date:20160627

[openssl-commits] Build failed: openssl 1.0.531

2016-06-27 Thread AppVeyor




Build openssl 1.0.531 failed


Commit caac183632 by FdaSilvaYY on 6/27/2016 10:11 PM:

Add sk_new_num & sk_new_null_num methods


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.530

2016-06-27 Thread AppVeyor




Build openssl 1.0.530 failed


Commit 200ce4a409 by FdaSilvaYY on 6/26/2016 7:24 PM:

Fix of various "warning: missing field 'one-field' initializer" in crypto.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.529

2016-06-27 Thread AppVeyor




Build openssl 1.0.529 failed


Commit 20d802d2ae by FdaSilvaYY on 6/27/2016 10:09 PM:

Fix allocation failure in OCSP_accept_responses_new


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.528

2016-06-27 Thread AppVeyor




Build openssl 1.0.528 failed


Commit d77db8ed35 by FdaSilvaYY on 6/27/2016 10:03 PM:

Deprecate BIO_set() method


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#1261 (constify_2 - cb77b60)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1261
Status: Still Failing

Duration: 1 minute and 35 seconds
Commit: cb77b60 (constify_2)
Author: FdaSilvaYY
Message: Useless Typedef's

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/941a468ba219...cb77b609ba19

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140666576

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#1260 (sk_num_alloc - caac183)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1260
Status: Still Failing

Duration: 16 minutes and 19 seconds
Commit: caac183 (sk_num_alloc)
Author: FdaSilvaYY
Message: Add sk_new_num & sk_new_null_num methods

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/fc65e72ca1d9...caac1836327a

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140662883

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.527

2016-06-27 Thread AppVeyor




Build openssl 1.0.527 failed


Commit 91be092ddd by FdaSilvaYY on 6/27/2016 9:43 PM:

Constify a bit more OPENSSL_sk_ API


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4049

2016-06-27 Thread AppVeyor




Build openssl master.4049 failed


Commit 0ff32f9644 by Rich Salz on 6/27/2016 8:32 PM:

set CC directly


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.526

2016-06-27 Thread AppVeyor




Build openssl 1.0.526 failed


Commit bfd0eb4c52 by FdaSilvaYY on 6/27/2016 9:42 PM:

Clean pem.h header file include


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.525

2016-06-27 Thread AppVeyor




Build openssl 1.0.525 failed


Commit aa4a97a641 by FdaSilvaYY on 6/27/2016 9:42 PM:

Clean pem.h header file include


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl master.4047

2016-06-27 Thread AppVeyor



Build openssl master.4047 completed



Commit f44a5510dc by FdaSilvaYY on 6/26/2016 7:20 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.524

2016-06-27 Thread AppVeyor




Build openssl 1.0.524 failed


Commit c2fefe0a50 by FdaSilvaYY on 6/27/2016 9:39 PM:

Deprecate BIO_set() method


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.523

2016-06-27 Thread AppVeyor




Build openssl 1.0.523 failed


Commit 7a53360031 by Andy Polyakov on 6/27/2016 9:32 PM:

engines/e_capi.c: accommodate recent DSA_SIG_[get|set]0 changes.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#1255 (include_cleanup - bfd0eb4)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1255
Status: Fixed

Duration: 3 minutes and 50 seconds
Commit: bfd0eb4 (include_cleanup)
Author: FdaSilvaYY
Message: Clean pem.h header file include

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/aa4a97a641dd...bfd0eb4c52ab

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140656574

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1253 (Deprecate-BIO_set - c2fefe0)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1253
Status: Errored

Duration: 26 seconds
Commit: c2fefe0 (Deprecate-BIO_set)
Author: FdaSilvaYY
Message: Deprecate BIO_set() method

It is now deprecated as :
- BIO type is now opaque, so no more stack-allocable.
- the new locking API is locking now each BIO object individually.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/89a0115ed658...c2fefe0a50f1

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140655926

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4046

2016-06-27 Thread AppVeyor




Build openssl master.4046 failed


Commit 7cf3588474 by Rich Salz on 6/27/2016 4:39 PM:

use file command


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.522

2016-06-27 Thread AppVeyor




Build openssl 1.0.522 failed


Commit 941a468ba2 by FdaSilvaYY on 6/27/2016 9:36 PM:

Useless Typedef's


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.521

2016-06-27 Thread AppVeyor




Build openssl 1.0.521 failed


Commit c3fd55d4a6 by Matt Caswell on 6/27/2016 1:51 PM:

Add a test for fragmented alerts


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4045

2016-06-27 Thread AppVeyor




Build openssl master.4045 failed


Commit 1f5fdb61d2 by mmiyashita on 6/27/2016 4:07 PM:

Misuse of 64-bit instruction causes segfault in 32-bit application


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1251 (constify_2 - 941a468)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1251
Status: Errored

Duration: 14 minutes and 8 seconds
Commit: 941a468 (constify_2)
Author: FdaSilvaYY
Message: Useless Typedef's

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/f9c1a0104b1a...941a468ba219

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140655350

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4044

2016-06-27 Thread AppVeyor




Build openssl master.4044 failed


Commit 5f14880d36 by Rich Salz on 6/27/2016 4:39 PM:

use file command


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.520

2016-06-27 Thread AppVeyor




Build openssl 1.0.520 failed


Commit aecdc9b09c by FdaSilvaYY on 6/27/2016 9:19 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1249 (crypto-add-checks-on-sk_type_push - aecdc9b)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1249
Status: Errored

Duration: 24 minutes and 11 seconds
Commit: aecdc9b (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/b591f6942932...aecdc9b09caf

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140650643

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Richard Levitte

The branch master has been updated
   via  57ade5711b8b80c19f3d33f46d0e0acd48e68e0a (commit)
  from  7a53360031a505d4bb55f3c7877ded5d165bef5a (commit)


- Log -
commit 57ade5711b8b80c19f3d33f46d0e0acd48e68e0a
Author: Roumen Petrov 
Date:   Mon Jun 27 21:24:07 2016 +0200

Use include paths to our source before any other cflags

This is just in case someone passed an inclusion path with the
configuration, and there are OpenSSL headers from another version
in there.

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl| 10 +-
 Configurations/windows-makefile.tmpl |  8 
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 2ec5076..c5d59b8 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -871,7 +871,7 @@ EOF
 $target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
  $generator \$@.S; \\
- \$(CC) \$(CFLAGS) $incs -E \$@.S | \\
+ \$(CC) $incs \$(CFLAGS) -E \$@.S | \\
  \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
  mv -f \$@.i \$@ )
 EOF
@@ -884,7 +884,7 @@ EOF
   }
   return <<"EOF";
 $args{src}: $args{generator}->[0] $deps
-   \$(CC) \$(CFLAGS) $incs -E \$< | \\
+   \$(CC) $incs \$(CFLAGS) -E \$< | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
 EOF
   }
@@ -918,7 +918,7 @@ EOF
   if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
   $recipe .= <<"EOF";
 $obj$depext: $deps
-   -\$(MAKEDEPEND) -f- -o"|$obj$objext" -- \$(CFLAGS) $ecflags$incs -- 
$srcs \\
+   -\$(MAKEDEPEND) -f- -o"|$obj$objext" -- $incs \$(CFLAGS) $ecflags -- 
$srcs \\
>\$\@.tmp 2>/dev/null
-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(.|[^ ])*//; \$\$_ = undef if 
(/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or 
/\\R\$\$/g;' \$\@.tmp
\@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
@@ -932,13 +932,13 @@ EOF
   if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
   $recipe .= <<"EOF";
 $obj$objext: $deps
-   \$(CC) \$(CFLAGS) $ecflags$incs -c -o \$\@ $srcs
+   \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
 EOF
   }
   if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
   $recipe .= <<"EOF";
 $obj$objext: $deps
-   \$(CC) \$(CFLAGS) $ecflags$incs -MMD -MF $obj$depext.tmp -MT \$\@ -c -o 
\$\@ $srcs
+   \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c 
-o \$\@ $srcs
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
rm -f $obj$depext.tmp; \\
diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index aae7de3..776109f 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -349,7 +349,7 @@ EOF
 $target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
-   \$(CC) \$(CFLAGS) $incs /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
+   \$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
 del /Q \$@.S
 EOF
   }
@@ -362,7 +362,7 @@ EOF
   }
   return <<"EOF";
 $target: "$args{generator}->[0]" $deps
-   \$(CC) \$(CFLAGS) $incs /EP /C "$args{generator}->[0]" > \$@.i && move 
/Y \$@.i \$@
+   \$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move 
/Y \$@.i \$@
 EOF
   }
   }
@@ -400,13 +400,13 @@ s/^Note: including file: *//;
 END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
 <<
 $obj$objext: $obj$depext
-   \$(CC) \$(CFLAGS) $ecflags$incs -c \$(COUTFLAG)\$\@ @<<
+   \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<<
 $srcs
 <<
 EOF
 return <<"EOF" if ($disabled{makedepend});
 $obj$objext: $deps
-   \$(CC) \$(CFLAGS) $ecflags$incs -c \$(COUTFLAG)\$\@ $srcs
+   \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
 EOF
  }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1254 (include_cleanup - aa4a97a)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1254
Status: Canceled

Duration: ?
Commit: aa4a97a (include_cleanup)
Author: FdaSilvaYY
Message: Clean pem.h header file include

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/edc1d586a608...aa4a97a641dd

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140656433

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1247 (crypto-add-checks-on-sk_type_push - f7e86c9)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1247
Status: Canceled

Duration: ?
Commit: f7e86c9 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/7b0ffdf263b7...f7e86c971f09

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140645277

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Andy Polyakov

The branch master has been updated
   via  7a53360031a505d4bb55f3c7877ded5d165bef5a (commit)
   via  e0685d2473a88056e848900abaec3e19b8a447d3 (commit)
  from  dbbb6a87a716765f4f9ef9fe48b634c23bbe8636 (commit)


- Log -
commit 7a53360031a505d4bb55f3c7877ded5d165bef5a
Author: Andy Polyakov 
Date:   Sun Jun 26 22:00:37 2016 +0200

engines/e_capi.c: accommodate recent DSA_SIG_[get|set]0 changes.

Reviewed-by: Rich Salz 

commit e0685d2473a88056e848900abaec3e19b8a447d3
Author: Andy Polyakov 
Date:   Sun Jun 26 21:55:03 2016 +0200

rsa/rsa_lib.c: const-ify RSA_get0_engine().

Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/rsa/rsa_lib.c  |  2 +-
 engines/e_capi.c  | 18 +-
 include/openssl/rsa.h |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 14750d1..48e9100 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -304,7 +304,7 @@ void RSA_set_flags(RSA *r, int flags)
 r->flags |= flags;
 }
 
-ENGINE *RSA_get0_engine(RSA *r)
+ENGINE *RSA_get0_engine(const RSA *r)
 {
 return r->engine;
 }
diff --git a/engines/e_capi.c b/engines/e_capi.c
index f2d5c3e..4923eef 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1029,17 +1029,17 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char 
*digest, int dlen,
 capi_addlasterror();
 goto err;
 } else {
-BIGNUM *r = NULL, *s = NULL;
-ret = DSA_SIG_new();
-if (ret == NULL)
-goto err;
-DSA_SIG_get0(, , ret);
-if (!lend_tobn(r, csigbuf, 20)
-|| !lend_tobn(s, csigbuf + 20, 20)) {
-DSA_SIG_free(ret);
-ret = NULL;
+BIGNUM *r = BN_new(), *s = BN_new();
+
+if (r == NULL || s == NULL
+|| !lend_tobn(r, csigbuf, 20)
+|| !lend_tobn(s, csigbuf + 20, 20)
+|| (ret = DSA_SIG_new()) == NULL) {
+BN_free(r); /* BN_free checks for BIGNUM * being NULL */
+BN_free(s);
 goto err;
 }
+DSA_SIG_set0(ret, r, s);
 }
 
 /* Now cleanup */
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index cd17385..b9d14e4 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -187,7 +187,7 @@ void RSA_get0_crt_params(const RSA *r,
 void RSA_clear_flags(RSA *r, int flags);
 int RSA_test_flags(const RSA *r, int flags);
 void RSA_set_flags(RSA *r, int flags);
-ENGINE *RSA_get0_engine(RSA *r);
+ENGINE *RSA_get0_engine(const RSA *r);
 
 /* Deprecated version */
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.518

2016-06-27 Thread AppVeyor




Build openssl 1.0.518 failed


Commit f7e86c971f by FdaSilvaYY on 6/27/2016 8:55 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Andy Polyakov

The branch master has been updated
   via  dbbb6a87a716765f4f9ef9fe48b634c23bbe8636 (commit)
   via  cfef7e9e681bb981ebd5af08eac3432eec336032 (commit)
  from  c3fd55d4a6ed1025c471603b67fbbbce606a5171 (commit)


- Log -
commit dbbb6a87a716765f4f9ef9fe48b634c23bbe8636
Author: Andy Polyakov 
Date:   Sun Jun 26 18:20:39 2016 +0200

unix-Makefile.tmpl: omit lib.a updates from directory targets.

Since corresponding rule was removed from windows-makefile.tmpl out
of necessity, question popped if it's appropriate to harmonize even
unix-Makefile.tmpl. Note that as long as you work on single directory
'make lib.a' is effectively equivalent to 'make '
prior this modification.

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

commit cfef7e9e681bb981ebd5af08eac3432eec336032
Author: Andy Polyakov 
Date:   Sun Jun 26 14:40:35 2016 +0200

windows-makefile.tmpl: don't use $? in library targets.

Problem with Microsoft lib.exe is that it doesn't *update* modules
in .lib archive, but creates new one upon every invocation. As result
if a source file was updated and nmake was executed, a useless archive
with only one module was created. In other words one has to always
pass all .obj modules on command line, not only recently recompiled.

[This also creates dilemma for directory targets, e.g. crypto\aes,
that were added to simplify every-day life for developer. Since
whole idea behind those targets is to minimize the re-compile time
upon single file modification, the only sensible thing to do is to
omit intended library update.]

Reviewed-by: Rich Salz 
Reviewed-by: Richard Levitte 

---

Summary of changes:
 Configurations/unix-Makefile.tmpl| 5 +
 Configurations/windows-makefile.tmpl | 8 ++--
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 34971a9..2ec5076 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1086,10 +1086,7 @@ EOF
   next unless 
defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
   if ($type eq "lib") {
   foreach my $lib 
(@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
-  push @actions, <<"EOF";
-   \$(AR) $lib$libext \$\?
-   \$(RANLIB) $lib$libext || echo Never mind.
-EOF
+  push @actions, "";
   }
   } else {
   foreach my $prod 
(@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 0d21c50..aae7de3 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -484,7 +484,7 @@ EOF
  return <<"EOF";
 $lib$libext: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
-\$\?
+\$**
 <<
 EOF
  }
@@ -530,11 +530,7 @@ EOF
   next unless 
defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
   if ($type eq "lib") {
   foreach my $lib 
(@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
-  push @actions, <<"EOF";
-   \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
-\$\?
-<<
-EOF
+  push @actions, "";
   }
   } else {
   foreach my $prod 
(@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1248 (crypto-add-checks-on-sk_type_push - b591f69)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1248
Status: Canceled

Duration: ?
Commit: b591f69 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/f7e86c971f09...b591f6942932

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140648572

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1247 (crypto-add-checks-on-sk_type_push - f7e86c9)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1247
Status: Canceled

Duration: 9 minutes and 40 seconds
Commit: f7e86c9 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/7b0ffdf263b7...f7e86c971f09

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140645277

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1245 (crypto-add-checks-on-sk_type_push - fe353af)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1245
Status: Canceled

Duration: ?
Commit: fe353af (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/17d0a80fcab5...fe353af08894

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140632518

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.517

2016-06-27 Thread AppVeyor




Build openssl 1.0.517 failed


Commit 7b0ffdf263 by FdaSilvaYY on 6/27/2016 8:49 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1245 (crypto-add-checks-on-sk_type_push - fe353af)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1245
Status: Canceled

Duration: ?
Commit: fe353af (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/17d0a80fcab5...fe353af08894

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140632518

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Canceled: FdaSilvaYY/openssl#1246 (crypto-add-checks-on-sk_type_push - 7b0ffdf)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1246
Status: Canceled

Duration: 16 minutes and 33 seconds
Commit: 7b0ffdf (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/fe353af08894...7b0ffdf263b7

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140643637

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.516

2016-06-27 Thread AppVeyor




Build openssl 1.0.516 failed


Commit fe353af088 by FdaSilvaYY on 6/27/2016 8:14 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1244 (crypto-add-checks-on-sk_type_push - 17d0a80)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1244
Status: Errored

Duration: 25 minutes and 44 seconds
Commit: 17d0a80 (crypto-add-checks-on-sk_type_push)
Author: FdaSilvaYY
Message: Fix mem error handling in PKCS7_simple_smimecap

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/a83078b29dd9...17d0a80fcab5

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140628634

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.515

2016-06-27 Thread AppVeyor




Build openssl 1.0.515 failed


Commit 17d0a80fca by FdaSilvaYY on 6/27/2016 7:58 PM:

Fix mem error handling in PKCS7_simple_smimecap


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: mouse07410/openssl#23 (OpenSSL_1_0_2-stable - ad64a69)

2016-06-27 Thread Travis CI

Build Update for mouse07410/openssl
-

Build: #23
Status: Still Failing

Duration: 18 minutes and 29 seconds
Commit: ad64a69 (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Change usage of RAND_pseudo_bytes to RAND_bytes

RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/mouse07410/openssl/compare/1bb0918c3d27...ad64a69e02f7

View the full build log and details: 
https://travis-ci.org/mouse07410/openssl/builds/140574246

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4038

2016-06-27 Thread AppVeyor




Build openssl master.4038 failed


Commit c3fd55d4a6 by Matt Caswell on 6/27/2016 1:51 PM:

Add a test for fragmented alerts


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: openssl/openssl#4720 (OpenSSL_1_0_2-stable - ad64a69)

2016-06-27 Thread Travis CI

Build Update for openssl/openssl
-

Build: #4720
Status: Still Failing

Duration: 5 minutes and 11 seconds
Commit: ad64a69 (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Change usage of RAND_pseudo_bytes to RAND_bytes

RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/f3dbce6634de...ad64a69e02f7

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/140542205

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-06-27 Thread Matt Caswell

The branch OpenSSL_1_0_1-stable has been updated
   via  05200ee5c61ecd38cdcacf9c547b0c3877e8cfef (commit)
  from  3681a4558c13198944e6f7f149c4be188e076e14 (commit)


- Log -
commit 05200ee5c61ecd38cdcacf9c547b0c3877e8cfef
Author: Matt Caswell 
Date:   Mon Apr 25 17:06:56 2016 +0100

Change usage of RAND_pseudo_bytes to RAND_bytes

RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/enc.c   |  2 +-
 apps/passwd.c|  4 ++--
 apps/s_server.c  |  2 +-
 crypto/asn1/asn_mime.c   |  2 +-
 crypto/asn1/p5_pbe.c |  2 +-
 crypto/asn1/p5_pbev2.c   |  4 ++--
 crypto/bio/bf_nbio.c |  4 ++--
 crypto/bn/bn_rand.c  | 10 +++---
 crypto/cms/cms_enc.c |  2 +-
 crypto/cms/cms_ess.c |  3 +--
 crypto/cms/cms_pwri.c|  4 ++--
 crypto/des/des.c |  2 +-
 crypto/des/enc_writ.c|  2 +-
 crypto/dsa/dsa_gen.c |  2 +-
 crypto/evp/bio_ok.c  |  2 +-
 crypto/ocsp/ocsp_ext.c   |  2 +-
 crypto/pem/pem_lib.c |  2 +-
 crypto/pkcs12/p12_mutl.c |  2 +-
 crypto/pkcs7/pk7_doit.c  |  2 +-
 crypto/srp/srp_vfy.c |  6 +++---
 ssl/d1_both.c|  6 +++---
 ssl/d1_pkt.c |  3 ++-
 ssl/d1_srvr.c|  5 -
 ssl/s23_clnt.c   |  8 
 ssl/s2_clnt.c|  4 ++--
 ssl/s2_srvr.c| 12 
 ssl/s3_srvr.c|  7 ++-
 ssl/ssl_lib.c|  2 +-
 ssl/ssl_sess.c   |  2 +-
 ssl/t1_lib.c |  6 +++---
 30 files changed, 54 insertions(+), 62 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 7b7c70b..8e2ef27 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -509,7 +509,7 @@ int MAIN(int argc, char **argv)
 BIO_printf(bio_err, "invalid hex salt value\n");
 goto end;
 }
-} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+} else if (RAND_bytes(salt, sizeof salt) <= 0)
 goto end;
 /*
  * If -P option then don't bother writing
diff --git a/apps/passwd.c b/apps/passwd.c
index 5ff53b5..798a6d5 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char 
**salt_malloc_p,
 if (*salt_malloc_p == NULL)
 goto err;
 }
-if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
 goto err;
 (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
 (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char 
**salt_malloc_p,
 if (*salt_malloc_p == NULL)
 goto err;
 }
-if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
 goto err;
 
 for (i = 0; i < 8; i++)
diff --git a/apps/s_server.c b/apps/s_server.c
index a53cadd..40782bb 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2968,7 +2968,7 @@ static int generate_session_id(const SSL *ssl, unsigned 
char *id,
 {
 unsigned int count = 0;
 do {
-if (RAND_pseudo_bytes(id, *id_len) < 0)
+if (RAND_bytes(id, *id_len) <= 0)
 return 0;
 /*
  * Prefix the session_id with the required prefix. NB: If our prefix
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 96110c5..9fd5bef 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, 
int flags,
 if ((flags & SMIME_DETACHED) && data) {
 /* We want multipart/signed */
 /* Generate a random boundary */
-if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
+if (RAND_bytes((unsigned char *)bound, 32) <= 0)
 return 0;
 for (i = 0; i < 32; i++) {
 c = bound[i] & 0xf;
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index bdbfdcd..e2a1def 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int 
iter,
 sstr = ASN1_STRING_data(pbe->salt);
 if (salt)
 memcpy(sstr, salt, saltlen);
-else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+else if (RAND_bytes(sstr, saltlen) <= 0)
 goto err;
 
 if

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-06-27 Thread Matt Caswell

The branch OpenSSL_1_0_2-stable has been updated
   via  ad64a69e02f7dda422d0f4f53dce7b1278715380 (commit)
  from  f3dbce6634dee43dcb0243544db05e101104fe6b (commit)


- Log -
commit ad64a69e02f7dda422d0f4f53dce7b1278715380
Author: Matt Caswell 
Date:   Mon Apr 25 17:06:56 2016 +0100

Change usage of RAND_pseudo_bytes to RAND_bytes

RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/enc.c   |  2 +-
 apps/passwd.c|  4 ++--
 apps/s_server.c  |  2 +-
 crypto/asn1/asn_mime.c   |  2 +-
 crypto/asn1/p5_pbe.c |  2 +-
 crypto/asn1/p5_pbev2.c   |  4 ++--
 crypto/bio/bf_nbio.c |  4 ++--
 crypto/bn/bn_rand.c  | 10 +++---
 crypto/cms/cms_enc.c |  2 +-
 crypto/cms/cms_ess.c |  3 +--
 crypto/cms/cms_pwri.c|  4 ++--
 crypto/des/des.c |  2 +-
 crypto/des/enc_writ.c|  2 +-
 crypto/dsa/dsa_gen.c |  4 ++--
 crypto/evp/bio_ok.c  |  2 +-
 crypto/ocsp/ocsp_ext.c   |  2 +-
 crypto/pem/pem_lib.c |  2 +-
 crypto/pkcs12/p12_mutl.c |  2 +-
 crypto/pkcs7/pk7_doit.c  |  2 +-
 crypto/srp/srp_vfy.c |  6 +++---
 ssl/d1_both.c|  6 +++---
 ssl/s23_clnt.c   |  8 
 ssl/s2_clnt.c|  4 ++--
 ssl/s2_srvr.c| 12 
 ssl/s3_srvr.c|  7 ++-
 ssl/ssl_lib.c|  2 +-
 ssl/ssl_sess.c   |  2 +-
 ssl/t1_lib.c |  6 +++---
 28 files changed, 49 insertions(+), 61 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 7b7c70b..8e2ef27 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -509,7 +509,7 @@ int MAIN(int argc, char **argv)
 BIO_printf(bio_err, "invalid hex salt value\n");
 goto end;
 }
-} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+} else if (RAND_bytes(salt, sizeof salt) <= 0)
 goto end;
 /*
  * If -P option then don't bother writing
diff --git a/apps/passwd.c b/apps/passwd.c
index 5ff53b5..798a6d5 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char 
**salt_malloc_p,
 if (*salt_malloc_p == NULL)
 goto err;
 }
-if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
 goto err;
 (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
 (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char 
**salt_malloc_p,
 if (*salt_malloc_p == NULL)
 goto err;
 }
-if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
 goto err;
 
 for (i = 0; i < 8; i++)
diff --git a/apps/s_server.c b/apps/s_server.c
index d6c53d9..2c1e5ee 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3364,7 +3364,7 @@ static int generate_session_id(const SSL *ssl, unsigned 
char *id,
 {
 unsigned int count = 0;
 do {
-if (RAND_pseudo_bytes(id, *id_len) < 0)
+if (RAND_bytes(id, *id_len) <= 0)
 return 0;
 /*
  * Prefix the session_id with the required prefix. NB: If our prefix
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 96110c5..9fd5bef 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, 
int flags,
 if ((flags & SMIME_DETACHED) && data) {
 /* We want multipart/signed */
 /* Generate a random boundary */
-if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
+if (RAND_bytes((unsigned char *)bound, 32) <= 0)
 return 0;
 for (i = 0; i < 32; i++) {
 c = bound[i] & 0xf;
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index bdbfdcd..e2a1def 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int 
iter,
 sstr = ASN1_STRING_data(pbe->salt);
 if (salt)
 memcpy(sstr, salt, saltlen);
-else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+else if (RAND_bytes(sstr, saltlen) <= 0)
 goto err;
 
 if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), _str)) {
diff --git

[openssl-commits] [openssl] master update

2016-06-27 Thread Matt Caswell

The branch master has been updated
   via  c3fd55d4a6ed1025c471603b67fbbbce606a5171 (commit)
   via  63916e9a234c1e6bbf82cc21b7d2e39cdecb30d0 (commit)
  from  6f4a6a5cd472d56937a8e9d6665e7c9cc6b1b2e2 (commit)


- Log -
commit c3fd55d4a6ed1025c471603b67fbbbce606a5171
Author: Matt Caswell 
Date:   Tue Jun 21 16:33:52 2016 +0100

Add a test for fragmented alerts

The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.

Reviewed-by: Andy Polyakov 

commit 63916e9a234c1e6bbf82cc21b7d2e39cdecb30d0
Author: Matt Caswell 
Date:   Tue Jun 21 15:25:53 2016 +0100

Ensure read records are marked as read

In some situations (such as when we receive a fragment of an alert)
we try to get the next packet but did not mark the current one as read,
meaning that we got the same record back again - leading to an infinite
loop.

Found using the BoringSSL test suite.

Reviewed-by: Andy Polyakov 

---

Summary of changes:
 ssl/record/rec_layer_s3.c |  9 +-
 test/recipes/70-test_sslrecords.t | 62 ++-
 util/TLSProxy/Message.pm  |  3 +-
 3 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index bce82a7..fa20b35 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1232,8 +1232,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 SSL3_RECORD_add_length(rr, -1);
 }
 
-if (*dest_len < dest_maxlen)
+if (*dest_len < dest_maxlen) {
+SSL3_RECORD_set_read(rr);
 goto start; /* fragment was too small */
+}
 }
 }
 
@@ -1316,6 +1318,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 (s->session != NULL) && (s->session->cipher != NULL) &&
 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
 goto start;
 }
@@ -1342,6 +1345,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 
 if (alert_level == SSL3_AL_WARNING) {
 s->s3->warn_alert = alert_descr;
+SSL3_RECORD_set_read(rr);
 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
 return (0);
@@ -1372,6 +1376,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
 ERR_add_error_data(2, "SSL alert number ", tmp);
 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+SSL3_RECORD_set_read(rr);
 SSL_CTX_remove_session(s->session_ctx, s->session);
 return (0);
 } else {
@@ -1387,6 +1392,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
 * shutdown */
 s->rwstate = SSL_NOTHING;
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 return (0);
 }
 
@@ -1443,6 +1449,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, 
unsigned char *buf,
  */
 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
 SSL3_RECORD_set_length(rr, 0);
+SSL3_RECORD_set_read(rr);
 goto start;
 }
 al = SSL_AD_UNEXPECTED_MESSAGE;
diff --git a/test/recipes/70-test_sslrecords.t 
b/test/recipes/70-test_sslrecords.t
index b0e3739..94aabdc 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new(
 my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
 my $inject_recs_num = 1;
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 3;
+plan tests => 4;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
 
 #Test 2: Injecting in context empty records should succeed
@@ -54,6 +54,14 @@ $inject_recs_num = 33;
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Too many in context empty records test");
 
+#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no
+#alerts to be sent from either side because *we* injected the fatal
+#alert, i.e. this will look like a disorderly close
+$proxy->clear();
+$proxy->filter(\_frag_alert_filter);
+$proxy->start();
+ok(!TLSProxy::Message->end(), "Fragmented alert records test");
+
 sub add_empty_recs_filter
 {

[openssl-commits] Build failed: openssl master.4037

2016-06-27 Thread AppVeyor




Build openssl master.4037 failed


Commit 6f4a6a5cd4 by Rich Salz on 6/27/2016 11:39 AM:

RT4586: Remove RSA_memory_lock; unused, not needed


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4036

2016-06-27 Thread AppVeyor




Build openssl master.4036 failed


Commit 56add338b1 by Matt Caswell on 6/27/2016 10:51 AM:

Fix one more instance of incorrect OPENSSL_API_COMPAT value


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4035

2016-06-27 Thread AppVeyor




Build openssl master.4035 failed


Commit 1aca3618ff by Matt Caswell on 6/27/2016 10:28 AM:

Fix some OPENSSL_API_COMPAT values


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Rich Salz

The branch master has been updated
   via  6f4a6a5cd472d56937a8e9d6665e7c9cc6b1b2e2 (commit)
  from  56add338b12246fd8670ce3da719a39767a25182 (commit)


- Log -
commit 6f4a6a5cd472d56937a8e9d6665e7c9cc6b1b2e2
Author: Rich Salz 
Date:   Fri Jun 24 09:49:51 2016 -0400

RT4586: Remove RSA_memory_lock; unused, not needed

Reviewed-by: Ben Laurie 

---

Summary of changes:
 crypto/rsa/rsa_err.c  |  1 -
 crypto/rsa/rsa_lib.c  | 44 
 include/openssl/rsa.h |  4 
 util/libcrypto.num|  1 -
 4 files changed, 50 deletions(-)

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index a92ea5d..0bde045 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -32,7 +32,6 @@ static ERR_STRING_DATA RSA_str_functs[] = {
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
 {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
 {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
 {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
 {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
 {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 9ba86d8..14750d1 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -180,50 +180,6 @@ void *RSA_get_ex_data(const RSA *r, int idx)
 return (CRYPTO_get_ex_data(>ex_data, idx));
 }
 
-int RSA_memory_lock(RSA *r)
-{
-int i, j, k, off;
-char *p;
-BIGNUM *bn, **t[6], *b;
-BN_ULONG *ul;
-
-if (r->d == NULL)
-return (1);
-t[0] = >d;
-t[1] = >p;
-t[2] = >q;
-t[3] = >dmp1;
-t[4] = >dmq1;
-t[5] = >iqmp;
-k = bn_sizeof_BIGNUM() * 6;
-off = k / sizeof(BN_ULONG) + 1;
-j = 1;
-for (i = 0; i < 6; i++)
-j += bn_get_top(*t[i]);
-if ((p = OPENSSL_malloc((off + j) * sizeof(*p))) == NULL) {
-RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
-return (0);
-}
-memset(p, 0, sizeof(*p) * (off + j));
-bn = (BIGNUM *)p;
-ul = (BN_ULONG *)&(p[off]);
-for (i = 0; i < 6; i++) {
-b = *(t[i]);
-*(t[i]) = bn_array_el(bn, i);
-memcpy(bn_array_el(bn, i), b, bn_sizeof_BIGNUM());
-memcpy(ul, bn_get_words(b), sizeof(*ul) * bn_get_top(b));
-bn_set_static_words(bn_array_el(bn, i), ul, bn_get_top(b));
-ul += bn_get_top(b);
-BN_clear_free(b);
-}
-
-/* I should fix this so it can still be done */
-r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
-
-r->bignum_data = p;
-return (1);
-}
-
 int RSA_security_bits(const RSA *rsa)
 {
 return BN_security_bits(BN_num_bits(rsa->n), -1);
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 70d3755..cd17385 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -226,9 +226,6 @@ const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
 /* these are the actual RSA functions */
 const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 
@@ -477,7 +474,6 @@ void ERR_load_RSA_strings(void);
 # define RSA_F_RSA_CHECK_KEY_EX   160
 # define RSA_F_RSA_CMS_DECRYPT159
 # define RSA_F_RSA_ITEM_VERIFY148
-# define RSA_F_RSA_MEMORY_LOCK130
 # define RSA_F_RSA_METH_DUP   161
 # define RSA_F_RSA_METH_NEW   162
 # define RSA_F_RSA_METH_SET1_NAME 163
diff --git a/util/libcrypto.num b/util/libcrypto.num
index fc118b1..e9966eb 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1396,7 +1396,6 @@ SCT_set_timestamp   1380  1_1_0   
EXIST::FUNCTION:CT
 UI_new  1381   1_1_0   EXIST::FUNCTION:UI
 TS_REQ_get_msg_imprint  1382   1_1_0   EXIST::FUNCTION:TS
 i2d_PKCS12_BAGS 1383   1_1_0   EXIST::FUNCTION:
-RSA_memory_lock 1384   1_1_0   EXIST::FUNCTION:RSA
 CERTIFICATEPOLICIES_free1385   1_1_0   EXIST::FUNCTION:
 X509V3_get_section  1386   1_1_0   EXIST::FUNCTION:
 BIO_parse_hostserv  1387   1_1_0   EXIST::FUNCTION:SOCK
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Matt Caswell

The branch master has been updated
   via  56add338b12246fd8670ce3da719a39767a25182 (commit)
  from  1aca3618ff86358c659c856b10e2270c3d4230d2 (commit)


- Log -
commit 56add338b12246fd8670ce3da719a39767a25182
Author: Matt Caswell 
Date:   Mon Jun 27 11:51:50 2016 +0100

Fix one more instance of incorrect OPENSSL_API_COMPAT value

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/rand/rand_win.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index c5d0aa1..1be0ed3 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -82,7 +82,7 @@ int RAND_poll(void)
 return (1);
 }
 
-#if OPENSSL_API_COMPAT < 0x00101000L
+#if OPENSSL_API_COMPAT < 0x1010L
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
 RAND_poll();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4034

2016-06-27 Thread AppVeyor




Build openssl master.4034 failed


Commit cd359b2564 by Brian Smith on 6/27/2016 8:15 AM:

Clarify use of |$end0| in stitched x86-64 AES-GCM code.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Matt Caswell

The branch master has been updated
   via  1aca3618ff86358c659c856b10e2270c3d4230d2 (commit)
  from  cd359b2564b77230a1201a200683dac622c923af (commit)


- Log -
commit 1aca3618ff86358c659c856b10e2270c3d4230d2
Author: Matt Caswell 
Date:   Mon Jun 27 11:28:29 2016 +0100

Fix some OPENSSL_API_COMPAT values

There are 3 OPENSSL_API_COMPAT values that are incorrect in the header
files, and one inconsistency between the header and the .c

Reviewed-by: Richard Levitte 

---

Summary of changes:
 crypto/err/err.c | 2 +-
 include/openssl/bn.h | 2 +-
 include/openssl/idea.h   | 2 +-
 include/openssl/x509v3.h | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/err/err.c b/crypto/err/err.c
index 9b679d9..836fac4 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -632,7 +632,7 @@ void err_delete_thread_state(void)
 ERR_STATE_free(state);
 }
 
-#if OPENSSL_API_COMPAT < 0x1000L
+#if OPENSSL_API_COMPAT < 0x1010L
 void ERR_remove_thread_state(void *dummy)
 {
 }
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index e0f656a..82552b6 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -469,7 +469,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
 
-# if OPENSSL_API_COMPAT < 0x00101000L
+# if OPENSSL_API_COMPAT < 0x1010L
 #  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
 #  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
 #  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
diff --git a/include/openssl/idea.h b/include/openssl/idea.h
index d527675..4334f3e 100644
--- a/include/openssl/idea.h
+++ b/include/openssl/idea.h
@@ -45,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned 
char *out,
 int *num);
 void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
 
-# if OPENSSL_API_COMPAT < 0x00101000L
+# if OPENSSL_API_COMPAT < 0x1010L
 #  define idea_options  IDEA_options
 #  define idea_ecb_encrypt  IDEA_ecb_encrypt
 #  define idea_set_encrypt_key  IDEA_set_encrypt_key
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 36d11a7..29b7194 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -631,7 +631,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void 
*ext_struc);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
 int crit, unsigned long flags);
 
-#if OPENSSL_API_COMPAT < 0x00101000L
+#if OPENSSL_API_COMPAT < 0x1010L
 /* The new declarations are in crypto.h, but the old ones were here. */
 # define hex_to_string OPENSSL_buf2hexstr
 # define string_to_hex OPENSSL_hexstr2buf
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4033

2016-06-27 Thread AppVeyor




Build openssl master.4033 failed


Commit 0b919cc5d5 by Andy Polyakov on 6/27/2016 8:12 AM:

Configurations/10-main.conf: fix PA-RISC commentary.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.513

2016-06-27 Thread AppVeyor




Build openssl 1.0.513 failed


Commit 89a0115ed6 by FdaSilvaYY on 6/27/2016 6:26 AM:

Deprecate BIO_set() method


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.4032

2016-06-27 Thread AppVeyor




Build openssl master.4032 failed


Commit 5fc77684f1 by Andy Polyakov on 6/27/2016 8:09 AM:

evp/evp_enc.c: refine partial buffer overlap detection.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Andy Polyakov

The branch master has been updated
   via  cd359b2564b77230a1201a200683dac622c923af (commit)
  from  0b919cc5d5832ddcc041440b279e27fcfcb01282 (commit)


- Log -
commit cd359b2564b77230a1201a200683dac622c923af
Author: Brian Smith 
Date:   Tue Mar 1 20:16:26 2016 -1000

Clarify use of |$end0| in stitched x86-64 AES-GCM code.

There was some uncertainty about what the code is doing with |$end0|
and whether it was necessary for |$len| to be a multiple of 16 or 96.
Hopefully these added comments make it clear that the code is correct
except for the caveat regarding low memory addresses.

Change-Id: Iea546a59dc7aeb400f50ac5d2d7b9cb88ace9027
Reviewed-on: https://boringssl-review.googlesource.com/7194
Reviewed-by: Adam Langley 

Signed-off-by: Andy Polyakov 
Reviewed-by: Rich Salz 

---

Summary of changes:
 crypto/modes/asm/aesni-gcm-x86_64.pl | 41 
 1 file changed, 41 insertions(+)

diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl 
b/crypto/modes/asm/aesni-gcm-x86_64.pl
index 810876c..5ad62b3 100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -116,6 +116,23 @@ _aesni_ctr32_ghash_6x:
  vpxor $rndkey,$inout3,$inout3
  vmovups   0x10-0x80($key),$T2 # borrow $T2 for $rndkey
vpclmulqdq  \$0x01,$Hkey,$Z3,$Z2
+
+   # At this point, the current block of 96 (0x60) bytes has already been
+   # loaded into registers. Concurrently with processing it, we want to
+   # load the next 96 bytes of input for the next round. Obviously, we can
+   # only do this if there are at least 96 more bytes of input beyond the
+   # input we're currently processing, or else we'd read past the end of
+   # the input buffer. Here, we set |%r12| to 96 if there are at least 96
+   # bytes of input beyond the 96 bytes we're already processing, and we
+   # set |%r12| to 0 otherwise. In the case where we set |%r12| to 96,
+   # we'll read in the next block so that it is in registers for the next
+   # loop iteration. In the case where we set |%r12| to 0, we'll re-read
+   # the current block and then ignore what we re-read.
+   #
+   # At this point, |$in0| points to the current (already read into
+   # registers) block, and |$end0| points to 2*96 bytes before the end of
+   # the input. Thus, |$in0| > |$end0| means that we do not have the next
+   # 96-byte block to read in, and |$in0| <= |$end0| means we do.
xor %r12,%r12
cmp $in0,$end0
 
@@ -408,6 +425,9 @@ $code.=<<___;
 .align 32
 aesni_gcm_decrypt:
xor $ret,$ret
+
+   # We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60)
+   # bytes of input.
cmp \$0x60,$len # minimal accepted length
jb  .Lgcm_dec_abort
 
@@ -462,7 +482,15 @@ $code.=<<___;
vmovdqu 0x50($inp),$Z3  # I[5]
lea ($inp),$in0
vmovdqu 0x40($inp),$Z0
+
+   # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
+   # bytes before the end of the input. Note, in particular, that this is
+   # correct even if |$len| is not an even multiple of 96 or 16. XXX: This
+   # seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must
+   # not be near the very beginning of the address space when |$len| < 2*96
+   # (0xc0).
lea -0xc0($inp,$len),$end0
+
vmovdqu 0x30($inp),$Z1
shr \$4,$len
xor $ret,$ret
@@ -618,6 +646,10 @@ _aesni_ctr32_6x:
 .align 32
 aesni_gcm_encrypt:
xor $ret,$ret
+
+   # We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of
+   # input. Then we call |_aesni_ctr32_ghash_6x|, which requires at
+   # least 96 more bytes of input.
cmp \$0x60*3,$len   # minimal accepted length
jb  .Lgcm_enc_abort
 
@@ -667,7 +699,16 @@ $code.=<<___;
 .Lenc_no_key_aliasing:
 
lea ($out),$in0
+
+   # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
+   # bytes before the end of the input. Note, in particular, that this is
+   # correct even if |$len| is not an even multiple of 96 or 16. Unlike in
+   # the decryption case, there's no caveat that |$out| must not be near
+   # the very beginning of the address space, because we know that
+   # |$len| >= 3*96 from the check above, and so we know
+   # |$out| + |$len| >= 2*96 (0xc0).
lea -0xc0($out,$len),$end0
+
shr \$4,$len
 
call_aesni_ctr32_6x
_

[openssl-commits] [openssl] master update

2016-06-27 Thread Andy Polyakov

The branch master has been updated
   via  0b919cc5d5832ddcc041440b279e27fcfcb01282 (commit)
  from  5fc77684f1bfa87d0cf9f7a84de92550fa854a84 (commit)


- Log -
commit 0b919cc5d5832ddcc041440b279e27fcfcb01282
Author: Andy Polyakov 
Date:   Sun Jun 26 19:08:51 2016 +0200

Configurations/10-main.conf: fix PA-RISC commentary.

Reviewed-by: Rich Salz 

---

Summary of changes:
 Configurations/10-main.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 86dd411..e28fb12 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -399,9 +399,9 @@ sub vms_info {
 #   crypto/sha/sha_lcl.h.
 # - originally there were 32-bit hpux-parisc2-* targets. They were
 #   scrapped, because a) they were not interchangeable with other 32-bit
-#   targets; a) when critical 32-bit assembly modules detect if they
-#   are executed on PA-RISC 2.0 and thus adequate performance is
-#   provided. 
+#   targets; b) performance-critical 32-bit assembly modules implement
+#   even PA-RISC 2.0-specific code paths, which are chosen at run-time,
+#   thus adequate performance is provided even with PA-RISC 1.1 build.
 #  
 "hpux-parisc-gcc" => {
 inherit_from => [ "BASE_unix" ],
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-27 Thread Andy Polyakov

The branch master has been updated
   via  5fc77684f1bfa87d0cf9f7a84de92550fa854a84 (commit)
   via  c3a73daf0acc1272905db954b92a23146aad82f0 (commit)
  from  dca5eeb4d06262b5e48f21af5e5d4dd672a8c5af (commit)


- Log -
commit 5fc77684f1bfa87d0cf9f7a84de92550fa854a84
Author: Andy Polyakov 
Date:   Mon Jun 20 11:11:25 2016 +0200

evp/evp_enc.c: refine partial buffer overlap detection.

Reviewed-by: Matt Caswell 

commit c3a73daf0acc1272905db954b92a23146aad82f0
Author: Andy Polyakov 
Date:   Fri Jun 17 13:55:01 2016 +0200

evp/evp_enc.c: check for partially[!] overlapping buffers
in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in
general case it's impossible to provide guarantee that partially[!]
overlapping buffers can be tolerated.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/evp/evp_enc.c   | 57 --
 doc/crypto/EVP_EncryptInit.pod |  4 ++-
 2 files changed, 58 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index acb6b8b..e43a5d2 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
  */
 
 #include 
+#include 
 #include "internal/cryptlib.h"
 #include 
 #include 
@@ -252,12 +253,53 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
 }
 
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+static int is_partially_overlapping(const void *ptr1, const void *ptr2,
+int len)
+{
+PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+/*
+ * Check for partially overlapping buffers. [Binary logical
+ * operations are used instead of boolean to minimize number
+ * of conditional branches.]
+ */
+int condition = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+   (diff > (0 - (PTRDIFF_T)len)));
+assert(!condition);
+return condition;
+}
+
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
   const unsigned char *in, int inl)
 {
 int i, j, bl;
 
 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+if (is_partially_overlapping(out, in, inl))
+return 0;
+
 i = ctx->cipher->do_cipher(ctx, out, in, inl);
 if (i < 0)
 return 0;
@@ -270,6 +312,8 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 *outl = 0;
 return inl == 0;
 }
+if (is_partially_overlapping(out, in, inl))
+return 0;
 
 if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
 if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
@@ -292,10 +336,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 } else {
 j = bl - i;
 memcpy(&(ctx->buf[i]), in, j);
-if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
-return 0;
 inl -= j;
 in += j;
+if (is_partially_overlapping(out, in, bl))
+return 0;
+if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+return 0;
 out += bl;
 *outl = bl;
 }
@@ -371,6 +417,9 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 unsigned int b;
 
 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+if (is_partially_overlapping(out, in, inl))
+return 0;
+
 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
 if (fix_len < 0) {
 *outl = 0;
@@ -392,6 +441,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char 
*out, int *outl,
 OPENSSL_assert(b <= sizeof ctx->final);
 
 if (ctx->final_used) {
+/* see comment about PTRDIFF_T comparison above */
+if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+||

[openssl-commits] Build failed: openssl 1.0.511

2016-06-27 Thread AppVeyor




Build openssl 1.0.511 failed


Commit f9c1a0104b by FdaSilvaYY on 6/27/2016 6:25 AM:

Useless Typedef's


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: FdaSilvaYY/openssl#1243 (fix_set_dup_exdata - c9af7d7)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1243
Status: Passed

Duration: 13 minutes and 40 seconds
Commit: c9af7d7 (fix_set_dup_exdata)
Author: FdaSilvaYY
Message: Fix possible malloc failure inside CRYPTO_dup_ex_data()

Fix related docs.

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/f483c2eb1831...c9af7d78abbe

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140460247

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl 1.0.510

2016-06-27 Thread AppVeyor




Build openssl 1.0.510 failed


Commit dca5eeb4d0 by Rich Salz on 6/26/2016 9:28 PM:

RT2680: Public EC key is shown as private


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Still Failing: FdaSilvaYY/openssl#1240 (constify_2 - f9c1a01)

2016-06-27 Thread Travis CI

Build Update for FdaSilvaYY/openssl
-

Build: #1240
Status: Still Failing

Duration: 13 minutes and 50 seconds
Commit: f9c1a01 (constify_2)
Author: FdaSilvaYY
Message: Useless Typedef's

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/67519ec72ea3...f9c1a0104b1a

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/140460042

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

61 matches

Mail list logo