Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms

2020-09-02 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-cms

Commit log since last time:

2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs
ef0f01c0af Avoid uninitialised variable warning for jobs
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in 
crypto/cmp
807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop
72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp 
data.
ab114c6dde Fix two issues with AES-CCM KTLS tests.
18efb63016 Skip tests using KTLS RX for TLS 1.3.
cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported.
eb818d23c2 Refactor the KTLS tests to minimize code duplication.
c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c.
b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3.
3c1641e8e8 Don't check errno if ktls_read_record() returned 0.
0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
3e5826061b Add helper functions for FreeBSD KTLS.
c34ca13a60 Add a ktls_crypto_info_t typedef.
23e77b0ba3 Update test data for DSA public key text
e2e46dfa8c Add the correct enum value for DSA public key serialization

Build log ended with (last 100 lines):

clang  -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-handshake_helper.d.tmp -MT 
test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o 
../openssl/test/handshake_helper.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o 
test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c
clang  -Iinclude -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o 
test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c
clang  -Iinclude -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT 
test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o 
test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare

Still Failing: openssl/openssl#37100 (master - 6f04bcc)

2020-09-02 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #37100
Status: Still Failing

Duration: 1 hr, 13 mins, and 46 secs
Commit: 6f04bcc (master)
Author: Daniel Bevenius
Message: Fix typo in FIPS_MODULE endif macro comment

Reviewed-by: David von Oheimb 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12755)

View the changeset: 
https://github.com/openssl/openssl/compare/1010e4ac9743...6f04bcc7e3b2

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/182517654?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit

2020-09-02 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit

Commit log since last time:

2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs
ef0f01c0af Avoid uninitialised variable warning for jobs
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in 
crypto/cmp
807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop
72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp 
data.
ab114c6dde Fix two issues with AES-CCM KTLS tests.
18efb63016 Skip tests using KTLS RX for TLS 1.3.
cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported.
eb818d23c2 Refactor the KTLS tests to minimize code duplication.
c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c.
b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3.
3c1641e8e8 Don't check errno if ktls_read_record() returned 0.
0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
3e5826061b Add helper functions for FreeBSD KTLS.
c34ca13a60 Add a ktls_crypto_info_t typedef.
23e77b0ba3 Update test data for DSA public key text
e2e46dfa8c Add the correct enum value for DSA public key serialization

Build log ended with (last 100 lines):

65-test_cmp_status.t ... ok
65-test_cmp_vfy.t .. ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz.t . ok

Test Summary Report

[openssl] master update

2020-09-02 Thread shane . lontis 
The branch master has been updated
   via  6f04bcc7e3b258f4a075279515881b13bd3fd04c (commit)
  from  1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit)


- Log -
commit 6f04bcc7e3b258f4a075279515881b13bd3fd04c
Author: Daniel Bevenius 
Date:   Mon Aug 31 08:07:13 2020 +0200

Fix typo in FIPS_MODULE endif macro comment

Reviewed-by: David von Oheimb 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/12755)

---

Summary of changes:
 crypto/rsa/rsa_gen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 1cdc8d91e8..b7a37b77a2 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -66,7 +66,7 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int 
primes,
 else
 return 0;
 }
-#endif /* FIPS_MODUKE */
+#endif /* FIPS_MODULE */
 return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0);
 }

Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT

2020-09-02 Thread OpenSSL run-checker 
Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared 
-DOPENSSL_SMALL_FOOTPRINT

Commit log since last time:

2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs
ef0f01c0af Avoid uninitialised variable warning for jobs
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in 
crypto/cmp
807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop
72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp 
data.
ab114c6dde Fix two issues with AES-CCM KTLS tests.
18efb63016 Skip tests using KTLS RX for TLS 1.3.
cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported.
eb818d23c2 Refactor the KTLS tests to minimize code duplication.
c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c.
b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3.
3c1641e8e8 Don't check errno if ktls_read_record() returned 0.
0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
3e5826061b Add helper functions for FreeBSD KTLS.
c34ca13a60 Add a ktls_crypto_info_t typedef.
23e77b0ba3 Update test data for DSA public key text
e2e46dfa8c Add the correct enum value for DSA public key serialization

Build log ended with (last 100 lines):

# Server sent alert unexpected_message but client received no alert.
# 80A73B9D367F:error::SSL routines::unexpected 
message:../openssl/ssl/statem/statem_srvr.c:318:
not ok 9 - iteration 9
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1
not ok 6 - running ssl_test 25-cipher.cnf
# --
# Looks like you failed 2 tests of 9.
not ok 26 - Test configuration 25-cipher.cnf
# --
# Looks like you failed 1 test of 31.80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/31 subtests 
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok

# INFO:  @ ../openssl/test/sslcorrupttest.c:199
# Starting #2, ECDHE-RSA-CHACHA20-POLY1305
# ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' 
failed @ ../openssl/test/ssltestlib.c:1032
# [1] compared to [2]
# ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) 
== true' failed @ ../openssl/test/sslcorrupttest.c:229
# false
# 8007C335B47F:error::SSL routines::unexpected 
message:../openssl/ssl/statem/statem_clnt.c:403:
not ok 3 - iteration 3
# --
# INFO:  @ ../openssl/test/sslcorrupttest.c:199
# Starting #3, DHE-RSA-CHACHA20-POLY1305
# ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' 
failed @ ../openssl/test/ssltestlib.c:1032
# [1] compared to [2]
# ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) 
== true' failed @ ../openssl/test/sslcorrupttest.c:229
# false
# 8007C335B47F:error::SSL routines::unexpected 
message:../openssl/ssl/statem/statem_clnt.c:403:
not ok 4 - iteration 4
# --
not ok 1 - test_ssl_corrupt
# --
../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem 
../../../openssl/apps/server.pem => 1
not ok 1 - running sslcorrupttest
# --
#   Failed test 'running sslcorrupttest'
#   at ../openssl/test/recipes/80-test_sslcorrupt.t line 19.
# Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: GOST support is disabled in this 
OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t

Still Failing: openssl/openssl#37099 (master - 1010e4a)

2020-09-02 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #37099
Status: Still Failing

Duration: 1 hr, 14 mins, and 0 secs
Commit: 1010e4a (master)
Author: Todd Short
Message: Fix post-condition in algorithm_do_this

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/12760)

View the changeset: 
https://github.com/openssl/openssl/compare/2c0e356ef7fd...1010e4ac9743

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/182507003?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2020-09-02 Thread kaduk 
The branch master has been updated
   via  1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit)
   via  2b748d722b6ac560d122ea2dcf8d09fe6f03124b (commit)
  from  2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit)


- Log -
commit 1010e4ac9743a273d12e4f7c49959607aa4f6403
Author: Todd Short 
Date:   Tue Sep 1 14:50:03 2020 -0400

Fix post-condition in algorithm_do_this

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/12760)

commit 2b748d722b6ac560d122ea2dcf8d09fe6f03124b
Author: Todd Short 
Date:   Mon Aug 31 19:59:43 2020 -0400

Fix use of OPENSSL_realloc in provider

Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.

`operation_bits_sz` is never set to the length of the allocated array.
This means that operation_bits is always reallocated in
`ossl_provider_set_operation_bit()`, possibly shrinking the array.
In addition, it means that the `memset()` always zeros out the
whole reallocated array, not just the new part. Also, because
`operation_bits_sz` is always zero, the value of `*result` in
`ossl_provider_test_operation_bit()` will always be zero.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/12760)

---

Summary of changes:
 crypto/core_algorithm.c | 8 
 crypto/provider_core.c  | 9 ++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c
index f4a20cb2d1..68d6129598 100644
--- a/crypto/core_algorithm.c
+++ b/crypto/core_algorithm.c
@@ -31,7 +31,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void 
*cbdata)
 int first_operation = 1;
 int last_operation = OSSL_OP__HIGHEST;
 int cur_operation;
-int ok = 0;
+int ok = 1;
 
 if (data->operation_id != 0)
 first_operation = last_operation = data->operation_id;
@@ -77,9 +77,9 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void 
*cbdata)
 return 0;
 }
 
-/* If post-condition fulfilled, set general success */
-if (ret)
-ok = 1;
+/* If post-condition not fulfilled, set general failure */
+if (!ret)
+ok = 0;
 }
 
 return ok;
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index a714a71681..f282071e2d 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -875,14 +875,17 @@ int ossl_provider_set_operation_bit(OSSL_PROVIDER 
*provider, size_t bitnum)
 unsigned char bit = (1 << (bitnum % 8)) & 0xFF;
 
 if (provider->operation_bits_sz <= byte) {
-provider->operation_bits = OPENSSL_realloc(provider->operation_bits,
-   byte + 1);
-if (provider->operation_bits == NULL) {
+unsigned char *tmp = OPENSSL_realloc(provider->operation_bits,
+ byte + 1);
+
+if (tmp == NULL) {
 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
 return 0;
 }
+provider->operation_bits = tmp;
 memset(provider->operation_bits + provider->operation_bits_sz,
'\0', byte + 1 - provider->operation_bits_sz);
+provider->operation_bits_sz = byte + 1;
 }
 provider->operation_bits[byte] |= bit;
 return 1;

Still Failing: openssl/openssl#37083 (master - 2c0e356)

2020-09-02 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #37083
Status: Still Failing

Duration: 1 hr, 20 mins, and 23 secs
Commit: 2c0e356 (master)
Author: Dr. David von Oheimb
Message: apps/cmp.c: Clean up loading of certificates and CRLs

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12751)

View the changeset: 
https://github.com/openssl/openssl/compare/ef0f01c0afc8...2c0e356ef7fd

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/182417372?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2020-09-02 Thread dev 
The branch master has been updated
   via  2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit)
  from  ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit)


- Log -
commit 2c0e356ef7fdbb117c9294b57deb67be66db3470
Author: Dr. David von Oheimb 
Date:   Fri Aug 28 15:30:23 2020 +0200

apps/cmp.c: Clean up loading of certificates and CRLs

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/12751)

---

Summary of changes:
 apps/cmp.c  | 177 +---
 doc/man1/openssl-cmp.pod.in |   2 +-
 2 files changed, 67 insertions(+), 112 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 4a8b6e75fb..4d6acdd499 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -303,7 +303,7 @@ const OPTIONS cmp_options[] = {
 {OPT_MORE_STR, 0, 0,
  "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"},
 {"csr", OPT_CSR, 's',
- "CSR file in PKCS#10 format to use in p10cr for legacy support"},
+ "PKCS#10 CSR file in PEM or DER format to use in p10cr for legacy 
support"},
 {"out_trusted", OPT_OUT_TRUSTED, 's',
  "Certificates to trust when verifying newly enrolled certificates"},
 {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-',
@@ -653,42 +653,6 @@ static X509 *load_cert_pwd(const char *uri, const char 
*pass, const char *desc)
 return cert;
 }
 
-/* TODO potentially move this and related functions to apps/lib/apps.c */
-static int adjust_format(const char **infile, int format, int engine_ok)
-{
-if (!strncasecmp(*infile, "http://;, 7)
-|| !strncasecmp(*infile, "https://;, 8)) {
-format = FORMAT_HTTP;
-} else if (engine_ok && strncasecmp(*infile, "engine:", 7) == 0) {
-*infile += 7;
-format = FORMAT_ENGINE;
-} else {
-if (strncasecmp(*infile, "file:", 5) == 0)
-*infile += 5;
-/*
- * the following is a heuristic whether first to try PEM or DER
- * or PKCS12 as the input format for files
- */
-if (strlen(*infile) >= 4) {
-const char *extension = *infile + strlen(*infile) - 4;
-
-if (strncasecmp(extension, ".crt", 4) == 0
-|| strncasecmp(extension, ".pem", 4) == 0)
-/* weak recognition of PEM format */
-format = FORMAT_PEM;
-else if (strncasecmp(extension, ".cer", 4) == 0
- || strncasecmp(extension, ".der", 4) == 0)
-/* weak recognition of DER format */
-format = FORMAT_ASN1;
-else if (strncasecmp(extension, ".p12", 4) == 0)
-/* weak recognition of PKCS#12 format */
-format = FORMAT_PKCS12;
-/* else retain given format */
-}
-}
-return format;
-}
-
 /*
  * TODO potentially move this and related functions to apps/lib/
  * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL
@@ -697,18 +661,13 @@ static X509_REQ *load_csr_autofmt(const char *infile, 
const char *desc)
 {
 X509_REQ *csr;
 BIO *bio_bak = bio_err;
-int can_retry;
-int format = adjust_format(, FORMAT_PEM, 0);
 
-can_retry = format == FORMAT_PEM || format == FORMAT_ASN1;
-if (can_retry)
-bio_err = NULL; /* do not show errors on more than one try */
-csr = load_csr(infile, format, desc);
+bio_err = NULL; /* do not show errors on more than one try */
+csr = load_csr(infile, FORMAT_PEM, desc);
 bio_err = bio_bak;
-if (csr == NULL && can_retry) {
+if (csr == NULL) {
 ERR_clear_error();
-format = (format == FORMAT_PEM ? FORMAT_ASN1 : FORMAT_PEM);
-csr = load_csr(infile, format, desc);
+csr = load_csr(infile, FORMAT_ASN1, desc);
 }
 if (csr == NULL) {
 ERR_print_errors(bio_err);
@@ -718,43 +677,59 @@ static X509_REQ *load_csr_autofmt(const char *infile, 
const char *desc)
 return csr;
 }
 
-static void warn_certs_expired(const char *file, STACK_OF(X509) **certs)
+static void warn_cert_msg(const char *uri, X509 *cert, const char *msg)
 {
-int i, res;
-X509 *cert;
-char *subj;
+char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
+
+CMP_warn3("certificate from '%s' with subject '%s' %s", uri, subj, msg);
+OPENSSL_free(subj);
+}
 
-for (i = 0; i < sk_X509_num(*certs); i++) {
-cert = sk_X509_value(*certs, i);
-res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert),
+static void warn_cert(const char *uri, X509 *cert, int warn_EE)
+{
+int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert),
  X509_get0_notAfter(cert));
-if (res != 0) {
-subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
-CMP_warn3("certificate from '%s' with subject '%s' %s",

Still Failing: openssl/openssl#37081 (master - ef0f01c)

2020-09-02 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #37081
Status: Still Failing

Duration: 1 hr, 24 mins, and 8 secs
Commit: ef0f01c (master)
Author: Jon Spillett
Message: Avoid uninitialised variable warning for jobs

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/12762)

View the changeset: 
https://github.com/openssl/openssl/compare/1a5ae1da14f2...ef0f01c0afc8

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/182371724?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2020-09-02 Thread beldmit 
The branch master has been updated
   via  ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit)
  from  1a5ae1da14f24a170c200c653c8b81e4a2966d3e (commit)


- Log -
commit ef0f01c0afc84c85f07d739d77f04a29e7739cd6
Author: Jon Spillett 
Date:   Tue Sep 1 13:13:09 2020 +1000

Avoid uninitialised variable warning for jobs

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/12762)

---

Summary of changes:
 test/run_tests.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/run_tests.pl b/test/run_tests.pl
index 2b05ddcbb0..14e195b468 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -31,7 +31,7 @@ my $srctop = $ENV{SRCTOP} || $ENV{TOP};
 my $bldtop = $ENV{BLDTOP} || $ENV{TOP};
 my $recipesdir = catdir($srctop, "test", "recipes");
 my $libdir = rel2abs(catdir($srctop, "util", "perl"));
-my $jobs = $ENV{HARNESS_JOBS};
+my $jobs = $ENV{HARNESS_JOBS} // 1;
 
 $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf"));
 $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers"));
@@ -46,7 +46,7 @@ my %tapargs =
   merge => 1,
 );
 
-$tapargs{jobs} = $jobs if defined $jobs;
+$tapargs{jobs} = $jobs if $jobs > 1;
 
 # Additional OpenSSL special TAP arguments.  Because we can't pass them via
 # TAP::Harness->new(), they will be accessed directly, see the
@@ -57,7 +57,7 @@ $openssl_args{'failure_verbosity'} = $ENV{HARNESS_VERBOSE} ? 
0 :
 $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} ? 2 :
 1; # $ENV{HARNESS_VERBOSE_FAILURE}
 print "Warning: HARNESS_JOBS > 1 overrides HARNESS_VERBOSE\n"
-if $ENV{HARNESS_JOBS} > 1;
+if $jobs > 1;
 print "Warning: HARNESS_VERBOSE overrides HARNESS_VERBOSE_FAILURE*\n"
 if ($ENV{HARNESS_VERBOSE} && ($ENV{HARNESS_VERBOSE_FAILURE}
   || $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS}));