Build failed: openssl master.37586
Build openssl master.37586 failed Commit e683cf4ad3 by Richard Levitte on 10/20/2020 4:48 AM: Work around Windows ftell() bug as per Microsoft engineering's suggestion Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok Could not read any certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C020AA90CA7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:RC2-40-CBC ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # -- # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok
Build failed: openssl master.37585
Build openssl master.37585 failed Commit 4342c5c894 by Richard Levitte on 10/20/2020 4:22 AM: fixup! Deprecate RSA harder Configure your notification preferences
Build failed: openssl master.37582
Build openssl master.37582 failed Commit 0e1122fc1f by Richard Levitte on 10/9/2020 11:02 AM: Add easy to digest selector macros for EVP_PKEYs Configure your notification preferences
Build failed: openssl master.37581
Build openssl master.37581 failed Commit 688fb2aa99 by Pauli on 10/20/2020 3:32 AM: dsa: provider and library deprecation changes Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile"
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # -- # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # -- # cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): # Failed test 'p10cr csr non-existing file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_p10cr4.pem -out_trusted root.crt -csr empty.txt => 139 not ok 78 - p10cr csr empty file # -- # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_cr.pem -out_trusted root.crt => 139 not ok 82 - cr # -- # Failed test 'cr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_kur.pem -out_trusted root.crt -oldcert ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_newkey.pem -server '127.0.0.1:1700' -cert ../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_newkey.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur explicit options #
Build completed: openssl OpenSSL_1_1_1-stable.37574
Build openssl OpenSSL_1_1_1-stable.37574 completed Commit 909a13bafb by Jeremiah Gowdy on 10/19/2020 5:02 PM: Remove useless memset Configure your notification preferences
Build failed: openssl master.37573
Build openssl master.37573 failed Commit 1dc5128577 by Matt Caswell on 10/19/2020 3:11 PM: Fix no-dh Configure your notification preferences
Still Failing: openssl/openssl#38103 (master - 1dc5128)
Build Update for openssl/openssl - Build: #38103 Status: Still Failing Duration: 1 hr, 19 mins, and 55 secs Commit: 1dc5128 (master) Author: Matt Caswell Message: Fix no-dh One of the x509 tests checks to make sure spurious errors don't appear on the stack. The x509 app uses the OSSL_STORE code to load things. The OSSL_STORE code will try various different formats - which results in lots of failures. However those failures are typically suppressed by OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what kind of errors are uninteresting (ASN.1 errors) but gets confused if upper levels of code add additional errors to the stack. This was happening in the DSA code which confused OSSL_STORE and meant the errors were not being suppressed properly - and hence the x509 test failed. Interestingly this only impacts a no-dh build, because in a no-dh build the DSA param decoder suddenly becomes the last to be tried. If it happens earlier in the list the errors end up getting suppressed anyway. The simplest solution is to just to remove the error from the DSA param decoder code. It's not adding any useful information anyway. Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13162) View the changeset: https://github.com/openssl/openssl/compare/ea7277fd2e27...1dc5128577ed View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/190985500?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build completed: openssl master.37572
Build openssl master.37572 completed Commit f9c91d3334 by Otto Hollmann on 10/19/2020 2:25 PM: Fixed error and return code. Configure your notification preferences
[openssl] master update
The branch master has been updated via 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc (commit) from ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit) - Log - commit 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc Author: Matt Caswell Date: Fri Oct 16 17:16:30 2020 +0100 Fix no-dh One of the x509 tests checks to make sure spurious errors don't appear on the stack. The x509 app uses the OSSL_STORE code to load things. The OSSL_STORE code will try various different formats - which results in lots of failures. However those failures are typically suppressed by OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what kind of errors are uninteresting (ASN.1 errors) but gets confused if upper levels of code add additional errors to the stack. This was happening in the DSA code which confused OSSL_STORE and meant the errors were not being suppressed properly - and hence the x509 test failed. Interestingly this only impacts a no-dh build, because in a no-dh build the DSA param decoder suddenly becomes the last to be tried. If it happens earlier in the list the errors end up getting suppressed anyway. The simplest solution is to just to remove the error from the DSA param decoder code. It's not adding any useful information anyway. Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13162) --- Summary of changes: crypto/dsa/dsa_ameth.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 208c4ec19f..d3e22abc35 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -374,10 +374,9 @@ static int dsa_param_decode(EVP_PKEY *pkey, { DSA *dsa; -if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { -DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); +if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) return 0; -} + dsa->dirty_cnt++; EVP_PKEY_assign_DSA(pkey, dsa); return 1;
Build failed: openssl master.37571
Build openssl master.37571 failed Commit ea7277fd2e by Richard Levitte on 10/19/2020 10:14 AM: TEST: fix the DH tests to reproduce the priv_len settings Configure your notification preferences
Still Failing: openssl/openssl#38101 (master - ea7277f)
Build Update for openssl/openssl - Build: #38101 Status: Still Failing Duration: 1 hr, 25 mins, and 7 secs Commit: ea7277f (master) Author: Richard Levitte Message: TEST: fix the DH tests to reproduce the priv_len settings Some DH tests are done against files generated with '-pkeyopt priv_len:224' This parameter must of course be reproduced when creating the key with EVP_PKEY_fromdata(), or there will be a default that's guaranteed to differ from the key parameters on file. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13166) View the changeset: https://github.com/openssl/openssl/compare/6c8149df1fb6...ea7277fd2e27 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/190929687?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testx509.pem => 1 not ok 409 - Checking that -certs returns 1 object on a certificate file # -- # Failed test 'Checking that -certs returns 1 object on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 205. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # -- # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # -- # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # -- # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 414 # -- # Failed
[openssl] master update
The branch master has been updated via ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit) via ee55a2072785701d7f9322013f5e9968b1ff141f (commit) via 0ba71d6a63add7efb244965c0f18502bd786a0f7 (commit) from 6c8149df1fb6fce50a914a70040955d3512b0bd6 (commit) - Log - commit ea7277fd2e27afa3a173ea30d567f45d7bb3d30d Author: Richard Levitte Date: Thu Oct 15 08:30:49 2020 +0200 TEST: fix the DH tests to reproduce the priv_len settings Some DH tests are done against files generated with '-pkeyopt priv_len:224' This parameter must of course be reproduced when creating the key with EVP_PKEY_fromdata(), or there will be a default that's guaranteed to differ from the key parameters on file. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13166) commit ee55a2072785701d7f9322013f5e9968b1ff141f Author: Richard Levitte Date: Thu Oct 15 07:14:16 2020 +0200 DH: have DH_set_length() increment the dirty count. The recommended private key length is a key parameter among other key parameters, and is included in the key data transferred in an import or export between legacy implementations and provider implementations. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13166) commit 0ba71d6a63add7efb244965c0f18502bd786a0f7 Author: Richard Levitte Date: Thu Oct 15 07:10:29 2020 +0200 DH: make the private key length importable / exportable The DH private key length, which is an optional parameter, wasn't properly imported / exported between legacy and provider side implementations. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13166) --- Summary of changes: crypto/dh/dh_ameth.c | 8 +++- crypto/dh/dh_backend.c | 66 crypto/dh/dh_lib.c | 20 + crypto/param_build_set.c | 11 + include/crypto/dh.h | 5 ++- include/internal/param_build_set.h | 2 + providers/implementations/keymgmt/dh_kmgmt.c | 30 +++-- test/evp_pkey_provided_test.c| 6 +++ 8 files changed, 103 insertions(+), 45 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 69b166362a..49e65e4d6c 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -485,6 +485,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, DH *dh = from->pkey.dh; OSSL_PARAM_BLD *tmpl; const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); +long l = DH_get_length(dh); const BIGNUM *pub_key = DH_get0_pub_key(dh); const BIGNUM *priv_key = DH_get0_priv_key(dh); OSSL_PARAM *params = NULL; @@ -512,6 +513,11 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, goto err; } selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; +if (l > 0) { +if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l)) +goto err; +selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; +} if (pub_key != NULL) { if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key)) goto err; @@ -550,7 +556,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); -if (!dh_ffc_params_fromdata(dh, params) +if (!dh_params_fromdata(dh, params) || !dh_key_fromdata(dh, params) || !EVP_PKEY_assign(pkey, type, dh)) { DH_free(dh); diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index 704f6efac1..1ce29e652d 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -8,6 +8,7 @@ */ #include +#include "internal/param_build_set.h" #include "crypto/dh.h" /* @@ -16,6 +17,41 @@ * implementations alike. */ +static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]) +{ +int ret; +FFC_PARAMS *ffc; + +if (dh == NULL) +return 0; +ffc = dh_get0_params(dh); +if (ffc == NULL) +return 0; + +ret = ossl_ffc_params_fromdata(ffc, params); +if (ret) +dh_cache_named_group(dh); /* This increments dh->dirt_cnt */ +return ret; +} + +int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) +{ +const OSSL_PARAM *param_priv_len; +long priv_len; + +if (!dh_ffc_params_fromdata(dh, params)) +return 0; + +param_priv_len = +OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); +if (param_priv_len != NULL +&& (!OSSL_PARAM_get_long(param_priv_len, _len) +||
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . skipped: dh is not supported by this OpenSSL build 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:475 # 0x0 not ok 12 - iteration 12 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # -- # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING 84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent 9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally a1fc4642e1 dev/release.sh: improve instruction for pushing the tag b40498c6e7 TEST: modify tconversion.pl for forensics 372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change 47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback 301fcb2843 Concentrate deprecated libssl API usage in one file 192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp. f4bd510503 list: add a -provider-info option. 994a924b3c null prov: fix gettable param array type. e8dca211b4 Prepare for 3.0 alpha 8 f9a5682e5c Prepare for release of 3.0 alpha 7 eec0ad10b9 Update copyright year 796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API 0d30e15a57 Remove some more CMS key downgrades 7022d9b903 Remove CMS recipient info information out of the algorithm implementations 9ab7fe4836 Move CMS signing code out of the algorithms and into CMS 0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS 99b3b762c3 Remove a CMS key downgrade 5b70206cb3 [test][tls-provider] Implement KEM algorithm 8b17fbaf46 [ssl] Support ssl_encapsulate on server side a011b5861b [ssl] Support ssl_decapsulate on client side c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group 32fea070dc [test][tls-provider] Group xor_group properties in a struct 47690cd4ce Use __BYTE_ORDER__ to test the endianness when available 8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy 58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X. Build log ended with (last 100 lines): not ok 79 - ir + ignored revocation # -- Could not read private key for CMP client certificate from signer.p12 C0906D9FDC7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2818:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../no-des/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout ../../../../../no-des/test-runs/test_cmp_cli/test.certout_cr.pem -out_trusted root.crt => 1 not ok 82 - cr # -- # Failed test 'cr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. Could not open file or uri for loading CMP client certificate (optionally with chain) from ../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem CE69B17F:error::STORE routines:ossl_store_get0_loader_int:unregistered scheme:../openssl/crypto/store/store_register.c:240:scheme=file CE69B17F:error::system library:file_open:No such file or directory:../openssl/providers/implementations/storemgmt/file_store.c:277:calling stat(../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem) cmp_main:../openssl/apps/cmp.c:2818:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # setup_client_ctx:../openssl/apps/cmp.c:1881:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of '../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem' in KUR # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl