Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=397958380-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t .. ok 99-test_fuzz_bndiv.t ... ok 99-test_fuzz_client.t .. ok 99-test_fuzz_cmp.t . ok 99-test_fuzz_cms.t . ok 99-test_fuzz_conf.t ok 99-test_fuzz_crl.t . ok 99-test_fuzz_ct.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=392710080-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t .. ok 99-test_fuzz_bndiv.t ... ok 99-test_fuzz_client.t .. ok 99-test_fuzz_cmp.t . ok 99-test_fuzz_cms.t . ok 99-test_fuzz_conf.t ok 99-test_fuzz_crl.t . ok 99-test_fuzz_ct.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): not ok 2 - iteration 2 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1617767071 not ok 3 - iteration 3 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1617767071 not ok 4 - iteration 4 # -- # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1617767071 not ok 5 - iteration 5 # -- # OPENSSL_TEST_RAND_ORDER=1617767071 not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 14-curves.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 14-curves.cnf # -- # Failed test 'running ssl_test 14-curves.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 166. # Looks like you failed 3 tests of 9. not ok 14 - Test configuration 14-curves.cnf # -- # Looks like you failed 1 test of 30.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/30 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6634 # false # OPENSSL_TEST_RAND_ORDER=1617764014 not ok 2 - iteration 2 # -- # OPENSSL_TEST_RAND_ORDER=1617764014 not ok 56 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/pUCAY7riQK default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1003 # false # OPENSSL_TEST_RAND_ORDER=1617764028 not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1484 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1562 # false # OPENSSL_TEST_RAND_ORDER=1617764028 not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or l
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=366351380-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... skipped: test_sysdefault is not supported in this build 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6634 # false # OPENSSL_TEST_RAND_ORDER=1617754538 not ok 2 - iteration 2 # -- # OPENSSL_TEST_RAND_ORDER=1617754538 not ok 56 - test_ssl_pending # -- ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/oDrmdcQyJQ default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1003 # false # OPENSSL_TEST_RAND_ORDER=1617754549 not ok 3 - test_large_message_dtls # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1484 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1562 # false # OPENSSL_TEST_RAND_ORDER=1617754549 not ok 4 - test_cleanse_plaintext # -- # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load dif
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=334847980-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... skipped: test_sysdefault is not supported in this build 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this config
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via b84c0eaeda471affdb4771fd9ea655b701a44217 (commit) from 46dc0bca6cd623c42489c57e62c69cf568335664 (commit) - Log - commit b84c0eaeda471affdb4771fd9ea655b701a44217 Author: Nan Xiao Date: Thu Apr 1 13:55:04 2021 +0800 Fix potential double free in sslapitest.c Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14758) (cherry picked from commit 493e78986f9677c2b321273da51c276b9a8182d8) --- Summary of changes: test/sslapitest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 4a27ee1ba2..665aa13c23 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1826,8 +1826,10 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) /* Verify changing the rbio/wbio directly does not cause leaks */ if (change_bio != NO_BIO_CHANGE) { -if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( +if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( { +ssl = NULL; goto end; +} if (change_bio == CHANGE_RBIO) SSL_set0_rbio(ssl, membio2); else
[openssl] master update
The branch master has been updated via 493e78986f9677c2b321273da51c276b9a8182d8 (commit) from 0cfbc828e03ad69c50ae51e0c88920d90906498a (commit) - Log - commit 493e78986f9677c2b321273da51c276b9a8182d8 Author: Nan Xiao Date: Thu Apr 1 13:55:04 2021 +0800 Fix potential double free in sslapitest.c Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14758) --- Summary of changes: test/sslapitest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 3e5d532bf4..31b36b23b1 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2743,8 +2743,10 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) /* Verify changing the rbio/wbio directly does not cause leaks */ if (change_bio != NO_BIO_CHANGE) { -if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( +if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( { +ssl = NULL; goto end; +} if (change_bio == CHANGE_RBIO) SSL_set0_rbio(ssl, membio2); else
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-stdio
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-stdio Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-dh_ctrl.d.tmp -MT crypto/evp/libcrypto-lib-dh_ctrl.o -c -o crypto/evp/libcrypto-lib-dh_ctrl.o ../openssl/crypto/evp/dh_ctrl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-dh_support.d.tmp -MT crypto/evp/libcrypto-lib-dh_support.o -c -o crypto/evp/libcrypto-lib-dh_support.o ../openssl/crypto/evp/dh_support.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-i
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 5ad3e6c56e Include BN assembler alongside CPUID code ef83daf4da Refactor CPUID code baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls 0388823329 EVP: Add EVP__description() b638dad970 Add OSSL_STORE_LOADER_description() 1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description() 309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM 650c668737 Corrected missing definitions from NonStop SPT build. 1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys 492bc359dc Fix typos in ssl_lib.c c29554245a Add riscv64 target 975e37cd01 Remove unnecessary BIO_do_handshake()s 78043fe898 Add "save-parameters" encoder parameter 5050fd5b3b Avoid going through NID when unnecessary b064eebb50 EVP_CIPHER_type: fix misleading argument name 83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0 e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST 9754665d6b Add macosx build 6ec37db540 Test miminal windows build using Github actions e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation. Build log ended with (last 100 lines): 70-test_sslmessages.t .. skipped: test_sslmessages needs the sock feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the sock feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the sock feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the sock feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the sock feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the sock feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the sock feature enabled 70-test_sslvertol.t skipped: test_sslvertol needs the sock feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the sock feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the sock feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the sock feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the sock feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the sock feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the sock feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the sock feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the sock feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok Label not found for "last SKIP" at /usr/share/perl/5.30/Test/More.pm line 1372. # Looks like your test exited with 1 just after 5.80-test_cmp_http.t . Dubious, test returned 1 (wstat 256, 0x100) All 5 subtests passed (less 5 skipped subtests: 0 okay) # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-
[openssl] master update
The branch master has been updated via 0cfbc828e03ad69c50ae51e0c88920d90906498a (commit) from 5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (commit) - Log - commit 0cfbc828e03ad69c50ae51e0c88920d90906498a Author: Tomas Mraz Date: Thu Apr 1 17:14:43 2021 +0200 Deprecate the EVP_PKEY controls for CMS and PKCS#7 Improve the ossl_rsa_check_key() to prevent non-signature operations with PSS keys. Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore as they are not needed anymore and deprecate them. Fixes #14276 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14760) --- Summary of changes: CHANGES.md | 9 crypto/cms/cms_env.c| 12 - crypto/cms/cms_sd.c | 36 --- crypto/evp/ctrl_params_translate.c | 38 crypto/pkcs7/pk7_doit.c | 60 - include/openssl/evp.h | 14 +++--- providers/common/include/prov/securitycheck.h | 2 +- providers/common/securitycheck.c| 41 - providers/implementations/asymciphers/rsa_enc.c | 18 providers/implementations/kem/rsa_kem.c | 12 ++--- providers/implementations/signature/rsa.c | 12 ++--- 11 files changed, 79 insertions(+), 175 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 54fc6855f0..581fda0c96 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -31,6 +31,15 @@ OpenSSL 3.0 *Shane Lontis* + * The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT, + EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT, + EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations + are deprecated. They are not invoked by the OpenSSL library anymore and + are replaced by direct checks of the key operation against the key type + when the operation is initialized. + + *Tomáš Mráz* + * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for more key types including RSA, DSA, ED25519, X25519, ED448 and X448. Previously (in 1.1.1) they would return -2. For key types that do not have diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 494c2cc8fc..aa020cedfd 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -485,12 +485,6 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, goto err; } -if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) { -ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR); -goto err; -} - if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) goto err; @@ -574,12 +568,6 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (!ossl_cms_env_asn1_ctrl(ri, 1)) goto err; -if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) { -ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR); -goto err; -} - if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, ktri->encryptedKey->data, ktri->encryptedKey->length) <= 0) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index c98d118f4b..287021fc21 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -749,24 +749,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) si->pctx = pctx; } -/* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. Can we get rid of this completely? AFAICT this ctrl has been - * present since CMS was first put in - but has never been used to do - * anything. All internal implementations just return 1 and ignore this ctrl - * and have always done so by the looks of things. To fix this we could - * convert this ctrl into a param, which would require us to send all the - * signer info data as a set of params...but that is non-trivial and since - * this isn't used by anything it may be better just to remove it. - */ -#if 0 -if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { -ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR); -goto err; -} -#endif - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); if (!abuf) @@ -782,24 +764,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; -/* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. C