[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_constant_time.t ok
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sm2 > test/buildtest_sm2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_constant_time.t ok
[openssl-commits] [openssl] master update
The branch master has been updated via 06e0950d20d3110849dea28eb78cac4127618b48 (commit) from 8c8fbca92dc95bb8672dea194bbe414059a874d2 (commit) - Log - commit 06e0950d20d3110849dea28eb78cac4127618b48 Author: Richard LevitteDate: Tue May 8 20:15:27 2018 +0200 VMS rand: assign before check, not the other way around items->ile3$w_code was checked before it was assigned its value... Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6200) --- Summary of changes: crypto/rand/rand_vms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 0037466..b263f94 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -277,13 +277,13 @@ static size_t prepare_item_list(const struct item_st *items_input, for (; items_input_num-- > 0; items_input++, items++) { +items->ile3$w_code = items_input->code; /* Special treatment of JPI$_FINALEXC */ if (items->ile3$w_code == JPI$_FINALEXC) items->ile3$w_length = 4; else items->ile3$w_length = items_input->length; -items->ile3$w_code = items_input->code; items->ile3$ps_bufaddr = databuffer; items->ile3$ps_retlen_addr = 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8c8fbca92dc95bb8672dea194bbe414059a874d2 (commit) from 7d859d1c8868b81c5d810021af0b40f355af4e1f (commit) - Log - commit 8c8fbca92dc95bb8672dea194bbe414059a874d2 Author: Bernd EdlingerDate: Mon May 7 16:10:02 2018 +0200 Fix --strict-warnings build of ppc-linux target Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6191) --- Summary of changes: crypto/ppccap.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 2f7cd8e..48c6b83 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -28,6 +28,9 @@ #endif #include #include +#include +#include +#include "bn/bn_lcl.h" #include "ppc_arch.h" @@ -64,6 +67,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, void sha256_block_p8(void *ctx, const void *inp, size_t len); void sha256_block_ppc(void *ctx, const void *inp, size_t len); +void sha256_block_data_order(void *ctx, const void *inp, size_t len); void sha256_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : @@ -72,6 +76,7 @@ void sha256_block_data_order(void *ctx, const void *inp, size_t len) void sha512_block_p8(void *ctx, const void *inp, size_t len); void sha512_block_ppc(void *ctx, const void *inp, size_t len); +void sha512_block_data_order(void *ctx, const void *inp, size_t len); void sha512_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : @@ -106,16 +111,17 @@ void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, unsigned int padbit); void poly1305_emit_fpu(void *ctx, unsigned char mac[16], const unsigned int nonce[4]); +int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) { if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { poly1305_init_fpu(ctx, key); -func[0] = poly1305_blocks_fpu; -func[1] = poly1305_emit_fpu; +func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; +func[1] = (void*)(uintptr_t)poly1305_emit_fpu; } else { poly1305_init_int(ctx, key); -func[0] = poly1305_blocks; -func[1] = poly1305_emit; +func[0] = (void*)(uintptr_t)poly1305_blocks; +func[1] = (void*)(uintptr_t)poly1305_emit; } return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7d859d1c8868b81c5d810021af0b40f355af4e1f (commit) from 61e96557f9eae0258074c9cec7ad6aa1b9dde1df (commit) - Log - commit 7d859d1c8868b81c5d810021af0b40f355af4e1f Author: Andy PolyakovDate: Mon May 7 10:27:45 2018 +0200 ec/ec_mult.c: get BN_CTX_start,end sequence right. Triggered by Coverity analysis. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6190) --- Summary of changes: crypto/ec/ec_mult.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 4f6689a..6b5553c 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -140,7 +140,9 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, int ret = 0; if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) -goto err; +return 0; + +BN_CTX_start(ctx); order_bits = BN_num_bits(group->order); @@ -158,7 +160,6 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); -BN_CTX_start(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); if (k == NULL) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t .. ok ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok
[openssl-commits] [openssl] master update
The branch master has been updated via 61e96557f9eae0258074c9cec7ad6aa1b9dde1df (commit) via f7506416b1311e65d5c440defdbcfe176f633c50 (commit) via ad962252857aac4350139fdbb6c8e3e6b0bdad7b (commit) via 6f6da2fe1710842c37c73ed2b114cf6942221db6 (commit) via f20404fce90919b614b737d07cc75d9e1c019fb8 (commit) from e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit) - Log - commit 61e96557f9eae0258074c9cec7ad6aa1b9dde1df Author: Matt CaswellDate: Thu May 3 12:06:38 2018 +0100 Add a DTLS test for dropped records Drop a record from a handshake and check that we can still complete the handshake. Repeat for all records in the handshake. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit f7506416b1311e65d5c440defdbcfe176f633c50 Author: Matt Caswell Date: Thu May 3 16:00:51 2018 +0100 Keep the DTLS timer running after the end of the handshake if appropriate During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit ad962252857aac4350139fdbb6c8e3e6b0bdad7b Author: Matt Caswell Date: Thu May 3 16:00:05 2018 +0100 Only auto-retry for DTLS if configured to do so Otherwise we may end up in a hang when using blocking sockets Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit 6f6da2fe1710842c37c73ed2b114cf6942221db6 Author: Matt Caswell Date: Thu May 3 15:59:31 2018 +0100 Fix s_client and s_server so that they correctly handle the DTLS timer Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit f20404fce90919b614b737d07cc75d9e1c019fb8 Author: Matt Caswell Date: Thu May 3 12:07:47 2018 +0100 Don't fail on an out-of-order CCS in DTLS Fixes #4929 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) --- Summary of changes: apps/s_client.c | 7 +-- apps/s_server.c | 7 +-- ssl/record/rec_layer_d1.c | 25 ++ ssl/statem/statem.c | 4 +- ssl/statem/statem_clnt.c | 14 ++ ssl/statem/statem_lib.c | 18 +++ ssl/statem/statem_srvr.c | 14 ++ test/dtlstest.c | 121 +- test/ssltestlib.c | 83 --- test/ssltestlib.h | 8 +++ 10 files changed, 281 insertions(+), 20 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9d463f6..96f9da6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2703,8 +2703,7 @@ int s_client_main(int argc, char **argv) FD_ZERO(); FD_ZERO(); -if ((SSL_version(con) == DTLS1_VERSION) && -DTLSv1_get_timeout(con, )) +if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, )) timeoutp = else timeoutp = NULL; @@ -2815,10 +2814,8 @@ int s_client_main(int argc, char **argv) } } -if ((SSL_version(con) == DTLS1_VERSION) -&& DTLSv1_handle_timeout(con) > 0) { +if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); -} if (!ssl_pending && FD_ISSET(SSL_get_fd(con), )) { k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); diff --git a/apps/s_server.c b/apps/s_server.c index ef39a4f..b0e9659 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2398,18 +2398,15 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) if ((i < 0) || (!i && !read_from_terminal)) continue; #else -if ((SSL_version(con) == DTLS1_VERSION) && -DTLSv1_get_timeout(con, )) +if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, )) timeoutp = else timeoutp = NULL; i = select(width, (void *), NULL, NULL, timeoutp); -if ((SSL_version(con) == DTLS1_VERSION) -&& DTLSv1_handle_timeout(con) > 0) { +if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); -} if (i <= 0) continue; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 97943d4..37a2eb1 100644 ---
[openssl-commits] Build completed: openssl master.17883
Build openssl master.17883 completed Commit e15e92dbd5 by Matt Caswell on 5/8/2018 7:43 AM: Add a CMS API test Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 2ddfe60be50bfeebd64e01b123fd7176e7226c87 (commit) from 414d19d0341407b211c64729df37889e2c572e12 (commit) - Log - commit 2ddfe60be50bfeebd64e01b123fd7176e7226c87 Author: Matt CaswellDate: Tue May 1 09:29:17 2018 +0100 Fix a mem leak in CMS The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) (cherry picked from commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a) --- Summary of changes: crypto/cms/cms_env.c | 1 + crypto/cms/cms_smime.c | 1 + 2 files changed, 2 insertions(+) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 8d45943..3ecda30 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } +EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5..76883bf 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { +EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit) via 3d551b20df1acd01f80d3ae00d37177e0fdf344a (commit) from 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (commit) - Log - commit e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 Author: Matt CaswellDate: Tue May 1 09:32:30 2018 +0100 Add a CMS API test Previous tests only invoked CMS via the command line app. This test uses the CMS API directly to do and encrypt and decrypt operation. This test would have caught the memory leak fixed by the previous commit (when building with enable-crypto-mdebug). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a Author: Matt Caswell Date: Tue May 1 09:29:17 2018 +0100 Fix a mem leak in CMS The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) --- Summary of changes: crypto/cms/cms_env.c | 1 + crypto/cms/cms_smime.c | 1 + test/build.info| 6 +- test/cmsapitest.c | 93 ++ .../{90-test_tls13ccs.t => 80-test_cmsapi.t} | 13 ++- 5 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 test/cmsapitest.c copy test/recipes/{90-test_tls13ccs.t => 80-test_cmsapi.t} (52%) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 6ca3be7..7c2d420 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } +EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5..76883bf 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { +EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); diff --git a/test/build.info b/test/build.info index 1708e94..535c5aa 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest + sysdefaulttest cmsapitest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -373,6 +373,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[servername_test]=../include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a + SOURCE[cmsapitest]=cmsapitest.c + INCLUDE[cmsapitest]=../include + DEPEND[cmsapitest]=../libcrypto libtestutil.a + IF[{- !$disabled{psk} -}] PROGRAMS_NO_INST=dtls_mtu_test SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c diff --git a/test/cmsapitest.c b/test/cmsapitest.c new file mode 100644 index 000..a79ae8c --- /dev/null +++ b/test/cmsapitest.c @@ -0,0 +1,93 @@ +#include + +#include +#include +#include +#include + +#include "testutil.h" + +static X509 *cert = NULL; +static EVP_PKEY *privkey = NULL; + +static int test_encrypt_decrypt(void) +{ +int testresult = 0; +STACK_OF(X509) *certstack = sk_X509_new_null(); +const char *msg = "Hello world"; +BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg)); +BIO *outmsgbio = BIO_new(BIO_s_mem()); +CMS_ContentInfo* content = NULL; +char buf[80]; + +if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio)) +goto end; + +if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) +goto end; + +content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); +if (!TEST_ptr(content)) +goto end; + +if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, + CMS_TEXT))) +goto end; + +/* Check we got the message we first started with */ +if