Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-posix-io
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html
doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html
doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html
doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html
doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html
doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html
doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html
doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html
doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html
doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html
doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html
doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html
doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html
doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html
doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/h
tml/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html
doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html
doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html
doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html
doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html
doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html
doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html
doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html
doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html
doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html
doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html
doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html
doc/html/man1/openssl-x509.html doc/html/man1/openssl.html
doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html
doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html
doc
/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html
doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html
doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html
doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html
doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html
doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html
doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html
Build completed: openssl master.35438
Build openssl master.35438 completed Commit 004d111e6e by Shane Lontis on 7/7/2020 2:22 AM: fixup! Add FIPS related configuration data to the default openssl application configuration file Configure your notification preferences
Build failed: openssl master.35437
Build openssl master.35437 failed Commit be3c18fabf by Shane Lontis on 6/25/2020 8:28 AM: Added missing libctx's found by adding a libctx to test_evp. Configure your notification preferences
FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
../../../../../enable-fuzz-afl/util/wrap.pl
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf
-section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key ""
-keypass "" -unprotected_requests => 0
not ok 38 - unprotected request
# --
# Failed test 'unprotected request'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
# Looks like you failed 3 tests of 38.
not ok 5 - CMP app CLI Mock credentials
# --
OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1
PKIStatus: accepted
# OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration
file '../Mock/test.cnf'
# OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy
option is empty string, resetting option
# OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received
PKICONF
# OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled
certificate(s), saving to file 'test.cert.pem'
../../../../../enable-fuzz-afl/util/wrap.pl
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf
-section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey
new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted
root.crt => 0
not ok 43 - popo RAVERIFIED
# --
OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1
PKIStatus: accepted
# OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration
file '../Mock/test.cnf'
# OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy
option is empty string, resetting option
# OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui-console
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
# Failed test 'p10cr csr empty file'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
../../../../../no-ui-console/util/wrap.pl
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr
wrong.csr.pem => 139
not ok 78 - p10cr wrong csr
# --
# Failed test 'p10cr wrong csr'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
../../../../../no-ui-console/util/wrap.pl
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5
=> 139
not ok 79 - ir + ignored revocation
# --
../../../../../no-ui-console/util/wrap.pl
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139
not ok 82 - cr command
# --
# Failed test 'cr command'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
../../../../../no-ui-console/util/wrap.pl
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert
test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key
-extracerts issuing.crt => 139
not ok 83 - kur command explicit options
# --
# Failed test 'kur command explicit options'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
../../../../../no-ui-console/util/wrap.pl
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout
test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert
test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139
not ok 84 - kur command minimal options
#
Errored: openssl/openssl#35977 (master - 8c330e1)
Build Update for openssl/openssl - Build: #35977 Status: Errored Duration: 1 hr, 13 mins, and 46 secs Commit: 8c330e1 (master) Author: Glenn Strauss Message: improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algoritm for TLS session tickets add comments where user-implementation is needed to complete code CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12063) View the changeset: https://github.com/openssl/openssl/compare/2d9f56e9992e...8c330e1939d6 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174450419?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 8c330e1939d6b7db93a963116354ef80ca0babb3 (commit)
from 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (commit)
- Log -
commit 8c330e1939d6b7db93a963116354ef80ca0babb3
Author: Glenn Strauss
Date: Fri Jun 5 17:14:08 2020 -0400
improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
improve reference implementation code in
SSL_CTX_set_tlsext_ticket_key_cb man page
change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys. Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c20
Use AES256 for the default encryption algoritm for TLS session tickets
add comments where user-implementation is needed to complete code
CLA: trivial
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12063)
---
Summary of changes:
doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index ae2ee2b4e2..ee726b3b64 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -159,6 +159,7 @@ Reference Implementation:
EVP_MAC_CTX *hctx, int enc)
{
OSSL_PARAM params[3];
+ your_type_t *key; /* something that you need to implement */
if (enc) { /* create new session */
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
@@ -178,10 +179,10 @@ Reference Implementation:
}
memcpy(key_name, key->name, 16);
- EVP_EncryptInit_ex(, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ EVP_EncryptInit_ex(, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
- key->hmac_key, 16);
+ key->hmac_key, 32);
params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
"sha256", 0);
params[2] = OSSL_PARAM_construct_end();
@@ -190,21 +191,22 @@ Reference Implementation:
return 1;
} else { /* retrieve session */
- key = findkey(name);
+ time_t t = time(NULL);
+ key = findkey(key_name); /* something that you need to implement */
- if (key == NULL || key->expire < now())
+ if (key == NULL || key->expire < t)
return 0;
params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
- key->hmac_key, 16);
+ key->hmac_key, 32);
params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
"sha256", 0);
params[2] = OSSL_PARAM_construct_end();
EVP_MAC_set_ctx_params(hctx, params);
- EVP_DecryptInit_ex(, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ EVP_DecryptInit_ex(, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
- if (key->expire < now() - RENEW_TIME) {
+ if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */
/*
* return 2 - This session will get a new ticket even though the
* current one is still valid.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-err
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
65-test_cmp_status.t ... ok
65-test_cmp_vfy.t .. ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t ok
70-test_packet.t ... ok
70-test_recordlen.t ok
70-test_renegotiation.t ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t ok
70-test_sslcertstatus.t ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t ok
70-test_tls13messages.t ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t ok
90-test_async.t ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t
Errored: openssl/openssl#35964 (master - 2d9f56e)
Build Update for openssl/openssl - Build: #35964 Status: Errored Duration: 1 hr, 18 mins, and 37 secs Commit: 2d9f56e (master) Author: Matt Caswell Message: Ensure TLS padding is added during encryption on the provider side Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) View the changeset: https://github.com/openssl/openssl/compare/1b726e9b91a0...2d9f56e9992e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174386611?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (commit) via b5588178232f5cbf32662dfa173c72a001d54aeb (commit) via 63ee6ec17714f5446a3656083e438ec941bdd542 (commit) via f29dbb08668318b84d7bca0bd63c585e0169545e (commit) via 09ce6e0854b9dee49a25662e1869b2afc2a1 (commit) via ee0c849e5a1c26ed16c08311efdfd78c8e4c8221 (commit) via 978cc3648d02551c6ada328708306dad2d3ce07a (commit) via 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d (commit) via 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 (commit) via 524cb684ac00922c4a21235a8ae2c66596893437 (commit) via e71fd827bcff720fb47e39c69cc468da9452935d (commit) via f0237a6c6266535e105d6778ca7c34a080b88e92 (commit) via ebacd57bee1baef6236a518a0eec3135d593f47a (commit) via ec27e619e86c6ce4dfa905044eb4737eeba28a9d (commit) from 1b726e9b91a032298dc96ad117b23e18e1583246 (commit) - Log - commit 2d9f56e9992ef3725b87a0a8e6165a18d038b784 Author: Matt Caswell Date: Fri Jun 26 18:22:18 2020 +0100 Ensure TLS padding is added during encryption on the provider side Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit b5588178232f5cbf32662dfa173c72a001d54aeb Author: Matt Caswell Date: Fri Jun 26 13:05:18 2020 +0100 Convert SSLv3 handling to use provider side CBC/MAC removal Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 63ee6ec17714f5446a3656083e438ec941bdd542 Author: Matt Caswell Date: Tue Jun 23 16:47:31 2020 +0100 Ensure any allocated MAC is freed in the provider code Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit f29dbb08668318b84d7bca0bd63c585e0169545e Author: Matt Caswell Date: Tue Jun 23 14:34:45 2020 +0100 Decreate the length after decryption for the stitched ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 09ce6e0854b9dee49a25662e1869b2afc2a1 Author: Matt Caswell Date: Mon Jun 22 16:02:12 2020 +0100 Ensure the sslcorrupttest checks all errors on the queue sslcorrupttest was looking for a "decryption failed or bad record mac" error in the queue. However if there were multiple errors on the queue then it would fail to find it. We modify the test to check all errors. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit ee0c849e5a1c26ed16c08311efdfd78c8e4c8221 Author: Matt Caswell Date: Mon Jun 22 16:01:31 2020 +0100 Ensure GCM "update" failures return 0 on error EVP_CipherUpdate is supposed to return 1 for success or 0 for error. However for GCM ciphers it was sometimes returning -1 for error. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 978cc3648d02551c6ada328708306dad2d3ce07a Author: Matt Caswell Date: Mon Jun 22 15:04:50 2020 +0100 Ensure cipher_generic_initkey gets passed the actual provider ctx We were not correctly passing the provider ctx down the chain during initialisation of a new cipher ctx. Instead the provider ctx got set to NULL. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d Author: Matt Caswell Date: Mon Jun 22 10:51:48 2020 +0100 Make the NULL cipher TLS aware Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 Author: Matt Caswell Date: Fri Jun 19 17:26:49 2020 +0100 Change ChaCha20-Poly1305 to be consistent with out ciphers Other ciphers return the length of the Payload for TLS as a result of an EVP_DecryptUpdate() operation - but ChaCha20-Poly1305 did not. We change it so that it does. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 524cb684ac00922c4a21235a8ae2c66596893437 Author: Matt Caswell Date: Wed Jun 17 17:16:22 2020 +0100 Make libssl start using the TLS provider CBC support Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit e71fd827bcff720fb47e39c69cc468da9452935d Author: Matt Caswell Date: Wed May 27 17:20:18 2020 +0100 Add provider support for TLS CBC padding and MAC removal The previous commits separated out the TLS CBC padding code in libssl. Now we can use that code to directly support TLS CBC padding and MAC removal in provided ciphers. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit f0237a6c6266535e105d6778ca7c34a080b88e92 Author: Matt Caswell
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dgram
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . skipped: No DTLS protocols are supported
by this OpenSSL build
80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK
support enabled
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 7 - iteration 7
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 8 - iteration 8
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 9 - iteration 9
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 10 - iteration 10
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 11 - iteration 11
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @
../openssl/test/ssl_test.c:479
# 0x0
not ok 12 - iteration 12
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips
../../../openssl/test/fips.cnf => 1
not ok 9 - running ssl_test 04-client_auth.cnf
# --
# Failed test 'running ssl_test 04-client_auth.cnf'
# at ../openssl/test/recipes/80-test_ssl_new.t line 174.
# Looks like you failed 1 test of 9.
not ok 5 - Test configuration 04-client_auth.cnf
# --
# Looks like you failed 1 test of
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des
Commit log since last time:
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
17b7f89684 TEST: fix test/errtest.c
71f2994b15 ERR: special case system errors
163b2bcd8b ERR: refactor global error codes
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all
circumstances
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also
does it.
2f142901ca coverity 1464983: null pointer dereference
6f924bb89e coverity 1464984: Null pointer dereferences
9283e9bd11 cmp: remove NULL check.
c4d0221405 coverity: CID 1464987: USE AFTER FREE
22f7f42433 rand: avoid caching RNG parameters.
7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely
132abb21f9 rand: fix recursive locking issue.
8c1cbc7210 Fix typos and repeated words
3a19f1a9dd Configuration and build: Fix solaris tags
1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well
b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation
5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
ca3245a619 If an empty password is supplied still try to use it
5a640713f3 Ensure a string is properly terminated in http_client.c
64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve
port setting
94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and
VFP
a812549108 test/run_tests.pl: Add visual separator after failed test case for
VFP and VFP modes
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES
(VF)
ea4ee152a7 Configure: fix handling of build.info attributes with value
e7869ef137 Fix up build issue when running cpp tests
0c121c doc: Remove stray backtick
Build log ended with (last 100 lines):
C0D0659B617F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:698:
C0D0659B617F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey,
Type=PKCS8_PRIV_KEY_INFO
C0D0659B617F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1
lib:../openssl/crypto/asn1/d2i_pr.c:64:
C0D0659B617F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1
lib:../openssl/crypto/asn1/d2i_pr.c:64:
C0D0659B617F:error::asn1 encoding routines:asn1_check_tlen:wrong
tag:../openssl/crypto/asn1/tasn_dec.c:1135:
C0D0659B617F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:698:
C0D0659B617F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey,
Type=PKCS8_PRIV_KEY_INFO
C0D0659B617F:error::asn1 encoding routines:asn1_check_tlen:wrong
tag:../openssl/crypto/asn1/tasn_dec.c:1135:
C0D0659B617F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:698:
C0D0659B617F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested
asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey,
Type=PKCS8_PRIV_KEY_INFO
OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context
# OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration
file '../Mock/test.cnf'
# OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy
option is empty string, resetting option
# OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact
http://127.0.0.1:1700/pkix/
../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp
-config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy
127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem
-out_trusted root.crt => 1
not ok 82 - cr command
# --
# Failed test 'cr command'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 177.
Could not open file or uri test.cert.pem for loading CMP client certificate
(and optionally extra certs)
C09098BD5E7F:error::system library:file_open:No such file or
directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem)
Unable to load CMP client certificate (and optionally extra certs)
OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set
