Build failed: openssl master.38682
Build openssl master.38682 failed Commit 88dc930a4a by Shane Lontis on 12/11/2020 12:30 AM: fixup! Add functions to set values into an EVP_PKEY Configure your notification preferences
Build failed: openssl master.38678
Build openssl master.38678 failed Commit d3ba736cac by Richard Levitte on 12/10/2020 6:36 PM: fixup! MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key Configure your notification preferences
Build failed: openssl master.38676
Build openssl master.38676 failed Commit 305d217f3d by Matt Caswell on 12/10/2020 4:57 PM: Document the core_thread_start upcall Configure your notification preferences
[openssl] master update
The branch master has been updated
via f0591559f6f4697768f516da11ba5557842191b0 (commit)
from 1a683b80dc9ad4dcbf206a0617364a9d614a9883 (commit)
- Log -
commit f0591559f6f4697768f516da11ba5557842191b0
Author: Shane Lontis
Date: Fri Nov 20 19:14:14 2020 +1000
Add validate method to ECX keymanager
Fixes #11619
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13459)
---
Summary of changes:
providers/implementations/keymgmt/ecx_kmgmt.c | 77 ++
test/evp_pkey_provided_test.c | 95 +--
2 files changed, 152 insertions(+), 20 deletions(-)
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c
b/providers/implementations/keymgmt/ecx_kmgmt.c
index 3dccbaf880..076e59eafe 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -60,6 +60,10 @@ static OSSL_FUNC_keymgmt_settable_params_fn
ed25519_settable_params;
static OSSL_FUNC_keymgmt_settable_params_fn ed448_settable_params;
static OSSL_FUNC_keymgmt_has_fn ecx_has;
static OSSL_FUNC_keymgmt_match_fn ecx_match;
+static OSSL_FUNC_keymgmt_validate_fn x25519_validate;
+static OSSL_FUNC_keymgmt_validate_fn x448_validate;
+static OSSL_FUNC_keymgmt_validate_fn ed25519_validate;
+static OSSL_FUNC_keymgmt_validate_fn ed448_validate;
static OSSL_FUNC_keymgmt_import_fn ecx_import;
static OSSL_FUNC_keymgmt_import_types_fn ecx_imexport_types;
static OSSL_FUNC_keymgmt_export_fn ecx_export;
@@ -670,6 +674,78 @@ void *ecx_load(const void *reference, size_t reference_sz)
return NULL;
}
+static int ecx_key_pairwise_check(const ECX_KEY *ecx, int type)
+{
+uint8_t pub[64];
+
+switch (type) {
+case ECX_KEY_TYPE_X25519:
+X25519_public_from_private(pub, ecx->privkey);
+break;
+case ECX_KEY_TYPE_X448:
+X448_public_from_private(pub, ecx->privkey);
+break;
+case ECX_KEY_TYPE_ED25519:
+if (!ED25519_public_from_private(ecx->libctx, pub, ecx->privkey,
+ ecx->propq))
+return 0;
+break;
+case ECX_KEY_TYPE_ED448:
+if (!ED448_public_from_private(ecx->libctx, pub, ecx->privkey,
+ ecx->propq))
+return 0;
+break;
+default:
+return 0;
+}
+return CRYPTO_memcmp(ecx->pubkey, pub, ecx->keylen) == 0;
+}
+
+static int ecx_validate(const void *keydata, int selection, int type, size_t
keylen)
+{
+const ECX_KEY *ecx = keydata;
+int ok = 0;
+
+if (!ossl_prov_is_running())
+return 0;
+
+assert(keylen == ecx->keylen);
+
+if ((selection & ECX_POSSIBLE_SELECTIONS) != 0)
+ok = 1;
+
+if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ok = ok && ecx->haspubkey;
+
+if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ok = ok && ecx->privkey != NULL;
+
+if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) ==
OSSL_KEYMGMT_SELECT_KEYPAIR)
+ok = ok && ecx_key_pairwise_check(ecx, type);
+
+return ok;
+}
+
+static int x25519_validate(const void *keydata, int selection)
+{
+return ecx_validate(keydata, selection, ECX_KEY_TYPE_X25519,
X25519_KEYLEN);
+}
+
+static int x448_validate(const void *keydata, int selection)
+{
+return ecx_validate(keydata, selection, ECX_KEY_TYPE_X448, X448_KEYLEN);
+}
+
+static int ed25519_validate(const void *keydata, int selection)
+{
+return ecx_validate(keydata, selection, ECX_KEY_TYPE_ED25519,
ED25519_KEYLEN);
+}
+
+static int ed448_validate(const void *keydata, int selection)
+{
+return ecx_validate(keydata, selection, ECX_KEY_TYPE_ED448, ED448_KEYLEN);
