[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ct

OpenSSL run-checker openssl at openssl.org
Fri Aug 25 00:36:47 UTC 2017

Platform and configuration command:

$ uname -a
Linux run 4.4.0-77-generic #98-Ubuntu SMP Wed Apr 26 08:34:02 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ct

Commit log since last time:

da9b249 Check range of test values using isascii before diving into the full range of ctype functions.
0f3ffbd apps/passwd.c: Make MD5 and SHA password making EBCDIC aware
17621bc apps/passwd.c: Fix code layout
16583e9 apps/passwd.c: Don't disable MD5 and SHA when CHARSET_EBCDIC is defined
678c462 Check for EOF in ASCII conversions.
f7d1d2a Fix enable-sctp
3733ce6 Add documentation for SRTP functions
5e95c1e Correct GCM docs.
a130950 Tweak wording to be more clear.
c9b820a Fix BN_print()
9d951a7 Move randomness to allocated buffer
27c6d63 Improvement the formatting in bn_print.c Movely removal of unnecessary brackets but some could be bugs addressed too.
0e97f1e (Re)move some things from e_os.h
94e1f8a Remove useless macros in apps/speed.c
bef7a81 Use "" not <> on e_os.h include
3d3f21a Remove custom base64 code.
6ac5890 Don't try to compare the ctype functions on values > 127
196f5c4 Don't try to test ctype functions for values < 0 or > 255
176db6d Use "" not <> for internal/ includes
12bd06c Fix the lack of isblank() with VMS C
ffb4683 Add random serial# support.
932c0df Avoid a self-assignment.
9c481c2 Dead code elimination.
a1df06b This has been added to avoid the situation where some host ctype.h functions return true for characters > 127.  I.e. they are allowing extended ASCII characters through which then cause problems.  E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably.  Likewise letters with diacritical marks can also cause problems.
00dfbaa Fix ctype arguments.
0d68367 Safely display SNI (just in case)
43f985f Document missing EVP_PKEY_method_* items
c27363f Check # of arguments for remaining commands.
b73b4d7 Add PKEY_CTX setter tests for TLS1-PRF
8880983 More updates following review feedback
638c2dd Updates following feedback on OPENSSL_assert() removal
42d7d7d Remove OPENSSL_assert() from crypto/x509v3
24664a3 Remove OPENSSL_assert() from crypto/x509
fb7621c Remove OPENSSL_assert() from crypto/threads_none.c
e40ada0 Remove OPENSSL_assert() from crypto/pem
7d248ee Remove OPENSSL_assert() from crypto/kdf
8f9ee7a Remove OPENSSL_assert() from crypto/hmac
de61c03 Remove OPENSSL_assert() from crypto/ec
64d9844 Remove OPENSSL_assert() from conf_api.c
437e505 Remove OPENSSL_assert() usage from crypto/bn
86f31dd Remove OPENSSL_assert() from various crypto/bio files
297c114 Remove OPENSSL_assert() from crypto/asn1/bio_asn1.c
045fe73 Remove double error messages
7246014 Fix ui_write in apps/apps.c
b842fcb Put thread-fork-init inside a run-once guard
10ed1b7 Reorder extensions to put SigAlgs last
326eaa9 Addressed build failure because of missing #ifdef AF_UNIX guard CLA: trivial
77a9c26 Add a comment on expectations in the "tar" target
17c84aa Prepare tarball in dist directory
34a5b7d Turn on error sensitivity in the "tar" target
fdf9450 test/asn1_time_test.c: Better check of signed time_t
8909c2c err/err.c: improve readability.
d3d880c err/err.c: fix "wraparound" bug in ERR_set_error_data.
9ef73a6 Fix windows build after too aggressive e_os.h removal
b99fe5f Remove tests dependence on e_os.h
524fdd5 Clear outputs in PKCS12_parse error handling.
5b7b011 When building a tarball, avoid trying to copy submodules
296cbb5 Determine the number of output columns for the list and help commands using the command names rather than hard coding it (conditionally).
121738d Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
e0584e9 sha/asm/keccak1600-armv4.pl: optimize for Thumb-2.
6b9c46f Fix some documentation typos.
a303e9a fix some typos
2e38091 Fix two MSVC warnings in apps.c
31a8069 [Win] Fix some test method signatures ...
30bb025 Copy dlls into fuzz directory
61389f0 bndiv fuzzer: limit the size of the input to avoid timeout
64bf101 Fix coding style of EVP_PKEY_CTX_ctrl_uint64
b35ef02 Print pathnames for 'version -r'
1fcb6a3 STORE: Add documentation on the expectations for returned names
3302429 STORE: Add info on the expected post_process callback behavior
645c879 Fix overzealous cleanup command
0aed6e4 Add SSL_get_pending_cipher()
5626f63 Move ALPN handling from finalizer to delayed call
12997aa Revert "Add some casts for %j"
b158049 Use new setup_tests in code of rsa_test
140dab3 Clear error stack on successful OSSL_STORE_open()
e1a4ff7 Add ERR_clear_last_mark()
9237173 Rename crypto/evp/scrypt.c to crypto/evp/pbe_scrypt.c
8d2214c File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
cb6afcd Consolidate the locations where we have our internal perl modules
c4d2e48 Add some casts for %j
e75138a Doc fixes
bc5145e Instantiate when RAND_status() checks
bdcacd9 Fix some typo and comments [skip ci]
3c1a60e sha/asm/keccak1600-avx512.pl: fix buglet in SHA3_squeeze tail.
bbde474 Wire SHAKE to EVP.
cd8d145 Add EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.
bbe9c3d Clarify CLI OCSP documentation
44e6995 Fix some Typos and indents
710769f Move FuzzerSetRand to separate file.
5ff5f74 [extended tests] Add steps to update an external test suite
670d303 Update pyca-cryptography to latest commit
ed5c7ea no-ec2m fixes
1aee92b Add alternative CMS P-256 cert
f50b5f3 Fix no-ec
180c3fc Fix minor type warnings and risk of memory leak in testutil/driver.c
e374335 Don't modify resumed session objects
7477c83 Add missing documentation of the default format for commands.
3cb6a4d Fix memory leak in session cache test
8d50b9c Add -d flag to list -u details (now normally off)
1a9f5cf Add missing HTML tag in www_body in s_server.c
0c714ba Fix trivial nits in documentaion
6a2da30 Add XXX_security_bits documentation
7a301f0 Test server side session caching
07927be Add an SSL_SESSION_dup() function
402f26e Fix building without scrypt
5d09b00 Add test for ECDH CMS key only
3f1d170 Support CMS decrypt without a certificate for all key types
6d8aba7 Add documentation for the scrypt PKEY_METHOD
6aa907a Add PKEY_METHOD macro tests
cefa762 Add interface to the scrypt KDF by means of PKEY_METHOD
9ed79d8 Various RAND improvements
db854bb Avoid surpising password dialog in X509 file lookup.
a35f607 Make RAND_DRBG fork-safe
9980187 Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value.  This allows an error return from the setup function.
5f8dd0f Add missing include of cryptlib.h
c57c32a Add predicatable RAND_METHOD to test ENGINE
69a978d Use passed drbg, not global one
afc901e Small typo in manpage of x509(1)
c9a41d7 Fix typo in files in crypto folder
c67a2f8 Fix typo in HKDF example documentation
4c78ba5 Add entropy sanity check
78632b6 Set randomness buffer pointer in get_entropy calls.
cf37aaa Consolidate to a single asn1_time_from_tm() function
2326bba Test fixtures changed to pointers.
fbf9d10 recipes/80-test_ca.t: make it work with spaces in pathnames.
ddc6a5c Add RAND_priv_bytes() for private keys
ae3947d Add a DRBG to each SSL object
75e2c87 Switch from ossl_rand to DRBG rand
67dc995 Move ossl_assert
5bd05e5 remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration
e29bb83 Remove the obsolete misleading comment and code related to it.
b15d5ab Allow use of long name for KDFs
3f4af53 Fix indentation
5b27751 Added differentiation between missing secret and missing seed
f55129c Changed use of EVP_PKEY_CTX_md() and more specific error codes
a24a5b8 More error handling to HKDF and one more case in TLS1-PRF
e65f650 Set error when HKDF used without parameters
d9ca12c sha/asm/keccak1600-armv4.pl: improve non-NEON performance by ~10%.
7e885b7 Simplify some of the sslapitest code.
