Build completed: openssl master.36542
Build openssl master.36542 completed Commit 0261694add by Jon Spillett on 9/2/2020 3:13 AM: Avoid AIX compiler issue by making the macro argument names not match any substring Configure your notification preferences
Build failed: openssl master.36541
Build openssl master.36541 failed Commit 452152c222 by Paul Yang on 9/2/2020 3:45 AM: fixup! fixup! Add SM2 signature algorithm to default provider Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C6391E7F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020C6391E7F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 2 - iteration 2 # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020C6391E7F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C6391E7F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 3 - iteration 3 # -- not ok 37 - test_sigalgs_available # -- ../../util/wrap.pl
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C0631AB17F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C0631AB17F:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C0631AB17F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # -- not ok 53 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/6vLXWG_fAA default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F9A36D7F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06010DC627F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C06010DC627F:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06010DC627F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # -- not ok 53 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/khMXMDtl5Q default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A05F89017F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- #
Still Failing: openssl/openssl#37075 (master - 1a5ae1d)
Build Update for openssl/openssl - Build: #37075 Status: Still Failing Duration: 40 mins and 22 secs Commit: 1a5ae1d (master) Author: Dr. David von Oheimb Message: Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp * In the cmp app so far the -verbosity option had been missing. * Extend log output helpful for debugging CMP applications in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(), OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform(). * Correct suppression of log output with insufficient severity. * Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12739) View the changeset: https://github.com/openssl/openssl/compare/807b0a1dbb65...1a5ae1da14f2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182294448?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 1a5ae1da14f24a170c200c653c8b81e4a2966d3e (commit)
from 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit)
- Log -
commit 1a5ae1da14f24a170c200c653c8b81e4a2966d3e
Author: Dr. David von Oheimb
Date: Wed Aug 26 10:11:14 2020 +0200
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12739)
---
Summary of changes:
apps/cmp.c | 94 +++---
crypto/cmp/cmp_ctx.c | 4 +-
crypto/cmp/cmp_http.c | 9 ++--
crypto/cmp/cmp_protect.c | 24 +++
crypto/cmp/cmp_vfy.c | 12 +-
doc/man1/openssl-cmp.pod.in| 8
doc/man3/OSSL_CMP_log_open.pod | 3 ++
include/openssl/cmp_util.h | 2 +
util/other.syms| 1 +
9 files changed, 110 insertions(+), 47 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 97fa322b11..4a8b6e75fb 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -51,6 +51,7 @@ static char *opt_config = NULL;
#define SECTION_NAME_MAX 40 /* max length of section name */
#define DEFAULT_SECTION "default"
static char *opt_section = CMP_SECTION;
+static int opt_verbosity = OSSL_CMP_LOG_INFO;
#undef PROG
#define PROG cmp_main
@@ -194,7 +195,7 @@ static X509_VERIFY_PARAM *vpm = NULL;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-OPT_CONFIG, OPT_SECTION,
+OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY,
OPT_CMD, OPT_INFOTYPE, OPT_GENINFO,
@@ -257,6 +258,8 @@ const OPTIONS cmp_options[] = {
"Configuration file to use. \"\" = none. Default from env variable
OPENSSL_CONF"},
{"section", OPT_SECTION, 's',
"Section(s) in config file to get options from. \"\" = 'default'. Default
'cmp'"},
+{"verbosity", OPT_VERBOSITY, 'n',
+ "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO"},
OPT_SECTION("Generic message"),
{"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"},
@@ -507,7 +510,7 @@ typedef union {
long *num_long;
} varref;
static varref cmp_vars[] = { /* must be in same order as enumerated above! */
-{_config}, {_section},
+{_config}, {_section}, {(char **)_verbosity},
{_cmd_s}, {_infotype_s}, {_geninfo},
@@ -564,28 +567,32 @@ static varref cmp_vars[] = { /* must be in same order as
enumerated above! */
{NULL}
};
-#ifndef NDEBUG
-# define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \
- ? "CMP" : "OPENSSL_FUNC")
-# define PRINT_LOCATION(bio) BIO_printf(bio, "%s:%s:%d:", \
-FUNC, OPENSSL_FILE, OPENSSL_LINE)
-#else
-# define PRINT_LOCATION(bio) ((void)0)
-#endif
-#define CMP_print(bio, prefix, msg, a1, a2, a3) \
-(PRINT_LOCATION(bio), \
- BIO_printf(bio, "CMP %s: " msg "\n", prefix, a1, a2, a3))
-#define CMP_INFO(msg, a1, a2, a3) CMP_print(bio_out, "info", msg, a1, a2, a3)
+#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \
+ ? "CMP" : OPENSSL_FUNC)
+#define CMP_print(bio, level, prefix, msg, a1, a2, a3) \
+((void)(level > opt_verbosity ? 0 : \
+(BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", \
+FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2,
a3
+#define CMP_DEBUG(m, a1, a2, a3) \
+CMP_print(bio_out, OSSL_CMP_LOG_DEBUG, "debug", m, a1, a2, a3)
+#define CMP_debug(msg) CMP_DEBUG(msg"%s%s%s", "", "", "")
+#define CMP_debug1(msg, a1)CMP_DEBUG(msg"%s%s", a1, "", "")
+#define CMP_debug2(msg, a1, a2)CMP_DEBUG(msg"%s", a1, a2, "")
+#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg,a1, a2, a3)
+#define CMP_INFO(msg, a1, a2, a3) \
+CMP_print(bio_out, OSSL_CMP_LOG_INFO, "info", msg, a1, a2, a3)
#define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "")
#define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "")
#define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "")
#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3)
-#define CMP_WARN(m, a1, a2, a3)CMP_print(bio_out, "warning", m, a1, a2, a3)
+#define CMP_WARN(m, a1, a2, a3) \
+CMP_print(bio_out, OSSL_CMP_LOG_WARNING, "warning", m, a1, a2, a3)
#define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "")
#define CMP_warn1(msg, a1)
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # -- # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40E73BEC1F7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4017F694CA7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4017F694CA7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403:
Still Failing: openssl/openssl#37072 (master - 807b0a1)
Build Update for openssl/openssl - Build: #37072 Status: Still Failing Duration: 1 hr, 24 mins, and 22 secs Commit: 807b0a1 (master) Author: Felix Monninger Message: also zero pad DHE public key in ClientKeyExchange message for interop Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12331) View the changeset: https://github.com/openssl/openssl/compare/72c1e37421ff...807b0a1dbb65 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182247328?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit)
from 72c1e37421ffe9a4db4bba46f3d736dbc227c255 (commit)
- Log -
commit 807b0a1dbb65fcf0d432184326e76e9f745dc3f1
Author: Felix Monninger
Date: Tue Jun 30 22:57:36 2020 +0200
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12331)
---
Summary of changes:
ssl/statem/statem_clnt.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c994dd389..0780e5fc9a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_DH
DH *dh_clnt = NULL;
-const BIGNUM *pub_key;
EVP_PKEY *ckey = NULL, *skey = NULL;
unsigned char *keybytes = NULL;
+int prime_len;
skey = s->s3.peer_tmp;
if (skey == NULL) {
@@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
}
/* send off the data */
-DH_get0_key(dh_clnt, _key, NULL);
-if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
-)) {
+prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+/*
+ * For interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here.
+ */
+if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, )
+|| BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) <
0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
goto err;
}
-BN_bn2bin(pub_key, keybytes);
EVP_PKEY_free(ckey);
return 1;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C020816D647F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116: C020816D647F:error::PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:../openssl/crypto/pkcs12/p12_decr.c:37: C020816D647F:error::PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../openssl/crypto/pkcs12/p12_decr.c:90: C020816D647F:error::PKCS12 routines:PKCS12_parse:parse error:../openssl/crypto/pkcs12/p12_kiss.c:87: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3
