[openssl-commits] Build failed in Jenkins: 1_0_2_basic #526

[osslsanity]

See 


Changes:

[github] Merge 1.0.2 setuid calls to getenv(3) safety. (#7299)

--
[...truncated 483.55 KB...]
test normal x509v1 certificate
sh ./tx509 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
Parsing test certificates
OK
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
Parsing test certificates
OK
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
Parsing test certificates
OK
rsa
testing rsa conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
../util/shlib_wrap.sh ./rsa_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing session-id conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a RSA private key
.+
...+
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
verify OK
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions (2)
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo 
../certs/demo/*.pem
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = 
Test PCA (1024 bit)
error 10 at 1 depth lookup:certificate has expired
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = PCA
error 10 at 1 depth lookup:certificate has expired
C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = PCA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN 
= Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
Generate a set of DH parameters
../util/shlib_wrap.sh ./dhtest
..++.+..+...+.+.+.+.+++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*

p=88EADEBA16E3E377
g=5
pri 1=4D46D55055B1992F
pub 1=6B3EBED77163AED2
pri 2=5722E08877F9D265
pub 2=5508A4136F8DFDB4
key1 =6C7AC3AFD12FD4DA
key2 =6C7AC3AFD12FD4DA
RFC5114 parameter test 1 OK
RFC5114 parameter test 2 OK
RFC5114 parameter test 3 OK
RFC5114 parameter test 4 OK
Generate a set of DSA parameters
../util/shlib_wrap.sh ./dsatest
test generation of DSA parameters
.*
...++..+...++.+..+..+*
seed
D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 
counter=105 h=2
P:   
00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
ee:31:c8:02:91
Q:   
00:c7:7

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.20063

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.20063 failed


Commit d98872c551 by Pauli on 9/24/2018 4:06 AM:

Merge 1.0.2 setuid calls to getenv(3) safety.


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl revert-7299-getenv-102.20059

[AppVeyor]

Build openssl revert-7299-getenv-102.20059 completed



Commit c3de544c0f by Pauli on 9/24/2018 3:26 AM:

Revert "Merge 1.0.2 setuid calls to getenv(3) safety. (#7299)"


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.20058

[AppVeyor]

Build openssl OpenSSL_1_0_2-stable.20058 failed


Commit 1e95aa26c4 by Pauli on 9/24/2018 3:26 AM:

Merge 1.0.2 setuid calls to getenv(3) safety. (#7299)


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Passed: openssl/openssl#20796 (revert-7299-getenv-102 - c3de544)

[Travis CI]

Build Update for openssl/openssl
-

Build: #20796
Status: Passed

Duration: 5 mins and 46 secs
Commit: c3de544 (revert-7299-getenv-102)
Author: Pauli
Message: Revert "Merge 1.0.2 setuid calls to getenv(3) safety. (#7299)"

This reverts commit 1e95aa26c4cc6579e16bc4fc7e8cb23bb9837880.

View the changeset: https://github.com/openssl/openssl/commit/c3de544c0f27

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/432309265?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Broken: openssl/openssl#20795 (OpenSSL_1_0_2-stable - 1e95aa2)

[Travis CI]

Build Update for openssl/openssl
-

Build: #20795
Status: Broken

Duration: 8 mins and 2 secs
Commit: 1e95aa2 (OpenSSL_1_0_2-stable)
Author: Pauli
Message: Merge 1.0.2 setuid calls to getenv(3) safety. (#7299)

Manual merge of #7047 to 1.0.2-stable.

View the changeset: 
https://github.com/openssl/openssl/compare/459b128a2d03...1e95aa26c4cc

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/432309197?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#20791 (master - 5c39a55)

[Travis CI]

Build Update for openssl/openssl
-

Build: #20791
Status: Errored

Duration: 17 mins and 47 secs
Commit: 5c39a55 (master)
Author: Pauli
Message: Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/7047)

View the changeset: 
https://github.com/openssl/openssl/compare/0f58220973a0...5c39a55d04ea

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/432289920?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Paul I . Dale]

The branch OpenSSL_1_1_0-stable has been updated
   via  1abdf08284af055f68c5ece4c7c0efa8f2bf323a (commit)
  from  4aa1739c111e1390909533e7b2f485bc655c2489 (commit)


