Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Win compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bn/libcrypto-lib-rsaz_exp.d.tmp -MT crypto/bn/libcrypto-lib-rsaz_exp.o -c -o crypto/bn/libcrypto-lib-rsaz_exp.o ../openssl/crypto/bn/rsaz_exp.c CC="clang" /usr/bin/perl ../openssl/crypto/bn/asm/x86_64-gf2m.pl "elf" -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN
Build failed: openssl master.36119
Build openssl master.36119 failed Commit 67f6305fc8 by Richard Levitte on 8/10/2020 7:38 AM: fixup! CORE: Generalise internal pass phrase prompter Configure your notification preferences
Still Failing: openssl/openssl#36658 (master - dd0164e)
Build Update for openssl/openssl - Build: #36658 Status: Still Failing Duration: 59 mins and 35 secs Commit: dd0164e (master) Author: Benjamin Kaduk Message: Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/7274) View the changeset: https://github.com/openssl/openssl/compare/eeccc237239d...dd0164e7565b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179512208?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok
[openssl] master update
The branch master has been updated
via dd0164e7565bb14fac193aea4c2c37714bf66d56 (commit)
from eeccc237239d6f2b6fbc557be7062bfe2ab836be (commit)
- Log -
commit dd0164e7565bb14fac193aea4c2c37714bf66d56
Author: Benjamin Kaduk
Date: Wed Sep 19 21:14:04 2018 -0500
Mark SSL_CTX_set_ssl_version() as deprecated in 3.0
Also, document its unusual semantics of resetting the
cipher list (but preserving other configuration).
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/7274)
---
Summary of changes:
doc/man3/SSL_CTX_set_ssl_version.pod | 17 ++---
include/openssl/ssl.h| 2 +-
ssl/ssl_lib.c| 2 ++
util/libssl.num | 2 +-
4 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod
b/doc/man3/SSL_CTX_set_ssl_version.pod
index b41073112b..20efe0fbf7 100644
--- a/doc/man3/SSL_CTX_set_ssl_version.pod
+++ b/doc/man3/SSL_CTX_set_ssl_version.pod
@@ -16,9 +16,11 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method,
SSL_get_ssl_method
=head1 DESCRIPTION
SSL_CTX_set_ssl_version() sets a new default TLS/SSL B for SSL objects
-newly created from this B. SSL objects already created with
-L are not affected, except when
-L is being called.
+newly created from this B. Most of the configuration attached to the
+SSL_CTX object is retained, with the exception of the configured TLS ciphers,
+which are reset to the default values. SSL objects already created from this
+SSL_CTX with L are not affected, except when L is
+being called, as described below.
SSL_set_ssl_method() sets a new TLS/SSL B for a particular B
object. It may be reset, when SSL_clear() is called.
@@ -35,6 +37,11 @@ When L is called and no session is connected to
an SSL object, the method of the SSL object is reset to the method currently
set in the corresponding SSL_CTX object.
+SSL_CTX_set_version() has unusual semantics and no clear use case;
+it would usually be preferable to create a new SSL_CTX object than to
+try to reuse an existing one in this fashion. Its usage is considered
+deprecated.
+
=head1 RETURN VALUES
The following return values can occur for SSL_CTX_set_ssl_version()
@@ -58,6 +65,10 @@ L, L,
L, L,
L
+=head1 HISTORY
+
+SSL_CTX_set_ssl_version() was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index bc003bc4fa..0b17f22193 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1903,7 +1903,7 @@ __owur int SSL_get_error(const SSL *s, int ret_code);
__owur const char *SSL_get_version(const SSL *s);
/* This sets the 'default' SSL version that SSL_new() will create */
-__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+DEPRECATEDIN_3_0(__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const
SSL_METHOD *meth))
# ifndef OPENSSL_NO_SSL3_METHOD
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 63a7433be4..f957664a48 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -642,6 +642,7 @@ int SSL_clear(SSL *s)
return 1;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/** Used to change an SSL_CTXs default SSL method type */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
@@ -664,6 +665,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD
*meth)
}
return 1;
}
+#endif
SSL *SSL_new(SSL_CTX *ctx)
{
diff --git a/util/libssl.num b/util/libssl.num
index 1758525038..45ff6ed00a 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -239,7 +239,7 @@ DTLSv1_method 239 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_1
SSL_set0_wbio 2403_0_0 EXIST::FUNCTION:
SSL_read2413_0_0 EXIST::FUNCTION:
SSL_CTX_get_options 2423_0_0 EXIST::FUNCTION:
-SSL_CTX_set_ssl_version 2433_0_0 EXIST::FUNCTION:
+SSL_CTX_set_ssl_version 2433_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
SSL_set_SSL_CTX 2443_0_0 EXIST::FUNCTION:
SSL_renegotiate_abbreviated 2453_0_0 EXIST::FUNCTION:
SSL_get_verify_mode 2463_0_0 EXIST::FUNCTION:
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists e3efe7a532 Add public API for gettables and settables for keymanagement, signatures and key exchange. af88e64a98 Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. 7c9a7cf127 Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 1017ab21e4 provider: add the unused paramater tag to the gettable and settable functions 520150151b Expose S390x HW ciphers' IV state to provider layer bdc0df8ab5 Avoid deprecated API in evp_test.c f43c947dd9 Avoid deprecated function in evp_lib.c 2f5c405a16 Use local IV storage in EVP BLOCK_* macros d91f902d73 Use local IV storage in e_rc2.c acb30f4b59 Use local IV storage in e_xcbc_d.c 1453d736b5 Use local IV storage in e_sm4.c c4d21d2f71 Use local IV storage in e_des3.c 36025d3b87 Use local IV storage in e_des.c 2c533a71c6 Use local IV storage in e_camellia.c ddce5c29f5 Use local IV storage in e_aria.c d3308027e9 Use local IV storage in e_aes_ebc_hmac_sha256.c 18a49e168f Use local IV storage in e_aes_ebc_hmac_sha1.c 9197c226ea Use local IV storage in e_aes.c 37322687b0 Retire EVP_CTRL_GET_IV c76ffc78a5 Document EVP_CIPHER_CTX IV accessors ef58f9af93 Make GCM providers more generous about fetching IVs 440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors 79f4417ed9 Deprecate and replace EVP_CIPHER_CTX_iv()/etc. 8489026850 Support cipher provider "iv state" 31d2daecb3 Add DHX serialization 116d2510f7 Add dh_kdf support to provider 627c220311 Add DHX support to keymanager 36b778fbb7 README.md: remove incorrect link to openssl.github.io 0799b79a45 README.md: replace incorrect access token for the AppVeyor badge 33b4f73145 conf: add an error if the openssl_conf section isn't found. 711ae5d359 Remove a TODO from evp_test cd0a4998a0 Extend the EVP_PKEY KDF to KDF provider bridge to the FIPS provider 9d1ae03caa Minimise the size of the macros in kdf_exch.c 74fc579a12 Update KDF documentation 1704752be6 Delete old KDF bridge EVP_PKEY_METHODS 194de849cc Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 05d2f72e79 Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF ac2d58c72b Implement a EVP_PKEY KDF to KDF provider bridge 23f04372f4 Initial Apple Silicon support. c23add3676 Fix memory leak in drbgtest Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8057DEA66F7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047915E427F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047915E427F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt #
Build completed: openssl master.36109
Build openssl master.36109 completed
Commit f22e691bb8 by Dr. David von Oheimb on 6/4/2020 8:23 AM:
Remove needless #ifndef OPENSSL_NO_SOCK for X509_{CRL_}load_http
Configure your notification preferences
Build failed: openssl master.36108
Build openssl master.36108 failed Commit 776cd9822c by Matt Caswell on 8/12/2020 1:41 PM: Extend test_CMAC_keygen in evp_extra_test Configure your notification preferences
Still Failing: openssl/openssl#36647 (master - eeccc23)
Build Update for openssl/openssl - Build: #36647 Status: Still Failing Duration: 1 hr, 40 mins, and 46 secs Commit: eeccc23 (master) Author: Dr. David von Oheimb Message: Introduce X509_add_cert[s] simplifying various additions to cert lists Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12615) View the changeset: https://github.com/openssl/openssl/compare/e3efe7a53299...eeccc237239d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/179419666?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via eeccc237239d6f2b6fbc557be7062bfe2ab836be (commit)
from e3efe7a53299dff3cd542b6a999b1360d626 (commit)
- Log -
commit eeccc237239d6f2b6fbc557be7062bfe2ab836be
Author: Dr. David von Oheimb
Date: Sun Apr 26 18:30:45 2020 +0200
Introduce X509_add_cert[s] simplifying various additions to cert lists
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12615)
---
Summary of changes:
apps/cmp.c | 56 ++-
crypto/cmp/cmp_ctx.c | 3 +-
crypto/cmp/cmp_local.h | 6 +-
crypto/cmp/cmp_msg.c | 3 +-
crypto/cmp/cmp_protect.c | 14 +++--
crypto/cmp/cmp_util.c | 61 ++---
crypto/cmp/cmp_vfy.c | 21 +--
crypto/cms/cms_lib.c | 9 +--
crypto/cms/cms_sd.c| 9 +--
crypto/ocsp/ocsp_cl.c | 9 +--
crypto/ocsp/ocsp_local.h | 2 +
crypto/ocsp/ocsp_srv.c | 9 +--
crypto/ocsp/ocsp_vfy.c | 9 +--
crypto/pkcs12/p12_kiss.c | 9 +--
crypto/pkcs7/pk7_lib.c | 15 +
crypto/ts/ts_conf.c| 9 ++-
crypto/x509/x509_cmp.c | 56 +++
crypto/x509/x509_lu.c | 19 ++-
crypto/x509/x509_vfy.c | 39 ++---
...cert.pod => ossl_cmp_X509_STORE_add1_certs.pod} | 22 +---
doc/man3/X509_add_cert.pod | 64 ++
include/crypto/x509.h | 3 +-
include/openssl/x509.h | 8 +++
test/cmp_vfy_test.c| 4 +-
util/libcrypto.num | 2 +
25 files changed, 209 insertions(+), 252 deletions(-)
rename doc/internal/man3/{ossl_cmp_sk_X509_add1_cert.pod =>
ossl_cmp_X509_STORE_add1_certs.pod} (53%)
create mode 100644 doc/man3/X509_add_cert.pod
diff --git a/apps/cmp.c b/apps/cmp.c
index 01c5394344..f0b3148714 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -603,54 +603,6 @@ static int print_to_bio_out(const char *func, const char
*file, int line,
return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg);
}
-/* code duplicated from crypto/cmp/cmp_util.c */
-static int sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert,
- int no_dup, int prepend)
-{
-if (no_dup) {
-/*
- * not using sk_X509_set_cmp_func() and sk_X509_find()
- * because this re-orders the certs on the stack
- */
-int i;
-
-for (i = 0; i < sk_X509_num(sk); i++) {
-if (X509_cmp(sk_X509_value(sk, i), cert) == 0)
-return 1;
-}
-}
-if (!X509_up_ref(cert))
-return 0;
-if (!sk_X509_insert(sk, cert, prepend ? 0 : -1)) {
-X509_free(cert);
-return 0;
-}
-return 1;
-}
-
-/* code duplicated from crypto/cmp/cmp_util.c */
-static int sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
- int no_self_signed, int no_dups, int prepend)
-/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed
*/
-{
-int i;
-
-if (sk == NULL)
-return 0;
-if (certs == NULL)
-return 1;
-for (i = 0; i < sk_X509_num(certs); i++) {
-X509 *cert = sk_X509_value(certs, i);
-
-if (!no_self_signed || X509_check_issued(cert, cert) != X509_V_OK) {
-if (!sk_X509_add1_cert(sk, cert, no_dups, prepend))
-return 0;
-}
-}
-return 1;
-}
-
-/* TODO potentially move to apps/lib/apps.c */
static char *next_item(char *opt) /* in list separated by comma and/or space */
{
/* advance to separator (comma or whitespace), if any */
@@ -1210,7 +1162,8 @@ static STACK_OF(X509) *load_certs_multifile(char *files,
if (!load_certs_autofmt(files, , 0, pass, desc))
goto err;
-if (!sk_X509_add1_certs(result, certs, 0, 1 /* no dups */, 0))
+if (!X509_add_certs(result, certs,
+X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto oom;
sk_X509_pop_free(certs, X509_free);
certs = NULL;
@@ -1787,8 +1740,9 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE
*engine)
/* add any remaining certs to the list of untrusted certs */
STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted_certs(ctx);
ok =
