Build failed: openssl master.34592
Build openssl master.34592 failed Commit 6f705af266 by Pauli on 6/2/2020 3:20 AM: fixup! evp_rand: documentation Configure your notification preferences
Build failed: openssl master.34591
Build openssl master.34591 failed Commit a92ea21f00 by Pauli on 6/2/2020 2:07 AM: fixup! rand: libcrypto.num update Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/h tml/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc /html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap .html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html
Failed: openssl/openssl#35139 (master - 32df134)
Build Update for openssl/openssl - Build: #35139 Status: Failed Duration: 21 mins and 10 secs Commit: 32df134 (master) Author: Bernd Edlinger Message: Remove getenv(OPENSSL_FIPS) in openssl command This is left over from the past. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11995) View the changeset: https://github.com/openssl/openssl/compare/41dccd68b9b9...32df13497a1f View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693606618?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 32df13497a1f1d7ef90a9c0b3128f65d18ab0086 (commit) from 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 (commit) - Log - commit 32df13497a1f1d7ef90a9c0b3128f65d18ab0086 Author: Bernd Edlinger Date: Sat May 30 09:57:29 2020 +0200 Remove getenv(OPENSSL_FIPS) in openssl command This is left over from the past. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11995) --- Summary of changes: apps/openssl.c | 5 - 1 file changed, 5 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 0a3c76e7f1..83c384fbfe 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -261,11 +261,6 @@ int main(int argc, char *argv[]) setup_trace(getenv("OPENSSL_TRACE")); #endif -if (getenv("OPENSSL_FIPS")) { -BIO_printf(bio_err, "FIPS mode not supported.\n"); -return 1; -} - if (!apps_startup()) { BIO_printf(bio_err, "FATAL: Startup failure (dev note: apps_startup() failed)\n");
Errored: openssl/openssl#35135 (master - 41dccd6)
Build Update for openssl/openssl - Build: #35135 Status: Errored Duration: 53 mins and 19 secs Commit: 41dccd6 (master) Author: Bernd Edlinger Message: Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) View the changeset: https://github.com/openssl/openssl/compare/c7f837cfcc5b...41dccd68b9b9 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693516016?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 3fc83feae0bc3fcfbb7cfc8a927bb4a888a7663b (commit) from ec5aad1ca26599bcaddc3a03708fb925b21f3b6c (commit) - Log - commit 3fc83feae0bc3fcfbb7cfc8a927bb4a888a7663b Author: Bernd Edlinger Date: Sun May 31 07:51:23 2020 +0200 Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) (cherry picked from commit 41dccd68b9b9b7622b26d264c5fa190aa5bd4201) --- Summary of changes: crypto/bio/b_print.c | 4 +--- test/bioprinttest.c | 33 - 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 48556f72bc..2f68fe79cc 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -638,10 +638,8 @@ fmtfp(char **sbuffer, /* * By subtracting 65535 (2^16-1) we cancel the low order 15 bits * of ULONG_MAX to avoid using imprecise floating point values. - * The second condition is necessary to catch NaN values. */ -if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 -|| !(ufvalue == ufvalue) /* NaN */) { +if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index e37b854e6b..e97de03b2d 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,48 +241,15 @@ static int test_fp(int i) return r; } -extern double zero_value; -double zero_value = 0.0; - static int test_big(void) { char buf[80]; -double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; -d = 1.0; -z = zero_value; -inf = d / z; -nan = z / z; - -/* - * Test +/-inf, nan. Should fail. - * Test +/-1.0, +/-0.0. Should work. - */ -if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", inf), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -inf), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", nan), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", d), 8) -|| !TEST_str_eq(buf, "1.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", z), 8) -|| !TEST_str_eq(buf, "0.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -d), 9) -|| !TEST_str_eq(buf, "-1.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -z), 8) -|| !TEST_str_eq(buf, "0.00")) -return 0; - return 1; }
[openssl] master update
The branch master has been updated via 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 (commit) from c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit) - Log - commit 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 Author: Bernd Edlinger Date: Sun May 31 07:51:23 2020 +0200 Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) --- Summary of changes: crypto/bio/b_print.c | 4 +--- test/bioprinttest.c | 33 - 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 6b995f8233..a5dfff503c 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -638,10 +638,8 @@ fmtfp(char **sbuffer, /* * By subtracting 65535 (2^16-1) we cancel the low order 15 bits * of ULONG_MAX to avoid using imprecise floating point values. - * The second condition is necessary to catch NaN values. */ -if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 -|| !(ufvalue == ufvalue) /* NaN */) { +if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 3dd5b3efa2..e6e32a64fc 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,48 +241,15 @@ static int test_fp(int i) return r; } -extern double zero_value; -double zero_value = 0.0; - static int test_big(void) { char buf[80]; -double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; -d = 1.0; -z = zero_value; -inf = d / z; -nan = z / z; - -/* - * Test +/-inf, nan. Should fail. - * Test +/-1.0, +/-0.0. Should work. - */ -if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", inf), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -inf), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", nan), -1) -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", d), 8) -|| !TEST_str_eq(buf, "1.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", z), 8) -|| !TEST_str_eq(buf, "0.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -d), 9) -|| !TEST_str_eq(buf, "-1.00") -|| !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -z), 8) -|| !TEST_str_eq(buf, "0.00")) -return 0; - return 1; }
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 703 wallclock secs ( 8.13 usr 1.45 sys + 666.71 cusr 43.47 csys = 719.76 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2
Still Failing: openssl/openssl#35129 (master - c7f837c)
Build Update for openssl/openssl - Build: #35129 Status: Still Failing Duration: 49 mins and 59 secs Commit: c7f837c (master) Author: Tim Hudson Message: undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12001) View the changeset: https://github.com/openssl/openssl/compare/dc18e4ddfbd5...c7f837cfcc5b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693387347?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit) from dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit) - Log - commit c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 Author: Tim Hudson Date: Mon Jun 1 19:52:23 2020 +1000 undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12001) --- Summary of changes: CHANGES.md | 7 --- crypto/x509/x509_d2.c | 3 --- doc/man3/SSL_CTX_load_verify_locations.pod | 14 +- doc/man3/X509_STORE_add_cert.pod | 2 -- include/openssl/ssl.h | 4 ++-- include/openssl/x509_vfy.h | 4 ++-- ssl/ssl_lib.c | 2 -- util/libcrypto.num | 2 +- util/libssl.num| 2 +- 9 files changed, 11 insertions(+), 29 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 10fd8d541d..241d6ca23c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -542,13 +542,6 @@ OpenSSL 3.0 - SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_store() - Also, the following functions are now deprecated: - - - X509_STORE_load_locations() (use X509_STORE_load_file(), - X509_STORE_load_path() or X509_STORE_load_store() instead) - - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(), - SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead) - *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index cb0f84a7e8..dec5f9d077 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri) return 1; } -/* Deprecated */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path) { @@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, return 0; return 1; } -#endif diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index d28ec4c867..ecc75b72e0 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); -Deprecated since OpenSSL 3.0, can be hidden entirely by defining -B with a suitable version value, see -L: - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); =head1 DESCRIPTION -SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), -SSL_CTX_load_verify_store() specifies the locations for B, at -which CA certificates for verification purposes are located. The -certificates available via B, B and B are -trusted. +SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(), +SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the +locations for B, at which CA certificates for verification purposes +are located. The certificates available via B, B and +B are trusted. SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index d41f2ae5a6..ce50e368e7 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -32,8 +32,6 @@ X509_STORE_load_locations int X509_STORE_load_path(X509_STORE *ctx, const char *dir); int X509_STORE_load_store(X509_STORE *ctx, const char *uri); -Deprecated: - int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d1e9f7957d..0973f0688d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); -DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -
Still Failing: openssl/openssl#35127 (master - dc18e4d)
Build Update for openssl/openssl - Build: #35127 Status: Still Failing Duration: 54 mins and 9 secs Commit: dc18e4d (master) Author: Dr. David von Oheimb Message: Make BIO_do_connect() and friends handle multiple IP addresses Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11971) View the changeset: https://github.com/openssl/openssl/compare/60d3b5b9ffb8...dc18e4ddfbd5 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693347994?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#35126 (master - 60d3b5b)
Build Update for openssl/openssl - Build: #35126 Status: Still Failing Duration: 47 mins and 28 secs Commit: 60d3b5b (master) Author: Hubert Kario Message: add FFDH to speed command the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: Hubert Kario Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10887) View the changeset: https://github.com/openssl/openssl/compare/082c041b4233...60d3b5b9ffb8 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693343777?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ec5aad1ca26599bcaddc3a03708fb925b21f3b6c (commit) from 7d76c1fa0d6cd085419cb4cfadad8cfdfd24ce1f (commit) - Log - commit ec5aad1ca26599bcaddc3a03708fb925b21f3b6c Author: Dr. David von Oheimb Date: Thu May 28 19:03:37 2020 +0200 Make BIO_do_connect() and friends handle multiple IP addresses Backport of #11971 Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11989) --- Summary of changes: crypto/bio/bss_conn.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index dd43a40601..f4c6b85728 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); -if (i) { +if (i != 0) { BIO_clear_retry_flags(b); +if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { +/* + * if there are more addresses to try, do that first + */ +BIO_closesocket(b->num); +c->state = BIO_CONN_S_CREATE_SOCKET; +ERR_clear_error(); +break; +} SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname,
[openssl] master update
The branch master has been updated via dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit) from 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 (commit) - Log - commit dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 Author: Dr. David von Oheimb Date: Wed May 27 12:16:53 2020 +0200 Make BIO_do_connect() and friends handle multiple IP addresses Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11971) --- Summary of changes: crypto/bio/bss_conn.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index d3bd33e957..31a5b58b7d 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -188,8 +188,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); -if (i) { +if (i != 0) { BIO_clear_retry_flags(b); +if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { +/* + * if there are more addresses to try, do that first + */ +BIO_closesocket(b->num); +c->state = BIO_CONN_S_CREATE_SOCKET; +ERR_clear_error(); +break; +} ERR_raise_data(ERR_LIB_SYS, i, "calling connect(%s, %s)", c->param_hostname, c->param_service);
[openssl] master update
The branch master has been updated via 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 (commit) from 082c041b4233b17b80129d4ac6b33a28014442b0 (commit) - Log - commit 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 Author: Hubert Kario Date: Sat Jan 18 19:13:02 2020 +0100 add FFDH to speed command the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: Hubert Kario Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10887) --- Summary of changes: apps/speed.c | 325 ++- 1 file changed, 320 insertions(+), 5 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index bd05631f30..f481b6b8fd 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -16,6 +16,7 @@ #define ECDH_SECONDS10 #define EdDSA_SECONDS 10 #define SM2_SECONDS 10 +#define FFDH_SECONDS10 /* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -98,6 +99,9 @@ # include # include "./testrsa.h" #endif +#ifndef OPENSSL_NO_DH +# include +#endif #include #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include @@ -125,6 +129,7 @@ #define MAX_MISALIGNMENT 63 #define MAX_ECDH_SIZE 256 #define MISALIGN64 +#define MAX_FFDH_SIZE 1024 typedef struct openssl_speed_sec_st { int sym; @@ -134,6 +139,7 @@ typedef struct openssl_speed_sec_st { int ecdh; int eddsa; int sm2; +int ffdh; } openssl_speed_sec_t; static volatile int run = 0; @@ -435,6 +441,22 @@ static const OPT_PAIR rsa_choices[RSA_NUM] = { static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DH +enum ff_params_t { +R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM +}; + +static const OPT_PAIR ffdh_choices[FFDH_NUM] = { +{"ffdh2048", R_FFDH_2048}, +{"ffdh3072", R_FFDH_3072}, +{"ffdh4096", R_FFDH_4096}, +{"ffdh6144", R_FFDH_6144}, +{"ffdh8192", R_FFDH_8192}, +}; + +static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_DH */ + #ifndef OPENSSL_NO_EC enum ec_curves_t { R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, @@ -561,6 +583,11 @@ typedef struct loopargs_st { unsigned char *secret_a; unsigned char *secret_b; size_t outlen[EC_NUM]; +#endif +#ifndef OPENSSL_NO_DH +EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM]; +unsigned char *secret_ff_a; +unsigned char *secret_ff_b; #endif EVP_CIPHER_CTX *ctx; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -1067,6 +1094,24 @@ static int RSA_verify_loop(void *args) } #endif +#ifndef OPENSSL_NO_DH +static long ffdh_c[FFDH_NUM][1]; + +static int FFDH_derive_key_loop(void *args) +{ +loopargs_t *tempargs = *(loopargs_t **) args; +EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; +unsigned char *derived_secret = tempargs->secret_ff_a; +size_t outlen = MAX_FFDH_SIZE; +int count; + +for (count = 0; COND(ffdh_c[testnum][0]); count++) +EVP_PKEY_derive(ffdh_ctx, derived_secret, ); + +return count; +} +#endif /* OPENSSL_NO_DH */ + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) @@ -1463,7 +1508,8 @@ int speed_main(int argc, char **argv) #endif openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, ECDSA_SECONDS, ECDH_SECONDS, -EdDSA_SECONDS, SM2_SECONDS }; +EdDSA_SECONDS, SM2_SECONDS, +FFDH_SECONDS }; /* What follows are the buffers and key material. */ #if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1521,6 +1567,23 @@ int speed_main(int argc, char **argv) uint8_t rsa_doit[RSA_NUM] = { 0 }; int primes = RSA_DEFAULT_PRIME_NUM; #endif +#ifndef OPENSSL_NO_DH +typedef struct ffdh_params_st { +const char *name; +unsigned int nid; +unsigned int bits; +} FFDH_PARAMS; + +static const FFDH_PARAMS ffdh_params[FFDH_NUM] = { +{"ffdh2048", NID_ffdhe2048, 2048}, +{"ffdh3072", NID_ffdhe3072, 3072}, +{"ffdh4096", NID_ffdhe4096, 4096}, +{"ffdh6144", NID_ffdhe6144, 6144}, +{"ffdh8192", NID_ffdhe8192, 8192} +}; +uint8_t ffdh_doit[FFDH_NUM] = { 0 }; + +#endif /* OPENSSL_NO_DH */ #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 80-test_ssl_new.t(Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 720 wallclock secs ( 8.44 usr 1.57 sys + 669.82 cusr 46.39 csys = 726.22 CPU) Result: FAIL Makefile:3098: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3096: recipe for target 'tests' failed make: *** [tests] Error 2