Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # not ok 2 - iteration 2 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # not ok 3 - iteration 3 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # not ok 4 - iteration 4 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # not ok 5 - iteration 5 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 14-curves.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 14-curves.cnf # -- # Failed test 'running ssl_test 14-curves.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 176. # Looks like you failed 3 tests of 9. not ok 15 - Test configuration 14-curves.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 80A17BBA657F:error:0A76:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3306: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80A17BBA657F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:613:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6577 # false not ok 2 - iteration 2 # -- not ok 54 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/76NEmgTsYp default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80C11F42C57F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80C11F42C57F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:947 # false not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80C11F42C57F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok
Build failed: openssl master.40172
Build openssl master.40172 failed Commit ca53f0b80f by Jon Spillett on 2/23/2021 6:40 AM: Add more utility functions for PBE keygen, encode, decode Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 8051D96D287F:error:0A76:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3306: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8051D96D287F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:613:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6577 # false not ok 2 - iteration 2 # -- not ok 54 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/do6ZaLpFMP default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80C1D433F47F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80C1D433F47F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:947 # false not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80C1D433F47F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 #
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok
[openssl] master update
The branch master has been updated
via ce0b307ea01bc5e3e178cd4dba45f9bb9d4ba5df (commit)
from 6eb7c748d115bd6ba89ceefd642de3deca8773ea (commit)
- Log -
commit ce0b307ea01bc5e3e178cd4dba45f9bb9d4ba5df
Author: Benjamin Kaduk
Date: Wed May 27 11:17:07 2020 -0700
Remove disabled TLS 1.3 ciphers from the SSL(_CTX)
In ssl_create_cipher_list() we make a pass through the ciphers to
remove those which are disabled in the current libctx. We are
careful to not include such disabled TLS 1.3 ciphers in the final
consolidated cipher list that we produce, but the disabled ciphers
are still kept in the separate stack of TLS 1.3 ciphers associated
with the SSL or SSL_CTX in question. This leads to confusing
results where a cipher is present in the tls13_cipherlist but absent
from the actual cipher list in use. Keep the books in order and
remove the disabled ciphers from the 1.3 cipherlist at the same time
we skip adding them to the active cipher list.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12037)
---
Summary of changes:
ssl/ssl_ciph.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index d517799895..0b6f01ccc1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1625,8 +1625,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX
*ctx,
if ((sslc->algorithm_enc & disabled_enc) != 0
|| (ssl_cipher_table_mac[sslc->algorithm2
& SSL_HANDSHAKE_MAC_MASK].mask
-& ctx->disabled_mac_mask) != 0)
+& ctx->disabled_mac_mask) != 0) {
+sk_SSL_CIPHER_delete(tls13_ciphersuites, i);
+i--;
continue;
+}
if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
sk_SSL_CIPHER_free(cipherstack);
Build failed: openssl master.40165
Build openssl master.40165 failed Commit 03bec57981 by Benjamin Kaduk on 2/23/2021 3:24 PM: Apply patch from levitte Configure your notification preferences
[openssl] master update
The branch master has been updated via 6eb7c748d115bd6ba89ceefd642de3deca8773ea (commit) from 51d058cd9418508b48ec44dce6087ce730173832 (commit) - Log - commit 6eb7c748d115bd6ba89ceefd642de3deca8773ea Author: Richard Levitte Date: Tue Feb 23 23:07:15 2021 +0100 make update Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14292) --- Summary of changes: doc/build.info | 12 1 file changed, 12 insertions(+) diff --git a/doc/build.info b/doc/build.info index 20e2e82398..e753b06e12 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1534,6 +1534,10 @@ DEPEND[html/man3/OSSL_CMP_validate_msg.html]=man3/OSSL_CMP_validate_msg.pod GENERATE[html/man3/OSSL_CMP_validate_msg.html]=man3/OSSL_CMP_validate_msg.pod DEPEND[man/man3/OSSL_CMP_validate_msg.3]=man3/OSSL_CMP_validate_msg.pod GENERATE[man/man3/OSSL_CMP_validate_msg.3]=man3/OSSL_CMP_validate_msg.pod +DEPEND[html/man3/OSSL_CORE_MAKE_FUNC.html]=man3/OSSL_CORE_MAKE_FUNC.pod +GENERATE[html/man3/OSSL_CORE_MAKE_FUNC.html]=man3/OSSL_CORE_MAKE_FUNC.pod +DEPEND[man/man3/OSSL_CORE_MAKE_FUNC.3]=man3/OSSL_CORE_MAKE_FUNC.pod +GENERATE[man/man3/OSSL_CORE_MAKE_FUNC.3]=man3/OSSL_CORE_MAKE_FUNC.pod DEPEND[html/man3/OSSL_CRMF_MSG_get0_tmpl.html]=man3/OSSL_CRMF_MSG_get0_tmpl.pod GENERATE[html/man3/OSSL_CRMF_MSG_get0_tmpl.html]=man3/OSSL_CRMF_MSG_get0_tmpl.pod DEPEND[man/man3/OSSL_CRMF_MSG_get0_tmpl.3]=man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -1814,6 +1818,10 @@ DEPEND[html/man3/RAND_load_file.html]=man3/RAND_load_file.pod GENERATE[html/man3/RAND_load_file.html]=man3/RAND_load_file.pod DEPEND[man/man3/RAND_load_file.3]=man3/RAND_load_file.pod GENERATE[man/man3/RAND_load_file.3]=man3/RAND_load_file.pod +DEPEND[html/man3/RAND_set_DRBG_type.html]=man3/RAND_set_DRBG_type.pod +GENERATE[html/man3/RAND_set_DRBG_type.html]=man3/RAND_set_DRBG_type.pod +DEPEND[man/man3/RAND_set_DRBG_type.3]=man3/RAND_set_DRBG_type.pod +GENERATE[man/man3/RAND_set_DRBG_type.3]=man3/RAND_set_DRBG_type.pod DEPEND[html/man3/RAND_set_rand_method.html]=man3/RAND_set_rand_method.pod GENERATE[html/man3/RAND_set_rand_method.html]=man3/RAND_set_rand_method.pod DEPEND[man/man3/RAND_set_rand_method.3]=man3/RAND_set_rand_method.pod @@ -3001,6 +3009,7 @@ html/man3/OSSL_CMP_STATUSINFO_new.html \ html/man3/OSSL_CMP_exec_certreq.html \ html/man3/OSSL_CMP_log_open.html \ html/man3/OSSL_CMP_validate_msg.html \ +html/man3/OSSL_CORE_MAKE_FUNC.html \ html/man3/OSSL_CRMF_MSG_get0_tmpl.html \ html/man3/OSSL_CRMF_MSG_set0_validity.html \ html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html \ @@ -3071,6 +3080,7 @@ html/man3/RAND_cleanup.html \ html/man3/RAND_egd.html \ html/man3/RAND_get0_primary.html \ html/man3/RAND_load_file.html \ +html/man3/RAND_set_DRBG_type.html \ html/man3/RAND_set_rand_method.html \ html/man3/RC4_set_key.html \ html/man3/RIPEMD160_Init.html \ @@ -3568,6 +3578,7 @@ man/man3/OSSL_CMP_STATUSINFO_new.3 \ man/man3/OSSL_CMP_exec_certreq.3 \ man/man3/OSSL_CMP_log_open.3 \ man/man3/OSSL_CMP_validate_msg.3 \ +man/man3/OSSL_CORE_MAKE_FUNC.3 \ man/man3/OSSL_CRMF_MSG_get0_tmpl.3 \ man/man3/OSSL_CRMF_MSG_set0_validity.3 \ man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 \ @@ -3638,6 +3649,7 @@ man/man3/RAND_cleanup.3 \ man/man3/RAND_egd.3 \ man/man3/RAND_get0_primary.3 \ man/man3/RAND_load_file.3 \ +man/man3/RAND_set_DRBG_type.3 \ man/man3/RAND_set_rand_method.3 \ man/man3/RC4_set_key.3 \ man/man3/RIPEMD160_Init.3 \
[openssl] master update
The branch master has been updated
via 51d058cd9418508b48ec44dce6087ce730173832 (commit)
from 4f6aeabd65bf13795823f4a6f4a03c815e9d096f (commit)
- Log -
commit 51d058cd9418508b48ec44dce6087ce730173832
Author: Richard Levitte
Date: Thu Nov 26 21:21:02 2020 +0100
appveyor.yml: clarify conditions for building the plain configuration
The "plain" configuration is only meant to be built for an '[extended
tests]'
commit, or on the master branch. This isn't at all clear from the
scripts, and furthermore, we "skip" the plain configuration by running
the OpenSSL configuration script... and then nothing more.
