[openssl-commits] [openssl] master update

2016-02-12 Thread Matt Caswell 
The branch master has been updated
   via  c6f9019b6966db3efd5d3df74826f055fc48aa82 (commit)
  from  04b76df3f72de65625c84eac2a00b4e3596c1102 (commit)


- Log -
commit c6f9019b6966db3efd5d3df74826f055fc48aa82
Author: Matt Caswell 
Date:   Fri Feb 12 10:06:45 2016 +

Fix the enable-ssl-trace config option

The recent removal of static ECDH broke the enable-ssl-trace compilation.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 ssl/t1_trce.c | 22 --
 1 file changed, 22 deletions(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index de1cac7..fdc61a5 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -920,14 +920,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
 *pname = "ECDHE";
 return SSL_kECDHE;
 }
-if (alg_k & SSL_kECDHr) {
-*pname = "ECDH RSA";
-return SSL_kECDHr;
-}
-if (alg_k & SSL_kECDHe) {
-*pname = "ECDH ECDSA";
-return SSL_kECDHe;
-}
 if (alg_k & SSL_kPSK) {
 *pname = "PSK";
 return SSL_kPSK;
@@ -990,13 +982,6 @@ static int ssl_print_client_keyex(BIO *bio, int indent, 
SSL *ssl,
 return 0;
 break;
 
-case SSL_kECDHr:
-case SSL_kECDHe:
-if (msglen == 0) {
-BIO_indent(bio, indent + 2, 80);
-BIO_puts(bio, "implicit\n");
-break;
-}
 case SSL_kECDHE:
 case SSL_kECDHEPSK:
 if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, , ))
@@ -1022,13 +1007,6 @@ static int ssl_print_server_keyex(BIO *bio, int indent, 
SSL *ssl,
 return 0;
 }
 switch (id) {
-/* Should never happen */
-case SSL_kECDHr:
-case SSL_kECDHe:
-BIO_indent(bio, indent + 2, 80);
-BIO_printf(bio, "Unexpected Message\n");
-break;
-
 case SSL_kRSA:
 
 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Emilia Kasper 
The branch master has been updated
   via  a76265574398944d686d2d0de9bacca162f555ca (commit)
  from  04f171c09624cd2e9c00152a30cb22637c694ac1 (commit)


- Log -
commit a76265574398944d686d2d0de9bacca162f555ca
Author: Emilia Kasper 
Date:   Tue Feb 2 17:12:45 2016 +0100

RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/req.c   | 4 ++--
 doc/apps/req.pod | 9 ++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 3ced170..66bcabc 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -89,8 +89,8 @@
 #define STRING_MASK "string_mask"
 #define UTF8_IN "utf8"
 
-#define DEFAULT_KEY_LENGTH  512
-#define MIN_KEY_LENGTH  384
+#define DEFAULT_KEY_LENGTH  2048
+#define MIN_KEY_LENGTH  512
 
 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
 int attribs, unsigned long chtype);
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 9593dec..12a0687 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -324,9 +324,12 @@ configuration file values.
 
 =item B
 
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
 
 =item B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-02-12 Thread Emilia Kasper 
The branch OpenSSL_1_0_2-stable has been updated
   via  b4b23d05d3282b0c155a1ab8435379306be43315 (commit)
  from  10c639a8a56c90bec9e332c7ca76ef552b3952ac (commit)


- Log -
commit b4b23d05d3282b0c155a1ab8435379306be43315
Author: Emilia Kasper 
Date:   Tue Feb 2 17:12:45 2016 +0100

RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz 
(cherry picked from commit a76265574398944d686d2d0de9bacca162f555ca)

---

Summary of changes:
 CHANGES  | 6 +-
 apps/req.c   | 4 ++--
 doc/apps/req.pod | 9 ++---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index f2126bc..8039184 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.0.2f and 1.0.2g [xx XXX ]
 
-  *)
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+ if no keysize is specified with default_bits. This fixes an
+ omission in an earlier change that changed all RSA/DSA key generation
+ apps to use 2048 bits by default.
+ [Emilia Käsper]
 
  Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
 
diff --git a/apps/req.c b/apps/req.c
index 57781c9..e818bd2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -101,8 +101,8 @@
 #define STRING_MASK "string_mask"
 #define UTF8_IN "utf8"
 
-#define DEFAULT_KEY_LENGTH  512
-#define MIN_KEY_LENGTH  384
+#define DEFAULT_KEY_LENGTH  2048
+#define MIN_KEY_LENGTH  512
 
 #undef PROG
 #define PROGreq_main
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 54a4d39..30653e5 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -347,9 +347,12 @@ configuration file values.
 
 =item B
 
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
 
 =item B
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Richard Levitte 
The branch master has been updated
   via  04f171c09624cd2e9c00152a30cb22637c694ac1 (commit)
  from  c6f9019b6966db3efd5d3df74826f055fc48aa82 (commit)


- Log -
commit 04f171c09624cd2e9c00152a30cb22637c694ac1
Author: Richard Levitte 
Date:   Fri Feb 12 12:10:27 2016 +0100

Remove last chomps

In the previous commit to change all chomp to a more flexible regexp,
Configure was forgotten.  This completes the change.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 Configure | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Configure b/Configure
index 3dc6a42..0b885d0 100755
--- a/Configure
+++ b/Configure
@@ -456,7 +456,7 @@ if (grep /^reconf(igure)?$/, @argvcopy) {
 # centered information gathering the reading configdata.pm
 #
 while () {
-chomp;
+s|\R$||;
 if (/^CONFIGURE_ARGS=\s*(.*)\s*/) {
 # Older form, we split the string and hope for the best
 @argvcopy = split /\s+/, $_;
@@ -1333,7 +1333,7 @@ if ($builder eq "unified") {
 my $lineiterator = shift;
 my $target_kind = $1;
 while (defined $lineiterator->()) {
-chomp;
+s|\R$||;
 if (/^\s*ENDRAW\[((?:\\.|[^\\\]])+)\]\s*$/) {
 die "ENDRAW doesn't match BEGINRAW"
 if $1 ne $target_kind;
@@ -2292,7 +2292,7 @@ sub collect_from_file {
 my $saved_line = "";
 $_ = "";
 while (<$fh>) {
-chomp;
+s|\R$||;
 if (defined $line_concat) {
 $_ = $line_concat->($saved_line, $_);
 $saved_line = "";
@@ -2323,7 +2323,7 @@ sub collect_from_array {
 my $saved_line = "";
 $_ = "";
 while (defined($_ = shift @array)) {
-chomp;
+s|\R$||;
 if (defined $line_concat) {
 $_ = $line_concat->($saved_line, $_);
 $saved_line = "";
@@ -2348,7 +2348,7 @@ sub collect_information {
 my %collectors = @_;
 
 while(defined($_ = $lineiterator->())) {
-chomp;
+s|\R$||;
 my $found = 0;
 foreach my $re (keys %collectors) {
 if ($re ne "OTHERWISE" && /$re/) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_api.30

2016-02-12 Thread AppVeyor 



Build openssl ct_api.30 failed


Commit 01ca602807 by Rob Percival on 2/12/2016 11:05 AM:

Public API for Certificate Transparency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.31

2016-02-12 Thread AppVeyor 



Build openssl ct_verify.31 failed


Commit edf6bd8365 by Rob Percival on 2/12/2016 11:27 AM:

Verify SCT signatures


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.32

2016-02-12 Thread AppVeyor 



Build openssl ct_policy.32 failed


Commit 6f9d479479 by Rob Percival on 2/12/2016 11:39 AM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#1734 (master - a762655)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1734
Status: Broken

Duration: 4 minutes and 19 seconds
Commit: a762655 (master)
Author: Emilia Kasper
Message: RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/04f171c09624...a76265574398

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108781349

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_policy.35

2016-02-12 Thread AppVeyor 



Build openssl ct_policy.35 failed


Commit 1f72304c1d by Rob Percival on 2/12/2016 12:04 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_ssl.36

2016-02-12 Thread AppVeyor 



Build openssl ct_ssl.36 failed


Commit 9c599cc0e4 by Rob Percival on 2/12/2016 12:06 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Richard Levitte 
The branch master has been updated
   via  6faffd0ad23801dc540d3865bfd5bbb92e40c791 (commit)
  from  c680f77fb181483d6d6ceee8c60eac6e568898c0 (commit)


- Log -
commit 6faffd0ad23801dc540d3865bfd5bbb92e40c791
Author: Richard Levitte 
Date:   Fri Feb 12 19:44:55 2016 +0100

Better workaround for VMS getnameinfo() bug

The actual bug with current getnameinfo() on VMS is not that it puts
gibberish in the service buffer, but that it doesn't touch it at all.
The gibberish we dealt with before was simply stuff that happened to
be on the stack.

It's better to initialise the service buffer properly (with the empty
string) and check if it's still an empty string after the
getnameinfo() call, and fill it with the direct numerical translation
of the raw port if that's the case.

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/bio/b_addr.c | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 459443b..20ef8ec 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -229,7 +229,7 @@ static int addr_strings(const BIO_ADDR *ap, int numeric,
 if (1) {
 #ifdef AI_PASSIVE
 int ret = 0;
-char host[NI_MAXHOST], serv[NI_MAXSERV];
+char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = "";
 int flags = 0;
 
 if (numeric)
@@ -252,11 +252,13 @@ static int addr_strings(const BIO_ADDR *ap, int numeric,
 return 0;
 }
 
-/* VMS getnameinfo() seems to have a bug, where serv gets filled
- * with gibberish.  We can at least check for digits when flags
- * has NI_NUMERICSERV enabled
+/* VMS getnameinfo() has a bug, it doesn't fill in serv, which
+ * leaves it with whatever garbage that happens to be there.
+ * However, we initialise serv with the empty string (serv[0]
+ * is therefore NUL), so it gets real easy to detect when things
+ * didn't go the way one might expect.
  */
-if ((flags & NI_NUMERICSERV) != 0 && !isdigit(serv[0])) {
+if (serv[0] == '\0') {
 BIO_snprintf(serv, sizeof(serv), "%d",
  ntohs(BIO_ADDR_rawport(ap)));
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1747 (master - 5e4bbeb)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1747
Status: Still Failing

Duration: 1 hour, 5 minutes, and 59 seconds
Commit: 5e4bbeb (master)
Author: Andy Polyakov
Message: modes/ctr128.c: pay attention to ecount_buf alignment in 
CRYPTO_ctr128_encrypt.

It's never problem if CRYPTO_ctr128_encrypt is called from EVP, because
buffer in question is always aligned within EVP_CIPHER_CTX structure.

RT#4218

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/3c65577f1af1...5e4bbeb49fb6

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108889008

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#1750 (master - 7687f52)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1750
Status: Broken

Duration: 1 hour, 2 minutes, and 59 seconds
Commit: 7687f52 (master)
Author: Andy Polyakov
Message: evp/e_des[3].c: address compiler warnings, fix formatting.

RT#4210

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/5e4bbeb49fb6...7687f5255011

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108894180

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ossl_ssize_max.43

2016-02-12 Thread AppVeyor 



Build openssl ossl_ssize_max.43 failed


Commit be2a12cb5e by Rob Percival on 2/12/2016 3:48 PM:

Defines OSSL_SSIZE_MAX


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl sct_alt_tests.41

2016-02-12 Thread AppVeyor 



Build openssl sct_alt_tests.41 failed


Commit 2ec37816d5 by Rob Percival on 2/12/2016 1:26 PM:

Alternative Certificate Transparency SCT tests


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e (commit)
  from  e314c340736830a6fc0260cf72cc51ea0c227e9d (commit)


- Log -
commit ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e
Author: Viktor Dukhovni 
Date:   Sat Feb 13 02:53:13 2016 -0500

Fix some issues near recent chomp changes.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/CA.pl.in  | 6 +++---
 crypto/perlasm/x86_64-xlate.pl | 2 +-
 util/files.pl  | 6 +++---
 util/mk1mf.pl  | 4 +++-
 util/mkfiles.pl| 4 ++--
 5 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index fbba457..f5e8e4a 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -120,9 +120,9 @@ if ($WHAT eq '-newcert' ) {
 close OUT;
 # ask user for existing CA certificate
 print "CA certificate filename (or enter to create)\n";
-$FILE = ;
-$FILE = s|\R$|| if $FILE;
-if ($FILE) {
+$FILE = "" unless defined($FILE = );
+$FILE =~ s{\R$}{};
+if ($FILE ne "") {
 copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
 copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
 } else {
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index a0b3bc0..0a023fb 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -850,7 +850,7 @@ ___
 OPTION DOTNAME
 ___
 }
-while($line=<>) {
+while(defined($line=<>)) {
 
 $line =~ s|\R$||;   # Better chomp
 
diff --git a/util/files.pl b/util/files.pl
index d984196..32e7125 100755
--- a/util/files.pl
+++ b/util/files.pl
@@ -25,8 +25,8 @@ while (<>)
{
$b=$`; # Keep what is before the backslash
$o.=$b." ";
-   $b=<>;
-   $b =~ s|\R$||; # Better chomp
+   $b = "" unless defined($b = <>);
+   $b =~ s{\R$}{};
}
else
{
@@ -43,7 +43,7 @@ while (<>)
}
}
 
-$pwd=`pwd`; $pwd =~ s|\R$||;
+($pwd=`pwd`) =~ s{\R$}{};
 
 if ($sym{'TOP'} eq ".")
{
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 3a9f0d7..f29e50b 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -553,8 +553,10 @@ if ($fips)
{
open (IN, "util/fipslib_path.txt") || fipslib_error();
$fipslibdir = ;
-   $fipslibdir =~ s|\R$||;
close IN;
+   $fipslibdir = "" unless defined($fipslibdir);
+   $fipslibdir =~ s{\R$}{};
+   fipslib_error() if ($fipslibdir eq "");
}
fips_check_files($fipslibdir,
"fipscanister.lib", "fipscanister.lib.sha1",
diff --git a/util/mkfiles.pl b/util/mkfiles.pl
index 4fbe29a..55dfbc6 100755
--- a/util/mkfiles.pl
+++ b/util/mkfiles.pl
@@ -107,8 +107,8 @@ while ()
{
$b=$`;
$o.=$b." ";
-   $b=;
-   $b =~ s|\R$||;
+   $b = "" unless defined($b = );
+   $b =~ s{\R$}{};
}
else
{
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.1064

2016-02-12 Thread AppVeyor 



Build openssl master.1064 failed


Commit e314c34073 by Dr. Stephen Henson on 2/13/2016 2:29 AM:

fix warnings on 32 bit builds


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1746 (master - 3c65577)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1746
Status: Still Failing

Duration: 1 hour, 9 minutes, and 36 seconds
Commit: 3c65577 (master)
Author: Richard Levitte
Message: Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix

INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/c619e8101120...3c65577f1af1

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/10232

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#1751 (master - 82049c5)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1751
Status: Broken

Duration: 1 hour, 12 minutes, and 0 seconds
Commit: 82049c5 (master)
Author: Viktor Dukhovni
Message: Move brace outside #ifdef

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/7687f5255011...82049c543cb7

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108897869

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Rich Salz 
The branch master has been updated
   via  2b91ec7575ca94319a979ed9d23106b061dda095 (commit)
  from  577583519b147ec60e8e241ee12471c2a9c53183 (commit)


- Log -
commit 2b91ec7575ca94319a979ed9d23106b061dda095
Author: Rich Salz 
Date:   Fri Feb 12 14:40:33 2016 -0500

Put user flags last for priority.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configure | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/Configure b/Configure
index 0b885d0..2ba33cb 100755
--- a/Configure
+++ b/Configure
@@ -643,7 +643,7 @@ foreach (@argvcopy)
else# common if (/^[-+]/), just pass down...
{
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
-   $user_cflags.=$_." ";
+   $user_cflags.=" ".$_;
}
}
elsif ($_ =~ /^([^:]+):(.+)$/)
@@ -887,10 +887,10 @@ my $no_shared_warn=0;
 my $no_user_cflags=0;
 my $no_user_defines=0;
 
-if ($user_cflags ne ""){ 
$config{cflags}="$user_cflags$config{cflags}"; }
-else   { $no_user_cflags=1;   }
-if (@user_defines) { $config{defines}=[ @user_defines, @{$config{defines}} 
]; }
-else   { $no_user_defines=1;   }
+if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; }
+else{ $no_user_cflags=1;  }
+if (@user_defines) { $config{defines}=[ @{$config{defines}}, @user_defines ]; }
+else   { $no_user_defines=1;}
 
 # The DSO code currently always implements all functions so that no
 # applications will have to worry about that from a compilation point
@@ -1141,30 +1141,32 @@ if (defined($config{api})) {
 if ($strict_warnings)
{
my $wopt;
+   my $addflags = '';
die "ERROR --strict-warnings requires gcc or clang"
 unless $ecc eq 'gcc' || $ecc eq 'clang';
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
-   $config{cflags} .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
+   $addflags .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
}
if ($ecc eq "clang")
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
-   $config{cflags} .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
+   $addflags .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
}
}
if ($target !~ /^mingw/)
{
foreach $wopt (split /\s+/, $memleak_devteam_backtrace)
{
-   $config{cflags} .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
+   $addflags .= " $wopt" unless ($config{cflags} =~ 
/(^|\s)$wopt(\s|$)/)
}
if ($target =~ /^BSD-/)
{
$config{ex_libs} .= " -lexecinfo";
}
}
+   $config{cflags} = "$addflags $config{cflags}" if $addflags ne '';
}
 
 # If we use the unified build, collect information from build.info files
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#1740 (master - 6faffd0)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1740
Status: Errored

Duration: 50 minutes and 30 seconds
Commit: 6faffd0 (master)
Author: Richard Levitte
Message: Better workaround for VMS getnameinfo() bug

The actual bug with current getnameinfo() on VMS is not that it puts
gibberish in the service buffer, but that it doesn't touch it at all.
The gibberish we dealt with before was simply stuff that happened to
be on the stack.

It's better to initialise the service buffer properly (with the empty
string) and check if it's still an empty string after the
getnameinfo() call, and fill it with the direct numerical translation
of the raw port if that's the case.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/c680f77fb181...6faffd0ad238

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108863808

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-02-12 Thread Andy Polyakov 
The branch OpenSSL_1_0_1-stable has been updated
   via  3629c49d7a0f46eebfea87c33c4e3d2864ad6fa8 (commit)
  from  b0b9f693b422ddc643840859a0755b7b4fde92de (commit)


- Log -
commit 3629c49d7a0f46eebfea87c33c4e3d2864ad6fa8
Author: Andy Polyakov 
Date:   Fri Feb 12 14:07:27 2016 +0100

modes/ctr128.c: pay attention to ecount_buf alignment in 
CRYPTO_ctr128_encrypt.

It's never problem if CRYPTO_ctr128_encrypt is called from EVP, because
buffer in question is always aligned within EVP_CIPHER_CTX structure.

RT#4218

Reviewed-by: Richard Levitte 
(cherry picked from commit 5e4bbeb49fb6522d858703201b5adee9611e7b7b)

---

Summary of changes:
 crypto/modes/ctr128.c | 41 +
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index f3bbcbf..bcafd6b 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -67,23 +67,20 @@
 /* increment counter (128-bit int) by 1 */
 static void ctr128_inc(unsigned char *counter)
 {
-u32 n = 16;
-u8 c;
+u32 n = 16, c = 1;
 
 do {
 --n;
-c = counter[n];
-++c;
-counter[n] = c;
-if (c)
-return;
+c += counter[n];
+counter[n] = (u8)c;
+c >>= 8;
 } while (n);
 }
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void ctr128_inc_aligned(unsigned char *counter)
 {
-size_t *data, c, n;
+size_t *data, c, d, n;
 const union {
 long one;
 char little;
@@ -91,20 +88,19 @@ static void ctr128_inc_aligned(unsigned char *counter)
 1
 };
 
-if (is_endian.little) {
+if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
 ctr128_inc(counter);
 return;
 }
 
 data = (size_t *)counter;
+c = 1;
 n = 16 / sizeof(size_t);
 do {
 --n;
-c = data[n];
-++c;
-data[n] = c;
-if (c)
-return;
+d = data[n] += c;
+/* did addition carry? */
+c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
 } while (n);
 }
 #endif
@@ -144,14 +140,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, 
unsigned char *out,
 }
 
