[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso

2019-01-08 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso

Commit log since last time:

7835e97b6f Don't artificially limit the size of the ClientHello
87d06aed64 Fix compilation on sparc
760e2d60e6 Fix CID 1434549: Unchecked return value in test/evp_test.c

Build log ended with (last 100 lines):

../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . skipped: 
test_comp needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_key_share.t  skipped: 
test_key_share needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  skipped: 
test_renegotiation needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  skipped: 
test_sslcbcpadding needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslcertstatus.t  skipped: 
test_sslcertstatus needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslextension.t . skipped: 
test_sslextension needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslmessages.t .. skipped: 
test_sslmessages needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslrecords.t ... skipped: 
test_sslrecords needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: 
test_sslsessiontick needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsigalgs.t ... skipped: 
test_sslsigalgs needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslsignature.t . skipped: 
test_sslsignature needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslskewith0p.t . skipped: 
test_sslskewith0p needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslversions.t .. skipped: 
test_sslversions needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_sslvertol.t  skipped: 
test_sslextension needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13alerts.t .. skipped: 
test_tls13alerts needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13cookie.t .. skipped: 
test_tls13cookie needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: 
test_tls13downgrade needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13hrr.t . skipped: 
test_tls13hrr needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t  skipped: 
test_tls13kexmodes needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13messages.t  skipped: 
test_tls13messages needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tls13psk.t . skipped: 
test_tls13psk needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_tlsextms.t . skipped: 
test_tlsextms needs the dynamic engine feature enabled
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_cmsapi.t ... ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_d

[openssl-commits] Build completed: openssl master.21928

2019-01-08 Thread AppVeyor 


Build openssl master.21928 completed



Commit 1d2a027472 by Antonio Iacono on 1/8/2019 5:59 PM:

Sync util/libcrypto.num with upstream


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl master.21927

2019-01-08 Thread AppVeyor 



Build openssl master.21927 failed


Commit 80efd3ea18 by David Woodhouse on 1/8/2019 4:44 PM:

Don't send extms when resuming a session which didn't use it.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#22529 (OpenSSL_1_1_1-stable - bbcfd60)

2019-01-08 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #22529
Status: Errored

Duration: 8 mins and 53 secs
Commit: bbcfd60 (OpenSSL_1_1_1-stable)
Author: Matt Caswell
Message: Don't artificially limit the size of the ClientHello

We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.

The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.

This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.

We should just remove the limit.

Reviewed-by: Paul Dale 
Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/7424)

(cherry picked from commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2)

View the changeset: 
https://github.com/openssl/openssl/compare/37cad7e65641...bbcfd60e388a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/476936224?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#22528 (master - 7835e97)

2019-01-08 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #22528
Status: Errored

Duration: 10 mins and 19 secs
Commit: 7835e97 (master)
Author: Matt Caswell
Message: Don't artificially limit the size of the ClientHello

We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.

The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.

This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.

We should just remove the limit.

Reviewed-by: Paul Dale 
Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/7424)

View the changeset: 
https://github.com/openssl/openssl/compare/87d06aed6439...7835e97b6ff5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/476936072?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2019-01-08 Thread Matt Caswell 
The branch OpenSSL_1_1_1-stable has been updated
   via  bbcfd60e388ab9aa244d652453b52ff490be9b27 (commit)
  from  37cad7e65641e83d9f92b47fd0e34ea2d8c3b277 (commit)


- Log -
commit bbcfd60e388ab9aa244d652453b52ff490be9b27
Author: Matt Caswell 
Date:   Wed Oct 17 16:17:25 2018 +0100

Don't artificially limit the size of the ClientHello

We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.

The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.

This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.

We should just remove the limit.

Reviewed-by: Paul Dale 
Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/7424)

(cherry picked from commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2)

---

Summary of changes:
 ssl/statem/statem_clnt.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a0e495d..bb2d98e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
 SSL_SESSION *sess = s->session;
 unsigned char *session_id;
 
-if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
-/* Should not happen */
-SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-return 0;
-}
-
 /* Work out what SSL/TLS/DTLS version to use */
 protverr = ssl_set_client_hello_version(s);
 if (protverr != 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2019-01-08 Thread Matt Caswell 
The branch master has been updated
   via  7835e97b6ff5cd94a10c5aeac439f4aa145a77b2 (commit)
  from  87d06aed64395afcd9ee4e7c699950dd57278259 (commit)


- Log -
commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2
Author: Matt Caswell 
Date:   Wed Oct 17 16:17:25 2018 +0100

Don't artificially limit the size of the ClientHello

We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.

The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.

This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.

We should just remove the limit.

Reviewed-by: Paul Dale 
Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/7424)

---

Summary of changes:
 ssl/statem/statem_clnt.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3b6cbb7..53bc5ef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
 SSL_SESSION *sess = s->session;
 unsigned char *session_id;
 
-if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
-/* Should not happen */
-SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-return 0;
-}
-
 /* Work out what SSL/TLS/DTLS version to use */
 protverr = ssl_set_client_hello_version(s);
 if (protverr != 0) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2019-01-08 Thread Matt Caswell 
The branch master has been updated
   via  87d06aed64395afcd9ee4e7c699950dd57278259 (commit)
  from  760e2d60e62511a6fb96f547f6730d05eb5f47ec (commit)


- Log -
commit 87d06aed64395afcd9ee4e7c699950dd57278259
Author: Matt Caswell 
Date:   Mon Jan 7 15:16:23 2019 +

Fix compilation on sparc

Fixes #7966

Reviewed-by: Tim Hudson 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7997)

---

Summary of changes:
 crypto/des/asm/des_enc.m4 | 2 --
 crypto/evp/e_aes.c| 5 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
index 92b9678..9a17fac 100644
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@@ -29,8 +29,6 @@
 .ident "des_enc.m4 2.1"
 .file  "des_enc-sparc.S"
 
-#include 
-
 #if defined(__SUNPRO_C) && defined(__sparcv9)
 # define ABI64  /* They've said -xarch=v9 at command line */
 #elif defined(__GNUC__) && defined(__arch64__)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 6080d16..8dc5235 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -927,6 +927,11 @@ static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
  const unsigned char *in, size_t len);
 # endif/* OPENSSL_NO_OCB */
 
+# ifndef OPENSSL_NO_SIV
+#  define aes_t4_siv_init_key aes_siv_init_key
+#  define aes_t4_siv_cipher aes_siv_cipher
+# endif /* OPENSSL_NO_SIV */
+
 # define 
BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits