[openssl-commits] Build failed: openssl master.2779

[AppVeyor]

Build openssl master.2779 failed


Commit acde647fb0 by Kazuki Yamaguchi on 4/23/2016 3:24 AM:

Fix EC_KEY_set_private_key() to call key->group->meth->set_private()


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#3462 (OpenSSL_1_0_2-stable - 2442382)

[Travis CI]

Build Update for openssl/openssl
-

Build: #3462
Status: Broken

Duration: 3 minutes and 54 seconds
Commit: 2442382 (OpenSSL_1_0_2-stable)
Author: Viktor Dukhovni
Message: Fix buffer overrun in ASN1_parse().

Backport of commits:

79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317

from master.

Reviewed-by: Matt Caswell 

View the changeset: 
https://github.com/openssl/openssl/compare/f32774087f7b...2442382e11c0

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/125177129

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2778

[AppVeyor]

Build openssl master.2778 failed


Commit 9f13d4dd5e by Dr. Stephen Henson on 4/22/2016 11:29 PM:

add test for CVE-2016-2109


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Viktor Dukhovni]

The branch OpenSSL_1_0_1-stable has been updated
   via  697283ba418b21c4c0682d7050264b492e2ea4e2 (commit)
  from  3d411057a5e28530fffc40b257698f453c89aa87 (commit)


- Log -
commit 697283ba418b21c4c0682d7050264b492e2ea4e2
Author: Viktor Dukhovni 
Date:   Tue Apr 19 22:23:24 2016 -0400

Fix buffer overrun in ASN1_parse().

Backport of commits:

79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317

from master.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/asn1/asn1_lib.c | 18 +++---
 crypto/asn1/asn1_par.c | 17 +
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc9..54b683c 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
 #include 
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max);
+   long max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 *ptag = tag;
 *pclass = xclass;
-if (!asn1_get_length(, , plength, (int)max))
+if (!asn1_get_length(, , plength, max))
 goto err;
 
 if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max)
+   long max)
 {
 const unsigned char *p = *pp;
 unsigned long ret = 0;
-unsigned int i;
+unsigned long i;
 
 if (max-- < 1)
-return (0);
+return 0;
 if (*p == 0x80) {
 *inf = 1;
 ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 *inf = 0;
 i = *p & 0x7f;
 if (*(p++) & 0x80) {
-if (i > sizeof(long))
+if (i > sizeof(ret) || max < i)
 return 0;
-if (max-- == 0)
-return (0);
 while (i-- > 0) {
 ret <<= 8L;
 ret |= *(p++);
-if (max-- == 0)
-return (0);
 }
 } else
 ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 return 0;
 *pp = p;
 *rl = (long)ret;
-return (1);
+return 1;
 }
 
 /*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a..e85e339 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
 goto end;
 if (j & V_ASN1_CONSTRUCTED) {
+const unsigned char *sp;
+
 ep = p + len;
 if (BIO_write(bp, "\n", 1) <= 0)
 goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 goto end;
 }
 if ((j == 0x21) && (len == 0)) {
+sp = p;
 for (;;) {
 r = asn1_parse2(bp, , (long)(tot - p),
 offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 ret = 0;
 goto end;
 }
-if ((r == 2) || (p >= tot))
+if ((r == 2) || (p >= tot)) {
+len = p - sp;
 break;
+}
 }
-} else
+} else {
+long tmp = len;
+
 while (p < ep) {
-r = asn1_parse2(bp, , (long)len,
-offset + (p - *pp), depth + 1,
+sp = p;
+r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1,
 indent, dump);
 if (r == 0) {
 ret = 0;
 goto end;
 }
+tmp -= p - sp;
 }
+}
 } else if (xclass != 0) {
 p += len;
 if (BIO_write(bp, "\n", 1) <= 0)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Viktor Dukhovni]

The branch OpenSSL_1_0_2-stable has been updated
   via  2442382e11c022aaab4fdc6975bd15d5a75c4db2 (commit)
  from  f32774087f7b3db1f789688368d16d917757421e (commit)


- Log -
commit 2442382e11c022aaab4fdc6975bd15d5a75c4db2
Author: Viktor Dukhovni 
Date:   Tue Apr 19 22:23:24 2016 -0400

Fix buffer overrun in ASN1_parse().

Backport of commits:

79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317

from master.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/asn1/asn1_lib.c | 18 +++---
 crypto/asn1/asn1_par.c | 17 +
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc9..54b683c 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
 #include 
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max);
+   long max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 *ptag = tag;
 *pclass = xclass;
-if (!asn1_get_length(, , plength, (int)max))
+if (!asn1_get_length(, , plength, max))
 goto err;
 
 if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max)
+   long max)
 {
 const unsigned char *p = *pp;
 unsigned long ret = 0;
-unsigned int i;
+unsigned long i;
 
 if (max-- < 1)
-return (0);
+return 0;
 if (*p == 0x80) {
 *inf = 1;
 ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 *inf = 0;
 i = *p & 0x7f;
 if (*(p++) & 0x80) {
-if (i > sizeof(long))
+if (i > sizeof(ret) || max < i)
 return 0;
-if (max-- == 0)
-return (0);
 while (i-- > 0) {
 ret <<= 8L;
 ret |= *(p++);
-if (max-- == 0)
-return (0);
 }
 } else
 ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 return 0;
 *pp = p;
 *rl = (long)ret;
-return (1);
+return 1;
 }
 
 /*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a..e85e339 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
 goto end;
 if (j & V_ASN1_CONSTRUCTED) {
+const unsigned char *sp;
+
 ep = p + len;
 if (BIO_write(bp, "\n", 1) <= 0)
 goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 goto end;
 }
 if ((j == 0x21) && (len == 0)) {
+sp = p;
 for (;;) {
 r = asn1_parse2(bp, , (long)(tot - p),
 offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 ret = 0;
 goto end;
 }
-if ((r == 2) || (p >= tot))
+if ((r == 2) || (p >= tot)) {
+len = p - sp;
 break;
+}
 }
-} else
+} else {
+long tmp = len;
+
 while (p < ep) {
-r = asn1_parse2(bp, , (long)len,
-offset + (p - *pp), depth + 1,
+sp = p;
+r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1,
 indent, dump);
 if (r == 0) {
 ret = 0;
 goto end;
 }
+tmp -= p - sp;
 }
+}
 } else if (xclass != 0) {
 p += len;
 if (BIO_write(bp, "\n", 1) <= 0)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  acde647fb0347f64af8f8678b73ce41f2f499c02 (commit)
  from  9f13d4dd5ec420fb2fa0a7b94a6d66bb2700a492 (commit)


- Log -
commit acde647fb0347f64af8f8678b73ce41f2f499c02
Author: Kazuki Yamaguchi 
Date:   Thu Apr 21 17:35:53 2016 +0900

Fix EC_KEY_set_private_key() to call key->group->meth->set_private()

Fix a bug introduced by 6903e2e7e9a4 (Extended EC_METHOD customisation
support., 2016-02-01). key->meth->set_private() is wrongly called where
it should call key->group->meth->set_private().

PR#4517

Reviewed-by: Tim Hudson 
Reviewed-by: Stephen Henson 

---

Summary of changes:
 crypto/ec/ec_key.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index f7948cc..22c6535 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -483,8 +483,8 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM 
*priv_key)
 {
 if (key->group == NULL || key->group->meth == NULL)
 return 0;
-if (key->group->meth->set_private
-&& key->meth->set_private(key, priv_key) == 0)
+if (key->group->meth->set_private != NULL
+&& key->group->meth->set_private(key, priv_key) == 0)
 return 0;
 if (key->meth->set_private != NULL
 && key->meth->set_private(key, priv_key) == 0)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  9f13d4dd5ec420fb2fa0a7b94a6d66bb2700a492 (commit)
   via  53e409db615550c4bf5da2c9a5f56c7065315636 (commit)
  from  c62981390d6cf9e3d612c489b8b77c2913b25807 (commit)


- Log -
commit 9f13d4dd5ec420fb2fa0a7b94a6d66bb2700a492
Author: Dr. Stephen Henson 
Date:   Fri Apr 22 18:44:23 2016 +0100

add test for CVE-2016-2109

Reviewed-by: Richard Levitte 

commit 53e409db615550c4bf5da2c9a5f56c7065315636
Author: Dr. Stephen Henson 
Date:   Fri Apr 22 18:37:42 2016 +0100

In d2i_test return error for malloc failure.

Bad ASN.1 data should never be able to trigger a malloc failure so return
an error in d2i_test if a malloc failure occurs.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 test/d2i-tests/bad_bio.der | Bin 0 -> 7 bytes
 test/d2i_test.c|   3 +++
 test/recipes/25-test_d2i.t |   6 +-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 test/d2i-tests/bad_bio.der

diff --git a/test/d2i-tests/bad_bio.der b/test/d2i-tests/bad_bio.der
new file mode 100644
index 000..8681f05
Binary files /dev/null and b/test/d2i-tests/bad_bio.der differ
diff --git a/test/d2i_test.c b/test/d2i_test.c
index 49882a3..78adf48 100644
--- a/test/d2i_test.c
+++ b/test/d2i_test.c
@@ -108,6 +108,9 @@ static int execute_test(D2I_TEST_FIXTURE fixture)
 ret = 1;
 
  err:
+/* Don't indicate success for memory allocation errors */
+if (ret == 1 && ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
+ret = 0;
 BIO_free(bio);
 OPENSSL_free(der);
 ASN1_item_free(value, item_type);
diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t
index 111fa5b..9e1a643 100644
--- a/test/recipes/25-test_d2i.t
+++ b/test/recipes/25-test_d2i.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_d2i");
 
-plan tests => 2;
+plan tests => 3;
 
 ok(run(test(["d2i_test", "X509", "decode",
  srctop_file('test','d2i-tests','bad_cert.der')])),
@@ -24,3 +24,7 @@ ok(run(test(["d2i_test", "X509", "decode",
 ok(run(test(["d2i_test", "GENERAL_NAME", "decode",
  srctop_file('test','d2i-tests','bad_generalname.der')])),
"Running d2i_test bad_generalname.der");
+
+ok(run(test(["d2i_test", "ASN1_ANY", "BIO",
+ srctop_file('test','d2i-tests','bad_bio.der')])),
+   "Running d2i_test bad_bio.der");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
   via  f32774087f7b3db1f789688368d16d917757421e (commit)
  from  9676402c3a6657781a65836c716066d3d39ee54f (commit)


- Log -
commit f32774087f7b3db1f789688368d16d917757421e
Author: Dr. Stephen Henson 
Date:   Mon Apr 11 13:57:20 2016 +0100

Harden ASN.1 BIO handling of large amounts of data.

If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Viktor Dukhovni 
(cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)

---

Summary of changes:
 crypto/asn1/a_d2i_fp.c | 36 ++--
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index a1864b4..51b6f24 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void 
*x)
 #endif
 
 #define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
 BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 /* suck in c.slen bytes of data */
 want = c.slen;
 if (want > (len - off)) {
+size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
 want -= (len - off);
 if (want > INT_MAX /* BIO_read takes an int length */  ||
 len + want < len) {
 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
 goto err;
 }
-if (!BUF_MEM_grow_clean(b, len + want)) {
-ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-goto err;
-}
 while (want > 0) {
-i = BIO_read(in, &(b->data[len]), want);
-if (i <= 0) {
-ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-ASN1_R_NOT_ENOUGH_DATA);
+/*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+size_t chunk = want > chunk_max ? chunk_max : want;
+
+if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 
ERR_R_MALLOC_FAILURE);
 goto err;
 }
+want -= chunk;
+while (chunk > 0) {
+i = BIO_read(in, &(b->data[len]), chunk);
+if (i <= 0) {
+ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ASN1_R_NOT_ENOUGH_DATA);
+goto err;
+}
 /*
  * This can't overflow because |len+want| didn't
  * overflow.
  */
-len += i;
-want -= i;
+len += i;
+chunk -= i;
+}
+if (chunk_max < INT_MAX/2)
+chunk_max *= 2;
 }
 }
 if (off + c.slen < off) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Dr . Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated
   via  3d411057a5e28530fffc40b257698f453c89aa87 (commit)
  from  7a433893adbe7eab3c41581175493d9e5326ba3f (commit)


- Log -
commit 3d411057a5e28530fffc40b257698f453c89aa87
Author: Dr. Stephen Henson 
Date:   Mon Apr 11 13:57:20 2016 +0100

Harden ASN.1 BIO handling of large amounts of data.

If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Viktor Dukhovni 
(cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)

---

Summary of changes:
 crypto/asn1/a_d2i_fp.c | 36 ++--
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index a1864b4..51b6f24 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void 
*x)
 #endif
 
 #define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
 BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 /* suck in c.slen bytes of data */
 want = c.slen;
 if (want > (len - off)) {
+size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
 want -= (len - off);
 if (want > INT_MAX /* BIO_read takes an int length */  ||
 len + want < len) {
 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
 goto err;
 }
-if (!BUF_MEM_grow_clean(b, len + want)) {
-ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-goto err;
-}
 while (want > 0) {
-i = BIO_read(in, &(b->data[len]), want);
-if (i <= 0) {
-ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-ASN1_R_NOT_ENOUGH_DATA);
+/*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+size_t chunk = want > chunk_max ? chunk_max : want;
+
+if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 
ERR_R_MALLOC_FAILURE);
 goto err;
 }
+want -= chunk;
+while (chunk > 0) {
+i = BIO_read(in, &(b->data[len]), chunk);
+if (i <= 0) {
+ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ASN1_R_NOT_ENOUGH_DATA);
+goto err;
+}
 /*
  * This can't overflow because |len+want| didn't
  * overflow.
  */
-len += i;
-want -= i;
+len += i;
+chunk -= i;
+}
+if (chunk_max < INT_MAX/2)
+chunk_max *= 2;
 }
 }
 if (off + c.slen < off) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2774

[AppVeyor]

Build openssl master.2774 failed


Commit 4eb4e52a26 by FdaSilvaYY on 3/20/2016 8:14 PM:

Add help message to some progs options.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2773

[AppVeyor]

Build openssl master.2773 failed


Commit 4fc255ac2f by FdaSilvaYY on 3/7/2016 9:45 PM:

Unify _up_ref methods signature and behaviour.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2772

[AppVeyor]

Build openssl master.2772 failed


Commit e451c107ee by FdaSilvaYY on 3/7/2016 9:45 PM:

Unify  _up_ref methods returned type


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2771

[AppVeyor]

Build openssl master.2771 failed


Commit 4756291278 by FdaSilvaYY on 4/4/2016 6:42 PM:

Fix an error code spelling.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#544 (up_ref_api_unify - 070c5bd)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #544
Status: Errored

Duration: 17 seconds
Commit: 070c5bd (up_ref_api_unify)
Author: FdaSilvaYY
Message: Unify  _up_ref methods returned type

Add a status return value.
Update the docs.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/b42b329d4075...070c5bd604aa

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/125103362

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#542 (X509_REQ_to_X509 - db903c4)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #542
Status: Fixed

Duration: 25 minutes and 48 seconds
Commit: db903c4 (X509_REQ_to_X509)
Author: FdaSilvaYY
Message: Use more X509_REQ_get0_pubkey & X509_get0_pubkey

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/73d3df179090...db903c40af23

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/125102748

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2770

[AppVeyor]

Build openssl master.2770 failed


Commit 739e21afa7 by FdaSilvaYY on 3/8/2016 7:11 PM:

Add checks on CRYPTO_new_ex_data return value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2769

[AppVeyor]

Build openssl master.2769 failed


Commit ddc606c914 by Richard Levitte on 4/22/2016 4:20 PM:

Warn when doing an out-of-source build and finding in-source build artifacts


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2768

[AppVeyor]

Build openssl master.2768 failed


Commit e2ab7fb343 by Viktor Dukhovni on 4/22/2016 2:41 PM:

make update


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.2767

[AppVeyor]

Build openssl master.2767 failed


Commit ee85fc1dd6 by Matt Caswell on 4/22/2016 2:37 PM:

Don't set peer_tmp until we have finished constructing it


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  ddc606c914e72e770dbe8293a65585b7c3017bba (commit)
  from  e2ab7fb343b28fba997cdf4a26bb616c26783c38 (commit)


- Log -
commit ddc606c914e72e770dbe8293a65585b7c3017bba
Author: Richard Levitte 
Date:   Thu Apr 21 18:03:16 2016 +0200

Warn when doing an out-of-source build and finding in-source build artifacts

The reason to warn is that configuration *may* pick up on
configuration header files that are in the source tree, that might be
for a wildly different configuration than what is expected in the
current out-of-source configuration.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 Configure | 8 
 1 file changed, 8 insertions(+)

diff --git a/Configure b/Configure
index 35ac2cc..4a870c0 100755
--- a/Configure
+++ b/Configure
@@ -1923,6 +1923,14 @@ or position independent code, please let us know (but 
please first make sure
 you have tried with a current version of OpenSSL).
 EOF
 
+print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
+
+WARNING: there are indications that another build was made in the source
+directory.  This build may have picked up artifacts from that build, the
+safest course of action is to clean the source directory and redo this
+configuration.
+EOF
+
 exit(0);
 
 ##
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Viktor Dukhovni]

The branch master has been updated
   via  e2ab7fb343b28fba997cdf4a26bb616c26783c38 (commit)
   via  9f6b22b814a306677f6d5a829cf7fd62005ecdc2 (commit)
  from  ee85fc1dd67faebdeecb8fe8834facaee0566324 (commit)


- Log -
commit e2ab7fb343b28fba997cdf4a26bb616c26783c38
Author: Viktor Dukhovni 
Date:   Thu Apr 21 20:06:49 2016 -0400

make update

Reviewed-by: Rich Salz 

commit 9f6b22b814a306677f6d5a829cf7fd62005ecdc2
Author: Viktor Dukhovni 
Date:   Thu Apr 21 20:00:58 2016 -0400

Enabled DANE only when at least one TLSA RR was added

It is up to the caller of SSL_dane_tlsa_add() to take appropriate
action when no records are added successfully or adding some records
triggers an internal error (negative return value).

With this change the caller can continue with PKIX if desired when
none of the TLSA records are usable, or take some appropriate action
if DANE is required.

Also fixed the internal ssl_dane_dup() function to properly initialize
the TLSA RR stack in the target SSL handle.  Errors in ssl_dane_dup()
are no longer ignored.

Reviewed-by: Rich Salz 

---

Summary of changes:
 doc/ssl/SSL_CTX_dane_enable.pod | 56 --
 include/internal/dane.h |  3 ++-
 include/openssl/ssl.h   |  1 +
 ssl/ssl_err.c   | 60 ++---
 ssl/ssl_lib.c   | 16 +--
 5 files changed, 67 insertions(+), 69 deletions(-)

diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
index 8463a3d..d6d447d 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -71,11 +71,17 @@ The arguments specify the fields of the TLSA record.
 The B field is provided in binary (wire RDATA) form, not the hexadecimal
 ASCII presentation form, with an explicit length passed via B.
 A return value of 0 indicates that "unusable" TLSA records (with invalid or
-unsupported parameters) were provided, a negative return value indicates an
-internal error in processing the records.
-If DANE authentication is enabled, but no TLSA records are added successfully,
-authentication will fail, and the handshake may not complete, depending on the
-B argument of L and any verification callback.
+unsupported parameters) were provided.
+A negative return value indicates an internal error in processing the record.
+
+The caller is expected to check the return value of each SSL_dane_tlsa_add()
+call and take appropriate action if none are usable or an internal error
+is encountered in processing some records.
+
+If no TLSA records are added successfully, DANE authentication is not enabled,
+and authentication will be based on any configured traditional trust-anchors;
+authentication success in this case does not mean that the peer was
+DANE-authenticated.
 
 SSL_get0_dane_authority() can be used to get more detailed information about
 the matched DANE trust-anchor after successful connection completion.
@@ -149,6 +155,7 @@ the lifetime of the SSL connection.
 
   SSL_CTX *ctx;
   SSL *ssl;
+  int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
   int num_usable = 0;
   const char *nexthop_domain = "example.com";
   const char *dane_tlsa_domain = "smtp.example.com";
@@ -175,11 +182,19 @@ the lifetime of the SSL connection.
 
 /* set usage, selector, mtype, data, len */
 
-/* Opportunistic DANE TLS clients treat usages 0, 1 as unusable. */
+/*
+ * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+ * They treat all other certificate usages, and in particular PKIX-TA(0)
+ * and PKIX-EE(1), as unusable.
+ */
 switch (usage) {
+default:
 case 0: /* PKIX-TA(0) */
 case 1: /* PKIX-EE(1) */
 continue;
+case 2: /* DANE-TA(2) */
+case 3: /* DANE-EE(3) */
+break;
 }
 
 ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
@@ -194,16 +209,29 @@ the lifetime of the SSL connection.
   }
 
   /*
+   * At this point, the verification mode is still the default SSL_VERIFY_NONE.
* Opportunistic DANE clients use unauthenticated TLS when all TLSA records
* are unusable, so continue the handshake even if authentication fails.
*/
   if (num_usable == 0) {
-int (*cb)(int ok, X509_STORE_CTX *sctx) = NULL;
-
 /* Log all records unusable? */
-/* Set cb to a non-NULL callback of your choice? */
 
-SSL_set_verify(ssl, SSL_VERIFY_NONE, cb);
+/* Optionally set verify_cb to a suitable non-NULL callback. */
+SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+  } else {
+/* At least one usable record.  We expect to verify the peer */
+
+/* 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  ee85fc1dd67faebdeecb8fe8834facaee0566324 (commit)
  from  48c1e15ceb2252e65ba63f93a7bf39c1d368f38f (commit)


- Log -
commit ee85fc1dd67faebdeecb8fe8834facaee0566324
Author: Matt Caswell 
Date:   Tue Apr 19 23:33:35 2016 +0100

Don't set peer_tmp until we have finished constructing it

If we fail halfway through constructing the peer_tmp EVP_PKEY but we have
already stored it in s->s3->peer_tmp then if anything tries to use it then
it will likely fail. This was causing s_client to core dump in the
sslskewith0p test. s_client was trying to print out the connection
parameters that it had negotiated so far. Arguably s_client should not do
that if the connection has failed...but given it is existing functionality
it's easier to fix libssl.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 ssl/statem/statem_clnt.c | 63 +++-
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5b53b86..768cf83 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1525,9 +1525,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, 
PACKET *pkt)
 #ifndef OPENSSL_NO_DH
 else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
 PACKET prime, generator, pub_key;
+EVP_PKEY *peer_tmp = NULL;
 
-DH *dh;
-BIGNUM *p, *g, *bnpub_key;
+DH *dh = NULL;
+BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
 
 if (!PACKET_get_length_prefixed_2(pkt, )
 || !PACKET_get_length_prefixed_2(pkt, )
@@ -1536,19 +1537,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, 
PACKET *pkt)
 goto f_err;
 }
 
-s->s3->peer_tmp = EVP_PKEY_new();
+peer_tmp = EVP_PKEY_new();
 dh = DH_new();
 
-if (s->s3->peer_tmp == NULL || dh == NULL) {
+if (peer_tmp == NULL || dh == NULL) {
+al = SSL_AD_INTERNAL_ERROR;
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-DH_free(dh);
-goto err;
-}
-
-if (EVP_PKEY_assign_DH(s->s3->peer_tmp, dh) == 0) {
-SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-DH_free(dh);
-goto err;
+goto dherr;
 }
 
 p = BN_bin2bn(PACKET_data(), PACKET_remaining(), NULL);
@@ -1558,39 +1553,53 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, 
PACKET *pkt)
   NULL);
 if (p == NULL || g == NULL || bnpub_key == NULL) {
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-BN_free(p);
-BN_free(g);
-BN_free(bnpub_key);
-goto err;
+goto dherr;
 }
 
 if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
-BN_free(p);
-BN_free(g);
-BN_free(bnpub_key);
-goto f_err;
+goto dherr;
 }
 
 if (!DH_set0_pqg(dh, p, NULL, g)) {
+al = SSL_AD_INTERNAL_ERROR;
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-BN_free(p);
-BN_free(g);
-BN_free(bnpub_key);
-goto err;
+goto dherr;
 }
 
 if (!DH_set0_key(dh, bnpub_key, NULL)) {
+al = SSL_AD_INTERNAL_ERROR;
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-BN_free(bnpub_key);
-goto err;
+goto dherr;
 }
 
 if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
 al = SSL_AD_HANDSHAKE_FAILURE;
 SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
-goto f_err;
+goto dherr;
+}
+
+if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+al = SSL_AD_INTERNAL_ERROR;
+SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+goto dherr;
 }
+
+s->s3->peer_tmp = peer_tmp;
+
+goto dhend;
+ dherr:
+BN_free(p);
+BN_free(g);
+BN_free(bnpub_key);
+DH_free(dh);
+EVP_PKEY_free(peer_tmp);
+goto f_err;
+ dhend:
+/*
+ * FIXME: This makes assumptions about which ciphersuites come with
+ * public keys. We should have a less ad-hoc way of doing this
+ */
 if (alg_a & (SSL_aRSA|SSL_aDSS))
 pkey = X509_get0_pubkey(s->session->peer);
 /* else anonymous DH, so no certificate or pkey. */
_
openssl-commits mailing list
To unsubscribe: 

[openssl-commits] Build failed: openssl master.2764

[AppVeyor]

Build openssl master.2764 failed


Commit b04e5c12c2 by Matt Caswell on 4/22/2016 1:39 PM:

Fix no-cmac on Windows/VMS


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Dr . Stephen Henson]

The branch master has been updated
   via  48c1e15ceb2252e65ba63f93a7bf39c1d368f38f (commit)
  from  f0483bf7d2ffdf1b92c71318678a61603a9fa56d (commit)


- Log -
commit 48c1e15ceb2252e65ba63f93a7bf39c1d368f38f
Author: Dr. Stephen Henson 
Date:   Wed Apr 20 21:37:57 2016 +0100

Extensions to d2i_test.

Using ASN1_ITEM tables in d2i_test: this then uses consistent names and
makes it easier to extend.

Add bio, reencode and compare tests.

Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 test/d2i_test.c| 116 +++--
 test/recipes/25-test_d2i.t |   4 +-
 2 files changed, 103 insertions(+), 17 deletions(-)

diff --git a/test/d2i_test.c b/test/d2i_test.c
index 6ffdf55..49882a3 100644
--- a/test/d2i_test.c
+++ b/test/d2i_test.c
@@ -16,19 +16,36 @@
 #include "testutil.h"
 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
+#include "e_os.h"
 
 static const ASN1_ITEM *item_type;
 static const char *test_file;
 
+typedef enum {
+ASN1_UNKNOWN,
+ASN1_OK,
+ASN1_BIO,
+ASN1_DECODE,
+ASN1_ENCODE,
+ASN1_COMPARE
+} expected_error_t;
+
+typedef struct {
+const char *str;
+expected_error_t code;
+} error_enum;
+
+static expected_error_t expected_error = ASN1_UNKNOWN;
+
 typedef struct d2i_test_fixture {
 const char *test_case_name;
 } D2I_TEST_FIXTURE;
 
