Still Failing: openssl/openssl#31705 (master - 3472082)
Build Update for openssl/openssl - Build: #31705 Status: Still Failing Duration: 39 mins and 13 secs Commit: 3472082 (master) Author: Benjamin Kaduk Message: openssl-config: add example libssl system-defaults Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10937) View the changeset: https://github.com/openssl/openssl/compare/c6fec81b8813...3472082b4b6d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/641640911?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 59f92fa27eb41a7513e584b665c87669171f60dd (commit) from f50f2725c03710e183d855760c32d8df6cab1f94 (commit) - Log - commit 59f92fa27eb41a7513e584b665c87669171f60dd Author: Benjamin Kaduk Date: Thu Jan 23 17:08:34 2020 -0800 openssl-config: add example libssl system-defaults Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10937) (cherry picked from commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b) --- Summary of changes: doc/man5/config.pod | 16 1 file changed, 16 insertions(+) diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 992fdfccf9..732998e8f4 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -355,6 +355,22 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. +Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version: + + # Toplevel section for openssl (including libssl) + openssl_conf = default_conf_section + + [default_conf_section] + # We only specify configuration for the "ssl module" + ssl_conf = ssl_section + + [ssl_section] + system_default = system_default_section + + [system_default_section] + MinProtocol = TLSv1.3 + More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: # Default appname: should match "appname" parameter (if any)
[openssl] master update
The branch master has been updated via 3472082b4b6d73e0803a7c47f03e96ec0a69f77b (commit) from c6fec81b88131d08c1022504ccf6effa95497afb (commit) - Log - commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b Author: Benjamin Kaduk Date: Thu Jan 23 17:08:34 2020 -0800 openssl-config: add example libssl system-defaults Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10937) --- Summary of changes: doc/man5/config.pod | 16 1 file changed, 16 insertions(+) diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 1776439edd..680ad6578a 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -469,6 +469,22 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. +Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version: + + # Toplevel section for openssl (including libssl) + openssl_conf = default_conf_section + + [default_conf_section] + # We only specify configuration for the "ssl module" + ssl_conf = ssl_section + + [ssl_section] + system_default = system_default_section + + [system_default_section] + MinProtocol = TLSv1.3 + More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: # Default appname: should match "appname" parameter (if any)
Still Failing: openssl/openssl#31699 (master - c6fec81)
Build Update for openssl/openssl - Build: #31699 Status: Still Failing Duration: 41 mins and 13 secs Commit: c6fec81 (master) Author: Pauli Message: Deprecate the low level DES functions. Use of the low level DES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10858) View the changeset: https://github.com/openssl/openssl/compare/8f21260b09ec...c6fec81b8813 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/641581517?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via c6fec81b88131d08c1022504ccf6effa95497afb (commit)
via f6edde4f06d2cadaf0949399e5df0b6f6a5b3598 (commit)
from 8f21260b09eca6226255763e1856c12fbc71985c (commit)
- Log -
commit c6fec81b88131d08c1022504ccf6effa95497afb
Author: Pauli
Date: Thu Jan 16 13:50:03 2020 +1000
Deprecate the low level DES functions.
Use of the low level DES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/10858)
commit f6edde4f06d2cadaf0949399e5df0b6f6a5b3598
Author: Pauli
Date: Thu Jan 16 13:17:25 2020 +1000
des: fix header file preprocessor indentation
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/10858)
---
Summary of changes:
apps/passwd.c | 15 +-
apps/speed.c | 14 +-
apps/version.c | 6 -
crypto/des/build.info | 7 +
crypto/des/cbc_cksm.c | 6 +
crypto/des/cbc_enc.c | 6 +
crypto/des/cfb64ede.c | 6 +
crypto/des/cfb64enc.c | 6 +
crypto/des/cfb_enc.c | 6 +
crypto/des/des_enc.c | 6 +
crypto/des/ecb3_enc.c | 6 +
crypto/des/ecb_enc.c | 6 +
crypto/des/fcrypt.c| 6 +
crypto/des/fcrypt_b.c | 6 +
crypto/des/ofb64ede.c | 6 +
crypto/des/ofb64enc.c | 6 +
crypto/des/ofb_enc.c | 6 +
crypto/des/pcbc_enc.c | 6 +
crypto/des/qud_cksm.c | 7 +
crypto/des/rand_key.c | 6 +
crypto/des/set_key.c | 7 +
crypto/des/str2key.c | 6 +
crypto/des/xcbc_enc.c | 6 +
crypto/evp/e_des.c | 6 +
crypto/evp/e_des3.c| 6 +
crypto/evp/e_xcbc_d.c | 6 +
doc/man3/DES_random_key.pod| 12 +-
include/openssl/des.h | 217 -
providers/implementations/ciphers/cipher_des.c | 6 +
providers/implementations/ciphers/cipher_des_hw.c | 6 +
providers/implementations/ciphers/cipher_desx.c| 6 +
providers/implementations/ciphers/cipher_desx_hw.c | 6 +
providers/implementations/ciphers/cipher_tdes.c| 6 +
.../implementations/ciphers/cipher_tdes_default.c | 6 +
.../ciphers/cipher_tdes_default_hw.c | 6 +
providers/implementations/ciphers/cipher_tdes_hw.c | 6 +
.../implementations/ciphers/cipher_tdes_wrap.c | 2 +-
.../implementations/ciphers/cipher_tdes_wrap_hw.c | 6 +
providers/implementations/kdfs/krb5kdf.c | 6 +
test/build.info| 8 +-
test/destest.c | 6 +
test/recipes/20-test_passwd.t | 6 +-
util/libcrypto.num | 66 +++
43 files changed, 399 insertions(+), 154 deletions(-)
diff --git a/apps/passwd.c b/apps/passwd.c
index c17bfd839c..4626eeb249 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include
#include "apps.h"
@@ -16,7 +19,7 @@
#include
#include
#include
-#ifndef OPENSSL_NO_DES
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# include
#endif
#include
@@ -82,7 +85,7 @@ const OPTIONS passwd_options[] = {
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
-#ifndef OPENSSL_NO_DES
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
#endif
@@ -168,7 +171,7 @@ int passwd_main(int argc, char **argv)
mode = passwd_aixmd5;
break;
case OPT_CRYPT:
-#ifndef OPENSSL_NO_DES
+#if !defined(OPENSSL_NO_DES) &&
Build completed: openssl master.31131
Build openssl master.31131 completed Commit bec6b0e805 by Jake Maynard on 1/24/2020 7:14 PM: Merge branch 'master' into master Configure your notification preferences
Build failed: openssl master.31130
Build openssl master.31130 failed Commit 10d87aa765 by Richard Levitte on 1/24/2020 6:40 PM: fixup! PROV: Adapt the DSA signature implementation to provide Algorithmidentifiers Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings 386
Platform and configuration command:
$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings 386
Commit log since last time:
cf0843c091 Configure: Better detection of '-static' in @{$config{LDFLAGS}}
8baa49aeac Add answers for EVP_PKEY_get_default_digest_name() in RSA and DSA
keymgmt
ead0d2347a EVP: Add EVP_PKEY_get_default_digest_name() and use it
c24937d5e7 Add internal maxsize macros
a88aef32c9 PROV: Fix bignum printout in text serializers
62f49b90d7 Add DH key exchange to fips provider
f100483013 Check ECC-CDH is compliant with SP800-56A-r3
2eb875c925 Re-remove TS_VERIFY_CTX_set_certs entry from missingcrypto.txt
adc9086beb Avoid leak in error path of PKCS5_PBE_keyivgen
1f457256ce Legacy digests can have custom control values
32be631ca1 Do not silently truncate files on perlasm errors
3b740f6ec0 Russian Elbrus processors support
177b60b481 Add missing files to generated
fadb57e554 Fix some missing doc links.
2280685883 Document the SSL_CTX_with_libctx() function
ba18627e4a Introduce SSL_CTX_new_with_libex()
Build log ended with (last 100 lines):
clang -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -Icrypto/include -I../openssl
-I../openssl/include -I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic
-Wno-long-long -Wall -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality
-Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif
iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\""
-DENGINESDIR="\"/usr/local/lib/engines-3\""
-DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF
crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT
crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o
../openssl/crypto/x509/x509_trs.c
clang -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -Icrypto/include -I../openssl
-I../openssl/include -I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic
-Wno-long-long -Wall -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality
-Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif
iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\""
-DENGINESDIR="\"/usr/local/lib/engines-3\""
-DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF
crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT
crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o
../openssl/crypto/x509/x509_txt.c
clang -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -Icrypto/include -I../openssl
-I../openssl/include -I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic
-Wno-long-long -Wall -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality
-Wno-language-extension-token -Wno-extended-offsetof
Still Failing: openssl/openssl#31686 (master - 8f21260)
Build Update for openssl/openssl - Build: #31686 Status: Still Failing Duration: 41 mins and 6 secs Commit: 8f21260 (master) Author: Matt Caswell Message: Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl Now that libssl knows about libctx we should use it wherever we generate a random number. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10927) View the changeset: https://github.com/openssl/openssl/compare/d80bf693faaa...8f21260b09ec View the full build log and details: https://travis-ci.org/openssl/openssl/builds/641397900?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 8f21260b09eca6226255763e1856c12fbc71985c (commit)
from d80bf693faaa8ad08ca76f52228837306d77bb32 (commit)
- Log -
commit 8f21260b09eca6226255763e1856c12fbc71985c
Author: Matt Caswell
Date: Wed Jan 15 18:12:59 2020 +
Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl
Now that libssl knows about libctx we should use it wherever we generate
a random number.
Reviewed-by: Shane Lontis
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/10927)
---
Summary of changes:
ssl/record/ssl3_record.c | 3 ++-
ssl/s3_lib.c | 4 ++--
ssl/ssl_lib.c| 16
ssl/ssl_sess.c | 2 +-
ssl/statem/statem_clnt.c | 7 ---
ssl/statem/statem_srvr.c | 8 +---
6 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index a725583929..36e8d86902 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1015,7 +1015,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs,
int sending)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
-} else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+} else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input,
+ ivlen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 15aeae365e..745bccc836 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4570,9 +4570,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned
char *result, size_t len,
unsigned char *p = result;
l2n(Time, p);
-ret = RAND_bytes(p, len - 4);
+ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
} else {
-ret = RAND_bytes(result, len);
+ret = RAND_bytes_ex(s->ctx->libctx, result, len);
}
if (ret > 0) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 384c28e76b..5ea310d5c4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3137,16 +3137,16 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx,
const char *propq,
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
/* Setup RFC5077 ticket keys */
-if ((RAND_bytes(ret->ext.tick_key_name,
-sizeof(ret->ext.tick_key_name)) <= 0)
-|| (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
- sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
-|| (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
- sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
+ sizeof(ret->ext.tick_key_name)) <= 0)
+|| (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
+ sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+|| (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
+ sizeof(ret->ext.secure->tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
-if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
- sizeof(ret->ext.cookie_hmac_key)) <= 0)
+if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
+ sizeof(ret->ext.cookie_hmac_key)) <= 0)
goto err;
#ifndef OPENSSL_NO_SRP
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 8d18ce4504..941660d8a1 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -259,7 +259,7 @@ static int def_generate_session_id(SSL *ssl, unsigned char
*id,
{
unsigned int retry = 0;
do
-if (RAND_bytes(id, *id_len) <= 0)
+if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a13d2708b1..ef53fe7872 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1201,7 +1201,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
s->tmp_session_id_len = sess_id_len;
session_id = s->tmp_session_id;
if (s->hello_retry_request == SSL_HRR_NONE
-&& RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {
+&& RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id,
+ sess_id_len) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-multiblock
Platform and configuration command:
$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-multiblock
Commit log since last time:
cf0843c091 Configure: Better detection of '-static' in @{$config{LDFLAGS}}
8baa49aeac Add answers for EVP_PKEY_get_default_digest_name() in RSA and DSA
keymgmt
ead0d2347a EVP: Add EVP_PKEY_get_default_digest_name() and use it
c24937d5e7 Add internal maxsize macros
a88aef32c9 PROV: Fix bignum printout in text serializers
62f49b90d7 Add DH key exchange to fips provider
f100483013 Check ECC-CDH is compliant with SP800-56A-r3
2eb875c925 Re-remove TS_VERIFY_CTX_set_certs entry from missingcrypto.txt
adc9086beb Avoid leak in error path of PKCS5_PBE_keyivgen
1f457256ce Legacy digests can have custom control values
32be631ca1 Do not silently truncate files on perlasm errors
3b740f6ec0 Russian Elbrus processors support
177b60b481 Add missing files to generated
fadb57e554 Fix some missing doc links.
2280685883 Document the SSL_CTX_with_libctx() function
ba18627e4a Introduce SSL_CTX_new_with_libex()
Build log ended with (last 100 lines):
CC="clang" /usr/bin/perl ../openssl/crypto/whrlpool/asm/wp-x86_64.pl "elf" -I.
-Iinclude -Iproviders/common/include -Iproviders/implementations/include
-Icrypto/include -I../openssl -I../openssl/include
-I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\""
-DENGINESDIR="\"/usr/local/lib/engines
-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DAES_ASM -DBSAES_ASM
-DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM
-DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM
crypto/whrlpool/wp-x86_64.s
clang -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -Icrypto/include -I../openssl
-I../openssl/include -I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Win
compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\""
-DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF
crypto/whrlpool/libcrypto-lib-wp_dgst.d.tmp -MT
crypto/whrlpool/libcrypto-lib-wp_dgst.o -c -o
crypto/whrlpool/libcrypto-lib-wp_dgst.o ../openssl/crypto/whrlpool/wp_dgst.c
clang -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -Icrypto/include -I../openssl
-I../openssl/include -I../openssl/providers/common/include
-I../openssl/providers/implementations/include -I../openssl/crypto/include
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality
Still Failing: openssl/openssl#31680 (master - d80bf69)
Build Update for openssl/openssl - Build: #31680 Status: Still Failing Duration: 40 mins and 52 secs Commit: d80bf69 (master) Author: Dmitry Belyavskiy Message: New functions for PKCS8 attributes management - documentation Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10900) View the changeset: https://github.com/openssl/openssl/compare/dc8de3e6f1ee...d80bf693faaa View the full build log and details: https://travis-ci.org/openssl/openssl/builds/641327423?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via d80bf693faaa8ad08ca76f52228837306d77bb32 (commit)
via 408113c05087393cc1623a51a0e5bfe8483e302d (commit)
from dc8de3e6f1eed18617dc42d41dec6c6566c2ac0c (commit)
- Log -
commit d80bf693faaa8ad08ca76f52228837306d77bb32
Author: Dmitry Belyavskiy
Date: Mon Jan 20 16:02:26 2020 +0300
New functions for PKCS8 attributes management - documentation
Reviewed-by: Tomas Mraz
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/10900)
commit 408113c05087393cc1623a51a0e5bfe8483e302d
Author: Dmitry Belyavskiy
Date: Mon Jan 20 16:01:02 2020 +0300
New functions for PKCS8 attributes management
This commit introduces functions PKCS8_pkey_add1_attr_by_OBJ and
PKCS8_pkey_add1_attr
Reviewed-by: Tomas Mraz
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/10900)
---
Summary of changes:
crypto/asn1/p8_pkey.c | 11
doc/man3/PKCS8_pkey_add1_attr.pod | 54 +++
include/openssl/x509.h| 4 +++
util/libcrypto.num| 2 ++
util/missingcrypto.txt| 2 --
5 files changed, 71 insertions(+), 2 deletions(-)
create mode 100644 doc/man3/PKCS8_pkey_add1_attr.pod
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index c55353ae11..77e64a9ac1 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -78,3 +78,14 @@ int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int
nid, int type,
return 1;
return 0;
}
+
+int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT
*obj, int type,
+const unsigned char *bytes, int len)
+{
+return (X509at_add1_attr_by_OBJ(>attributes, obj, type, bytes, len) !=
NULL);
+}
+
+int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr)
+{
+return (X509at_add1_attr(>attributes, attr) != NULL);
+}
diff --git a/doc/man3/PKCS8_pkey_add1_attr.pod
b/doc/man3/PKCS8_pkey_add1_attr.pod
new file mode 100644
index 00..340b56aafe
--- /dev/null
+++ b/doc/man3/PKCS8_pkey_add1_attr.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID,
PKCS8_pkey_add1_attr_by_OBJ - PKCS8 attribute functions
+
+=head1 SYNOPSIS
+
+ #include
+
+ const STACK_OF(X509_ATTRIBUTE) *
+ PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+ int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr);
+ int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+ const unsigned char *bytes, int len);
+ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT
*obj,
+int type, const unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+PKCS8_pkey_get0_attrs() returns a const STACK of X509_ATTRIBUTE present in
+the passed const PKCS8_PRIV_KEY_INFO structure B.
+
+PKCS8_pkey_add1_attr() adds a constructed X509_ATTRIBUTE B to the
+existing PKCS8_PRIV_KEY_INFO structure B.
+
+PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_add1_attr_by_OBJ() construct a new
+X509_ATTRIBUTE from the passed arguments and add it to the existing
+PKCS8_PRIV_KEY_INFO structure B.
+
+=head1 RETURN VALUES
+
+PKCS8_pkey_add1_attr(), PKCS8_pkey_add1_attr_by_NID(), and
+PKCS8_pkey_add1_attr_by_OBJ() return 1 for success and 0 for failure.
+
+=head1 NOTES
+
+STACK of X509_ATTRIBUTE is present in many X509-related structures and some of
+them have the corresponding set of similar functions.
+
+=head1 SEE ALSO
+
+L
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L.
+
+=cut
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 9d8cc03c53..4cd17d24f5 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1034,8 +1034,12 @@ int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
const STACK_OF(X509_ATTRIBUTE) *
PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr);
int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
const unsigned char *bytes, int len);
+int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT
*obj,
+int type, const unsigned char *bytes, int len);
+
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
int ptype, void *pval,
diff --git a/util/libcrypto.num
