Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sm3

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=397958380-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz_asn1.t  ok
99-test_fuzz_asn1parse.t ... ok
99-test_fuzz_bignum.t .. ok
99-test_fuzz_bndiv.t ... ok
99-test_fuzz_client.t .. ok
99-test_fuzz_cmp.t . ok
99-test_fuzz_cms.t . ok
99-test_fuzz_conf.t  ok
99-test_fuzz_crl.t . ok
99-test_fuzz_ct.t 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sm2

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=392710080-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz_asn1.t  ok
99-test_fuzz_asn1parse.t ... ok
99-test_fuzz_bignum.t .. ok
99-test_fuzz_bndiv.t ... ok
99-test_fuzz_client.t .. ok
99-test_fuzz_cmp.t . ok
99-test_fuzz_cms.t . ok
99-test_fuzz_conf.t  ok
99-test_fuzz_crl.t . ok
99-test_fuzz_ct.t 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_3

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

not ok 2 - iteration 2
# --
# ERROR: (int) 'result->client_protocol == 
test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114
# [771] compared to [772]
# INFO:  @ ../openssl/test/ssl_test.c:117
# Protocol mismatch: expected TLSv1.3, got TLSv1.2.
# 
# OPENSSL_TEST_RAND_ORDER=1617767071
not ok 3 - iteration 3
# --
# ERROR: (int) 'result->client_protocol == 
test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114
# [771] compared to [772]
# INFO:  @ ../openssl/test/ssl_test.c:117
# Protocol mismatch: expected TLSv1.3, got TLSv1.2.
# 
# OPENSSL_TEST_RAND_ORDER=1617767071
not ok 4 - iteration 4
# --
# ERROR: (int) 'result->client_protocol == 
test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114
# [771] compared to [772]
# INFO:  @ ../openssl/test/ssl_test.c:117
# Protocol mismatch: expected TLSv1.3, got TLSv1.2.
# 
# OPENSSL_TEST_RAND_ORDER=1617767071
not ok 5 - iteration 5
# --
# OPENSSL_TEST_RAND_ORDER=1617767071
not ok 1 - test_handshake
# --
../../util/wrap.pl ../../test/ssl_test 14-curves.cnf.fips fips 
../../../openssl/test/fips-and-base.cnf => 1
not ok 9 - running ssl_test 14-curves.cnf
# --
#   Failed test 'running ssl_test 14-curves.cnf'
#   at ../openssl/test/recipes/80-test_ssl_new.t line 166.
# Looks like you failed 3 tests of 9.
not ok 14 - Test configuration 14-curves.cnf
# --
# Looks like you failed 1 test of 30.80-test_ssl_new.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/30 subtests 
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled 
in this OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6634
# false
# OPENSSL_TEST_RAND_ORDER=1617764014
not ok 2 - iteration 2
# --
# OPENSSL_TEST_RAND_ORDER=1617764014
not ok 56 - test_ssl_pending
# --
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs 
../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/pUCAY7riQK 
default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:975
# SSL_accept() failed -1, 1
# 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1003
# false
# OPENSSL_TEST_RAND_ORDER=1617764028
not ok 3 - test_large_message_dtls
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:975
# SSL_accept() failed -1, 1
# 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1484
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), 
DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ 
../openssl/test/sslapitest.c:1562
# false
# OPENSSL_TEST_RAND_ORDER=1617764028
not ok 4 - test_cleanse_plaintext
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80E16CCC187F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or l

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

(less 4 skipped subtests: 2 okay)
70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 
enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, 
TLSv1, TLSv1.1 or TLSv1.2 enabled
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, 
TLS1.2 and TLS1.1 enabled
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 
and TLS1.2 enabled
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, 
TLSv1.1 or TLSv1.2 enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=366351380-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled 
in this OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... skipped: test_sysdefault is not supported 
in this build
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6634
# false
# OPENSSL_TEST_RAND_ORDER=1617754538
not ok 2 - iteration 2
# --
# OPENSSL_TEST_RAND_ORDER=1617754538
not ok 56 - test_ssl_pending
# --
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs 
../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/oDrmdcQyJQ 
default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:975
# SSL_accept() failed -1, 1
# 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1003
# false
# OPENSSL_TEST_RAND_ORDER=1617754549
not ok 3 - test_large_message_dtls
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:975
# SSL_accept() failed -1, 1
# 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, 
SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1484
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), 
DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ 
../openssl/test/sslapitest.c:1562
# false
# OPENSSL_TEST_RAND_ORDER=1617754549
not ok 4 - test_cleanse_plaintext
# --
# INFO:  @ ../openssl/test/helpers/ssltestlib.c:957
# SSL_connect() failed -1, 1
# 80B1A2390C7F:error:0A000129:SSL routines:tls_setup_handshake:no 
suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max 
supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in 
the loaded providers. Use (D)TLSv1.2 or above, or load dif

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-tls1_2

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

(less 4 skipped subtests: 2 okay)
70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 
enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, 
TLSv1, TLSv1.1 or TLSv1.2 enabled
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, 
TLS1.2 and TLS1.1 enabled
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 
and TLS1.2 enabled
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, 
TLSv1.1 or TLSv1.2 enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=334847980-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: TLSv1.3 or TLSv1.2 are disabled 
in this OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... skipped: test_sysdefault is not supported 
in this build
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
config

[openssl] OpenSSL_1_1_1-stable update

[Dr . Paul Dale]

The branch OpenSSL_1_1_1-stable has been updated
   via  b84c0eaeda471affdb4771fd9ea655b701a44217 (commit)
  from  46dc0bca6cd623c42489c57e62c69cf568335664 (commit)


- Log -
commit b84c0eaeda471affdb4771fd9ea655b701a44217
Author: Nan Xiao 
Date:   Thu Apr 1 13:55:04 2021 +0800

Fix potential double free in sslapitest.c

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14758)

(cherry picked from commit 493e78986f9677c2b321273da51c276b9a8182d8)

---

Summary of changes:
 test/sslapitest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 4a27ee1ba2..665aa13c23 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1826,8 +1826,10 @@ static int execute_test_ssl_bio(int pop_ssl, 
bio_change_t change_bio)
 
 /* Verify changing the rbio/wbio directly does not cause leaks */
 if (change_bio != NO_BIO_CHANGE) {
-if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem(
+if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( {
+ssl = NULL;
 goto end;
+}
 if (change_bio == CHANGE_RBIO)
 SSL_set0_rbio(ssl, membio2);
 else

[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
   via  493e78986f9677c2b321273da51c276b9a8182d8 (commit)
  from  0cfbc828e03ad69c50ae51e0c88920d90906498a (commit)


- Log -
commit 493e78986f9677c2b321273da51c276b9a8182d8
Author: Nan Xiao 
Date:   Thu Apr 1 13:55:04 2021 +0800

Fix potential double free in sslapitest.c

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14758)

---

Summary of changes:
 test/sslapitest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 3e5d532bf4..31b36b23b1 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2743,8 +2743,10 @@ static int execute_test_ssl_bio(int pop_ssl, 
bio_change_t change_bio)
 
 /* Verify changing the rbio/wbio directly does not cause leaks */
 if (change_bio != NO_BIO_CHANGE) {
-if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem(
+if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem( {
+ssl = NULL;
 goto end;
+}
 if (change_bio == CHANGE_RBIO)
 SSL_set0_rbio(ssl, membio2);
 else

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-stdio

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-stdio

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -I../openssl -I../openssl/include 
-I../openssl/providers/common/include 
-I../openssl/providers/implementations/include  -DAES_ASM -DBSAES_ASM 
-DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM 
-DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 
-Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
 -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN 
-DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL  -MMD 
-MF crypto/evp/libcrypto-lib-dh_ctrl.d.tmp -MT 
crypto/evp/libcrypto-lib-dh_ctrl.o -c -o crypto/evp/libcrypto-lib-dh_ctrl.o 
../openssl/crypto/evp/dh_ctrl.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -I../openssl -I../openssl/include 
-I../openssl/providers/common/include 
-I../openssl/providers/implementations/include  -DAES_ASM -DBSAES_ASM 
-DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM 
-DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 
-Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers 
 -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN 
-DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL  -MMD 
-MF crypto/evp/libcrypto-lib-dh_support.d.tmp -MT 
crypto/evp/libcrypto-lib-dh_support.o -c -o 
crypto/evp/libcrypto-lib-dh_support.o ../openssl/crypto/evp/dh_support.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -I../openssl -I../openssl/include 
-I../openssl/providers/common/include 
-I../openssl/providers/implementations/include  -DAES_ASM -DBSAES_ASM 
-DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM 
-DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 
-Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC 
-pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-i

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sock

Commit log since last time:

5ad3e6c56e Include BN assembler alongside CPUID code
ef83daf4da Refactor CPUID code
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
0388823329 EVP: Add EVP__description()
b638dad970 Add OSSL_STORE_LOADER_description()
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
650c668737 Corrected missing definitions from NonStop SPT build.
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
492bc359dc Fix typos in ssl_lib.c
c29554245a Add riscv64 target
975e37cd01 Remove unnecessary BIO_do_handshake()s
78043fe898 Add "save-parameters" encoder parameter
5050fd5b3b Avoid going through NID when unnecessary
b064eebb50 EVP_CIPHER_type: fix misleading argument name
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to 
OSSL_DIGEST_NAME_SHA2_256
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
9754665d6b Add macosx build
6ec37db540 Test miminal windows build using Github actions
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.

Build log ended with (last 100 lines):

70-test_sslmessages.t .. skipped: test_sslmessages needs the sock 
feature enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs the sock 
feature enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the 
sock feature enabled
70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the sock 
feature enabled
70-test_sslsignature.t . skipped: test_sslsignature needs the sock 
feature enabled
70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the sock 
feature enabled
70-test_sslversions.t .. skipped: test_sslversions needs the sock 
feature enabled
70-test_sslvertol.t  skipped: test_sslvertol needs the sock 
feature enabled
70-test_tls13alerts.t .. skipped: test_tls13alerts needs the sock 
feature enabled
70-test_tls13cookie.t .. skipped: test_tls13cookie needs the sock 
feature enabled
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the 
sock feature enabled
70-test_tls13hrr.t . skipped: test_tls13hrr needs the sock 
feature enabled
70-test_tls13kexmodes.t  skipped: test_tls13kexmodes needs the sock 
feature enabled
70-test_tls13messages.t  skipped: test_tls13messages needs the sock 
feature enabled
70-test_tls13psk.t . skipped: test_tls13psk needs the sock 
feature enabled
70-test_tlsextms.t . skipped: test_tlsextms needs the sock 
feature enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

Label not found for "last SKIP" at /usr/share/perl/5.30/Test/More.pm line 1372.
# Looks like your test exited with 1 just after 5.80-test_cmp_http.t 
. 
Dubious, test returned 1 (wstat 256, 0x100)
All 5 subtests passed 
(less 5 skipped subtests: 0 okay)

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . skipped: No DTLS protocols are supported 
by this OpenSSL build
80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK 
support enabled
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-

[openssl] master update

[tomas]

The branch master has been updated
   via  0cfbc828e03ad69c50ae51e0c88920d90906498a (commit)
  from  5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (commit)


- Log -
commit 0cfbc828e03ad69c50ae51e0c88920d90906498a
Author: Tomas Mraz 
Date:   Thu Apr 1 17:14:43 2021 +0200

Deprecate the EVP_PKEY controls for CMS and PKCS#7

Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.

Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.

Fixes #14276

Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/14760)

---

Summary of changes:
 CHANGES.md  |  9 
 crypto/cms/cms_env.c| 12 -
 crypto/cms/cms_sd.c | 36 ---
 crypto/evp/ctrl_params_translate.c  | 38 
 crypto/pkcs7/pk7_doit.c | 60 -
 include/openssl/evp.h   | 14 +++---
 providers/common/include/prov/securitycheck.h   |  2 +-
 providers/common/securitycheck.c| 41 -
 providers/implementations/asymciphers/rsa_enc.c | 18 
 providers/implementations/kem/rsa_kem.c | 12 ++---
 providers/implementations/signature/rsa.c   | 12 ++---
 11 files changed, 79 insertions(+), 175 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 54fc6855f0..581fda0c96 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,6 +31,15 @@ OpenSSL 3.0
 
*Shane Lontis*
 
+ * The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
+   EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
+   EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
+   are deprecated. They are not invoked by the OpenSSL library anymore and
+   are replaced by direct checks of the key operation against the key type
+   when the operation is initialized.
+
+   *Tomáš Mráz*
+
  * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work 
for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 494c2cc8fc..aa020cedfd 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -485,12 +485,6 @@ static int cms_RecipientInfo_ktri_encrypt(const 
CMS_ContentInfo *cms,
 goto err;
 }
 
-if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-  EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
-ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR);
-goto err;
-}
-
 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
 goto err;
 
@@ -574,12 +568,6 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo 
*cms,
 if (!ossl_cms_env_asn1_ctrl(ri, 1))
 goto err;
 
-if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
-  EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
-ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR);
-goto err;
-}
-
 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
  ktri->encryptedKey->data,
  ktri->encryptedKey->length) <= 0)
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c98d118f4b..287021fc21 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -749,24 +749,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 si->pctx = pctx;
 }
 
-/*
- * TODO(3.0): This causes problems when providers are in use, so disabled
- * for now. Can we get rid of this completely? AFAICT this ctrl has been
- * present since CMS was first put in - but has never been used to do
- * anything. All internal implementations just return 1 and ignore this 
ctrl
- * and have always done so by the looks of things. To fix this we could
- * convert this ctrl into a param, which would require us to send all the
- * signer info data as a set of params...but that is non-trivial and since
- * this isn't used by anything it may be better just to remove it.
- */
-#if 0
-if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-  EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
-ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR);
-goto err;
-}
-#endif
-
 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
  ASN1_ITEM_rptr(CMS_Attributes_Sign));
 if (!abuf)
@@ -782,24 +764,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
 goto err;
 
-/*
- * TODO(3.0): This causes problems when providers are in use, so disabled
- * for now. C