418d49c Adding NID_hmac_sha1 and _md5 to builtin_pbe[]
5d010e3 sha/keccak1600.c: choose more sensible default parameters.
b7e011f asn1/a_time.c: make handling of 'fractional point' formally correct.
a9dee23 Add test case for ASN1_TIME_print
003ef7e Add EC key generation paragraph in doc/HOWTO/keys.txt
07c54e5 RSA_get0_ functions permit NULL parameters
c0537eb Add a test to check we get a new session even if s->hit is true in TLSv1.3
5d61491 Fix new_session_cb calls in TLSv1.3
c290853 Add '-ext' option to display extensions in 'x509'
a970b14 Fix typo in documents
e670db0 Fix an information leak in the RSA padding check code. The memory blocks contain secret data and must be cleared before returning to the system heap.
b93a295 Fix SSL_set_tlsext_debug_callback/-tlsextdebug
ee1ed1d Fix the names of older ciphers.
f978f2b Fix errors in SSL_state_string_long
5bd051a app_isdir() cleanup
57c835a bn/bn_lcl.h: restore formatting.
7aca329 bn/bn_lcl.h: use __int128 whenever possible, not only on MIPS.
4628837 bn/bn_lcl.h: improve inline assembly coverage on PPC64.
bac5b39 Fix typo in sha1-thumb.pl
f673c4f Refactor ASN1_TIME_print functions
27eb9f2 Fix typo in ASN1_TIME_set.pod
3519bae Fix typos in files in ssl directory
1c02699 Update ASN1_TIME_to_tm's documentation
f00d0fd Update copyright header
3c05180 Remove redundant declarations in ssl_locl.h
00f3a01 Remove redundant declarations in record_locl.h
5f9602e make update
e1631f5 Add list -public-key-methods
48ed9c2 Add public key method enumeration function.
8bf2d93 Add some test coverage for OPENSSL_secure_clear_free
358d446 Use OPENSSL_secure_clear_free in STORE file_load
2ca8bbe Use OPENSSL_secure_clear_free in PEM_read_bio_PrivateKey and PEM_read_bio_ex
2928b29 Document OPENSSL_secure_clear_free
5d8f1b1 Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys
4dae7cd Implement the CRYPTO_secure_clear_free function
0443b11 Add some test coverage for PEM_read_bio_PrivateKey
02fd47c Clean password buffer on stack for PEM_read_bio_PrivateKey and d2i_PKCS8PrivateKey_bio before it goes out of scope.
03883e7 Fix rsa -check option
190b9a0 Make SSL_set_tlsext_host_name no effect from server side
3ca1f89 Fix coding style nits in crypto/asn1/a_strnid.c
dbd007d Fix a reference nit in doc
102c9e1 Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
735e350 Formatting & declaration cleanse.
e89f5fb OPENSSL_NO_ENGINE defined causes build failures
d3b58b9 Remove trailing whitespace from store-related man pages
7af4262 Improve style
1fb2993 Catch up to the removal of OSSL_STORE_open_file()
baa77e0 Fixups for STORE commit
354ab36 Define a value for SYS_F_FCNTL
52b6e17 Fix trivial coding style nits in a_time/a_tm files Clean up some true/false returns
d67e755 Fix comment typo.
1d7f335 Various doc fixes.
9f08a1c Install custom RAND_METHOD for fuzzing
4340588 Fix the two new tests since approval.
ad88741 Update the test framework so that the need for test_main is removed.  Everything that needed test_main now works using the same infrastructure as tests that used register_tests.
d445302 Simplify the handling of shared library version numbers
00606b0 add basic references to the new methods in documentation
75f163d handle scrypt PBKDF in PKCS#12 files info
7eb370e nicer formatting for MAC info
e15c95c make scrypt ASN.1 parameter functions public
11a25d3 more info about PKCS#12 structure MAC
dc46fc2 pkcs12.c better formatting for unsupported params
dae2218 fix OSSL_STORE man pages
7b608d0 Add test cases and docs for ASN1_STRING_TABLE_* functions
e4b1601 Fix async engine pause dead lock in error case.
a58eb06 Add support to free/allocate SSL buffers
0a34525 Fix potential use-after-free and memory leak
e4adad9 Wire SHA3 EVPs and add tests.
91ce87c Add evp/m_sha3.c.
c363ce5 sha/keccak1600.c: build and make it work with strict warnings.
d84df59 crypto/x86_64cpuid.pl: fix typo in Knights Landing detection.
1843787 aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.
d0f6eb1 evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
e3c79f0 sha/asm/keccak1600-avx512.pl: improve performance by 17%.
e0de4dd schlock global variable needs to be volatile
386e916 Fix nid assignment in ASN1_STRING_TABLE_add
cf9f101 Makefile.shared: Make link_shlib.linux-shared less verbose again
83e0d09 test/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'
d07abe1 Simplify Makefile.shared
1a68e5b Improve struct tm population
3d0f1cb Add asn1_time_to_tm function and check days in month
a109982 Update documentation for SSL_is_server()
881f2dd Remove unused function prototypes
909873b Update doc/ca.pod to clarify description for dates
4e9b720 Fix const correctness of EC_KEY_METHOD_get_*
8389ec4 Add --with-rand-seed
0d7903f sha/asm/keccak1600-avx512.pl: absorb bug-fix and minor optimization.
64d92d7 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.
bbb4ceb Support converting cipher name to RFC name and vice versa
b8a437f Fix out-of-bounds read in ctr_XOR
16960a9 typedef's for RAND_DRBG methods
4468b6e Remove trailing whitespace from drbgtest.c
63f483e Rename internal rand.h file
f2766f7 Fix faulty include
4c75ee8 Add range-checking to RAND_DRBG_set_reseed_interval
d76f646 Add keygen test data
1f0fc03 Add keygen test to evp_test
8a3cde7 Typo: should check mgf1md
7475335 Set maskHash when creating parameters.
d5475e3 Remove some dead code
335d0a4 Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
12fb8c3 Add DRBG random method
0299f3f Add some performance notes about early data
2425253 Remove session checks from SSL_clear()
e11b6aa Add a test for SSL_clear()
59ff3f0 Fix SSL_clear() in TLSv1.3
00848ea Tolerate a zero length ticket nonce
6b84e6b Add a test for early_data when an HRR occurs
d4504fe Fix early_data with an HRR
1e3f62a RSA_padding_check_PKCS1_type_2 is not constant time.
ff0426c Remove resolved TODO
daaaa3c Fix bogus use of BIO_sock_should_retry.
c8b9387 Fix TLSv1.3 exporter secret
54e5ba0 Fix use-after-free
f1b8b00 Fix some pedantic warnings.
3ee1eac Standardize apps use of -rand, etc.
e90fc05 Don't use "version" in "OpenSSL Version 1.1.0" etc
20e237c Address Coverity issues.
d212b98 sha/asm/keccak1600-avx2.pl: optimized remodelled version.
91dbdc6 sha/asm/keccak1600-avx2.pl: remodel register usage.
74df8c4 testutil: stanza files are text files, open them as such
1145995 OSSL_STORE "file" scheme loader: check that a DOS device is correctly named
6eaebfa OSSL_STORE "file" scheme loader: check for absolute path in URI later
4c0669d test/recipes/90-test_store.t: Add a few cases with files starting with 'file:'
ae9c39d OSSL_STORE: Treat URIs as files first (with exceptions), then as full URIs
ba476aa OSSL_STORE: spell error reason correctly
346bf1a test/recipes/90-test_store.t: Test absolute files
94437ce test/recipes/90-test_store.t: Rename some functions
da8fc25 Start to overhaul RAND API
71d57be For Windows, use _stat rather than stat
479af76 Fix style in crypto/store/loader_file.c
a87a39d Update PR#3925
f32bf05 Retry SSL_read on ERROR_WANT_READ. This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.
4a60bb1 Fix #946 Add -preserve_dates to x509 app
c784a83 Fix bug in err_string_data_cmp
9ee2720 Remove trailing blanks.
c2500f6 Test cleaning and modernisation
1f06acc Change return (x) to return x
a9a157e Avoid having an unsigned integer decrement below zero.
9e206ce Fix some issues raise by coverity in the tests.
d72a004 Add sanity test for certificate table
cd933eb Move certificate table to header file so it can be tested.
50a3a1f Add additional ECDSA/Ed25519 selection tests.
13cc257 Use cert tables in ssl_set_sig_mask
ebefced make errors
dd24857 Use cert tables instead of X509_certificate_type
52fd27f Use certificate tables instead of ssl_cert_type
7f6b466 Use certificate tables instead of ssl_cipher_get_cert_index.
b8858ae Replace tls12_get_pkey_idx
e4fb8b4 Add SSL_aCERT: this is used for any ciphersuite with a certificate.
c04cd72 Add certificate properties table.
084f9a7 Demo style fixes and modernisation.
6e2e6ed coding style: remove extra whitespace charactor
e0c89df Rewrite RAND_egd
aa8dfbc Fix error handling in get_header_and_data.
e1ca9e1 Fix crash in BUF_MEM_grow_clean.
c7c7a8e Optimize sha/asm/keccak1600-avx2.pl.
29724d0 Add sha/asm/keccak1600-avx2.pl.
a2371fa Trivial bounds checking.
a7ff579 Fix cipher_compare
0425627 Update various RAND podpages
222417e Fix s_client crash where the hostname is provided as a positional arg
dd05bd4 Some SSL_OP_ values can't be used in 1.1.x
4f11c74 Choose a safer value for SSL_OP_ALLOW_NO_DHE_KEX
4e2bd9c Update the documentation for the new SSL_OP_ALLOW_NO_DHE_KEX option
e3c0d76 Do not allow non-dhe kex_modes by default
5159821 Updates following review feedback of TLSv1.3 draft-21 code
8f81476 Update SSL_trace() to know about ticket_nonce
b81bd33 Update the early_secret generation to use the new ticket_nonce field
5a6ff16 Update the test/session.pem to have a tick_nonce value
a19ae67 Update tls13_hkdf_expand() to take the length of the data
de2f409 The correct key length for a TLSv1.3 SHA384 ciphersuite is 48
9b6a825 Send and receive the ticket_nonce field in a NewSessionTicket
07ff590 Update the version number for TLSv1.3 draft 21
9561e2a Fix memory leak when using PSK session files
4549ed1 test/run_tests.pl: Make sure to exit with a code that's understood universally
bfa3480 test/recipes/90-test_shlibload.t: Make sure to handle library renames
984cf15 VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
313fa47 Add sha/asm/keccak1600-avx512.pl.
86ba26c Address potential buffer overflows.
b4df712 change return (x) to return x
ab3e8f6 Rearrange link line so the libraries come after the source. Some linkers like it this way.
1ef4541 Remove some now-unneeded VMS controls
59e539e BIO range checking.
9ee344f Cleanup RAND_load_file,RAND_write_file
60eba30 Memory bounds checking in asn1 code.
eee9552 Bounds check string functions in apps. This includes strcat, strcpy and sprintf.
67fdc99 Add two trivial fixes from old commits
b2ac85a Rework the append_buf function
9a0953e Avoid buffer overruns in the req command line utility.
e2dba64 Fix crash
f48ad5c Undo commit dc00fb9
28f298e Undo commit cd359b2
0791bef Undo commit 40720ce
810ef91 Undo commit de02ec2
f472560 Undo commit 0755217
11d6606 STORE 'file' scheme loader: fix try_decode_params() to check ambiguity
c8feba7 Error out when forcing an unsupported TLS version
7b5b2c4 Improve BN_CTX documentation
b96dba9 Fix small UI issues
67f060a Avoid possible memleak in X509_policy_check()
efc21a5 Fix compiler warnings
0904e79 Undo commit d420ac2
ff281ee Remove the TEST_check macro.
d8ebcf5 Add echo for end of each build phase
59099d6 STORE: fix possible memory leak
43a0449 Use the return value from write(2) This prevents a warning when building with crypto-mdebug.
5ecff87 BN_pseudo_rand is really BN_rand
299c9cb 'make update' after objects/objects.txt update.
4811746 objects/objects.txt: add SHA3 OIDs.
e9c9971 Correct documentation for UI_get0_result_string
b4f2a46 sha/keccak1600.c: internalize KeccakF1600 and simplify SHA3_absorb.
edbc681 sha/asm/keccak1600-x86_64.pl: close gap with Keccak Code Package.
b547aba sha/asm/keccak1600-s390x.pl: typo and readability, minor size optimization.
54f8f9a x86_64 assembly pack: fill some blanks in Ryzen results.
a95d757 Various doc fixes
b43c376 Fix potential crash in tls_construct_finished.
c31ad0b Fix a crash in tls_construct_client_certificate.
4d89bf4 Fix TLSv1.3 exporter
48feace Remove the possibility to disable the UI module entirely
6e2f49b Make sure OSSL_STORE_load() isn't caught in an endless loop
50c9ac0 Fix copyright date for the ARIA evp file.
515b124 Update fuzz corpora
86e6cbd STORE 'file' scheme loader: DNS name in URI is case insensitive
f2da4a4 When apps_startup() fails, exit with a failure code and a message
624265c Cleanup some copyright stuff
1297ef9 Fix build with no-threads no-ec
b5319bd Fix atfork flag.  Avoid double-negatives :)
dcf6e50 Merge Intel copyright notice into standard
5407338 Add ECHO to makefiles for real silence
d8c66f5 Drop support for OPENSSL_NO_TLS1_3_METHOD
2915fe1 Add fork handlers, based on pthread_atfork
5ee4074 STORE: Make sure the loader to be registered is complete
6f9c506 STORE: simplify store_loader_cmp()
0e288c2 util/mkdef.pl: Make symbol version processing Linux only
9c06cf0 util/mkdef.pl: Add UNIX as a platform
7807267 Add sha/asm/keccak1600-s390x.pl.
d6f0c94 sha/asm/keccak1600-x86_64.pl: add CFI directives.
a161384 sha/asm/keccak1600-x86_64.pl: optimize by re-ordering instructions.
a078d9d sha/asm/keccak1600-x86_64.pl: remove redundant moves.
64aef3f Add sha/asm/keccak1600-x86_64.pl.
4c17819 Add internal functions to fetch PEM data from an opened BIO
7852f58 Make it possible to tell the file loader to use secure memory
8530039 Fix double array increment in s_client mysql connect
6fc1d33 STORE 'file' scheme loader: refactor the treatment of matches
f95c439 STORE: Add an entry in NEWS and CHANGES
2fad1dd STORE test recipe: Remove comment refering to OpenConnect
8f507bc Add documentation for the storeutl app
e2e603f Add documentation for STORE functions
fa66949 engine app: print out information on STORE loaders and STORE FILE handlers
f91ded1 STORE: add ENGINE information to loaders
d32e10d Test that storeutl with a directory path works as expected
970f467 STORE 'file' scheme loader: Add directory listing capability
7ad2ef3 STORE 'file' scheme loader: Add handler for encrypted PKCS#8 data
1aabc24 STORE 'file' scheme loader: refactor file_load to support decoding restart
50ecedd STORE: Add a OSSL_STORE_INFO type to help support file handler restarts
6d737ea STORE tests: add PKCS#12 tests
a09003e STORE 'file' scheme loader: add support for the PKCS#12 container
e61ec2d STORE 'file' scheme loader: add support for containers
e1613d9 Add a test that checks the store utility
c403a1d Add a simple store utility command
9c6da42 Add a STORE loader for the "file" scheme
dc10560 Make it possible to peek at BIO data through BIO_f_buffer()
86f7b04 Make asn1_d2i_read_bio accessible from STORE
71a5516 Add the STORE module
c785fd4 Make it possible to refer to ERR_R_UI_LIB
a599574 Updates following review of SSL_export_key_material() changes
e88c40a Update the SSL_export_keying_material() documentation for TLSv1.3
2197d1d Add an SSL_export_keying_material() test
0ca8d1e Update SSL_export_keying_material() for TLSv1.3
519a5d1 Fix sample code
afe9bba crypto/mem.c: on Windows, use rand() instead of random()
eed3ec9 ssl_session_dup() missing ext.alpn_session
3668721 Add dependency on apps/progs.h for test/uitest.o
a2755b1 test/uitest.c's pem_password_cb returned 1 instead of the password length
3816be5 UI_UTIL_wrap_read_pem_callback: make sure to terminate the string received
e041f3b Document the added devcrypto engine in CHANGES
8bd2c65 Comment on the lack of documentation for asymmetric ciphers
4f79aff Adapt for BSD cryptodev.h differences
619eb33 Add new /dev/crypto engine
9a32dcf Add the common error ERR_R_OPERATION_FAIL
f367ac2 Use randomness not entropy
c91ec01 Fix return-value checks in OCSP_resp_get1_id()
0ffdaeb util/mkerr.pl: avoid getting an annoying warning about negative count
4b2799c util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_
4b8515b Rename static global "lock" to "obj_lock"
edea42c Change to check last return value of BN_CTX_get
9e1d5e8 Fix return value checking for BIO_sock_init
e8e5597 Fix inaccurate comments in bn_prime.c
6544a91c tsget.in: remove call of WWW::Curl::Easy::global_cleanup
b996766 Fix no-dsa build again
05594f4 Add tests for deprecated sigalgs with TLS 1.3 ClientHellos
8181377 Fix no-dsa build
d499a3e Add constants for TLS 1.3 SignatureScheme values
6ffeb26 Disallow DSA/SHA1/etc. for pure TLS 1.3 ClientHellos
a163e60 sha/asm/keccak1600-mmx.pl: optimize for Atom and add comparison data.
415248e Add sha/asm/keccak1600-mmx.pl, x86 MMX module.
1e55873 Fix a memory leak in the new TAP filter BIO
404c76f Fix travis clang-3.9 builds
25ffeb1 Fix another EVP_DigestVerify() instance
cfba067 Treat all failures from EVP_DigestVerify() as a bad signature
e390850 Fix the constant time 64 test
019e47c Remove uses of the TEST_check macro.
f13615c Fix OBJ_create() to tolerate a NULL sn and ln
f637382 Fix tls1_generate_master_secret
32bbf77 Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
a69de3f TAP line filter BIO.
906eb3d Configure: give config targets the possibility to enable or disable features
410e8c9 Remove duplicate see also reference to BIO_s_mem.
db17e43 Add OCSP_resp_get1_id() accessor
15b1688 Avoid compiler complaining
23cec1f Add documentation for the SSL_export_keying_material() function
b5cdec2 sha/asm/sha512p8-ppc.pl: add POWER8 performance data.
53ddf7d Add Keccak-1600 modules for PPC64 and POWER8.
9924087 Fix DTLS failure when used in a build which has SCTP enabled
7225720 PSK related tweaks based on review feedback
adfc378 Use constants rather than macros for the cipher bytes in the apps
ca8c71b Add some tests for the new TLSv1.3 PSK code
011d768 Fix some bugs in the TLSv1.3 PSK code
725b0f1 Make the input parameters for SSL_SESSION_set1_master_key const
8ead615 Document SSL_set_psk_find_session_callback() and SSL_CTX equivalent
93a048a Document SSL_set_psk_use_session_callback() and SSL_CTX equivalent
dc87d5a Tweak the client side PSK callback
801d9fb Add documentation for SSL_CTX_set_psk_use_session_callback()
9c39fa1 Document SSL_CIPHER_get_handshake_digest()
267869d Document SSL_SESSION_set_protocol_version()
5eb7273 Document SSL_SESSION_set1_master_key()
7721978 Add documentation for SSL_SESSION_set_cipher()
14e3535 Fix no-psk
5ffff59 Add the ability to set a TLSv1.3 PSK via just the key bytes
5a43d51 Add SSL_SESSION_set_protocol_version()
1a993d1 Add SSL_SESSION_set_cipher()
911d63f Add SSL_SESSION_set1_master_key()
df89494 Add the ability to use a server side TLSv1.3 external PSK in s_server
e261bdd Add the ability to use a client side TLSv1.3 external PSK in s_client
ba4df68 Add a function to get the handshake digest for an SSL_CIPHER
f46184b Add public API functions for setting TLSv1.3 PSK callbacks
9368f86 Add TLSv1.3 client side external PSK support
3a7c56b Add TLSv1.3 server side external PSK support
2556aec Add ecstress test
1d23bbc Add sha/asm/keccak1600-c64x.pl
9018f3c Add constant-time 64
d2916a5 Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.
29b0cab Update test config file
fbe1af9 Add Ed25519 TLS 1.3 and 1.2 tests
60bbed3 Add Ed25519 EE certificates
bc88fc7 Ed25519 support for mkcert.sh
b202155 Allow Ed25519 in TLS 1.2
72ceb6a Convert key exchange to one shot call
03327c8 Print Ed25519 in s_client/s_server
881d2c5 Add Ed25519 to trace output
168067b Handle signature algorithms with no associated digest
3d234c9 Add Ed25519 signature algorithm
b04d4e3 Add Ed25519 to signature algorithm table
07afa3d Add index for ED25519
65e8973 Use X509_get_signature_info to get signature strength.
d3c094c Recognise Ed25519 in X509_certificate_type
c80149d Merge Nokia copyright notice into standard
aa74c2e Reformat progs.pl; add ARIA support
bff951e Remove OSSLzu macros and use %zu in the test framework (via BIO_printf).
05eec39 Ensure a space after colon in enc -v
26dc47f Add parentheses around macro argument of OSSL_NELEM.
aa8f3d7 Modify Sun copyright to follow OpenSSL style
0c9d681 Declare a new x509v3 extension: x509ExtAdmission
8d1598b Fix typo (note by oneton at users.github)
0ea155f Add RAND_UNIMPLEMENTED error code
7447c49 Make clear error message if opt_<number> fails
4f58c6b Address style issues. Refactor count -> c which makes the for loop more readable.
a7b68c5 Address double error and OSSLzu comments.
6e5e196 Put error output back.
8fe3127 Update tests to avoid printf to stdout/stderr when running as test cases.
f39a550 Remove bsd_cryptodev engine
3ac6d5e Fix the fall-out in 04-test_bioprint.t
af6de40 Fix the error handling in ERR_get_state: - Ignoring the return code of ossl_init_thread_start created a memory leak.
9b57977 Fix preprocessor indentation. Rework main() to be in the style of the other conditional tests.
729ef85 s_client accepts host/port as positional argument.
edcdf38 Remove non-accurate description in Configure script
7b4d323 Fix va_list processing in test_note()
93a8b3b Remove a pointless "#if 0" block from BN_mul.
6411927 Reorder Configure output
837f87c Forbid to specify -nextprotoneg if -tls1_3 is enabled
6ea3bca Modify type of variable in OPENSSL_cpuid_setup function
3791646 Add output routines to allow consistent formatting of memory, strings and bignums.  These have been refactored into their own file, along with their error displays.  The formatting follows the output format used on error, except that bignums of sixty four bits or less are displayed in a more compact one line form.
5511101 Add a missing break in test/shlibloadtest.c
f8baec3 Fix the comment about default OPENSSLDIR in windows.
abeb2a6 Tweak the check that a ciphersuite has not changed since the HRR
3b0e88d Add comments to test_ciphersuite_change()
8acc279 Fix an uninitialised variable warning
0de6d66 Move ciphersuite selection before session resumption in TLSv1.3
ca0413a Add a test for a server changing the ciphersuite
a055a88 Allow the server to change the ciphersuite on resume
9b03b91 Add the target 'build_all_generated'
1316c9f Fix no-ec
3ec32be Add apps/progs.h to gitignore
5eb2dd8 Add sha/asm/keccak1600-armv8.pl.
0c3d0d4 Standardize Levitte's dual-license
6a74806 Build apps/progs.h dynamically
c537e74 Move bn and evp test programs input data to their respective data dir
46e5b66 .travis.yml: Detect if 'make update' updated something
5aba2b6 Correct Oracle copyrights & clarify.
594da71 Remove OLD_STR_TO_KEY compile option
5419dad Fix possible crash in X931 code.
5625567 Fix another possible crash in rsa_ossl_mod_exp.
fb0a641 Fix a possible crash in dsa_builtin_paramgen2.
abea494 Fix crash in ecdh_simple_compute_key.
4fc426b Fix a possible crash in the error handling.
4d0eac1 Update copyright on progs.h
188a9bd Fix a memleak in ec_copy_parameters.
150d047 perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions.
481afe2 Make SNI behavior more clear in s_client doc & help
979874a Rework writing crypto/err/openssl.txt
964ff30 Add -module option to util/mkerr.pl
2234212 Clean up a bundle of codingstyle stuff in apps directory
71d8c13 Fix a memleak in tls13_generate_secret.
5816586 Put message strings in state files
1954624 Fix memleak in EVP_DigestSignFinal/VerifyFinal.
0848e01 Refactor functions in testdsa.h
8ea404f Add sslapitest for SSL_early_get1_extensions_present()
193b5d7 Add SSL_early_get1_extensions_present()
0e1e404 TLS 1.3 client sigalgs test no longer needs TLS 1.2
cf34d54 drop some no-longer-relevant TODO(TLS1.3) entries
5c718b9 Remove leading space-before-tab
6bcb417 improve comment: use "optimization" for clarity The previous word was a misspelling of nicety
04e6271 Introduce ASN1_TIME_set_string_X509 API
7aefa75 doc/man3: use the documented coding style in the example code
27b138e Fix spelling errors in manpages
fbaf285 If-guard to avoid null ptr deref in statem_srvr.c
a020f54 Remove needless type casting.
f2582f0 Fix possible usage of NULL pointers in apps/spkac.c
62b0a0d Fix memory leaks in CTLOG_new_from_base64
388d679 mark V_ASN1_PRIMATIVE_TAG as compat
f464f9c fix check of broken implementations of GOST ciphersuites
9ae4e66 Fix speed command for alternation of ciphers and digests.
66e5970 Add support for using engine-backed keys in spkac
bd91e3c Fix a bundle of trailing spaces in several files
9a2dfc0 List undocumented macros
36c4385 Remove stale note from s_server.pod
1c7aa0d Ignore -named_curve auto value to improve backwards compatibility
0b20ad1 Fix a read off the end of the input buffer
135976b Use memset to clear SRP_CTX instead of NULL and zero assignments
e655f54 Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.
0bae196 Clean up s_server documentation
1722496 Remove doc of non-existent functions
6dad1ef sha/asm/keccak1600-armv4.pl: switch to more efficient bit interleaving algorithm.
1360358 sha/keccak1600.c: switch to more efficient bit interleaving algorithm.
d8311fc Add back support for SHA224 based sig algs
edef840 Windows: rearrange programs cleanup
3dce109 Fix possible memory over-read in apps/s_client.c
1c036c6 Fix #340: Parse ASN1_TIME to struct tm
95dd5fb doc: use /* ... */ comments in code examples
d42e775 doc/man3: fix SSL_SESSSION typos
89a01e6 SSL_CTX_set_verify.pod: move a typedef in front of its first usage
32c5770 doc/man3: unindent a few unintended code blocks
e9b7724 doc/man3: reformat the function prototypes in the synopses
61ced34 ERR_put_error.pod: fix the name of function ERR_add_error_vdata()
7a67a3b doc/man3: remove a duplicate BIO_do_accept() call
2947af3 doc/man3: use the documented coding style in the example code
52df25c make error tables const and separate header file
be606c0 Add a lock around the OBJ_NAME table
db0f35d Fix #2400 Add NO_RENEGOTIATE option
270d65f Always flush the BIO when we send any alert
84344ef Handle the server refusing to reneg in a reneg_setup
367c552 sha/asm/keccak1600-armv4.pl: add NEON code path.
56676f8 sha/asm/keccak1600-armv4.pl: add SHA3_absorb and SHA3_squeeze.
5371810 sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.
aabfd32 Add sha/asm/keccak1600-armv4.pl.
1efd98f Fix coding style
09ddb87 Fix doc nits in X509_check_private_key.pod
e514ff0 Set local variable to 0 to avoid build error
6d2523e Add test cases for X509_check_private_key
7b98633 Document X509_check_private_key and relative
bf0d560 Move and update RSA-PSS documentation.
ccd0aea Fix define to match documentation
9d77282 Document default client -psk_identity
720b6cb Avoid failing s_server when client's psk_identity is unexpected
ae269dd Use common STANZA for bn and exp tests
71dd3b6 sha/keccak1600.c: add #ifdef KECCAK1600_ASM.
22f9fa6 sha/keccak1600.c: reduce temporary storage utilization even futher.
1ded2dd sha/keccak1600.c: add another 1x variant.
c83a4db sha/keccak1600.c: add ARM-specific "reference" tweaks.
8fc063d ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
1ee2125 Fix ex_data and session_dup issues
01dfaa0 Add text pointing to full change list.
042597b Work around Travis "virtual memory exhausted" error
5190940 Left shift of a negative number is undefined behaviour
a2d9cfb Added mysql as starttls protocol.
5e44201 Remove unnecessary if condition from apps.c
274d1be Add -p (public only) flag to find-doc-nits
73bc537 Only release thread-local key if we created it.
4a8ab10 Add some OID's from X.520
545360c Add UI functionality to duplicate the user data
72d8b82 Fix coding style in apps/passwd file
3f23390 CLA: trivial
142463c Wait longer for the server in TLSProxy to start
04dec1a Clear sensitive data in ED25519_sign
74e7836 Add Ed25519 documentation
978b700 no-ec fix
4328dd4 Add Ed25519 verify test.
684c41c Add custom sig_info_set for ED25519
9f889cc make errors
9f98fba Add custom ASN.1 sign and verify
b852369 Add ED25519 as signature OID
1e8c4a9 Add RFC8032 tests and additional cases
ca23d3e make errors
42a3008 ED25519 public key method.
a13727e add method
8ecade8 Add ED25519 ASN.1 method
9691a74 Add EdDSA algorithm OIDs from draft-ietf-curdle-pkix-04
d4d001d Make Ed25519 consistent with X25519
06c6d05 Add Ed25519 algorithm.
bbbfee3 make errors
7dd6de9 Allow NULL md for custom signing methods
f723c98 Add support for custom digestsign/digestverify methods.
1f2aff2 sha/keccak1600.c: implement lane complementing transform
0dd0be9 sha/keccak1600.c: implement bit interleaving optimization.
2bcb232 Add stricter checking in NAME section
e92947d fixing incorrect OID of signingCertificateV2 Reviewed-by: Kurt Roeckx <kurt at openssl.org> Reviewed-by: Rich Salz <rsalz at openssl.org> (Merged from https://github.com/openssl/openssl/pull/3538)
3bbecb0 Fix certificate version number in test
aef4926 Revert "Add internal functions to fetch a refcount"
c27bc74 Correct small typo in CRYPTO_GET_REF
6891a79 Add internal functions to fetch a refcount
df578aa Fix spelling errors in CMS.
b72668a Fix a Proxy race condition
7f7eb90 Update the pyca-cryptography version
dffdcc7 Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
418bb7b Fix use of "can_load()" in run_tests.pl.
e3d378b test/evp_test.c: improve output in case of errors.
14bb100 modes/ocb128.c: address undefined behaviour warning.
f83409a aria/aria.c: address undefined behaviour warning in small-footprint path.
6061f80 Add missing commas in pod files
10a1ec4 Fix BoringSSL alert related test failures
4769581 Document that HMAC() with a NULL md is not thread safe
867a917 Updates CHANGES and NEWS for new release
cff85f3 Document that PKCS#12 functions assume UTF-8 for passwords
789d6dd Clarify what character encoding is used in the returned UI strings
dd59187 Fix va_arg all in test_error_c90
c49e0b0 Revise evp_test parser; make like bn_test
5a7bc0b Add titles to groups of EVP tests
281313e Fix line numbering for errors.
caf2b6b Don't use one shot API for SSLv3.
719b289 Fix typo in doc/man3/EVP_EncrypInit.pod
67a8c10 Revert "Integration build a small memory image"
42bd7a1 Add an error to the stack on failure in dtls1_write_bytes()
b77f3ed Convert existing usage of assert() to ossl_assert() in libssl
a89325e Fix some style issues in returns
380a522 Replace instances of OPENSSL_assert() with soft asserts in libssl
98d132c Add a macro for testing assertion in both debug and production builds
7ac5b84 Reformat the string output to be more in line with the decisions made in #3465
3216f96 Bring the memory output inline with the suggestions in #3465.
2b10cb5 Fixed merge nonsense
b1a3030 Newlines!
c9cf4bc Update the test to assert that the SCT is from an X.509 extension
2d8e9db Style fixes and use the source parameter so the OCSP path works
8dcb87f This is an int
8368a3a Don't use a for-loop decleration
3a490bb Fixed #3020 -- set entry type on SCTs from X.509 and OCSP extensions
e2580e7 Integration build a small memory image
fee423b Fix the mem_sec "small arena"
a486561 test/secmemtest.c: clarify limitations for huge secure memory arena test.
0e83981 Fix srp app missing NULL termination with password callback
48b5352 -inkey can be an identifier, not just a file
c80bbcb test/run_tests.pl: don't mask test failures.
e2c1aa1 test/test_test.c: fix wrong BN test [and rearrange tests a little bit].
c8e89d5 Tweak sec_mem tests
2117a73 move comments to same line as fields
f513a8a Add test data for EVP_DigestSign/EVP_DigestVerify tests.
7b22334 Add test support for "oneshot" versions EVP_DigestSign, EVP_DigestVerify.
75726fe Add tests in evp_test for EVP_Digest{Sign,Verify}{Init,Update,Final}
1514f7c Move engines/afalg to engines
a0a760c remove duplicate tests
1bb6b50 Add tests
c3fc7d9 Add support for multiple update calls in evp_test
aabe3a3 Fix return code in tls1_mac
ffbaf06 Reformat the output of BIGNUMS where test cases fail.
5ec3210 Fix endless loop on srp app when listing users
9bfeeef Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
6944311 Make SSL_is_server() accept a const SSL
fb34a0f Try to be more consistent about the alerts we send
d8028b2 Fix EXT_RETURN usage for add_key_share()
a74341f Fix typo in INSTALL file
de34966 Fix compile error/warning in packettest.c
964f278 Add a test for a missing sig algs extension
108d45d Allow a missing sig algs extension if resuming
355a0d1 Add a new unsolicited extension error code and add enum tag
56c2a6d Add tests for unsolicited extensions
b186a59 Fail if we receive a response to an extension that we didn't request
7a94f5b Remove notification settings from appveyor.yml
bd990e2 Don't allow fragmented alerts
e1cfd18 Use BIO not FILE for test file
007d272 Document the history of BIO_gets() on BIO_fd().
bd4639b Document that BIO_gets() preserves '\n'.
79b3522 Do not eat trailing '\n' in BIO_gets for fd BIO.
62f218c INSTALL: Remind people to read more if they added configuration options
a3cb4cf INSTALL: clarify a bit more how Configure treats "unknown" options
4861933 Update one CI test to use randomised ordering.
5584fd7 Randomise the ordering of the C unit tests.
e0011aa Review feedback; use single main, #ifdef ADD_TEST
bdd07c7 Convert shlibloadtest to new framework
1d0f116 Add "Title" directive to evp_test
80a2fc4 Clean up SSL_OP_* a bit
33242d9 Use scalar, not length; fixes test_evp
e195c8a Remove filename argument to x86 asm_init.
07fbdfe Rename evptests.txt to evppkey.txt
6b7b343 Split test/evptests.txt into separate files.
7031dda Fix infinite loops in secure memory allocation.
b57f0c5 Clean away needless VMS check
74a011e Cleanup - use e_os2.h rather than stdint.h
0b10da8 testutil: Fix non-standard subtest output
46fcbf7 evp_test: use the test file name as the test title
b73c5e0 testutil: add the possibility to set the current test title
018fcbe Fix gcc-7 warnings. - Mostly missing fall thru comments - And uninitialized value used in sslapitest.c
69b4c01 Unclash clashing reason codes in ssl.h
7193f87 Use compare_mem wrapper
4124860 Address some feedback
6c5943c Convert of evp_test to framework
888adbe Fix regression in openssl req -x509 behaviour.
3f97052 Remove dead code.
9010b7b Add some extra comments following alert changes
26b9172 Add some checks for trailing data after extension blocks
b6fdc12 Send a missing_extension alert if key_share/supported groups not present
fc4c15f TLSv1.3 alert and handshake messages can never be 0 length
0b367d7 TLSv1.3 alerts cannot be fragmented and only one per record
3c544ac Check that a TLSv1.3 encrypted message has an app data content type
2d87122 Send an illegal parameter alert if the update type in a KeyUpdate is wrong
1a281aa Ensure we fail with a decode error alert if the server sends and empty Cert
f69fe73 Fix more alert codes
ef57a47 Verify that there is no trailing data after the extensions block
721586e Fix some alert codes
f66f8a4 Reject unknown warning alerts in TLSv1.3
c2bdf05 make update
7539418 Add EVP_DigestSign and EVP_DigesVerify
4f2a569 Clarify that a test failed
bb616fa Add a descriptive header to diff output from failed tests.
05004f3 Ignore MSVC warnings (via Gisle Vanem)
bb01ef3 Add a test for SNI in conjunction with custom extensions
2118188 Copy custom extension flags in a call to SSL_set_SSL_CTX()
cf53cbe Fix 'no-ec'
76e0d0b Prefer TAP::Harness over Test::Harness
03d8e9c Add test_test tests for bignums. Add relative tests for bignums.
dc352c1 Add BN support to the test infrastructure.
5e3766e Add test for no change following an HRR
66d4bf6 Verify that if we have an HRR then something will change
c96ec6f More TLSv1.3 cookie tests
7b1ec1c Fix HRR bug
07d447a Don't do the final key_share checks if we are in an HRR
ad448b2 Fix some copy&paste errors and update following review feedback
db48a90 Add some badly formatted compression methods tests
1fe3549 Verify that only NULL compression is sent in TLSv1.3 ClientHello
068e3d7 Fix an s_server infinite loop
fa3ed5b Add unit test for PEM_FLAG_ONLY_B64
44612e0 Make PEM_read_{,bio_}PrivateKey use secmem
7671342 Add PEM_bytes_read_bio_secmem()
204afd8 Add PEM_read_bio_ex
d396da3 Added a new Makefile in demos/evp directory Fixed compilation warning in file aesgcm.c
e091367 Update the message callback documentation
ad5100b Add support to SSL_trace() for inner content types
eee2750 Remove support for OPENSSL_SSL_TRACE_CRYPTO
12635aa Updates to supported_groups following review feedback
de65f7b Add a test for supported_groups in the EE message
6af8754 Send the supported_groups extension in EE where applicable
218712f test/recipes/95-test_*.t : correct skip_all syntax
b83ace3 Rearrange test/recipes/95-test_*.t to use skip_all
2db85ac Conversion of the EC tests to use the framework. Some refactoring done as well.
ce1932f sha/sha512.c: fix formatting.
c47aea8 perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
c0b4ff1 Remove some out of date text inadvertently left behind
fee6552 Remove outdated and unsupported CHIL engine
1d3235f Fix pathname errors in errcode file
292247e Fix tests of TEST tests, as it were
516deca Test framework output improvement.
7104351 test/exptest.c: stop marking progress with a period
7a4e6a1 Updates to serverinfo fix based on review feedback
16afd71 Add a test for loading serverinfo data from memory
bade29d Fix SSL_CTX_use_serverinfo_ex() et al to properly handle V1 data
bb78552 Revert "Fix clang compile time error"
689f112 Don't leave stale errors on queue if DSO_dsobyaddr() fails
de6ac50 Fix an uninit read in igetest
1608d65 Fix clang compile time error
37192a9 Fix curly braces on util/mkrc.pl
199b246 Run perltidy, use strict+warnings on mkrc.pl
5038e32 Perltidy ck_errf
ce1e11b Remove some unused scripts
1f6359d Update tls13secretstest test vectors for TLSv1.3 draft-20
198d502 Update the TLSv1.3 version indicator for draft-20
17aa119 Update the HKDF labels for draft-20
96c9aee Limit padded record to max plaintext
47f7cf0 Update the documentation for "Groups" and "Curves"
863fe19 Add the -groups option to s_server/s_client
6d9d801 Update serverinfo documentation based on feedback received
f233a9d Clarify serverinfo usage with Certificate messages
fb29c0f Document the new SSL_CTX_use_serverinfo_ex() function
2698bbf Add an SSL_ prefix to SERVERINFOV2 and SERVERINFOV1
c3a48c7 Add a test for CT in TLSv1.3
b878afa Add a SERVERINFOV2 format test file
7f533d6 Only send custom extensions where we have received one in the ClientHello
84c34ba Extend the SERVERINFO file format to include an extensions context
f0ef20b Added support for ESSCertIDv2
0e53433 Update igetest to use the test framework.
c41048f Convert uses of snprintf to BIO_snprintf
75a3e39 Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
33564cb Fix comment around safari fingerprint check
dea0eb2 Fix URL links in comment
e5db7fc Add some man page cross-references
1f9d203 Convert danetest, ssl_test_ctx_test
c649d10 TLS1.3 Padding
20ee2bf Fix time offset calculation.
ee6b68c Fix a stack smash
96db269 Remove duplicates from clang_devteam_warnings
f44903a Address some -Wold-style-declaration warnings
560ad13 Add -Wextra to gcc devteam warnings
1ff86c5 test/asn1_encode_test.c: test "next negative minimum" corner case.
1e93d61 asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
595b2a4 Check fflush on BIO_ctrl call
5cc9776 Update the pyca-cryptography submodule to version 1.8.1
9a837f2 Ensure blank lines between tests.
f5a140f Refactor crltest.c to separate the test cases into individual functions.
0918b94 testutil: Remove test_puts_std{out,err}, they are superfluous
68e49bf testutil: Add OpenSSL error stack printing wrapper TEST_openssl_errors
603ddbd testutil: Add commodity printing functions test_printf_std{out,err}
c5657cb testutil: make subtest_level() internal
579d0fa testutil: Move printing function declarations to "internal" header
36b2cfb Add checks on return code when applying some settings. Remove hardcoded bound checkings.
6788785 Output prog name within error message
28e5ea8 Add a 'max_send_frag' option to configure maximum size of send fragments
9ff2ceb Fix s_client when no-dtls
8f3f962 Fix a pedantic gcc-7 warning.
46d5e2b TLSProxy: When in debug mode, show the exact subprocess commands
f2150cd Remove (broken) diagnostic print
b12ae4a fuzz/{client,server}.c: omit _time64 "overload method".
11ba87f Ensure s_client sends an SNI extension by default
37659ea Add parentheses on public macros where appropriate. Fixes #3063.
237bc6c Remove unnecessary loop in pkey_rsa_decrypt.
cf10df8 Fix ISO C function/object pointer issue
710756a Convert sslapitest to test framework
30bea14 Convert bntest to TEST_ framework
e596c68 Return success in custom_ext_parse_old_cb_wrap if parse_cb is NULL
8ed9a26 Convert dtls_mtu_test, dtlsv1listentest
aa24cd1 Fix no-ec
8e1634e Don't treat PACKET_remaining() as boolean
bf5c84f Break before && operator
735d5b5 Call init and finalization functions per extension message
b896466 Clarify that SSL_CTX_remove_session() marks a session as non-resumable
5b3e5f0 More SSL_SESSION documentation tweaks based on feedback
35ea9ed Tweak SSL_get_session.pod wording
150840b Always duplicate the session on NewSessionTicket in TLSv1.3
6ff7149 Documentation updates for TLSv1.3 sessions
e586eac Add support for SSL_SESSION_is_resumable()
3348fc7 Remove TLS1.3 TODO around testing for session id length
b6e3250 Fix unit-tests when no-srp configured
58e754f Convert modular exponentiation tests to new framework
975922f Add tests for version/ciphersuite sanity checks
38a7315 Add a ciphersuite config sanity check for servers
aafec89 Add a ciphersuite config sanity check for clients
bf846a6 Don't overwrite the alert value if there is no alert to send
d91b742 evp_test.c: Add PrivPubKeyPair tests
dd05be5 test: don't make it more complicated than necessary.
b69ae44 make update
2f7a252 Update documentation
451a0c3 Add PSS certificate signature tests
9bf45ba Add certificates with PSS signatures
629e369 Add custom sig_info setting for RSA-PSS
c3c8823 Use X509_get_signature_info() when checking security levels.
786dd2c Add support for custom signature parameters
7531b3a Tapify libtestutil a bit better
4114f8f Add include path '..' for libtestutil
b5c4209 Switch command-line utils to new nameopt API.
645c694 Ignore all .a files, not just the top ones
19044d3 Add documentation for the -sctp option in command line apps
d88ab35 Correct some badly formated preprocessor lines
a5eef31 Add guards around one of use of IPPROTO_SCTP where it was missing
208d721 TAPify testutil
65d6248 openssl enc: Don't unbuffer stdin
f7b3cb2 Fix doc-nits issue
561f6f1 Address review feedback for the SCTP changes
ce466c9 Fix issue in 18-dtls-renegotiate.conf.in
e829142 Document BIO_lookup_ex()
c90da92 Fix some variable references in init_client
0f5df0f Add SCTP testing for 04-client_auth.conf
cf15600 Add SCTP testing for 11-dtls_resumption.conf
00da4f4 Add SCTP testing to 07-dtls-protocol-version.conf
4ef8a6b Add SCTP testing to 18-dtls-renegotiate.conf
978b945 Add SCTP testing to 16-dtls-certstatus.conf
83964ca Add support to test_ssl_new for testing with DTLS over SCTP
41b3c9c Fix problem with SCTP close_notify alerts
aefb925 Don't attempt to send fragments > max_send_fragment in DTLS
bd79bcb Remove special case code for SCTP reneg handling
c4666bf Ask libssl if we should retry not the socket
dcf88c5 Add better error logging if SCTP AUTH chunks are not enabled
8ccc237 Add a -sctp option to s_client
72d0bc8 Add a -sctp option to s_server
5114d82 Add a BIO_lookup_ex() function
b3c42fc Fix typo in OPENSSL_LH_new compat API
f044cd0 Avoid using BIO streams in bioprinttest.c
a9c6d22 Adapt all test programs
b3e5db4 VMS: Make sure to include MAIN from static libraries if needed
4db40c9 Refactor the test framework testutil
20626cf Add CRYPTO_mem_leaks_cb
3310581 Make it possible to build static-only libraries
a68d350 check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
8af91fd Don't fail the connection in SSLv3 if server selects ECDHE
dd94c37 Converted the bio_enc tests to use new test framework.
26fb4b0 if log fails, avoid pms getting double free
cb2a6eb Typo fix in Configurations/descrip.mms.tmpl
e8d5421 Annotate ASN.1 attributes of the jurisdictionCountryName NID
7572642 Port Ben's parallell Makefile hack to VMS
f919c12 Port Ben's parallell Makefile hack to Windows
7643a17 Fixed typo in X509_STORE_CTX_new description
8b24f94 Numbers greater than 1 are usually non-negative.
dc99b88 Add ARIA 32-bit implementation
6e64c56 Small primes are primes too.
c045224 Ignore dups in X509_STORE_add_*
0444c52 explicitText encoding
623d105 Convert hmactest to new test framework
9d9d287 fix dh_test.
112c4e0 Fix test/recipes/95-test_external_krb5.t
27fc8ae VMS: remove name mangling guards around inclusion of internals
f46f69f VMS: Copy DECC inclusion epi- and prologues to internals
424aa35 Change 64-bit time type for windows
d1186c3 Fix minor compiler issues.
87b8149 Document Next Protocol Negotiation APIs
93d0298 Convert dhtest, dsatest, cipherbytes_test
edd689e VMS: Fix internals test programs
19eaee7 VMS: Fix the passing of cflags for things not being installed
adcd8e3 Convert more tests
f3ab6c1 Update more tests
3304d57 Convert more tests to framework
b66411f Convert more tests
0fef744 [extended tests] Enable krb5 tests in Travis
483bc2d Fix formatting of PYCA external test instructions
77edd02 Update external test README for running krb5
7c82f56 Add external krb5 test support
800b5da update docs because depth refers only to intermediate certs
786b6a4 asn1/a_int.c: clean up asn1_get_int64.
5c8e9d5 [squash]Build works with/out NO_ENGINE and NO_AFALG
5292439 Convert afalgtest
0c44545 Catch EC_R_UNKNOWN_GROUP in check_unsupported()
ff54cd9 Optionally check for early data
14a6570 Use a fixed time when fuzzing.
930aa9e Document how to update the corpus.
b534df9 Make x509 and asn1 fuzzer reproducible
644fb11 Switch libfuzzer to use trace-pc-guard
cad3f9d Add -f -r flags to find-unused-errs
7db0289 Reformat evptests.txt
a81c33e Remove ecdhtest.c
821d6c6 ecdhtest.c: move co-factor ECDH KATs to evptests
4afc606 WIP: Convert ui,v3ext,verify_extra_test
80b06b0 Fix unit tests when no-bf configured
b997adb asn1/a_int.c: don't write result if returning error.
6d4321f asn1/a_int.c: simplify asn1_put_uint64.
a3ea6bf asn1/a_int.c: remove code duplicate and optimize branches,
93f725a testlib/OpenSSL/Test.pm: keep default input private.
d063add Guarantee single argument evaluation for test macros. Add test case that checks some of them.
a24c1e2 Update the internal siphash tests to use the framework's output.
026aebb Split the CAST tests up.
9612e15 ASN.1: adapt our use of INTxx et al by making them explicitely embedded
da26ff3 ASN.1: change INTxx, UINTxx and Z variants to be embedable
49005bb ASN.1: extend the possibilities to embed data instead of pointers
8edefd7 Test printing of ASN.1 types INTxx et al
3bb0f98 OCSP Updates: error codes and multiple certificates
2da3f96 Correct travis.yml to only build extended tests when explicitely asked to
6a71e06 CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
2094ea0 Add SSL tests for certificates with embedded SCTs
f1e793c Address review feedback (to be squashed)
e2a29ad Convert x509aux, cipherlist, casttest
f75f007 OpenSSL::Test: supported filtered command output
e80a0f6 Remove more stale code in ecdhtest.c
29cbf15 ecdhtest.c: move KATs to evptests.txt
5c64c1b Remove stale code in ecdhtest.c
d663c2d ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
c491a39 Update destest to use the test infrastructure
a743b81 test/testutil.c: Flush stdout when running tests
4833cae Remove fprintfs from the poly1305 internal test but keep the test number information.
ee25dd4 Update threadstest to use the test framework
bea4ac2 Update the internal chacha test to use the framework Reviewed-by: Richard Levitte <levitte at openssl.org> Reviewed-by: Matt Caswell <matt at openssl.org> (Merged from https://github.com/openssl/openssl/pull/3195)
c983bc4 Add tests of custom negative 1
9fea3a5 Fix definition of i2d_fn in asn1_encode_test.c
fa2274e In asn1_encode_test.c, add custom DER encoding checks
cbf0cfa Update sanitytest to use the test infrastructure
deeac6c  Update ideatest to use the test infrastructure
7635e5b Update gmdifftime to use the test infrastructure
789dfc4 Update secmemtest and memeleaktest to use the test infrastructure.
f586422 Update d2i_test to use the test infrastructure
0bf3c66 Remove unused variable. Thanks @pauli-oracle
56bf5c5 Code review. Split tests up
70e1acd Convert blowfish tests to new framework
b19e93e Remove seed completely...
14281c4 Updates after code review
48f1739 Convert RSA tests to new framework
74284c8 Update rc4test to use the test infrastructure
7f13fad Update rc5test to use the test infrastructure
850b55a Update mdc2test to use the test infrastructure
e49429a  Update sha1test to use the test infrastructure
f46074c  Update sha256t and sha512t to use the test infrastructure
eb16fc8 Convert exdata tests to new test framework
487a73d Added error checking for OBJ_create
a105d56 Convert clienthellotest for the new test framework
c791079 Convert asynciotest for the new test framework
829b2b8 Convert bad_dtls_test for the new test framework
429223d Fix x_int64.c
afd7cae Fix int64 test of t_4bytes_4_neg
fe55c4a Remove ECDH(E) ciphers from SSLv3
cbbe918 Additional check to handle BAD SSL_write retry
0856e3f Reject decoding of an INT64 with a value >INT64_MAX
745dec3 Update dtlstest to use the test infrastructure
524080c Update md2test to use the test infrastructure
05d7752 Update rc2test to use the test infrastructure
298f40e Make test marcos for true/false checks reliable for all integral types.
8313a78 Allow an ALPN callback to pretend to not exist
f120fa1 Fix util/mkdef.pl
e361a7b Add a note in CHANGES
676cc3a Act on deprecation of LONG and ZLONG, step 3
6a32a3c Act on deprecation of LONG and ZLONG, step 2
31ae516 Act on deprecation of LONG and ZLONG, step 1
7eb4c1e Discourage the use of LONG and ZLONG, and deprecate it in the future
64f11ee Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
ce57ac4 rand/rand_lib.c: keep fixing no-engine configuration.
e128f89 asn1/x_long.c: remove conditions in inner loops and dependency on BN.
3de47fb appveyor.yml: split {build,test}_scripts to avoid exit code masking.
2f61bc2 Use 'over 2' for bullet lists.
e1271ac Standardize on =over 4 and check for it.
8c32663 Add missing =back
5a3371e Check for L<foo|foo>
79b4c80 Make default_method mostly compile-time (cont'd)
076fc55 Make default_method mostly compile-time
2f881d2 Fix rand_lib.c for no-engine configuration
a273157 Fix a test failure when configured without TLSv1.3
0f5af6b Remove an out of date TODO
787d9ec Create an ENDPOINT enum type for use internally
cd17bb1 Prefix custom extension API callback types with SSL_
64350ab Various style tweaks based on feedback
314aec0 Add documentation for the new custom extensions API
a37008d Add some tests for the new custom extensions API
43ae5ee Implement a new custom extensions API
fe874d2 Move the extensions context codes into the public API
b443c84 Move ssl/t1_ext.c to ssl/statem/extensions_cust.c
789a2b6 Don't try to clean up RAND from ENGINE
87975cf Make getting and setting the RAND default method thread safe
005f676 e_os2.h: Refine OSSL_SSIZE definition under UEFI environment
9dfc5b9 Add support for MLOCK_ONFAULT to secure arena
5006b37 In rand_cleanup_int(), don't go creating a default method
5748e4d Fix test/asn1_encode_test.c, ASN1_LONG_DATA used inappropriately
1bc563c Configurations/README: reword bn_ops description.
b7438b4 Configure: recognize -framework as linker option [on Apple OSes].
b98530d PBKDF2 computation speedup (15-40%)
79b3452 Fix faulty check of padding in x_long.c
8ac6a53 Fix a possible integer overflow in long_c2i
37332ec Add a test of encoding and decoding LONG, INT32, UINT32, INT64 and UINT64
66ecfb5 Convert SSL_SESSION_ASN1 to use size specific integers
5c7e654 make update
93f7d6f Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
8edb4ee update ordinals
5a18572 Document new ssl(3) functions and options.
25a9fab Add certificate_authorities tests client to server.
f15b50c Add ExpectedServerCANames
86135be Constify SSL_dup_CA_list()
5969a2d Print CA names in s_server, add -requestCAfile to s_client
9784ec0 Don't use client specific functions to retrieve CA list
d2add50 Add requestCAfile option
3578020 Add extensions to debug list
be885d5 SSL_CONF support for certificate_authorities
fa7c263 New certificate_authorities functions
18d20b5 Ensure dhparams can handle X9.42 params in DER
ff79a24 Add missing macros for DHxparams
508fafd Add documentation for SSL_get_server_tmp_key()
090c811 Fix calls to SSL_get_server_tmp_key() in TLSv1.3
a0cb628 Tweak a style issue
90049ce Add a test for the problem fixed by the previous commit
bbea9f2 Restore s->early_data_state with the original value
f8a303f Update early data test for an even later arrival of CF
59cebcf Don't handle handshake messages when writing early data on server
a8e75d5 Fix a typo in the SSL_get_max_early_data() declarations

Build log ended with (last 100 lines):

../../openssl/test/recipes/25-test_x509.t ..................... ok
../../openssl/test/recipes/30-test_afalg.t .................... ok
../../openssl/test/recipes/30-test_engine.t ................... ok
../../openssl/test/recipes/30-test_evp.t ...................... ok
../../openssl/test/recipes/30-test_evp_extra.t ................ ok
../../openssl/test/recipes/30-test_pbelu.t .................... ok
../../openssl/test/recipes/30-test_pkey_meth.t ................ ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok
../../openssl/test/recipes/40-test_rehash.t ................... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok
../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok
../../openssl/test/recipes/60-test_x509_store.t ............... ok
../../openssl/test/recipes/60-test_x509_time.t ................ ok
../../openssl/test/recipes/70-test_asyncio.t .................. ok
../../openssl/test/recipes/70-test_bad_dtls.t ................. ok
../../openssl/test/recipes/70-test_clienthello.t .............. ok
../../openssl/test/recipes/70-test_comp.t ..................... ok
../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled
../../openssl/test/recipes/70-test_packet.t ................... ok
../../openssl/test/recipes/70-test_recordlen.t ................ ok
../../openssl/test/recipes/70-test_renegotiation.t ............ ok
../../openssl/test/recipes/70-test_servername.t ............... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok
../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok
../../openssl/test/recipes/70-test_sslextension.t ............. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/6 subtests 
	(less 1 skipped subtest: 4 okay)
../../openssl/test/recipes/70-test_sslmessages.t .............. ok
../../openssl/test/recipes/70-test_sslrecords.t ............... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok
../../openssl/test/recipes/70-test_sslsignature.t ............. ok
../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok
../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled
../../openssl/test/recipes/70-test_sslvertol.t ................ ok
../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled
../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled
../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled
../../openssl/test/recipes/70-test_tlsextms.t ................. ok
../../openssl/test/recipes/70-test_verify_extra.t ............. ok
../../openssl/test/recipes/70-test_wpacket.t .................. ok
../../openssl/test/recipes/80-test_ca.t ....................... ok
../../openssl/test/recipes/80-test_cipherbytes.t .............. ok
../../openssl/test/recipes/80-test_cipherlist.t ............... ok
../../openssl/test/recipes/80-test_ciphername.t ............... ok
../../openssl/test/recipes/80-test_cms.t ...................... ok
../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build
../../openssl/test/recipes/80-test_dane.t ..................... ok
../../openssl/test/recipes/80-test_dtls.t ..................... ok
../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok
../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok
../../openssl/test/recipes/80-test_ocsp.t ..................... ok
../../openssl/test/recipes/80-test_pkcs12.t ................... ok
../../openssl/test/recipes/80-test_ssl_new.t .................. ok
../../openssl/test/recipes/80-test_ssl_old.t .................. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok
../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok
../../openssl/test/recipes/80-test_tsa.t ...................... ok
../../openssl/test/recipes/80-test_x509aux.t .................. ok
../../openssl/test/recipes/90-test_asn1_time.t ................ ok
../../openssl/test/recipes/90-test_async.t .................... ok
../../openssl/test/recipes/90-test_bio_enc.t .................. ok
../../openssl/test/recipes/90-test_constant_time.t ............ ok
../../openssl/test/recipes/90-test_gmdiff.t ................... ok
../../openssl/test/recipes/90-test_ige.t ...................... ok
../../openssl/test/recipes/90-test_memleak.t .................. ok
../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds
../../openssl/test/recipes/90-test_secmem.t ................... ok
../../openssl/test/recipes/90-test_shlibload.t ................ ok
../../openssl/test/recipes/90-test_srp.t ...................... ok
../../openssl/test/recipes/90-test_sslapi.t ................... ok
../../openssl/test/recipes/90-test_sslbuffers.t ............... ok
../../openssl/test/recipes/90-test_store.t .................... ok
../../openssl/test/recipes/90-test_threads.t .................. ok
../../openssl/test/recipes/90-test_time_offset.t .............. ok
../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build
../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build
../../openssl/test/recipes/90-test_v3name.t ................... ok
../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration
../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration
../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration
../../openssl/test/recipes/99-test_ecstress.t ................. ok
../../openssl/test/recipes/99-test_fuzz.t ..................... ok

Test Summary Report
../../openssl/test/recipes/70-test_sslextension.t           (Wstat: 256 Tests: 6 Failed: 1)
  Failed test:  5
  Non-zero exit status: 1
Files=136, Tests=1114, 231 wallclock secs ( 1.45 usr  0.23 sys + 89.33 cusr  6.25 csys = 97.26 CPU)
Result: FAIL
Makefile:167: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-ct'
Makefile:165: recipe for target 'tests' failed
make: *** [tests] Error 2

More information about the openssl-commits mailing list