Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok Could not read any certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C04006128A7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:RC2-40-CBC ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # -- # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod
Build failed: openssl master.37341
Build openssl master.37341 failed Commit d8e1b9ee00 by drgler on 10/1/2020 7:20 PM: Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file 'test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file 'test.certout_popo5.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): # Failed test 'p10cr csr non-existing file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr4.pem -out_trusted root.crt -csr empty.txt => 139 not ok 78 - p10cr csr empty file # -- # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.certout_cr.pem -out_trusted root.crt => 139 not ok 82 - cr # -- # Failed test 'cr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur.pem -out_trusted root.crt -oldcert test.certout_newkey.pem -server '127.0.0.1:1700' -cert test.certout_newkey.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur explicit options # -- # Failed test 'kur explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.certout_kur_minimal.pem -oldcert "" -server '127.0.0.1:1700' -cert test.certout_newkey.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur minimal options # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.certout_kur2.pem -out_trusted root.crt -oldcert test.certout_newkey.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur5.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # -- # Failed test 'kur
Build completed: openssl master.37339
Build openssl master.37339 completed Commit 1b222e43a7 by Tianjia Zhang on 3/27/2020 2:37 AM: ASYNC: Fixes for nested job creation Configure your notification preferences
Build failed: openssl master.37338
Build openssl master.37338 failed Commit 1bca5d8c69 by Dmitry Belyavskiy on 2/22/2019 3:36 PM: Some OIDs used in Russian X.509 certificates. Configure your notification preferences
Build failed: openssl master.37337
Build openssl master.37337 failed Commit 71ded4cd7b by Richard Levitte on 10/2/2020 12:48 PM: fixup! Add a test for encoding and decoding of parameters files Configure your notification preferences
Build completed: openssl master.37333
Build openssl master.37333 completed Commit b36c734995 by Jordan Montgomery on 10/2/2020 6:02 AM: Expose PKCS7_get_octet_string and PKCS7_type_is_other Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t
Build failed: openssl master.37332
Build openssl master.37332 failed Commit 62f27ab9dc by Maxim Masiutin on 10/2/2020 6:49 AM: TLS AEAD ciphers: more bytes for key_block than needed Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testx509.pem => 1 not ok 409 - Checking that -certs returns 1 object on a certificate file # -- # Failed test 'Checking that -certs returns 1 object on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 205. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # -- # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # -- # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # -- # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 414 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 229. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 415 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 233. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 416 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 236. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl
Failed: openssl/openssl#37868 (master - 62f27ab)
Build Update for openssl/openssl - Build: #37868 Status: Failed Duration: 1 hr, 21 mins, and 6 secs Commit: 62f27ab (master) Author: Maxim Masiutin Message: TLS AEAD ciphers: more bytes for key_block than needed Fixes #12007 The key_block length was not written to trace, thus it was not obvious that extra key_bytes were generated for TLS AEAD. The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers to figure out how many bytes from the key_block were needed for the IV. The correct way was to take cipher mode (GCM, CCM, etc) into consideration rather than simply callin the general function EVP_CIPHER_iv_length. The new function tls_iv_length_within_key_block takes this into consideration. Besides that, the order of addendums was counter-intuitive MAC length was second, but it have to be first to correspond the order given in the RFC. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13035) View the changeset: https://github.com/openssl/openssl/compare/f21c9c64f534...62f27ab9dcf2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/187753237?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . skipped: dh is not supported by this OpenSSL build 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration
[openssl] master update
The branch master has been updated via 62f27ab9dcf29876b15cdae704c3a04b4c8a6344 (commit) from f21c9c64f53484d4abe25b76d29350ed683db855 (commit) - Log - commit 62f27ab9dcf29876b15cdae704c3a04b4c8a6344 Author: Maxim Masiutin Date: Tue Sep 29 18:40:56 2020 +0300 TLS AEAD ciphers: more bytes for key_block than needed Fixes #12007 The key_block length was not written to trace, thus it was not obvious that extra key_bytes were generated for TLS AEAD. The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers to figure out how many bytes from the key_block were needed for the IV. The correct way was to take cipher mode (GCM, CCM, etc) into consideration rather than simply callin the general function EVP_CIPHER_iv_length. The new function tls_iv_length_within_key_block takes this into consideration. Besides that, the order of addendums was counter-intuitive MAC length was second, but it have to be first to correspond the order given in the RFC. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13035) --- Summary of changes: ssl/t1_enc.c | 24 +++- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index fbef9c1a86..91c3904723 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -175,6 +175,18 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, return 1; } + +static int tls_iv_length_within_key_block(const EVP_CIPHER *c) +{ +/* If GCM/CCM mode only part of IV comes from PRF */ +if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) +return EVP_GCM_TLS_FIXED_IV_LEN; +else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) +return EVP_CCM_TLS_FIXED_IV_LEN; +else +return EVP_CIPHER_iv_length(c); +} + int tls1_change_cipher_state(SSL *s, int which) { unsigned char *p, *mac_secret; @@ -337,14 +349,7 @@ int tls1_change_cipher_state(SSL *s, int which) /* TODO(size_t): convert me */ cl = EVP_CIPHER_key_length(c); j = cl; -/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ -/* If GCM/CCM mode only part of IV comes from PRF */ -if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) -k = EVP_GCM_TLS_FIXED_IV_LEN; -else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) -k = EVP_CCM_TLS_FIXED_IV_LEN; -else -k = EVP_CIPHER_iv_length(c); +k = tls_iv_length_within_key_block(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); @@ -565,7 +570,7 @@ int tls1_setup_key_block(SSL *s) s->s3.tmp.new_hash = hash; s->s3.tmp.new_mac_pkey_type = mac_type; s->s3.tmp.new_mac_secret_size = mac_secret_size; -num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c); +num = mac_secret_size + EVP_CIPHER_key_length(c) + tls_iv_length_within_key_block(c); num *= 2; ssl3_cleanup_key_block(s); @@ -580,6 +585,7 @@ int tls1_setup_key_block(SSL *s) s->s3.tmp.key_block = p; OSSL_TRACE_BEGIN(TLS) { +BIO_printf(trc_out, "key block length: %ld\n", num); BIO_printf(trc_out, "client random\n"); BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "server random\n");
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: f21c9c64f5 EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use 7d80985e17 Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2 746f367489 Fix some things the rename script didn't quite get right d8652be06e Run the withlibctx.pl script aedac96c11 Perl util to do with_libctx renaming 0129030639 der: _ossl prefix der_oid_ and der_aid_ functions a55b00bdbc der: _ossl prefix DER functions c4232b9edb rsa_mp_coeff_names should only have one entry in it for fips mode. 592dcfd3df prov: prefix all exposed 'cipher' symbols with ossl_ 5b60f9c3e0 prov: prefix aes-cbc-cts functions with ossl_ 13a574d8bb check-format.pl: Allow nested indentation of labels (not only at line pos 1) 8e655da022 check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)' df4ec39203 check-format.pl: Document how to run positive and negative self-tests 4a24d6050b EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output 66066e1bba Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 9032c2c11b 25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert Build log ended with (last 100 lines): Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_csr_ignored.pem -out_trusted root.crt -csr idontexist => 1 not ok 72 - csr ignored for ir # -- # Failed test 'csr ignored for ir' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not read private key for CMP client certificate from signer.p12 C080DC2A5C7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr.pem -out_trusted root.crt -csr csr.pem => 1 not ok 73 - p10cr csr # -- Could not read private key for CMP client certificate from signer.p12 C020C917917F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 1 not ok 79 - ir + ignored revocation # -- Could not read private key for CMP client certificate from signer.p12 C0E032CBCB7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file