Errored: openssl/openssl#37538 (master - ecf15b1)
Build Update for openssl/openssl - Build: #37538 Status: Errored Duration: 1 hr, 20 mins, and 3 secs Commit: ecf15b1 (master) Author: Alexander Borkowski Message: s_client.pod: Fix grammar in NOTES section. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9421) View the changeset: https://github.com/openssl/openssl/compare/7f9e74403677...ecf15b16ee82 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185084789?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 7f9e744036 Add selftest callback to CRNG output test 4b51903d86 Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. f80d0d2fd6 HMAC should work with non-provided digests 67ecd65cc4 Rename check_chain_extensions to check_chain cccf532fef Disallow certs with explicit curve in verification chain fe2f8aecfe EC_KEY: add EC_KEY_decoded_from_explicit_params() bde4aa8dc1 Fix Coverity CID 1466708 - correct pointer calculation in one case ebcae87f6b FIX strncpy warning in apps/cmp.c. 1cae59d14b Make KDFs fail if requesting a zero-length key. 0010870536 Allow zero-length secret for EVP_KDF API ec4c86d9ec Fix typo in bind_loader_attic comment 3f96b687f7 Document 2 newly added functions 7fc6168b6f Test HMAC output from the dgst CLI d8025f4ac0 Correctly display the signing/hmac algorithm in the dgst app b0002eb09a Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate b8e5622809 Don't send -1 as the length of the hmac key 067a3057c3 Annotate potential -Wunused-function violations in err.h 4bb73d5409 Add a NULL check to EVP_PKEY_assign 8230710f04 Update AES GCM IV max length to be 1024 bits (was 512) eb750219f2 undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters 5d94202884 Configurations/unix-Makefile.tmpl: Don't specify headers twice fc661b50df OpenSSL::ParseC: recognise inline function bodies 4343a4187d Add self tests for rsa encryption Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp -MT test/ssl_ctx_test-bin-ssl_ctx_test.o -c -o test/ssl_ctx_test-bin-ssl_ctx_test.o ../openssl/test/ssl_ctx_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude
Errored: openssl/openssl#37539 (OpenSSL_1_1_1-stable - caf36dd)
Build Update for openssl/openssl - Build: #37539 Status: Errored Duration: 50 secs Commit: caf36dd (OpenSSL_1_1_1-stable) Author: Shane Lontis Message: openssl-s_client.pod.in: Fix grammar in NOTES section. View the changeset: https://github.com/openssl/openssl/compare/8380f453ec81...caf36dd23fe4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185086724?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#37535 (master - 7f9e744)
Build Update for openssl/openssl - Build: #37535 Status: Errored Duration: 58 mins and 30 secs Commit: 7f9e744 (master) Author: Shane Lontis Message: Add selftest callback to CRNG output test Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12795) View the changeset: https://github.com/openssl/openssl/compare/4b51903d8681...7f9e74403677 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185052852?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 7f9e744036 Add selftest callback to CRNG output test 4b51903d86 Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. f80d0d2fd6 HMAC should work with non-provided digests 67ecd65cc4 Rename check_chain_extensions to check_chain cccf532fef Disallow certs with explicit curve in verification chain fe2f8aecfe EC_KEY: add EC_KEY_decoded_from_explicit_params() bde4aa8dc1 Fix Coverity CID 1466708 - correct pointer calculation in one case ebcae87f6b FIX strncpy warning in apps/cmp.c. 1cae59d14b Make KDFs fail if requesting a zero-length key. 0010870536 Allow zero-length secret for EVP_KDF API ec4c86d9ec Fix typo in bind_loader_attic comment 3f96b687f7 Document 2 newly added functions 7fc6168b6f Test HMAC output from the dgst CLI d8025f4ac0 Correctly display the signing/hmac algorithm in the dgst app b0002eb09a Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate b8e5622809 Don't send -1 as the length of the hmac key 067a3057c3 Annotate potential -Wunused-function violations in err.h 4bb73d5409 Add a NULL check to EVP_PKEY_assign 8230710f04 Update AES GCM IV max length to be 1024 bits (was 512) eb750219f2 undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters 5d94202884 Configurations/unix-Makefile.tmpl: Don't specify headers twice fc661b50df OpenSSL::ParseC: recognise inline function bodies 4343a4187d Add self tests for rsa encryption Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration
Errored: openssl/openssl#37534 (master - 4b51903)
Build Update for openssl/openssl - Build: #37534 Status: Errored Duration: 56 mins and 21 secs Commit: 4b51903 (master) Author: Shane Lontis Message: Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. Fixes #11622 Fixes #12378 Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES. The correct behaviour is not to use VPAES at all in this case. Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation. On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify both paths produce the correct known answers. Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12887) View the changeset: https://github.com/openssl/openssl/compare/f80d0d2fd6d1...4b51903d8681 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185051715?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via ecf15b16ee8223a9a383b97ee41126fbedf89bb5 (commit) from 7f9e74403677a995ded00f070d84297401f6e3fd (commit) - Log - commit ecf15b16ee8223a9a383b97ee41126fbedf89bb5 Author: Alexander Borkowski Date: Sat Jul 20 07:47:11 2019 +0200 s_client.pod: Fix grammar in NOTES section. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9421) --- Summary of changes: doc/man1/openssl-s_client.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 594d26f9bd..bd4ceee5df 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -872,7 +872,7 @@ server. This command is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will -accept any certificate chain (trusted or not) sent by the peer. None test +accept any certificate chain (trusted or not) sent by the peer. Non-test applications should B do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the B<-verify_return_error> option: any verify errors are then returned aborting the handshake.
Errored: openssl/openssl#37532 (master - f80d0d2)
Build Update for openssl/openssl - Build: #37532 Status: Errored Duration: 1 hr, 28 mins, and 1 sec Commit: f80d0d2 (master) Author: Dmitry Belyavskiy Message: HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12874) View the changeset: https://github.com/openssl/openssl/compare/67ecd65cc4fd...f80d0d2fd6d1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184999487?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 7f9e744036 Add selftest callback to CRNG output test 4b51903d86 Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. f80d0d2fd6 HMAC should work with non-provided digests 67ecd65cc4 Rename check_chain_extensions to check_chain cccf532fef Disallow certs with explicit curve in verification chain fe2f8aecfe EC_KEY: add EC_KEY_decoded_from_explicit_params() bde4aa8dc1 Fix Coverity CID 1466708 - correct pointer calculation in one case ebcae87f6b FIX strncpy warning in apps/cmp.c. 1cae59d14b Make KDFs fail if requesting a zero-length key. 0010870536 Allow zero-length secret for EVP_KDF API ec4c86d9ec Fix typo in bind_loader_attic comment 3f96b687f7 Document 2 newly added functions 7fc6168b6f Test HMAC output from the dgst CLI d8025f4ac0 Correctly display the signing/hmac algorithm in the dgst app b0002eb09a Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate b8e5622809 Don't send -1 as the length of the hmac key 067a3057c3 Annotate potential -Wunused-function violations in err.h 4bb73d5409 Add a NULL check to EVP_PKEY_assign 8230710f04 Update AES GCM IV max length to be 1024 bits (was 512) eb750219f2 undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters 5d94202884 Configurations/unix-Makefile.tmpl: Don't specify headers twice fc661b50df OpenSSL::ParseC: recognise inline function bodies 4343a4187d Add self tests for rsa encryption Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8027F1DCCF7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:314: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 8037683E9A7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 8037683E9A7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt # -- ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # -- # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped:
Errored: openssl/openssl#37530 (master - 67ecd65)
Build Update for openssl/openssl - Build: #37530 Status: Errored Duration: 1 hr, 34 mins, and 38 secs Commit: 67ecd65 (master) Author: Tomas Mraz Message: Rename check_chain_extensions to check_chain The function does much more than just checking extensions. Reviewed-by: David von Oheimb Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12683) View the changeset: https://github.com/openssl/openssl/compare/bde4aa8dc194...67ecd65cc4fd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184970043?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 7f9e74403677a995ded00f070d84297401f6e3fd (commit)
from 4b51903d8681c7fd429c566548529d5753e24f47 (commit)
- Log -
commit 7f9e74403677a995ded00f070d84297401f6e3fd
Author: Shane Lontis
Date: Wed Sep 2 09:08:09 2020 +1000
Add selftest callback to CRNG output test
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12795)
---
Summary of changes:
crypto/self_test_core.c | 7 +--
doc/man3/OSSL_SELF_TEST_new.pod | 5 -
doc/man7/OSSL_PROVIDER-FIPS.pod | 8
include/openssl/self_test.h | 3 ++-
providers/implementations/rands/crngt.c | 34 ++---
5 files changed, 46 insertions(+), 11 deletions(-)
diff --git a/crypto/self_test_core.c b/crypto/self_test_core.c
index 1a6f828c1d..ca8925abe5 100644
--- a/crypto/self_test_core.c
+++ b/crypto/self_test_core.c
@@ -157,12 +157,15 @@ void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret)
* is modified (corrupted). This is used to modify output signatures or
* ciphertext before they are verified or decrypted.
*/
-void OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes)
+int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes)
{
if (st != NULL && st->cb != NULL) {
st->phase = OSSL_SELF_TEST_PHASE_CORRUPT;
self_test_setparams(st);
-if (!st->cb(st->params, st->cb_arg))
+if (!st->cb(st->params, st->cb_arg)) {
bytes[0] ^= 1;
+return 1;
+}
}
+return 0;
}
diff --git a/doc/man3/OSSL_SELF_TEST_new.pod b/doc/man3/OSSL_SELF_TEST_new.pod
index b2c4f5ccce..744c82e204 100644
--- a/doc/man3/OSSL_SELF_TEST_new.pod
+++ b/doc/man3/OSSL_SELF_TEST_new.pod
@@ -17,7 +17,7 @@ OSSL_SELF_TEST_onend - functionality to trigger a callback
during a self test
void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type,
const char *desc);
- void OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes);
+ int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes);
void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret);
=head1 DESCRIPTION
@@ -104,6 +104,9 @@ This allows the callback to identify the sub category of
the test being run.
OSSL_SELF_TEST_new() returns the allocated B object, or NULL if
it fails.
+OSSL_SELF_TEST_oncorrupt_byte() returns 1 if corruption occurs, otherwise it
+returns 0.
+
=head1 EXAMPLES
A single self test could be set up in the following way:
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 2ae999e023..98c6079d72 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -212,6 +212,10 @@ Known answer test for a Deterministic Random Bit Generator.
Conditional test that is run during the generation of key pairs.
+=item "Continuous_RNG_Test" (B)
+
+Continuous random number generator test.
+
=back
The "Module_Integrity" self test is always run at startup.
@@ -289,6 +293,10 @@ Key Derivation Function tests used with the "KAT_KDF" type.
DRBG tests used with the "DRBG" type.
+= item "RNG" (B)
+
+"Continuous_RNG_Test" uses this.
+
=back
=head1 EXAMPLES
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index 4d99aaa4e3..be375c9469 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -60,6 +60,7 @@ extern "C" {
# define OSSL_SELF_TEST_DESC_KA_ECDH"ECDH"
# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF"
# define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF"
+# define OSSL_SELF_TEST_DESC_RNG"RNG"
# ifdef __cplusplus
}
@@ -75,7 +76,7 @@ void OSSL_SELF_TEST_free(OSSL_SELF_TEST *st);
void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type,
const char *desc);
-void OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes);
+int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes);
void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret);
#endif /* OPENSSL_SELF_TEST_H */
diff --git a/providers/implementations/rands/crngt.c
b/providers/implementations/rands/crngt.c
index e23485291b..c6874f8916 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -94,8 +94,8 @@ static const OPENSSL_CTX_METHOD rand_crng_ossl_ctx_method = {
};
static int prov_crngt_compare_previous(const unsigned char *prev,
-const unsigned char *cur,
-size_t sz)
+ const unsigned char *cur,
+ size_t sz)
{
const int res = memcmp(prev, cur, sz) != 0;
@@ -113,11
[openssl] master update
The branch master has been updated
via 4b51903d8681c7fd429c566548529d5753e24f47 (commit)
from f80d0d2fd6d1e05ba59eab78ed950a140d092831 (commit)
- Log -
commit 4b51903d8681c7fd429c566548529d5753e24f47
Author: Shane Lontis
Date: Wed Sep 16 11:07:02 2020 +1000
Fix AES_XTS on x86-64 platforms with BSAES and VPAES support.
Fixes #11622
Fixes #12378
Due to a missing else it was setting up the stream for BSAES and then using
this incorrect stream with VPAES.
The correct behaviour is not to use VPAES at all in this case.
Also note that the original code in e_aes could set up VPAES and then would
overwrite it with the generic implementation.
On a machine that supported both BSAES and VPAES the code was changed
locally to force it to run both cases to verify
both paths produce the correct known answers.
Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12887)
---
Summary of changes:
providers/implementations/ciphers/cipher_aes_xts_hw.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c
b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index e1c8182556..028d1608d2 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -66,15 +66,18 @@ static int
cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
if (BSAES_CAPABLE) {
stream_enc = bsaes_xts_encrypt;
stream_dec = bsaes_xts_decrypt;
-}
+} else
#endif /* BSAES_CAPABLE */
-
#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
+return 1;
} else
#endif /* VPAES_CAPABLE */
+{
+(void)0;
+}
{
XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
AES_encrypt, AES_decrypt, stream_enc, stream_dec);
Errored: openssl/openssl#37527 (master - bde4aa8)
Build Update for openssl/openssl - Build: #37527 Status: Errored Duration: 53 mins and 14 secs Commit: bde4aa8 (master) Author: Dr. David von Oheimb Message: Fix Coverity CID 1466708 - correct pointer calculation in one case Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12894) View the changeset: https://github.com/openssl/openssl/compare/ebcae87f6b62...bde4aa8dc194 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184949860?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060F36D967F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C060F36D967F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7907 # false not ok 2 - iteration 2 # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C060F36D967F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060F36D967F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7907 # false not ok 3 - iteration 3 # -- not ok 37 - test_sigalgs_available # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Vnb70M46Ns default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B05353F37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B05353F37F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7907 # false not ok 2 - iteration 2 # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B05353F37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B05353F37F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7907 # false not ok 3 - iteration 3 # -- not ok 37 - test_sigalgs_available # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Vnb70M46Ns fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest #
Errored: openssl/openssl#37526 (master - ebcae87)
