[openssl-commits] [openssl] master update
The branch master has been updated via 88ea3685e4bf30fc529fe46e19effc6317726de8 (commit) from 9dfc868025721873952f7765e59ae9fee45a276a (commit) - Log - commit 88ea3685e4bf30fc529fe46e19effc6317726de8 Author: Richard Levitte Date: Wed Sep 12 02:06:26 2018 +0200 crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined Fixes #7186 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7193) --- Summary of changes: crypto/sm2/sm2_sign.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index e594ffd..0f9c14c 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -12,6 +12,7 @@ #include "internal/sm2.h" #include "internal/sm2err.h" #include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "internal/numbers.h" #include #include #include _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.19857
Build openssl master.19857 failed Commit 28689d4452 by Richard Levitte on 9/11/2018 11:37 PM: Refactor util/mkdef.pl for clearer separation of functionality Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9dfc868025721873952f7765e59ae9fee45a276a (commit) via bec2db1809df52f6e6548e7e883cdc7fec79964a (commit) via 609e4be88e63e489c32438b3b0872fd891829301 (commit) from d6b345708f8f8a04fdb5ca2e58a953b7fec461e1 (commit) - Log - commit 9dfc868025721873952f7765e59ae9fee45a276a Author: Richard Levitte Date: Mon Sep 10 02:28:39 2018 +0200 Build files: Separate 'lib' intent from 'shlib' intent This is in preparation for having separate CFLAGS variables for static and for shared library builds. Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7159) commit bec2db1809df52f6e6548e7e883cdc7fec79964a Author: Richard Levitte Date: Mon Sep 10 02:21:40 2018 +0200 Configure: Name object files according to the product they are part of This will allow to have different object files for different products, even if they share the same source code, and possibly different builds for those different object files. For example, one can have something like this: SOURCES[libfoo]=cookie.c INCLUDES[libfoo]=include/foo SOURCES[libbar]=cookie.c INCLUDES[libbar]=include/bar This would mean that the object files and libraries would be build somewhat like this: $(CC) -Iinclude/foo -o libfoo-lib-cookie.o cookie.c $(AR) $(ARFLAGS) libfoo.a libfoo-lib-cookie.o $(CC) -Iinclude/bar -o libbar-lib-cookie.o cookie.c $(AR) $(ARFLAGS) libbar.a libbar-lib-cookie.o Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7159) commit 609e4be88e63e489c32438b3b0872fd891829301 Author: Richard Levitte Date: Mon Sep 10 02:18:22 2018 +0200 Configure: DON'T trickle down includes from products to sources Instead, use the include settings from the products later in the process, making it possible to have different includes for two different libraries that share the same source code. Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7159) --- Summary of changes: CHANGES | 5 ++ Configurations/common.tmpl | 17 +++-- Configurations/descrip.mms.tmpl | 19 +++-- Configurations/unix-Makefile.tmpl| 3 + Configurations/windows-makefile.tmpl | 10 ++- Configure| 136 --- 6 files changed, 146 insertions(+), 44 deletions(-) diff --git a/CHANGES b/CHANGES index 657f0cf..fab0af4 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,11 @@ http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf [Paul Dale] + *) Rename the object files, i.e. give them other names than in previous + versions. Their names now include the name of the final product, as + well as its type mnemonic (bin, lib, shlib). + [Richard Levitte] + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] *) Add a new ClientHello callback. Provides a callback interface that gives diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl index 180621e..94e4931 100644 --- a/Configurations/common.tmpl +++ b/Configurations/common.tmpl @@ -82,7 +82,8 @@ generator_incs => $unified_info{includes}->{$script}, generator_deps => $unified_info{depends}->{$script}, deps => $unified_info{depends}->{$src}, - incs => $unified_info{includes}->{$obj}, + incs => [ @{$unified_info{includes}->{$obj}}, + @{$unified_info{includes}->{$bin}} ], %opts); foreach (@{$unified_info{depends}->{$src}}) { dogenerate($_, $obj, $bin, %opts); @@ -103,7 +104,8 @@ product => $bin, srcs => $unified_info{sources}->{$obj}, deps => $unified_info{depends}->{$obj}, - incs => $unified_info{includes}->{$obj}, + incs => [ @{$unified_info{includes}->{$obj}}, + @{$unified_info{includes}->{$bin}} ], %opts); foreach ((@{$unified_info{sources}->{$obj}}, @{$unified_info{depends}->{$obj}})) { @@ -123,8 +125,7 @@ unless ($disabled{shared} || $lib =~ /\.a$/) { $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib}, lib => $lib, - objs => [ @{$unified_info{shared_sources}->{$lib}}, -
