[openssl] master update
The branch master has been updated via 53c4992e0b1c79bdf5904b84e77ca7d362cc4af0 (commit) from 7339547d455046e14b50fe64d71d45c6786ac960 (commit) - Log - commit 53c4992e0b1c79bdf5904b84e77ca7d362cc4af0 Author: Pauli Date: Sun Sep 27 12:47:47 2020 +1000 rand: declare get_hardware_random_value() before use. Introduced by #12923 Fixes #13004 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13005) --- Summary of changes: providers/implementations/rands/seeding/rand_cpu_x86.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/providers/implementations/rands/seeding/rand_cpu_x86.c b/providers/implementations/rands/seeding/rand_cpu_x86.c index 73af554d68..46ced51af2 100644 --- a/providers/implementations/rands/seeding/rand_cpu_x86.c +++ b/providers/implementations/rands/seeding/rand_cpu_x86.c @@ -16,12 +16,13 @@ # if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET) # include /* _rdrand64 */ # include /* memcpy */ -static size_t get_hardware_random_value(unsigned char *buf, size_t len); # else size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); # endif +static size_t get_hardware_random_value(unsigned char *buf, size_t len); + /* * Acquire entropy using Intel-specific cpu instructions *
Build completed: openssl master.37231
Build openssl master.37231 completed Commit b25dfe0383 by Pauli on 9/27/2020 11:18 PM: fixup! provider: add a query free function to allow providers to clean up. Configure your notification preferences
Build failed: openssl master.37230
Build openssl master.37230 failed Commit 7339547d45 by Shane Lontis on 9/27/2020 10:59 PM: Remove TODO comment from sskdf.c Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: d93bded6aa optimise ssl3_get_cipher_by_std_name() 8c27ee6e05 STORE: Clear a couple of TODOs that were there for the sake of SM2 4ff993d791 Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() cf61b97d5f Generate a certificate with critical id-pkix-ocsp-nocheck extension 37326895b7 OCSP_resp_find_status.pod: Slightly improve the documentation of various flags 7d5ea3fecb OCSP_resp_find_status.pod: Replace function arg references B<...> by I<...> 4f5b222b84 Fix bug in EDDSA speed test 3786d74868 en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management fa9e541d49 Remove openssl provider app fc959d7171 Update openssl list to support new provider objects. 1c52bf3c04 Add EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() 5a9500488d Add EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() d3edef83f5 Modified rand_cpu_x86.c to support builtin hardware randomizer on HPE NonStop. a48309cb5c Document the provider side SM2 Asymmetric Cipher support bfb56a974d Extend the SM2 asym cipher test 989684227b Remove some dead SM2 code fb2a6954fb Clean up some SM2 related TODOs in the tests ce64d3eee0 Move SM2 asymmetric encryption to be available in the default provider 7a032be7f2 Build: Make NonStop shared libraries only export selected symbols 8a288609b1 TEST: Remove use of EVP_PKEY_set_alias_type() in test/evp_extra_test.c 14711fffbf EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys 294e380220 Configuration: Don't have shared libraries depend on themselves e07a7892ee Configuration: Make it possible to have an argument file 25b16562d3 Hide ECX_KEY again 21e5be854d Add key length check to rsa_kem operation. 4e0723bc93 Test.pm: Some clarifications added to the documentation 1061baf646 apps/ca.c: Rename confusing variable 'req' to 'template_cert' in certify_cert() 29844ea5b3 Prune low-level ASN.1 parse errors from error queue in decoder_process() 50eb2a5077 load_key_certs_crls(): Restore output of fatal errors 254b5dcabd ACVP: add test case for DRBG cdb5129e5c Use OPENSSL_SYS_TANDEM instead of OPENSSL_SYSNAME_TANDEM 37fe90ad17 Configure: Show 'enable' and 'disable' config attributes c60330cb0e Configuration: Streamline NonStop entries 3eb99601b1 Simplify the tarball generating scripts Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/srptest-bin-srptest.d.tmp -MT test/srptest-bin-srptest.o -c -o test/srptest-bin-srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp
Errored: openssl/openssl#37766 (master - 7339547)
Build Update for openssl/openssl - Build: #37766 Status: Errored Duration: 1 hr, 20 mins, and 29 secs Commit: 7339547 (master) Author: Shane Lontis Message: Remove TODO comment from sskdf.c Fixes #12993 The implementation follows the standards/recommendations specified by https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12999) View the changeset: https://github.com/openssl/openssl/compare/c57a59b1a039...7339547d4550 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186910178?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: d93bded6aa optimise ssl3_get_cipher_by_std_name() 8c27ee6e05 STORE: Clear a couple of TODOs that were there for the sake of SM2 4ff993d791 Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() cf61b97d5f Generate a certificate with critical id-pkix-ocsp-nocheck extension 37326895b7 OCSP_resp_find_status.pod: Slightly improve the documentation of various flags 7d5ea3fecb OCSP_resp_find_status.pod: Replace function arg references B<...> by I<...> 4f5b222b84 Fix bug in EDDSA speed test 3786d74868 en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management fa9e541d49 Remove openssl provider app fc959d7171 Update openssl list to support new provider objects. 1c52bf3c04 Add EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() 5a9500488d Add EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() d3edef83f5 Modified rand_cpu_x86.c to support builtin hardware randomizer on HPE NonStop. a48309cb5c Document the provider side SM2 Asymmetric Cipher support bfb56a974d Extend the SM2 asym cipher test 989684227b Remove some dead SM2 code fb2a6954fb Clean up some SM2 related TODOs in the tests ce64d3eee0 Move SM2 asymmetric encryption to be available in the default provider 7a032be7f2 Build: Make NonStop shared libraries only export selected symbols 8a288609b1 TEST: Remove use of EVP_PKEY_set_alias_type() in test/evp_extra_test.c 14711fffbf EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys 294e380220 Configuration: Don't have shared libraries depend on themselves e07a7892ee Configuration: Make it possible to have an argument file 25b16562d3 Hide ECX_KEY again 21e5be854d Add key length check to rsa_kem operation. 4e0723bc93 Test.pm: Some clarifications added to the documentation 1061baf646 apps/ca.c: Rename confusing variable 'req' to 'template_cert' in certify_cert() 29844ea5b3 Prune low-level ASN.1 parse errors from error queue in decoder_process() 50eb2a5077 load_key_certs_crls(): Restore output of fatal errors 254b5dcabd ACVP: add test case for DRBG cdb5129e5c Use OPENSSL_SYS_TANDEM instead of OPENSSL_SYSNAME_TANDEM 37fe90ad17 Configure: Show 'enable' and 'disable' config attributes c60330cb0e Configuration: Streamline NonStop entries 3eb99601b1 Simplify the tarball generating scripts Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok
Errored: openssl/openssl#37764 (master - c57a59b)
Build Update for openssl/openssl - Build: #37764 Status: Errored Duration: 1 hr, 19 mins, and 5 secs Commit: c57a59b (master) Author: Pauli Message: todo: remove fork protection todo comment, it isn't relevant to the FIPS provider Fixes #12984 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12997) View the changeset: https://github.com/openssl/openssl/compare/d93bded6aa28...c57a59b1a039 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186909743?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: d93bded6aa optimise ssl3_get_cipher_by_std_name() 8c27ee6e05 STORE: Clear a couple of TODOs that were there for the sake of SM2 4ff993d791 Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() cf61b97d5f Generate a certificate with critical id-pkix-ocsp-nocheck extension 37326895b7 OCSP_resp_find_status.pod: Slightly improve the documentation of various flags 7d5ea3fecb OCSP_resp_find_status.pod: Replace function arg references B<...> by I<...> 4f5b222b84 Fix bug in EDDSA speed test 3786d74868 en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management fa9e541d49 Remove openssl provider app fc959d7171 Update openssl list to support new provider objects. 1c52bf3c04 Add EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() 5a9500488d Add EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() d3edef83f5 Modified rand_cpu_x86.c to support builtin hardware randomizer on HPE NonStop. a48309cb5c Document the provider side SM2 Asymmetric Cipher support bfb56a974d Extend the SM2 asym cipher test 989684227b Remove some dead SM2 code fb2a6954fb Clean up some SM2 related TODOs in the tests ce64d3eee0 Move SM2 asymmetric encryption to be available in the default provider 7a032be7f2 Build: Make NonStop shared libraries only export selected symbols 8a288609b1 TEST: Remove use of EVP_PKEY_set_alias_type() in test/evp_extra_test.c 14711fffbf EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys 294e380220 Configuration: Don't have shared libraries depend on themselves e07a7892ee Configuration: Make it possible to have an argument file 25b16562d3 Hide ECX_KEY again 21e5be854d Add key length check to rsa_kem operation. 4e0723bc93 Test.pm: Some clarifications added to the documentation 1061baf646 apps/ca.c: Rename confusing variable 'req' to 'template_cert' in certify_cert() 29844ea5b3 Prune low-level ASN.1 parse errors from error queue in decoder_process() 50eb2a5077 load_key_certs_crls(): Restore output of fatal errors 254b5dcabd ACVP: add test case for DRBG cdb5129e5c Use OPENSSL_SYS_TANDEM instead of OPENSSL_SYSNAME_TANDEM 37fe90ad17 Configure: Show 'enable' and 'disable' config attributes c60330cb0e Configuration: Streamline NonStop entries 3eb99601b1 Simplify the tarball generating scripts Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80779054477F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:314: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 8077E3BFFE7E:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:197 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:227 # false # 8077E3BFFE7E:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:399: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt #
[openssl] master update
The branch master has been updated
via 7339547d455046e14b50fe64d71d45c6786ac960 (commit)
from c57a59b1a0395733c89a56d3d5fc65a4bf576e4e (commit)
- Log -
commit 7339547d455046e14b50fe64d71d45c6786ac960
Author: Shane Lontis
Date: Sat Sep 26 12:41:41 2020 +1000
Remove TODO comment from sskdf.c
Fixes #12993
The implementation follows the standards/recommendations specified by
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12999)
---
Summary of changes:
providers/implementations/kdfs/sskdf.c | 5 -
1 file changed, 5 deletions(-)
diff --git a/providers/implementations/kdfs/sskdf.c
b/providers/implementations/kdfs/sskdf.c
index 22c65d26ba..04c1fb6f54 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -371,11 +371,6 @@ static int sskdf_derive(void *vctx, unsigned char *key,
size_t keylen)
int default_salt_len;
EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx);
-/*
- * TODO(3.0) investigate the necessity to have all these controls.
- * Why does KMAC require a salt length that's shorter than the MD
- * block size?
- */
if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_HMAC)) {
/* H(x) = HMAC(x, salt, hash) */
if (md == NULL) {
[openssl] master update
The branch master has been updated via c57a59b1a0395733c89a56d3d5fc65a4bf576e4e (commit) from d93bded6aa2852e681de2ed76fb43c415687af68 (commit) - Log - commit c57a59b1a0395733c89a56d3d5fc65a4bf576e4e Author: Pauli Date: Sat Sep 26 08:37:38 2020 +1000 todo: remove fork protection todo comment, it isn't relevant to the FIPS provider Fixes #12984 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12997) --- Summary of changes: crypto/threads_pthread.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 936aa7f0c7..a2735332b8 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -195,8 +195,6 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) } # ifndef FIPS_MODULE -/* TODO(3.0): No fork protection in FIPS module yet! */ - # ifdef OPENSSL_SYS_UNIX static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
Build completed: openssl master.37224
Build openssl master.37224 completed Commit e852a74654 by Dr. David von Oheimb on 9/27/2020 8:13 PM: x509_vfy.c: Remove use of legacy function X509_get_pubkey_parameters() Configure your notification preferences
Build failed: openssl master.37223
Build openssl master.37223 failed Commit d93bded6aa by hklaas on 9/27/2020 6:09 PM: optimise ssl3_get_cipher_by_std_name() Configure your notification preferences
Errored: openssl/openssl#37759 (master - d93bded)
Build Update for openssl/openssl - Build: #37759 Status: Errored Duration: 1 hr, 18 mins, and 19 secs Commit: d93bded (master) Author: hklaas Message: optimise ssl3_get_cipher_by_std_name() Return immediately on matched cipher. Without this patch the code only breaks out of the inner for loop, meaning for a matched TLS13 cipher the code will still loop through 160ish SSL3 ciphers. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13000) View the changeset: https://github.com/openssl/openssl/compare/8c27ee6e0562...d93bded6aa28 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186895580?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via d93bded6aa2852e681de2ed76fb43c415687af68 (commit)
from 8c27ee6e056257ab872598bb2a410b23f6c411a0 (commit)
- Log -
commit d93bded6aa2852e681de2ed76fb43c415687af68
Author: hklaas <71921312+hkl...@users.noreply.github.com>
Date: Sat Sep 26 10:54:13 2020 +0100
optimise ssl3_get_cipher_by_std_name()
Return immediately on matched cipher. Without this patch the code only
breaks out of the inner for loop, meaning for a matched TLS13 cipher the code
will still loop through 160ish SSL3 ciphers.