Instead, we use AppVeyor configuration issues to specify when and when
not to build the "plain" configuration, and leave it to the scripts to
do the right thing using only $env:EXTENDED_TESTS.
Fixes #7958
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/13537)
---
Summary of changes:
appveyor.yml | 47 +++
1 file changed, 27 insertions(+), 20 deletions(-)
diff --git a/appveyor.yml b/appveyor.yml
index f0dfc7f5ba..20d81c1b12 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -12,9 +12,29 @@ environment:
configuration:
- shared
-- plain
- minimal
+for:
+-
+only_commits:
+message: /\[extended tests\]/
+configuration:
+- shared
+- plain
+- minimal
+environment:
+EXTENDED_TESTS: yes
+-
+branches:
+only:
+- master
+configuration:
+- shared
+- plain
+- minimal
+environment:
+EXTENDED_TESTS: yes
+
before_build:
- ps: >-
Install-Module VSSetup -Scope CurrentUser
@@ -42,12 +62,6 @@ before_build:
- perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS%
- perl configdata.pm --dump
- cd ..
-- ps: >-
-If (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
--or ( log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT |
- Select-String "\[extended tests\]") ) {
-$env:EXTENDED_TESTS="yes"
-}
- ps: >-
If ($env:BUILDONLY -or $env:MAKEVERBOSE) {
$env:NMAKE="nmake"
@@ -59,24 +73,17 @@ before_build:
build_script:
- cd _build
-- ps: >-
-If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
-cmd /c "%NMAKE% build_all_generated 2>&1"
-# Unfortunately, CL=/MP would not have parallelizing effect
-cmd /c "%NMAKE% PERL=no-perl 2>&1"
-}
+- "%NMAKE% build_all_generated"
+- "%NMAKE% PERL=no-perl"
- cd ..
test_script:
- cd _build
- ps: >-
-If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
-# Unfortunately, HARNESS_JOBS=4 would not have parallelizing effect
-if ($env:EXTENDED_TESTS) {
-cmd /c "%NMAKE% test HARNESS_VERBOSE_FAILURE=yes 2>&1"
-} Else {
-cmd /c "%NMAKE% test HARNESS_VERBOSE_FAILURE=yes
TESTS=-test_fuzz 2>&1"
-}
+if ($env:EXTENDED_TESTS) {
+cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1"
+} Else {
+cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1"
}
- ps: >-
if ($env:EXTENDED_TESTS) {
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 937a62323b -Wunused-function cleanup 57acc56bdc DECODER: Add better tracing of the chain walking process acf497b53b DECODER: Use the data structure from the last decoder to select the next f16e52b67c Correct the return value of BIO_get_ktls_*(). 5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements a3361c3755 81-test_cmp_cli_data: fixup on CSR test cases c2279499fd Fix speed sm2 bug 1d724b5e82 CRYPTO_gcm128_decrypt: fix mac or tag calculation 3352dc185f Fix merge problem in d2i_PrivateKey_ex eabb301416 Fix DH ASN1 decode so that it detects named groups. 576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). ef33889e18 doc: remove notes section in OSSL_ENCODER.pod 458d168cd4 rfc2606 compliant example domains for x509v3_config.pod 125107e8ea Various improvements of doc/man5/x509v3_config.pod 70793dbbb9 Pass the object type and data structure from the pem2der decoder 3a2171f6aa Don't forget the type of thing we are loading 3262300a2c Adjust the few places where the string length was confused 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 937984efc6 Prepare for 3.0 alpha 13 b467d394eb Prepare for release of 3.0 alpha 12 a28d06f3e9 Update copyright year 7b676cc8c6 Fix external symbols related to provider related security checks for keys and digests. 47c076acfc Fix external symbols in the provider digest implementations. bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free 5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters 0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final ba37b82045 dsa_check: Perform simple parameter check if seed is not available ebcaf110b2 DSA parameter check using pkeyparam e36b3c2f75 Fix external symbols in the provider cipher implementations. Build log ended with (last 100 lines): 70-test_sslrecords.t ... skipped: test_sslrecords needs the sock feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the sock feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the sock feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the sock feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the sock feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the sock feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the sock feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the sock feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the sock feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the sock feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the sock feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the sock feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the sock feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the sock feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the sock feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok Label not found for "last SKIP" at /usr/share/perl/5.30/Test/More.pm line 1372. # Looks like your test exited with 1 just after 5.80-test_cmp_http.t . Dubious, test returned 1 (wstat 256, 0x100) All 5 subtests passed (less 5 skipped subtests: 0 okay) # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok
[openssl] master update
The branch master has been updated via 1263154064d2a15253381353cf804e05af18ad1b (commit) via 299f5ff3b5f2a5a9b5666e36a6a01fc430de9198 (commit) via 332a245c04dff95f81cfa1f77e0f8a935794f5ee (commit) via d994ce12058d80f1f04257c30f89d04d5f6399e1 (commit) via b3ab537b3a4098857d2039d1d745fee0ea5a96e3 (commit) via 9c6ee56318d2fb1c5885fccb4f2c4dde83e8a2ea (commit) via f626c3ffae90cacc1044dbcf01c3379fceea61bc (commit) via 786b13fa7786db8f198c46090816d9a3e4ae72fb (commit) via de2ea978b5be4607c677aaefceebff39b1520e0a (commit) via 0a89ae97d96275994d96b560400d3fa97f752879 (commit) via ac60c84fc4551761743e087e2f51343181eb8e85 (commit) from f5b00834dd11d766b9232e89e40884db8f3cd7ec (commit) - Log - commit 1263154064d2a15253381353cf804e05af18ad1b Author: Pauli Date: Sat Feb 20 12:48:33 2021 +1000 changes: note the deprecation of RAND_METHOD APIs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit 299f5ff3b5f2a5a9b5666e36a6a01fc430de9198 Author: Pauli Date: Thu Feb 18 09:16:26 2021 +1000 provider: add option to load a provider without disabling the fallbacks. Add an argument to PROVIDER_try_load() that permits a provider to be loaded without changing the fallback status. This is useful when an additional provider needs to be loaded without perturbing any other setup. E.g. adding mock providers as part of unit testing. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit 332a245c04dff95f81cfa1f77e0f8a935794f5ee Author: Pauli Date: Wed Feb 17 11:55:13 2021 +1000 test: update tests to use the fake random number generator Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit d994ce12058d80f1f04257c30f89d04d5f6399e1 Author: Pauli Date: Wed Feb 17 11:54:48 2021 +1000 test: make the DRBG test work without RAND_METHOD support. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit b3ab537b3a4098857d2039d1d745fee0ea5a96e3 Author: Pauli Date: Wed Feb 17 11:54:01 2021 +1000 test: add framework for generic fake random number generator Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit 9c6ee56318d2fb1c5885fccb4f2c4dde83e8a2ea Author: Pauli Date: Tue Feb 16 13:32:07 2021 +1000 rand: add DRBG/seed setting functions Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit f626c3ffae90cacc1044dbcf01c3379fceea61bc Author: Pauli Date: Mon Feb 22 09:45:37 2021 +1000 rand: allow lock/unlock functions to be absent Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit 786b13fa7786db8f198c46090816d9a3e4ae72fb Author: Pauli Date: Thu Dec 10 12:05:11 2020 +1000 RAND_METHOD deprecation: code changes Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit de2ea978b5be4607c677aaefceebff39b1520e0a Author: Pauli Date: Thu Dec 10 12:04:58 2020 +1000 RAND_METHOD deprecation: fuzzer Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit 0a89ae97d96275994d96b560400d3fa97f752879 Author: Pauli Date: Thu Dec 10 12:04:45 2020 +1000 RAND_METHOD deprecation: tests Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) commit ac60c84fc4551761743e087e2f51343181eb8e85 Author: Pauli Date: Thu Dec 10 12:04:27 2020 +1000 RAND_METHOD deprecation: documentation Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) --- Summary of changes: CHANGES.md | 7 ++ crypto/evp/evp_rand.c | 7 +- crypto/provider.c | 7 +- crypto/provider_conf.c | 2 +- crypto/provider_core.c | 10 +- crypto/rand/build.info | 6 +- crypto/rand/rand_lib.c | 110 +++--- doc/internal/man3/ossl_provider_new.pod | 9 +- doc/man3/OSSL_PROVIDER.pod | 9 +- doc/man3/RAND_get0_primary.pod | 1 - doc/man3/RAND_set_DRBG_type.pod | 64 +++ doc/man3/RAND_set_rand_method.pod | 14 ++- doc/man7/RAND.pod | 10 +- fuzz/asn1.c | 5 +- fuzz/build.info | 20 ++-- fuzz/client.c | 5 +- fuzz/cmp.c | 4 +- fuzz/fuzz_rand.c| 164 +++ fuzz/fuzzer.h
[openssl] master update
The branch master has been updated
via f627561cf5cc4963698bf975df8694543bcf826c (commit)
via 9e1094ad3df16a7d9a1224925ed8a9c3f76b9bba (commit)
from 444b25b1e96fa444ffe3a67671796cfc1b599735 (commit)
- Log -
commit f627561cf5cc4963698bf975df8694543bcf826c
Author: Richard Levitte
Date: Mon Feb 22 07:37:06 2021 +0100
util/perl/OpenSSL/config.pm: Add VMS specific C compiler settings
That includes proper compiler version detection.
Partially fixes #14247
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/14270)
commit 9e1094ad3df16a7d9a1224925ed8a9c3f76b9bba
Author: Richard Levitte
Date: Mon Feb 22 07:29:03 2021 +0100
util/perl/OpenSSL/config.pm: Fix determine_compiler_settings()
There may be times when a compiler can't be detected, in which case
determine_compiler_settings() bailed out too early, before platform
specific fallbacks have a chance to set the record straight. That
bail out has been moved to be done after the platform specific
fallbacks.
Furthermore, the attempt to check for gcc or clang and get their
version number was done even if no compiler had been automatically
detected or pre-specified via $CC. It now only does this when there
is a compiler specified or detected. The platform specific fallbacks
check the versions separately.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/14270)
---
Summary of changes:
util/perl/OpenSSL/config.pm | 110 ++--
1 file changed, 65 insertions(+), 45 deletions(-)
diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm
index 776e448df4..d09d017c87 100755
--- a/util/perl/OpenSSL/config.pm
+++ b/util/perl/OpenSSL/config.pm
@@ -193,6 +193,8 @@ sub maybe_abort {
# Look for ISC/SCO with its unique uname program
sub is_sco_uname {
+return undef unless IPC::Cmd::can_run('uname');
+
open UNAME, "uname -X 2>/dev/null|" or return '';
my $line = "";
while ( ) {
@@ -200,9 +202,11 @@ sub is_sco_uname {
$line = $_ if m@^Release@;
}
close UNAME;
-return "" if $line eq '';
+
+return undef if $line eq '';
+
my @fields = split(/\s+/, $line);
-return $fields[2] // '';
+return $fields[2];
}
sub get_sco_type {
@@ -237,7 +241,7 @@ sub guess_system {
# Special-cases for ISC, SCO, Unixware
my $REL = is_sco_uname();
-if ( $REL ne "" ) {
+if ( defined $REL ) {
my $result = get_sco_type($REL);
return eval "\"$result\"" if $result ne '';
}
@@ -276,8 +280,8 @@ sub _pairs (@) {
# Figure out CC, GCCVAR, etc.
sub determine_compiler_settings {
-# Make a copy and don't touch it. That helps determine if we're
-# finding the compiler here
+# Make a copy and don't touch it. That helps determine if we're finding
+# the compiler here (false), or if it was set by the user (true.
my $cc = $CC;
# Set certain default
@@ -293,51 +297,59 @@ sub determine_compiler_settings {
}
}
-# Find the compiler vendor and version number for certain compilers
-foreach my $pair (_pairs @cc_version) {
-# Try to get the version number.
-# Failure gets us undef or an empty string
-my ( $k, $v ) = @$pair;
-$v = $v->();
-
-# If we got a version number, process it
-if ($v) {
-$CCVENDOR = $k;
-
-# The returned version is expected to be one of
-#
-# MAJOR
-# MAJOR.MINOR
-# MAJOR.MINOR.{whatever}
-#
-# We don't care what comes after MAJOR.MINOR. All we need is to
-# have them calculated into a single number, using this formula:
-#
-# MAJOR * 100 + MINOR
-# Here are a few examples of what we should get:
-#
-# 2.95.1=> 295
-# 3.1 => 301
-# 9 => 900
-my @numbers = split /\./, $v;
-my @factors = (100, 1);
-while (@numbers && @factors) {
-$CCVER += shift(@numbers) * shift(@factors)
+if ( $CC ) {
+# Find the compiler vendor and version number for certain compilers
+foreach my $pair (_pairs @cc_version) {
+# Try to get the version number.
+# Failure gets us undef or an empty string
+my ( $k, $v ) = @$pair;
+$v = $v->();
+
+# If we got a version number, process it
+if ($v) {
+$CCVENDOR = $k;
+
+# The returned version is expected to be one of
+#
+# MAJOR
+# MAJOR.MINOR
+# MAJOR.MINOR.{whatever}
+
[openssl] master update
The branch master has been updated
via 444b25b1e96fa444ffe3a67671796cfc1b599735 (commit)
from f16f363a85baa6338744e20671c5a227844f2847 (commit)
- Log -
commit 444b25b1e96fa444ffe3a67671796cfc1b599735
Author: Shane Lontis
Date: Mon Feb 22 13:03:21 2021 +1000
Add back in legacy paths for d2i_PrivateKey/d2i_AutoPrivateKey.
Fixes #14263
If the new decoder code fails, it now falls back to the old legacy code
and tries that also.
Tested manually using gost engine master.
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/14266)
---
Summary of changes:
crypto/asn1/d2i_pr.c | 84
1 file changed, 79 insertions(+), 5 deletions(-)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c657f0f3a7..4da5a0c9be 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,9 +23,9 @@
#include "crypto/evp.h"
#include "internal/asn1.h"
-EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char
**pp,
-long length, OSSL_LIB_CTX *libctx,
-const char *propq)
+static EVP_PKEY *
+d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
+ long length, OSSL_LIB_CTX *libctx, const char *propq)
{
OSSL_DECODER_CTX *dctx = NULL;
size_t len = length;
@@ -44,6 +44,8 @@ EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const
unsigned char **pp,
ppkey = a;
for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) {
+const unsigned char *p = *pp;
+
dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER",
input_structures[i], key_name,
EVP_PKEY_KEYPAIR, libctx, propq);
@@ -56,6 +58,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const
unsigned char **pp,
if (*ppkey != NULL
&& evp_keymgmt_util_has(*ppkey,
OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
return *ppkey;
+*pp = p;
goto err;
}
}
@@ -132,12 +135,77 @@ EVP_PKEY *evp_privatekey_from_binary(int keytype,
EVP_PKEY **a,
return NULL;
}
+EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char
**pp,
+long length, OSSL_LIB_CTX *libctx,
+const char *propq)
+{
+EVP_PKEY *ret;
+
+ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
+/* try the legacy path if the decoder failed */
+if (ret == NULL)
+ret = evp_privatekey_from_binary(keytype, a, pp, length, libctx,
propq);
+return ret;
+}
+
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
{
return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
}
+static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a,
+ const unsigned char **pp,
+ long length,
+ OSSL_LIB_CTX *libctx,
+ const char *propq)
+{
+STACK_OF(ASN1_TYPE) *inkey;
+const unsigned char *p;
+int keytype;
+
+p = *pp;
+/*
+ * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+ * analyzing it we can determine the passed structure: this assumes the
+ * input is surrounded by an ASN1 SEQUENCE.
+ */
+inkey = d2i_ASN1_SEQUENCE_ANY(NULL, , length);
+p = *pp;
+/*
+ * Since we only need to discern "traditional format" RSA and DSA keys we
+ * can just count the elements.
+ */
+if (sk_ASN1_TYPE_num(inkey) == 6) {
+keytype = EVP_PKEY_DSA;
+} else if (sk_ASN1_TYPE_num(inkey) == 4) {
+keytype = EVP_PKEY_EC;
+} else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
+ * traditional format */
+PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, , length);
+EVP_PKEY *ret;
+
+sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+if (p8 == NULL) {
+ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+return NULL;
+}
+ret = EVP_PKCS82PKEY_ex(p8, libctx, propq);
+
Build completed: openssl master.40134
Build openssl master.40134 completed Commit 4ecb8fa307 by Richard Levitte on 2/22/2021 10:47 PM: fixup! EVP: Adapt the RSA specific EVP_PKEY_CTX setter / getter functions Configure your notification preferences