[openssl-commits] [openssl] master update
The branch master has been updated via d6b345708f8f8a04fdb5ca2e58a953b7fec461e1 (commit) from f88b9b79152b48541b780dfd30bb34e1c7a91e1b (commit) - Log - commit d6b345708f8f8a04fdb5ca2e58a953b7fec461e1 Author: Pauli Date: Wed Sep 12 09:25:20 2018 +1000 Limit the number of AES-GCM keys allowed in TLS. A new error is raised if this limit is ever reached. This is a FIPS 140-2 requirement from IG A.5 "Key/IV Pair Uniqueness Requirements from SP 800-38D". Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7129) --- Summary of changes: crypto/err/openssl.txt | 3 +++ crypto/evp/e_aes.c | 27 +++ crypto/evp/evp_err.c | 4 include/openssl/evperr.h | 3 +++ 4 files changed, 37 insertions(+) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 2c8572b..84e6393 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -711,6 +711,7 @@ ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init EVP_F_AESNI_INIT_KEY:165:aesni_init_key EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl +EVP_F_AES_GCM_TLS_CIPHER:207:aes_gcm_tls_cipher EVP_F_AES_INIT_KEY:133:aes_init_key EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key @@ -805,6 +806,7 @@ EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl +EVP_F_S390X_AES_GCM_TLS_CIPHER:208:s390x_aes_gcm_tls_cipher EVP_F_UPDATE:173:update KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive @@ -2265,6 +2267,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa +EVP_R_TOO_MANY_RECORDS:183:too many records EVP_R_UNKNOWN_CIPHER:160:unknown cipher EVP_R_UNKNOWN_DIGEST:161:unknown digest EVP_R_UNKNOWN_OPTION:169:unknown option diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 61d37a8..f81ad66 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -44,6 +44,7 @@ typedef struct { int taglen; int iv_gen; /* It is OK to generate IVs */ int tls_aad_len;/* TLS AAD length */ +uint64_t tls_enc_records; /* Number of TLS records encrypted */ ctr128_f ctr; } EVP_AES_GCM_CTX; @@ -1069,6 +1070,7 @@ typedef struct { int kreslen; int tls_aad_len; +uint64_t tls_enc_records; /* Number of TLS records encrypted */ } S390X_AES_GCM_CTX; typedef struct { @@ -1692,6 +1694,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) buf = EVP_CIPHER_CTX_buf_noconst(c); memcpy(buf, ptr, arg); gctx->tls_aad_len = arg; +gctx->tls_enc_records = 0; len = buf[arg - 2] << 8 | buf[arg - 1]; /* Correct length for explicit iv. */ @@ -1791,6 +1794,17 @@ static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) return -1; +/* + * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness + * Requirements from SP 800-38D". The requirements is for one party to the + * communication to fail after 2^64 - 1 keys. We do this on the encrypting + * side only. + */ +if (ctx->encrypt && ++gctx->tls_enc_records == 0) { +EVPerr(EVP_F_S390X_AES_GCM_TLS_CIPHER, EVP_R_TOO_MANY_RECORDS); +goto err; +} + if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) @@ -2901,6 +2915,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; +gctx->tls_enc_records = 0; { unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ @@ -3035,6 +3050,18 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) return -1; + +/* + * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness + * Requirements from SP 800-38D". The requirements is for one party to the + * communication to fail after 2^64 - 1 keys. We do this on the encrypting + * side only. + */ +if (ctx->encrypt && ++gctx->tls_enc_records == 0) { +EVPerr(EVP_F_AES_GCM_TLS_CIPHER,
[openssl-commits] [openssl] master update
The branch master has been updated via f88b9b79152b48541b780dfd30bb34e1c7a91e1b (commit) from b28bfa7e5685588113a33708477b065d5888283e (commit) - Log - commit f88b9b79152b48541b780dfd30bb34e1c7a91e1b Author: Pauli Date: Tue Aug 14 14:04:47 2018 +1000 Speed for HMACs. Add support for HMAC over any evp supported digest. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6945) --- Summary of changes: apps/speed.c | 60 ++ doc/man1/speed.pod | 5 + 2 files changed, 61 insertions(+), 4 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a487917..27b4d50 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -298,7 +298,7 @@ static int opt_found(const char *name, unsigned int *result, typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, -OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, +OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD } OPTION_CHOICE; @@ -308,6 +308,7 @@ const OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, +{"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, {"aead", OPT_AEAD, '-', @@ -369,6 +370,8 @@ const OPTIONS speed_options[] = { #define D_IGE_256_AES 28 #define D_GHASH 29 #define D_RAND 30 +#define D_EVP_HMAC 31 + /* name of algorithms to test */ static const char *names[] = { "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", @@ -378,7 +381,7 @@ static const char *names[] = { "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", -"rand" +"rand", "hmac" }; #define ALGOR_NUM OSSL_NELEM(names) @@ -1032,6 +1035,26 @@ static int EVP_Digest_loop(void *args) return count; } +static const EVP_MD *evp_hmac_md = NULL; +static char *evp_hmac_name = NULL; +static int EVP_HMAC_loop(void *args) +{ +loopargs_t *tempargs = *(loopargs_t **) args; +unsigned char *buf = tempargs->buf; +unsigned char no_key[32]; +int count; +#ifndef SIGALRM +int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + +for (count = 0; COND(nb_iter); count++) { +if (HMAC(evp_hmac_md, no_key, sizeof(no_key), buf, lengths[testnum], + NULL, NULL) == NULL) +return -1; +} +return count; +} + #ifndef OPENSSL_NO_RSA static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ @@ -1567,6 +1590,15 @@ int speed_main(int argc, char **argv) } doit[D_EVP] = 1; break; +case OPT_HMAC: +evp_hmac_md = EVP_get_digestbyname(opt_arg()); +if (evp_hmac_md == NULL) { +BIO_printf(bio_err, "%s: %s is an unknown digest\n", + prog, opt_arg()); +goto end; +} +doit[D_EVP_HMAC] = 1; +break; case OPT_DECRYPT: decrypt = 1; break; @@ -1805,9 +1837,9 @@ int speed_main(int argc, char **argv) e = setup_engine(engine_id, 0); /* No parameters; turn on everything. */ -if ((argc == 0) && !doit[D_EVP]) { +if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC]) { for (i = 0; i < ALGOR_NUM; i++) -if (i != D_EVP) +if (i != D_EVP && i != D_EVP_HMAC) doit[i] = 1; #ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) @@ -2649,6 +2681,25 @@ int speed_main(int argc, char **argv) } } +if (doit[D_EVP_HMAC]) { +if (evp_hmac_md != NULL) { +const char *md_name = OBJ_nid2ln(EVP_MD_type(evp_hmac_md)); +evp_hmac_name = app_malloc(sizeof("HMAC()") + strlen(md_name), + "HMAC name"); +sprintf(evp_hmac_name, "HMAC(%s)", md_name); +names[D_EVP_HMAC] = evp_hmac_name; + +for (testnum = 0; testnum < size_num; testnum++) { +print_message(names[D_EVP_HMAC], save_count, lengths[testnum], + seconds.sym); +Time_F(START); +count = run_benchmark(async_jobs, EVP_HMAC_loop, loopargs); +d = Time_F(STOP); +print_result(D_EVP_HMAC, testnum, count, d); +} +} +} + for (i = 0; i < loopargs_len; i++) if
[openssl-commits] [openssl] master update
The branch master has been updated via b28bfa7e5685588113a33708477b065d5888283e (commit) via 95eda4f09a37382393cfec7933bac4deb613cdec (commit) from a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed (commit) - Log - commit b28bfa7e5685588113a33708477b065d5888283e Author: Pauli Date: Wed Sep 12 08:42:15 2018 +1000 Add a note to CHANGES indicating that AES-XTS now enforces two different keys. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7120) commit 95eda4f09a37382393cfec7933bac4deb613cdec Author: Pauli Date: Wed Sep 5 12:18:22 2018 +1000 FIPS 140-2 IG A.9 XTS key check. Add a check that the two keys used for AES-XTS are different. One test case uses the same key for both of the AES-XTS keys. This causes a failure under FIP 140-2 IG A.9. Mark the test as returning a failure. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7120) --- Summary of changes: CHANGES | 7 ++- crypto/evp/e_aes.c| 24 ++-- test/recipes/30-test_evp_data/evpciph.txt | 1 + 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index abb03b4..657f0cf 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,12 @@ Changes between 1.1.1 and 1.1.2 [xx XXX ] - *) + *) AES-XTS mode now enforces that its two keys are different to mitigate + the attacked described in "Efficient Instantiations of Tweakable + Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. + Details of this attack can be obtained from: + http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + [Paul Dale] Changes between 1.1.0i and 1.1.1 [11 Sep 2018] diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 0add393..61d37a8 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -3410,10 +3410,30 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); -if (!xctx->xts.key1 || !xctx->xts.key2) + +if (xctx->xts.key1 == NULL +|| xctx->xts.key2 == NULL +|| out == NULL +|| in == NULL +|| len < AES_BLOCK_SIZE) return 0; -if (!out || !in || len < AES_BLOCK_SIZE) + +/* + * Verify that the two keys are different. + * + * This addresses the vulnerability described in Rogaway's September 2004 + * paper (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf): + * "Efficient Instantiations of Tweakable Blockciphers and Refinements + * to Modes OCB and PMAC". + * + * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states that: + * "The check for Key_1 != Key_2 shall be done at any place BEFORE + * using the keys in the XTS-AES algorithm to process data with them." +*/ +if (CRYPTO_memcmp(xctx->xts.key1, xctx->xts.key2, + EVP_CIPHER_CTX_key_length(ctx) / 2) == 0) return 0; + if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index d117455..d1086b7 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1184,6 +1184,7 @@ Key = IV = Plaintext = Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e +Result = CIPHERUPDATE_ERROR Cipher = aes-128-xts Key = _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 5a6fbf616e1da3ac8c8bc6a30dbcd9844f6726c7 (commit) from fb953d29b1775017c435000f180b75588684 (commit) - Log - commit 5a6fbf616e1da3ac8c8bc6a30dbcd9844f6726c7 Author: Bernd Edlinger Date: Mon Sep 10 14:18:23 2018 +0200 Make the config script fail with an error code if Configure failed Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7166) (cherry picked from commit e13dc23cc0fd64c304c25a67d5fa516a77f9e8f1) --- Summary of changes: config | 1 + 1 file changed, 1 insertion(+) diff --git a/config b/config index 21534e0..6214c4b 100755 --- a/config +++ b/config @@ -992,5 +992,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e13dc23cc0fd64c304c25a67d5fa516a77f9e8f1 (commit) from aa4312d24492c977eb7d01014e23da61bf245de5 (commit) - Log - commit e13dc23cc0fd64c304c25a67d5fa516a77f9e8f1 Author: Bernd Edlinger Date: Mon Sep 10 14:18:23 2018 +0200 Make the config script fail with an error code if Configure failed Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7166) --- Summary of changes: config | 1 + 1 file changed, 1 insertion(+) diff --git a/config b/config index 35e849a..19c0071 100755 --- a/config +++ b/config @@ -929,5 +929,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via aa4312d24492c977eb7d01014e23da61bf245de5 (commit) from f6c6c7c95caedb6046e751a3e24d1923a6554fa7 (commit) - Log - commit aa4312d24492c977eb7d01014e23da61bf245de5 Author: parasssh Date: Wed Aug 22 22:42:11 2018 -0700 Fix typos in documentation. CLA: trivial (cherry picked from commit fa332bba919d094c1654bbb3be0528b3df6e9023) Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7040) --- Summary of changes: doc/crypto/EVP_DigestInit.pod | 2 +- doc/crypto/EVP_DigestSignInit.pod | 10 +- doc/crypto/EVP_DigestVerifyInit.pod | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 1dc76cb..9fda29b 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -223,7 +223,7 @@ EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. -If digest contexts are not cleaned up after use +If digest contexts are not cleaned up after use, memory leaks will occur. EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index bec8e9d..a3938d5 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -28,7 +28,7 @@ is freed). The digest B may be NULL if the signing algorithm supports it. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of -"signing." Built-in EVP_PKEY types supported by these functions are CMAC, DSA, +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, DSA, ECDSA, HMAC and RSA. Not all digests can be used for all key types. The following combinations apply. @@ -71,17 +71,17 @@ signature context B. This function can be called several times on the same B to include additional data. This function is currently implemented using a macro. -EVP_DigestSignFinal() signs the data in B places the signature in B. +EVP_DigestSignFinal() signs the data in B and places the signature in B. If B is B then the maximum size of the output buffer is written to the B parameter. If B is not B then before the call the -B parameter should contain the length of the B buffer, if the +B parameter should contain the length of the B buffer. If the call is successful the signature is written to B and the amount of data written to B. =head1 RETURN VALUES EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return -1 for success and 0 or a negative value for failure. In particular a return +1 for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the public key algorithm. @@ -105,7 +105,7 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index 6c3d070..2e1d00f 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -65,7 +65,7 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed (commit) from fc4e1ab4708a3eb87a107df7e085d0d8125c5171 (commit) - Log - commit a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed Author: Richard Levitte Date: Tue Sep 11 16:23:22 2018 +0200 The next version in master is at least 1.1.2, not 1.1.1x The OMC hasn't yet decided what the next release version will be, but it's at least going to 1.1.2, so we set that value for the moment. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7180) --- Summary of changes: CHANGES| 2 +- NEWS | 2 +- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 0499bd5..abb03b4 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,7 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1 and 1.1.1a [xx XXX ] + Changes between 1.1.1 and 1.1.2 [xx XXX ] *) diff --git a/NEWS b/NEWS index 4026385..3179b1d 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.2 [under development] o diff --git a/README b/README index 5817b54..6818807 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1a-dev + OpenSSL 1.1.2-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 2a54f2c..f22601a 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101010L -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1a-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10102000L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.2-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1 create
The annotated tag OpenSSL_1_1_1 has been created at 777eda03d14b6ffa3cca89e0201ac3ac315d451f (tag) tagging 1708e3e85b4a86bae26860aa5d2913fc8eff6086 (commit) replaces OpenSSL_1_1_1-pre9 tagged by Matt Caswell on Tue Sep 11 13:48:18 2018 +0100 - Log - OpenSSL 1.1.1 release tag -BEGIN PGP SIGNATURE- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZIRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGZ+gf+OO0a5aOkbN6xz5XoRYllKxMhFCboho7w 0X5dz89642cbNNw0NIuD/qJnwPGwJj81ZLTRcM/Ba9xQgRWmhVOCMgli/nRArabr PqWtCInu03szbh9lRPyQ/3oZN28v8RfOJA+svf9wWlNTEUW0cwQxydjYaXleMcGb WBZqgS+bM10E6Qbf+9wgdsVHVAgMqWWzXeRGux5baKKdDdpdXZCERwDhQrWVsAFJ 3IWZchXuM8uFnblu+vKc0zbt1ExHArV6sYSSwVnnn9jAXhJV7JXHLeMPYHO9yib8 E0hogjLdXIhaspQJimPHMqwQltvtE00dUEkeoaU6ddKhIdl7A1H1Og== =CZMJ -END PGP SIGNATURE- Alex Gaynor (1): Fixed a comment that referenced the wrong method Andy Polyakov (11): asn1/asn_moid.c: overhaul do_create. man3/OBJ_nid2obj.pod: mention failure code for OBJ_create. crypto/init.c: improve destructor_key's portability. crypto/bn: add more fixed-top routines. rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA." bn/bn_blind.c: use Montgomery multiplication when possible. bn/bn_lib.c: conceal even memmory access pattern in bn2binpad. Configurations/unix-Makefile.tmpl: address find portability issue. internal/tsan_assist.h: add tsan_ld_acq and tsan_st_rel. x509v3/v3_purp.c: refine lock-free check in x509v3_cache_extensions. Revert ".travis.yml: omit linux-ppc64le target." Ben Kaduk (2): Restore historical SSL_get_servername() behavior Simplify SSL_get_servername() to avoid session references Billy Brumley (2): [test] ECC: make sure negative tests pass for the right reasons [test] throw error from wrapper function instead of an EC_METHOD specific one Dmitry Belyavskiy (1): Do not ignore EVP_PKEY_print_public/EVP_PKEY_print_private return values Dr. Matthias St. Pierre (4): rand_lib.c: Don't open random devices while cleaning up. test/dhtest.c: fix resource leak crypto/rsa/rsa_pss.c: silence coverity warning test/evp_extra_test.c: fix null pointer dereference Eric Brown (1): Remove redundant ASN1_INTEGER_set call Eric Curtin (1): New openssl subject parser hard to debug Erik Forsberg (1): Fix ssl/t1_trce.c to parse certificate chains Hubert Kario (1): TLSv1.3 related changes to man pages Jack Lloyd (1): Add test case for SM2 evp verification Jakub Wilk (2): Fix typos in documentation Fix example in crl(1) man page Kurt Roeckx (2): Update fuzz corpora Test that we can process a KeyUpdate received after we sent close_notify Matt Caswell (30): Prepare for 1.1.1-pre10-dev Use the same min-max version range on the client consistently Test that a client protocol "hole" doesn't get detected as a downgrade Don't detect a downgrade where the server has a protocol version hole Fix BoringSSL external test failures Improve the usability of the ca app using EdDSA Ignore the digest in req app if using EdDSA Fix a mem leak on error in the PSK code Free SSL object on an error path Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3 Ignore EPIPE when sending NewSessionTickets in TLSv1.3 Clarify the EVP_DigestSignInit docs Send a NewSessionTicket after using an external PSK Test creation of tickets when using a TLSv1.3 PSK Don't use an RSA-PSS cert for RSA key exchange Add a test for RSA key exchange with both RSA and RSA-PSS certs Clarify the return value of SSL_client_version() Process KeyUpdate and NewSessionTicket messages after a close_notify Test that we can handle a PHA CertificateRequest after we sent close_notify Remove a reference to SSL_force_post_handshake_auth() Ensure certificate callbacks work correctly in TLSv1.3 Do not reset SNI data in SSL_do_handshake() Update the pyca-cryptography submodule Updates NEWS for the 1.1.1 release More updates to CHANGES and NEWS for the 1.1.1 release Don't cast an int * to a size_t * Validate the SM2 digest len before use Check the return value from ASN1_INTEGER_set Update copyright year Prepare for 1.1.1 release Matthias Kraft (1): Extend dladdr() for AIX, consequence from changes for openssl#6368. Nicola Tuveri (2): Fix segfault in RSA_free() (and DSA/DH/EC_KEY) Harmonize the error handling codepath Patrick Steuer (1): fuzz/driver.c: appease -Wmissing-prototypes Paul Kehrer (2): add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP add docs for OCSP_resp_get0_signature Paul Yang (12): Add semicolon at the end of the function prototypes
[openssl-commits] [openssl] master update
The branch master has been updated via fc4e1ab4708a3eb87a107df7e085d0d8125c5171 (commit) via 1708e3e85b4a86bae26860aa5d2913fc8eff6086 (commit) from 1212818eb07add297fe562eba80ac46a9893781e (commit) - Log - commit fc4e1ab4708a3eb87a107df7e085d0d8125c5171 Author: Matt Caswell Date: Tue Sep 11 13:49:46 2018 +0100 Prepare for 1.1.1a-dev Reviewed-by: Richard Levitte commit 1708e3e85b4a86bae26860aa5d2913fc8eff6086 Author: Matt Caswell Date: Tue Sep 11 13:48:18 2018 +0100 Prepare for 1.1.1 release Reviewed-by: Richard Levitte --- Summary of changes: CHANGES| 6 +- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 63fe26c..0499bd5 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0i and 1.1.1 [xx XXX ] + Changes between 1.1.1 and 1.1.1a [xx XXX ] + + *) + + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] *) Add a new ClientHello callback. Provides a callback interface that gives the application the ability to adjust the nascent SSL object at the diff --git a/NEWS b/NEWS index ae0c2d7..4026385 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] + + o + + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 for further important information). The TLSv1.3 implementation includes: diff --git a/README b/README index 6075f16..5817b54 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1-pre10-dev + OpenSSL 1.1.1a-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index b866670..2a54f2c 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010100aL -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1-pre10-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10101010L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1a-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a9e5da9e4698a64397f1f564337f13207518f3ee (commit) from b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit) - Log - commit a9e5da9e4698a64397f1f564337f13207518f3ee Author: Matt Caswell Date: Tue Sep 11 14:16:04 2018 +0100 Updates for the 1.1.1 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/76) --- Summary of changes: news/newsflash.txt | 1 + source/index.html | 28 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index f1001bd..1a0f0fb 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes 14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes diff --git a/source/index.html b/source/index.html index 6c6c066..a4a98ce 100644 --- a/source/index.html +++ b/source/index.html @@ -30,11 +30,20 @@ A list of mirror sites can be found here. - Note: The latest stable version is the 1.1.0 series. -The 1.0.2 series is our Long Term - Support (LTS) release, supported until 31st December 2019. -The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and - should not be used. + Note: The latest stable version is the 1.1.1 series. This is +also our Long Term Support (LTS) version, supported until 11th September +2023. Our previous LTS version (1.0.2 series) will continue to be +supported until 31st December 2019 (security fixes only during the last +year of support). The 1.1.0 series is currently only receiving security +fixes and will go out of support on 11th September 2019. All users of +1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as possible. +The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should +not be used. + +The OpenSSL FIPS Object Module 2.0 (FOM) is also available for +download. It is no longer receiving updates. It must be used in +conjunction with a FIPS capable version of OpenSSL (1.0.2 series). A +new FIPS module is currently in development. @@ -47,9 +56,12 @@ When building a release for the first time, please make sure - to look at the README and INSTALL files in the distribution. - If you have problems, look at the FAQ, which can be - found online. + to look at the INSTALL file in the distribution along with any NOTES +file applicable to your platform. If you have problems, look at the FAQ, +which can be found online. If you +still need more help, then join the +openssl-users email list and +post a question there. PGP keys for the signatures are available from the https://www.openssl.org/community/omc.html;>OMC page. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1212818eb07add297fe562eba80ac46a9893781e (commit) from 37f4928701aa54937ce8eef422a2165afeec5cec (commit) - Log - commit 1212818eb07add297fe562eba80ac46a9893781e Author: Matt Caswell Date: Tue Sep 11 13:22:14 2018 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7176) --- Summary of changes: crypto/aes/asm/aes-parisc.pl | 2 +- crypto/bn/bn_div.c| 2 +- crypto/bn/bn_intern.c | 2 +- crypto/bn/bn_lcl.h| 2 +- crypto/bn/bn_mod.c| 2 +- crypto/bn/bn_mul.c| 2 +- crypto/bn/bn_nist.c | 2 +- crypto/bn/bn_sqr.c| 2 +- crypto/bn/bn_x931p.c | 2 +- crypto/camellia/camellia.c| 2 +- crypto/cms/cms_lcl.h | 2 +- crypto/conf/conf_lib.c| 2 +- crypto/dllmain.c | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/dsa/dsa_sign.c | 2 +- crypto/ec/asm/ecp_nistz256-ppc64.pl | 2 +- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 2 +- crypto/ec/asm/ecp_nistz256-x86.pl | 2 +- crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec_cvt.c| 2 +- crypto/ec/ec_kmeth.c | 2 +- crypto/ec/eck_prn.c | 2 +- crypto/ec/ecp_oct.c | 2 +- crypto/engine/eng_devcrypto.c | 2 +- crypto/engine/eng_int.h | 2 +- crypto/evp/e_chacha20_poly1305.c | 2 +- crypto/evp/evp_pbe.c | 2 +- crypto/evp/m_sha3.c | 2 +- crypto/evp/p_seal.c | 2 +- crypto/include/internal/aria.h| 2 +- crypto/include/internal/bn_int.h | 2 +- crypto/include/internal/chacha.h | 2 +- crypto/include/internal/md32_common.h | 2 +- crypto/include/internal/siphash.h | 2 +- crypto/include/internal/store_int.h | 2 +- crypto/include/internal/x509_int.h| 2 +- crypto/lhash/lhash_lcl.h | 2 +- crypto/modes/asm/ghash-armv4.pl | 2 +- crypto/modes/asm/ghash-parisc.pl | 2 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/perlasm/x86_64-xlate.pl| 2 +- crypto/pkcs12/p12_asn.c | 2 +- crypto/pkcs12/p12_init.c | 2 +- crypto/pkcs12/p12_mutl.c | 2 +- crypto/pkcs7/pk7_lib.c| 2 +- crypto/poly1305/asm/poly1305-x86_64.pl| 2 +- crypto/rc4/asm/rc4-parisc.pl | 2 +- crypto/rsa/rsa_ossl.c | 2 +- crypto/rsa/rsa_pk1.c | 2 +- crypto/rsa/rsa_ssl.c | 2 +- crypto/seed/seed_locl.h | 2 +- crypto/sha/asm/keccak1600-s390x.pl| 2 +- crypto/sha/asm/sha1-parisc.pl | 2 +- crypto/sha/asm/sha256-armv4.pl| 2 +- crypto/sha/asm/sha512-armv4.pl| 2 +- crypto/sha/asm/sha512-parisc.pl | 2 +- crypto/siphash/siphash.c | 2 +- crypto/uid.c | 2 +- crypto/x509/x509_trs.c| 2 +- crypto/x509v3/v3_lib.c| 2 +- crypto/x509v3/v3_tlsf.c | 2 +- doc/man1/crl.pod | 2 +- doc/man1/dsa.pod | 2 +- doc/man1/gendsa.pod | 2 +- doc/man1/genrsa.pod | 2 +- doc/man1/passwd.pod | 2 +- doc/man1/pkcs8.pod| 2 +- doc/man1/req.pod | 2 +- doc/man1/rsa.pod | 2 +- doc/man1/sess_id.pod | 2 +- doc/man1/spkac.pod| 2 +- doc/man1/ts.pod | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/BIO_s_file.pod | 2 +- doc/man3/BN_bn2bin.pod| 2 +- doc/man3/BN_generate_prime.pod| 2 +- doc/man3/EC_GROUP_new.pod | 2 +- doc/man3/EVP_PKEY_get_default_digest_nid.pod | 2 +- doc/man3/OCSP_resp_find_status.pod| 2 +- doc/man3/SSL_CTX_new.pod | 2 +- doc/man3/SSL_CTX_set0_CA_list.pod | 2 +- doc/man3/SSL_CTX_set_mode.pod | 2 +-
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via fb953d29b1775017c435000f180b75588684 (commit) from 4a98bb0068cae9fbe5c6a6e513093d41969dad58 (commit) - Log - commit fb953d29b1775017c435000f180b75588684 Author: Richard Levitte Date: Thu Sep 6 09:35:39 2018 +0200 CAPI engine: add support for RSA_NO_PADDING Since the SSL code started using RSA_NO_PADDING, the CAPI engine became unusable. This change fixes that. Fixes #7131 Reviewed-by: Bernd Edlinger Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7132) --- Summary of changes: engines/e_capi.c | 32 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/engines/e_capi.c b/engines/e_capi.c index 8c08872..814a325 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -900,6 +900,8 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *tmpbuf; CAPI_KEY *capi_key; CAPI_CTX *ctx; +DWORD flags = 0; + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n"); @@ -910,12 +912,23 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, return -1; } -if (padding != RSA_PKCS1_PADDING) { -char errstr[10]; -BIO_snprintf(errstr, 10, "%d", padding); -CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); -ERR_add_error_data(2, "padding=", errstr); -return -1; +switch (padding) { +case RSA_PKCS1_PADDING: +/* Nothing to do */ +break; +#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK +case RSA_NO_PADDING: +flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK; +break; +#endif +default: +{ +char errstr[10]; +BIO_snprintf(errstr, 10, "%d", padding); +CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); +ERR_add_error_data(2, "padding=", errstr); +return -1; +} } /* Create temp reverse order version of input */ @@ -927,14 +940,17 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, tmpbuf[flen - i - 1] = from[i]; /* Finally decrypt it */ -if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, )) { +if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, )) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); capi_addlasterror(); +OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return -1; -} else +} else { memcpy(to, tmpbuf, flen); +} +OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return flen; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via f6c6c7c95caedb6046e751a3e24d1923a6554fa7 (commit) from 1fa7e2ee06f24cdc7fe04599456a07f29db69d95 (commit) - Log - commit f6c6c7c95caedb6046e751a3e24d1923a6554fa7 Author: Richard Levitte Date: Tue Sep 11 11:00:30 2018 +0200 CAPI engine: add support for RSA_NO_PADDING Since the SSL code started using RSA_NO_PADDING, the CAPI engine became unusable. This change fixes that. Fixes #7131 Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7174) (cherry picked from commit 37f4928701aa54937ce8eef422a2165afeec5cec) --- Summary of changes: engines/e_capi.c | 28 +--- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/engines/e_capi.c b/engines/e_capi.c index 4660f1a..9d5e850 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -917,6 +917,7 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *tmpbuf; CAPI_KEY *capi_key; CAPI_CTX *ctx; +DWORD flags = 0; DWORD dlen; if (flen <= 0) @@ -932,12 +933,23 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, return -1; } -if (padding != RSA_PKCS1_PADDING) { -char errstr[10]; -BIO_snprintf(errstr, 10, "%d", padding); -CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); -ERR_add_error_data(2, "padding=", errstr); -return -1; +switch (padding) { +case RSA_PKCS1_PADDING: +/* Nothing to do */ +break; +#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK +case RSA_NO_PADDING: +flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK; +break; +#endif +default: +{ +char errstr[10]; +BIO_snprintf(errstr, 10, "%d", padding); +CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); +ERR_add_error_data(2, "padding=", errstr); +return -1; +} } /* Create temp reverse order version of input */ @@ -950,14 +962,16 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, /* Finally decrypt it */ dlen = flen; -if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, )) { +if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, )) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); capi_addlasterror(); +OPENSSL_cleanse(tmpbuf, dlen); OPENSSL_free(tmpbuf); return -1; } else { memcpy(to, tmpbuf, (flen = (int)dlen)); } +OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return flen; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 37f4928701aa54937ce8eef422a2165afeec5cec (commit) from 512d811719fc955f574090af4c3586a9aba46fa7 (commit) - Log - commit 37f4928701aa54937ce8eef422a2165afeec5cec Author: Richard Levitte Date: Tue Sep 11 11:00:30 2018 +0200 CAPI engine: add support for RSA_NO_PADDING Since the SSL code started using RSA_NO_PADDING, the CAPI engine became unusable. This change fixes that. Fixes #7131 Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7174) --- Summary of changes: engines/e_capi.c | 28 +--- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/engines/e_capi.c b/engines/e_capi.c index a765892..37202b8 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -917,6 +917,7 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *tmpbuf; CAPI_KEY *capi_key; CAPI_CTX *ctx; +DWORD flags = 0; DWORD dlen; if (flen <= 0) @@ -932,12 +933,23 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, return -1; } -if (padding != RSA_PKCS1_PADDING) { -char errstr[10]; -BIO_snprintf(errstr, 10, "%d", padding); -CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); -ERR_add_error_data(2, "padding=", errstr); -return -1; +switch (padding) { +case RSA_PKCS1_PADDING: +/* Nothing to do */ +break; +#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK +case RSA_NO_PADDING: +flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK; +break; +#endif +default: +{ +char errstr[10]; +BIO_snprintf(errstr, 10, "%d", padding); +CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); +ERR_add_error_data(2, "padding=", errstr); +return -1; +} } /* Create temp reverse order version of input */ @@ -950,14 +962,16 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, /* Finally decrypt it */ dlen = flen; -if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, )) { +if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, )) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); capi_addlasterror(); +OPENSSL_cleanse(tmpbuf, dlen); OPENSSL_free(tmpbuf); return -1; } else { memcpy(to, tmpbuf, (flen = (int)dlen)); } +OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return flen; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits