Errored: openssl/openssl#37486 (master - 4343a41)
Build Update for openssl/openssl - Build: #37486 Status: Errored Duration: 1 hr, 17 mins, and 2 secs Commit: 4343a41 (master) Author: Shane Lontis Message: Add self tests for rsa encryption SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9 A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt() are now in the fips module. Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops(). Added corruption test Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12835) View the changeset: https://github.com/openssl/openssl/compare/a268ed3acf16...4343a4187d28 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184533598?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp -MT test/ssl_ctx_test-bin-ssl_ctx_test.o -c -o test/ssl_ctx_test-bin-ssl_ctx_test.o ../openssl/test/ssl_ctx_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack
[openssl] master update
The branch master has been updated
via 4343a4187d28d719006642a610afea6e186832bf (commit)
from a268ed3acf16948c0e19ba67b2b3f89b3312a416 (commit)
- Log -
commit 4343a4187d28d719006642a610afea6e186832bf
Author: Shane Lontis
Date: Wed Sep 16 14:10:23 2020 +1000
Add self tests for rsa encryption
SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both
encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2
IG D.9
A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(),
EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.
Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().
Added corruption test
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12835)
---
Summary of changes:
crypto/evp/{pmeth_fn.c => asymcipher.c} | 0
crypto/evp/build.info | 3 +-
crypto/evp/pmeth_lib.c | 6 +-
doc/man7/OSSL_PROVIDER-FIPS.pod | 10 +++
include/openssl/self_test.h | 3 +
providers/fips/self_test_data.inc | 106 +++-
providers/fips/self_test_kats.c | 102 +-
test/recipes/03-test_fipsinstall.t | 12 +++-
8 files changed, 230 insertions(+), 12 deletions(-)
rename crypto/evp/{pmeth_fn.c => asymcipher.c} (100%)
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/asymcipher.c
similarity index 100%
rename from crypto/evp/pmeth_fn.c
rename to crypto/evp/asymcipher.c
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 4f155f1393..36fac11683 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -2,7 +2,7 @@ LIBS=../../libcrypto
$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c
\
m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
-pmeth_check.c evp_rand.c
+pmeth_check.c evp_rand.c asymcipher.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
@@ -13,7 +13,6 @@ SOURCE[../../libcrypto]=$COMMON\
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_allc.c c_alld.c bio_ok.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
-pmeth_fn.c\
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c \
legacy_sha.c
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 12f09ed79b..38f42eca7d 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -396,10 +396,7 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
EVP_KEYEXCH_free(ctx->op.kex.exchange);
ctx->op.kex.exchprovctx = NULL;
ctx->op.kex.exchange = NULL;
-}
-/* TODO(3.0): add dependancies and uncomment this when available for fips mode
*/
-#ifndef FIPS_MODULE
-else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
+} else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL)
ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx);
EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher);
@@ -409,7 +406,6 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
if (ctx->op.keymgmt.genctx != NULL && ctx->keymgmt != NULL)
evp_keymgmt_gen_cleanup(ctx->keymgmt, ctx->op.keymgmt.genctx);
}
-#endif
}
void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index d404716b23..2ae999e023 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -184,6 +184,10 @@ file after successfully running the self tests during
installation.
Known answer test for a symmetric cipher.
+=item "KAT_AsymmetricCipher" (B)
+
+Known answer test for a asymmetric cipher.
+
=item "KAT_Digest" (B)
Known answer test for a digest.
@@ -237,6 +241,12 @@ The FIPS module passes the following descriptions(s) to
OSSL_SELF_TEST_onbegin()
Key generation tests used with the "Pairwise_Consistency_Test" type.
+=item "RSA_Encrypt" (B)
+
+=item "RSA_Decrypt" (B)
+
+"KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
+
=item "AES_GCM" (B)
=item "TDES" (B)
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index aa153581fa..4d99aaa4e3 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -30,6 +30,7 @@ extern "C" {
# define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test"
# define OSSL_SELF_TEST_TYPE_PCT"Pairwise_Consistency_Test"
# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher"
+# define
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=212, Tests=3434, 723 wallclock secs (14.31 usr 1.46 sys + 652.47 cusr 63.59 csys = 731.83 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 807748C3C07F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:314: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 80779470FF7E:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 80779470FF7E:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt # -- ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # -- # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . skipped: tls13secrets is not supported in this build 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration
Errored: openssl/openssl#37481 (master - a268ed3)
Build Update for openssl/openssl - Build: #37481 Status: Errored Duration: 1 hr, 20 mins, and 50 secs Commit: a268ed3 (master) Author: Pauli Message: free memory use on error in cert verify Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12870) View the changeset: https://github.com/openssl/openssl/compare/4f14a378f807...a268ed3acf16 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184466265?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via a268ed3acf16948c0e19ba67b2b3f89b3312a416 (commit)
via 871881856fa1da2c175b17c52f6b0b1c15d791a1 (commit)
via 30f3b4e1c15cda063ed3e5ffc893b202afd671a3 (commit)
via e2d66c0d007ad8bcf80890dadf681135d24d86cd (commit)
via 48ff651eccf2f43ddbc221a0f9ddac57169aa255 (commit)
from 4f14a378f807e989aa0b328267732409c8d6ac68 (commit)
- Log -
commit a268ed3acf16948c0e19ba67b2b3f89b3312a416
Author: Pauli
Date: Mon Sep 14 07:50:40 2020 +1000
free memory use on error in cert verify
Reviewed-by: Richard Levitte
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 871881856fa1da2c175b17c52f6b0b1c15d791a1
Author: Pauli
Date: Mon Sep 14 07:47:26 2020 +1000
generate_cookie_callback: free temporary memory on an error path
Reviewed-by: Richard Levitte
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 30f3b4e1c15cda063ed3e5ffc893b202afd671a3
Author: Pauli
Date: Mon Sep 14 07:44:45 2020 +1000
PKCS5 PBE: free allocations on unlikely / impossible failure path
Reviewed-by: Richard Levitte
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/12870)
commit e2d66c0d007ad8bcf80890dadf681135d24d86cd
Author: Pauli
Date: Mon Sep 14 07:40:58 2020 +1000
PKCS#8: free data on error path in newpass_bag
Reviewed-by: Richard Levitte
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 48ff651eccf2f43ddbc221a0f9ddac57169aa255
Author: Pauli
Date: Mon Sep 14 07:36:02 2020 +1000
DTLS: free allocated memory on error paths
Reviewed-by: Richard Levitte
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/12870)
---
Summary of changes:
apps/lib/s_cb.c | 1 +
crypto/evp/p5_crpt.c | 2 +-
crypto/pkcs12/p12_npas.c | 4 +++-
crypto/x509/x509_vfy.c | 1 +
ssl/statem/statem_dtls.c | 8 ++--
5 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index ec52cef158..72fb98402d 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -786,6 +786,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char
*cookie,
/* Create buffer with peer's address and port */
if (!BIO_ADDR_rawaddress(peer, NULL, )) {
BIO_printf(bio_err, "Failed getting peer address\n");
+BIO_ADDR_free(lpeer);
return 0;
}
OPENSSL_assert(length != 0);
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 4e9603757b..7e9a80e5c0 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -91,7 +91,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char
*pass, int passlen,
goto err;
mdsize = EVP_MD_size(md);
if (mdsize < 0)
-return 0;
+goto err;
for (i = 1; i < iter; i++) {
if (!EVP_DigestInit_ex(ctx, md, NULL))
goto err;
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index ee35c45abb..7f04ce10de 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -157,8 +157,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char
*oldpass,
if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
return 0;
X509_SIG_get0(bag->value.shkeybag, , NULL);
-if (!alg_get(shalg, _nid, _iter, _saltlen))
+if (!alg_get(shalg, _nid, _iter, _saltlen)) {
+PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
+}
p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5520f08e28..f234ec0df6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3214,6 +3214,7 @@ static int build_chain(X509_STORE_CTX *ctx)
}
self_signed = X509_self_signed(x, 0);
if (self_signed < 0) {
+sk_X509_free(sktmp);
ctx->error = X509_V_ERR_UNSPECIFIED;
return 0;
}
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 564829c808..84ae35b655 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1051,12 +1051,16 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
((s->version ==
DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
- == (unsigned int)s->init_num))
+ == (unsigned int)s->init_num)) {
+dtls1_hm_fragment_free(frag);
return 0;
+}
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_3
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3 apps/cmp.c:
Build completed: openssl master.36940
Build openssl master.36940 completed Commit 62a9415f6f by Matt Caswell on 9/15/2020 3:48 PM: Make sure we properly test for EdDSA with alg ids Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3
Build failed: openssl master.36939
Build openssl master.36939 failed Commit 43ef55025a by Tomas Mraz on 9/11/2020 1:27 PM: Rename check_chain_extensions to check_chain Configure your notification preferences
Build failed: openssl master.36938
Build openssl master.36938 failed Commit 1fa4b7d775 by Richard Levitte on 9/15/2020 3:40 PM: Configurations/unix-Makefile.tmpl: Don't specify headers twice Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3 apps/cmp.c:
Build completed: openssl OpenSSL_1_1_1-stable.36936
Build openssl OpenSSL_1_1_1-stable.36936 completed Commit 5468e48c2e by Meik Kreyenkoetter on 9/15/2020 3:11 PM: Merge branch 'OpenSSL_1_1_1-stable' into win10ecccomp Configure your notification preferences
Build failed: openssl master.36935
Build openssl master.36935 failed Commit 7e06c712e1 by Matt Caswell on 9/15/2020 1:32 PM: Temporarily display more diagnostic information Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3 apps/cmp.c:
Build failed: openssl master.36934
Build openssl master.36934 failed Commit 88a87a7eea by Matt Caswell on 9/15/2020 1:00 PM: Fix some doc-nits and make update errors Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3 apps/cmp.c: Improve
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC
-DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in
Build completed: openssl master.36932
Build openssl master.36932 completed Commit f337c70579 by Richard Levitte on 9/15/2020 8:33 AM: fixup! ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER Configure your notification preferences
Build failed: openssl master.36931
Build openssl master.36931 failed Commit 87a059ad1f by Shane Lontis on 9/15/2020 7:06 AM: fixup! Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. Configure your notification preferences
Build completed: openssl master.36930
Build openssl master.36930 completed Commit 10fb89d5bf by Dmitry Belyavskiy on 9/15/2020 5:46 AM: fixup! HMAC should work with non-provided digests Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sock
Commit log since last time:
ec0ce188f4 EVP: Centralise fetching error reporting
225c9660a5 Ignore unused return values from some sk_*() macros
89b46350a3 Don't complain about stack related macros
0490314f65 Make 'make errors' work again
962963395c Make 'make ordinals' work again
83ecb26f2b util/mknum.pl: Fix file opening
c6029deab2 Streamline the safestack generated code
316054147a Add a CHANGES entry for the safestack updates
262cda1cda Remove some safestack things that are no longer needed
9cedfc90ce Fix safestack issues in ui.h
add3392727 Fix safestack issues in pkcs12.h
15c3dcfc78 Fix safestack issues in crypto.h
e74e562f1c Fix safestack issues in conf.h
dd73147420 Fix safestack issues in bio.h
1e14bca233 Fix safestack issues in ess.h
0b28254015 Fix safestack issues in asn1t.h
9d01ac71a0 Fix safestack issues in ct.h
98c35dc48d Fix safestack issues in crmf.h
c5a5581127 Fix safestack issues in x509_vfy.h
22fbfe6a7d Fix safestack issues in srp.h
02199cc39d Fix safestack issues in pkcs7.h
fd3ed85c67 Fix safestack issues in ocsp.h
904e1f92b3 Fix safestack issues in cms.h
798f932980 Fix safestack issues in cmp.h
b4780134df Fix safestack issues in asn1.h
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
e144fd36ce Fix safestack issues in x509v3.h
e6623cfbff Fix safestack issues in x509.h
6ac1cd10ba Fix safestack issues in ssl.h
08073700cc NonStop port updates for 3.0.0.
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
655f73cecf EVP: Add the internal convenience function evp_keymgmt_util_export()
96bb4ff9b8 Fix EVP_PKEY_CTX_ctrl() documentation
33dd828d97 Update doc for EVP_PKEY_CTX_set_ec_param_enc()
7229a2f4ab EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers
4588f35b5a dev/release.sh: Rework to be smoother
35e6ea3bdc keygen: add FIPS error state management to conditional self tests
801ed9edba CRNGT: enter FIPS error state if the test fails
5736923f12 FIPS: error mode is set from failed self tests and produced a
limited number of errors when algorithm accesses are attempted
f99d3eedf7 ciphers: add FIPS error state handling
422cbcee61 keymgmt: add FIPS error state handling
f590a5ea1a signature: add FIPS error state handling
ca94057fc3 exchange: add FIPS error state handling
2b9e4e956b kdf: add FIPS error state handling
5b104a81f0 mac: add FIPS error state handling
aef30ad0b6 rand: add FIPS error state handling
87fe138d35 asymciphers: add FIPS error state handling
1c1daab94c digests: add FIPS error state handling
6cf3730267 FIPS: rename the status call to is_running.
eab7b4240d provider: add an 'is_running' call to all providers.
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in
OSSL_STORE_SEARCH_by_key_fingerprint()
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in
dh_ctrl.c
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in
PKCS7_dataInit()
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in
OSSL_STORE_find()
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
c1aba0763c OSSL_DECODER 'decode' function must never be NULL.
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
0e60ce6334 Improve robustness and performance of building Unix static libraries
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man
page)
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of
OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and
-otherpass
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818
section 2
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for
self-issued EE certs
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage
extension
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN
must be marked critical
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not
marked critical
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA
cert are marked critical
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and
x509_{set,vfy}.c
b0a4cbead3 apps/cmp.c:
Build failed: openssl master.36929
Build openssl master.36929 failed Commit 5b3b9cb92b by Shane Lontis on 9/15/2020 4:45 AM: Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). Configure your notification preferences