- Log -
commit 1abdf08284af055f68c5ece4c7c0efa8f2bf323a
Author: Pauli 
Date:   Mon Sep 24 11:21:18 2018 +1000

Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/7047)

(cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d)

---

Summary of changes:
 crypto/build.info  |  2 +-
 crypto/conf/conf_api.c |  7 ---
 crypto/conf/conf_mod.c |  3 +--
 crypto/ct/ct_log.c |  2 +-
 crypto/engine/eng_list.c   |  2 +-
 crypto/getenv.c| 31 +++
 crypto/include/internal/cryptlib.h |  2 ++
 crypto/pkcs12/p12_mutl.c   | 18 +-
 crypto/rand/randfile.c |  9 ++---
 crypto/x509/by_dir.c   |  3 ++-
 crypto/x509/by_file.c  |  2 +-
 11 files changed, 55 insertions(+), 26 deletions(-)
 create mode 100644 crypto/getenv.c

diff --git a/crypto/build.info b/crypto/build.info
index e693eba..8e15379 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -2,7 +2,7 @@ LIBS=../libcrypto
 SOURCE[../libcrypto]=\
 cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
 ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
-threads_pthread.c threads_win.c threads_none.c \
+threads_pthread.c threads_win.c threads_none.c getenv.c \
 o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
 {- $target{uplink_aux_src} -}
 EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 79e682a..36c91b1 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -9,11 +9,12 @@
 
 /* Part of the code in here was originally in conf.c, which is now removed */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
 #include 
 #include 
 #include 
 #include 
-#include "e_os.h"
 
 static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
 static void value_free_stack_doall(CONF_VALUE *a);
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 if (v != NULL)
 return (v->value);
 if (strcmp(section, "ENV") == 0) {
-p = getenv(name);
+p = ossl_safe_getenv(name);
 if (p != NULL)
 return (p);
 }
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 else
 return (NULL);
 } else
-return (getenv(name));
+return ossl_safe_getenv(name);
 }
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 543a8ea..7314435 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -478,8 +478,7 @@ char *CONF_get1_default_config_file(void)
 char *file;
 int len;
 
-file = getenv("OPENSSL_CONF");
-if (file)
+if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
 return OPENSSL_strdup(file);
 
 len = strlen(X509_get_default_cert_area());
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index d442322..881dc98 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF 
*conf, const char *sec
 
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
 {
-const char *fpath = getenv(CTLOG_FILE_EVP);
+const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
 
 if (fpath == NULL)
   fpath = CTLOG_FILE;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 934389f..fcab415 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -322,7 +322,7 @@ ENGINE *ENGINE_by_id(const char *id)
  * Prevent infinite recursion if we're looking for the dynamic engine.
  */
 if (strcmp(id, "dynamic")) {
-if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
 load_dir = ENGINESDIR;
 iterator = ENGINE_by_id("dynamic");
 if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff --git a/crypto/getenv.c b/crypto/getenv.c
new file mode 100644
index 000..7e98b64
--- /dev/null
+++ b/crypto/getenv.c
@@ -

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

[Paul I . Dale]

The branch OpenSSL_1_1_1-stable has been updated
   via  79c2c741303ed188214b9299a51c837635f7e9a8 (commit)
  from  1fd6afb571e85fbc37ffb522646e7ec2c6e4a11e (commit)


- Log -
commit 79c2c741303ed188214b9299a51c837635f7e9a8
Author: Pauli 
Date:   Mon Sep 24 11:21:18 2018 +1000

Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/7047)

(cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d)

---

Summary of changes:
 crypto/build.info   |  2 +-
 crypto/conf/conf_api.c  |  5 +++--
 crypto/conf/conf_mod.c  |  7 ++-
 crypto/ct/ct_log.c  |  2 +-
 crypto/engine/eng_list.c|  3 +--
 crypto/getenv.c | 31 +++
 crypto/pkcs12/p12_mutl.c| 18 +-
 crypto/rand/randfile.c  |  6 ++
 crypto/x509/by_dir.c|  2 +-
 crypto/x509/by_file.c   |  2 +-
 include/internal/cryptlib.h |  2 ++
 11 files changed, 54 insertions(+), 26 deletions(-)
 create mode 100644 crypto/getenv.c

diff --git a/crypto/build.info b/crypto/build.info
index b515b73..2c619c6 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -2,7 +2,7 @@ LIBS=../libcrypto
 SOURCE[../libcrypto]=\
 cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
 ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
-threads_pthread.c threads_win.c threads_none.c \
+threads_pthread.c threads_win.c threads_none.c getenv.c \
 o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
 {- $target{uplink_aux_src} -}
 EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 72fe2da..5e57d74 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -10,6 +10,7 @@
 /* Part of the code in here was originally in conf.c, which is now removed */
 