Build Update for openssl/openssl - Build: #37526 Status: Errored Duration: 1 hr, 23 mins, and 38 secs Commit: ebcae87 (master) Author: Xiaofei Bai Message: FIX strncpy warning in apps/cmp.c. bugfix: #12872 strncpy here has compiling warning of -Wstringop-truncation, change into BIO_snprintf as before. Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12889) View the changeset: https://github.com/openssl/openssl/compare/1cae59d14b9e...ebcae87f6b62 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184939598?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0024C5F7F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1324 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1402 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0024C5F7F:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3325: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0024C5F7F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6451 # false not ok 2 - iteration 2 # -- not ok 53 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/iSCvGq54Ws default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E0D780B37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E0D780B37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E0D780B37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E0D780B37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1324 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1402 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E0D780B37F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
[openssl] master update
The branch master has been updated
via f80d0d2fd6d1e05ba59eab78ed950a140d092831 (commit)
from 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554 (commit)
- Log -
commit f80d0d2fd6d1e05ba59eab78ed950a140d092831
Author: Dmitry Belyavskiy
Date: Mon Sep 14 18:33:29 2020 +0300
HMAC should work with non-provided digests
Fixes #12839
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12874)
---
Summary of changes:
crypto/evp/m_sigver.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index e2bb613a20..e83a7e654a 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -182,6 +182,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
*/
evp_md_ctx_clear_digest(ctx, 1);
+/* legacy code support for engines */
+ERR_set_mark();
/*
* This might be requested by a later call to EVP_MD_CTX_md().
* In that case the "explicit fetch" rules apply for that
@@ -189,12 +191,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
* so the EVP_MD should not be used beyound the lifetime of the
* EVP_MD_CTX.
*/
-ctx->digest = ctx->reqdigest = ctx->fetched_digest =
-EVP_MD_fetch(locpctx->libctx, mdname, props);
-if (ctx->digest == NULL) {
-ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-goto err;
+ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
+if (ctx->fetched_digest != NULL) {
+ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+} else {
+/* legacy engine support : remove the mark when this is
deleted */
+ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
+if (ctx->digest == NULL) {
+(void)ERR_clear_last_mark();
+ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+goto err;
+}
}
+(void)ERR_pop_to_mark();
}
}
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060C00A727F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1324 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1402 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C060C00A727F:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3325: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060C00A727F:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6451 # false not ok 2 - iteration 2 # -- not ok 53 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/oM86J91cwk default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B053A0807F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B053A0807F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B053A0807F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B053A0807F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1324 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1402 # false not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B053A0807F:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:123:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers #
[openssl] master update
The branch master has been updated
via 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554 (commit)
via cccf532fef10aaa2d682227061b8828a1eb2c031 (commit)
via fe2f8aecfe4a0de483334bf671a8eb4f1c00 (commit)
from bde4aa8dc1946dff189c89396814a98d1052262d (commit)
- Log -
commit 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554
Author: Tomas Mraz
Date: Fri Sep 11 15:27:23 2020 +0200
Rename check_chain_extensions to check_chain
The function does much more than just checking extensions.
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
commit cccf532fef10aaa2d682227061b8828a1eb2c031
Author: Tomas Mraz
Date: Fri Sep 11 09:09:29 2020 +0200
Disallow certs with explicit curve in verification chain
The check is applied only with X509_V_FLAG_X509_STRICT.
Fixes #12139
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
commit fe2f8aecfe4a0de483334bf671a8eb4f1c00
Author: Tomas Mraz
Date: Fri Aug 21 14:50:52 2020 +0200
EC_KEY: add EC_KEY_decoded_from_explicit_params()
The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
---
Summary of changes:
crypto/ec/ec_asn1.c | 31 +++---
crypto/ec/ec_key.c | 7 +++
crypto/ec/ec_lib.c | 1 +
crypto/ec/ec_local.h | 2 +
crypto/x509/v3_purp.c| 2 +-
crypto/x509/x509_txt.c | 2 +
crypto/x509/x509_vfy.c | 41 -
doc/man3/EC_KEY_new.pod | 8 ++-
include/openssl/ec.h | 2 +
include/openssl/x509_vfy.h.in| 1 +
ssl/statem/statem_lib.c | 1 +
test/certs/ca-cert-ec-explicit.pem | 19 ++
test/certs/ca-cert-ec-named.pem | 14 +
test/certs/ca-key-ec-explicit.pem| 10 +++
test/certs/ca-key-ec-named.pem | 5 ++
test/certs/ee-cert-ec-explicit.pem | 16 +
test/certs/ee-cert-ec-named-explicit.pem | 11
test/certs/ee-cert-ec-named-named.pem| 11
test/certs/ee-key-ec-explicit.pem| 10 +++
test/certs/ee-key-ec-named-explicit.pem | 5 ++
test/certs/ee-key-ec-named-named.pem | 5 ++
test/certs/setup.sh | 10 +++
test/ec_internal_test.c | 101 +++
test/recipes/25-test_verify.t| 17 +-
util/libcrypto.num | 1 +
25 files changed, 319 insertions(+), 14 deletions(-)
create mode 100644 test/certs/ca-cert-ec-explicit.pem
create mode 100644 test/certs/ca-cert-ec-named.pem
create mode 100644 test/certs/ca-key-ec-explicit.pem
create mode 100644 test/certs/ca-key-ec-named.pem
create mode 100644 test/certs/ee-cert-ec-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-named.pem
create mode 100644 test/certs/ee-key-ec-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-named.pem
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 879ff9faa2..9454f580d5 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -74,6 +74,12 @@ struct ec_parameters_st {
ASN1_INTEGER *cofactor;
} /* ECPARAMETERS */ ;
+typedef enum {
+ECPKPARAMETERS_TYPE_NAMED = 0,
+ECPKPARAMETERS_TYPE_EXPLICIT,
+ECPKPARAMETERS_TYPE_IMPLICIT
+} ecpk_parameters_type_t;
+
struct ecpk_parameters_st {
int type;
union {
@@ -472,9 +478,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
return NULL;
}
} else {
-if (ret->type == 0)
+if (ret->type == ECPKPARAMETERS_TYPE_NAMED)
ASN1_OBJECT_free(ret->value.named_curve);
-else if (ret->type == 1 && ret->value.parameters)
+else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT
+ && ret->value.parameters != NULL)
ECPARAMETERS_free(ret->value.parameters);
}
@@ -491,7 +498,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);
ok = 0;
} else {
-ret->type = 0;
+ret->type = ECPKPARAMETERS_TYPE_NAMED;
ret->value.named_curve = asn1obj;
}
} else
@@ -499,7 +506,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
Errored: openssl/openssl#37519 (master - 1cae59d)
Build Update for openssl/openssl - Build: #37519 Status: Errored Duration: 1 hr, 30 mins, and 48 secs Commit: 1cae59d (master) Author: Jon Spillett Message: Make KDFs fail if requesting a zero-length key. Also add more test cases Reviewed-by: Tim Hudson Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12826) View the changeset: https://github.com/openssl/openssl/compare/ec4c86d9ec13...1cae59d14b9e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184862637?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#37518 (master - ec4c86d)
Build Update for openssl/openssl - Build: #37518 Status: Errored Duration: 1 hr, 29 mins, and 29 secs Commit: ec4c86d (master) Author: Daniel Bevenius Message: Fix typo in bind_loader_attic comment Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12890) View the changeset: https://github.com/openssl/openssl/compare/3f96b687f7d2...ec4c86d9ec13 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184853174?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.36984
Build openssl master.36984 failed Commit 41e0799bb2 by Dr. David von Oheimb on 9/17/2020 8:41 AM: fixup! Prune low-level ASN.1 parse errors from error queue in decoder_process() Configure your notification preferences
[openssl] master update
The branch master has been updated
via bde4aa8dc1946dff189c89396814a98d1052262d (commit)
from ebcae87f6b62ed9b79a1255dbb3c69c635cea4d8 (commit)
- Log -
commit bde4aa8dc1946dff189c89396814a98d1052262d
Author: Dr. David von Oheimb
Date: Wed Sep 16 13:29:05 2020 +0200
Fix Coverity CID 1466708 - correct pointer calculation in one case
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/12894)
---
Summary of changes:
crypto/http/http_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 19b964e613..be790bda90 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -89,7 +89,7 @@ int OSSL_HTTP_parse_url(const char *url, char **phost, char
**pport,
if (pport_num == NULL) {
p = strchr(port, '/');
if (p == NULL)
-p = p + strlen(port);
+p = host_end + 1 + strlen(port);
} else { /* make sure a numerical port value is given */
portnum = strtol(port, , 10);
if (p == port || (*p != '\0' && *p != '/'))
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t
Errored: openssl/openssl#37517 (master - 3f96b68)
Build Update for openssl/openssl - Build: #37517 Status: Errored Duration: 1 hr, 41 mins, and 16 secs Commit: 3f96b68 (master) Author: Matt Caswell Message: Document 2 newly added functions Adds documentation for EVP_PKEY_get0_first_alg_name() and EVP_KEYMGMT_get0_first_name(). Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12850) View the changeset: https://github.com/openssl/openssl/compare/067a3057c3aa...3f96b687f7d2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184851735?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via ebcae87f6b62ed9b79a1255dbb3c69c635cea4d8 (commit)
from 1cae59d14b9e10ac81e5418c568d7d14cdf617f1 (commit)
- Log -
commit ebcae87f6b62ed9b79a1255dbb3c69c635cea4d8
Author: Xiaofei Bai
Date: Tue Sep 15 01:59:02 2020 +
FIX strncpy warning in apps/cmp.c.
bugfix: #12872
strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.
Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d
Reviewed-by: Paul Dale
Reviewed-by: David von Oheimb
(Merged from https://github.com/openssl/openssl/pull/12889)
---
Summary of changes:
apps/cmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 083425c08f..1137ed0a84 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1839,7 +1839,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE
*engine)
CMP_err("missing -tls_used option since -server URL indicates https");
goto err;
}
-strncpy(server_port, port, sizeof(server_port));
+BIO_snprintf(server_port, sizeof(server_port), "%s", port);
used_path = opt_path != NULL ? opt_path : path;
if (!OSSL_CMP_CTX_set1_server(ctx, server)
|| !OSSL_CMP_CTX_set_serverPort(ctx, portnum)
Errored: openssl/openssl#37515 (master - 067a305)
Build Update for openssl/openssl - Build: #37515 Status: Errored Duration: 1 hr, 37 mins, and 10 secs Commit: 067a305 (master) Author: jwalch Message: Annotate potential -Wunused-function violations in err.h Fixes #12792 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12851) View the changeset: https://github.com/openssl/openssl/compare/4bb73d5409c0...067a3057c3aa View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184849281?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # Failed test 'p10cr csr non-existing file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr4.pem -out_trusted root.crt -csr empty.txt => 139 not ok 78 - p10cr csr empty file # -- # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.certout_cr.pem -out_trusted root.crt => 139 not ok 82 - cr # -- # Failed test 'cr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur.pem -out_trusted root.crt -oldcert test.certout_newkey.pem -server '127.0.0.1:1700' -cert test.certout_newkey.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur explicit options # -- # Failed test 'kur explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.certout_kur_minimal.pem -oldcert "" -server '127.0.0.1:1700' -cert test.certout_newkey.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur minimal options # -- ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.certout_kur2.pem -out_trusted root.crt -oldcert test.certout_newkey.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # -- ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur5.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # -- # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur6.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # -- # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur7.pem
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40975542837F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:314: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 4007743B3B7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 4007743B3B7F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt # -- ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # -- # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external
Build failed: openssl master.36975
Build openssl master.36975 failed Commit 38bc0e3fa6 by Richard Levitte on 9/17/2020 6:49 AM: fixup! DECODER: Small cleanups Configure your notification preferences
Errored: openssl/openssl#37513 (master - 4bb73d5)
Build Update for openssl/openssl - Build: #37513 Status: Errored Duration: 1 hr, 18 mins, and 10 secs Commit: 4bb73d5 (master) Author: jwalch Message: Add a NULL check to EVP_PKEY_assign Fixes #12619 Update p_lib.c Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12863) View the changeset: https://github.com/openssl/openssl/compare/8230710f04ed...4bb73d5409c0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/184843563?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 1cae59d14b9e10ac81e5418c568d7d14cdf617f1 (commit)
via 00108705369078097c652149c26dcbfd36ecaf76 (commit)
from ec4c86d9ec132aaa31c7e6892dde4dbb11397168 (commit)
- Log -
commit 1cae59d14b9e10ac81e5418c568d7d14cdf617f1
Author: Jon Spillett
Date: Mon Sep 14 17:03:01 2020 +1000
Make KDFs fail if requesting a zero-length key.
Also add more test cases
Reviewed-by: Tim Hudson
Reviewed-by: Ben Kaduk
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/12826)
commit 00108705369078097c652149c26dcbfd36ecaf76
Author: Jon Spillett
Date: Tue Sep 8 16:46:13 2020 +1000
Allow zero-length secret for EVP_KDF API
Reviewed-by: Tim Hudson
Reviewed-by: Ben Kaduk
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/12826)
---
Summary of changes:
providers/implementations/kdfs/hkdf.c | 4 +
providers/implementations/kdfs/kbkdf.c | 6 +
providers/implementations/kdfs/tls1_prf.c | 4 +
providers/implementations/macs/hmac_prov.c | 4 +-
test/evp_kdf_test.c| 701 ++---
5 files changed, 647 insertions(+), 72 deletions(-)
diff --git a/providers/implementations/kdfs/hkdf.c
b/providers/implementations/kdfs/hkdf.c
index 987f1b28bf..00734119a4 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -140,6 +140,10 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key,
size_t keylen)
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
return 0;
}
+if (keylen == 0) {
+ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+return 0;
+}
switch (ctx->mode) {
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
diff --git a/providers/implementations/kdfs/kbkdf.c
b/providers/implementations/kdfs/kbkdf.c
index c8b5cdf8c6..c967724376 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -212,6 +212,12 @@ static int kbkdf_derive(void *vctx, unsigned char *key,
size_t keylen)
return 0;
}
+/* Fail if the output length is zero */
+if (keylen == 0) {
+ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+return 0;
+}
+
h = EVP_MAC_size(ctx->ctx_init);
if (h == 0)
goto done;
diff --git a/providers/implementations/kdfs/tls1_prf.c
b/providers/implementations/kdfs/tls1_prf.c
index ca6c605351..b622a37d7e 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -151,6 +151,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char
*key,
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SEED);
return 0;
}
+if (keylen == 0) {
+ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+return 0;
+}
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
ctx->sec, ctx->seclen,
diff --git a/providers/implementations/macs/hmac_prov.c
b/providers/implementations/macs/hmac_prov.c
index 2f99e75a88..13d159e7e7 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -127,7 +127,7 @@ static void *hmac_dup(void *vsrc)
}
if (src->key != NULL) {
/* There is no "secure" OPENSSL_memdup */
-dst->key = OPENSSL_secure_malloc(src->keylen);
+dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1);
if (dst->key == NULL) {
hmac_free(dst);
return 0;
@@ -278,7 +278,7 @@ static int hmac_set_ctx_params(void *vmacctx, const
OSSL_PARAM params[])
if (macctx->keylen > 0)
OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
/* Keep a copy of the key if we need it for TLS HMAC */
-macctx->key = OPENSSL_secure_malloc(p->data_size);
+macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size :
1);
if (macctx->key == NULL)
return 0;
memcpy(macctx->key, p->data, p->data_size);
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 21b999fb1d..173320a917 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -27,26 +27,37 @@ static EVP_KDF_CTX *get_kdfbyname(const char *name)
return kctx;
}
+static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char
*secret,
+const char *seed)
+{
+OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
+OSSL_PARAM *p = params;
+
+*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+(char *)digest, 0);
+*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+ (unsigned char *)secret,
+
[openssl] master update
The branch master has been updated
via ec4c86d9ec132aaa31c7e6892dde4dbb11397168 (commit)
from 3f96b687f7d27a32f37f7c6b4fdee45dae685b38 (commit)
- Log -
commit ec4c86d9ec132aaa31c7e6892dde4dbb11397168
Author: Daniel Bevenius
Date: Wed Sep 16 08:55:52 2020 +0200
Fix typo in bind_loader_attic comment
Reviewed-by: Shane Lontis
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12890)
---
Summary of changes:
engines/e_loader_attic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index be01c55718..47afe3f790 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -1739,7 +1739,7 @@ static int loader_attic_destroy(ENGINE *e)
static int bind_loader_attic(ENGINE *e)
{
-/* Ensure the ATTIC error handdling is set up on best effort basis */
+/* Ensure the ATTIC error handling is set up on best effort basis */
ERR_load_ATTIC_strings();
if (/* Create the OSSL_STORE_LOADER */
[openssl] master update
The branch master has been updated
via 3f96b687f7d27a32f37f7c6b4fdee45dae685b38 (commit)
via 7fc6168b6f5d0f696b610a88004ef79ed0eaa2ba (commit)
via d8025f4ac002f6de775a8c3c7936036d0722eed6 (commit)
via b0002eb09ac744d0c702c85648b2517e214580ea (commit)
via b8e5622809d3b3f61c4a615e51f5a8fd492ee23f (commit)
from 067a3057c3aab0cdd9a3cdb13c2ef69a4170 (commit)
- Log -
commit 3f96b687f7d27a32f37f7c6b4fdee45dae685b38
Author: Matt Caswell
Date: Mon Sep 14 16:30:50 2020 +0100
Document 2 newly added functions
Adds documentation for EVP_PKEY_get0_first_alg_name() and
EVP_KEYMGMT_get0_first_name().
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12850)
commit 7fc6168b6f5d0f696b610a88004ef79ed0eaa2ba
Author: Matt Caswell
Date: Mon Sep 14 16:13:54 2020 +0100
Test HMAC output from the dgst CLI
We run two HMAC operations on the same file and confirm that both provide
us with the expected values.
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12850)
commit d8025f4ac002f6de775a8c3c7936036d0722eed6
Author: Matt Caswell
Date: Sun Sep 13 11:09:20 2020 +0100
Correctly display the signing/hmac algorithm in the dgst app
In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:
HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1
Prior to this change master would instead display this like so:
SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1
The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12850)
commit b0002eb09ac744d0c702c85648b2517e214580ea
Author: Matt Caswell
Date: Fri Sep 11 16:47:53 2020 +0100
Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate
Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain information about the
key, and re-initialise for another sign operation. To emulate that we
redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if
appropriate.
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12850)
commit b8e5622809d3b3f61c4a615e51f5a8fd492ee23f
Author: Matt Caswell
Date: Thu Sep 10 14:46:41 2020 +0100
Don't send -1 as the length of the hmac key
The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a
-1 length to a strlen() call, by virtue of the fact that it eventually
calls ASN1_STRING_set() which has this feature.
As noted above this is undocumented, and unexpected since the len
parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t).
In the old bridge it was later (silently) cast to an int, and therefore
the original -1 value was restored. This only works because sizeof(int) <=
sizeof(size_t). If we ever run on a platform where sizeof(int) >
sizeof(size_t) then it would have failed. The behaviour also doesn't hold
for EVP_PKEY_new_raw_private_key() in general - only when the old MAC
bridge was in use.
Rather than restore the original behaviour I think it is best to simply
fix the dgst app to not assume it exists. We should not bake in this
backwards and inconsistent behaviour.
Fixes #12837
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12850)
---
Summary of changes:
apps/dgst.c | 12
crypto/evp/digest.c | 19 +++
crypto/evp/evp_pkey.c | 17 +
crypto/evp/keymgmt_meth.c | 5 +
doc/man3/EVP_KEYMGMT.pod| 11 +++
doc/man3/EVP_PKEY_is_a.pod | 16 +++-
include/openssl/evp.h | 3 +++
test/recipes/20-test_dgst.t | 16 +++-
util/libcrypto.num | 2 ++
9 files changed, 91 insertions(+), 10 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index 0bbde71d4b..650115b468 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -319,7 +319,8 @@ int dgst_main(int argc, char **argv)
if (hmac_key != NULL) {
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
- (unsigned char *)hmac_key, -1);
+
[openssl] master update
The branch master has been updated
via 067a3057c3aab0cdd9a3cdb13c2ef69a4170 (commit)
from 4bb73d5409c056a878f526280f86cc3c01f8cd68 (commit)
- Log -
commit 067a3057c3aab0cdd9a3cdb13c2ef69a4170
Author: jwalch
Date: Thu Sep 10 12:14:40 2020 -0400
Annotate potential -Wunused-function violations in err.h
Fixes #12792
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/12851)
---
Summary of changes:
include/openssl/err.h | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 3e3b64b158..8e76b812df 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -214,33 +214,33 @@ struct err_state_st {
# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0)
-static ossl_inline int ERR_GET_LIB(unsigned long errcode)
+static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode)
{
if (ERR_SYSTEM_ERROR(errcode))
return ERR_LIB_SYS;
return (errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK;
}
-static ossl_inline int ERR_GET_FUNC(unsigned long errcode ossl_unused)
+static ossl_unused ossl_inline int ERR_GET_FUNC(unsigned long errcode
ossl_unused)
{
return 0;
}
-static ossl_inline int ERR_GET_RFLAGS(unsigned long errcode)
+static ossl_unused ossl_inline int ERR_GET_RFLAGS(unsigned long errcode)
{
if (ERR_SYSTEM_ERROR(errcode))
return 0;
return errcode & (ERR_RFLAGS_MASK << ERR_RFLAGS_OFFSET);
}
-static ossl_inline int ERR_GET_REASON(unsigned long errcode)
+static ossl_unused ossl_inline int ERR_GET_REASON(unsigned long errcode)
{
if (ERR_SYSTEM_ERROR(errcode))
return errcode & ERR_SYSTEM_MASK;
return errcode & ERR_REASON_MASK;
}
-static ossl_inline int ERR_FATAL_ERROR(unsigned long errcode)
+static ossl_unused ossl_inline int ERR_FATAL_ERROR(unsigned long errcode)
{
return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_FATAL) != 0;
}
[openssl] master update
The branch master has been updated
via 4bb73d5409c056a878f526280f86cc3c01f8cd68 (commit)
from 8230710f04ed70fee41ec3ed8f3e4b1af55be05a (commit)
- Log -
commit 4bb73d5409c056a878f526280f86cc3c01f8cd68
Author: jwalch
Date: Wed Sep 9 22:36:00 2020 -0400
Add a NULL check to EVP_PKEY_assign
Fixes #12619
Update p_lib.c
Reviewed-by: Tomas Mraz
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12863)
---
Summary of changes:
crypto/evp/p_lib.c | 2 +-
test/ecdsatest.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index e336d91286..5e032b4053 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -709,7 +709,7 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
int alias = type;
#ifndef OPENSSL_NO_EC
-if (EVP_PKEY_type(type) == EVP_PKEY_EC) {
+if ((key != NULL) && (EVP_PKEY_type(type) == EVP_PKEY_EC)) {
const EC_GROUP *group = EC_KEY_get0_group(key);
if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2)
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index f7d6608f39..471aaa184d 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -252,6 +252,7 @@ static int test_builtin(int n, int as)
|| !TEST_ptr(eckey_neg = EC_KEY_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_generate_key(eckey_neg))
|| !TEST_ptr(pkey_neg = EVP_PKEY_new())
+|| !TEST_false(EVP_PKEY_assign_EC_KEY(pkey_neg, NULL))
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey_neg, eckey_neg)))
goto err;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: a268ed3acf free memory use on error in cert verify 871881856f generate_cookie_callback: free temporary memory on an error path 30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path e2d66c0d00 PKCS#8: free data on error path in newpass_bag 48ff651ecc DTLS: free allocated memory on error paths 4f14a378f8 prov/drbg: cleanup some RAND_DRBG leftovers 1d30b0a4ad prov/drbg: fix misspelling of '#ifdef FIPS_MODULE' Build log ended with (last 100 lines): /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc"
