Build failed: openssl master.35638
Build openssl master.35638 failed Commit c9b74391ab by Richard Levitte on 7/17/2020 5:33 AM: fixup! KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() Configure your notification preferences
Errored: openssl/openssl#36172 (master - cb9bb73)
Build Update for openssl/openssl - Build: #36172 Status: Errored Duration: 1 hr, 25 mins, and 25 secs Commit: cb9bb73 (master) Author: Dr. David von Oheimb Message: 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12359) View the changeset: https://github.com/openssl/openssl/compare/0b670a2101c6...cb9bb7350d41 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175951660?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.35636
Build openssl master.35636 failed Commit 248504846a by Richard Levitte on 7/17/2020 5:01 AM: fixup! TEST: Add new serializer and deserializer test Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man 3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3
[openssl] master update
The branch master has been updated
via 8e78da06660b269fbdf8faba6bc3a356ee3fda5e (commit)
from cb9bb7350d4192553683e61e64894e8ed197b44c (commit)
- Log -
commit 8e78da06660b269fbdf8faba6bc3a356ee3fda5e
Author: Shane Lontis
Date: Wed Jul 15 11:49:57 2020 +1000
Fix trailing whitespace mismatch error when running 02-test_errstr.
Fixes #12449
On a aix7_ppc32 machine the error was of the form
match 'Previous owner died ' (2147483743) with one of ( 'Previous owner
died', 'reason(95)' )
Stripping the trailing whitespace from the system error will address this
issue.
Suggested fix by @pauldale.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/12451)
---
Summary of changes:
test/recipes/02-test_errstr.t | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t
index a63812f397..7c382b4124 100644
--- a/test/recipes/02-test_errstr.t
+++ b/test/recipes/02-test_errstr.t
@@ -49,7 +49,7 @@ use constant ERR_LIB_NONE => 1;
plan tests => scalar @Errno::EXPORT_OK
+1 # Checking that error 128 gives 'reason(128)'
+1 # Checking that error 0 gives the library name
-;
++1; # Check trailing whitespace is removed.
# Test::More:ok() has a sub prototype, which means we need to use the ''
# syntax to force it to accept a list as a series of arguments.
@@ -66,6 +66,7 @@ foreach my $errname (@Errno::EXPORT_OK) {
# Reason code 0 of any library gives the library name as reason
(match_opensslerr_reason(ERR_LIB_NONE << ERR_LIB_OFFSET | 0,
"unknown library"));
+(match_any("Trailing whitespace \n\t", "?", ( "Trailing whitespace" )));
exit 0;
@@ -93,6 +94,9 @@ sub match_any {
my $desc = shift;
my @strings = @_;
+# ignore trailing whitespace
+$first =~ s/\s+$//;
+
if (scalar @strings > 1) {
$desc = "match '$first' ($desc) with one of ( '"
. join("', '", @strings) . "' )";
Errored: openssl/openssl#36167 (master - 0b670a2)
Build Update for openssl/openssl - Build: #36167 Status: Errored Duration: 1 hr, 29 mins, and 24 secs Commit: 0b670a2 (master) Author: Dr. David von Oheimb Message: x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12375) View the changeset: https://github.com/openssl/openssl/compare/318565b73374...0b670a2101c6 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175884109?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#36166 (master - 318565b)
Build Update for openssl/openssl - Build: #36166 Status: Errored Duration: 59 mins and 11 secs Commit: 318565b (master) Author: Richard Levitte Message: Prepare for 3.0 alpha 6 Reviewed-by: Nicola Tuveri View the changeset: https://github.com/openssl/openssl/compare/b013cf9a...318565b73374 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175881017?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#36165 (openssl-3.0.0-alpha5 - e70a2d9)
Build Update for openssl/openssl - Build: #36165 Status: Errored Duration: 1 hr, 29 mins, and 26 secs Commit: e70a2d9 (openssl-3.0.0-alpha5) Author: Richard Levitte Message: Prepare for release of 3.0 alpha 5 Reviewed-by: Nicola Tuveri View the changeset: https://github.com/openssl/openssl/commit/e70a2d9f139e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175880856?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#36162 (master - b013cf9)
Build Update for openssl/openssl - Build: #36162 Status: Errored Duration: 1 hr, 23 mins, and 36 secs Commit: b013cf9 (master) Author: Richard Levitte Message: util/mktar.pl: Change 'VERSION' to 'VERSION.dat' This was forgotten when that file changed name, and that unfortunately disrupts releases. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12464) View the changeset: https://github.com/openssl/openssl/compare/e39e295e205a...b013cf9a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175878075?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP #
Errored: openssl/openssl#36160 (master - e39e295)
Build Update for openssl/openssl - Build: #36160 Status: Errored Duration: 1 hr, 20 mins, and 54 secs Commit: e39e295 (master) Author: Richard Levitte Message: Update copyright year Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12463) View the changeset: https://github.com/openssl/openssl/compare/e4162f86d7fd...e39e295e205a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175875538?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # -- # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # -- # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 42bb51e59308b3ebc5cc1c35ff4822fba6b52d79 (commit)
via e2590c3a162eb118c36b09c2168164283aa099b4 (commit)
from e21519280b3c3e0b264632fd72ce503a9d9ced73 (commit)
- Log -
commit 42bb51e59308b3ebc5cc1c35ff4822fba6b52d79
Author: Dr. David von Oheimb
Date: Fri Jul 3 21:19:55 2020 +0200
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
If a presumably self-signed cert is last in chain we verify its signature
only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the
signature verification, but not in case it is a (non-conforming) self-issued
CA certificate with a key usage extension that does not include keyCertSign.
Make clear when we must verify the signature of a certificate
and when we must adhere to key usage restrictions of the 'issuing' cert.
Add some comments for making internal_verify() easier to understand.
Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12357)
commit e2590c3a162eb118c36b09c2168164283aa099b4
Author: Dr. David von Oheimb
Date: Tue Dec 24 11:25:15 2019 +0100
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening
check_issued()
Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not:
self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix.
As prerequisites, this adds the static function check_sig_alg_match()
and the internal functions x509_likely_issued() and x509_signing_allowed().
This is a backport of the core of PR #10587.
Fixes #1418
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12357)
---
Summary of changes:
crypto/x509/x509_local.h | 2 +
crypto/x509/x509_vfy.c | 88 --
crypto/x509v3/v3_purp.c| 64 ++
doc/man1/verify.pod| 7 ++-
doc/man3/X509_STORE_set_verify_cb_func.pod | 4 +-
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 13 +++--
doc/man3/X509_check_issued.pod | 17 +++---
include/openssl/x509_vfy.h | 3 +
test/certs/ee-self-signed.pem | 18 ++
test/certs/setup.sh| 3 +
test/recipes/25-test_verify.t | 5 +-
11 files changed, 166 insertions(+), 58 deletions(-)
create mode 100644 test/certs/ee-self-signed.pem
diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h
index c517a77456..6ac3c7eaa6 100644
--- a/crypto/x509/x509_local.h
+++ b/crypto/x509/x509_local.h
@@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
const ASN1_STRING *sig);
+int x509_likely_issued(X509 *issuer, X509 *subject);
+int x509_signing_allowed(const X509 *issuer, const X509 *subject);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5bd3c4c159..f30c0f8d38 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -104,7 +104,12 @@ static int null_callback(int ok, X509_STORE_CTX *e)
return ok;
}
-/* Return 1 is a certificate is self signed */
+/*
+ * Return 1 if given cert is considered self-signed, 0 if not or on error.
+ * This does not verify self-signedness but relies on x509v3_cache_extensions()
+ * matching issuer and subject names (i.e., the cert being self-issued) and any
+ * present authority key identifier matching the subject key identifier, etc.
+ */
static int cert_self_signed(X509 *x)
{
if (X509_check_purpose(x, -1, 0) != 1)
@@ -325,30 +330,26 @@ static X509 *find_issuer(X509_STORE_CTX *ctx,
STACK_OF(X509) *sk, X509 *x)
return rv;
}
-/* Given a possible certificate and issuer check them */
-
+/*
+ * Check that the given certificate 'x' is issued by the certificate 'issuer'
+ * and the issuer is not yet in ctx->chain, where the exceptional case
+ * that 'x' is self-issued and ctx->chain has just one element is allowed.
+ */
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
-int ret;
-if (x == issuer)
-return cert_self_signed(x);
-ret = X509_check_issued(issuer, x);
-if (ret == X509_V_OK) {
+if (x509_likely_issued(issuer, x) != X509_V_OK)
+return 0;
+if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) {
int i;
X509 *ch;
-/* Special case: single self signed certificate */
-if (cert_self_signed(x) &&
Errored: openssl/openssl#36158 (master - e4162f8)
Build Update for openssl/openssl - Build: #36158 Status: Errored Duration: 1 hr, 36 mins, and 23 secs Commit: e4162f8 (master) Author: Richard Levitte Message: DRBG: Fix the renamed functions after the EVP_MAC name reversal [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12186) View the changeset: https://github.com/openssl/openssl/compare/8dab4de53887...e4162f86d7fd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175870877?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via cb9bb7350d4192553683e61e64894e8ed197b44c (commit)
via 1e76cb002a8d89b66b67214921b921c4cb9f6506 (commit)
from 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b (commit)
- Log -
commit cb9bb7350d4192553683e61e64894e8ed197b44c
Author: Dr. David von Oheimb
Date: Fri Jul 3 14:19:43 2020 +0200
99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split
easily
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/12359)
commit 1e76cb002a8d89b66b67214921b921c4cb9f6506
Author: Dr. David von Oheimb
Date: Thu Jul 2 17:59:55 2020 +0200
test/run_tests.pl: In parallel runs, start those tests first that run
longest
Also untabify the Perl source file.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/12359)
---
Summary of changes:
fuzz/README.md | 16 +-
test/README.md | 4 +++
test/recipes/99-test_fuzz.t | 41 +++-
test/recipes/fuzz.pl| 31 ++
test/run_tests.pl | 76 +
5 files changed, 111 insertions(+), 57 deletions(-)
create mode 100644 test/recipes/fuzz.pl
diff --git a/fuzz/README.md b/fuzz/README.md
index a713f85325..deb7a43168 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -99,7 +99,7 @@ Reproducing issues
If a fuzzer generates a reproducible error, you can reproduce the problem using
the fuzz/*-test binaries and the file generated by the fuzzer. They binaries
-don't need to be build for fuzzing, there is no need to set CC or the call
+don't need to be built for fuzzing, there is no need to set CC or the call
config with enable-fuzz-* or -fsanitize-coverage, but some of the other options
above might be needed. For instance the enable-asan or enable-ubsan option
might
be useful to show you when the problem happens. For the client and server
fuzzer
@@ -110,6 +110,20 @@ To reproduce the crash you can run:
fuzz/$FUZZER-test $file
+To do all the tests of a specific fuzzer such as asn1 you can run
+
+fuzz/asn1-test fuzz/corpora/asn1
+or
+make test TESTS=fuzz_test FUZZ_TESTS=asn1
+
+To run several fuzz tests you can use for instance:
+
+make test TESTS=test_fuzz FUZZ_TESTS="cmp cms"
+
+To run all fuzz tests you can use:
+
+make test TESTS=test_fuzz
+
Random numbers
--
diff --git a/test/README.md b/test/README.md
index f9058a0026..f4f0574aef 100644
--- a/test/README.md
+++ b/test/README.md
@@ -121,6 +121,10 @@ Run all tests in test groups 80 to 99 except for tests in
group 90:
$ make TESTS='[89]? -90' test
+To run specific fuzz tests you can use for instance:
+
+$ make test TESTS=test_fuzz FUZZ_TESTS="cmp cms"
+
To stochastically verify that the algorithm that produces uniformly distributed
random numbers is operating correctly (with a false positive rate of 0.01%):
diff --git a/test/recipes/99-test_fuzz.t b/test/recipes/99-test_fuzz.t
index c9e2c961e4..8bacad47de 100644
--- a/test/recipes/99-test_fuzz.t
+++ b/test/recipes/99-test_fuzz.t
@@ -9,35 +9,30 @@
use strict;
use warnings;
-use OpenSSL::Glob;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;
setup("test_fuzz");
-my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'client', 'conf',
'crl', 'server', 'x509');
-if (!disabled("cmp")) {
-push @fuzzers, 'cmp';
+my @fuzzers = ();
+@fuzzers = split /\s+/, $ENV{FUZZ_TESTS} if $ENV{FUZZ_TESTS};
+
+if (!@fuzzers) {
+@fuzzers = (
+# those commented here as very slow could be moved to separate runs
+'asn1', # very slow
+'asn1parse', 'bignum', 'bndiv', 'conf','crl',
+'client', # very slow
+'server', # very slow
+'x509'
+);
+push @fuzzers, 'cmp' if !disabled("cmp");
+push @fuzzers, 'cms' if !disabled("cms");
+push @fuzzers, 'ct' if !disabled("ct");
}
-if (!disabled("cms")) {
-push @fuzzers, 'cms';
-}
-if (!disabled("ct")) {
-push @fuzzers, 'ct';
-}
-plan tests => scalar @fuzzers;
-foreach my $f (@fuzzers) {
-subtest "Fuzzing $f" => sub {
-my @dirs = glob(srctop_file('fuzz', 'corpora', $f));
-push @dirs, glob(srctop_file('fuzz', 'corpora', "$f-*"));
+plan tests => scalar @fuzzers + 1; # one more due to below require_ok(...)
-plan skip_all => "No corpora for $f-test" unless @dirs;
+require_ok(srctop_file('test','recipes','fuzz.pl'));
-plan tests => scalar @dirs;
-
-foreach (@dirs) {
-ok(run(fuzz(["$f-test", $_])));
-}
-}
-}
+_tests(@fuzzers);
diff --git a/test/recipes/fuzz.pl b/test/recipes/fuzz.pl
new file mode 100644
index 00..795d85c1df
--- /dev/null
+++ b/test/recipes/fuzz.pl
@@ -0,0 +1,31 @@
+# Copyright
Errored: openssl/openssl#36157 (master - 8dab4de)
Build Update for openssl/openssl - Build: #36157 Status: Errored Duration: 1 hr, 24 mins, and 7 secs Commit: 8dab4de (master) Author: Richard Levitte Message: Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12461) View the changeset: https://github.com/openssl/openssl/compare/ecca5b6e2ea5...8dab4de53887 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175868980?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#36151 (master - ecca5b6)
Build Update for openssl/openssl - Build: #36151 Status: Errored Duration: 1 hr, 29 mins, and 22 secs Commit: ecca5b6 (master) Author: Pauli Message: capabilities: make capability selection case insensitive. Everything else to do with algorithm selection and properties is case insensitive. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12450) View the changeset: https://github.com/openssl/openssl/compare/81ed433cf835...ecca5b6e2ea5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175831098?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b (commit)
via 1337a3a998b7dacd55e31c21bb9c647099e63e86 (commit)
from 318565b73374a3821dbd00d1d0e598e957fc45c9 (commit)
- Log -
commit 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b
Author: Dr. David von Oheimb
Date: Fri Jul 3 21:19:55 2020 +0200
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
If a presumably self-signed cert is last in chain we verify its signature
only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the
signature verification, but not in case it is a (non-conforming) self-issued
CA certificate with a key usage extension that does not include keyCertSign.
Make clear when we must verify the signature of a certificate
and when we must adhere to key usage restrictions of the 'issuing' cert.
Add some comments for making internal_verify() easier to understand.
Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12375)
commit 1337a3a998b7dacd55e31c21bb9c647099e63e86
Author: Dr. David von Oheimb
Date: Mon Jul 13 17:13:48 2020 +0200
Constify X509_check_akid and prefer using X509_get0_serialNumber over
X509_get_serialNumber
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12375)
---
Summary of changes:
apps/ca.c| 4 +--
apps/x509.c | 2 +-
crypto/cmp/cmp_msg.c | 4 +--
crypto/cms/cms_lib.c | 4 +--
crypto/ess/ess_lib.c | 4 +--
crypto/pkcs7/pk7_doit.c | 2 +-
crypto/pkcs7/pk7_lib.c | 4 +--
crypto/x509/t_x509.c | 3 +-
crypto/x509/v3_akey.c| 2 +-
crypto/x509/v3_purp.c| 6 ++--
crypto/x509/x509_vfy.c | 54 +++-
crypto/x509/x_crl.c | 2 +-
doc/man1/openssl.pod | 9 +++---
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 14 +
include/openssl/x509v3.h | 2 +-
15 files changed, 72 insertions(+), 44 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index d91b39c91c..d0309ae15c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1049,7 +1049,7 @@ end_of_options:
for (i = 0; i < sk_X509_num(cert_sk); i++) {
BIO *Cout = NULL;
X509 *xi = sk_X509_value(cert_sk, i);
-ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
+const ASN1_INTEGER *serialNumber = X509_get0_serialNumber(xi);
const unsigned char *psn = ASN1_STRING_get0_data(serialNumber);
const int snl = ASN1_STRING_length(serialNumber);
const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem");
@@ -2113,7 +2113,7 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE
rev_type,
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
-bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
+bn = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
if (!bn)
goto end;
if (BN_is_zero(bn))
diff --git a/apps/x509.c b/apps/x509.c
index c64c7d2811..bf168b7863 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -693,7 +693,7 @@ int x509_main(int argc, char **argv)
X509_get_subject_name(x), get_nameopt());
} else if (serial == i) {
BIO_printf(out, "serial=");
-i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
+i2a_ASN1_INTEGER(out, X509_get0_serialNumber(x));
BIO_printf(out, "\n");
} else if (next_serial == i) {
ASN1_INTEGER *ser = X509_get_serialNumber(x);
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index bbc3e9157e..c5a9dbccf8 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -298,7 +298,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int
bodytype, int rid)
if (bodytype == OSSL_CMP_PKIBODY_KUR) {
OSSL_CRMF_CERTID *cid =
OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert),
- X509_get_serialNumber(refcert));
+ X509_get0_serialNumber(refcert));
int ret;
if (cid == NULL)
@@ -469,7 +469,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
NULL /* pubkey would be redundant */,
NULL /* subject would be redundant */,
X509_get_issuer_name(ctx->oldCert),
-
[web] master update
The branch master has been updated via 352c7424739f080133f1309e1dff033cd66f2c4a (commit) from 4a137483e0f38397a1da6d9213f3c460147e42cf (commit) - Log - commit 352c7424739f080133f1309e1dff033cd66f2c4a Author: Richard Levitte Date: Thu Jul 16 15:39:04 2020 +0200 Add note about Alpha 5 in newsflash.txt Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/web/pull/189) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e10835a..163dd21 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it 05-Jun-2020: New Blog post: OpenSSL 3.0 Alpha3 Release
Errored: openssl/openssl#36150 (master - 81ed433)
Build Update for openssl/openssl - Build: #36150 Status: Errored Duration: 1 hr, 53 mins, and 35 secs Commit: 81ed433 (master) Author: Pauli Message: libcrypto.num: engine deprecation updates Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) View the changeset: https://github.com/openssl/openssl/compare/8c2bfd25129a...81ed433cf835 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175830474?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 318565b73374a3821dbd00d1d0e598e957fc45c9 (commit) via e70a2d9f139e69f0f8a0846a170623256e424dea (commit) from b013cf9aec515af17ee9bb3fe37ca0891499 (commit) - Log - commit 318565b73374a3821dbd00d1d0e598e957fc45c9 Author: Richard Levitte Date: Thu Jul 16 15:23:08 2020 +0200 Prepare for 3.0 alpha 6 Reviewed-by: Nicola Tuveri commit e70a2d9f139e69f0f8a0846a170623256e424dea Author: Richard Levitte Date: Thu Jul 16 15:22:29 2020 +0200 Prepare for release of 3.0 alpha 5 Reviewed-by: Nicola Tuveri --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 2ba82bbc93..7c83447f66 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha5-dev +PRE_RELEASE_TAG=alpha6-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
[openssl] openssl-3.0.0-alpha5 create
The annotated tag openssl-3.0.0-alpha5 has been created
at b603e202bab26e1c099839a78871047e2fe9de10 (tag)
tagging e70a2d9f139e69f0f8a0846a170623256e424dea (commit)
replaces openssl-3.0.0-alpha4
tagged by Richard Levitte
on Thu Jul 16 15:22:46 2020 +0200
- Log -
OpenSSL 3.0.0-alpha5 release tag
-BEGIN PGP SIGNATURE-
iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCXxBUpgAKCRCnr5549wlF
OyjRAJ9VbSPhdUmpeg0yNxs00Mq3xEs1NQCffMSROJG9Pr+OKasjPYYRD6pdiQk=
=GnBK
-END PGP SIGNATURE-
Attila Szakacs (1):
Configuration: do not overwrite BASE_unix ex_libs in AIX
Benjamin Kaduk (1):
Providerized libssl fallout: cleanup init
Benny Baumann (1):
Force ssl/tls protocol flags to use stream sockets
Billy Brumley (1):
[test] ectest: check custom generators
Daniel Bevenius (2):
Configurations: make Makefile tmpl files non-links
Configure: fix minor typo in apitable comment
Dr. David von Oheimb (20):
Move test-related info from INSTALL.md to new test/README.md, updating
references
INSTALL.md and NOTES.VALGRIND: Further cleanup of references and
code/symbol quotation layout
Improve documentation, layout, and code comments regarding self-issued
certs etc.
Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
Make x509 -force_pubkey test case with self-issued cert more realistic by
adding CA basic constraints, CA key usage, and key IDs to the cert and by add
-partial_chain to the verify call that trusts this cert
Add four more verify test cases on the self-signed Ed25519 and self-issed
X25519 certs
Optimization and safety precaution in find_issuer() of x509_vfy.c:
candidate issuer cert cannot be the same as the subject cert 'x'
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening
check_issued()
Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new
X509_verify.pod
Add X509_self_signed(), extending and improving documenation and tests
X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1
== NULL'
test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF)
test/run_tests.pl: Add visual separator after failed test case for VFP
and VFP modes
test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP
81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port
setting
81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including
http.h
Glenn Strauss (1):
improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
Gustaf Neumann (1):
Fix typos and repeated words
Jakub Wilk (1):
doc: Remove stray backtick
Jon Spillett (1):
Fix up build issue when running cpp tests
Kurt Roeckx (2):
Fix syntax of cipher string
Reduce the security bits for MD5 and SHA1 based signatures in TLS
Martin Elshuber (1):
Add support to zeroize plaintext in S3 record layer
Matt Caswell (29):
Prepare for 3.0 alpha 5
Make the ASYNC code default libctx aware
Add a test to make sure ASYNC aware code gets the right default libctx
Fix a typo on the SSL_dup page
Don't forget our provider ctx when resetting
Ensure a string is properly terminated in http_client.c
If an empty password is supplied still try to use it
Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
Fix a typo in the i2d_TYPE_fp documentation
Move MAC removal responsibility to the various protocol "enc" functions
Split the padding/mac removal functions out into a separate file
Remove SSL dependencies from tls_pad.c
Add provider support for TLS CBC padding and MAC removal
Make libssl start using the TLS provider CBC support
Change ChaCha20-Poly1305 to be consistent with out ciphers
Make the NULL cipher TLS aware
Ensure cipher_generic_initkey gets passed the actual provider ctx
Ensure GCM "update" failures return 0 on error
Ensure the sslcorrupttest checks all errors on the queue
Decreate the length after decryption for the stitched ciphers
Ensure any allocated MAC is freed in the provider code
Convert SSLv3 handling to use provider side CBC/MAC removal
Ensure TLS padding is added during encryption on the provider side
Fix OSSL_PROVIDER_get_capabilities()
Fix an incorrect error flow in add_provider_groups
Add a test to check having a provider loaded without a groups still works
Ensure we excluse ec2m curves if ec2m is disabled
Revert "The EVP_MAC functions have
[openssl] master update
The branch master has been updated via b013cf9aec515af17ee9bb3fe37ca0891499 (commit) from e39e295e205ab8461d3ac814129bbb08c2d1266d (commit) - Log - commit b013cf9aec515af17ee9bb3fe37ca0891499 Author: Richard Levitte Date: Thu Jul 16 15:08:30 2020 +0200 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' This was forgotten when that file changed name, and that unfortunately disrupts releases. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12464) --- Summary of changes: util/mktar.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mktar.sh b/util/mktar.sh index 04b29e2e3a..ec47578f34 100755 --- a/util/mktar.sh +++ b/util/mktar.sh @@ -9,7 +9,7 @@ HERE=`dirname $0` # Get all version data as shell variables -. $HERE/../VERSION +. $HERE/../VERSION.dat if [ -n "$PRE_RELEASE_TAG" ]; then PRE_RELEASE_TAG=-$PRE_RELEASE_TAG; fi version=$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA
[openssl] master update
The branch master has been updated via e39e295e205ab8461d3ac814129bbb08c2d1266d (commit) from e4162f86d7fd92058e5558bd81ce9dbc615fec3f (commit) - Log - commit e39e295e205ab8461d3ac814129bbb08c2d1266d Author: Richard Levitte Date: Thu Jul 16 14:47:04 2020 +0200 Update copyright year Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12463) --- Summary of changes: config.com | 2 +- crypto/async/async.c| 2 +- crypto/async/async_local.h | 2 +- crypto/chacha/chacha_enc.c | 2 +- crypto/cms/cms_enc.c| 2 +- crypto/conf/conf_mall.c | 2 +- crypto/engine/eng_ctrl.c| 2 +- crypto/engine/eng_fat.c | 2 +- crypto/engine/eng_init.c| 2 +- crypto/engine/eng_pkey.c| 2 +- crypto/engine/eng_rdrand.c | 2 +- crypto/engine/tb_asnmth.c | 2 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c| 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/err/err_local.h | 2 +- crypto/evp/e_chacha20_poly1305.c| 2 +- crypto/init.c | 2 +- crypto/o_time.c | 2 +- crypto/rand/randfile.c | 2 +- crypto/sha/sha_local.h | 2 +- crypto/trace.c | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +- doc/man3/ASYNC_start_job.pod| 2 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ADDRINFO.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_s_bio.pod | 2 +- doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man3/DSA_set_method.pod | 2 +- doc/man3/DTLSv1_listen.pod | 2 +- doc/man3/ENGINE_add.pod | 2 +- doc/man3/EVP_CIPHER_meth_new.pod| 2 +- doc/man3/EVP_EncodeInit.pod | 2 +- doc/man3/EVP_OpenInit.pod | 2 +- doc/man3/EVP_PKEY_verify_recover.pod| 2 +- doc/man3/EVP_SealInit.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod| 2 +- doc/man3/OPENSSL_config.pod | 2 +- doc/man3/OPENSSL_ia32cap.pod| 2 +- doc/man3/OPENSSL_init_crypto.pod| 2 +- doc/man3/OPENSSL_load_builtin_modules.pod | 2 +- doc/man3/OPENSSL_s390xcap.pod | 2 +- doc/man3/OpenSSL_version.pod| 2 +- doc/man3/PKCS7_verify.pod | 2 +- doc/man3/RAND_DRBG_get0_public.pod | 2 +- doc/man3/RAND_DRBG_reseed.pod | 2 +- doc/man3/SSL_CTX_set_generate_session_id.pod| 2 +- doc/man3/SSL_CTX_set_session_cache_mode.pod | 2 +- doc/man3/SSL_CTX_set_session_id_context.pod | 2 +- doc/man3/SSL_CTX_set_split_send_fragment.pod| 2 +- doc/man3/SSL_get_all_async_fds.pod | 2 +- doc/man3/SSL_pending.pod| 2 +- doc/man3/SSL_read.pod | 2 +- doc/man3/SSL_set_bio.pod
[openssl] master update
The branch master has been updated via e4162f86d7fd92058e5558bd81ce9dbc615fec3f (commit) via 660c534435e238c6bd8065c1d544a1c4d3c555a3 (commit) via 865adf97c9b8271788ee7293ecde9e8a643a1c45 (commit) from 8dab4de53887639abc1152288fac76506beb87b3 (commit) - Log - commit e4162f86d7fd92058e5558bd81ce9dbc615fec3f Author: Richard Levitte Date: Thu Jul 16 06:49:45 2020 +0200 DRBG: Fix the renamed functions after the EVP_MAC name reversal [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12186) commit 660c534435e238c6bd8065c1d544a1c4d3c555a3 Author: Matt Caswell Date: Thu Jun 18 09:30:48 2020 +0100 Revert "kdf: make function naming consistent." The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9460a304c8119f57941341a149498b9db. Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12186) commit 865adf97c9b8271788ee7293ecde9e8a643a1c45 Author: Matt Caswell Date: Thu Jun 18 09:26:22 2020 +0100 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12186) --- Summary of changes: CHANGES.md| 8 ++-- apps/fipsinstall.c| 10 ++-- apps/kdf.c| 6 +-- apps/lib/s_cb.c | 4 +- apps/mac.c| 6 +-- crypto/cmac/cm_ameth.c| 4 +- crypto/crmf/crmf_pbm.c| 6 +-- crypto/dh/dh_kdf.c| 6 +-- crypto/ec/ecdh_kdf.c | 6 +-- crypto/err/openssl.txt| 2 + crypto/evp/kdf_lib.c | 20 crypto/evp/mac_lib.c | 20 crypto/evp/p5_crpt2.c | 6 +-- crypto/evp/p_lib.c| 6 +-- crypto/evp/pbe_scrypt.c | 6 +-- crypto/evp/pkey_kdf.c | 14 +++--- crypto/evp/pkey_mac.c | 37 --- crypto/modes/siv128.c | 28 ++-- doc/man1/openssl-kdf.pod.in | 2 +- doc/man1/openssl-mac.pod.in | 2 +- doc/man3/EVP_KDF.pod | 40 doc/man3/EVP_MAC.pod | 46 +-- doc/man3/HMAC.pod | 2 +- doc/man3/OSSL_PARAM_allocate_from_text.pod| 2 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 14 +++--- doc/man7/EVP_KDF-HKDF.pod | 16 +++ doc/man7/EVP_KDF-KB.pod | 20 doc/man7/EVP_KDF-KRB5KDF.pod | 8 ++-- doc/man7/EVP_KDF-PBKDF2.pod | 6 +-- doc/man7/EVP_KDF-SCRYPT.pod | 16 +++ doc/man7/EVP_KDF-SS.pod | 32 ++--- doc/man7/EVP_KDF-SSHKDF.pod | 12 ++--- doc/man7/EVP_KDF-TLS1_PRF.pod | 16 +++ doc/man7/EVP_KDF-X942.pod | 18 doc/man7/EVP_KDF-X963.pod | 16 +++ doc/man7/EVP_MAC-BLAKE2.pod | 6 +-- doc/man7/EVP_MAC-CMAC.pod | 6 +-- doc/man7/EVP_MAC-GMAC.pod | 6 +-- doc/man7/EVP_MAC-HMAC.pod | 6 +-- doc/man7/EVP_MAC-KMAC.pod | 6 +-- doc/man7/EVP_MAC-Poly1305.pod | 6 +-- doc/man7/EVP_MAC-Siphash.pod | 6 +-- include/openssl/evp.h | 36 ++- include/openssl/kdf.h | 12 ++--- include/openssl/mac.h | 59 providers/common/provider_util.c | 8 ++-- providers/fips/self_test.c| 6 +-- providers/fips/self_test_kats.c | 6 +-- providers/implementations/kdfs/kbkdf.c| 14 +++--- providers/implementations/kdfs/sskdf.c| 16 +++ providers/implementations/kdfs/tls1_prf.c | 22 - providers/implementations/rands/drbg_hmac.c | 8 ++-- ssl/t1_enc.c
Errored: openssl/openssl#36149 (master - 8c2bfd2)
Build Update for openssl/openssl - Build: #36149 Status: Errored Duration: 1 hr, 23 mins, and 47 secs Commit: 8c2bfd2 (master) Author: Todd Short Message: Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale Reviewed-by: Viktor Dukhovni Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8730) View the changeset: https://github.com/openssl/openssl/compare/55affcadbe4a...8c2bfd25129a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175829826?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3089, 859 wallclock secs (12.72 usr 1.25 sys + 796.94 cusr 60.79 csys = 871.70 CPU) Result: FAIL Makefile:3136:
[openssl] master update
The branch master has been updated via 8dab4de53887639abc1152288fac76506beb87b3 (commit) from ecca5b6e2ea5f364e4281193fd1526fbaf3f8248 (commit) - Log - commit 8dab4de53887639abc1152288fac76506beb87b3 Author: Richard Levitte Date: Thu Jul 16 09:34:00 2020 +0200 Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12461) --- Summary of changes: CHANGES.md | 15 +++ NEWS.md| 1 + 2 files changed, 16 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 68d269cb5d..a7cb2c5bb1 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,21 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * Deprecated the `ENGINE` API. Engines should be replaced with providers + going forward. + + *Paul Dale* + + * Reworked the recorded ERR codes to make better space for system errors. + To distinguish them, the macro `ERR_SYSTEM_ERROR()` indicates if the + given code is a system error (true) or an OpenSSL error (false). + + *Richard Levitte* + + * Reworked the test perl framework to better allow parallel testing. + + *Nicola Tuveri and David von Oheimb* + * Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported. diff --git a/NEWS.md b/NEWS.md index e04e5b95c8..ed99e8cd00 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Deprecated the `ENGINE` API. * Added `OPENSSL_CTX`, a libcrypto library context. * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
Build failed: openssl master.35610
Build openssl master.35610 failed Commit ce165703e6 by Richard Levitte on 7/16/2020 10:18 AM: fixup! TEST: Add new serializer and deserializer test Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): 70-test_sslversions.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t(Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t(Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 12 Failed: 2) Failed tests: 5, 8 Non-zero exit status: 2 Files=205, Tests=2033, 456 wallclock secs ( 7.08 usr 0.94 sys + 391.38 cusr 41.37 csys = 440.77 CPU) Result: FAIL Makefile:3124: recipe for target
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh
Platform and configuration command:
$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dh
Commit log since last time:
55affcadbe Configure: fix minor typo in apitable comment
e45d943665 Add FIPS related configuration data to the default openssl
application configuration file
5744dacb3a Make -provider_name and -section_name optional
d3b243d15b Use defaults FIPSKEY if not given on command line
7cc355c2e4 Add AES_CBC_CTS ciphers to providers
c35b853576 Enable WinCE build without deceiving _MSC_VER.
a1736f37ae To generate makefile with correct parameters for WinCE.
7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler
due to its miscompilation of the function.
https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the
definition.
ce3080e931 DRBG: rename the DRBG taxonomy.
d35bab46c9 Configurations: make Makefile tmpl files non-links
Build log ended with (last 100 lines):
test/libtestutil.a libcrypto.a -ldl -pthread
rm -f test/cmp_protect_test
${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations \
-o test/cmp_protect_test \
test/cmp_protect_test-bin-cmp_protect_test.o \
test/cmp_protect_test-bin-cmp_testlib.o \
test/libtestutil.a libcrypto.a -ldl -pthread
rm -f test/cmp_server_test
${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations \
-o test/cmp_server_test \
test/cmp_server_test-bin-cmp_server_test.o \
test/cmp_server_test-bin-cmp_testlib.o \
test/libtestutil.a libcrypto.a -ldl -pthread
rm -f test/cmp_status_test
${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations \
-o test/cmp_status_test \
test/cmp_status_test-bin-cmp_status_test.o \
test/cmp_status_test-bin-cmp_testlib.o \
test/libtestutil.a libcrypto.a -ldl -pthread
rm -f test/cmp_vfy_test
${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations \
-o test/cmp_vfy_test \
test/cmp_vfy_test-bin-cmp_testlib.o \
test/cmp_vfy_test-bin-cmp_vfy_test.o \
test/libtestutil.a libcrypto.a -ldl -pthread
rm -f test/context_internal_test
${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations \
-o test/context_internal_test \
test/context_internal_test-bin-context_internal_test.o \
test/libtestutil.a libcrypto.a -ldl
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t
[openssl] master update
The branch master has been updated
via ecca5b6e2ea5f364e4281193fd1526fbaf3f8248 (commit)
from 81ed433cf835bf7b47aa926735196b6948f65e95 (commit)
- Log -
commit ecca5b6e2ea5f364e4281193fd1526fbaf3f8248
Author: Pauli
Date: Wed Jul 15 09:16:30 2020 +1000
capabilities: make capability selection case insensitive.
Everything else to do with algorithm selection and properties is case
insensitive.
Reviewed-by: Matt Caswell
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/12450)
---
Summary of changes:
providers/common/capabilities.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index a60620d8a2..353da1ee32 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -17,6 +17,7 @@
#include "internal/nelem.h"
#include "internal/tlsgroups.h"
#include "prov/providercommon.h"
+#include "e_os.h"
typedef struct tls_group_constants_st {
unsigned int group_id; /* Group ID */
@@ -177,7 +178,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void
*arg)
int provider_get_capabilities(void *provctx, const char *capability,
OSSL_CALLBACK *cb, void *arg)
{
-if (strcmp(capability, "TLS-GROUP") == 0)
+if (strcasecmp(capability, "TLS-GROUP") == 0)
return tls_group_capability(cb, arg);
/* We don't support this capability */
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): C01020EB0A7F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C01020EB0A7F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C01020EB0A7F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C01020EB0A7F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C01020EB0A7F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C01020EB0A7F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C01020EB0A7F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C050AC98937F:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and
[openssl] master update
The branch master has been updated
via 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (commit)
from 55affcadbe4aac7d4832448b8c071b582da4e344 (commit)
- Log -
commit 8c2bfd25129aea1b1f1b66ec753b21955f8ed523
Author: Todd Short
Date: Thu Apr 11 10:47:13 2019 -0400
Add SSL_get[01]_peer_certificate()
Deprecate SSL_get_peer_certificte() and replace with
SSL_get1_peer_certificate().
Add SSL_get0_peer_certificate.
Reviewed-by: Paul Dale
Reviewed-by: Viktor Dukhovni
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/8730)
---
Summary of changes:
apps/lib/s_cb.c | 3 +--
apps/s_client.c | 3 +--
apps/s_server.c | 6 ++
doc/man3/SSL_get_peer_certificate.pod | 27 +--
include/openssl/ssl.h | 7 ++-
ssl/ssl_lib.c | 23 ---
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 2 +-
test/handshake_helper.c | 10 +++---
test/ossl_shim/ossl_shim.cc | 2 +-
test/sslapitest.c | 8 +++-
test/ssltest_old.c| 3 +--
util/libssl.num | 4 +++-
util/other.syms | 1 +
14 files changed, 57 insertions(+), 44 deletions(-)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 5bddde5b03..de72bde9ed 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1227,7 +1227,7 @@ void print_ssl_summary(SSL *s)
c = SSL_get_current_cipher(s);
BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
do_print_sigalgs(bio_err, s, 0);
-peer = SSL_get_peer_certificate(s);
+peer = SSL_get0_peer_certificate(s);
if (peer != NULL) {
int nid;
@@ -1243,7 +1243,6 @@ void print_ssl_summary(SSL *s)
} else {
BIO_puts(bio_err, "No peer certificate\n");
}
-X509_free(peer);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_err, s);
if (SSL_is_server(s))
diff --git a/apps/s_client.c b/apps/s_client.c
index 5a5a40c927..91b21003fb 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3241,7 +3241,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
BIO_printf(bio, "---\n");
-peer = SSL_get_peer_certificate(s);
+peer = SSL_get0_peer_certificate(s);
if (peer != NULL) {
BIO_printf(bio, "Server certificate\n");
@@ -3421,7 +3421,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
OPENSSL_free(exportedkeymat);
}
BIO_printf(bio, "---\n");
-X509_free(peer);
/* flush, or debugging output gets mixed with http response */
(void)BIO_flush(bio);
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 9995953526..15d479ce0e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2939,12 +2939,11 @@ static void print_connection_info(SSL *con)
PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
-peer = SSL_get_peer_certificate(con);
+peer = SSL_get0_peer_certificate(con);
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
dump_cert_text(bio_s_out, peer);
-X509_free(peer);
peer = NULL;
}
@@ -3265,12 +3264,11 @@ static int www_body(int s, int stype, int prot,
unsigned char *context)
BIO_printf(io, "---\n");
print_stats(io, SSL_get_SSL_CTX(con));
BIO_printf(io, "---\n");
-peer = SSL_get_peer_certificate(con);
+peer = SSL_get0_peer_certificate(con);
if (peer != NULL) {
BIO_printf(io, "Client certificate\n");
X509_print(io, peer);
PEM_write_bio_X509(io, peer);
-X509_free(peer);
peer = NULL;
} else {
BIO_puts(io, "no client certificate available\n");
diff --git a/doc/man3/SSL_get_peer_certificate.pod
b/doc/man3/SSL_get_peer_certificate.pod
index e21e3e4fd4..b695edc689 100644
--- a/doc/man3/SSL_get_peer_certificate.pod
+++ b/doc/man3/SSL_get_peer_certificate.pod
@@ -2,17 +2,21 @@
=head1 NAME
-SSL_get_peer_certificate - get the X509 certificate of the peer
+SSL_get_peer_certificate,
+SSL_get0_peer_certificate,
+SSL_get1_peer_certificate - get the X509 certificate of the peer
=head1 SYNOPSIS
#include
X509 *SSL_get_peer_certificate(const SSL *ssl);
+ X509 *SSL_get0_peer_certificate(const SSL *ssl);
+ X509 *SSL_get1_peer_certificate(const SSL *ssl);
=head1 DESCRIPTION
-SSL_get_peer_certificate() returns a pointer to the X509 certificate the
+These functions return a pointer to the X509 certificate the
peer