 #include "e_os.h"
+#include "internal/cryptlib.h"
 #include 
 #include 
 #include 
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 if (v != NULL)
 return v->value;
 if (strcmp(section, "ENV") == 0) {
-p = getenv(name);
+p = ossl_safe_getenv(name);
 if (p != NULL)
 return p;
 }
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 else
 return NULL;
 } else
-return getenv(name);
+return ossl_safe_getenv(name);
 }
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index df53609..51f262e 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void)
 char *file, *sep = "";
 int len;
 
-if (!OPENSSL_issetugid()) {
-file = getenv("OPENSSL_CONF");
-if (file)
-return OPENSSL_strdup(file);
-}
+if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+return OPENSSL_strdup(file);
 
 len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index be6681d..c1bca3e 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF 
*conf, const char *sec
 
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
 {
-const char *fpath = getenv(CTLOG_FILE_EVP);
+const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
 
 if (fpath == NULL)
   fpath = CTLOG_FILE;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 4bc7ea1..45c339c 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -317,8 +317,7 @@ ENGINE *ENGINE_by_id(const char *id)
  * Prevent infinite recursion if we're looking for the dynamic engine.
  */
 if (strcmp(id, "dynamic")) {
-if (OPENSSL_issetugid()
-|| (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
 load_dir = ENGINESDIR;
 iterator = ENGINE_by_id("dynamic");
 if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff --git a/crypto/getenv.c b/crypto/getenv.c
new file mode 100644
index 000..7e98b64
--- /dev/null
+++ b/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Righ

[openssl-commits] [openssl] master update

[Paul I . Dale]

The branch master has been updated
   via  5c39a55d04ea6e6f734b627a050b9e702788d50d (commit)
  from  0f58220973a02248ca5c69db59e615378467b9c8 (commit)


- Log -
commit 5c39a55d04ea6e6f734b627a050b9e702788d50d
Author: Pauli 
Date:   Mon Sep 24 11:21:18 2018 +1000

Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/7047)

---

Summary of changes:
 crypto/build.info   |  2 +-
 crypto/conf/conf_api.c  |  5 +++--
 crypto/conf/conf_mod.c  |  7 ++-
 crypto/ct/ct_log.c  |  2 +-
 crypto/engine/eng_list.c|  3 +--
 crypto/getenv.c | 31 +++
 crypto/pkcs12/p12_mutl.c| 18 +-
 crypto/rand/randfile.c  |  6 ++
 crypto/x509/by_dir.c|  2 +-
 crypto/x509/by_file.c   |  2 +-
 include/internal/cryptlib.h |  2 ++
 11 files changed, 54 insertions(+), 26 deletions(-)
 create mode 100644 crypto/getenv.c

diff --git a/crypto/build.info b/crypto/build.info
index b515b73..2c619c6 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -2,7 +2,7 @@ LIBS=../libcrypto
 SOURCE[../libcrypto]=\
 cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
 ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
-threads_pthread.c threads_win.c threads_none.c \
+threads_pthread.c threads_win.c threads_none.c getenv.c \
 o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
 {- $target{uplink_aux_src} -}
 EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 72fe2da..5e57d74 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -10,6 +10,7 @@
 /* Part of the code in here was originally in conf.c, which is now removed */
 
 #include "e_os.h"
+#include "internal/cryptlib.h"
 #include 
 #include 
 #include 
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 if (v != NULL)
 return v->value;
 if (strcmp(section, "ENV") == 0) {
-p = getenv(name);
+p = ossl_safe_getenv(name);
 if (p != NULL)
 return p;
 }
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 else
 return NULL;
 } else
-return getenv(name);
+return ossl_safe_getenv(name);
 }
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index df53609..51f262e 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void)
 char *file, *sep = "";
 int len;
 
-if (!OPENSSL_issetugid()) {
-file = getenv("OPENSSL_CONF");
-if (file)
-return OPENSSL_strdup(file);
-}
+if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+return OPENSSL_strdup(file);
 
 len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index be6681d..c1bca3e 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF 
*conf, const char *sec
 
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
 {
-const char *fpath = getenv(CTLOG_FILE_EVP);
+const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
 
 if (fpath == NULL)
   fpath = CTLOG_FILE;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 4bc7ea1..45c339c 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -317,8 +317,7 @@ ENGINE *ENGINE_by_id(const char *id)
  * Prevent infinite recursion if we're looking for the dynamic engine.
  */
 if (strcmp(id, "dynamic")) {
-if (OPENSSL_issetugid()
-|| (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
 load_dir = ENGINESDIR;
 iterator = ENGINE_by_id("dynamic");
 if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff --git a/crypto/getenv.c b/crypto/getenv.c
new file mode 100644
index 000..7e98b64
--- /dev/null
+++ b/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ 

[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared 
-DOPENSSL_SMALL_FOOTPRINT

Commit log since last time:

0f58220973 Create the .rnd file it it does not exist
46d085096c typo-fixes: miscellaneous typo fixes
f39a02c68a Fix the max psk len for TLSv1.3
cd6fe29f5b Add a test for the certificate callback
524006dd1b Delay setting the sig algs until after the cert_cb has been called
dda5396aae crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of 
BN_ULONG

Build log ended with (last 100 lines):

../../openssl/test/recipes/80-test_dtls_mtu.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_dtlsv1listen.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_ocsp.t   (Wstat: 768 Tests: 
11 Failed: 3)
  Failed tests:  1, 10-11
  Non-zero exit status: 3
../../openssl/test/recipes/80-test_pkcs12.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_ssl_new.t(Wstat: 6656 Tests: 
27 Failed: 26)
  Failed tests:  1-21, 23-27
  Non-zero exit status: 26
../../openssl/test/recipes/80-test_ssl_old.t(Wstat: 1280 Tests: 
6 Failed: 5)
  Failed tests:  1-2, 4-6
  Non-zero exit status: 5
../../openssl/test/recipes/80-test_ssl_test_ctx.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_sslcorrupt.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_tsa.t(Wstat: 256 Tests: 
20 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/80-test_x509aux.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_asn1_time.t  (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_async.t  (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_bio_enc.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_constant_time.t  (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_fatalerr.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_gmdiff.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_ige.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_includes.t   (Wstat: 768 Tests: 
3 Failed: 3)
  Failed tests:  1-3
  Non-zero exit status: 3
../../openssl/test/recipes/90-test_memleak.t(Wstat: 512 Tests: 
2 Failed: 2)
  Failed tests:  1-2
  Non-zero exit status: 2
../../openssl/test/recipes/90-test_overhead.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_secmem.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_srp.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_sslbuffers.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_sysdefault.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_threads.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_time_offset.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_tls13ccs.t   (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_tls13encryption.t(Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/90-test_v3name.t (Wstat: 256 Tests: 
1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../../openssl/test/recipes/99-test_fuzz.t   (Wstat: 2816 Tests: 
11 Failed: 11)
  Failed tests:  1-11
  Non-zero exit status: 11
Files=152, Tests=860, 46

[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl

[scan-admin]

Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2WgZC0KnceY7kNrcdLm-2F97e5cPnmuhym0ysZdXni2UNXGpHWbpUCpg3m6W7xHXDdo6nWfTGNlxxtw16i-2B6oPDzHTaLqd1vd0PzxrCUuWxRKK-2F9-2Fh8xDnkuV0ZhrKYTenpjiDHjFgpUCfSMfBnjALLgN-2FM0EkbHp47zU-2BH489wY6iCRcp9rFA26ZwJ6OwjsE9s-3D

Build ID: 229075

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2

[scan-admin]

Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
The results are available at 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3d7kZVt0KAkcA63FxufpMwGY8Ohvu9q06TYbV23W-2BFWbRb5nvvAEK1XnB0XbEU-2FPF-2BsreL2eih-2B1BhXyKtiINulByOrG0AOLp6Yq9CzCzVrQwI8H9GdMA6a0wf3WSiSDCOqSQhLNLiXGKoNod5gDOopoOt3zNdLn-2BnVcJBevd3eCigtZq4LD6WHgfsPyOPY94-3D

Build ID: 229076

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits