Still Failing: openssl/openssl#36543 (master - 90ef39f)
Build Update for openssl/openssl - Build: #36543 Status: Still Failing Duration: 20 mins and 9 secs Commit: 90ef39f (master) Author: Richard Levitte Message: EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID Trust the returned value from EVP_PKEY_get_default_digest_name()! It mimics exactly the values that EVP_PKEY_get_default_digest_nid() is supposed to return, and that value should simply be passed unchanged. Callers depend on it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12586) View the changeset: https://github.com/openssl/openssl/compare/a7922e208ddf...90ef39f43ad5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178835248?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/h tml/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc /html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html
Still Failing: openssl/openssl#36542 (master - a7922e2)
Build Update for openssl/openssl - Build: #36542 Status: Still Failing Duration: 15 mins and 50 secs Commit: a7922e2 (master) Author: Richard Levitte Message: TEST: Adjust the serdes test to include MSBLOB and PVK Because PVK uses RC4, we must ensure that default + legacy providers are active. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) View the changeset: https://github.com/openssl/openssl/compare/6ce6ad39fe85...a7922e208ddf View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178835141?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#36541 (master - 6ce6ad3)
Build Update for openssl/openssl - Build: #36541 Status: Still Failing Duration: 1 hr, 18 mins, and 2 secs Commit: 6ce6ad3 (master) Author: Richard Levitte Message: RSA: Be less strict on PSS parameters when exporting to provider We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature computation faults. However, if this key needs to be exported to the RSA provider implementation, the result would be an earlier error, giving the computation that's supposed to be checked n chance to even be reached. Either way, the legacy to provider export is no place to validate the values of the key. We also ensure that the provider implementation can handle and detect signed (negative) saltlen values. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12583) View the changeset: https://github.com/openssl/openssl/compare/5f6a0b2ff055...6ce6ad39fe85 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178828575?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build completed: openssl master.36003
Build openssl master.36003 completed Commit 3d2a6f0586 by C.W. Betts on 8/5/2020 10:02 PM: Fix ASM code. Configure your notification preferences
[openssl] master update
The branch master has been updated via 4df0d37ff6cc399b93f9ef2524d087c2d67d41b5 (commit) from 90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7 (commit) - Log - commit 4df0d37ff6cc399b93f9ef2524d087c2d67d41b5 Author: Richard Levitte Date: Fri Aug 7 04:44:06 2020 +0200 PROV: Fix MSBLOB / PVK deserializer Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12601) --- Summary of changes: providers/implementations/serializers/deserialize_ms2key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/implementations/serializers/deserialize_ms2key.c b/providers/implementations/serializers/deserialize_ms2key.c index 73d462e41e..8b9ddec6a0 100644 --- a/providers/implementations/serializers/deserialize_ms2key.c +++ b/providers/implementations/serializers/deserialize_ms2key.c @@ -77,7 +77,7 @@ static void ms2key_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *ms2key_gettable_params(void) +static const OSSL_PARAM *ms2key_gettable_params(ossl_unused void *provctx) { static const OSSL_PARAM gettables[] = { { OSSL_DESERIALIZER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
Build failed: openssl master.36002
Build openssl master.36002 failed Commit 90ef39f43a by Richard Levitte on 8/7/2020 2:14 AM: EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID Configure your notification preferences
Still Failing: openssl/openssl#36538 (master - 5f6a0b2)
Build Update for openssl/openssl - Build: #36538 Status: Still Failing Duration: 55 mins and 16 secs Commit: 5f6a0b2 (master) Author: Pauli Message: mac: add some consistency to setting the XXX_final output length. The various MACs were all over the place with respects to what they did with the output length in the final call. Now they all unconditionally set the output length and the EVP layer handles the possibility of a NULL pointer. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12582) View the changeset: https://github.com/openssl/openssl/compare/992492f5e82e...5f6a0b2ff055 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178820289?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7 (commit) from a7922e208ddfbdcff44d1b3fa5839f96510d04bd (commit) - Log - commit 90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7 Author: Richard Levitte Date: Wed Aug 5 10:40:01 2020 +0200 EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID Trust the returned value from EVP_PKEY_get_default_digest_name()! It mimics exactly the values that EVP_PKEY_get_default_digest_nid() is supposed to return, and that value should simply be passed unchanged. Callers depend on it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12586) --- Summary of changes: crypto/evp/p_lib.c | 19 +-- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 3e3f2118a2..2563cd97ca 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1202,19 +1202,18 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, case ASN1_PKEY_CTRL_DEFAULT_MD_NID: { char mdname[80] = ""; -int nid; int rv = EVP_PKEY_get_default_digest_name(pkey, mdname, sizeof(mdname)); -if (rv <= 0) -return rv; -nid = OBJ_sn2nid(mdname); -if (nid == NID_undef) -nid = OBJ_ln2nid(mdname); -if (nid == NID_undef) -return 0; -*(int *)arg2 = nid; -return 1; +if (rv > 0) { +int nid; + +nid = OBJ_sn2nid(mdname); +if (nid == NID_undef) +nid = OBJ_ln2nid(mdname); +*(int *)arg2 = nid; +} +return rv; } default: return -2;
[openssl] master update
The branch master has been updated via a7922e208ddfbdcff44d1b3fa5839f96510d04bd (commit) via dca51418b0186c1d829b04ce89990148fbedbf9c (commit) via 37d398c180cd30f69a9d122af4734852309b55a5 (commit) via fb89000897cddee45abb2949c0697a3f8ec090b2 (commit) via 413835f5d158acb14147e9f1c4f85b9c518b1fa6 (commit) from 6ce6ad39fe85cf8b5c84ded9885329bf703ee649 (commit) - Log - commit a7922e208ddfbdcff44d1b3fa5839f96510d04bd Author: Richard Levitte Date: Mon Aug 3 21:10:19 2020 +0200 TEST: Adjust the serdes test to include MSBLOB and PVK Because PVK uses RC4, we must ensure that default + legacy providers are active. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) commit dca51418b0186c1d829b04ce89990148fbedbf9c Author: Richard Levitte Date: Mon Aug 3 21:09:26 2020 +0200 PEM: Fix i2b_PvK to use EVP_Encrypt calls consistently Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) commit 37d398c180cd30f69a9d122af4734852309b55a5 Author: Richard Levitte Date: Mon Aug 3 21:08:40 2020 +0200 PROV: Add MSBLOB and PVK to DSA and RSA deserializers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) commit fb89000897cddee45abb2949c0697a3f8ec090b2 Author: Richard Levitte Date: Mon Aug 3 21:04:05 2020 +0200 DESERIALIZER: Adjust to allow the use several deserializers with same name A key type may be deserialized from one of several sources, which means that more than one deserializer with the same name should be possible to add to the stack of deserializers to try, in the OSSL_DESERIALIZER_CTX collection. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) commit 413835f5d158acb14147e9f1c4f85b9c518b1fa6 Author: Richard Levitte Date: Mon Aug 3 21:01:35 2020 +0200 PEM: Make general MSBLOB reader functions exposed internally Fly-by fix is to move crypto/include/internal/pem_int.h to include/internal/pem.h. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12574) --- Summary of changes: crypto/pem/pvkfmt.c| 55 ++--- crypto/serializer/deserializer_pkey.c | 67 +++--- crypto/store/loader_file.c | 2 +- .../internal/pem_int.h => include/internal/pem.h | 12 +- providers/deserializers.inc| 11 + .../implementations/include/prov/implementations.h | 4 + providers/implementations/serializers/build.info | 6 +- .../serializers/deserialize_common.c | 58 - ...{deserialize_der2key.c => deserialize_ms2key.c} | 182 .../implementations/serializers/serializer_local.h | 8 + test/recipes/04-test_serializer_deserializer.t | 12 +- test/serdes_test.c | 239 - 12 files changed, 503 insertions(+), 153 deletions(-) rename crypto/include/internal/pem_int.h => include/internal/pem.h (75%) copy providers/implementations/serializers/{deserialize_der2key.c => deserialize_ms2key.c} (54%) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 6d85a8a4e1..95d1ff5a94 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -20,7 +20,7 @@ #include "internal/cryptlib.h" #include -#include "internal/pem_int.h" +#include "internal/pem.h" #include #include #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) @@ -186,28 +186,27 @@ static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) } -static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, -int ispub) +EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub) { const unsigned char *p = *in; unsigned int bitlen, magic; int isdss; -if (ossl_do_blob_header(, length, , , , ) <= 0) { -PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); +if (ossl_do_blob_header(, length, , , , ispub) <= 0) { +PEMerr(0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); return NULL; } length -= 16; -if (length < blob_length(bitlen, isdss, ispub)) { -PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); +if (length < blob_length(bitlen, isdss, *ispub)) { +PEMerr(0, PEM_R_KEYBLOB_TOO_SHORT); return NULL; } if (isdss) -return b2i_dss(, bitlen, ispub); +return b2i_dss(, bitlen, *ispub); else -return b2i_rsa(, bitlen, ispub); +return b2i_rsa(, bitlen, *ispub); } -static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) +EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub) { const unsigned char *p; unsigned char
Still Failing: openssl/openssl#36536 (master - 992492f)
Build Update for openssl/openssl - Build: #36536 Status: Still Failing Duration: 1 hr, 32 mins, and 5 secs Commit: 992492f (master) Author: Pauli Message: gettables: documentation changes to pass the provider context. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12581) View the changeset: https://github.com/openssl/openssl/compare/c5ec6dcf0bdd...992492f5e82e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178819975?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 6ce6ad39fe85cf8b5c84ded9885329bf703ee649 (commit) from 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 (commit) - Log - commit 6ce6ad39fe85cf8b5c84ded9885329bf703ee649 Author: Richard Levitte Date: Wed Aug 5 08:01:59 2020 +0200 RSA: Be less strict on PSS parameters when exporting to provider We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature computation faults. However, if this key needs to be exported to the RSA provider implementation, the result would be an earlier error, giving the computation that's supposed to be checked n chance to even be reached. Either way, the legacy to provider export is no place to validate the values of the key. We also ensure that the provider implementation can handle and detect signed (negative) saltlen values. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12583) --- Summary of changes: crypto/rsa/rsa_ameth.c| 5 +++-- include/crypto/rsa.h | 4 ++-- providers/implementations/signature/rsa.c | 14 +++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index f5911ad233..749cd8764b 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1218,10 +1218,11 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type, if (rsa->pss != NULL) { const EVP_MD *md = NULL, *mgf1md = NULL; -int md_nid, mgf1md_nid, saltlen; +int md_nid, mgf1md_nid, saltlen, trailerfield; RSA_PSS_PARAMS_30 pss_params; -if (!rsa_pss_get_param(rsa->pss, , , )) +if (!rsa_pss_get_param_unverified(rsa->pss, , , + , )) goto err; md_nid = EVP_MD_type(md); mgf1md_nid = EVP_MD_type(mgf1md); diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 9469ec9233..97cbfa1d7e 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -19,8 +19,8 @@ typedef struct rsa_pss_params_30_st { int algorithm_nid; /* Currently always NID_mgf1 */ int hash_algorithm_nid; } mask_gen; -unsigned int salt_len; -unsigned int trailer_field; +int salt_len; +int trailer_field; } RSA_PSS_PARAMS_30; RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 6de10d1f53..491c72d990 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -176,16 +176,16 @@ static int rsa_check_padding(int mdnid, int padding) return 1; } -static int rsa_check_parameters(EVP_MD *md, PROV_RSA_CTX *prsactx) +static int rsa_check_parameters(PROV_RSA_CTX *prsactx) { if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) { int max_saltlen; /* See if minimum salt length exceeds maximum possible */ -max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(md); +max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(prsactx->md); if ((RSA_bits(prsactx->rsa) & 0x7) == 1) max_saltlen--; -if (prsactx->min_saltlen > max_saltlen) { +if (prsactx->min_saltlen < 0 || prsactx->min_saltlen > max_saltlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); return 0; } @@ -230,7 +230,6 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (md == NULL || md_nid == NID_undef || !rsa_check_padding(md_nid, ctx->pad_mode) -|| !rsa_check_parameters(md, ctx) || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, @@ -365,7 +364,8 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) prsactx->saltlen = min_saltlen; return rsa_setup_md(prsactx, mdname, prsactx->propq) -&& rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq); +&& rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq) +&& rsa_check_parameters(prsactx); } } @@ -1151,7 +1151,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } if (rsa_pss_restricted(prsactx)) { -switch (prsactx->saltlen) { +switch (saltlen) { case RSA_PSS_SALTLEN_AUTO: if (prsactx->operation == EVP_PKEY_OP_VERIFY) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN); @@ -1168,7 +1168,7 @@ static int
Still Failing: openssl/openssl#36535 (master - c5ec6dc)
Build Update for openssl/openssl - Build: #36535 Status: Still Failing Duration: 1 hr, 18 mins, and 38 secs Commit: c5ec6dc (master) Author: Jon Spillett Message: Add new APIs to get PKCS12 secretBag OID and value Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10063) View the changeset: https://github.com/openssl/openssl/compare/15c9aa3aef77...c5ec6dcf0bdd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178819742?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3105:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2218:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2262:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3105:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2218:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2262:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t
[openssl] master update
The branch master has been updated via 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 (commit) from 992492f5e82e0cf9b24acc14ea90ce8afd4c447a (commit) - Log - commit 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 Author: Pauli Date: Wed Aug 5 15:26:48 2020 +1000 mac: add some consistency to setting the XXX_final output length. The various MACs were all over the place with respects to what they did with the output length in the final call. Now they all unconditionally set the output length and the EVP layer handles the possibility of a NULL pointer. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12582) --- Summary of changes: crypto/evp/mac_lib.c | 4 +++- providers/implementations/macs/blake2_mac_impl.c | 1 + providers/implementations/macs/hmac_prov.c | 3 +-- providers/implementations/macs/kmac_prov.c | 3 +-- providers/implementations/macs/poly1305_prov.c | 1 + 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index a5c1b44666..2198c46680 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -120,11 +120,13 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t outsize) { -size_t l = EVP_MAC_size(ctx); +size_t l; int res = 1; if (out != NULL) res = ctx->meth->final(ctx->data, out, , outsize); +else +l = EVP_MAC_size(ctx); if (outl != NULL) *outl = l; return res; diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index 586a546214..d4e61e44a4 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -101,6 +101,7 @@ static int blake2_mac_final(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; +*outl = blake2_mac_size(macctx); return BLAKE2_FINAL(out, >ctx); } diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 109f93d243..af2a2098cd 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -130,8 +130,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!HMAC_Final(macctx->ctx, out, )) return 0; -if (outl != NULL) -*outl = hlen; +*outl = hlen; return 1; } diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 46b0bd644a..792bc6c5bb 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -298,8 +298,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, ok = right_encode(encoded_outlen, , lbits) && EVP_DigestUpdate(ctx, encoded_outlen, len) && EVP_DigestFinalXOF(ctx, out, kctx->out_len); -if (ok && outl != NULL) -*outl = kctx->out_len; +*outl = kctx->out_len; return ok; } diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index eef546047f..748cafbaca 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -94,6 +94,7 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl, struct poly1305_data_st *ctx = vmacctx; Poly1305_Final(>poly1305, out); +*outl = poly1305_size(); return 1; }
[openssl] master update
The branch master has been updated via 992492f5e82e0cf9b24acc14ea90ce8afd4c447a (commit) via 132b61604b7f782f8ff09bb63527645e47691862 (commit) via af5e1e852d4858860d4b7210cafe7bdf39e73f80 (commit) via 18ec26babc1da90befc0bf5671bc8072428c5bab (commit) from c5ec6dcf0bdd15354a1440632766e19540487c58 (commit) - Log - commit 992492f5e82e0cf9b24acc14ea90ce8afd4c447a Author: Pauli Date: Wed Aug 5 13:24:04 2020 +1000 gettables: documentation changes to pass the provider context. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12581) commit 132b61604b7f782f8ff09bb63527645e47691862 Author: Pauli Date: Wed Aug 5 13:23:52 2020 +1000 gettables: test changes to pass the provider context. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12581) commit af5e1e852d4858860d4b7210cafe7bdf39e73f80 Author: Pauli Date: Wed Aug 5 13:23:32 2020 +1000 gettables: provider changes to pass the provider context. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12581) commit 18ec26babc1da90befc0bf5671bc8072428c5bab Author: Pauli Date: Wed Aug 5 13:23:16 2020 +1000 gettables: core changes to pass the provider context. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12581) --- Summary of changes: crypto/evp/digest.c| 20 --- crypto/evp/evp_enc.c | 9 ++- crypto/evp/evp_rand.c | 16 -- crypto/evp/kdf_meth.c | 6 +- crypto/evp/keymgmt_meth.c | 8 ++- crypto/evp/mac_meth.c | 6 +- crypto/evp/pmeth_lib.c | 44 +++ crypto/serializer/deserializer_meth.c | 6 +- crypto/serializer/serializer_meth.c| 3 +- doc/man7/provider-asym_cipher.pod | 4 +- doc/man7/provider-cipher.pod | 6 +- doc/man7/provider-digest.pod | 6 +- doc/man7/provider-keyexch.pod | 4 +- doc/man7/provider-keymgmt.pod | 4 +- doc/man7/provider-mac.pod | 6 +- doc/man7/provider-rand.pod | 6 +- doc/man7/provider-serializer.pod | 2 +- doc/man7/provider-signature.pod| 4 +- include/openssl/core_dispatch.h| 65 +- providers/implementations/asymciphers/rsa_enc.c| 4 +- .../ciphers/cipher_aes_cbc_hmac_sha.c | 4 +- providers/implementations/ciphers/cipher_aes_ocb.c | 7 ++- providers/implementations/ciphers/cipher_aes_siv.c | 20 ++- providers/implementations/ciphers/cipher_aes_xts.c | 2 +- .../implementations/ciphers/cipher_chacha20.c | 4 +- .../ciphers/cipher_chacha20_poly1305.c | 2 +- providers/implementations/ciphers/cipher_null.c| 4 +- .../implementations/ciphers/cipher_rc4_hmac_md5.c | 4 +- providers/implementations/ciphers/ciphercommon.c | 6 +- providers/implementations/digests/digestcommon.c | 2 +- providers/implementations/digests/md5_sha1_prov.c | 2 +- providers/implementations/digests/mdc2_prov.c | 2 +- providers/implementations/digests/sha2_prov.c | 2 +- providers/implementations/digests/sha3_prov.c | 2 +- providers/implementations/exchange/dh_exch.c | 2 +- providers/implementations/exchange/ecdh_exch.c | 4 +- .../implementations/include/prov/ciphercommon.h| 4 +- .../implementations/include/prov/digestcommon.h| 2 +- providers/implementations/kdfs/hkdf.c | 4 +- providers/implementations/kdfs/kbkdf.c | 6 +- providers/implementations/kdfs/krb5kdf.c | 4 +- providers/implementations/kdfs/pbkdf2.c| 6 +- providers/implementations/kdfs/scrypt.c| 6 +- providers/implementations/kdfs/sshkdf.c| 4 +- providers/implementations/kdfs/sskdf.c | 4 +- providers/implementations/kdfs/tls1_prf.c | 6 +- providers/implementations/kdfs/x942kdf.c | 4 +- providers/implementations/keymgmt/dh_kmgmt.c | 4 +- providers/implementations/keymgmt/dsa_kmgmt.c | 2 +- providers/implementations/keymgmt/ec_kmgmt.c | 4 +- providers/implementations/keymgmt/ecx_kmgmt.c | 16 +++--- providers/implementations/keymgmt/rsa_kmgmt.c | 2 +- providers/implementations/macs/blake2_mac_impl.c | 4 +- providers/implementations/macs/cmac_prov.c | 4 +- providers/implementations/macs/gmac_prov.c | 4 +- providers/implementations/macs/hmac_prov.c | 4 +-
[openssl] master update
The branch master has been updated via c5ec6dcf0bdd15354a1440632766e19540487c58 (commit) from 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e (commit) - Log - commit c5ec6dcf0bdd15354a1440632766e19540487c58 Author: Jon Spillett Date: Thu Sep 19 15:39:13 2019 +1000 Add new APIs to get PKCS12 secretBag OID and value Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10063) --- Summary of changes: apps/pkcs12.c | 14 + crypto/err/openssl.txt | 2 + crypto/pkcs12/p12_attr.c| 28 +- crypto/pkcs12/p12_crt.c | 18 + crypto/pkcs12/p12_sbag.c| 66 ++- crypto/pkcs12/pk12err.c | 3 +- doc/man3/PKCS12_SAFEBAG_create_cert.pod | 80 doc/man3/PKCS12_SAFEBAG_get1_cert.pod | 74 doc/man3/PKCS12_add1_attr_by_NID.pod| 52 +++ doc/man3/PKCS12_add_cert.pod| 66 +++ doc/man3/PKCS12_add_safe.pod| 64 +++ include/openssl/pkcs12.h| 9 + include/openssl/pkcs12err.h | 2 + test/build.info | 7 +- test/pkcs12_format_test.c | 444 test/pkcs12_helper.c| 708 test/pkcs12_helper.h| 99 + test/recipes/80-test_pkcs12.t | 5 +- util/libcrypto.num | 6 + 19 files changed, 1738 insertions(+), 9 deletions(-) create mode 100644 doc/man3/PKCS12_SAFEBAG_create_cert.pod create mode 100644 doc/man3/PKCS12_SAFEBAG_get1_cert.pod create mode 100644 doc/man3/PKCS12_add1_attr_by_NID.pod create mode 100644 doc/man3/PKCS12_add_cert.pod create mode 100644 doc/man3/PKCS12_add_safe.pod create mode 100644 test/pkcs12_format_test.c create mode 100644 test/pkcs12_helper.c create mode 100644 test/pkcs12_helper.h diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 3398250efd..46340c0d25 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -789,6 +789,16 @@ int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag, X509_free(x509); break; +case NID_secretBag: +if (options & INFO) +BIO_printf(bio_err, "Secret bag\n"); +print_attribs(out, attrs, "Bag Attributes"); +BIO_printf(bio_err, "Bag Type: "); +i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_bag_type(bag)); +BIO_printf(bio_err, "\nBag Value: "); +print_attribute(out, PKCS12_SAFEBAG_get0_bag_obj(bag)); +return 1; + case NID_safeContentsBag: if (options & INFO) BIO_printf(bio_err, "Safe Contents bag\n"); @@ -954,6 +964,10 @@ void print_attribute(BIO *out, const ASN1_TYPE *av) OPENSSL_free(value); break; +case V_ASN1_UTF8STRING: +BIO_printf(out, "%s\n", av->value.utf8string->data); +break; + case V_ASN1_OCTET_STRING: hex_prin(out, av->value.octet_string->data, av->value.octet_string->length); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 53becb8ed4..cbfc495a0a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1058,6 +1058,7 @@ PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8 PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\ PKCS12_SAFEBAG_create_pkcs8_encrypt +PKCS12_F_PKCS12_SAFEBAG_CREATE_SECRET:134: PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes @@ -2760,6 +2761,7 @@ PKCS12_R_ENCRYPT_ERROR:103:encrypt error PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer +PKCS12_R_INVALID_TYPE:112:invalid type PKCS12_R_IV_GEN_ERROR:106:iv gen error PKCS12_R_KEY_GEN_ERROR:107:key gen error PKCS12_R_MAC_ABSENT:108:mac absent diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index e2ca95bcfa..0acecef7a3 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -18,7 +18,7 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) { if (X509at_add1_attr_by_NID(>attrib, NID_localKeyID, -V_ASN1_OCTET_STRING, name, namelen)) +V_ASN1_OCTET_STRING, name, namelen) != NULL) return 1; else return 0; @@ -39,7 +39,7 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) { if (X509at_add1_attr_by_NID(>attrib,
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # -- # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout
Still Failing: openssl/openssl#36531 (master - 15c9aa3)
Build Update for openssl/openssl - Build: #36531 Status: Still Failing Duration: 1 hr, 27 mins, and 8 secs Commit: 15c9aa3 (master) Author: Sahana Prasad Message: apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2 Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: Sahana Prasad Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12540) View the changeset: https://github.com/openssl/openssl/compare/1b2873e4a1ed...15c9aa3aef77 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178780645?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Failed: openssl/openssl#36528 (master - 1b2873e)
Build Update for openssl/openssl - Build: #36528 Status: Failed Duration: 1 hr, 24 mins, and 25 secs Commit: 1b2873e (master) Author: Matt Caswell Message: Prepare for 3.0 alpha 7 Reviewed-by: Tomas Mraz View the changeset: https://github.com/openssl/openssl/compare/0f84cbc3e202...1b2873e4a1ed View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178756452?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e (commit) from 1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 (commit) - Log - commit 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e Author: Sahana Prasad Date: Wed Jul 22 13:36:36 2020 +0200 apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2 Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: Sahana Prasad Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12540) --- Summary of changes: apps/pkcs12.c | 46 -- doc/man1/openssl-pkcs12.pod.in | 24 -- 2 files changed, 57 insertions(+), 13 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index ca83e2d1be..3398250efd 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -18,6 +18,7 @@ #include #include #include +#include DEFINE_STACK_OF(X509) DEFINE_STACK_OF(PKCS7) @@ -61,12 +62,13 @@ typedef enum OPTION_choice { OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, -OPT_R_ENUM, OPT_PROV_ENUM +OPT_R_ENUM, OPT_PROV_ENUM, OPT_LEGACY_ALG } OPTION_CHOICE; const OPTIONS pkcs12_options[] = { OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, +{"legacy", OPT_LEGACY_ALG, '-', "use legacy algorithms"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -117,9 +119,9 @@ const OPTIONS pkcs12_options[] = { OPT_SECTION("Encryption"), #ifndef OPENSSL_NO_RC2 {"descert", OPT_DESCERT, '-', - "Encrypt output with 3DES (default RC2-40)"}, + "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"}, {"certpbe", OPT_CERTPBE, 's', - "Certificate PBE algorithm (default RC2-40)"}, + "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"}, #else {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, @@ -143,14 +145,10 @@ int pkcs12_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; char *name = NULL, *csp_name = NULL; char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; -int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; +int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0, use_legacy = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; -#ifndef OPENSSL_NO_RC2 -int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -#else -int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -#endif -int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +int cert_pbe = NID_aes_256_cbc; +int key_pbe = NID_aes_256_cbc; int ret = 1, macver = 1, add_lmk = 0, private = 0; int noprompt = 0; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; @@ -162,7 +160,7 @@ int pkcs12_main(int argc, char **argv) BIO *in = NULL, *out = NULL; PKCS12 *p12 = NULL; STACK_OF(OPENSSL_STRING) *canames = NULL; -const EVP_CIPHER *enc = EVP_des_ede3_cbc(); +const EVP_CIPHER *enc = EVP_aes_256_cbc(); OPTION_CHOICE o; prog = opt_init(argc, argv, pkcs12_options); @@ -313,6 +311,9 @@ int pkcs12_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; +case OPT_LEGACY_ALG: +use_legacy = 1; +break; case OPT_PROV_CASES: if (!opt_provider(o)) goto end; @@ -320,6 +321,29 @@ int pkcs12_main(int argc, char **argv) } } argc = opt_num_rest(); + +if (use_legacy) { +/* load the legacy provider if not loaded already*/ +if (!OSSL_PROVIDER_available(app_get0_libctx(), "legacy")) { +if (!app_provider_load(app_get0_libctx(), "legacy")) +goto end; +/* load the default provider explicitly */ +if (!app_provider_load(app_get0_libctx(), "default")) +goto end; +} +if (cert_pbe != NID_pbe_WithSHA1And3_Key_TripleDES_CBC) { +/* Restore default algorithms */ +#ifndef OPENSSL_NO_RC2 +cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; +#else +cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#endif +} + +key_pbe =
Failed: openssl/openssl#36523 (master - 0f84cbc)
Build Update for openssl/openssl - Build: #36523 Status: Failed Duration: 1 hr, 18 mins, and 6 secs Commit: 0f84cbc (master) Author: Matt Caswell Message: Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12595) View the changeset: https://github.com/openssl/openssl/compare/914f97eecc91...0f84cbc3e202 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/178750910?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[web] master update
The branch master has been updated via 1ee0b6a74934e813ae26995ae59cab209127da03 (commit) from 352c7424739f080133f1309e1dff033cd66f2c4a (commit) - Log - commit 1ee0b6a74934e813ae26995ae59cab209127da03 Author: Matt Caswell Date: Thu Aug 6 14:18:45 2020 +0100 Update newsflash.txt for the alpha6 release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/190) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 163dd21..a1094b9 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it
[openssl] master update
The branch master has been updated via 1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 (commit) via e3ec8020b433f9bccebb547889e43c4691eb8713 (commit) from 0f84cbc3e2025424772b2424be4b6fd728e7df2f (commit) - Log - commit 1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 Author: Matt Caswell Date: Thu Aug 6 14:02:31 2020 +0100 Prepare for 3.0 alpha 7 Reviewed-by: Tomas Mraz commit e3ec8020b433f9bccebb547889e43c4691eb8713 Author: Matt Caswell Date: Thu Aug 6 14:00:13 2020 +0100 Prepare for release of 3.0 alpha 6 Reviewed-by: Tomas Mraz --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 7c83447f66..fa4e93c5f0 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha6-dev +PRE_RELEASE_TAG=alpha7-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
[openssl] master update
The branch master has been updated via 0f84cbc3e2025424772b2424be4b6fd728e7df2f (commit) from 914f97eecc9166fbfdb50c2d04e2b9f9d0c52198 (commit) - Log - commit 0f84cbc3e2025424772b2424be4b6fd728e7df2f Author: Matt Caswell Date: Thu Aug 6 13:22:30 2020 +0100 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12595) --- Summary of changes: crypto/bio/bss_mem.c | 2 +- crypto/bn/bn_mont.c | 2 +- crypto/evp/cmeth_lib.c | 2 +- crypto/objects/obj_dat.c | 2 +- crypto/pem/pem_local.h | 2 +- crypto/x509/v3err.c | 2 +- demos/bio/sconnect.c | 2 +- doc/internal/man3/ossl_algorithm_do_all.pod | 2 +- doc/internal/man3/ossl_method_construct.pod | 2 +- doc/man3/BIO_connect.pod | 2 +- doc/man3/BIO_f_cipher.pod| 2 +- doc/man3/BIO_printf.pod | 2 +- doc/man3/BIO_read.pod| 2 +- doc/man3/BIO_s_accept.pod| 2 +- doc/man3/BIO_s_file.pod | 2 +- doc/man3/BIO_s_mem.pod | 2 +- doc/man3/BN_add.pod | 2 +- doc/man3/BN_generate_prime.pod | 2 +- doc/man3/BN_mod_mul_montgomery.pod | 2 +- doc/man3/BN_set_bit.pod | 2 +- doc/man3/DH_get_1024_160.pod | 2 +- doc/man3/ERR_new.pod | 2 +- doc/man3/ERR_print_errors.pod| 2 +- doc/man3/EVP_MD_meth_new.pod | 2 +- doc/man3/EVP_PKEY_meth_get_count.pod | 2 +- doc/man3/EVP_PKEY_meth_new.pod | 2 +- doc/man3/EVP_bf_cbc.pod | 2 +- doc/man3/EVP_cast5_cbc.pod | 2 +- doc/man3/EVP_chacha20.pod| 2 +- doc/man3/EVP_desx_cbc.pod| 2 +- doc/man3/EVP_idea_cbc.pod| 2 +- doc/man3/EVP_rc2_cbc.pod | 2 +- doc/man3/EVP_rc4.pod | 2 +- doc/man3/EVP_rc5_32_12_16_cbc.pod| 2 +- doc/man3/EVP_seed_cbc.pod| 2 +- doc/man3/OBJ_nid2obj.pod | 2 +- doc/man3/OPENSSL_init_ssl.pod| 2 +- doc/man3/OpenSSL_add_all_algorithms.pod | 2 +- doc/man3/PEM_read.pod| 2 +- doc/man3/RAND_cleanup.pod| 2 +- doc/man3/RAND_load_file.pod | 2 +- doc/man3/RSA_blinding_on.pod | 2 +- doc/man3/SSL_COMP_add_compression_method.pod | 2 +- doc/man3/SSL_CTX_dane_enable.pod | 2 +- doc/man3/SSL_CTX_get0_param.pod | 2 +- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 2 +- doc/man3/SSL_CTX_set_cert_cb.pod | 2 +- doc/man3/SSL_CTX_set_client_cert_cb.pod | 2 +- doc/man3/SSL_CTX_set_info_callback.pod | 2 +- doc/man3/SSL_CTX_set_max_cert_list.pod | 2 +- doc/man3/SSL_CTX_set_mode.pod| 2 +- doc/man3/SSL_CTX_set_read_ahead.pod | 2 +- doc/man3/SSL_CTX_set_security_level.pod | 2 +- doc/man3/SSL_CTX_set_srp_password.pod| 2 +- doc/man3/SSL_SESSION_get0_id_context.pod | 2 +- doc/man3/SSL_SESSION_set1_id.pod | 2 +- doc/man3/SSL_alloc_buffers.pod | 2 +- doc/man3/SSL_load_client_CA_file.pod | 2 +- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/SSL_set_fd.pod | 2 +- doc/man3/SSL_state_string.pod| 2 +- doc/man3/SSL_want.pod| 2 +- doc/man3/SSL_write.pod | 2 +- doc/man3/X509_SIG_get0.pod | 2 +- doc/man3/X509_new.pod| 2 +- include/crypto/serializer.h | 2 +- include/crypto/siv.h | 2 +- ssl/ssl_mcnf.c | 2 +- test/pkey_meth_test.c| 2 +- test/recipes/30-test_engine.t| 2 +- test/recipes/30-test_evp_data/evpkdf.txt | 2 +- test/recipes/80-test_tsa.t | 2 +- test/smime-certs/mksmime-certs.sh| 2 +- test/testutil/tests.c| 2 +- 74 files changed, 74 insertions(+), 74 deletions(-) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index d9580e6d37..57b7a7449e 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 914f97eecc Fix provider cipher reinit after init/update with a partial update block. c5b356d5d6 Mark an argument of an inline function as unused ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA 4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 57c05c57c3 apps: Correct and extend diagnostics of parse_name() 02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate 1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME c90c469376 Correct confusing X509V3 conf error output by removing needless 'section:' etc. b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name 8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too 19b4e6f8fe Coverity Fixes for issue #12531 e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo 37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals 892a9e4c99 Disallow setting more than one IP address with SSL_add1_host() 396e720965 Fix certificate validation for IPv6 literals in sconnect demo c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Build log ended with (last 100 lines): C0E03A92BA7F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0E03A92BA7F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E03A92BA7F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E03A92BA7F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0E03A92BA7F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E03A92BA7F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E03A92BA7F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3039:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy option is empty string, resetting option ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C090AFB2FC7E:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3039:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2119:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri