Build failed: openssl master.37586

[AppVeyor]

Build openssl master.37586 failed


Commit e683cf4ad3 by Richard Levitte on 10/20/2020 4:48 AM:

Work around Windows ftell() bug as per Microsoft engineering's suggestion


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-rc2

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok

Could not read any certificates from -in file from 
../../../openssl/test/certs/v3-certs-RC2.p12
C020AA90CA7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:RC2-40-CBC
../../util/wrap.pl ../../apps/openssl pkcs12 -export -in 
../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider 
default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 
=> 1
not ok 5 - test_pkcs12_passcert
# --
#   Failed test 'test_pkcs12_passcert'
#   at ../openssl/test/recipes/80-test_pkcs12.t line 93.
# Looks like you failed 1 test of 5.80-test_pkcs12.t ... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/5 subtests 
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok

Build failed: openssl master.37585

[AppVeyor]

Build openssl master.37585 failed


Commit 4342c5c894 by Richard Levitte on 10/20/2020 4:22 AM:

fixup! Deprecate RSA harder


Configure your notification preferences

Build failed: openssl master.37582

[AppVeyor]

Build openssl master.37582 failed


Commit 0e1122fc1f by Richard Levitte on 10/9/2020 11:02 AM:

Add easy to digest selector macros for EVP_PKEYs


Configure your notification preferences

Build failed: openssl master.37581

[AppVeyor]

Build openssl master.37581 failed


Commit 688fb2aa99 by Pauli on 10/20/2020 3:32 AM:

dsa: provider and library deprecation changes


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-posix-io

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in 
> doc/man1/openssl-dsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in 
> doc/man1/openssl-ec.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in 
> doc/man1/openssl-enc.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-fipsinstall.pod.in > 
doc/man1/openssl-fipsinstall.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 
../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in 
> doc/man1/openssl-kdf.pod
/usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars 
"../openssl/util/dofile.pl" "-oMakefile" 

Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock credentials' -certout 
../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0
not ok 38 - unprotected request
# --
#   Failed test 'unprotected request'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
# Looks like you failed 3 tests of 38.
not ok 5 - CMP app CLI Mock credentials
# --
# cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:166:CMP info: sending 
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:184:CMP info: received 
PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled 
certificate(s), saving to file 
'../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem'
../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -certout 
../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 
-certout 
../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem 
-out_trusted root.crt => 0
not ok 43 - popo RAVERIFIED
# --
# cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ui-console

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

#   Failed test 'p10cr csr non-existing file'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_p10cr4.pem 
-out_trusted root.crt -csr empty.txt => 139
not ok 78 - p10cr csr empty file
# --
#   Failed test 'p10cr csr empty file'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_revreason.pem 
-out_trusted root.crt -revreason 5 => 139
not ok 79 - ir + ignored revocation
# --
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_cr.pem 
-out_trusted root.crt => 139
not ok 82 - cr
# --
#   Failed test 'cr'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
../../../../../no-ui-console/util/wrap.pl 
../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 
'Mock enrollment' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_kur.pem 
-out_trusted root.crt -oldcert 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_newkey.pem 
-server '127.0.0.1:1700' -cert 
../../../../../no-ui-console/test-runs/test_cmp_cli/test.certout_newkey.pem 
-key new.key -extracerts issuing.crt => 139
not ok 83 - kur explicit options
# 

Build completed: openssl OpenSSL_1_1_1-stable.37574

[AppVeyor]

Build openssl OpenSSL_1_1_1-stable.37574 completed



Commit 909a13bafb by Jeremiah Gowdy on 10/19/2020 5:02 PM:

Remove useless memset


Configure your notification preferences

Build failed: openssl master.37573

[AppVeyor]

Build openssl master.37573 failed


Commit 1dc5128577 by Matt Caswell on 10/19/2020 3:11 PM:

Fix no-dh


Configure your notification preferences

Still Failing: openssl/openssl#38103 (master - 1dc5128)

[Travis CI]

Build Update for openssl/openssl
-

Build: #38103
Status: Still Failing

Duration: 1 hr, 19 mins, and 55 secs
Commit: 1dc5128 (master)
Author: Matt Caswell
Message: Fix no-dh

One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.

Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.

The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13162)

View the changeset: 
https://github.com/openssl/openssl/compare/ea7277fd2e27...1dc5128577ed

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/190985500?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Build completed: openssl master.37572

[AppVeyor]

Build openssl master.37572 completed



Commit f9c91d3334 by Otto Hollmann on 10/19/2020 2:25 PM:

Fixed error and return code.


Configure your notification preferences

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc (commit)
  from  ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit)


- Log -
commit 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc
Author: Matt Caswell 
Date:   Fri Oct 16 17:16:30 2020 +0100

Fix no-dh

One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.

Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.

The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13162)

---

Summary of changes:
 crypto/dsa/dsa_ameth.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 208c4ec19f..d3e22abc35 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -374,10 +374,9 @@ static int dsa_param_decode(EVP_PKEY *pkey,
 {
 DSA *dsa;
 
-if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
-DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
 return 0;
-}
+
 dsa->dirty_cnt++;
 EVP_PKEY_assign_DSA(pkey, dsa);
 return 1;

Build failed: openssl master.37571

[AppVeyor]

Build openssl master.37571 failed


Commit ea7277fd2e by Richard Levitte on 10/19/2020 10:14 AM:

TEST: fix the DH tests to reproduce the priv_len settings


Configure your notification preferences

Still Failing: openssl/openssl#38101 (master - ea7277f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #38101
Status: Still Failing

Duration: 1 hr, 25 mins, and 7 secs
Commit: ea7277f (master)
Author: Richard Levitte
Message: TEST: fix the DH tests to reproduce the priv_len settings

Some DH tests are done against files generated with '-pkeyopt priv_len:224'
This parameter must of course be reproduced when creating the key with
EVP_PKEY_fromdata(), or there will be a default that's guaranteed to
differ from the key parameters on file.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13166)

View the changeset: 
https://github.com/openssl/openssl/compare/6c8149df1fb6...ea7277fd2e27

View the full build log and details: 
https://travis-ci.com/github/openssl/openssl/builds/190929687?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-err

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

65-test_cmp_vfy.t .. ok
66-test_ossl_store.t ... ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-engine

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-certs -noout ../../../../openssl/test/testx509.pem => 1
not ok 409 - Checking that -certs returns 1 object on a certificate file
# --
#   Failed test 'Checking that -certs returns 1 object on a certificate file'
#   at ../openssl/test/recipes/90-test_store.t line 205.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-certs -noout ../../../../openssl/test/testcrl.pem => 1
not ok 410 - Checking that -certs returns 0 objects on a CRL file
# --
#   Failed test 'Checking that -certs returns 0 objects on a CRL file'
#   at ../openssl/test/recipes/90-test_store.t line 208.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls 
-noout ../../../../openssl/test/testx509.pem => 1
not ok 411 - Checking that -crls returns 0 objects on a certificate file
# --
#   Failed test 'Checking that -crls returns 0 objects on a certificate file'
#   at ../openssl/test/recipes/90-test_store.t line 212.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls 
-noout ../../../../openssl/test/testcrl.pem => 1
not ok 412 - Checking that -crls returns 1 object on a CRL file
# --
#   Failed test 'Checking that -crls returns 1 object on a CRL file'
#   at ../openssl/test/recipes/90-test_store.t line 215.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1
not ok 413
# --
#   Failed test at ../openssl/test/recipes/90-test_store.t line 226.
storeutl: Unknown message digest: engine
storeutl: Use -help for summary.
../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic 
-noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification 
Authority' rehash => 1
not ok 414
# --
#   Failed 

[openssl] master update

[Richard Levitte]

The branch master has been updated
   via  ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit)
   via  ee55a2072785701d7f9322013f5e9968b1ff141f (commit)
   via  0ba71d6a63add7efb244965c0f18502bd786a0f7 (commit)
  from  6c8149df1fb6fce50a914a70040955d3512b0bd6 (commit)


- Log -
commit ea7277fd2e27afa3a173ea30d567f45d7bb3d30d
Author: Richard Levitte 
Date:   Thu Oct 15 08:30:49 2020 +0200

TEST: fix the DH tests to reproduce the priv_len settings

Some DH tests are done against files generated with '-pkeyopt priv_len:224'
This parameter must of course be reproduced when creating the key with
EVP_PKEY_fromdata(), or there will be a default that's guaranteed to
differ from the key parameters on file.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13166)

commit ee55a2072785701d7f9322013f5e9968b1ff141f
Author: Richard Levitte 
Date:   Thu Oct 15 07:14:16 2020 +0200

DH: have DH_set_length() increment the dirty count.

The recommended private key length is a key parameter among other key
parameters, and is included in the key data transferred in an import
or export between legacy implementations and provider implementations.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13166)

commit 0ba71d6a63add7efb244965c0f18502bd786a0f7
Author: Richard Levitte 
Date:   Thu Oct 15 07:10:29 2020 +0200

DH: make the private key length importable / exportable

The DH private key length, which is an optional parameter, wasn't
properly imported / exported between legacy and provider side
implementations.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13166)

---

Summary of changes:
 crypto/dh/dh_ameth.c |  8 +++-
 crypto/dh/dh_backend.c   | 66 
 crypto/dh/dh_lib.c   | 20 +
 crypto/param_build_set.c | 11 +
 include/crypto/dh.h  |  5 ++-
 include/internal/param_build_set.h   |  2 +
 providers/implementations/keymgmt/dh_kmgmt.c | 30 +++--
 test/evp_pkey_provided_test.c|  6 +++
 8 files changed, 103 insertions(+), 45 deletions(-)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 69b166362a..49e65e4d6c 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -485,6 +485,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void 
*to_keydata,
 DH *dh = from->pkey.dh;
 OSSL_PARAM_BLD *tmpl;
 const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
+long l = DH_get_length(dh);
 const BIGNUM *pub_key = DH_get0_pub_key(dh);
 const BIGNUM *priv_key = DH_get0_priv_key(dh);
 OSSL_PARAM *params = NULL;
@@ -512,6 +513,11 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void 
*to_keydata,
 goto err;
 }
 selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
+if (l > 0) {
+if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
+goto err;
+selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
+}
 if (pub_key != NULL) {
 if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
 goto err;
@@ -550,7 +556,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM 
params[], void *vpctx,
 DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
 DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
 
-if (!dh_ffc_params_fromdata(dh, params)
+if (!dh_params_fromdata(dh, params)
 || !dh_key_fromdata(dh, params)
 || !EVP_PKEY_assign(pkey, type, dh)) {
 DH_free(dh);
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 704f6efac1..1ce29e652d 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -8,6 +8,7 @@
  */
 
 #include 
+#include "internal/param_build_set.h"
 #include "crypto/dh.h"
 
 /*
@@ -16,6 +17,41 @@
  * implementations alike.
  */
 
+static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
+{
+int ret;
+FFC_PARAMS *ffc;
+
+if (dh == NULL)
+return 0;
+ffc = dh_get0_params(dh);
+if (ffc == NULL)
+return 0;
+
+ret = ossl_ffc_params_fromdata(ffc, params);
+if (ret)
+dh_cache_named_group(dh); /* This increments dh->dirt_cnt */
+return ret;
+}
+
+int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+{
+const OSSL_PARAM *param_priv_len;
+long priv_len;
+
+if (!dh_ffc_params_fromdata(dh, params))
+return 0;
+
+param_priv_len =
+OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
+if (param_priv_len != NULL
+&& (!OSSL_PARAM_get_long(param_priv_len, _len)
+|| 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dh

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

65-test_cmp_vfy.t .. ok
66-test_ossl_store.t ... ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . skipped: dh is not supported by this 
OpenSSL build
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . skipped: dh is not supported by this 
OpenSSL build
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dgram

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):


# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . skipped: No DTLS protocols are supported 
by this OpenSSL build
80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK 
support enabled
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok

# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 7 - iteration 7
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 8 - iteration 8
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 9 - iteration 9
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 10 - iteration 10
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 11 - iteration 11
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 12 - iteration 12
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips 
../../../openssl/test/fips-and-base.cnf => 1
not ok 9 - running ssl_test 04-client_auth.cnf
# --
#   Failed test 'running ssl_test 04-client_auth.cnf'
#   at ../openssl/test/recipes/80-test_ssl_new.t line 173.
# Looks like you failed 1 test of 9.
not ok 5 - Test configuration 04-client_auth.cnf
# --
# Looks like you failed 1 test of 31.80-test_ssl_new.t .. 
Dubious, test 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and 
CONTRIBUTING
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, 
unconditionally
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
b40498c6e7 TEST: modify tconversion.pl for forensics
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
301fcb2843 Concentrate deprecated libssl API usage in one file
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
f4bd510503 list: add a -provider-info option.
994a924b3c null prov: fix gettable param array type.
e8dca211b4 Prepare for 3.0 alpha 8
f9a5682e5c Prepare for release of 3.0 alpha 7
eec0ad10b9 Update copyright year
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of 
X509_ATTRIBUTE
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 
'libctx'
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
0d30e15a57 Remove some more CMS key downgrades
7022d9b903 Remove CMS recipient info information out of the algorithm 
implementations
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
99b3b762c3 Remove a CMS key downgrade
5b70206cb3 [test][tls-provider] Implement KEM algorithm
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
a011b5861b [ssl] Support ssl_decapsulate on client side
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
32fea070dc [test][tls-provider] Group xor_group properties in a struct
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and 
TNS/X.

Build log ended with (last 100 lines):

not ok 79 - ir + ignored revocation
# --
Could not read private key for CMP client certificate from signer.p12
C0906D9FDC7F:error::digital envelope routines:EVP_PBE_CipherInit:unknown 
cipher:../openssl/crypto/evp/evp_pbe.c:116:DES-EDE3-CBC
Unable to load private key for CMP client certificate
cmp_main:../openssl/apps/cmp.c:2818:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp 
-config ../Mock/test.cnf -section 'Mock enrollment' -certout 
../../../../../no-des/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 
127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout 
../../../../../no-des/test-runs/test_cmp_cli/test.certout_cr.pem -out_trusted 
root.crt => 1
not ok 82 - cr
# --
#   Failed test 'cr'
#   at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
Could not open file or uri for loading CMP client certificate (optionally with 
chain) from ../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem
CE69B17F:error::STORE routines:ossl_store_get0_loader_int:unregistered 
scheme:../openssl/crypto/store/store_register.c:240:scheme=file
CE69B17F:error::system library:file_open:No such file or 
directory:../openssl/providers/implementations/storemgmt/file_store.c:277:calling
 stat(../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem)
cmp_main:../openssl/apps/cmp.c:2818:CMP error: cannot set up CMP context
# cmp_main:../openssl/apps/cmp.c:2665:CMP info: using OpenSSL configuration 
file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is 
empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1881:CMP warning: -subject 
'/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides 
the subject of 
'../../../../../no-des/test-runs/test_cmp_cli/test.certout_newkey.pem' in KUR
# warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 
'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
../../../../../no-des/util/wrap.pl