehash.c
 
 EXE_OBJ= openssl.o $(OBJ) $(EXTRA_OBJ) $(RAND_OBJ)
 EXE_SRC = openssl.c $(SRC) $(EXTRA_SRC) $(RAND_SRC)
@@ -108,7 +108,7 @@ uninstall:
done
$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
-generate: openssl-vms.cnf
+generate: openssl-vms.cnf progs.h
 
 depend:
$(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC)
@@ -123,7 +123,7 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
(cd ..; $(MAKE) build_libcrypto)
 
-$(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
+$(EXE): $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
@@ -135,10 +135,9 @@ $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
link_app.$${shlib_target}
 
-progs.h: progs.pl Makefile
+progs.h: progs.pl Makefile.in
$(RM) progs.h
-   $(PERL) progs.pl $(COMMANDS) >progs.h
-   $(RM) openssl.o
+   $(PERL) progs.pl $(EXE_SRC) > progs.h
 
 CA.pl: CA.pl.in
$(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile 
CA.pl.in > CA.pl.new
diff --git a/apps/build.info b/apps/build.info
index 173f1bc..a7dcee6 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -16,9 +16,3 @@ DEPEND[openssl]=../libssl
 
 SCRIPTS=CA.pl
 SOURCE[CA.pl]=CA.pl.in
-
-BEGINRAW[Makefile]
-{- $builddir -}/progs.h: {- $sourcedir -}/progs.pl {- $builddir -}/../Makefile
-   $(RM) {- $builddir -}/progs.h
-   $(PERL) {- 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 (commit)
  from  1407f856ab790f8028db1ecfb354d64bfb8ca054 (commit)


- Log -
commit 84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21
Author: Rich Salz 
Date:   Thu Jan 21 14:53:18 2016 -0500

Fix GH 327.

Valgrind complains about using unitialized memory.  So call
OPENSSL_zalloc, not malloc.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/evp/digest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 1fc58bd..f7e82db 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -229,7 +229,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, 
ENGINE *impl)
 ctx->digest = type;
 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
 ctx->update = type->update;
-ctx->md_data = OPENSSL_malloc(type->ctx_size);
+ctx->md_data = OPENSSL_zalloc(type->ctx_size);
 if (ctx->md_data == NULL) {
 EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
 return 0;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_api.26

[AppVeyor]

Build openssl ct_api.26 failed


Commit c22641d9ec by Rob Percival on 2/11/2016 2:12 PM:

WIP: Certificate Transparency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  7823d792d0cad3b44ad5389a8d3381becefe7f44 (commit)
  from  84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 (commit)


- Log -
commit 7823d792d0cad3b44ad5389a8d3381becefe7f44
Author: Toshikuni Fukaya 
Date:   Wed Feb 3 13:08:45 2016 -0500

RT3495: Add a hash for faster dup detection.

Updated for 1.1 by Rich Salz

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/ssl_cert.c | 42 +-
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 68c8924..dc58e25 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,6 +1,3 @@
-/*
- * ! \file ssl/ssl_cert.c
- */
 /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,7 +121,7 @@
 #endif
 
 #include "internal/o_dir.h"
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -642,11 +639,23 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
 return (add_client_CA(&(ctx->client_CA), x));
 }
 
-static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
 {
 return (X509_NAME_cmp(*a, *b));
 }
 
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+return X509_NAME_cmp(a, b);
+}
+
+static unsigned long xname_hash(const X509_NAME *a)
+{
+return X509_NAME_hash((X509_NAME *)a);
+}
+
+DEFINE_LHASH_OF(X509_NAME);
+
 /**
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
@@ -657,16 +666,14 @@ static int xname_cmp(const X509_NAME *const *a, const 
X509_NAME *const *b)
  */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 {
-BIO *in;
+BIO *in = BIO_new(BIO_s_file());
 X509 *x = NULL;
 X509_NAME *xn = NULL;
-STACK_OF(X509_NAME) *ret = NULL, *sk;
-
-sk = sk_X509_NAME_new(xname_cmp);
+STACK_OF(X509_NAME) *ret = NULL;
+LHASH_OF(X509_NAME) *name_hash =
+lh_X509_NAME_new(xname_hash, xname_cmp);
 
-in = BIO_new(BIO_s_file());
-
-if ((sk == NULL) || (in == NULL)) {
+if ((name_hash == NULL) || (in == NULL)) {
 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
 goto err;
 }
@@ -690,10 +697,11 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char 
*file)
 xn = X509_NAME_dup(xn);
 if (xn == NULL)
 goto err;
-if (sk_X509_NAME_find(sk, xn) >= 0)
+if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+/* Duplicate. */
 X509_NAME_free(xn);
-else {
-sk_X509_NAME_push(sk, xn);
+} else {
+lh_X509_NAME_insert(name_hash, xn);
 sk_X509_NAME_push(ret, xn);
 }
 }
@@ -703,9 +711,9 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char 
*file)
 sk_X509_NAME_pop_free(ret, X509_NAME_free);
 ret = NULL;
  done:
-sk_X509_NAME_free(sk);
 BIO_free(in);
 X509_free(x);
+lh_X509_NAME_free(name_hash);
 if (ret != NULL)
 ERR_clear_error();
 return (ret);
@@ -729,7 +737,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) 
*stack,
 int ret = 1;
 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
 
-oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
+oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
 
 in = BIO_new(BIO_s_file());
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  22e3dcb7808bb06cd18c3231e34a5930e796cc48 (commit)
  from  f3f1cf8444f439c0be9de04bf3821a20d00fd956 (commit)


- Log -
commit 22e3dcb7808bb06cd18c3231e34a5930e796cc48
Author: Rich Salz 
Date:   Mon Jan 25 13:30:37 2016 -0500

Remove TLS heartbeat, disable DTLS heartbeat

To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte 

---

Summary of changes:
 CHANGES  |   5 +
 Configure|   1 +
 apps/openssl.c   |   3 +
 include/openssl/ssl.h|  10 +-
 include/openssl/ssl3.h   |   2 +-
 include/openssl/tls1.h   |  34 --
 ssl/d1_lib.c |  14 +--
 ssl/record/rec_layer_d1.c|   2 +-
 ssl/record/rec_layer_s3.c|  16 ---
 ssl/s3_lib.c |  23 +++--
 ssl/ssl_err.c|   2 -
 ssl/ssl_locl.h   |   5 -
 ssl/ssl_utst.c   |   1 -
 ssl/t1_lib.c | 216 ++-
 ssl/t1_trce.c|   4 +-
 test/heartbeat_test.c|  95 -
 test/recipes/90-test_heartbeat.t |   2 +-
 17 files changed, 95 insertions(+), 340 deletions(-)

diff --git a/CHANGES b/CHANGES
index cb71a13..29a00bc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX ]
 
+  *) Heartbeat for TLS has been removed and is disabled by default
+ for DTLS; configure with enable-heartbeats.  Code that uses the
+ old #define's might need to be updated.
+ [Emilia Käsper, Rich Salz]
+
   *) Rename REF_CHECK to REF_DEBUG.
  [Rich Salz]
 
diff --git a/Configure b/Configure
index 4198ff7..3dc6a42 100755
--- a/Configure
+++ b/Configure
@@ -318,6 +318,7 @@ my %disabled = ( # "what" => "comment" [or special 
keyword "experimental
 "unit-test"  => "default",
 "zlib"   => "default",
 "crypto-mdebug"  => "default",
+"heartbeats" => "default",
   );
 my @experimental = ();
 
diff --git a/apps/openssl.c b/apps/openssl.c
index e9c24d0..732cdf1 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -748,6 +748,9 @@ static void list_disabled(void)
 #ifdef OPENSSL_NO_GOST
 BIO_puts(bio_out, "GOST\n");
 #endif
+#ifdef OPENSSL_NO_HEARTBEATS
+BIO_puts(bio_out, "HEARTBEATS\n");
+#endif
 #ifdef OPENSSL_NO_HMAC
 BIO_puts(bio_out, "HMAC\n");
 #endif
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c4b9826..d51c2d4 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -601,7 +601,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op);
 
 # ifndef OPENSSL_NO_HEARTBEATS
 #  define SSL_heartbeat(ssl) \
-SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
+SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
 # endif
 
 # define SSL_CTX_set_cert_flags(ctx,op) \
@@ -1177,9 +1177,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH   80
 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD   81
 # ifndef OPENSSL_NO_HEARTBEATS
-#  define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
-#  define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING  86
-#  define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS  87
+#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT   85
+#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING86
+#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS87
 # endif
 # define DTLS_CTRL_GET_TIMEOUT   73
 # define DTLS_CTRL_HANDLE_TIMEOUT74
@@ -2125,11 +2125,9 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT  274
 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL314
 # define SSL_F_TLS1_GET_CURVELIST 338
-# define SSL_F_TLS1_HEARTBEAT 315
 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT275
 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT276
 # define SSL_F_TLS1_PRF   284
-# define SSL_F_TLS1_PROCESS_HEARTBEAT 341
 # define SSL_F_TLS1_SETUP_KEY_BLOCK   211
 # define SSL_F_TLS1_SET_SERVER_SIGALGS335
 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK  354
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 325fa94..ecbe247 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -306,7 +306,7 @@ extern "C" {
 # define SSL3_RT_ALERT   21
 # define SSL3_RT_HANDSHAKE   22
 # 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  f3f1cf8444f439c0be9de04bf3821a20d00fd956 (commit)
  from  7823d792d0cad3b44ad5389a8d3381becefe7f44 (commit)


- Log -
commit f3f1cf8444f439c0be9de04bf3821a20d00fd956
Author: Rich Salz 
Date:   Sat Jan 30 12:04:25 2016 -0500

Move to REF_DEBUG, for consistency.

Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte 

---

Summary of changes:
 CHANGES |  3 +++
 Configurations/10-main.conf | 12 ++--
 Configurations/90-team.conf |  8 
 Configurations/99-personal-ben.conf |  8 
 Configure   |  2 +-
 Makefile.in |  2 +-
 crypto/asn1/tasn_utl.c  |  7 ++-
 crypto/asn1/x_info.c| 11 ++-
 crypto/asn1/x_pkey.c| 11 ++-
 crypto/bio/bio_err.c|  2 ++
 crypto/bio/bio_lib.c| 11 ++-
 crypto/dh/dh_lib.c  | 23 +--
 crypto/dsa/dsa_lib.c| 23 +--
 crypto/dso/dso_lib.c| 11 ++-
 crypto/ec/ec_key.c  | 23 +--
 crypto/engine/eng_init.c|  7 +--
 crypto/engine/eng_lib.c |  7 +--
 crypto/err/err.c| 25 +++--
 crypto/evp/p_lib.c  | 11 ++-
 crypto/lock.c   |  2 +-
 crypto/rsa/rsa_lib.c| 23 +--
 crypto/x509/x509_lu.c   | 11 ++-
 e_os.h  | 25 ++---
 include/openssl/bio.h   |  1 +
 ssl/ssl_cert.c  | 11 ++-
 ssl/ssl_conf.c  |  3 ---
 ssl/ssl_lib.c   | 31 ++-
 ssl/ssl_sess.c  | 11 ++-
 util/pl/linux.pl|  2 +-
 util/pl/ultrix.pl   |  2 +-
 30 files changed, 104 insertions(+), 225 deletions(-)

diff --git a/CHANGES b/CHANGES
index eb6ee3f..cb71a13 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX ]
 
+  *) Rename REF_CHECK to REF_DEBUG.
+ [Rich Salz]
+
   *) New "unified" build system
 
  The "unified" build system is aimed to be a common system for all
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 07e1d6a..cda7e21 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -26,7 +26,7 @@
 "vos-gcc" => {
 cc   => "gcc",
 cflags   => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L 
-D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN",
-debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG",
+debug_cflags => "-O0 -g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG",
 release_cflags   => "-O3",
 thread_cflag => "(unknown)",
 sys_id   => "VOS",
@@ -134,7 +134,7 @@
 # -mcpu=ultrasparc
 inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ],
 cflags   => add_before(" ", "-m32 -mcpu=ultrasparc"),
-debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG 
-DBN_CTX_DEBUG -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long 
-D__EXTENSIONS__",
+debug_cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG 
-DBN_CTX_DEBUG -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long 
-D__EXTENSIONS__",
 },
 "solaris64-sparcv9-gcc" => {
 inherit_from => [ "solaris-sparcv9-gcc" ],
@@ -152,7 +152,7 @@
 inherit_from => [ "solaris-common" ],
 cc   => "cc",
 cflags   => add_before("-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W"),
-debug_cflags => "-g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG 
-DBN_CTX_DEBUG",
+debug_cflags => "-g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG 
-DBN_CTX_DEBUG",
 release_cflags   => "-xO5 -xdepend",
 thread_cflag => "-D_REENTRANT",
 lflags   => add("-mt"),
@@ -496,7 +496,7 @@
 "linux-generic32" => {
 cc   => "gcc",
 cflags   => "-Wall",
-debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG",
+debug_cflags => "-O0 -g -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG",
 release_cflags   => "-O3",
 thread_cflag => "-pthread",
 ex_libs  => "-ldl",
@@ -607,7 +607,7 @@
 inherit_from => [ "linux-generic32", asm("x86_elf_asm") ],
 cc   => "gcc",
 cflags   => "-march=i486 -DL_ENDIAN -Wall",
-debug_cflags => "-O0 -g -DBN_DEBUG 

[openssl-commits] Build failed: openssl ct_api.27

[AppVeyor]

Build openssl ct_api.27 failed


Commit b43c347141 by Rob Percival on 2/11/2016 2:44 PM:

WIP: Certificate Transparency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1696 (master - 210ac68)

[Travis CI]

Build Update for openssl/openssl
-

Build: #1696
Status: Still Failing

Duration: 1 hour, 22 minutes, and 52 seconds
Commit: 210ac68 (master)
Author: Matt Caswell
Message: Fix errstr error code parsing

Error codes are printed in hex, and previous OpenSSL versions expected
the error codes to be provided to errstr in hex. In 1.1.0, for some
reason, it was expecting them to be decimal.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/124cbe188753...210ac6824670

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108486158

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  24f0b10462792c202a0fe1952974fcace1e2c563 (commit)
  from  22e3dcb7808bb06cd18c3231e34a5930e796cc48 (commit)


- Log -
commit 24f0b10462792c202a0fe1952974fcace1e2c563
Author: Rich Salz 
Date:   Thu Feb 11 13:16:14 2016 -0500

Don't add filename comment.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 util/mkerr.pl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/util/mkerr.pl b/util/mkerr.pl
index 7e84de9..13c9974 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -602,7 +602,6 @@ EOF
open (OUT,">$cfile") || die "Can't open $cfile for writing";
 
print OUT <<"EOF";
-/* $cfile */
 /* 
  * Copyright (c) 1999-$year The OpenSSL Project.  All rights reserved.
  *
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits