date:20200806

Build Update for openssl/openssl
-

Build: #36543
Status: Still Failing

Duration: 20 mins and 9 secs
Commit: 90ef39f (master)
Author: Richard Levitte
Message: EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID

Trust the returned value from EVP_PKEY_get_default_digest_name()!  It
mimics exactly the values that EVP_PKEY_get_default_digest_nid() is
supposed to return, and that value should simply be passed unchanged.
Callers depend on it.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12586)

View the changeset: 
https://github.com/openssl/openssl/compare/a7922e208ddf...90ef39f43ad5

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178835248?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-posix-io

Commit log since last time:

914f97eecc Fix provider cipher reinit after init/update with a partial update 
block.
c5b356d5d6 Mark an argument of an inline function as unused
ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA
4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far 
as appropriate
1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to 
X509V3_R_INVALID_EMPTY_NAME
c90c469376 Correct confusing X509V3 conf error output by removing needless 
'section:' etc.
b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too
19b4e6f8fe Coverity Fixes for issue #12531
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do 
der encoding of sharedInfo
37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP 
literals
892a9e4c99 Disallow setting more than one IP address with SSL_add1_host()
396e720965 Fix certificate validation for IPv6 literals in sconnect demo
c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses
a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be 
started

Build log ended with (last 100 lines):

rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html 
doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html 
doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html 
doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html 
doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html 
doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html 
doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html 
doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html 
doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html 
doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html 
doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html 
doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html 
doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html 
doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html 
doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/h
 tml/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html 
doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html 
doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html 
doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html 
doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html 
doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html 
doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html 
doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html 
doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html 
doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html 
doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html 
doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html 
doc/html/man1/openssl-x509.html doc/html/man1/openssl.html 
doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html 
doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html 
doc
 /html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html 
doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html 
doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html 
doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html 
doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html 
doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html 
doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html 
doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html 
doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html 
doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html 
doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html 
doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html 
doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html 
doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html 
doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html 
 doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html 
doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html 
doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html

Still Failing: openssl/openssl#36542 (master - a7922e2)

Build Update for openssl/openssl
-

Build: #36542
Status: Still Failing

Duration: 15 mins and 50 secs
Commit: a7922e2 (master)
Author: Richard Levitte
Message: TEST: Adjust the serdes test to include MSBLOB and PVK

Because PVK uses RC4, we must ensure that default + legacy providers
are active.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

View the changeset: 
https://github.com/openssl/openssl/compare/6ce6ad39fe85...a7922e208ddf

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178835141?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#36541 (master - 6ce6ad3)

Build Update for openssl/openssl
-

Build: #36541
Status: Still Failing

Duration: 1 hr, 18 mins, and 2 secs
Commit: 6ce6ad3 (master)
Author: Richard Levitte
Message: RSA: Be less strict on PSS parameters when exporting to provider

We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad
PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature
computation faults. However, if this key needs to be exported to the
RSA provider implementation, the result would be an earlier error,
giving the computation that's supposed to be checked n chance to even
be reached.

Either way, the legacy to provider export is no place to validate the
values of the key.

We also ensure that the provider implementation can handle and detect
signed (negative) saltlen values.

Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/12583)

View the changeset:
https://github.com/openssl/openssl/compare/5f6a0b2ff055...6ce6ad39fe85

View the full build log and details:
https://travis-ci.com/github/openssl/openssl/builds/178828575?utm_medium=notification_source=email

You can unsubscribe from build emails from the openssl/openssl repository going
to
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml
file. See https://docs.travis-ci.com/user/notifications.

Build completed: openssl master.36003

2020-08-06 Thread AppVeyor



Build openssl master.36003 completed



Commit 3d2a6f0586 by C.W. Betts on 8/5/2020 10:02 PM:

Fix ASM code.


Configure your notification preferences

[openssl] master update

2020-08-06 Thread Richard Levitte

The branch master has been updated
   via  4df0d37ff6cc399b93f9ef2524d087c2d67d41b5 (commit)
  from  90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7 (commit)


- Log -
commit 4df0d37ff6cc399b93f9ef2524d087c2d67d41b5
Author: Richard Levitte 
Date:   Fri Aug 7 04:44:06 2020 +0200

PROV: Fix MSBLOB / PVK deserializer

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/12601)

---

Summary of changes:
 providers/implementations/serializers/deserialize_ms2key.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/serializers/deserialize_ms2key.c 
b/providers/implementations/serializers/deserialize_ms2key.c
index 73d462e41e..8b9ddec6a0 100644
--- a/providers/implementations/serializers/deserialize_ms2key.c
+++ b/providers/implementations/serializers/deserialize_ms2key.c
@@ -77,7 +77,7 @@ static void ms2key_freectx(void *vctx)
 OPENSSL_free(ctx);
 }
 
-static const OSSL_PARAM *ms2key_gettable_params(void)
+static const OSSL_PARAM *ms2key_gettable_params(ossl_unused void *provctx)
 {
 static const OSSL_PARAM gettables[] = {
 { OSSL_DESERIALIZER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 
},

Build failed: openssl master.36002

2020-08-06 Thread AppVeyor




Build openssl master.36002 failed


Commit 90ef39f43a by Richard Levitte on 8/7/2020 2:14 AM:

EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID


Configure your notification preferences

Still Failing: openssl/openssl#36538 (master - 5f6a0b2)

Build Update for openssl/openssl
-

Build: #36538
Status: Still Failing

Duration: 55 mins and 16 secs
Commit: 5f6a0b2 (master)
Author: Pauli
Message: mac: add some consistency to setting the XXX_final output length.

The various MACs were all over the place with respects to what they did with
the output length in the final call.  Now they all unconditionally set the
output length and the EVP layer handles the possibility of a NULL pointer.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12582)

View the changeset: 
https://github.com/openssl/openssl/compare/992492f5e82e...5f6a0b2ff055

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178820289?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2020-08-06 Thread Richard Levitte

The branch master has been updated
   via  90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7 (commit)
  from  a7922e208ddfbdcff44d1b3fa5839f96510d04bd (commit)


- Log -
commit 90ef39f43ad5bf4e85c56a79d0b56fb590b3c7f7
Author: Richard Levitte 
Date:   Wed Aug 5 10:40:01 2020 +0200

EVP: Fix the returned value for ASN1_PKEY_CTRL_DEFAULT_MD_NID

Trust the returned value from EVP_PKEY_get_default_digest_name()!  It
mimics exactly the values that EVP_PKEY_get_default_digest_nid() is
supposed to return, and that value should simply be passed unchanged.
Callers depend on it.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12586)

---

Summary of changes:
 crypto/evp/p_lib.c | 19 +--
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 3e3f2118a2..2563cd97ca 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1202,19 +1202,18 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, 
int op,
 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 {
 char mdname[80] = "";
-int nid;
 int rv = EVP_PKEY_get_default_digest_name(pkey, mdname,
   sizeof(mdname));
 
-if (rv <= 0)
-return rv;
-nid = OBJ_sn2nid(mdname);
-if (nid == NID_undef)
-nid = OBJ_ln2nid(mdname);
-if (nid == NID_undef)
-return 0;
-*(int *)arg2 = nid;
-return 1;
+if (rv > 0) {
+int nid;
+
+nid = OBJ_sn2nid(mdname);
+if (nid == NID_undef)
+nid = OBJ_ln2nid(mdname);
+*(int *)arg2 = nid;
+}
+return rv;
 }
 default:
 return -2;

[openssl] master update

2020-08-06 Thread Richard Levitte

The branch master has been updated
   via  a7922e208ddfbdcff44d1b3fa5839f96510d04bd (commit)
   via  dca51418b0186c1d829b04ce89990148fbedbf9c (commit)
   via  37d398c180cd30f69a9d122af4734852309b55a5 (commit)
   via  fb89000897cddee45abb2949c0697a3f8ec090b2 (commit)
   via  413835f5d158acb14147e9f1c4f85b9c518b1fa6 (commit)
  from  6ce6ad39fe85cf8b5c84ded9885329bf703ee649 (commit)


- Log -
commit a7922e208ddfbdcff44d1b3fa5839f96510d04bd
Author: Richard Levitte 
Date:   Mon Aug 3 21:10:19 2020 +0200

TEST: Adjust the serdes test to include MSBLOB and PVK

Because PVK uses RC4, we must ensure that default + legacy providers
are active.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

commit dca51418b0186c1d829b04ce89990148fbedbf9c
Author: Richard Levitte 
Date:   Mon Aug 3 21:09:26 2020 +0200

PEM: Fix i2b_PvK to use EVP_Encrypt calls consistently

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

commit 37d398c180cd30f69a9d122af4734852309b55a5
Author: Richard Levitte 
Date:   Mon Aug 3 21:08:40 2020 +0200

PROV: Add MSBLOB and PVK to DSA and RSA deserializers

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

commit fb89000897cddee45abb2949c0697a3f8ec090b2
Author: Richard Levitte 
Date:   Mon Aug 3 21:04:05 2020 +0200

DESERIALIZER: Adjust to allow the use several deserializers with same name

A key type may be deserialized from one of several sources, which
means that more than one deserializer with the same name should be
possible to add to the stack of deserializers to try, in the
OSSL_DESERIALIZER_CTX collection.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

commit 413835f5d158acb14147e9f1c4f85b9c518b1fa6
Author: Richard Levitte 
Date:   Mon Aug 3 21:01:35 2020 +0200

PEM: Make general MSBLOB reader functions exposed internally

Fly-by fix is to move crypto/include/internal/pem_int.h to
include/internal/pem.h.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12574)

---

Summary of changes:
 crypto/pem/pvkfmt.c|  55 ++---
 crypto/serializer/deserializer_pkey.c  |  67 +++---
 crypto/store/loader_file.c |   2 +-
 .../internal/pem_int.h => include/internal/pem.h   |  12 +-
 providers/deserializers.inc|  11 +
 .../implementations/include/prov/implementations.h |   4 +
 providers/implementations/serializers/build.info   |   6 +-
 .../serializers/deserialize_common.c   |  58 -
 ...{deserialize_der2key.c => deserialize_ms2key.c} | 182 
 .../implementations/serializers/serializer_local.h |   8 +
 test/recipes/04-test_serializer_deserializer.t |  12 +-
 test/serdes_test.c | 239 -
 12 files changed, 503 insertions(+), 153 deletions(-)
 rename crypto/include/internal/pem_int.h => include/internal/pem.h (75%)
 copy providers/implementations/serializers/{deserialize_der2key.c => 
deserialize_ms2key.c} (54%)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 6d85a8a4e1..95d1ff5a94 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -20,7 +20,7 @@
 
 #include "internal/cryptlib.h"
 #include 
-#include "internal/pem_int.h"
+#include "internal/pem.h"
 #include 
 #include 
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
@@ -186,28 +186,27 @@ static unsigned int blob_length(unsigned bitlen, int 
isdss, int ispub)
 
 }
 
-static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
-int ispub)
+EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub)
 {
 const unsigned char *p = *in;
 unsigned int bitlen, magic;
 int isdss;
-if (ossl_do_blob_header(, length, , , , ) <= 0) 
{
-PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+if (ossl_do_blob_header(, length, , , , ispub) <= 0) {
+PEMerr(0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
 return NULL;
 }
 length -= 16;
-if (length < blob_length(bitlen, isdss, ispub)) {
-PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+if (length < blob_length(bitlen, isdss, *ispub)) {
+PEMerr(0, PEM_R_KEYBLOB_TOO_SHORT);
 return NULL;
 }
 if (isdss)
-return b2i_dss(, bitlen, ispub);
+return b2i_dss(, bitlen, *ispub);
 else
-return b2i_rsa(, bitlen, ispub);
+return b2i_rsa(, bitlen, *ispub);
 }
 
-static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub)
 {
 const unsigned char *p;
 unsigned char

Still Failing: openssl/openssl#36536 (master - 992492f)

Build Update for openssl/openssl
-

Build: #36536
Status: Still Failing

Duration: 1 hr, 32 mins, and 5 secs
Commit: 992492f (master)
Author: Pauli
Message: gettables: documentation changes to pass the provider context.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12581)

View the changeset: 
https://github.com/openssl/openssl/compare/c5ec6dcf0bdd...992492f5e82e

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178819975?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

The branch master has been updated
   via  6ce6ad39fe85cf8b5c84ded9885329bf703ee649 (commit)
  from  5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 (commit)


- Log -
commit 6ce6ad39fe85cf8b5c84ded9885329bf703ee649
Author: Richard Levitte 
Date:   Wed Aug 5 08:01:59 2020 +0200

RSA: Be less strict on PSS parameters when exporting to provider

We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad
PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature
computation faults.  However, if this key needs to be exported to the
RSA provider implementation, the result would be an earlier error,
giving the computation that's supposed to be checked n chance to even
be reached.

Either way, the legacy to provider export is no place to validate the
values of the key.

We also ensure that the provider implementation can handle and detect
signed (negative) saltlen values.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/12583)

---

Summary of changes:
 crypto/rsa/rsa_ameth.c|  5 +++--
 include/crypto/rsa.h  |  4 ++--
 providers/implementations/signature/rsa.c | 14 +++---
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index f5911ad233..749cd8764b 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1218,10 +1218,11 @@ static int rsa_int_export_to(const EVP_PKEY *from, int 
rsa_type,
 
 if (rsa->pss != NULL) {
 const EVP_MD *md = NULL, *mgf1md = NULL;
-int md_nid, mgf1md_nid, saltlen;
+int md_nid, mgf1md_nid, saltlen, trailerfield;
 RSA_PSS_PARAMS_30 pss_params;
 
-if (!rsa_pss_get_param(rsa->pss, , , ))
+if (!rsa_pss_get_param_unverified(rsa->pss, , ,
+  , ))
 goto err;
 md_nid = EVP_MD_type(md);
 mgf1md_nid = EVP_MD_type(mgf1md);
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 9469ec9233..97cbfa1d7e 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -19,8 +19,8 @@ typedef struct rsa_pss_params_30_st {
 int algorithm_nid;   /* Currently always NID_mgf1 */
 int hash_algorithm_nid;
 } mask_gen;
-unsigned int salt_len;
-unsigned int trailer_field;
+int salt_len;
+int trailer_field;
 } RSA_PSS_PARAMS_30;
 
 RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r);
diff --git a/providers/implementations/signature/rsa.c 
b/providers/implementations/signature/rsa.c
index 6de10d1f53..491c72d990 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -176,16 +176,16 @@ static int rsa_check_padding(int mdnid, int padding)
 return 1;
 }
 
-static int rsa_check_parameters(EVP_MD *md, PROV_RSA_CTX *prsactx)
+static int rsa_check_parameters(PROV_RSA_CTX *prsactx)
 {
 if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
 int max_saltlen;
 
 /* See if minimum salt length exceeds maximum possible */
-max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(md);
+max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(prsactx->md);
 if ((RSA_bits(prsactx->rsa) & 0x7) == 1)
 max_saltlen--;
-if (prsactx->min_saltlen > max_saltlen) {
+if (prsactx->min_saltlen < 0 || prsactx->min_saltlen > max_saltlen) {
 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
 return 0;
 }
@@ -230,7 +230,6 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char 
*mdname,
 if (md == NULL
 || md_nid == NID_undef
 || !rsa_check_padding(md_nid, ctx->pad_mode)
-|| !rsa_check_parameters(md, ctx)
 || mdname_len >= sizeof(ctx->mdname)) {
 if (md == NULL)
 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
@@ -365,7 +364,8 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, 
int operation)
 prsactx->saltlen = min_saltlen;
 
 return rsa_setup_md(prsactx, mdname, prsactx->propq)
-&& rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq);
+&& rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+&& rsa_check_parameters(prsactx);
 }
 }
 
@@ -1151,7 +1151,7 @@ static int rsa_set_ctx_params(void *vprsactx, const 
OSSL_PARAM params[])
 }
 
 if (rsa_pss_restricted(prsactx)) {
-switch (prsactx->saltlen) {
+switch (saltlen) {
 case RSA_PSS_SALTLEN_AUTO:
 if (prsactx->operation == EVP_PKEY_OP_VERIFY) {
 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN);
@@ -1168,7 +1168,7 @@ static int

Still Failing: openssl/openssl#36535 (master - c5ec6dc)

Build Update for openssl/openssl
-

Build: #36535
Status: Still Failing

Duration: 1 hr, 18 mins, and 38 secs
Commit: c5ec6dc (master)
Author: Jon Spillett
Message: Add new APIs to get PKCS12 secretBag OID and value

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/10063)

View the changeset: 
https://github.com/openssl/openssl/compare/15c9aa3aef77...c5ec6dcf0bdd

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178819742?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

914f97eecc Fix provider cipher reinit after init/update with a partial update 
block.
c5b356d5d6 Mark an argument of an inline function as unused
ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA
4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far 
as appropriate
1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to 
X509V3_R_INVALID_EMPTY_NAME
c90c469376 Correct confusing X509V3 conf error output by removing needless 
'section:' etc.
b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too
19b4e6f8fe Coverity Fixes for issue #12531
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do 
der encoding of sharedInfo
37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP 
literals
892a9e4c99 Disallow setting more than one IP address with SSL_add1_host()
396e720965 Fix certificate validation for IPv6 literals in sconnect demo
c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses
a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be 
started

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" 
-keypass "" -unprotected_requests => 0
not ok 38 - unprotected request
# --
#   Failed test 'unprotected request'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
# Looks like you failed 3 tests of 38.
not ok 5 - CMP app CLI Mock credentials
# --
OPENSSL_FUNC:../openssl/apps/cmp.c:3105:CMP info: received from 127.0.0.1 
PKIStatus: accepted 
# OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy 
option is empty string, resetting option
# OPENSSL_FUNC:../openssl/apps/cmp.c:2218:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received 
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending 
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received 
PKICONF
# OPENSSL_FUNC:../openssl/apps/cmp.c:2262:CMP info: received 1 enrolled 
certificate(s), saving to file 'test.cert.pem'
../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey 
new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted 
root.crt => 0
not ok 43 - popo RAVERIFIED
# --
OPENSSL_FUNC:../openssl/apps/cmp.c:3105:CMP info: received from 127.0.0.1 
PKIStatus: accepted 
# OPENSSL_FUNC:../openssl/apps/cmp.c:2881:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# OPENSSL_FUNC:../openssl/apps/cmp.c:2487:CMP warning: argument of -proxy 
option is empty string, resetting option
# OPENSSL_FUNC:../openssl/apps/cmp.c:2218:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received 
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending 
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received 
PKICONF
# OPENSSL_FUNC:../openssl/apps/cmp.c:2262:CMP info: received 1 enrolled 
certificate(s), saving to file 'test.cert.pem'
../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey 
new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted 
root.crt => 0
not ok 47 - popo NONE
# --
#   Failed test 'popo NONE'
#   at ../openssl/test/recipes/81-test_cmp_cli.t

[openssl] master update

The branch master has been updated
   via  5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 (commit)
  from  992492f5e82e0cf9b24acc14ea90ce8afd4c447a (commit)


- Log -
commit 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35
Author: Pauli 
Date:   Wed Aug 5 15:26:48 2020 +1000

mac: add some consistency to setting the XXX_final output length.

The various MACs were all over the place with respects to what they did with
the output length in the final call.  Now they all unconditionally set the
output length and the EVP layer handles the possibility of a NULL pointer.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12582)

---

Summary of changes:
 crypto/evp/mac_lib.c | 4 +++-
 providers/implementations/macs/blake2_mac_impl.c | 1 +
 providers/implementations/macs/hmac_prov.c   | 3 +--
 providers/implementations/macs/kmac_prov.c   | 3 +--
 providers/implementations/macs/poly1305_prov.c   | 1 +
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index a5c1b44666..2198c46680 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -120,11 +120,13 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char 
*data, size_t datalen)
 int EVP_MAC_final(EVP_MAC_CTX *ctx,
   unsigned char *out, size_t *outl, size_t outsize)
 {
-size_t l = EVP_MAC_size(ctx);
+size_t l;
 int res = 1;
 
 if (out != NULL)
 res = ctx->meth->final(ctx->data, out, , outsize);
+else
+l = EVP_MAC_size(ctx);
 if (outl != NULL)
 *outl = l;
 return res;
diff --git a/providers/implementations/macs/blake2_mac_impl.c 
b/providers/implementations/macs/blake2_mac_impl.c
index 586a546214..d4e61e44a4 100644
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -101,6 +101,7 @@ static int blake2_mac_final(void *vmacctx,
 {
 struct blake2_mac_data_st *macctx = vmacctx;
 
+*outl = blake2_mac_size(macctx);
 return BLAKE2_FINAL(out, >ctx);
 }
 
diff --git a/providers/implementations/macs/hmac_prov.c 
b/providers/implementations/macs/hmac_prov.c
index 109f93d243..af2a2098cd 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -130,8 +130,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, 
size_t *outl,
 
 if (!HMAC_Final(macctx->ctx, out, ))
 return 0;
-if (outl != NULL)
-*outl = hlen;
+*outl = hlen;
 return 1;
 }
 
diff --git a/providers/implementations/macs/kmac_prov.c 
b/providers/implementations/macs/kmac_prov.c
index 46b0bd644a..792bc6c5bb 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -298,8 +298,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, 
size_t *outl,
 ok = right_encode(encoded_outlen, , lbits)
 && EVP_DigestUpdate(ctx, encoded_outlen, len)
 && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
-if (ok && outl != NULL)
-*outl = kctx->out_len;
+*outl = kctx->out_len;
 return ok;
 }
 
diff --git a/providers/implementations/macs/poly1305_prov.c 
b/providers/implementations/macs/poly1305_prov.c
index eef546047f..748cafbaca 100644
--- a/providers/implementations/macs/poly1305_prov.c
+++ b/providers/implementations/macs/poly1305_prov.c
@@ -94,6 +94,7 @@ static int poly1305_final(void *vmacctx, unsigned char *out, 
size_t *outl,
 struct poly1305_data_st *ctx = vmacctx;
 
 Poly1305_Final(>poly1305, out);
+*outl = poly1305_size();
 return 1;
 }

[openssl] master update

The branch master has been updated
   via  992492f5e82e0cf9b24acc14ea90ce8afd4c447a (commit)
   via  132b61604b7f782f8ff09bb63527645e47691862 (commit)
   via  af5e1e852d4858860d4b7210cafe7bdf39e73f80 (commit)
   via  18ec26babc1da90befc0bf5671bc8072428c5bab (commit)
  from  c5ec6dcf0bdd15354a1440632766e19540487c58 (commit)


- Log -
commit 992492f5e82e0cf9b24acc14ea90ce8afd4c447a
Author: Pauli 
Date:   Wed Aug 5 13:24:04 2020 +1000

gettables: documentation changes to pass the provider context.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12581)

commit 132b61604b7f782f8ff09bb63527645e47691862
Author: Pauli 
Date:   Wed Aug 5 13:23:52 2020 +1000

gettables: test changes to pass the provider context.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12581)

commit af5e1e852d4858860d4b7210cafe7bdf39e73f80
Author: Pauli 
Date:   Wed Aug 5 13:23:32 2020 +1000

gettables: provider changes to pass the provider context.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12581)

commit 18ec26babc1da90befc0bf5671bc8072428c5bab
Author: Pauli 
Date:   Wed Aug 5 13:23:16 2020 +1000

gettables: core changes to pass the provider context.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/12581)

---

Summary of changes:
 crypto/evp/digest.c| 20 ---
 crypto/evp/evp_enc.c   |  9 ++-
 crypto/evp/evp_rand.c  | 16 --
 crypto/evp/kdf_meth.c  |  6 +-
 crypto/evp/keymgmt_meth.c  |  8 ++-
 crypto/evp/mac_meth.c  |  6 +-
 crypto/evp/pmeth_lib.c | 44 +++
 crypto/serializer/deserializer_meth.c  |  6 +-
 crypto/serializer/serializer_meth.c|  3 +-
 doc/man7/provider-asym_cipher.pod  |  4 +-
 doc/man7/provider-cipher.pod   |  6 +-
 doc/man7/provider-digest.pod   |  6 +-
 doc/man7/provider-keyexch.pod  |  4 +-
 doc/man7/provider-keymgmt.pod  |  4 +-
 doc/man7/provider-mac.pod  |  6 +-
 doc/man7/provider-rand.pod |  6 +-
 doc/man7/provider-serializer.pod   |  2 +-
 doc/man7/provider-signature.pod|  4 +-
 include/openssl/core_dispatch.h| 65 +-
 providers/implementations/asymciphers/rsa_enc.c|  4 +-
 .../ciphers/cipher_aes_cbc_hmac_sha.c  |  4 +-
 providers/implementations/ciphers/cipher_aes_ocb.c |  7 ++-
 providers/implementations/ciphers/cipher_aes_siv.c | 20 ++-
 providers/implementations/ciphers/cipher_aes_xts.c |  2 +-
 .../implementations/ciphers/cipher_chacha20.c  |  4 +-
 .../ciphers/cipher_chacha20_poly1305.c |  2 +-
 providers/implementations/ciphers/cipher_null.c|  4 +-
 .../implementations/ciphers/cipher_rc4_hmac_md5.c  |  4 +-
 providers/implementations/ciphers/ciphercommon.c   |  6 +-
 providers/implementations/digests/digestcommon.c   |  2 +-
 providers/implementations/digests/md5_sha1_prov.c  |  2 +-
 providers/implementations/digests/mdc2_prov.c  |  2 +-
 providers/implementations/digests/sha2_prov.c  |  2 +-
 providers/implementations/digests/sha3_prov.c  |  2 +-
 providers/implementations/exchange/dh_exch.c   |  2 +-
 providers/implementations/exchange/ecdh_exch.c |  4 +-
 .../implementations/include/prov/ciphercommon.h|  4 +-
 .../implementations/include/prov/digestcommon.h|  2 +-
 providers/implementations/kdfs/hkdf.c  |  4 +-
 providers/implementations/kdfs/kbkdf.c |  6 +-
 providers/implementations/kdfs/krb5kdf.c   |  4 +-
 providers/implementations/kdfs/pbkdf2.c|  6 +-
 providers/implementations/kdfs/scrypt.c|  6 +-
 providers/implementations/kdfs/sshkdf.c|  4 +-
 providers/implementations/kdfs/sskdf.c |  4 +-
 providers/implementations/kdfs/tls1_prf.c  |  6 +-
 providers/implementations/kdfs/x942kdf.c   |  4 +-
 providers/implementations/keymgmt/dh_kmgmt.c   |  4 +-
 providers/implementations/keymgmt/dsa_kmgmt.c  |  2 +-
 providers/implementations/keymgmt/ec_kmgmt.c   |  4 +-
 providers/implementations/keymgmt/ecx_kmgmt.c  | 16 +++---
 providers/implementations/keymgmt/rsa_kmgmt.c  |  2 +-
 providers/implementations/macs/blake2_mac_impl.c   |  4 +-
 providers/implementations/macs/cmac_prov.c |  4 +-
 providers/implementations/macs/gmac_prov.c |  4 +-
 providers/implementations/macs/hmac_prov.c |  4 +-

[openssl] master update

The branch master has been updated
   via  c5ec6dcf0bdd15354a1440632766e19540487c58 (commit)
  from  15c9aa3aef77c642ef2b6c84bba2b57b35ed083e (commit)


- Log -
commit c5ec6dcf0bdd15354a1440632766e19540487c58
Author: Jon Spillett 
Date:   Thu Sep 19 15:39:13 2019 +1000

Add new APIs to get PKCS12 secretBag OID and value

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/10063)

---

Summary of changes:
 apps/pkcs12.c   |  14 +
 crypto/err/openssl.txt  |   2 +
 crypto/pkcs12/p12_attr.c|  28 +-
 crypto/pkcs12/p12_crt.c |  18 +
 crypto/pkcs12/p12_sbag.c|  66 ++-
 crypto/pkcs12/pk12err.c |   3 +-
 doc/man3/PKCS12_SAFEBAG_create_cert.pod |  80 
 doc/man3/PKCS12_SAFEBAG_get1_cert.pod   |  74 
 doc/man3/PKCS12_add1_attr_by_NID.pod|  52 +++
 doc/man3/PKCS12_add_cert.pod|  66 +++
 doc/man3/PKCS12_add_safe.pod|  64 +++
 include/openssl/pkcs12.h|   9 +
 include/openssl/pkcs12err.h |   2 +
 test/build.info |   7 +-
 test/pkcs12_format_test.c   | 444 
 test/pkcs12_helper.c| 708 
 test/pkcs12_helper.h|  99 +
 test/recipes/80-test_pkcs12.t   |   5 +-
 util/libcrypto.num  |   6 +
 19 files changed, 1738 insertions(+), 9 deletions(-)
 create mode 100644 doc/man3/PKCS12_SAFEBAG_create_cert.pod
 create mode 100644 doc/man3/PKCS12_SAFEBAG_get1_cert.pod
 create mode 100644 doc/man3/PKCS12_add1_attr_by_NID.pod
 create mode 100644 doc/man3/PKCS12_add_cert.pod
 create mode 100644 doc/man3/PKCS12_add_safe.pod
 create mode 100644 test/pkcs12_format_test.c
 create mode 100644 test/pkcs12_helper.c
 create mode 100644 test/pkcs12_helper.h

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 3398250efd..46340c0d25 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -789,6 +789,16 @@ int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG 
*bag,
 X509_free(x509);
 break;
 
+case NID_secretBag:
+if (options & INFO) 
+BIO_printf(bio_err, "Secret bag\n");
+print_attribs(out, attrs, "Bag Attributes");
+BIO_printf(bio_err, "Bag Type: ");
+i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_bag_type(bag));
+BIO_printf(bio_err, "\nBag Value: ");
+print_attribute(out, PKCS12_SAFEBAG_get0_bag_obj(bag));
+return 1;
+
 case NID_safeContentsBag:
 if (options & INFO)
 BIO_printf(bio_err, "Safe Contents bag\n");
@@ -954,6 +964,10 @@ void print_attribute(BIO *out, const ASN1_TYPE *av)
 OPENSSL_free(value);
 break;
 
+case V_ASN1_UTF8STRING:
+BIO_printf(out, "%s\n", av->value.utf8string->data);
+break;
+
 case V_ASN1_OCTET_STRING:
 hex_prin(out, av->value.octet_string->data,
  av->value.octet_string->length);
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 53becb8ed4..cbfc495a0a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1058,6 +1058,7 @@ 
PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf
 PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8
 PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\
PKCS12_SAFEBAG_create_pkcs8_encrypt
+PKCS12_F_PKCS12_SAFEBAG_CREATE_SECRET:134:
 PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac
 PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac
 PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes
@@ -2760,6 +2761,7 @@ PKCS12_R_ENCRYPT_ERROR:103:encrypt error
 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data 
type
 PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument
 PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer
+PKCS12_R_INVALID_TYPE:112:invalid type
 PKCS12_R_IV_GEN_ERROR:106:iv gen error
 PKCS12_R_KEY_GEN_ERROR:107:key gen error
 PKCS12_R_MAC_ABSENT:108:mac absent
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index e2ca95bcfa..0acecef7a3 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -18,7 +18,7 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char 
*name,
   int namelen)
 {
 if (X509at_add1_attr_by_NID(>attrib, NID_localKeyID,
-V_ASN1_OCTET_STRING, name, namelen))
+V_ASN1_OCTET_STRING, name, namelen) != NULL)
 return 1;
 else
 return 0;
@@ -39,7 +39,7 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const 
char *name,
 int namelen)
 {
 if (X509at_add1_attr_by_NID(>attrib,

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui-console

Commit log since last time:

914f97eecc Fix provider cipher reinit after init/update with a partial update 
block.
c5b356d5d6 Mark an argument of an inline function as unused
ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA
4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far 
as appropriate
1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to 
X509V3_R_INVALID_EMPTY_NAME
c90c469376 Correct confusing X509V3 conf error output by removing needless 
'section:' etc.
b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too
19b4e6f8fe Coverity Fixes for issue #12531
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do 
der encoding of sharedInfo
37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP 
literals
892a9e4c99 Disallow setting more than one IP address with SSL_add1_host()
396e720965 Fix certificate validation for IPv6 literals in sconnect demo
c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses
a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be 
started

Build log ended with (last 100 lines):

#   Failed test 'p10cr csr empty file'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key 
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr 
wrong.csr.pem => 139
not ok 78 - p10cr wrong csr
# --
#   Failed test 'p10cr wrong csr'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key 
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 
=> 139
not ok 79 - ir + ignored revocation
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key 
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139
not ok 82 - cr command
# --
#   Failed test 'cr command'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key 
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert 
test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key 
-extracerts issuing.crt => 139
not ok 83 - kur command explicit options
# --
#   Failed test 'kur command explicit options'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout 
test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert 
test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139
not ok 84 - kur command minimal options
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ 
-newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert 
test.cert.pem -server '127.0.0.1:1700' => 139
not ok 86 - kur newkey is directory
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key 
-newkeypass 'pass:' -certout

Still Failing: openssl/openssl#36531 (master - 15c9aa3)

Build Update for openssl/openssl
-

Build: #36531
Status: Still Failing

Duration: 1 hr, 27 mins, and 8 secs
Commit: 15c9aa3 (master)
Author: Sahana Prasad
Message: apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2

Fixes #11672

Add "-legacy" option to load the legacy provider and
fall back to the old legacy default algorithms.

doc/man1/openssl-pkcs12.pod.in: updates documentation about the new
"-legacy" option

Signed-off-by: Sahana Prasad 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12540)

View the changeset: 
https://github.com/openssl/openssl/compare/1b2873e4a1ed...15c9aa3aef77

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178780645?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Failed: openssl/openssl#36528 (master - 1b2873e)

Build Update for openssl/openssl
-

Build: #36528
Status: Failed

Duration: 1 hr, 24 mins, and 25 secs
Commit: 1b2873e (master)
Author: Matt Caswell
Message: Prepare for 3.0 alpha 7

Reviewed-by: Tomas Mraz 

View the changeset: 
https://github.com/openssl/openssl/compare/0f84cbc3e202...1b2873e4a1ed

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178756452?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2020-08-06 Thread tmraz

The branch master has been updated
   via  15c9aa3aef77c642ef2b6c84bba2b57b35ed083e (commit)
  from  1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 (commit)


- Log -
commit 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e
Author: Sahana Prasad 
Date:   Wed Jul 22 13:36:36 2020 +0200

apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2

Fixes #11672

Add "-legacy" option to load the legacy provider and
fall back to the old legacy default algorithms.

doc/man1/openssl-pkcs12.pod.in: updates documentation about the new
"-legacy" option

Signed-off-by: Sahana Prasad 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12540)

---

Summary of changes:
 apps/pkcs12.c  | 46 --
 doc/man1/openssl-pkcs12.pod.in | 24 --
 2 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index ca83e2d1be..3398250efd 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -18,6 +18,7 @@
 #include 
 #include 
 #include 
+#include 
 
 DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(PKCS7)
@@ -61,12 +62,13 @@ typedef enum OPTION_choice {
 OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
 OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
 OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, 
OPT_ENGINE,
-OPT_R_ENUM, OPT_PROV_ENUM
+OPT_R_ENUM, OPT_PROV_ENUM, OPT_LEGACY_ALG
 } OPTION_CHOICE;
 
 const OPTIONS pkcs12_options[] = {
 OPT_SECTION("General"),
 {"help", OPT_HELP, '-', "Display this summary"},
+{"legacy", OPT_LEGACY_ALG, '-', "use legacy algorithms"},
 #ifndef OPENSSL_NO_ENGINE
 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
@@ -117,9 +119,9 @@ const OPTIONS pkcs12_options[] = {
 OPT_SECTION("Encryption"),
 #ifndef OPENSSL_NO_RC2
 {"descert", OPT_DESCERT, '-',
- "Encrypt output with 3DES (default RC2-40)"},
+ "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"},
 {"certpbe", OPT_CERTPBE, 's',
- "Certificate PBE algorithm (default RC2-40)"},
+ "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"},
 #else
 {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
 {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
@@ -143,14 +145,10 @@ int pkcs12_main(int argc, char **argv)
 char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
 char *name = NULL, *csp_name = NULL;
 char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
-int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0, 
use_legacy = 0;
 int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
-#ifndef OPENSSL_NO_RC2
-int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-#else
-int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#endif
-int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+int cert_pbe = NID_aes_256_cbc;
+int key_pbe = NID_aes_256_cbc;
 int ret = 1, macver = 1, add_lmk = 0, private = 0;
 int noprompt = 0;
 char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
@@ -162,7 +160,7 @@ int pkcs12_main(int argc, char **argv)
 BIO *in = NULL, *out = NULL;
 PKCS12 *p12 = NULL;
 STACK_OF(OPENSSL_STRING) *canames = NULL;
-const EVP_CIPHER *enc = EVP_des_ede3_cbc();
+const EVP_CIPHER *enc = EVP_aes_256_cbc();
 OPTION_CHOICE o;
 
 prog = opt_init(argc, argv, pkcs12_options);
@@ -313,6 +311,9 @@ int pkcs12_main(int argc, char **argv)
 case OPT_ENGINE:
 e = setup_engine(opt_arg(), 0);
 break;
+case OPT_LEGACY_ALG:
+use_legacy = 1;
+break;
 case OPT_PROV_CASES:
 if (!opt_provider(o))
 goto end;
@@ -320,6 +321,29 @@ int pkcs12_main(int argc, char **argv)
 }
 }
 argc = opt_num_rest();
+
+if (use_legacy) {
+/* load the legacy provider if not loaded already*/
+if (!OSSL_PROVIDER_available(app_get0_libctx(), "legacy")) {
+if (!app_provider_load(app_get0_libctx(), "legacy"))
+goto end;
+/* load the default provider explicitly */
+if (!app_provider_load(app_get0_libctx(), "default"))
+goto end;
+}
+if (cert_pbe != NID_pbe_WithSHA1And3_Key_TripleDES_CBC) {
+/* Restore default algorithms */
+#ifndef OPENSSL_NO_RC2
+cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#else
+cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#endif
+}
+
+key_pbe =

Failed: openssl/openssl#36523 (master - 0f84cbc)

Build Update for openssl/openssl
-

Build: #36523
Status: Failed

Duration: 1 hr, 18 mins, and 6 secs
Commit: 0f84cbc (master)
Author: Matt Caswell
Message: Update copyright year

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12595)

View the changeset: 
https://github.com/openssl/openssl/compare/914f97eecc91...0f84cbc3e202

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/178750910?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[web] master update

2020-08-06 Thread Matt Caswell

The branch master has been updated
   via  1ee0b6a74934e813ae26995ae59cab209127da03 (commit)
  from  352c7424739f080133f1309e1dff033cd66f2c4a (commit)


- Log -
commit 1ee0b6a74934e813ae26995ae59cab209127da03
Author: Matt Caswell 
Date:   Thu Aug 6 14:18:45 2020 +0100

Update newsflash.txt for the alpha6 release

Reviewed-by: Mark J. Cox 
(Merged from https://github.com/openssl/web/pull/190)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 163dd21..a1094b9 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test 
it
 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test 
it
 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release
 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test 
it

[openssl] master update

2020-08-06 Thread Matt Caswell

The branch master has been updated
   via  1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 (commit)
   via  e3ec8020b433f9bccebb547889e43c4691eb8713 (commit)
  from  0f84cbc3e2025424772b2424be4b6fd728e7df2f (commit)


- Log -
commit 1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9
Author: Matt Caswell 
Date:   Thu Aug 6 14:02:31 2020 +0100

Prepare for 3.0 alpha 7

Reviewed-by: Tomas Mraz 

commit e3ec8020b433f9bccebb547889e43c4691eb8713
Author: Matt Caswell 
Date:   Thu Aug 6 14:00:13 2020 +0100

Prepare for release of 3.0 alpha 6

Reviewed-by: Tomas Mraz 

---

Summary of changes:
 VERSION.dat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.dat b/VERSION.dat
index 7c83447f66..fa4e93c5f0 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
 PATCH=0
-PRE_RELEASE_TAG=alpha6-dev
+PRE_RELEASE_TAG=alpha7-dev
 BUILD_METADATA=
 RELEASE_DATE=""
 SHLIB_VERSION=3

[openssl] master update

2020-08-06 Thread Matt Caswell

The branch master has been updated
   via  0f84cbc3e2025424772b2424be4b6fd728e7df2f (commit)
  from  914f97eecc9166fbfdb50c2d04e2b9f9d0c52198 (commit)


- Log -
commit 0f84cbc3e2025424772b2424be4b6fd728e7df2f
Author: Matt Caswell 
Date:   Thu Aug 6 13:22:30 2020 +0100

Update copyright year

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12595)

---

Summary of changes:
 crypto/bio/bss_mem.c | 2 +-
 crypto/bn/bn_mont.c  | 2 +-
 crypto/evp/cmeth_lib.c   | 2 +-
 crypto/objects/obj_dat.c | 2 +-
 crypto/pem/pem_local.h   | 2 +-
 crypto/x509/v3err.c  | 2 +-
 demos/bio/sconnect.c | 2 +-
 doc/internal/man3/ossl_algorithm_do_all.pod  | 2 +-
 doc/internal/man3/ossl_method_construct.pod  | 2 +-
 doc/man3/BIO_connect.pod | 2 +-
 doc/man3/BIO_f_cipher.pod| 2 +-
 doc/man3/BIO_printf.pod  | 2 +-
 doc/man3/BIO_read.pod| 2 +-
 doc/man3/BIO_s_accept.pod| 2 +-
 doc/man3/BIO_s_file.pod  | 2 +-
 doc/man3/BIO_s_mem.pod   | 2 +-
 doc/man3/BN_add.pod  | 2 +-
 doc/man3/BN_generate_prime.pod   | 2 +-
 doc/man3/BN_mod_mul_montgomery.pod   | 2 +-
 doc/man3/BN_set_bit.pod  | 2 +-
 doc/man3/DH_get_1024_160.pod | 2 +-
 doc/man3/ERR_new.pod | 2 +-
 doc/man3/ERR_print_errors.pod| 2 +-
 doc/man3/EVP_MD_meth_new.pod | 2 +-
 doc/man3/EVP_PKEY_meth_get_count.pod | 2 +-
 doc/man3/EVP_PKEY_meth_new.pod   | 2 +-
 doc/man3/EVP_bf_cbc.pod  | 2 +-
 doc/man3/EVP_cast5_cbc.pod   | 2 +-
 doc/man3/EVP_chacha20.pod| 2 +-
 doc/man3/EVP_desx_cbc.pod| 2 +-
 doc/man3/EVP_idea_cbc.pod| 2 +-
 doc/man3/EVP_rc2_cbc.pod | 2 +-
 doc/man3/EVP_rc4.pod | 2 +-
 doc/man3/EVP_rc5_32_12_16_cbc.pod| 2 +-
 doc/man3/EVP_seed_cbc.pod| 2 +-
 doc/man3/OBJ_nid2obj.pod | 2 +-
 doc/man3/OPENSSL_init_ssl.pod| 2 +-
 doc/man3/OpenSSL_add_all_algorithms.pod  | 2 +-
 doc/man3/PEM_read.pod| 2 +-
 doc/man3/RAND_cleanup.pod| 2 +-
 doc/man3/RAND_load_file.pod  | 2 +-
 doc/man3/RSA_blinding_on.pod | 2 +-
 doc/man3/SSL_COMP_add_compression_method.pod | 2 +-
 doc/man3/SSL_CTX_dane_enable.pod | 2 +-
 doc/man3/SSL_CTX_get0_param.pod  | 2 +-
 doc/man3/SSL_CTX_set_alpn_select_cb.pod  | 2 +-
 doc/man3/SSL_CTX_set_cert_cb.pod | 2 +-
 doc/man3/SSL_CTX_set_client_cert_cb.pod  | 2 +-
 doc/man3/SSL_CTX_set_info_callback.pod   | 2 +-
 doc/man3/SSL_CTX_set_max_cert_list.pod   | 2 +-
 doc/man3/SSL_CTX_set_mode.pod| 2 +-
 doc/man3/SSL_CTX_set_read_ahead.pod  | 2 +-
 doc/man3/SSL_CTX_set_security_level.pod  | 2 +-
 doc/man3/SSL_CTX_set_srp_password.pod| 2 +-
 doc/man3/SSL_SESSION_get0_id_context.pod | 2 +-
 doc/man3/SSL_SESSION_set1_id.pod | 2 +-
 doc/man3/SSL_alloc_buffers.pod   | 2 +-
 doc/man3/SSL_load_client_CA_file.pod | 2 +-
 doc/man3/SSL_set1_host.pod   | 2 +-
 doc/man3/SSL_set_fd.pod  | 2 +-
 doc/man3/SSL_state_string.pod| 2 +-
 doc/man3/SSL_want.pod| 2 +-
 doc/man3/SSL_write.pod   | 2 +-
 doc/man3/X509_SIG_get0.pod   | 2 +-
 doc/man3/X509_new.pod| 2 +-
 include/crypto/serializer.h  | 2 +-
 include/crypto/siv.h | 2 +-
 ssl/ssl_mcnf.c   | 2 +-
 test/pkey_meth_test.c| 2 +-
 test/recipes/30-test_engine.t| 2 +-
 test/recipes/30-test_evp_data/evpkdf.txt | 2 +-
 test/recipes/80-test_tsa.t   | 2 +-
 test/smime-certs/mksmime-certs.sh| 2 +-
 test/testutil/tests.c| 2 +-
 74 files changed, 74 insertions(+), 74 deletions(-)

diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index d9580e6d37..57b7a7449e 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-err

Commit log since last time:

914f97eecc Fix provider cipher reinit after init/update with a partial update 
block.
c5b356d5d6 Mark an argument of an inline function as unused
ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA
4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far 
as appropriate
1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to 
X509V3_R_INVALID_EMPTY_NAME
c90c469376 Correct confusing X509V3 conf error output by removing needless 
'section:' etc.
b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too
19b4e6f8fe Coverity Fixes for issue #12531
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do 
der encoding of sharedInfo
37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP 
literals
892a9e4c99 Disallow setting more than one IP address with SSL_add1_host()
396e720965 Fix certificate validation for IPv6 literals in sconnect demo
c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses
a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be 
started

Build log ended with (last 100 lines):

65-test_cmp_status.t ... ok
65-test_cmp_vfy.t .. ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dgram

Commit log since last time:

914f97eecc Fix provider cipher reinit after init/update with a partial update 
block.
c5b356d5d6 Mark an argument of an inline function as unused
ebc1e8fc4e openssl-cmp.pod.in: Update and extend example using Insta Demo CA
4c525cb5b6 DESERIALIZER: Fix EVP_PKEY construction by export
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
02ae130e3d Add 'section=...' info in error output of X509V3_EXT_nconf() as far 
as appropriate
1ac658ac9d Rename misleading X509V3_R_INVALID_NULL_NAME to 
X509V3_R_INVALID_EMPTY_NAME
c90c469376 Correct confusing X509V3 conf error output by removing needless 
'section:' etc.
b516a4b139 Correct misleading diagnostics of OBJ_txt2obj on unknown object name
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
b5b6669fb6 PROV: Make the DER to KEY deserializer decode parameters too
19b4e6f8fe Coverity Fixes for issue #12531
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do 
der encoding of sharedInfo
37d898df34 Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP 
literals
892a9e4c99 Disallow setting more than one IP address with SSL_add1_host()
396e720965 Fix certificate validation for IPv6 literals in sconnect demo
c832840e89 Make SSL_set1_host() and SSL_add1_host() take IP addresses
a677190779 81-test_cmp_cli.t: Skip tests with mock server if server cannot be 
started

Build log ended with (last 100 lines):


# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . skipped: No DTLS protocols are supported 
by this OpenSSL build
80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK 
support enabled
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok

# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 7 - iteration 7
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 8 - iteration 8
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 9 - iteration 9
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 10 - iteration 10
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 11 - iteration 11
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:479
# 0x0
not ok 12 - iteration 12
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips 
../../../openssl/test/fips.cnf => 1
not ok 9 - running ssl_test 04-client_auth.cnf
# --
#   Failed test 'running ssl_test 04-client_auth.cnf'
#   at ../openssl/test/recipes/80-test_ssl_new.t line 173.
# Looks like you failed 1 test of 9.
not ok 5 - Test configuration 04-client_auth.cnf
# --
# Looks like you failed 1 test of 31.80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/31 subtests 
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des