-
 static D2I_TEST_FIXTURE set_up(const char *const test_case_name)
 {
 D2I_TEST_FIXTURE fixture;
@@ -43,27 +60,56 @@ static int execute_test(D2I_TEST_FIXTURE fixture)
 int ret = 0;
 unsigned char buf[2048];
 const unsigned char *buf_ptr = buf;
+unsigned char *der = NULL;
+int derlen;
 int len;
 
 if ((bio = BIO_new_file(test_file, "r")) == NULL)
 return 0;
 
+if (expected_error == ASN1_BIO) {
+value = ASN1_item_d2i_bio(item_type, bio, NULL);
+if (value == NULL)
+ret = 1;
+goto err;
+}
+
 /*
- * We don't use ASN1_item_d2i_bio because it, apparently,
- * errors too early for some inputs.
+ * Unless we are testing it we don't use ASN1_item_d2i_bio because it
+ * performs sanity checks on the input and can reject it before the
+ * decoder is called.
  */
 len = BIO_read(bio, buf, sizeof buf);
 if (len < 0)
 goto err;
 
 value = ASN1_item_d2i(NULL, _ptr, len, item_type);
-if (value != NULL)
+if (value == NULL) {
+if (expected_error == ASN1_DECODE)
+ret = 1;
 goto err;
+}
+
+derlen = ASN1_item_i2d(value, , item_type);
 
-ret = 1;
+if (der == NULL || derlen < 0) {
+if (expected_error == ASN1_ENCODE)
+ret = 1;
+goto err;
+}
+
+if (derlen != len || memcmp(der, buf, derlen) != 0) {
+if (expected_error == ASN1_COMPARE)
+ret = 1;
+goto err;
+}
+
+if (expected_error == ASN1_OK)
+ret = 1;
 
  err:
 BIO_free(bio);
+OPENSSL_free(der);
 ASN1_item_free(value, item_type);
 return ret;
 }
@@ -93,19 +139,59 @@ int main(int argc, char **argv)
 {
 int result = 0;
 const char *test_type_name;
-
-if (argc != 3)
+const char *expected_error_string;
+
+size_t i;
+static ASN1_ITEM_EXP *items[] = {
+ASN1_ITEM_ref(ASN1_ANY),
+ASN1_ITEM_ref(X509),
+ASN1_ITEM_ref(GENERAL_NAME)
+};
+
+static error_enum expected_errors[] = {
+{"OK", ASN1_OK},
+{"BIO", ASN1_BIO},
+{"decode", ASN1_DECODE},
+{"encode", ASN1_ENCODE},
+{"compare", ASN1_COMPARE}
+};
+
+if (argc != 4) {
+fprintf(stderr,
+"Usage: d2i_test item_name expected_error file.der\n");
 return 1;
+}
 
 test_type_name = argv[1];
-test_file = argv[2];
-
-if (strcmp(test_type_name, "generalname") == 0) {
-item_type = ASN1_ITEM_rptr(GENERAL_NAME);
-} else if (strcmp(test_type_name, "x509") == 0) {
-item_type = ASN1_ITEM_rptr(X509);
-} else {
-fprintf(stderr, "Bad type %s\n", test_type_name);
+expected_error_string = argv[2];
+test_file = argv[3];
+
+for (i = 0; i < OSSL_NELEM(items); i++) {
+const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
+if (strcmp(test_type_name, it->sname) == 0) {
+item_type = it;
+break;
+}
+}
+if (item_type == NULL) {
+fprintf(stderr, "Unknown type %s\n", test_type_name);
+fprintf(stderr, "Supported types:\n");
+for (i = 0; i < OSSL_NELEM(items); i++) {
+const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
+fprintf(stderr, "\t%s\n", it->sname);
+}
+return 1;
+}
+
+for (i = 0; i < OSSL_NELEM(expected_errors); i++) {
+if 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f0483bf7d2ffdf1b92c71318678a61603a9fa56d (commit)
   via  54c010ab8079828630cb0258f8ea6ab5cb9bfce8 (commit)
   via  04e381ff176060b7dbfe31a357101e42a2b32a96 (commit)
  from  b04e5c12c27ec3a1811091bf55b27c99f61a939f (commit)


- Log -
commit f0483bf7d2ffdf1b92c71318678a61603a9fa56d
Author: Matt Caswell 
Date:   Fri Apr 22 12:23:07 2016 +0100

Fix capi engine for no-dsa

The capi engine was failing to compile on Windows if the no-dsa option
was selected.

Reviewed-by: Richard Levitte 

commit 54c010ab8079828630cb0258f8ea6ab5cb9bfce8
Author: Matt Caswell 
Date:   Fri Apr 22 12:10:19 2016 +0100

Fix no-dsa on Windows/VMS

The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.

Reviewed-by: Richard Levitte 

commit 04e381ff176060b7dbfe31a357101e42a2b32a96
Author: Matt Caswell 
Date:   Fri Apr 22 12:09:49 2016 +0100

Fix the indentation of OPENSSL_NO_STDIO in pem.h

Some pre-processor macros were incorrectly indented

Reviewed-by: Richard Levitte 

---

Summary of changes:
 engines/e_capi.c  | 22 ++
 include/openssl/pem.h |  8 +---
 util/libcrypto.num| 16 
 3 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/engines/e_capi.c b/engines/e_capi.c
index 5bf0fe9..66fed29 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -176,9 +176,11 @@ static int capi_rsa_priv_dec(int flen, const unsigned char 
*from,
  unsigned char *to, RSA *rsa, int padding);
 static int capi_rsa_free(RSA *rsa);
 
+# ifndef OPENSSL_NO_DSA
 static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
  DSA *dsa);
 static int capi_dsa_free(DSA *dsa);
+# endif
 
 static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
  STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
@@ -432,7 +434,9 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, 
void (*f) (void))
 }
 
 static RSA_METHOD *capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
 static DSA_METHOD *capi_dsa_method = NULL;
+# endif
 
 static int use_aes_csp = 0;
 
@@ -440,7 +444,9 @@ static int capi_init(ENGINE *e)
 {
 CAPI_CTX *ctx;
 const RSA_METHOD *ossl_rsa_meth;
+# ifndef OPENSSL_NO_DSA
 const DSA_METHOD *ossl_dsa_meth;
+# endif
 HCRYPTPROV hprov;
 
 if (capi_idx < 0) {
@@ -468,6 +474,7 @@ static int capi_init(ENGINE *e)
 goto memerr;
 }
 
+# ifndef OPENSSL_NO_DSA
 /* Setup DSA Method */
 dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
 ossl_dsa_meth = DSA_OpenSSL();
@@ -481,6 +488,7 @@ static int capi_init(ENGINE *e)
 DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
 goto memerr;
 }
+# endif
 }
 
 ctx = capi_ctx_new();
@@ -526,8 +534,10 @@ static int capi_destroy(ENGINE *e)
 {
 RSA_meth_free(capi_rsa_method);
 capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
 DSA_meth_free(capi_dsa_method);
 capi_dsa_method = NULL;
+# endif
 ERR_unload_CAPI_strings();
 return 1;
 }
@@ -560,9 +570,11 @@ static int bind_capi(ENGINE *e)
 capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
 if (capi_rsa_method == NULL)
 return 0;
+# ifndef OPENSSL_NO_DSA
 capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
 if (capi_dsa_method == NULL)
 goto memerr;
+# endif
 if (!ENGINE_set_id(e, engine_capi_id)
 || !ENGINE_set_name(e, engine_capi_name)
 || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
@@ -570,7 +582,9 @@ static int bind_capi(ENGINE *e)
 || !ENGINE_set_finish_function(e, capi_finish)
 || !ENGINE_set_destroy_function(e, capi_destroy)
 || !ENGINE_set_RSA(e, capi_rsa_method)
+# ifndef OPENSSL_NO_DSA
 || !ENGINE_set_DSA(e, capi_dsa_method)
+# endif
 || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
 || !ENGINE_set_load_ssl_client_cert_function(e,
  capi_load_ssl_client_cert)
@@ -583,8 +597,10 @@ static int bind_capi(ENGINE *e)
  memerr:
 RSA_meth_free(capi_rsa_method);
 capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
 DSA_meth_free(capi_dsa_method);
 capi_dsa_method = NULL;
+# endif
 return 0;
 }
 
@@ -722,6 +738,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
 EVP_PKEY_assign_RSA(ret, rkey);
 rkey = NULL;
 
+# ifndef OPENSSL_NO_DSA
 } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
 

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  b04e5c12c27ec3a1811091bf55b27c99f61a939f (commit)
  from  596d6b7e1ca5aa24700098e262cb1625f256343f (commit)


- Log -
commit b04e5c12c27ec3a1811091bf55b27c99f61a939f
Author: Matt Caswell 
Date:   Fri Apr 22 11:47:57 2016 +0100

Fix no-cmac on Windows/VMS

no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 include/openssl/cmac.h |  4 
 util/libcrypto.num | 18 +-
 util/mkdef.pl  |  1 +
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h
index a621923..c2edb21 100644
--- a/include/openssl/cmac.h
+++ b/include/openssl/cmac.h
@@ -54,6 +54,8 @@
 #ifndef HEADER_CMAC_H
 # define HEADER_CMAC_H
 
+# ifndef OPENSSL_NO_CMAC
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -78,4 +80,6 @@ int CMAC_resume(CMAC_CTX *ctx);
 #ifdef  __cplusplus
 }
 #endif
+
+# endif
 #endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 36da112..6d73f14 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -142,7 +142,7 @@ DSO_METHOD_dlfcn139 1_1_0   
NOEXIST::FUNCTION:
 X509_STORE_new  1401_1_0   EXIST::FUNCTION:
 ASN1_TYPE_free  1411_1_0   EXIST::FUNCTION:
 PKCS12_BAGS_new 1421_1_0   EXIST::FUNCTION:
-CMAC_CTX_new1431_1_0   EXIST::FUNCTION:
+CMAC_CTX_new1431_1_0   EXIST::FUNCTION:CMAC
 ASIdentifierChoice_new  1441_1_0   EXIST::FUNCTION:RFC3779
 EVP_PKEY_asn1_set_public1451_1_0   EXIST::FUNCTION:
 IDEA_set_decrypt_key1461_1_0   EXIST::FUNCTION:IDEA
@@ -585,7 +585,7 @@ SCT_verify  573 1_1_0   
EXIST::FUNCTION:CT
 d2i_X5095741_1_0   EXIST::FUNCTION:
 a2i_ASN1_STRING 5751_1_0   EXIST::FUNCTION:
 EC_GROUP_get_mont_data  5761_1_0   EXIST::FUNCTION:EC
-CMAC_CTX_copy   5771_1_0   EXIST::FUNCTION:
+CMAC_CTX_copy   5771_1_0   EXIST::FUNCTION:CMAC
 CRYPTO_set_add_lock_callback5781_1_0   NOEXIST::FUNCTION:
 EVP_camellia_128_cfb128 5791_1_0   EXIST::FUNCTION:CAMELLIA
 DH_compute_key_padded   5801_1_0   EXIST::FUNCTION:DH
@@ -1796,7 +1796,7 @@ EC_POINT_cmp1745  1_1_0   
EXIST::FUNCTION:EC
 ASN1_buf_print  1746   1_1_0   EXIST::FUNCTION:
 EVP_PKEY_CTX_hex2ctrl   1747   1_1_0   EXIST::FUNCTION:
 PEM_write_bio_PKCS8PrivateKey   1748   1_1_0   EXIST::FUNCTION:
-CMAC_Update 1749   1_1_0   EXIST::FUNCTION:
+CMAC_Update 1749   1_1_0   EXIST::FUNCTION:CMAC
 d2i_ASN1_UTCTIME1750   1_1_0   EXIST::FUNCTION:
 sk_insert   1751   1_1_0   EXIST::FUNCTION:
 DSO_up_ref  1752   1_1_0   EXIST::FUNCTION:
@@ -2239,7 +2239,7 @@ AUTHORITY_INFO_ACCESS_it2167  1_1_0   
EXIST:EXPORT_VAR_AS_FUNCTION:
 X509_EXTENSION_create_by_NID2168   1_1_0   EXIST::FUNCTION:
 i2d_RSAPrivateKey   2169   1_1_0   EXIST::FUNCTION:RSA
 d2i_CERTIFICATEPOLICIES 2170   1_1_0   EXIST::FUNCTION:
-CMAC_CTX_get0_cipher_ctx2171   1_1_0   EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx2171   1_1_0   EXIST::FUNCTION:CMAC
 X509_STORE_load_locations   2172   1_1_0   EXIST::FUNCTION:
 OBJ_find_sigid_algs 2173   1_1_0   EXIST::FUNCTION:
 TS_RESP_CTX_set_accuracy2174   1_1_0   EXIST::FUNCTION:TS
@@ -2272,7 +2272,7 @@ X509_STORE_CTX_set_depth2199  1_1_0   
EXIST::FUNCTION:
 X509v3_delete_ext   2200   1_1_0   EXIST::FUNCTION:
 ASN1_STRING_set02201   1_1_0   EXIST::FUNCTION:
 BN_GF2m_add 2202   1_1_0   EXIST::FUNCTION:EC2M
-CMAC_resume 2203   1_1_0   EXIST::FUNCTION:
+CMAC_resume 2203   1_1_0   EXIST::FUNCTION:CMAC
 TS_ACCURACY_set_millis  2204   1_1_0   EXIST::FUNCTION:TS
 X509V3_EXT_conf 2205   1_1_0   EXIST::FUNCTION:
 i2d_DHxparams   2206   1_1_0   EXIST::FUNCTION:DH
@@ -3256,7 +3256,7 @@ BF_cfb64_encrypt3147  1_1_0   
EXIST::FUNCTION:BF
 ASN1_GENERALIZEDTIME_adj

[openssl-commits] Build failed in Jenkins: master_windows #1579

[openssl . sanity]

See 

Changes:

[rsalz] Unified copyright for test recipes

--
Started by upstream project "master_basic" build number 1843
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 596d6b7e1ca5aa24700098e262cb1625f256343f 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 596d6b7e1ca5aa24700098e262cb1625f256343f
 > git rev-list 3f8f728278dbf211d3677a46870f60918082b9a0 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson9081997578257711023.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson4611046551467380535.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1
Copyright (C) Microsoft Corporation.  All rights reserved.

C:\Perl64\bin\perl.exe util\mkbuildinf.pl "cl " "VC-WIN32" > 
crypto\buildinf.h
cl -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 

[openssl-commits] Build failed: openssl master.2763

[AppVeyor]

Build openssl master.2763 failed


Commit 596d6b7e1c by Rich Salz on 4/22/2016 11:58 AM:

Unified copyright for test recipes


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  596d6b7e1ca5aa24700098e262cb1625f256343f (commit)
  from  3f8f728278dbf211d3677a46870f60918082b9a0 (commit)


- Log -
commit 596d6b7e1ca5aa24700098e262cb1625f256343f
Author: Rich Salz 
Date:   Fri Apr 22 07:21:51 2016 -0400

Unified copyright for test recipes

Reviewed-by: Richard Levitte 

---

Summary of changes:
 test/recipes/01-test_abort.t  |  9 +-
 test/recipes/01-test_ordinals.t   | 58 ---
 test/recipes/05-test_bf.t |  9 +-
 test/recipes/05-test_cast.t   |  9 +-
 test/recipes/05-test_des.t|  9 +-
 test/recipes/05-test_hmac.t   |  9 +-
 test/recipes/05-test_idea.t   |  9 +-
 test/recipes/05-test_md2.t|  9 +-
 test/recipes/05-test_md4.t|  9 +-
 test/recipes/05-test_md5.t|  9 +-
 test/recipes/05-test_mdc2.t   |  9 +-
 test/recipes/05-test_rand.t   |  9 +-
 test/recipes/05-test_rc2.t|  8 -
 test/recipes/05-test_rc4.t|  8 -
 test/recipes/05-test_rc5.t|  9 +-
 test/recipes/05-test_rmd.t|  9 +-
 test/recipes/05-test_sha1.t   |  9 +-
 test/recipes/05-test_sha256.t |  9 +-
 test/recipes/05-test_sha512.t |  9 +-
 test/recipes/05-test_wp.t |  9 +-
 test/recipes/10-test_bn.t |  9 +-
 test/recipes/10-test_exp.t|  9 +-
 test/recipes/15-test_dh.t |  9 +-
 test/recipes/15-test_dsa.t|  9 +-
 test/recipes/15-test_ec.t |  9 +-
 test/recipes/15-test_ecdh.t   |  9 +-
 test/recipes/15-test_ecdsa.t  |  9 +-
 test/recipes/15-test_rsa.t|  9 +-
 test/recipes/20-test_enc.t|  9 +-
 test/recipes/25-test_crl.t|  9 +-
 test/recipes/25-test_d2i.t|  9 +-
 test/recipes/25-test_gen.t|  9 +-
 test/recipes/25-test_pkcs7.t  |  9 +-
 test/recipes/25-test_req.t|  9 +-
 test/recipes/25-test_sid.t|  9 +-
 test/recipes/25-test_verify.t |  9 +-
 test/recipes/25-test_x509.t   |  9 +-
 test/recipes/30-test_afalg.t  | 57 --
 test/recipes/30-test_engine.t |  9 +-
 test/recipes/30-test_evp.t|  9 +-
 test/recipes/30-test_evp_extra.t  |  9 +-
 test/recipes/30-test_pbelu.t  |  9 +-
 test/recipes/40-test_rehash.t |  9 +-
 test/recipes/70-test_clienthello.t|  9 +-
 test/recipes/70-test_packet.t |  9 +-
 test/recipes/70-test_sslcertstatus.t  | 58 ---
 test/recipes/70-test_sslextension.t   | 58 ---
 test/recipes/70-test_sslsessiontick.t | 58 ---
 test/recipes/70-test_sslskewith0p.t   | 58 ---
 test/recipes/70-test_sslvertol.t  | 58 ---
 test/recipes/70-test_tlsextms.t   | 58 ---
 test/recipes/70-test_verify_extra.t   |  9 +-
 test/recipes/80-test_ca.t |  9 +-
 test/recipes/80-test_cms.t|  9 +-
 test/recipes/80-test_ct.t |  9 +-
 test/recipes/80-test_dane.t   |  9 +-
 test/recipes/80-test_dtlsv1listen.t   |  9 +-
 test/recipes/80-test_ocsp.t   |  9 +-
 test/recipes/80-test_ssl_new.t|  9 +-
 test/recipes/80-test_ssl_old.t|  9 +-
 test/recipes/80-test_ssl_test_ctx.t   |  9 +-
 test/recipes/80-test_tsa.t|  9 +-
 test/recipes/90-test_async.t  |  9 +-
 test/recipes/90-test_constant_time.t  |  9 +-
 test/recipes/90-test_gmdiff.t |  9 +-
 test/recipes/90-test_heartbeat.t  |  9 +-
 test/recipes/90-test_ige.t|  9 +-
 test/recipes/90-test_memleak.t|  9 +-
 test/recipes/90-test_networking.t | 58 ---
 test/recipes/90-test_np.t |  9 +-
 test/recipes/90-test_p5_crpt2.t   |  9 +-
 test/recipes/90-test_secmem.t |  9 +-
 test/recipes/90-test_srp.t|  9 +-
 test/recipes/90-test_threads.t|  9 +-
 test/recipes/90-test_v3name.t |  9 +-
 75 files changed, 580 insertions(+), 533 deletions(-)

diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t
index 4a6cf97..2f121e2 100644
--- a/test/recipes/01-test_abort.t
+++ b/test/recipes/01-test_abort.t
@@ -1,4 +1,11 @@
-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#

[openssl-commits] Build failed: openssl master.2762

[AppVeyor]

Build openssl master.2762 failed


Commit 3f8f728278 by Richard Levitte on 4/22/2016 10:55 AM:

Add a best effort test to check shared library consistency


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed in Jenkins: master_windows #1578

[openssl . sanity]

See 

Changes:

[Richard Levitte] Add a best effort test to check shared library consistency

--
Started by upstream project "master_basic" build number 1842
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 3f8f728278dbf211d3677a46870f60918082b9a0 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 3f8f728278dbf211d3677a46870f60918082b9a0
 > git rev-list 2ac7753c107e71bfdcaa08b18eb4e6683292be57 # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson7234450162045810832.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson128106947318372280.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1
Copyright (C) Microsoft Corporation.  All rights reserved.

C:\Perl64\bin\perl.exe util\mkbuildinf.pl "cl " "VC-WIN32" > 
crypto\buildinf.h
cl -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS 
-DOPENSSL_IA32_SSE2 

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  3f8f728278dbf211d3677a46870f60918082b9a0 (commit)
  from  2ac7753c107e71bfdcaa08b18eb4e6683292be57 (commit)


- Log -
commit 3f8f728278dbf211d3677a46870f60918082b9a0
Author: Richard Levitte 
Date:   Fri Apr 22 10:20:59 2016 +0200

Add a best effort test to check shared library consistency

Our main development platforms are of the Unix family, which doesn't
have the same strictness regarding a shared library being consistent
with the contents of the ld script (.map file, on Linux and Solaris)
as Windows is with the contents of the .def file or VMS is with the
linker symb_vector option.

To eliminate surprises, we therefore need to make sure to check that
the contents of the .map file is matched with the shared library, at
least to check that the shared library isn't missing any symbols that
should be present.

This test isn't absolutely perfect, as it will only check the symbols
that would be present on Linux / Solaris and will therefore miss those
that would only appear on Windows or VMS.  On the other hand, those
platform specific are few and far apart in time, so it's not likely
they will pose a problem.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 test/recipes/01-test_symbol_presence.t | 115 +
 1 file changed, 115 insertions(+)
 create mode 100644 test/recipes/01-test_symbol_presence.t

diff --git a/test/recipes/01-test_symbol_presence.t 
b/test/recipes/01-test_symbol_presence.t
new file mode 100644
index 000..619519c
--- /dev/null
+++ b/test/recipes/01-test_symbol_presence.t
@@ -0,0 +1,115 @@
+#! /usr/bin/env perl
+# -*- mode: Perl -*-
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use File::Spec::Functions qw(devnull);
+use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_dir bldtop_file);
+use OpenSSL::Test::Utils;
+
+setup("test_symbol_presence");
+
+plan skip_all => "Only useful when building shared libraries"
+if disabled("shared");
+
+my @libnames = ("crypto", "ssl");
+my $testcount = scalar @libnames;
+
+plan tests => $testcount * 2;
+
+note
+"NOTE: developper test!  It's possible that it won't run on your\n",
+"platform, and that's perfectly fine.  This is mainly for developers\n",
+"on Unix to check that our shared libraries are consistent with the\n",
+"ordinals (util/*.num in the source tree), something that should be\n",
+"good enough a check for the other platforms as well.\n";
+
+foreach my $libname (@libnames) {
+ SKIP:
+{
+my $shlibpath = bldtop_file("lib" . $libname . ".so");
+*OSTDERR = *STDERR;
+*OSTDOUT = *STDOUT;
+open STDERR, ">", devnull();
+open STDOUT, ">", devnull();
+my @nm_lines = map { s|\R$||; $_ } `nm -Pg $shlibpath 2> /dev/null`;
+close STDERR;
+close STDOUT;
+*STDERR = *OSTDERR;
+*STDOUT = *OSTDOUT;
+skip "Can't run 'nm -Pg $shlibpath' => $?...  ignoring", 2
+unless $? == 0;
+
+my $bldtop = bldtop_dir();
+my @def_lines;
+indir $bldtop => sub {
+my $mkdefpath = srctop_file("util", "mkdef.pl");
+@def_lines = map { s|\R$||; $_ } `$^X $mkdefpath $libname linux 2> 
/dev/null`;
+ok($? == 0, "running 'cd $bldtop; $^X $mkdefpath $libname linux' 
=> $?");
+}, create => 0, cleanup => 0;
+
+note "Number of lines in \@nm_lines before massaging: ", scalar 
@nm_lines;
+note "Number of lines in \@def_lines before massaging: ", scalar 
@def_lines;
+
+# Massage the nm output to only contain defined symbols
+@nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDT] .*|, @nm_lines);
+
+# Massage the mkdef.pl output to only contain global symbols
+# The output we got is in Unix .map format, which has a global
+# and a local section.  We're only interested in the global
+# section.
+my $in_global = 0;
+@def_lines =
+sort
+map { s|;||; s|\s+||g; $_ }
+grep { $in_global = 1 if m|global:|;
+   $in_global = 0 if m|local:|;
+   $in_global && m|;|; } @def_lines;
+
+note "Number of lines in \@nm_lines after massaging: ", scalar 
@nm_lines;
+note "Number of lines in \@def_lines after massaging: ", scalar 
@def_lines;
+
+# Maintain lists of symbols that are missing in the shared library,
+# or that are extra.
+ 

[openssl-commits] Build failed in Jenkins: master_windows #1577

[openssl . sanity]

See 

Changes:

[Matt Caswell] Fix no-ocsp on Windows (and probably VMS)

[Richard Levitte] Update the Configurations READMEs

[steve] Fix CRYPTO_clear_realloc() bug.

--
Started by upstream project "master_basic" build number 1841
originally caused by:
 Started by an SCM change
Building remotely on windows-slave in workspace 

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/openssl/openssl.git # 
 > timeout=10
Fetching upstream changes from https://github.com/openssl/openssl.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress 
 > https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse "refs/remotes/origin/master^{commit}" # timeout=10
 > git rev-parse "refs/remotes/origin/origin/master^{commit}" # timeout=10
Checking out Revision 2ac7753c107e71bfdcaa08b18eb4e6683292be57 
(refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 2ac7753c107e71bfdcaa08b18eb4e6683292be57
 > git rev-list 5d94e5b65adc7d773068b8eb4b5525d35930f1ae # timeout=10
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson1959527063890846196.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

perl> Configure 
VC-WIN32 
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 
(skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default] 
no-zlib-dynamic [default] 
Configuring for VC-WIN32
CC=cl
CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DUNICODE 
-D_UNICODE /MD /Ox /O2 /Ob2 
SHARED_CFLAG  =
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM 
SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM GHASH_ASM 
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =/nologo /debug
PLIB_LFLAG=
EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib 
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =/nologo
PERL  =C:\Perl64\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for VC-WIN32.

exit> 0 
[master_windows] $ cmd /c call 
C:\Users\ADMINI~1\AppData\Local\Temp\1\hudson4866691695225432837.bat

call> "c:\program 
files (x86)\microsoft visual studio 12.0\vc\bin\vcvars32.bat" 

set> 
PROCESSOR_ARCHITECTURE=x86 

nmake>

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1
Copyright (C) Microsoft Corporation.  All rights reserved.

C:\Perl64\bin\perl.exe util\mkbuildinf.pl "cl " "VC-WIN32" > 
crypto\buildinf.h
cl -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE 

[openssl-commits] Build failed: openssl master.2761

[AppVeyor]

Build openssl master.2761 failed


Commit 8d4cd35f71 by Viktor Szakats on 4/20/2016 7:01 PM:

set exec file attribute for scripts


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits