Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3059:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2835:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2441:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2172:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2216:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3059:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2835:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2441:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2172:CMP info: will contact http://127.0.0.1:1700/pkix/ #
Still Failing: openssl/openssl#36671 (master - c19e6da)
Build Update for openssl/openssl - Build: #36671 Status: Still Failing Duration: 1 hr, 21 mins, and 14 secs Commit: c19e6da (master) Author: Patrick Steuer Message: Appease -Werror=stringop-overflow= gcc 10 seems to think of assigning to an (unsigned) char array as a stringop and demands additional space for a terminating '\0': In function 'ssl3_generate_key_block', inlined from 'ssl3_setup_key_block' at ssl/s3_enc.c:304:11: ssl/s3_enc.c:51:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 51 | buf[j] = c; | ~~~^~~ ssl/s3_enc.c: In function 'ssl3_setup_key_block': ssl/s3_enc.c:23:19: note: at offset 16 to object 'buf' with size 16 declared here 23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; | ^~~ Signed-off-by: Patrick Steuer Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12632) View the changeset: https://github.com/openssl/openssl/compare/cddbcf0d2887...c19e6da9a345 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179645329?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # -- # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert
[openssl] master update
The branch master has been updated via c19e6da9a345b1e14caca23c50a0c7690309e0e4 (commit) from cddbcf0d2887388d95d5b338b249ac3923be00f1 (commit) - Log - commit c19e6da9a345b1e14caca23c50a0c7690309e0e4 Author: Patrick Steuer Date: Tue Aug 11 13:51:04 2020 +0200 Appease -Werror=stringop-overflow= gcc 10 seems to think of assigning to an (unsigned) char array as a stringop and demands additional space for a terminating '\0': In function 'ssl3_generate_key_block', inlined from 'ssl3_setup_key_block' at ssl/s3_enc.c:304:11: ssl/s3_enc.c:51:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 51 | buf[j] = c; | ~~~^~~ ssl/s3_enc.c: In function 'ssl3_setup_key_block': ssl/s3_enc.c:23:19: note: at offset 16 to object 'buf' with size 16 declared here 23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; | ^~~ Signed-off-by: Patrick Steuer Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12632) --- Summary of changes: ssl/s3_enc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 36b7c7616e..bd668f317e 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -22,7 +22,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX *s1; unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; unsigned char c = 'A'; -unsigned int i, j, k; +unsigned int i, k; int ret = 0; #ifdef CHARSET_EBCDIC @@ -47,8 +47,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) goto err; } -for (j = 0; j < k; j++) -buf[j] = c; +memset(buf, c, k); c++; if (!EVP_DigestInit_ex(s1, sha1, NULL) || !EVP_DigestUpdate(s1, buf, k)
Still Failing: openssl/openssl#36669 (master - cddbcf0)
Build Update for openssl/openssl - Build: #36669 Status: Still Failing Duration: 41 mins and 41 secs Commit: cddbcf0 (master) Author: Dr. David von Oheimb Message: Remove needless #ifndef OPENSSL_NO_SOCK for X509_{CRL_}load_http Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12638) View the changeset: https://github.com/openssl/openssl/compare/ea9f6890eb54...cddbcf0d2887 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179609339?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via cddbcf0d2887388d95d5b338b249ac3923be00f1 (commit) from ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356 (commit) - Log - commit cddbcf0d2887388d95d5b338b249ac3923be00f1 Author: Dr. David von Oheimb Date: Thu Jun 4 10:23:42 2020 +0200 Remove needless #ifndef OPENSSL_NO_SOCK for X509_{CRL_}load_http Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12638) --- Summary of changes: crypto/x509/x_all.c| 4 include/openssl/x509.h | 6 ++ util/libcrypto.num | 4 ++-- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 868b187c5d..12a666884b 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -126,7 +126,6 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) >sig_alg, >signature, >cert_info, ctx); } -#if !defined(OPENSSL_NO_SOCK) static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, int timeout, const ASN1_ITEM *it) { @@ -142,7 +141,6 @@ X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) return (X509 *)simple_get_asn1(url, bio, rbio, timeout, ASN1_ITEM_rptr(X509)); } -#endif int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { @@ -172,13 +170,11 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) >crl, ctx); } -#if !defined(OPENSSL_NO_SOCK) X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) { return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout, ASN1_ITEM_rptr(X509_CRL)); } -#endif int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d5b13ded0b..71a5f77301 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -383,12 +383,10 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# if !defined(OPENSSL_NO_SOCK) X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_http_nbio(url) X509_load_http(url, NULL, NULL, 0) +# define X509_http_nbio(url) X509_load_http(url, NULL, NULL, 0) X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_CRL_http_nbio(url) X509_CRL_load_http(url, NULL, NULL, 0) -# endif +# define X509_CRL_http_nbio(url) X509_CRL_load_http(url, NULL, NULL, 0) # ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); diff --git a/util/libcrypto.num b/util/libcrypto.num index 1e50e72ffe..a2b5a5c6ff 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -245,7 +245,7 @@ RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 EVP_PKEY_meth_get_decrypt 2503_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DES_cfb_encrypt 2513_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES CMS_SignerInfo_set1_signer_cert 2523_0_0 EXIST::FUNCTION:CMS -X509_CRL_load_http 2533_0_0 EXIST::FUNCTION:SOCK +X509_CRL_load_http 2533_0_0 EXIST::FUNCTION: ENGINE_register_all_ciphers 2543_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SXNET_new 2553_0_0 EXIST::FUNCTION: EVP_camellia_256_ctr2563_0_0 EXIST::FUNCTION:CAMELLIA @@ -1243,7 +1243,7 @@ TS_REQ_set_cert_req 1271 3_0_0 EXIST::FUNCTION:TS TXT_DB_get_by_index 1272 3_0_0 EXIST::FUNCTION: X509_check_ca 1273 3_0_0 EXIST::FUNCTION: DH_get_2048_224 1274 3_0_0 EXIST::FUNCTION:DH -X509_load_http 1275 3_0_0 EXIST::FUNCTION:SOCK +X509_load_http 1275 3_0_0 EXIST::FUNCTION: i2d_AUTHORITY_INFO_ACCESS 1276 3_0_0 EXIST::FUNCTION: EVP_get_cipherbyname1277 3_0_0 EXIST::FUNCTION: CONF_dump_fp1278 3_0_0 EXIST::FUNCTION:STDIO
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t
Still Failing: openssl/openssl#36662 (master - ea9f689)
Build Update for openssl/openssl - Build: #36662 Status: Still Failing Duration: 1 hr, 4 mins, and 10 secs Commit: ea9f689 (master) Author: Tomas Mraz Message: sslapitest: Add test for premature call of SSL_export_keying_material Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12594) View the changeset: https://github.com/openssl/openssl/compare/dd0164e7565b...ea9f6890eb54 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179551784?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 46a9ee8c796c8b5f8d95290676119b4f3d72be91 (commit) from 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 (commit) - Log - commit 46a9ee8c796c8b5f8d95290676119b4f3d72be91 Author: Tomas Mraz Date: Thu Aug 6 15:14:29 2020 +0200 sslapitest: Add test for premature call of SSL_export_keying_material Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356) --- Summary of changes: test/sslapitest.c | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 52207226f4..ad1824c68d 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4432,9 +4432,20 @@ static int test_export_key_mat(int tst) SSL_CTX_set_min_proto_version(cctx, protocols[tst]); if (!TEST_true(create_ssl_objects(sctx, cctx, , , NULL, - NULL)) -|| !TEST_true(create_ssl_connection(serverssl, clientssl, -SSL_ERROR_NONE))) + NULL))) +goto end; + +/* + * Premature call of SSL_export_keying_material should just fail. + */ +if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1, +sizeof(ckeymat1), label, +SMALL_LABEL_LEN + 1, context, +sizeof(context) - 1, 1), 0)) +goto end; + +if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (tst == 5) {
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 (commit) from ea7a58a60659d12d102ec78af4d6c3e589347150 (commit) - Log - commit 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 Author: Tomas Mraz Date: Thu Aug 6 11:20:43 2020 +0200 Avoid segfault in SSL_export_keying_material if there is no session Fixes #12588 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit dffeec1c10a874d7c7b83c221dbbce82f755edb1) --- Summary of changes: ssl/ssl_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 433a537969..b1df374817 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2897,7 +2897,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { -if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) +if (s->session == NULL +|| (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
[openssl] master update
The branch master has been updated via ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356 (commit) via dffeec1c10a874d7c7b83c221dbbce82f755edb1 (commit) from dd0164e7565bb14fac193aea4c2c37714bf66d56 (commit) - Log - commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356 Author: Tomas Mraz Date: Thu Aug 6 15:14:29 2020 +0200 sslapitest: Add test for premature call of SSL_export_keying_material Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12594) commit dffeec1c10a874d7c7b83c221dbbce82f755edb1 Author: Tomas Mraz Date: Thu Aug 6 11:20:43 2020 +0200 Avoid segfault in SSL_export_keying_material if there is no session Fixes #12588 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12594) --- Summary of changes: ssl/ssl_lib.c | 3 ++- test/sslapitest.c | 17 ++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f957664a48..c72341547a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3054,7 +3054,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { -if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) +if (s->session == NULL +|| (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, diff --git a/test/sslapitest.c b/test/sslapitest.c index 3d6d83a11a..6f4c11537b 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5690,9 +5690,20 @@ static int test_export_key_mat(int tst) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, , , NULL, - NULL)) -|| !TEST_true(create_ssl_connection(serverssl, clientssl, -SSL_ERROR_NONE))) + NULL))) +goto end; + +/* + * Premature call of SSL_export_keying_material should just fail. + */ +if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1, +sizeof(ckeymat1), label, +SMALL_LABEL_LEN + 1, context, +sizeof(context) - 1, 1), 0)) +goto end; + +if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (tst == 5) {
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): C0D0F781B37F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0D0F781B37F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0F781B37F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0F781B37F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0F781B37F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0F781B37F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0F781B37F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:2993:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2835:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2441:CMP warning: argument of -proxy option is empty string, resetting option ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C070D3A1227F:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:2993:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2835:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2441:CMP warning: argument of -proxy option is empty string, resetting option #
Build completed: openssl master.36120
Build openssl master.36120 completed Commit b33f05e7fc by Dr. David von Oheimb on 8/12/2020 4:06 PM: PKCS12_parse(): Fix reversed order of certs parsed and output via *ca Configure your notification preferences