Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare
Still Failing: openssl/openssl#37100 (master - 6f04bcc)
Build Update for openssl/openssl - Build: #37100 Status: Still Failing Duration: 1 hr, 13 mins, and 46 secs Commit: 6f04bcc (master) Author: Daniel Bevenius Message: Fix typo in FIPS_MODULE endif macro comment Reviewed-by: David von Oheimb Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12755) View the changeset: https://github.com/openssl/openssl/compare/1010e4ac9743...6f04bcc7e3b2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182517654?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report
[openssl] master update
The branch master has been updated via 6f04bcc7e3b258f4a075279515881b13bd3fd04c (commit) from 1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit) - Log - commit 6f04bcc7e3b258f4a075279515881b13bd3fd04c Author: Daniel Bevenius Date: Mon Aug 31 08:07:13 2020 +0200 Fix typo in FIPS_MODULE endif macro comment Reviewed-by: David von Oheimb Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12755) --- Summary of changes: crypto/rsa/rsa_gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 1cdc8d91e8..b7a37b77a2 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -66,7 +66,7 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, else return 0; } -#endif /* FIPS_MODUKE */ +#endif /* FIPS_MODULE */ return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0); }
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80A73B9D367F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8007C335B47F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8007C335B47F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt # -- ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # -- # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t
Still Failing: openssl/openssl#37099 (master - 1010e4a)
Build Update for openssl/openssl - Build: #37099 Status: Still Failing Duration: 1 hr, 14 mins, and 0 secs Commit: 1010e4a (master) Author: Todd Short Message: Fix post-condition in algorithm_do_this Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) View the changeset: https://github.com/openssl/openssl/compare/2c0e356ef7fd...1010e4ac9743 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182507003?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit) via 2b748d722b6ac560d122ea2dcf8d09fe6f03124b (commit) from 2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit) - Log - commit 1010e4ac9743a273d12e4f7c49959607aa4f6403 Author: Todd Short Date: Tue Sep 1 14:50:03 2020 -0400 Fix post-condition in algorithm_do_this Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) commit 2b748d722b6ac560d122ea2dcf8d09fe6f03124b Author: Todd Short Date: Mon Aug 31 19:59:43 2020 -0400 Fix use of OPENSSL_realloc in provider Fix OPENSSL_realloc failure case; `provider->operation_bits` memory is lost when `OPENSSL_realloc()` returns NULL. `operation_bits_sz` is never set to the length of the allocated array. This means that operation_bits is always reallocated in `ossl_provider_set_operation_bit()`, possibly shrinking the array. In addition, it means that the `memset()` always zeros out the whole reallocated array, not just the new part. Also, because `operation_bits_sz` is always zero, the value of `*result` in `ossl_provider_test_operation_bit()` will always be zero. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) --- Summary of changes: crypto/core_algorithm.c | 8 crypto/provider_core.c | 9 ++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index f4a20cb2d1..68d6129598 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -31,7 +31,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) int first_operation = 1; int last_operation = OSSL_OP__HIGHEST; int cur_operation; -int ok = 0; +int ok = 1; if (data->operation_id != 0) first_operation = last_operation = data->operation_id; @@ -77,9 +77,9 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) return 0; } -/* If post-condition fulfilled, set general success */ -if (ret) -ok = 1; +/* If post-condition not fulfilled, set general failure */ +if (!ret) +ok = 0; } return ok; diff --git a/crypto/provider_core.c b/crypto/provider_core.c index a714a71681..f282071e2d 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -875,14 +875,17 @@ int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) unsigned char bit = (1 << (bitnum % 8)) & 0xFF; if (provider->operation_bits_sz <= byte) { -provider->operation_bits = OPENSSL_realloc(provider->operation_bits, - byte + 1); -if (provider->operation_bits == NULL) { +unsigned char *tmp = OPENSSL_realloc(provider->operation_bits, + byte + 1); + +if (tmp == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } +provider->operation_bits = tmp; memset(provider->operation_bits + provider->operation_bits_sz, '\0', byte + 1 - provider->operation_bits_sz); +provider->operation_bits_sz = byte + 1; } provider->operation_bits[byte] |= bit; return 1;
Still Failing: openssl/openssl#37083 (master - 2c0e356)
Build Update for openssl/openssl - Build: #37083 Status: Still Failing Duration: 1 hr, 20 mins, and 23 secs Commit: 2c0e356 (master) Author: Dr. David von Oheimb Message: apps/cmp.c: Clean up loading of certificates and CRLs Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12751) View the changeset: https://github.com/openssl/openssl/compare/ef0f01c0afc8...2c0e356ef7fd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182417372?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit) from ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit) - Log - commit 2c0e356ef7fdbb117c9294b57deb67be66db3470 Author: Dr. David von Oheimb Date: Fri Aug 28 15:30:23 2020 +0200 apps/cmp.c: Clean up loading of certificates and CRLs Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12751) --- Summary of changes: apps/cmp.c | 177 +--- doc/man1/openssl-cmp.pod.in | 2 +- 2 files changed, 67 insertions(+), 112 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 4a8b6e75fb..4d6acdd499 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -303,7 +303,7 @@ const OPTIONS cmp_options[] = { {OPT_MORE_STR, 0, 0, "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"}, {"csr", OPT_CSR, 's', - "CSR file in PKCS#10 format to use in p10cr for legacy support"}, + "PKCS#10 CSR file in PEM or DER format to use in p10cr for legacy support"}, {"out_trusted", OPT_OUT_TRUSTED, 's', "Certificates to trust when verifying newly enrolled certificates"}, {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', @@ -653,42 +653,6 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) return cert; } -/* TODO potentially move this and related functions to apps/lib/apps.c */ -static int adjust_format(const char **infile, int format, int engine_ok) -{ -if (!strncasecmp(*infile, "http://;, 7) -|| !strncasecmp(*infile, "https://;, 8)) { -format = FORMAT_HTTP; -} else if (engine_ok && strncasecmp(*infile, "engine:", 7) == 0) { -*infile += 7; -format = FORMAT_ENGINE; -} else { -if (strncasecmp(*infile, "file:", 5) == 0) -*infile += 5; -/* - * the following is a heuristic whether first to try PEM or DER - * or PKCS12 as the input format for files - */ -if (strlen(*infile) >= 4) { -const char *extension = *infile + strlen(*infile) - 4; - -if (strncasecmp(extension, ".crt", 4) == 0 -|| strncasecmp(extension, ".pem", 4) == 0) -/* weak recognition of PEM format */ -format = FORMAT_PEM; -else if (strncasecmp(extension, ".cer", 4) == 0 - || strncasecmp(extension, ".der", 4) == 0) -/* weak recognition of DER format */ -format = FORMAT_ASN1; -else if (strncasecmp(extension, ".p12", 4) == 0) -/* weak recognition of PKCS#12 format */ -format = FORMAT_PKCS12; -/* else retain given format */ -} -} -return format; -} - /* * TODO potentially move this and related functions to apps/lib/ * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL @@ -697,18 +661,13 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) { X509_REQ *csr; BIO *bio_bak = bio_err; -int can_retry; -int format = adjust_format(, FORMAT_PEM, 0); -can_retry = format == FORMAT_PEM || format == FORMAT_ASN1; -if (can_retry) -bio_err = NULL; /* do not show errors on more than one try */ -csr = load_csr(infile, format, desc); +bio_err = NULL; /* do not show errors on more than one try */ +csr = load_csr(infile, FORMAT_PEM, desc); bio_err = bio_bak; -if (csr == NULL && can_retry) { +if (csr == NULL) { ERR_clear_error(); -format = (format == FORMAT_PEM ? FORMAT_ASN1 : FORMAT_PEM); -csr = load_csr(infile, format, desc); +csr = load_csr(infile, FORMAT_ASN1, desc); } if (csr == NULL) { ERR_print_errors(bio_err); @@ -718,43 +677,59 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) return csr; } -static void warn_certs_expired(const char *file, STACK_OF(X509) **certs) +static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) { -int i, res; -X509 *cert; -char *subj; +char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + +CMP_warn3("certificate from '%s' with subject '%s' %s", uri, subj, msg); +OPENSSL_free(subj); +} -for (i = 0; i < sk_X509_num(*certs); i++) { -cert = sk_X509_value(*certs, i); -res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), +static void warn_cert(const char *uri, X509 *cert, int warn_EE) +{ +int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), X509_get0_notAfter(cert)); -if (res != 0) { -subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); -CMP_warn3("certificate from '%s' with subject '%s' %s",
Still Failing: openssl/openssl#37081 (master - ef0f01c)
Build Update for openssl/openssl - Build: #37081 Status: Still Failing Duration: 1 hr, 24 mins, and 8 secs Commit: ef0f01c (master) Author: Jon Spillett Message: Avoid uninitialised variable warning for jobs Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12762) View the changeset: https://github.com/openssl/openssl/compare/1a5ae1da14f2...ef0f01c0afc8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182371724?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit) from 1a5ae1da14f24a170c200c653c8b81e4a2966d3e (commit) - Log - commit ef0f01c0afc84c85f07d739d77f04a29e7739cd6 Author: Jon Spillett Date: Tue Sep 1 13:13:09 2020 +1000 Avoid uninitialised variable warning for jobs Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12762) --- Summary of changes: test/run_tests.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/run_tests.pl b/test/run_tests.pl index 2b05ddcbb0..14e195b468 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -31,7 +31,7 @@ my $srctop = $ENV{SRCTOP} || $ENV{TOP}; my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -my $jobs = $ENV{HARNESS_JOBS}; +my $jobs = $ENV{HARNESS_JOBS} // 1; $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); @@ -46,7 +46,7 @@ my %tapargs = merge => 1, ); -$tapargs{jobs} = $jobs if defined $jobs; +$tapargs{jobs} = $jobs if $jobs > 1; # Additional OpenSSL special TAP arguments. Because we can't pass them via # TAP::Harness->new(), they will be accessed directly, see the @@ -57,7 +57,7 @@ $openssl_args{'failure_verbosity'} = $ENV{HARNESS_VERBOSE} ? 0 : $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} ? 2 : 1; # $ENV{HARNESS_VERBOSE_FAILURE} print "Warning: HARNESS_JOBS > 1 overrides HARNESS_VERBOSE\n" -if $ENV{HARNESS_JOBS} > 1; +if $jobs > 1; print "Warning: HARNESS_VERBOSE overrides HARNESS_VERBOSE_FAILURE*\n" if ($ENV{HARNESS_VERBOSE} && ($ENV{HARNESS_VERBOSE_FAILURE} || $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS}));