Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Win compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bn/libcrypto-lib-rsaz_exp.d.tmp -MT crypto/bn/libcrypto-lib-rsaz_exp.o -c -o crypto/bn/libcrypto-lib-rsaz_exp.o ../openssl/crypto/bn/rsaz_exp.c CC="clang" /usr/bin/perl ../openssl/crypto/bn/asm/x86_64-gf2m.pl "elf" -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN
Build failed: openssl master.36119
Build openssl master.36119 failed Commit 67f6305fc8 by Richard Levitte on 8/10/2020 7:38 AM: fixup! CORE: Generalise internal pass phrase prompter Configure your notification preferences
Still Failing: openssl/openssl#36658 (master - dd0164e)
Build Update for openssl/openssl - Build: #36658 Status: Still Failing Duration: 59 mins and 35 secs Commit: dd0164e (master) Author: Benjamin Kaduk Message: Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/7274) View the changeset: https://github.com/openssl/openssl/compare/eeccc237239d...dd0164e7565b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179512208?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok
[openssl] master update
The branch master has been updated via dd0164e7565bb14fac193aea4c2c37714bf66d56 (commit) from eeccc237239d6f2b6fbc557be7062bfe2ab836be (commit) - Log - commit dd0164e7565bb14fac193aea4c2c37714bf66d56 Author: Benjamin Kaduk Date: Wed Sep 19 21:14:04 2018 -0500 Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/7274) --- Summary of changes: doc/man3/SSL_CTX_set_ssl_version.pod | 17 ++--- include/openssl/ssl.h| 2 +- ssl/ssl_lib.c| 2 ++ util/libssl.num | 2 +- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod index b41073112b..20efe0fbf7 100644 --- a/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/doc/man3/SSL_CTX_set_ssl_version.pod @@ -16,9 +16,11 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method =head1 DESCRIPTION SSL_CTX_set_ssl_version() sets a new default TLS/SSL B for SSL objects -newly created from this B. SSL objects already created with -L are not affected, except when -L is being called. +newly created from this B. Most of the configuration attached to the +SSL_CTX object is retained, with the exception of the configured TLS ciphers, +which are reset to the default values. SSL objects already created from this +SSL_CTX with L are not affected, except when L is +being called, as described below. SSL_set_ssl_method() sets a new TLS/SSL B for a particular B object. It may be reset, when SSL_clear() is called. @@ -35,6 +37,11 @@ When L is called and no session is connected to an SSL object, the method of the SSL object is reset to the method currently set in the corresponding SSL_CTX object. +SSL_CTX_set_version() has unusual semantics and no clear use case; +it would usually be preferable to create a new SSL_CTX object than to +try to reuse an existing one in this fashion. Its usage is considered +deprecated. + =head1 RETURN VALUES The following return values can occur for SSL_CTX_set_ssl_version() @@ -58,6 +65,10 @@ L, L, L, L, L +=head1 HISTORY + +SSL_CTX_set_ssl_version() was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bc003bc4fa..0b17f22193 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1903,7 +1903,7 @@ __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ -__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); +DEPRECATEDIN_3_0(__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)) # ifndef OPENSSL_NO_SSL3_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 63a7433be4..f957664a48 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -642,6 +642,7 @@ int SSL_clear(SSL *s) return 1; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Used to change an SSL_CTXs default SSL method type */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { @@ -664,6 +665,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) } return 1; } +#endif SSL *SSL_new(SSL_CTX *ctx) { diff --git a/util/libssl.num b/util/libssl.num index 1758525038..45ff6ed00a 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -239,7 +239,7 @@ DTLSv1_method 239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1 SSL_set0_wbio 2403_0_0 EXIST::FUNCTION: SSL_read2413_0_0 EXIST::FUNCTION: SSL_CTX_get_options 2423_0_0 EXIST::FUNCTION: -SSL_CTX_set_ssl_version 2433_0_0 EXIST::FUNCTION: +SSL_CTX_set_ssl_version 2433_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 SSL_set_SSL_CTX 2443_0_0 EXIST::FUNCTION: SSL_renegotiate_abbreviated 2453_0_0 EXIST::FUNCTION: SSL_get_verify_mode 2463_0_0 EXIST::FUNCTION:
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8057DEA66F7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047915E427F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047915E427F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt #
Build completed: openssl master.36109
Build openssl master.36109 completed Commit f22e691bb8 by Dr. David von Oheimb on 6/4/2020 8:23 AM: Remove needless #ifndef OPENSSL_NO_SOCK for X509_{CRL_}load_http Configure your notification preferences
Build failed: openssl master.36108
Build openssl master.36108 failed Commit 776cd9822c by Matt Caswell on 8/12/2020 1:41 PM: Extend test_CMAC_keygen in evp_extra_test Configure your notification preferences
Still Failing: openssl/openssl#36647 (master - eeccc23)
Build Update for openssl/openssl - Build: #36647 Status: Still Failing Duration: 1 hr, 40 mins, and 46 secs Commit: eeccc23 (master) Author: Dr. David von Oheimb Message: Introduce X509_add_cert[s] simplifying various additions to cert lists Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12615) View the changeset: https://github.com/openssl/openssl/compare/e3efe7a53299...eeccc237239d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179419666?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via eeccc237239d6f2b6fbc557be7062bfe2ab836be (commit) from e3efe7a53299dff3cd542b6a999b1360d626 (commit) - Log - commit eeccc237239d6f2b6fbc557be7062bfe2ab836be Author: Dr. David von Oheimb Date: Sun Apr 26 18:30:45 2020 +0200 Introduce X509_add_cert[s] simplifying various additions to cert lists Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12615) --- Summary of changes: apps/cmp.c | 56 ++- crypto/cmp/cmp_ctx.c | 3 +- crypto/cmp/cmp_local.h | 6 +- crypto/cmp/cmp_msg.c | 3 +- crypto/cmp/cmp_protect.c | 14 +++-- crypto/cmp/cmp_util.c | 61 ++--- crypto/cmp/cmp_vfy.c | 21 +-- crypto/cms/cms_lib.c | 9 +-- crypto/cms/cms_sd.c| 9 +-- crypto/ocsp/ocsp_cl.c | 9 +-- crypto/ocsp/ocsp_local.h | 2 + crypto/ocsp/ocsp_srv.c | 9 +-- crypto/ocsp/ocsp_vfy.c | 9 +-- crypto/pkcs12/p12_kiss.c | 9 +-- crypto/pkcs7/pk7_lib.c | 15 + crypto/ts/ts_conf.c| 9 ++- crypto/x509/x509_cmp.c | 56 +++ crypto/x509/x509_lu.c | 19 ++- crypto/x509/x509_vfy.c | 39 ++--- ...cert.pod => ossl_cmp_X509_STORE_add1_certs.pod} | 22 +--- doc/man3/X509_add_cert.pod | 64 ++ include/crypto/x509.h | 3 +- include/openssl/x509.h | 8 +++ test/cmp_vfy_test.c| 4 +- util/libcrypto.num | 2 + 25 files changed, 209 insertions(+), 252 deletions(-) rename doc/internal/man3/{ossl_cmp_sk_X509_add1_cert.pod => ossl_cmp_X509_STORE_add1_certs.pod} (53%) create mode 100644 doc/man3/X509_add_cert.pod diff --git a/apps/cmp.c b/apps/cmp.c index 01c5394344..f0b3148714 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -603,54 +603,6 @@ static int print_to_bio_out(const char *func, const char *file, int line, return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); } -/* code duplicated from crypto/cmp/cmp_util.c */ -static int sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, - int no_dup, int prepend) -{ -if (no_dup) { -/* - * not using sk_X509_set_cmp_func() and sk_X509_find() - * because this re-orders the certs on the stack - */ -int i; - -for (i = 0; i < sk_X509_num(sk); i++) { -if (X509_cmp(sk_X509_value(sk, i), cert) == 0) -return 1; -} -} -if (!X509_up_ref(cert)) -return 0; -if (!sk_X509_insert(sk, cert, prepend ? 0 : -1)) { -X509_free(cert); -return 0; -} -return 1; -} - -/* code duplicated from crypto/cmp/cmp_util.c */ -static int sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_signed, int no_dups, int prepend) -/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ -{ -int i; - -if (sk == NULL) -return 0; -if (certs == NULL) -return 1; -for (i = 0; i < sk_X509_num(certs); i++) { -X509 *cert = sk_X509_value(certs, i); - -if (!no_self_signed || X509_check_issued(cert, cert) != X509_V_OK) { -if (!sk_X509_add1_cert(sk, cert, no_dups, prepend)) -return 0; -} -} -return 1; -} - -/* TODO potentially move to apps/lib/apps.c */ static char *next_item(char *opt) /* in list separated by comma and/or space */ { /* advance to separator (comma or whitespace), if any */ @@ -1210,7 +1162,8 @@ static STACK_OF(X509) *load_certs_multifile(char *files, if (!load_certs_autofmt(files, , 0, pass, desc)) goto err; -if (!sk_X509_add1_certs(result, certs, 0, 1 /* no dups */, 0)) +if (!X509_add_certs(result, certs, +X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto oom; sk_X509_pop_free(certs, X509_free); certs = NULL; @@ -1787,8 +1740,9 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) /* add any remaining certs to the list of untrusted certs */ STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted_certs(ctx); ok =