 # if defined(STRICT_ALIGNMENT)
-if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
-0)
+if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+% sizeof(size_t) != 0)
 break;
 # endif
 while (len >= 16) {
 (*block) (ivec, ecount_buf, key);
 ctr128_inc_aligned(ivec);
-for (; n < 16; n += sizeof(size_t))
+for (n = 0; n < 16; n += sizeof(size_t))
 *(size_t *)(out + n) =
 *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
 len -= 16;
@@ -189,16 +185,13 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, 
unsigned char *out,
 /* increment upper 96 bits of 128-bit counter by 1 */
 static void ctr96_inc(unsigned char *counter)
 {
-u32 n = 12;
-u8 c;
+u32 n = 12, c = 1;
 
 do {
 --n;
-c = counter[n];
-++c;
-counter[n] = c;
-if (c)
-return;
+c += counter[n];
+counter[n] = (u8)c;
+c >>= 8;
 } while (n);
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_verify.38

2016-02-12 Thread AppVeyor 



Build openssl ct_verify.38 failed


Commit cc1b6d4f2b by Rob Percival on 2/12/2016 12:35 PM:

Verify SCT signatures


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Andy Polyakov 
The branch master has been updated
   via  dbf9a33c433dedacbb6e0bc22f7aa87e27af2966 (commit)
  from  2b91ec7575ca94319a979ed9d23106b061dda095 (commit)


- Log -
commit dbf9a33c433dedacbb6e0bc22f7aa87e27af2966
Author: Andy Polyakov 
Date:   Fri Feb 12 11:45:44 2016 +0100

.travis.yml: exclude gcc from MacOS X CI builds.

Contemporary Xcode gcc is a front-end to clang, so that explicit
gcc build is actually redundant on MacOS X.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 8e365b3..001180e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -52,6 +52,8 @@ matrix:
 - os: osx
   compiler: clang-3.6
 - os: osx
+  compiler: gcc
+- os: osx
   compiler: gcc-5
 - os: osx
   compiler: i686-w64-mingw32-gcc
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#1738 (master - c680f77)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1738
Status: Fixed

Duration: 10 minutes and 18 seconds
Commit: c680f77 (master)
Author: Richard Levitte
Message: Adjust transfer::Text::Template.pm for alternate directory name

On VMS, periods in directory names weren't allowed.  To counter that,
unpackers such as VMSTAR convert periods in directory names to
underscores.  We need to count that in and add an alternative library
path for Text::Template.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/a76265574398...c680f77fb181

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108834420

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  82049c543cb71619bc23b4e2313f3f3eb405660a (commit)
  from  7687f5255011a5a3ca75e8c5427683d58ae411c0 (commit)


- Log -
commit 82049c543cb71619bc23b4e2313f3f3eb405660a
Author: Viktor Dukhovni 
Date:   Fri Feb 12 16:36:06 2016 -0500

Move brace outside #ifdef

Reviewed-by: Rich Salz 

---

Summary of changes:
 ssl/statem/statem_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6d4a536..8effb0f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -623,8 +623,8 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pk)
 return SSL_PKEY_GOST12_256;
 case NID_id_GostR3410_2012_512:
 return SSL_PKEY_GOST12_512;
-}
 #endif
+}
 }
 
 int ssl_verify_alarm_type(long type)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Richard Levitte 
The branch master has been updated
   via  03ed5e990668a57836d599d2093e762813058362 (commit)
   via  50e83cdde65dee08c5dc08391d6493452a8acc23 (commit)
  from  82049c543cb71619bc23b4e2313f3f3eb405660a (commit)


- Log -
commit 03ed5e990668a57836d599d2093e762813058362
Author: Richard Levitte 
Date:   Wed Feb 10 19:18:33 2016 +0100

We need the linked utils after a full build.

We really needs a better util/shlib_wrap.sh, but will have to do for now.

Reviewed-by: Rich Salz 

commit 50e83cdde65dee08c5dc08391d6493452a8acc23
Author: Richard Levitte 
Date:   Fri Feb 12 14:05:06 2016 +0100

Unified build - fix make depend

There was a catch 22, where 'make depend' directly after configuring
in an otherwise pristine build tree would fail because buildinf.h
didn't exist yet.

This change has the depend building targets depend on the same other
targets as the object file building targets, so the generation of
buildinf.h and similar files would kick in during 'make depend'.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/README | 8 +---
 Configurations/common.tmpl| 1 +
 Configurations/descrip.mms.tmpl   | 3 ++-
 Configurations/unix-Makefile.tmpl | 7 ---
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/Configurations/README b/Configurations/README
index b67506a..89fc65c 100644
--- a/Configurations/README
+++ b/Configurations/README
@@ -488,6 +488,7 @@ They are all expected to return a string with the lines 
they produce.
 
 src2dep(obj => "PATH/TO/objectfile",
 srcs => [ "PATH/TO/sourcefile", ... ],
+deps => [ "dep1", ... ],
 incs => [ "INCL/PATH", ... ]);
 
   'obj' has the dependent object file as well as
@@ -496,7 +497,8 @@ They are all expected to return a string with the lines 
they produce.
   'srcs' has the list of source files to build the
   object file, with the first item being the source
   file that directly corresponds to the object file.
-  'incs' is a list of include file directories.
+  'deps' is a list of explicit dependencies.  'incs'
+  is a list of include file directories.
 
