Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sock

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in 
> doc/man1/openssl-dsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in 
> doc/man1/openssl-ec.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in 
> doc/man1/openssl-enc.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-fipsinstall.pod.in > 
doc/man1/openssl-fipsinstall.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in 
> doc/man1/openssl-kdf.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in 
> doc/man1/openssl-mac.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-rc2

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok

Could not read any certificates from -in file from 
../../../openssl/test/certs/v3-certs-RC2.p12
C04006128A7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:RC2-40-CBC
../../util/wrap.pl ../../apps/openssl pkcs12 -export -in 
../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider 
default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 
=> 1
not ok 5 - test_pkcs12_passcert
# --
#   Failed test 'test_pkcs12_passcert'
#   at ../openssl/test/recipes/80-test_pkcs12.t line 93.
# Looks like you failed 1 test of 5.80-test_pkcs12.t ... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/5 subtests 
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-posix-io

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in 
> doc/man1/openssl-dsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in 
> doc/man1/openssl-ec.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in 
> doc/man1/openssl-enc.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-fipsinstall.pod.in > 
doc/man1/openssl-fipsinstall.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in 
> doc/man1/openssl-kdf.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in 
> doc/man1/openssl-mac.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod

Build failed: openssl master.37341

[AppVeyor]

Build openssl master.37341 failed


Commit d8e1b9ee00 by drgler on 10/1/2020 7:20 PM:

Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" 
-keypass "" -unprotected_requests => 0
not ok 38 - unprotected request
# --
#   Failed test 'unprotected request'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
# Looks like you failed 3 tests of 38.
not ok 5 - CMP app CLI Mock credentials
# --
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending 
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled 
certificate(s), saving to file 'test.certout_popo1.pem'
../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey 
new.key -newkeypass 'pass:' -popo 0 -certout test.certout_popo1.pem 
-out_trusted root.crt => 0
not ok 43 - popo RAVERIFIED
# --
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending 
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled 
certificate(s), saving to file 'test.certout_popo5.pem'
../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey 
new.key -newkeypass 'pass:' -popo -1 -certout test.certout_popo5.pem 
-out_trusted root.crt => 0
not ok 47 - popo NONE
# --
#   Failed test 'popo NONE'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui-console

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

#   Failed test 'p10cr csr non-existing file'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key 
-newkeypass 'pass:' -certout test.certout_p10cr4.pem -out_trusted root.crt -csr 
empty.txt => 139
not ok 78 - p10cr csr empty file
# --
#   Failed test 'p10cr csr empty file'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key 
-newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt 
-revreason 5 => 139
not ok 79 - ir + ignored revocation
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key 
-newkeypass 'pass:' -certout test.certout_cr.pem -out_trusted root.crt => 139
not ok 82 - cr
# --
#   Failed test 'cr'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key 
-newkeypass 'pass:' -certout test.certout_kur.pem -out_trusted root.crt 
-oldcert test.certout_newkey.pem -server '127.0.0.1:1700' -cert 
test.certout_newkey.pem -key new.key -extracerts issuing.crt => 139
not ok 83 - kur explicit options
# --
#   Failed test 'kur explicit options'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout 
test.certout_kur_minimal.pem -oldcert "" -server '127.0.0.1:1700' -cert 
test.certout_newkey.pem -key new.key -extracerts issuing.crt -secret "" => 139
not ok 84 - kur minimal options
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ 
-newkeypass 'pass:' -certout test.certout_kur2.pem -out_trusted root.crt 
-oldcert test.certout_newkey.pem -server '127.0.0.1:1700' => 139
not ok 86 - kur newkey is directory
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key 
-newkeypass 'pass:' -certout test.certout_kur5.pem -out_trusted root.crt 
-oldcert dir/ -server '127.0.0.1:1700' => 139
not ok 89 - kur oldcert is directory
# --
#   Failed test 'kur 

Build completed: openssl master.37339

[AppVeyor]

Build openssl master.37339 completed



Commit 1b222e43a7 by Tianjia Zhang on 3/27/2020 2:37 AM:

ASYNC: Fixes for nested job creation


Configure your notification preferences

Build failed: openssl master.37338

[AppVeyor]

Build openssl master.37338 failed


Commit 1bca5d8c69 by Dmitry Belyavskiy on 2/22/2019 3:36 PM:

Some OIDs used in Russian X.509 certificates.


Configure your notification preferences

Build failed: openssl master.37337

[AppVeyor]

Build openssl master.37337 failed


Commit 71ded4cd7b by Richard Levitte on 10/2/2020 12:48 PM:

fixup! Add a test for encoding and decoding of parameters files


Configure your notification preferences

Build completed: openssl master.37333

[AppVeyor]

Build openssl master.37333 completed



Commit b36c734995 by Jordan Montgomery on 10/2/2020 6:02 AM:

Expose PKCS7_get_octet_string and PKCS7_type_is_other


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-err

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

65-test_cmp_vfy.t .. ok
66-test_ossl_store.t ... ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t 

Build failed: openssl master.37332

[AppVeyor]

Build openssl master.37332 failed


Commit 62f27ab9dc by Maxim Masiutin on 10/2/2020 6:49 AM:

TLS AEAD ciphers: more bytes for key_block than needed


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-engine

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-certs -noout ../../../../openssl/test/testx509.pem => 1
not ok 409 - Checking that -certs returns 1 object on a certificate file
# --
#   Failed test 'Checking that -certs returns 1 object on a certificate file'
#   at ../openssl/test/recipes/90-test_store.t line 205.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-certs -noout ../../../../openssl/test/testcrl.pem => 1
not ok 410 - Checking that -certs returns 0 objects on a CRL file
# --
#   Failed test 'Checking that -certs returns 0 objects on a CRL file'
#   at ../openssl/test/recipes/90-test_store.t line 208.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls 
-noout ../../../../openssl/test/testx509.pem => 1
not ok 411 - Checking that -crls returns 0 objects on a certificate file
# --
#   Failed test 'Checking that -crls returns 0 objects on a certificate file'
#   at ../openssl/test/recipes/90-test_store.t line 212.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls 
-noout ../../../../openssl/test/testcrl.pem => 1
not ok 412 - Checking that -crls returns 1 object on a CRL file
# --
#   Failed test 'Checking that -crls returns 1 object on a CRL file'
#   at ../openssl/test/recipes/90-test_store.t line 215.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1
not ok 413
# --
#   Failed test at ../openssl/test/recipes/90-test_store.t line 226.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification 
Authority' rehash => 1
not ok 414
# --
#   Failed test at ../openssl/test/recipes/90-test_store.t line 229.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -certs -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1
not ok 415
# --
#   Failed test at ../openssl/test/recipes/90-test_store.t line 233.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -crls -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1
not ok 416
# --
#   Failed test at ../openssl/test/recipes/90-test_store.t line 236.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl 

Failed: openssl/openssl#37868 (master - 62f27ab)

[Travis CI]

Build Update for openssl/openssl
-

Build: #37868
Status: Failed

Duration: 1 hr, 21 mins, and 6 secs
Commit: 62f27ab (master)
Author: Maxim Masiutin
Message: TLS AEAD ciphers: more bytes for key_block than needed

Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.

The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.

The new function tls_iv_length_within_key_block takes this into
consideration.

Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the RFC.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/13035)

View the changeset: 
https://github.com/openssl/openssl/compare/f21c9c64f534...62f27ab9dcf2

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/187753237?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec2m

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dh

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

65-test_cmp_vfy.t .. ok
66-test_ossl_store.t ... ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . skipped: dh is not supported by this 
OpenSSL build
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . skipped: dh is not supported by this 
OpenSSL build
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration

[openssl] master update

[tmraz]

The branch master has been updated
   via  62f27ab9dcf29876b15cdae704c3a04b4c8a6344 (commit)
  from  f21c9c64f53484d4abe25b76d29350ed683db855 (commit)


- Log -
commit 62f27ab9dcf29876b15cdae704c3a04b4c8a6344
Author: Maxim Masiutin 
Date:   Tue Sep 29 18:40:56 2020 +0300

TLS AEAD ciphers: more bytes for key_block than needed

Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.

The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.

The new function tls_iv_length_within_key_block takes this into
consideration.

Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the 
RFC.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/13035)

---

Summary of changes:
 ssl/t1_enc.c | 24 +++-
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index fbef9c1a86..91c3904723 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -175,6 +175,18 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX 
*ctx,
 return 1;
 }
 
+
+static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
+{
+/* If GCM/CCM mode only part of IV comes from PRF */
+if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+return EVP_GCM_TLS_FIXED_IV_LEN;
+else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+return EVP_CCM_TLS_FIXED_IV_LEN;
+else
+return EVP_CIPHER_iv_length(c);
+}
+
 int tls1_change_cipher_state(SSL *s, int which)
 {
 unsigned char *p, *mac_secret;
@@ -337,14 +349,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 /* TODO(size_t): convert me */
 cl = EVP_CIPHER_key_length(c);
 j = cl;
-/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-/* If GCM/CCM mode only part of IV comes from PRF */
-if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-k = EVP_GCM_TLS_FIXED_IV_LEN;
-else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
-k = EVP_CCM_TLS_FIXED_IV_LEN;
-else
-k = EVP_CIPHER_iv_length(c);
+k = tls_iv_length_within_key_block(c);
 if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
 ms = &(p[0]);
@@ -565,7 +570,7 @@ int tls1_setup_key_block(SSL *s)
 s->s3.tmp.new_hash = hash;
 s->s3.tmp.new_mac_pkey_type = mac_type;
 s->s3.tmp.new_mac_secret_size = mac_secret_size;
-num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+num = mac_secret_size + EVP_CIPHER_key_length(c) + 
tls_iv_length_within_key_block(c);
 num *= 2;
 
 ssl3_cleanup_key_block(s);
@@ -580,6 +585,7 @@ int tls1_setup_key_block(SSL *s)
 s->s3.tmp.key_block = p;
 
 OSSL_TRACE_BEGIN(TLS) {
+BIO_printf(trc_out, "key block length: %ld\n", num);
 BIO_printf(trc_out, "client random\n");
 BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);
 BIO_printf(trc_out, "server random\n");

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dgram

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):


# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . skipped: No DTLS protocols are supported 
by this OpenSSL build
80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK 
support enabled
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok

# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 7 - iteration 7
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 8 - iteration 8
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 9 - iteration 9
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 10 - iteration 10
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 11 - iteration 11
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 12 - iteration 12
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips 
../../../openssl/test/fips-and-base.cnf => 1
not ok 9 - running ssl_test 04-client_auth.cnf
# --
#   Failed test 'running ssl_test 04-client_auth.cnf'
#   at ../openssl/test/recipes/80-test_ssl_new.t line 173.
# Looks like you failed 1 test of 9.
not ok 5 - Test configuration 04-client_auth.cnf
# --
# Looks like you failed 1 test of 31.80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/31 subtests 
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id 
also with NO_SM2
746f367489 Fix some things the rename script didn't quite get right
d8652be06e Run the withlibctx.pl script
aedac96c11 Perl util to do with_libctx renaming
0129030639 der: _ossl prefix der_oid_ and der_aid_ functions
a55b00bdbc der: _ossl prefix DER functions
c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode.
592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_
5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_
13a574d8bb check-format.pl: Allow nested indentation of labels (not only at 
line pos 1)
8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 
'for (...;)'
df4ec39203 check-format.pl: Document how to run positive and negative self-tests
4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group 
to error output
66066e1bba Prune low-level ASN.1 parse errors from error queue in 
der2key_decode() etc.
9032c2c11b 25-test_x509.t: Add test for suitable error report loading 
unsupported sm2 cert

Build log ended with (last 100 lines):

Unable to load private key for CMP client certificate
cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp 
-config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 
127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout 
test.certout_csr_ignored.pem -out_trusted root.crt -csr idontexist => 1
not ok 72 - csr ignored for ir
# --
#   Failed test 'csr ignored for ir'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 184.
Could not read private key for CMP client certificate from signer.p12
C080DC2A5C7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC
Unable to load private key for CMP client certificate
cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp 
-config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 
127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout 
test.certout_p10cr.pem -out_trusted root.crt -csr csr.pem => 1
not ok 73 - p10cr csr
# --
Could not read private key for CMP client certificate from signer.p12
C020C917917F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC
Unable to load private key for CMP client certificate
cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp 
-config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 
127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout 
test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 1
not ok 79 - ir + ignored revocation
# --
Could not read private key for CMP client certificate from signer.p12
C0E032CBCB7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC
Unable to load private key for CMP client certificate
cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration 
file