CLA: trivial
Reviewed-by: Paul Dale
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13000)
---
Summary of changes:
ssl/s3_lib.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 88bab0edc4..94c2d8c2ce 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4132,8 +4132,7 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char
*stdname)
if (tbl->stdname == NULL)
continue;
if (strcmp(stdname, tbl->stdname) == 0) {
-c = tbl;
-break;
+return tbl;
}
}
}
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DeGqr_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGBHn2j49Q4Z-2F9LnaRZsNP1FyN3KqoiDU4uXeDt5HXMOyfM2ZxpCY1gGNIKh-2BLw40Ttqp6rE4DGj1UaPv1U3bTBGmQcbdEIaDIQeK-2BrXO0mi2IVymTLUj-2FAKnJnD5F-2FcYtCojLxTS5yB2Hd2ZHtzxHVUNADHE8002pQoWA-2BBOXJ7H1m4mA8mPPH4LPXFo-2BrtbA-3D Build ID: 342118 Analysis Summary: New defects found: 12 Defects eliminated: 6 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DVGMA_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGBHn2j49Q4Z-2F9LnaRZsNP1FyN3KqoiDU4uXeDt5HXMO2JuOnGWRNQRNmDbPgNg9Pdo-2BiAGnmk-2BTfkeV7Ayj-2FANc-2BXH8S3D75D3Fb5Dr1yQwbA8lveU2Ugqe99tgDWwrslt8PKAWbS-2BWcA72wcpuj6VAPR7jpM0Vt2egGW9aPDhrVrVvy6hb-2FmMBOfn0An78Q4-3D
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3Dk2-g_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFQ-2F2zkkb7iEZqkFVS4JY8TOw-2BMoQRqqWC-2B7iGJybowmDzZueeZXzRXldA-2Fr5dvEIXf4fQCZ7x-2Bli8poP37Z4LZUKndiztKrZcwVhK-2BKOvwFk9FovyWzpQHKuLyOOrlFIWoh3avZEq-2B4yUZdYREy-2BxpwP-2BvVZOIVtT72T9Tmbq2ZEnGi5Lh4Ssn3dhNsgerOZI-3D Build ID: 342119 Analysis Summary: New defects found: 0 Defects eliminated: 0
Build failed: openssl master.37222
Build openssl master.37222 failed Commit 8c27ee6e05 by Richard Levitte on 9/27/2020 7:04 AM: STORE: Clear a couple of TODOs that were there for the sake of SM2 Configure your notification preferences
Errored: openssl/openssl#37758 (master - 8c27ee6)
Build Update for openssl/openssl - Build: #37758 Status: Errored Duration: 1 hr, 19 mins, and 48 secs Commit: 8c27ee6 (master) Author: Richard Levitte Message: STORE: Clear a couple of TODOs that were there for the sake of SM2 We now have decoder support for SM2, so the cheats that were in place for the sake of lacking decoders aren't needed any more. Fixes #12982 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12986) View the changeset: https://github.com/openssl/openssl/compare/4ff993d79125...8c27ee6e0562 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186864157?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 8c27ee6e056257ab872598bb2a410b23f6c411a0 (commit)
from 4ff993d7912516a2fd1d5c1e97a6f26a4644c1c6 (commit)
- Log -
commit 8c27ee6e056257ab872598bb2a410b23f6c411a0
Author: Richard Levitte
Date: Fri Sep 25 15:58:02 2020 +0200
STORE: Clear a couple of TODOs that were there for the sake of SM2
We now have decoder support for SM2, so the cheats that were in place
for the sake of lacking decoders aren't needed any more.
Fixes #12982
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/12986)
---
Summary of changes:
crypto/store/store_result.c | 27 ---
1 file changed, 27 deletions(-)
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index a309acc115..c3f21eedad 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -337,20 +337,6 @@ static EVP_PKEY *try_key_value_legacy(struct
extracted_param_data_st *data,
pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
-
-/*
- * It wasn't PKCS#8, so we must try the hard way.
- * However, we can cheat a little bit, because we know
- * what's not yet fully supported in out decoders.
- * TODO(3.0) Eliminate these when we have decoder support.
- */
-if (pk == NULL) {
-derp = der;
-pk = d2i_PrivateKey_ex(EVP_PKEY_SM2, NULL,
- , der_len,
- libctx, NULL);
-RESET_ERR_MARK();
-}
}
if (pk != NULL)
@@ -360,19 +346,6 @@ static EVP_PKEY *try_key_value_legacy(struct
extracted_param_data_st *data,
der = data->octet_data;
der_len = (long)data->octet_data_size;
}
-
-/*
- * Last, we try parameters. We cheat the same way we do for
- * private keys above.
- * TODO(3.0) Eliminate these when we have decoder support.
- */
-if (pk == NULL) {
-derp = der;
-pk = d2i_KeyParams(EVP_PKEY_SM2, NULL, , der_len);
-RESET_ERR_MARK();
-if (pk != NULL)
-*store_info_new = OSSL_STORE_INFO_new_PARAMS;
-}
CLEAR_ERR_MARK();
return pk;