 src2obj - function that produces build file lines to build an
   object file from source files and associated data.
@@ -513,8 +515,8 @@ They are all expected to return a string with the lines 
they produce.
   'srcs' has the list of source files to build the
   object file, with the first item being the source
   file that directly corresponds to the object file.
-  'deps' is a list of dependencies.  'incs' is a list
-  of include file directories.
+  'deps' is a list of explicit dependencies.  'incs'
+  is a list of include file directories.
 
 obj2lib - function that produces build file lines to build a
   static library file ("libfoo.a" in Unix terms) from
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
index a750e21..3bd7324 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -45,6 +45,7 @@
@{$unified_info{includes}->{$obj}} ]);
  $OUT .= src2dep(obj => $obj_no_o,
  srcs => $unified_info{sources}->{$obj},
+ deps => [ reducedepends(resolvedepends($obj)) ],
  incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ]);
  }
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 4732782..ef745ed 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -408,6 +408,7 @@ descrip.mms : {- sourcefile("Configurations", 
"descrip.mms.tmpl") -} $(SRCDIR)Co
   sub src2dep {
   my %args = @_;
   my $dep = $args{obj};
+  my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}});
 
   # Because VMS C isn't very good at combining a /INCLUDE path with
   # #includes having a relative directory (like '#include "../foo.h"),
@@ -432,7 +433,7 @@ descrip.mms : {- sourcefile("Configurations", 
"descrip.mms.tmpl") -} $(SRCDIR)Co
   my $after = $unified_info{after}->{$dep.".OBJ"} || "\@ !";
 
   return <<"EOF";
-$dep.MMS : $srcs
+$dep.MMS : $deps
 ${before}
 SET DEFAULT $forward
 \$(CC) \$(CFLAGS)${incs} /MMS=(TARGET=.OBJ)/OBJECT=${depd}${depn}.MMS 
$srcs
diff --git

[openssl-commits] [openssl] master update

2016-02-12 Thread Andy Polyakov 
The branch master has been updated
   via  c619e81011209ec7c52763a07479081fc15076f1 (commit)
  from  dbf9a33c433dedacbb6e0bc22f7aa87e27af2966 (commit)


- Log -
commit c619e81011209ec7c52763a07479081fc15076f1
Author: Andy Polyakov 
Date:   Fri Feb 12 14:13:06 2016 +0100

Update .gitignore.

Not all git versions understand **/Makefile, but all recognize that
filename without any path applies to all directories.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 .gitignore | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4bbd89b..34505ca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,6 @@
 
 # Top level excludes
 /Makefile.orig
-/Makefile
 /MINFO
 /TABLE
 /*.a
@@ -23,7 +22,8 @@
 /tmp.*
 /configdata.pm
 
-**/Makefile
+# *all* Makefiles
+Makefile
 
 /test/*.ss
 /test/*.srl
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Andy Polyakov 
The branch master has been updated
   via  7687f5255011a5a3ca75e8c5427683d58ae411c0 (commit)
  from  5e4bbeb49fb6522d858703201b5adee9611e7b7b (commit)


- Log -
commit 7687f5255011a5a3ca75e8c5427683d58ae411c0
Author: Andy Polyakov 
Date:   Fri Feb 12 14:46:02 2016 +0100

evp/e_des[3].c: address compiler warnings, fix formatting.

RT#4210

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/evp/e_des.c  | 35 ++-
 crypto/evp/e_des3.c | 31 +++
 2 files changed, 41 insertions(+), 25 deletions(-)

diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index c083e3f..1afd917 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -70,12 +70,13 @@ typedef struct {
 DES_key_schedule ks;
 } ks;
 union {
-void (*cbc) (const void *, void *, size_t, const void *, void *);
+void (*cbc) (const void *, void *, size_t,
+ const DES_key_schedule *, unsigned char *);
 } stream;
 } EVP_DES_KEY;
 
 # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-/* -^^^ this is not a typo, just a way to detect that
+/* --^^^ this is not a typo, just a way to detect that
  * assembler support was in general requested... */
 #  include "sparc_arch.h"
 
@@ -85,9 +86,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
 
 void des_t4_key_expand(const void *key, DES_key_schedule *ks);
 void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
-DES_key_schedule *ks, unsigned char iv[8]);
+const DES_key_schedule *ks, unsigned char iv[8]);
 void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
-DES_key_schedule *ks, unsigned char iv[8]);
+const DES_key_schedule *ks, unsigned char iv[8]);
 # endif
 
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -136,20 +137,24 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 {
 EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_cipher_data(ctx);
 
-if (dat->stream.cbc) {
-(*dat->stream.cbc) (in, out, inl, >ks.ks, 
EVP_CIPHER_CTX_iv_noconst(ctx));
+if (dat->stream.cbc != NULL) {
+(*dat->stream.cbc) (in, out, inl, >ks.ks,
+EVP_CIPHER_CTX_iv_noconst(ctx));
 return 1;
 }
 while (inl >= EVP_MAXCHUNK) {
-DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, 
EVP_CIPHER_CTX_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));
+DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+ EVP_CIPHER_CTX_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
 inl -= EVP_MAXCHUNK;
 in += EVP_MAXCHUNK;
 out += EVP_MAXCHUNK;
 }
 if (inl)
 DES_ncbc_encrypt(in, out, (long)inl, EVP_CIPHER_CTX_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
 return 1;
 }
 
@@ -194,7 +199,8 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 for (n = 0; n < chunk * 8; ++n) {
 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
 DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_cipher_data(ctx),
-(DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));
+(DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+EVP_CIPHER_CTX_encrypting(ctx));
 out[n / 8] =
 (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
 ((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -213,15 +219,18 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
const unsigned char *in, size_t inl)
 {
 while (inl >= EVP_MAXCHUNK) {
-DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, 
EVP_CIPHER_CTX_cipher_data(ctx),
-(DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));
+DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+EVP_CIPHER_CTX_cipher_data(ctx),
+(DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+EVP_CIPHER_CTX_encrypting(ctx));
 inl -= EVP_MAXCHUNK;
 in += EVP_MAXCHUNK;
 out += EVP_MAXCHUNK;
 }
 if (inl)
 DES_cfb_encrypt(in, out, 8, (long)inl, EVP_CIPHER_CTX_cipher_data(ctx),
-

[openssl-commits] [openssl] master update

2016-02-12 Thread Andy Polyakov 
The branch master has been updated
   via  577583519b147ec60e8e241ee12471c2a9c53183 (commit)
  from  d1dc699ac6e5ada11b1f5b1695e403dce638 (commit)


- Log -
commit 577583519b147ec60e8e241ee12471c2a9c53183
Author: Andy Polyakov 
Date:   Fri Feb 12 11:28:22 2016 +0100

ec/asm/ecp_nistz256-armv8.pl: fix test_ssl spurious errors.

RT#4237

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ec/asm/ecp_nistz256-armv8.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl 
b/crypto/ec/asm/ecp_nistz256-armv8.pl
index 9d1bce1..ce6b69e 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1289,6 +1289,9 @@ $code.=<<___;
stp $acc0,$acc1,[$rp_real,#$i]
stp $acc2,$acc3,[$rp_real,#$i+16]
 ___
+$code.=<<___   if ($i == 0);
+   adr $bp_real,.Lone_mont-64
+___
 }
 $code.=<<___;
ldp $acc0,$acc1,[$ap_real,#$i]  // in1
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Richard Levitte 
The branch master has been updated
   via  3c65577f1af1109beb8de06420efa09188981628 (commit)
  from  c619e81011209ec7c52763a07479081fc15076f1 (commit)


- Log -
commit 3c65577f1af1109beb8de06420efa09188981628
Author: Richard Levitte 
Date:   Fri Feb 12 21:14:03 2016 +0100

Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix

INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz 

---

Summary of changes:
 CHANGES   |   6 ++
 Configurations/descrip.mms.tmpl   |  24 +++--
 Configurations/unix-Makefile.tmpl | 198 +++---
 Configure |   9 --
 INSTALL   |   5 +-
 Makefile.in   | 142 +--
 apps/Makefile.in  |  28 +++---
 crypto/async/Makefile.in  |   4 +-
 crypto/srp/Makefile.in|   2 +-
 crypto/ts/Makefile.in |   2 +-
 engines/Makefile.in   |  10 +-
 openssl.spec  |   2 +-
 tools/Makefile.in |  20 ++--
 util/cygwin.sh|  20 ++--
 14 files changed, 233 insertions(+), 239 deletions(-)

diff --git a/CHANGES b/CHANGES
index 29a00bc..cf7d272 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX ]
 
+  *) The INSTALL_PREFIX Makefile variable has been renamed to
+ DESTDIR.  That makes for less confusion on what this variable
+ is for.  Also, the configuration option --install_prefix is
+ removed.
+ [Richard Levitte]
+
   *) Heartbeat for TLS has been removed and is disabled by default
  for DTLS; configure with enable-heartbeats.  Code that uses the
  old #define's might need to be updated.
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 0d5c7ba..4732782 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -106,15 +106,13 @@ PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } grep { 
!m|^\[\.test\]| } @{$uni
 TESTPROGS={- join(", ", map { "-\n\t".$_.".EXE" } grep { m|^\[\.test\]| } 
@{$unified_info{programs}}) -}
 SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
 
-# INSTALL_PREFIX is for package builders so that they can configure for, say,
+# DESTDIR is for package builders so that they can configure for, say,
 # SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
 # In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
-# MMS with /MACROS=(INSTALL_PREFIX=STAGING:[USER]).  The result will end
-# up in STAGING:[USER.OPENSSL].
-# Note that INSTALL_PREFIX can also be given at configuration time, with
-# --install_prefix.
+# MMS with /MACROS=(DESTDIR=STAGING:[USER]).  The result will end up in
+# STAGING:[USER.OPENSSL].
 # Normally it is left empty.
-INSTALL_PREFIX={- $config{install_prefix} -}
+DESTDIR=
 
 # Do not edit this manually. Use Configure --prefix=DIR to change this!
 INSTALLTOP={- catdir($config{prefix}) || 
"SYS\$COMMON:[OPENSSL-\$(MAJOR).\$(MINOR)]" -}
@@ -160,7 +158,7 @@ NODEBUG=@
 $(NODEBUG) internal_inc3 = F$PARSE("{- 
catdir($config{sourcedir},"[.crypto.include.internal]") 
-}","A.;",,,"SYNTAX_ONLY") - "A.;"
 $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
 $(NODEBUG) DEFINE internal 
'internal_inc1','internal_inc2','internal_inc3'
-$(NODEBUG) staging_dir = "$(INSTALL_PREFIX)"
+$(NODEBUG) staging_dir = "$(DESTDIR)"
 $(NODEBUG) IF staging_dir .NES. "" THEN -
 staging_dir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY") - 
"A.;"
 $(NODEBUG) !
@@ -179,7 +177,7 @@ NODEBUG=@
 $(NODEBUG) !
 $(NODEBUG) datatop = 
F$PARSE("$(OPENSSLDIR)","[00]A.;",,,"SYNTAX_ONLY") -
 - "]A.;" + ".]"
-$(NODEBUG) IF "$(INSTALL_PREFIX)" .EQS. "" THEN -
+$(NODEBUG) IF "$(DESTDIR)" .EQS. "" THEN -
 DEFINE ossl_dataroot 'datatop'
 $(NODEBUG) !
 $(NODEBUG) ! Figure out the architecture
@@ -193,7 +191,7 @@ NODEBUG=@
 
 .LAST :
 $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map 
{ $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" 
-}
-$(NODEBUG) IF "$(INSTALL_PREFIX)" .EQS. "" THEN DEASSIGN ossl_dataroot
+$(NODEBUG) IF "$(DESTDIR)" .EQS. "" THEN DEASSIGN

[openssl-commits] Build failed: openssl ct_policy.39

2016-02-12 Thread AppVeyor 



Build openssl ct_policy.39 failed


Commit d9bf3e6aeb by Rob Percival on 2/12/2016 12:55 PM:

CT policy validation


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#1742 (master - 5775835)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1742
Status: Fixed

Duration: 1 hour, 21 minutes, and 53 seconds
Commit: 5775835 (master)
Author: Andy Polyakov
Message: ec/asm/ecp_nistz256-armv8.pl: fix test_ssl spurious errors.

RT#4237

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/d1dc699ac6e5...577583519b14

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108885530

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1744 (master - dbf9a33)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1744
Status: Still Failing

Duration: 1 hour, 7 minutes, and 56 seconds
Commit: dbf9a33 (master)
Author: Andy Polyakov
Message: .travis.yml: exclude gcc from MacOS X CI builds.

Contemporary Xcode gcc is a front-end to clang, so that explicit
gcc build is actually redundant on MacOS X.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/2b91ec7575ca...dbf9a33c433d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108886918

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1741 (master - d1dc699)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1741
Status: Still Failing

Duration: 25 minutes and 18 seconds
Commit: d1dc699 (master)
Author: Richard Levitte
Message: Now that we have good verbosity, turn it on for Travis

It's nearly impossible to determine what goes wrong in the tests
running there without this.

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/6faffd0ad238...d1dc699ac6e5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108876291

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Dr . Stephen Henson 
The branch master has been updated
   via  e314c340736830a6fc0260cf72cc51ea0c227e9d (commit)
  from  03ed5e990668a57836d599d2093e762813058362 (commit)


- Log -
commit e314c340736830a6fc0260cf72cc51ea0c227e9d
Author: Dr. Stephen Henson 
Date:   Fri Feb 12 22:24:39 2016 +

fix warnings on 32 bit builds

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 include/openssl/e_os2.h | 6 +-
 test/dtlsv1listentest.c | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 04e1c05..519b8ce 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -317,7 +317,11 @@ typedef unsigned __int64 uint64_t;
  * isn't available or did not define it, just go with hard-coded.
  */
 # ifndef PRIu64
-#  define PRIu64 "lu"
+#  ifdef SIXTY_FOUR_BIT_LONG
+#   define PRIu64 "lu"
+#  else
+#   define PRIu64 "llu"
+#  endif
 # endif
 
 /* ossl_inline: portable inline definition usable in public headers */
diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
index d12d93a..78ac83a 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -377,7 +377,7 @@ int main(void)
 char *data;
 long datalen;
 int ret, success = 0;
-size_t i;
+long i;
 
 ctx = SSL_CTX_new(DTLS_server_method());
 if (ctx == NULL || peer == NULL)
@@ -397,7 +397,7 @@ int main(void)
 SSL_set_wbio(ssl, outbio);
 
 success = 1;
-for (i = 0; i < OSSL_NELEM(testpackets) && success; i++) {
+for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {
 inbio = BIO_new_mem_buf((char *)testpackets[i].in,
 testpackets[i].inlen);
 if (inbio == NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#1745 (master - c619e81)

2016-02-12 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #1745
Status: Still Failing

Duration: 51 minutes and 28 seconds
Commit: c619e81 (master)
Author: Andy Polyakov
Message: Update .gitignore.

Not all git versions understand **/Makefile, but all recognize that
filename without any path applies to all directories.

Reviewed-by: Richard Levitte 

View the changeset: 
https://github.com/openssl/openssl/compare/dbf9a33c433d...c619e8101120

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/108887384

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.1058

2016-02-12 Thread AppVeyor 



Build openssl OpenSSL_1_0_1-stable.1058 failed


Commit 3629c49d7a by Andy Polyakov on 2/12/2016 9:01 PM:

modes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl ct_ssl.40

2016-02-12 Thread AppVeyor 



Build openssl ct_ssl.40 failed


Commit 2c4c402ed1 by Rob Percival on 2/12/2016 1:03 PM:

Extends s_client to allow a basic CT policy to be enabled


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits