Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3
Build completed: openssl master.35490
Build openssl master.35490 completed Commit 013044da47 by Shane Lontis on 7/9/2020 1:19 PM: fixup! Add generated file. Configure your notification preferences
Build failed: openssl master.35489
Build openssl master.35489 failed Commit acb0f1279c by Benjamin Kaduk on 7/9/2020 9:29 PM: Avoid deprecated API in evp_test.c Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF #
Build failed: openssl master.35488
Build openssl master.35488 failed Commit d11af23593 by Richard Levitte on 7/9/2020 6:34 PM: fixup! TEST: Add new serializer and deserializer test Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # -- # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # -- # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf
Errored: openssl/openssl#36028 (master - 2957150)
Build Update for openssl/openssl - Build: #36028 Status: Errored Duration: 1 hr, 14 mins, and 13 secs Commit: 2957150 (master) Author: Shane Lontis Message: Fix wrong fipsinstall key used in test Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12402) View the changeset: https://github.com/openssl/openssl/compare/f6f159e7a133...295715047826 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175014878?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 2957150478260c8140eca389650956baa5195f15 (commit)
from f6f159e7a133d1b2f82a82fab3f8c357a07b574f (commit)
- Log -
commit 2957150478260c8140eca389650956baa5195f15
Author: Shane Lontis
Date: Thu Jul 9 23:04:02 2020 +1000
Fix wrong fipsinstall key used in test
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12402)
---
Summary of changes:
test/recipes/30-test_evp_libctx.t | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/recipes/30-test_evp_libctx.t
b/test/recipes/30-test_evp_libctx.t
index 8fcc71a1cd..0d0a762900 100644
--- a/test/recipes/30-test_evp_libctx.t
+++ b/test/recipes/30-test_evp_libctx.t
@@ -38,7 +38,6 @@ unless ($no_fips) {
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
'-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
- '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_sect'])),
"fipsinstall");
}
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 32adaca4a15a347f6f7a515c7ea9c76403c976f1 (commit)
from e1c246bd7682fd1b0fcbba5a224f3cacc1ba278d (commit)
- Log -
commit 32adaca4a15a347f6f7a515c7ea9c76403c976f1
Author: Glenn Strauss
Date: Fri Jun 5 17:14:08 2020 -0400
improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
improve reference implementation code in
SSL_CTX_set_tlsext_ticket_key_cb man page
change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys. Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c20
Use AES256 for the default encryption algorithm for TLS session tickets
add comments where user-implementation is needed to complete code
(backport from https://github.com/openssl/openssl/pull/12063)
Reviewed-by: Ben Kaduk
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12391)
---
Summary of changes:
doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 17 ++---
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index 43bddc51e8..d56c0c540b 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -136,6 +136,8 @@ Reference Implementation:
unsigned char *iv, EVP_CIPHER_CTX *ctx,
HMAC_CTX *hctx, int enc)
{
+ your_type_t *key; /* something that you need to implement */
+
if (enc) { /* create new session */
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
return -1; /* insufficient random */
@@ -154,21 +156,22 @@ Reference Implementation:
}
memcpy(key_name, key->name, 16);
- EVP_EncryptInit_ex(, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
- HMAC_Init_ex(, key->hmac_key, 16, EVP_sha256(), NULL);
+ EVP_EncryptInit_ex(, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
+ HMAC_Init_ex(, key->hmac_key, 32, EVP_sha256(), NULL);
return 1;
} else { /* retrieve session */
- key = findkey(name);
+ time_t t = time(NULL);
+ key = findkey(key_name); /* something that you need to implement */
- if (key == NULL || key->expire < now())
+ if (key == NULL || key->expire < t)
return 0;
- HMAC_Init_ex(, key->hmac_key, 16, EVP_sha256(), NULL);
- EVP_DecryptInit_ex(, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ HMAC_Init_ex(, key->hmac_key, 32, EVP_sha256(), NULL);
+ EVP_DecryptInit_ex(, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
- if (key->expire < now() - RENEW_TIME) {
+ if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */
/*
* return 2 - This session will get a new ticket even though the
* current one is still valid.
FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): 70-test_sslversions.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t(Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t(Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t(Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1)
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): C0E0CA35097F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0E0CA35097F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0E0CA35097F:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0E0CA35097F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E0CA35097F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0E0CA35097F:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E0CA35097F:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # -- # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C060DBCF907F:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' #
Errored: openssl/openssl#36004 (master - 63794b0)
Build Update for openssl/openssl - Build: #36004 Status: Errored Duration: 2 hrs, 34 mins, and 51 secs Commit: 63794b0 (master) Author: Shane Lontis Message: Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12176) View the changeset: https://github.com/openssl/openssl/compare/eae4a0083411...63794b048cbe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174909510?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
