date:20201125

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dgram

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

80-test_ocsp.t . ok
80-test_pkcs12.t ... ok

# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 7 - iteration 7
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 8 - iteration 8
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 9 - iteration 9
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 10 - iteration 10
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 11 - iteration 11
# --
# ERROR: (ptr) 'server_ctx != NULL' failed @ 
../openssl/test/ssl_test.c:475
# 0x0
not ok 12 - iteration 12
# --
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips 
../../../openssl/test/fips-and-base.cnf => 1
not ok 9 - running ssl_test 04-client_auth.cnf
# --
#   Failed test 'running ssl_test 04-client_auth.cnf'
#   at ../openssl/test/recipes/80-test_ssl_new.t line 173.
# Looks like you failed 1 test of 9.
not ok 5 - Test configuration 04-client_auth.cnf
# --
# Looks like you failed 1 test of 31.80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/31 subtests 
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ...

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... skipped: The PKCS12 command line utility 
is not supported by this OpenSSL build
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t

Build completed: openssl master.38298

2020-11-25 Thread AppVeyor



Build openssl master.38298 completed



Commit a96b583d48 by Matt Caswell on 11/25/2020 5:24 PM:

fixup! Remove d2i_DHparams.pod and move documentation to d2i_RSAPrivateKey.pod


Configure your notification preferences

FAILED build of OpenSSL branch master with options -d --strict-warnings no-deprecated

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-deprecated

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT 
test/cipherbytes_test-bin-cipherbytes_test.o -c -o 
test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/cipherlist_test-bin-cipherlist_test.d.tmp -MT 
test/cipherlist_test-bin-cipherlist_test.o -c -o 
test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ciphername_test-bin-ciphername_test.d.tmp -MT 
test/ciphername_test-bin-ciphername_test.o -c -o 
test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations

Build failed: openssl master.38297

2020-11-25 Thread AppVeyor




Build openssl master.38297 failed


Commit 2d840893e7 by Matt Caswell on 11/25/2020 5:07 PM:

Fix no-rc2


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-cms

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

clang  -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-handshake_helper.d.tmp -MT 
test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o 
../openssl/test/handshake_helper.c
clang  -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include  
-pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED 
-DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o 
test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c
clang  -Iinclude -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL  -MMD -MF 
test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o 
test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c
clang  -Iinclude -I../openssl/include -Iinclude -Iapps/include 
-I../openssl/include -I../openssl/apps/include  -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/tls13ccstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -L.   \
-o test/tls13ccstest \
test/tls13ccstest-bin-ssltestlib.o \
test/tls13ccstest-bin-tls13ccstest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/tls13secretstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -L.   \
-o test/tls13secretstest \
crypto/tls13secretstest-bin-packet.o \
ssl/tls13secretstest-bin-tls13_enc.o \
test/tls13secretstest-bin-tls13secretstest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/uitest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
-Wmissing-variable-declarations -L.   \
-o test/uitest \
apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread 
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
$ make test
make depend && make _tests
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
( SRCTOP=../openssl \
  BLDTOP=. \
  PERL="/usr/bin/perl" \
  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
  EXE_EXT= \
  /usr/bin/perl ../openssl/test/run_tests.pl  )
01-test_abort.t  ok
01-test_sanity.t ... ok
01-test_symbol_presence.t .. ok
01-test_test.t . ok
02-test_errstr.t ... ok
02-test_internal_context.t . ok
02-test_internal_ctype.t ... ok
02-test_internal_keymgmt.t . ok
02-test_internal_provider.t  ok
02-test_lhash.t

Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT

2020-11-25 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared 
-DOPENSSL_SMALL_FOOTPRINT

Commit log since last time:

2d840893e7 Fix no-rc2
0f386f2eb0 Remove deprecation warning suppression from genpkey
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option
e50b81c932 re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC 
(avoiding DES)
6955e3f7e0 Re-enable testing of ciphersuites
6db0d58d81 Fix RC4-MD5 based ciphersuites
01c6551ce6 Ensure Stream ciphers know how to remove a TLS MAC
1950e0e3e7 Test that OSSL_STORE can load various types of params
cdbd27bab4 Test various deprecated PEM_read_bio_* APIs
337ade3d2c Don't forget the datatype when decoding a PEM file
403ef8cea7 APPS: Guard use of IPv6 functions and constants with a check of 
AF_INET6
ee8252847d Undeprecate the -dsaparam option in the dhparam app
273144fa5b Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as 
well.
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
9343d3fe3b ERR: Modify util/mkerr.pl to produce internal err string loaders
9524a3089c Turn on Github CI
223652548d Fix double-free in decoder_pkey.c
c150a94857 TEST: Make our test data binary
a68eee679a Move some libssl global variables into SSL_CTX
97485aec7f Add a test for the dhparam CLI application
1fd08e909d Remove some unneeded variables from dhparam
4ccf4e7686 Add encoder support to dhparam
88d1389c78 Convert dhparam to be fully based on EVP
948fd7af62 Support for Android NDK r22-beta1
ac2c4f657e RSA: Fix guard mixup

Build log ended with (last 100 lines):

# --
# Looks like you failed 1 test of 12.80-test_ssl_old.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/12 subtests 
80-test_ssl_test_ctx.t . ok

# INFO:  @ ../openssl/test/sslcorrupttest.c:197
# Starting #2, ECDHE-RSA-CHACHA20-POLY1305
# ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' 
failed @ ../openssl/test/ssltestlib.c:1028
# [1] compared to [2]
# ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) 
== true' failed @ ../openssl/test/sslcorrupttest.c:228
# false
# C02718735C7F:error::SSL 
routines:ossl_statem_client_read_transition:unexpected 
message:../openssl/ssl/statem/statem_clnt.c:397:
not ok 3 - iteration 3
# --
# INFO:  @ ../openssl/test/sslcorrupttest.c:197
# Starting #3, DHE-RSA-CHACHA20-POLY1305
# ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' 
failed @ ../openssl/test/ssltestlib.c:1028
# [1] compared to [2]
# ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) 
== true' failed @ ../openssl/test/sslcorrupttest.c:228
# false
# C02718735C7F:error::SSL 
routines:ossl_statem_client_read_transition:unexpected 
message:../openssl/ssl/statem/statem_clnt.c:397:
not ok 4 - iteration 4
# --
not ok 1 - test_ssl_corrupt
# --
../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem 
../../../openssl/apps/server.pem => 1
not ok 1 - running sslcorrupttest
# --
#   Failed test 'running sslcorrupttest'
#   at ../openssl/test/recipes/80-test_sslcorrupt.t line 19.
# Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: GOST support is disabled in this 
OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  skipped: Test only supported in a shared 
build
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t

Build completed: openssl master.38291

2020-11-25 Thread AppVeyor



Build openssl master.38291 completed



Commit 9fa8c252a9 by Richard Levitte on 11/25/2020 11:59 AM:

fixup! ERR: Drop or deprecate dangerous or overly confusing functions


Configure your notification preferences

Build failed: openssl master.38290

2020-11-25 Thread AppVeyor




Build openssl master.38290 failed


Commit 64d5656704 by Richard Levitte on 11/20/2020 10:07 AM:

Remove the old DEPRECATEDIN macros


Configure your notification preferences

Build completed: openssl master.38289

2020-11-25 Thread AppVeyor



Build openssl master.38289 completed



Commit f31285032e by Richard Levitte on 11/20/2020 12:06 PM:

fixup! Switch deprecation method for AES


Configure your notification preferences

Build failed: openssl master.38288

2020-11-25 Thread AppVeyor




Build openssl master.38288 failed


Commit ed611cbc9c by Richard Levitte on 11/25/2020 9:41 AM:

fixup! TEST: Break out the local dynamic loading code from shlibloadtest.c


Configure your notification preferences

[openssl] master update

2020-11-25 Thread Matt Caswell

The branch master has been updated
   via  2d840893e78253bcce428603fdbcda159bdebe08 (commit)
  from  0f386f2eb036d3efc61427b0f83cf5db654d0d49 (commit)


- Log -
commit 2d840893e78253bcce428603fdbcda159bdebe08
Author: Matt Caswell 
Date:   Tue Nov 24 14:45:07 2020 +

Fix no-rc2

Skip a test that relies on RC2 being present in a no-rc2 build.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13496)

---

Summary of changes:
 test/recipes/80-test_pkcs12.t | 20 
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index 0f977d7755..03edc59eea 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -90,13 +90,17 @@ ok(run(app(["openssl", "pkcs12", "-export",
 "-out", $outfile2])),
"test_pkcs12_passcerts");
 
-# Test reading legacy PKCS#12 file
-ok(run(app(["openssl", "pkcs12", "-export",
-"-in", srctop_file(@path, "v3-certs-RC2.p12"),
-"-passin", "pass:v3-certs",
-"-provider", "default", "-provider", "legacy",
-"-nokeys", "-passout", "pass:v3-certs", "-descert",
-"-out", $outfile3])),
-   "test_pkcs12_passcerts_legacy");
+SKIP: {
+skip "Skipping legacy PKCS#12 test because RC2 is disabled in this build", 
1
+if disabled("rc2");
+# Test reading legacy PKCS#12 file
+ok(run(app(["openssl", "pkcs12", "-export",
+"-in", srctop_file(@path, "v3-certs-RC2.p12"),
+"-passin", "pass:v3-certs",
+"-provider", "default", "-provider", "legacy",
+"-nokeys", "-passout", "pass:v3-certs", "-descert",
+"-out", $outfile3])),
+"test_pkcs12_passcerts_legacy");
+}
 
 SetConsoleOutputCP($savedcp) if (defined($savedcp));

[openssl] master update

2020-11-25 Thread Matt Caswell

The branch master has been updated
   via  0f386f2eb036d3efc61427b0f83cf5db654d0d49 (commit)
  from  931d5b4b27fcc907e3ff4d4328c59a5f285a44fb (commit)


- Log -
commit 0f386f2eb036d3efc61427b0f83cf5db654d0d49
Author: Matt Caswell 
Date:   Mon Nov 2 11:04:06 2020 +

Remove deprecation warning suppression from genpkey

genpkey was supressing deprecation warnings in order to support ENGINE
functionality. We move all of that into a separate file so that we don't
need to suppress the warnings anymore.

Fixes #13118

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13454)

---

Summary of changes:
 apps/genpkey.c  | 32 
 apps/include/apps.h |  2 ++
 apps/lib/engine.c   | 29 +
 3 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index 1682c661c6..d6ab0e6b17 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -7,9 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include 
 #include 
 #include "apps.h"
@@ -17,9 +14,6 @@
 #include 
 #include 
 #include 
-#ifndef OPENSSL_NO_ENGINE
-# include 
-#endif
 
 static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
 OSSL_LIB_CTX *libctx, const char *propq);
@@ -290,8 +284,6 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
  OSSL_LIB_CTX *libctx, const char *propq)
 {
 EVP_PKEY_CTX *ctx = NULL;
-const EVP_PKEY_ASN1_METHOD *ameth;
-ENGINE *tmpeng = NULL;
 int pkey_id;
 
 if (*pctx) {
@@ -299,29 +291,13 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
 return 0;
 }
 
-if (libctx == NULL || e != NULL) {
-ameth = EVP_PKEY_asn1_find_str(, algname, -1);
-
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-if (ameth == NULL && e != NULL)
-ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
-if (ameth == NULL) {
-BIO_printf(bio_err, "Algorithm %s not found\n", algname);
-return 0;
-}
-ERR_clear_error();
-
-EVP_PKEY_asn1_get0_info(_id, NULL, NULL, NULL, NULL, ameth);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-ENGINE_finish(tmpeng);
-#endif
+pkey_id = get_legacy_pkey_id(libctx, algname, e);
+if (pkey_id != NID_undef)
 ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-} else {
+else
 ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
-}
 
-if (!ctx)
+if (ctx == NULL)
 goto err;
 if (do_param) {
 if (EVP_PKEY_paramgen_init(ctx) <= 0)
diff --git a/apps/include/apps.h b/apps/include/apps.h
index b149a837f3..0848a2e03e 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -160,6 +160,8 @@ EVP_PKEY *load_engine_private_key(ENGINE *e, const char 
*keyid,
 EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
  const char *pass, const char *desc);
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
  const char *host, const char *path,
diff --git a/apps/lib/engine.c b/apps/lib/engine.c
index f47c94fbce..4d9adc2818 100644
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@@ -17,6 +17,7 @@
 #include  /* strcmp */
 
 #include  /* Ensure we have the ENGINE type, regardless */
+#include 
 #ifndef OPENSSL_NO_ENGINE
 # include 
 #endif
@@ -145,3 +146,31 @@ EVP_PKEY *load_engine_public_key(ENGINE *e, const char 
*keyid,
 return rv;
 }
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
+{
+const EVP_PKEY_ASN1_METHOD *ameth;
+ENGINE *tmpeng = NULL;
+int pkey_id = NID_undef;
+
+ERR_set_mark();
+ameth = EVP_PKEY_asn1_find_str(, algname, -1);
+
+#if !defined(OPENSSL_NO_ENGINE)
+ENGINE_finish(tmpeng);
+
+if (ameth == NULL && e != NULL)
+ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+else
+#endif
+/* We're only interested if it comes from an ENGINE */
+if (tmpeng == NULL)
+ameth = NULL;
+
+ERR_pop_to_mark();
+if (ameth == NULL)
+return NID_undef;
+
+EVP_PKEY_asn1_get0_info(_id, NULL, NULL, NULL, NULL, ameth);
+
+return pkey_id;
+}

Build failed: openssl master.38264

2020-11-25 Thread AppVeyor




Build openssl master.38264 failed


Commit 411c516312 by Nicola Tuveri on 11/21/2020 12:10 PM:

drop! Trigger extended tests


Configure your notification preferences

[openssl] master update

2020-11-25 Thread dev

The branch master has been updated
   via  931d5b4b27fcc907e3ff4d4328c59a5f285a44fb (commit)
   via  68f9d9223b247f5c6e50bf66f405bc2fb09295cf (commit)
   via  e50b81c932e7f0a5a742631215865ff66116366e (commit)
  from  6955e3f7e0574a1f4bf373ba7e8940591b0138ed (commit)


- Log -
commit 931d5b4b27fcc907e3ff4d4328c59a5f285a44fb
Author: Dr. David von Oheimb 
Date:   Tue Nov 24 16:16:08 2020 +0100

apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE

Also make clear we cannot use get_ui_method() at this point.

Fixes #13494

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/13497)

commit 68f9d9223b247f5c6e50bf66f405bc2fb09295cf
Author: Dr. David von Oheimb 
Date:   Wed Nov 25 11:36:27 2020 +0100

apps/cmp.c: Improve description of key loaded due to -newkew option

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/13497)

commit e50b81c932e7f0a5a742631215865ff66116366e
Author: Dr. David von Oheimb 
Date:   Tue Nov 24 16:16:57 2020 +0100

re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC (avoiding 
DES)

Fixes #13494

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/13497)

---

Summary of changes:
 apps/cmp.c|  12 +---
 apps/include/apps_ui.h|   2 +-
 apps/lib/apps_ui.c|   2 +-
 test/recipes/81-test_cmp_cli_data/Mock/signer.p12 | Bin 5341 -> 5475 bytes
 4 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index ccb61ab497..17173374df 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1609,12 +1609,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE 
*engine)
 const char *file = opt_newkey;
 const int format = opt_keyform;
 const char *pass = opt_newkeypass;
-const char *desc = "new private or public key for cert to be enrolled";
-EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, NULL);
+const char *desc = "new private key for cert to be enrolled";
+EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, desc);
 int priv = 1;
 
 if (pkey == NULL) {
 ERR_clear_error();
+desc = "fallback public key for cert to be enrolled";
 pkey = load_pubkey(file, format, 0, pass, engine, desc);
 priv = 0;
 }
@@ -2697,13 +2698,10 @@ int cmp_main(int argc, char **argv)
 ret = 0;
 
 if (opt_batch) {
-UI_METHOD *ui_fallback_method;
 #ifndef OPENSSL_NO_UI_CONSOLE
-ui_fallback_method = UI_OpenSSL();
-#else
-ui_fallback_method = (UI_METHOD *)UI_null();
+UI_method_set_reader(UI_OpenSSL(), NULL);
+/* can't change get_ui_method() here as load_key_certs_crls() uses it 
*/
 #endif
-UI_method_set_reader(ui_fallback_method, NULL);
 }
 
 if (opt_engine != NULL)
diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h
index 67d61e1396..59a82d5ecb 100644
--- a/apps/include/apps_ui.h
+++ b/apps/include/apps_ui.h
@@ -21,7 +21,7 @@ int password_callback(char *buf, int bufsiz, int verify, 
PW_CB_DATA *cb_data);
 
 int setup_ui_method(void);
 void destroy_ui_method(void);
-const UI_METHOD *get_ui_method(void);
+UI_METHOD *get_ui_method(void);
 
 extern BIO *bio_err;
 
diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c
index 880e9a4f6d..6c8c3de196 100644
--- a/apps/lib/apps_ui.c
+++ b/apps/lib/apps_ui.c
@@ -136,7 +136,7 @@ void destroy_ui_method(void)
 }
 }
 
-const UI_METHOD *get_ui_method(void)
+UI_METHOD *get_ui_method(void)
 {
 return ui_method;
 }
diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 
b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12
index 6eab305fde..5bbb1e205f 100644
Binary files a/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 and 
b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 differ

[openssl] master update

2020-11-25 Thread Matt Caswell

The branch master has been updated
   via  6955e3f7e0574a1f4bf373ba7e8940591b0138ed (commit)
   via  6db0d58d815b84b44610471b71de1f259d00c166 (commit)
   via  01c6551ce63005d65aa03edaa4c57d04438cc0d0 (commit)
  from  1950e0e3e796a066a0de95330f67d2da9d2c93e5 (commit)


- Log -
commit 6955e3f7e0574a1f4bf373ba7e8940591b0138ed
Author: Matt Caswell 
Date:   Tue Nov 10 17:04:02 2020 +

Re-enable testing of ciphersuites

Commit be9d82bb3 inadvertently disabled ciphersuite testing. This masked
some issues. Therefore we fix this testing.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13378)

commit 6db0d58d815b84b44610471b71de1f259d00c166
Author: Matt Caswell 
Date:   Wed Nov 11 11:07:12 2020 +

Fix RC4-MD5 based ciphersuites

The RC4-MD5 ciphersuites were not removing the length of the MAC when
calculating the length of decrypted TLS data. Since RC4 is a streamed
cipher that doesn't use padding we separate out the concepts of fixed
length TLS data to be removed, and TLS padding.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13378)

commit 01c6551ce63005d65aa03edaa4c57d04438cc0d0
Author: Matt Caswell 
Date:   Tue Nov 10 16:01:11 2020 +

Ensure Stream ciphers know how to remove a TLS MAC

We previously updated the block ciphers to know how to remove a TLS
MAC when using Encrypt-then-MAC. We also need to do the same for stream
ciphers.

Fixes #13363

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/13378)

---

Summary of changes:
 .../ciphers/cipher_aes_cbc_hmac_sha.c  |  4 +-
 .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c  |  3 +-
 .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c|  3 +-
 .../ciphers/cipher_rc4_hmac_md5_hw.c   |  1 +
 providers/implementations/ciphers/ciphercommon.c   | 39 ++---
 .../implementations/include/prov/ciphercommon.h|  5 +-
 test/recipes/80-test_ssl_old.t | 81 +++
 test/recipes/80-test_ssl_old_data/dsa2048.pem  | 14 
 test/ssltest_old.c | 92 +++---
 9 files changed, 147 insertions(+), 95 deletions(-)
 create mode 100644 test/recipes/80-test_ssl_old_data/dsa2048.pem

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 
b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 1ff2a29590..c1934afac5 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -184,7 +184,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM 
params[])
 }
 if (ctx->base.tlsversion == SSL3_VERSION
 || ctx->base.tlsversion == TLS1_VERSION) {
-if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) {
+if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
 return 0;
 }
@@ -192,7 +192,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM 
params[])
  * There is no explicit IV with these TLS versions, so don't 
attempt
  * to remove it.
  */
-ctx->base.removetlspad -= AES_BLOCK_SIZE;
+ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
 }
 }
 return ret;
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c 
b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index f8db563d18..5be237b485 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -60,7 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
 
 ctx->payload_length = NO_PAYLOAD_LENGTH;
 
-vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+vctx->removetlspad = 1;
+vctx->removetlsfixed = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
 
 return ret < 0 ? 0 : 1;
 }
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c 
b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 8587c414cd..03d06f8870 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -62,7 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX 
*vctx,
 
 ctx->payload_length = NO_PAYLOAD_LENGTH;
 
-vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+vctx->removetlspad = 1;
+vctx->removetlsfixed = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;

[openssl] master update

2020-11-25 Thread Matt Caswell

The branch master has been updated
   via  1950e0e3e796a066a0de95330f67d2da9d2c93e5 (commit)
   via  cdbd27bab4d981cb48327199ef89308e6ef36733 (commit)
   via  337ade3d2c9691aeb4a6ca1720f00346db91ac60 (commit)
  from  403ef8cea73e9b4924dce39e3706778618507cd6 (commit)


- Log -
commit 1950e0e3e796a066a0de95330f67d2da9d2c93e5
Author: Matt Caswell 
Date:   Wed Nov 18 12:07:43 2020 +

Test that OSSL_STORE can load various types of params

There have been instances where OSSL_STORE got confused between DSA and
DH params (e.g. see issue #13046) due the DER encoding of DH and DSA params
looking identical. Therefore we test that we get the types that we expect.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13329)

commit cdbd27bab4d981cb48327199ef89308e6ef36733
Author: Matt Caswell 
Date:   Tue Nov 17 17:18:08 2020 +

Test various deprecated PEM_read_bio_* APIs

Add tests for various deprecated PEM_read_bio_*() functions to ensure
they can still read the various files.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13329)

commit 337ade3d2c9691aeb4a6ca1720f00346db91ac60
Author: Matt Caswell 
Date:   Thu Nov 5 17:28:59 2020 +

Don't forget the datatype when decoding a PEM file

The OSSL_STORE code was forgetting the datatype that we read from the
PEM header when decoding the DER.

Fixes #13046

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/13329)

---

Summary of changes:
 crypto/store/store_result.c|   4 +-
 test/build.info|   9 +-
 test/ossl_store_test.c |  84 
 test/pem_read_depr_test.c  | 213 +
 test/recipes/04-test_pem_read_depr.t   |  20 ++
 .../04-test_pem_read_depr_data/dhparams.pem|   8 +
 .../04-test_pem_read_depr_data/dsaparams.pem   |  14 ++
 .../04-test_pem_read_depr_data/dsaprivatekey.pem   |  15 ++
 .../04-test_pem_read_depr_data/dsapublickey.pem|  20 ++
 .../04-test_pem_read_depr_data/rsaprivatekey.pem   |  28 +++
 .../04-test_pem_read_depr_data/rsapublickey.pem|   9 +
 .../04-test_pem_read_depr_data/x942params.pem  |  14 ++
 test/recipes/66-test_ossl_store.t  |   5 +-
 test/recipes/66-test_ossl_store_data/DH-params.pem |   8 +
 .../recipes/66-test_ossl_store_data/DHX-params.pem |  14 ++
 .../recipes/66-test_ossl_store_data/DSA-params.pem |  14 ++
 16 files changed, 474 insertions(+), 5 deletions(-)
 create mode 100644 test/pem_read_depr_test.c
 create mode 100644 test/recipes/04-test_pem_read_depr.t
 create mode 100644 test/recipes/04-test_pem_read_depr_data/dhparams.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/dsaparams.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/dsaprivatekey.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/dsapublickey.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/rsaprivatekey.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/rsapublickey.pem
 create mode 100644 test/recipes/04-test_pem_read_depr_data/x942params.pem
 create mode 100644 test/recipes/66-test_ossl_store_data/DH-params.pem
 create mode 100644 test/recipes/66-test_ossl_store_data/DHX-params.pem
 create mode 100644 test/recipes/66-test_ossl_store_data/DSA-params.pem

diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 175891d29f..25100e0248 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -274,8 +274,8 @@ static EVP_PKEY *try_key_value(struct 
extracted_param_data_st *data,
 }
 
 decoderctx =
-OSSL_DECODER_CTX_new_by_EVP_PKEY(, NULL, NULL, NULL, selection,
- libctx, propq);
+OSSL_DECODER_CTX_new_by_EVP_PKEY(, "DER", NULL, data->data_type,
+ selection, libctx, propq);
 (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg);
 
 /* No error if this couldn't be decoded */
diff --git a/test/build.info b/test/build.info
index 0ce3e27ae8..1485801e84 100644
--- a/test/build.info
+++ b/test/build.info
@@ -57,7 +57,8 @@ IF[{- !$disabled{tests} -}]
   http_test servername_test ocspapitest fatalerrtest tls13ccstest \
   sysdefaulttest errtest ssl_ctx_test gosttest \
   context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
-  keymgmt_internal_test hexstr_test provider_status_test defltfips_test
+  keymgmt_internal_test hexstr_test provider_status_test 
defltfips_test \
+  pem_read_depr_test
 
   IF[{- !$disabled{'deprecated-3.0'} -}]

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

Build completed: openssl master.38298

FAILED build of OpenSSL branch master with options -d --strict-warnings no-deprecated

Build failed: openssl master.38297

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm

Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT

Build completed: openssl master.38291

Build failed: openssl master.38290

Build completed: openssl master.38289

Build failed: openssl master.38288

[openssl] master update

[openssl] master update

Build failed: openssl master.38264

[openssl] master update

[openssl] master update

[openssl] master update

19 matches

Site Navigation

Mail list logo

Footer information