+}
+
#define MAKE_KEYMGMT_FUNCTIONS(alg) \
const OSSL_DISPATCH ossl_##alg##_keymgmt_functions[] = { \
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \
@@ -680,6 +756,7 @@ void *ecx_load(const void *reference, size_t reference_sz)
{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)
(void))alg##_settable_params }, \
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ecx_match }, \
+{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))alg##_validate }, \
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types
}, \
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index a5604b4fdf..a983d3b533 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -22,6 +22,11 @@
static char *datadir = NULL;
+/*
+ * Do not change the order of the following defines unless you also
+ * update the for loop bounds used
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 5ea64b456b Read MIDR_EL1 system register on aarch64 6582661f7b Test that we can negotiate TLSv1.3 if we have an SNI callback ebda646db6 Modify is_tls13_capable() to take account of the servername cb 7eea331eab v3nametest: Make the gennames structure static 74c8dd1c51 Fix typo in OPENSSL_malloc.pod 1d180bbe8e rand: allow seed-src to be missing a678506e2f rand: don't leak memory 8389eeea2c rand seed: include lock and unlock functions. e37b307e02 Fix error clash in build 81aef6ba72 rand: add a provider side seed source. d8975dec0c TLS: Use EVP_PKEY_get_group_name() to get the group name 88bddad42e EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey a73a189222 EVP: constify the EVP_PKEY_get_*_param() argument |pkey| 8d4b5260d2 Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level. 27db611872 CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region. c60b572319 STORE: clear err after ossl_store_get0_loader_int e0b5058c11 Fix no-err 8778f0eb8e Fix a compilation failure with no-tls_1_2 b1fdbc688c Fix a test failure with no-tls1_3 142841ddc4 providers/common/der/build.info: Improve checks of disabled algos 1e13198fa7 Update CHANGES and NEWS for new release 22b88fc9c0 Add a test for encoding/decoding using an invalid ASN.1 Template 97ab3c4b53 Add a test for GENERAL_NAME_cmp 3db2c9f3e5 Complain if we are attempting to encode with an invalid ASN.1 template 43a7033a01 Check that multi-strings/CHOICE types don't use implicit tagging b33c48b75a Correctly compare EdiPartyName in GENERAL_NAME_cmp() 198b116835 DirectoryString is a CHOICE type and therefore uses explicit tagging c1131e6a0e Deprecate EC_POINT_bn2point and EC_POINT_point2bn. abdd3fa04f Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator Build log ended with (last 100 lines): # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2665:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at
[openssl] master update
The branch master has been updated
via 1a683b80dc9ad4dcbf206a0617364a9d614a9883 (commit)
via 98ba251fe6f49fc2ee310f6e559c3431922fa16d (commit)
via 8ca661abd78b0e0c45340100169c4b47c0290142 (commit)
via f902716f24ab13a02ab501fde9428f996fd4b0cd (commit)
via 374f72cedd2f26d197c208ae56571fd2123fe9ce (commit)
via 9c3a52f2a27729490f86f1ff6cc51b9e98115729 (commit)
via 6c9515b763aa19f11cfdc1d06cab338ae1ed5363 (commit)
via d858e743a9efa9d6282fdb84f3160b485bafc866 (commit)
via e9701a0141313d2c7008c6ee6d821ba80b3a14d9 (commit)
via 7c051ecce4ca9cd65f802fbf4fc469755859a036 (commit)
from bca7ad6efd0e1e828033cae2440d83322bf3dc01 (commit)
- Log -
commit 1a683b80dc9ad4dcbf206a0617364a9d614a9883
Author: Dr. David von Oheimb
Date: Mon Dec 7 19:37:46 2020 +0100
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix
multiple instances
This includes a general correction in the code (now using the
X509V3_CTX_REPLACE flag)
and adding a prominent clarification in the documentation:
If multiple entries are processed for the same extension name,
later entries override earlier ones with the same name.
This is due to an RFC 5280 requirement - the intro of its section 4.2 says:
A certificate MUST NOT include more than one instance of a particular
extension.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 98ba251fe6f49fc2ee310f6e559c3431922fa16d
Author: Dr. David von Oheimb
Date: Mon Dec 7 18:25:10 2020 +0100
openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on
short input
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 8ca661abd78b0e0c45340100169c4b47c0290142
Author: Dr. David von Oheimb
Date: Mon Dec 7 17:45:09 2020 +0100
v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit f902716f24ab13a02ab501fde9428f996fd4b0cd
Author: Dr. David von Oheimb
Date: Mon Dec 7 13:28:39 2020 +0100
X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which
may be NULL
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 374f72cedd2f26d197c208ae56571fd2123fe9ce
Author: Dr. David von Oheimb
Date: Mon Dec 7 13:25:34 2020 +0100
openssl-ca.pod.in: Clarify the -extensions/-crlexts options vs.
x509_extensions/crl_extensions
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 9c3a52f2a27729490f86f1ff6cc51b9e98115729
Author: Dr. David von Oheimb
Date: Fri Dec 4 12:42:24 2020 +0100
apps/x509.c: Factor out common aspects of X509 signing
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 6c9515b763aa19f11cfdc1d06cab338ae1ed5363
Author: Dr. David von Oheimb
Date: Fri Dec 4 11:09:29 2020 +0100
apps/{req,x509,ca}.c: Cleanup: move shared X509{,_REQ,_CRL} code to
apps/lib/apps.c
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit d858e743a9efa9d6282fdb84f3160b485bafc866
Author: Dr. David von Oheimb
Date: Fri Dec 4 11:01:08 2020 +0100
apps/{req,x509,ca}.c: Clean up code setting X.509 cert version v3
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit e9701a0141313d2c7008c6ee6d821ba80b3a14d9
Author: Dr. David von Oheimb
Date: Fri Dec 4 09:26:25 2020 +0100
x509v3_config.pod: Clarify semantics of subjectKeyIdentifier and
authorityKeyIdentifier
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
commit 7c051ecce4ca9cd65f802fbf4fc469755859a036
Author: Dr. David von Oheimb
Date: Thu Dec 3 17:09:20 2020 +0100
apps/req.c: Improve diagnostics on multiple/overriding X.509 extensions
defined via -reqext option
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13614)
---
Summary of changes:
apps/ca.c | 76 ++---
apps/lib/apps.c | 146 +++
apps/req.c | 162
apps/x509.c | 96 ++
crypto/cpt_err.c| 2 +
crypto/err/openssl.txt | 1 +
crypto/o_str.c | 7 +-
crypto/x509/v3_akey.c | 19 +++---
crypto/x509/v3_conf.c | 6 +-
doc/man1/openssl-ca.pod.in | 12 ++--
doc/man5/x509v3_config.pod | 42 +++-
include/crypto/cryptoerr.h | 2 +-
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 5ea64b456b Read MIDR_EL1 system register on aarch64 6582661f7b Test that we can negotiate TLSv1.3 if we have an SNI callback ebda646db6 Modify is_tls13_capable() to take account of the servername cb 7eea331eab v3nametest: Make the gennames structure static 74c8dd1c51 Fix typo in OPENSSL_malloc.pod 1d180bbe8e rand: allow seed-src to be missing a678506e2f rand: don't leak memory 8389eeea2c rand seed: include lock and unlock functions. e37b307e02 Fix error clash in build 81aef6ba72 rand: add a provider side seed source. d8975dec0c TLS: Use EVP_PKEY_get_group_name() to get the group name 88bddad42e EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey a73a189222 EVP: constify the EVP_PKEY_get_*_param() argument |pkey| 8d4b5260d2 Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level. 27db611872 CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region. c60b572319 STORE: clear err after ossl_store_get0_loader_int e0b5058c11 Fix no-err 8778f0eb8e Fix a compilation failure with no-tls_1_2 b1fdbc688c Fix a test failure with no-tls1_3 142841ddc4 providers/common/der/build.info: Improve checks of disabled algos 1e13198fa7 Update CHANGES and NEWS for new release 22b88fc9c0 Add a test for encoding/decoding using an invalid ASN.1 Template 97ab3c4b53 Add a test for GENERAL_NAME_cmp 3db2c9f3e5 Complain if we are attempting to encode with an invalid ASN.1 template 43a7033a01 Check that multi-strings/CHOICE types don't use implicit tagging b33c48b75a Correctly compare EdiPartyName in GENERAL_NAME_cmp() 198b116835 DirectoryString is a CHOICE type and therefore uses explicit tagging c1131e6a0e Deprecate EC_POINT_bn2point and EC_POINT_point2bn. abdd3fa04f Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via ad8e83cf11187388c71cfbdb70880d9e7ed26e0e (commit)
via e0b139b845341b62a18b7f285d34921340dc4ab9 (commit)
from 7da3894c70ce0d6641f345a23ee9de0082cb (commit)
- Log -
commit ad8e83cf11187388c71cfbdb70880d9e7ed26e0e
Author: Matt Caswell
Date: Tue Nov 3 15:51:23 2020 +
Test that we can negotiate TLSv1.3 if we have an SNI callback
If an SNI callback has been set then we may have no certificuates suitable
for TLSv1.3 use configured for the current SSL_CTX. This should not prevent
us from negotiating TLSv1.3, since we may change the SSL_CTX by the time we
need a suitable certificate.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13305)
commit e0b139b845341b62a18b7f285d34921340dc4ab9
Author: Matt Caswell
Date: Tue Nov 3 14:01:46 2020 +
Modify is_tls13_capable() to take account of the servername cb
A servername cb may change the available certificates, so if we have one
set then we cannot rely on the configured certificates to determine if we
are capable of negotiating TLSv1.3 or not.
Fixes #13291
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13305)
---
Summary of changes:
ssl/statem/statem_lib.c | 15 +++--
test/sslapitest.c | 59 +
2 files changed, 72 insertions(+), 2 deletions(-)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 364f77f08a..c3b6f8f456 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const
SSL_METHOD *method)
/*
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
*/
static int is_tls13_capable(const SSL *s)
{
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
EC_KEY *eckey;
#endif
+if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+return 0;
+
+/*
+ * A servername callback can change the available certs, so if a servername
+ * cb is set then we just assume TLSv1.3 will be ok
+ */
+if (s->ctx->ext.servername_cb != NULL
+|| s->session_ctx->ext.servername_cb != NULL)
+return 1;
+
#ifndef OPENSSL_NO_PSK
if (s->psk_server_callback != NULL)
return 1;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index ad1824c68d..4a27ee1ba2 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -6658,6 +6658,62 @@ static int test_ssl_dup(void)
}
#endif
+#ifndef OPENSSL_NO_TLS1_3
+/*
+ * Test that setting an SNI callback works with TLSv1.3. Specifically we check
+ * that it works even without a certificate configured for the original
+ * SSL_CTX
+ */
+static int test_sni_tls13(void)
+{
+SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
+SSL *clientssl = NULL, *serverssl = NULL;
+int testresult = 0;
+
+/* Reset callback counter */
+snicb = 0;
+
+/* Create an initial SSL_CTX with no certificate configured */
+sctx = SSL_CTX_new(TLS_server_method());
+if (!TEST_ptr(sctx))
+goto end;
+/* Require TLSv1.3 as a minimum */
+if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
+ TLS1_3_VERSION, 0, , , cert,
+ privkey)))
+goto end;
+
+/* Set up SNI */
+if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
+|| !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
+goto end;
+
+/*
+ * Connection should still succeed because the final SSL_CTX has the right
+ * certificates configured.
+ */
+if (!TEST_true(create_ssl_objects(sctx, cctx, ,
+ , NULL, NULL))
+|| !TEST_true(create_ssl_connection(serverssl, clientssl,
+SSL_ERROR_NONE)))
+goto end;
+
+/* We should have had the SNI callback called exactly once */
+if (!TEST_int_eq(snicb, 1))
+goto end;
+
+testresult = 1;
+
+end:
+SSL_free(serverssl);
+SSL_free(clientssl);
+SSL_CTX_free(sctx2);
+SSL_CTX_free(sctx);
+SSL_CTX_free(cctx);
+return testresult;
+}
+#endif
+
int setup_tests(void)
{
if (!TEST_ptr(certsdir = test_get_argument(0))
@@ -6780,6 +6836,9 @@ int setup_tests(void)
ADD_ALL_TESTS(test_servername, 10);
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_ssl_dup);
+#endif
+#ifndef
[openssl] master update
The branch master has been updated
via bca7ad6efd0e1e828033cae2440d83322bf3dc01 (commit)
from 5ea64b456b1a27ae046f23d632a968a7583bb9eb (commit)
- Log -
commit bca7ad6efd0e1e828033cae2440d83322bf3dc01
Author: Dr. David von Oheimb
Date: Sat Sep 26 15:21:48 2020 +0200
Use adapted test_get_libctx() for simpler test setup and better error
reporting
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/13001)
---
Summary of changes:
test/acvp_test.c | 11 +---
test/build.info | 2 +-
test/cmp_client_test.c | 2 +-
test/cmp_msg_test.c | 2 +-
test/cmp_protect_test.c | 2 +-
test/cmp_server_test.c | 2 +-
test/cmp_vfy_test.c | 2 +-
test/evp_extra_test2.c | 8 +-
test/evp_libctx_test.c | 14 +--
test/evp_test.c | 14 ++-
test/ssl_old_test.c | 21 +++-
test/ssl_test.c | 2 +-
test/testutil.h | 6 +++--
test/testutil/provider.c | 65 +++-
14 files changed, 57 insertions(+), 96 deletions(-)
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 1686d759db..5c4a38749f 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -1434,18 +1434,9 @@ int setup_tests(void)
}
}
-prov_null = OSSL_PROVIDER_load(NULL, "null");
-if (prov_null == NULL) {
-opt_printf_stderr("Failed to load null provider into default
libctx\n");
+if (!test_get_libctx(, _null, config_file, NULL, NULL))
return 0;
-}
-libctx = OSSL_LIB_CTX_new();
-if (libctx == NULL
-|| !OSSL_LIB_CTX_load_config(libctx, config_file)) {
-opt_printf_stderr("Failed to load config\n");
-return 0;
-}
OSSL_SELF_TEST_set_callback(libctx, self_test_events, _test_args);
ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
diff --git a/test/build.info b/test/build.info
index 0386a1febf..81f9b9cb66 100644
--- a/test/build.info
+++ b/test/build.info
@@ -706,7 +706,7 @@ IF[{- !$disabled{tests} -}]
SOURCE[ssl_old_test]=ssl_old_test.c helpers/predefined_dhparams.c
INCLUDE[ssl_old_test]=.. ../include ../apps/include
-DEPEND[ssl_old_test]=../libcrypto.a ../libssl.a
+DEPEND[ssl_old_test]=../libcrypto.a ../libssl.a libtestutil.a
ENDIF
PROGRAMS{noinst}=asn1_time_test
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 17f932a73a..efb185402b 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -366,7 +366,7 @@ int setup_tests(void)
return 0;
}
-if (!test_get_libctx(, _null_provider, , 5, USAGE))
+if (!test_arg_libctx(, _null_provider, , 5, USAGE))
return 0;
if (!TEST_ptr(server_key = load_pem_key(server_key_f, libctx))
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index 41ba5cf975..0b56d66d45 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -561,7 +561,7 @@ int setup_tests(void)
return 0;
}
-if (!test_get_libctx(, _null_provider, , 3, USAGE))
+if (!test_arg_libctx(, _null_provider, , 3, USAGE))
return 0;
if (!TEST_ptr(newkey = load_pem_key(newkey_f, libctx))
diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c
index 3cca30144d..d4acb716e7 100644
--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@@ -538,7 +538,7 @@ int setup_tests(void)
return 0;
}
-if (!test_get_libctx(, _null_provider, , 10,
USAGE))
+if (!test_arg_libctx(, _null_provider, , 10,
USAGE))
return 0;
if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c
index 49108bfa17..bff42c8baf 100644
--- a/test/cmp_server_test.c
+++ b/test/cmp_server_test.c
@@ -145,7 +145,7 @@ int setup_tests(void)
return 0;
}
-if (!test_get_libctx(, _null_provider, , 1, USAGE))
+if (!test_arg_libctx(, _null_provider, , 1, USAGE))
return 0;
if (!TEST_ptr(request = load_pkimsg(request_f))) {
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 67112f6489..d45c938335 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -600,7 +600,7 @@ int setup_tests(void)
return 0;
}
-if (!test_get_libctx(, _null_provider, , 14,
USAGE))
+if (!test_arg_libctx(, _null_provider, , 14,
USAGE))
return 0;
/* Load certificates for cert chain */
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index f91e66a08b..9181061247 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -272,13 +272,7 @@ static int test_d2i_PrivateKey_ex(void) {
int setup_tests(void)
{
-mainctx = OSSL_LIB_CTX_new();
-
-if (!TEST_ptr(mainctx))
-return 0;
-
-nullprov = OSSL_PROVIDER_load(NULL, "null");
-if
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 5ea64b456b Read MIDR_EL1 system register on aarch64 6582661f7b Test that we can negotiate TLSv1.3 if we have an SNI callback ebda646db6 Modify is_tls13_capable() to take account of the servername cb 7eea331eab v3nametest: Make the gennames structure static 74c8dd1c51 Fix typo in OPENSSL_malloc.pod 1d180bbe8e rand: allow seed-src to be missing a678506e2f rand: don't leak memory 8389eeea2c rand seed: include lock and unlock functions. e37b307e02 Fix error clash in build 81aef6ba72 rand: add a provider side seed source. d8975dec0c TLS: Use EVP_PKEY_get_group_name() to get the group name 88bddad42e EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey a73a189222 EVP: constify the EVP_PKEY_get_*_param() argument |pkey| 8d4b5260d2 Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level. 27db611872 CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region. c60b572319 STORE: clear err after ossl_store_get0_loader_int e0b5058c11 Fix no-err 8778f0eb8e Fix a compilation failure with no-tls_1_2 b1fdbc688c Fix a test failure with no-tls1_3 142841ddc4 providers/common/der/build.info: Improve checks of disabled algos 1e13198fa7 Update CHANGES and NEWS for new release 22b88fc9c0 Add a test for encoding/decoding using an invalid ASN.1 Template 97ab3c4b53 Add a test for GENERAL_NAME_cmp 3db2c9f3e5 Complain if we are attempting to encode with an invalid ASN.1 template 43a7033a01 Check that multi-strings/CHOICE types don't use implicit tagging b33c48b75a Correctly compare EdiPartyName in GENERAL_NAME_cmp() 198b116835 DirectoryString is a CHOICE type and therefore uses explicit tagging c1131e6a0e Deprecate EC_POINT_bn2point and EC_POINT_point2bn. abdd3fa04f Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator Build log ended with (last 100 lines): clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_server_test-bin-cmp_testlib.o -c -o test/helpers/cmp_server_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall
