[openssl-commits] Build failed: openssl master.20660
Build openssl master.20660 failed Commit a759e3fc98 by Paul Yang on 10/30/2018 4:32 AM: revert wrong changes Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 388de53c274dee20c07eee7ff892108668fb3a61 (commit) via f8c9a8e325b23f4b3de67e9a0d385355f81bd6fc (commit) via 6723f86746ab7e8ff9a914603db4f85c53eafc7c (commit) from 56adb7d93721a72bfae532845cbebc4a565ceb65 (commit) - Log - commit 388de53c274dee20c07eee7ff892108668fb3a61 Author: Richard Levitte Date: Wed Oct 24 22:49:49 2018 +0200 Make sure at least one HMAC test still uses the EVP_PKEY method Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7483) commit f8c9a8e325b23f4b3de67e9a0d385355f81bd6fc Author: Richard Levitte Date: Wed Oct 24 21:25:00 2018 +0200 EVP_MAC: Integrate HMAC EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7483) commit 6723f86746ab7e8ff9a914603db4f85c53eafc7c Author: Richard Levitte Date: Wed Oct 24 21:20:00 2018 +0200 EVP_MAC: Add HMAC implementation Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7483) --- Summary of changes: crypto/evp/c_allm.c | 1 + crypto/evp/pkey_mac.c | 33 crypto/hmac/build.info | 2 +- crypto/hmac/hm_meth.c | 173 +++ crypto/hmac/hm_pmeth.c | 212 crypto/include/internal/evp_int.h | 1 + doc/man3/EVP_MAC.pod| 3 +- doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_HMAC.pod} | 16 +- include/openssl/evp.h | 1 + test/recipes/30-test_evp_data/evpmac.txt| 2 +- 10 files changed, 224 insertions(+), 220 deletions(-) create mode 100644 crypto/hmac/hm_meth.c delete mode 100644 crypto/hmac/hm_pmeth.c copy doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_HMAC.pod} (70%) diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c index 862b639..edf8ba5 100644 --- a/crypto/evp/c_allm.c +++ b/crypto/evp/c_allm.c @@ -15,4 +15,5 @@ void openssl_add_all_macs_int(void) #ifndef OPENSSL_NO_CMAC EVP_add_mac(_meth); #endif +EVP_add_mac(_meth); } diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index ecf70bb..9f3817c 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -359,3 +359,36 @@ const EVP_PKEY_METHOD cmac_pkey_meth = { pkey_mac_ctrl, pkey_mac_ctrl_str }; + +const EVP_PKEY_METHOD hmac_pkey_meth = { +EVP_PKEY_HMAC, +0, +pkey_mac_init, +pkey_mac_copy, +pkey_mac_cleanup, + +0, 0, + +0, +pkey_mac_keygen, + +0, 0, + +0, 0, + +0, 0, + +pkey_mac_signctx_init, +pkey_mac_signctx, + +0, 0, + +0, 0, + +0, 0, + +0, 0, + +pkey_mac_ctrl, +pkey_mac_ctrl_str +}; diff --git a/crypto/hmac/build.info b/crypto/hmac/build.info index 09f67c2..f63524d 100644 --- a/crypto/hmac/build.info +++ b/crypto/hmac/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ -hmac.c hm_ameth.c hm_pmeth.c +hmac.c hm_ameth.c hm_meth.c diff --git a/crypto/hmac/hm_meth.c b/crypto/hmac/hm_meth.c new file mode 100644 index 000..fb48830 --- /dev/null +++ b/crypto/hmac/hm_meth.c @@ -0,0 +1,173 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/evp_int.h" + +/* local HMAC context structure */ + +/* typedef EVP_MAC_IMPL */ +struct evp_mac_impl_st { +/* tmpmd and tmpengine are set to NULL after a CMAC_Init call */ +const EVP_MD *tmpmd; /* HMAC digest */ +const ENGINE *tmpengine; /* HMAC digest engine */ +HMAC_CTX *ctx; /* HMAC context */ +}; + +static EVP_MAC_IMPL *hmac_new(void) +{ +EVP_MAC_IMPL *hctx; + +if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL +|| (hctx->ctx = HMAC_CTX_new()) == NULL) { +OPENSSL_free(hctx); +return NULL; +} + +return hctx; +} + +static void hmac_free(EVP_MAC_IMPL *hctx) +{ +if (hctx != NULL) { +HMAC_CTX_free(hctx->ctx); +OPENSSL_free(hctx); +} +} + +static int hmac_copy(EVP_MAC_IMPL *hdst, EVP_MAC_IMPL *hsrc) +{ +if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx)) +return 0; + +hdst->tmpengine = hsrc->tmpengine; +hdst->tmpmd = hsrc->tmpmd; +return 1; +} + +static size_t hmac_size(EVP_MAC_IMPL *hctx) +{ +return HMAC_size(hctx->ctx); +} + +static int hmac_init(EVP_MAC_IMPL *hctx) +{ +int rv = 1; + +/* HMAC_Init_ex
[openssl-commits] [openssl] master update
The branch master has been updated via 56adb7d93721a72bfae532845cbebc4a565ceb65 (commit) via b8d77c9bd675b4128aeeafb4a738938460477a2e (commit) via e74a435f58441c6f1f6b4558c762e17d0ab67b7f (commit) via f71faf2753cc1b1cbba0da0997b70e5a908ac24b (commit) from cf4eea12046445fc418507d2d5e14956b4353495 (commit) - Log - commit 56adb7d93721a72bfae532845cbebc4a565ceb65 Author: Richard Levitte Date: Wed Oct 24 22:47:28 2018 +0200 Make sure at least one CMAC test still uses the EVP_PKEY method Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7484) commit b8d77c9bd675b4128aeeafb4a738938460477a2e Author: Richard Levitte Date: Wed Oct 24 21:40:00 2018 +0200 Adapt other EVP code to use EVP_MAC instead of direct implementation calls The EVP_PKEY methods for CMAC and HMAC needed a rework, although it wasn't much change apart from name changes. This also meant that EVP_PKEY_new_CMAC_key() needed an adjustment. (the possibility to rewrite this function to work with any MAC is yet to be explored) Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7484) commit e74a435f58441c6f1f6b4558c762e17d0ab67b7f Author: Richard Levitte Date: Wed Oct 24 21:35:00 2018 +0200 EVP_MAC: Integrate CMAC EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7484) commit f71faf2753cc1b1cbba0da0997b70e5a908ac24b Author: Richard Levitte Date: Wed Oct 24 21:30:00 2018 +0200 EVP_MAC: Add CMAC implementation Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7484) --- Summary of changes: crypto/cmac/build.info | 2 +- crypto/cmac/cm_ameth.c | 7 +- crypto/cmac/cm_meth.c| 164 +++ crypto/cmac/cm_pmeth.c | 161 -- crypto/evp/c_allm.c | 3 + crypto/evp/p_lib.c | 8 +- crypto/evp/pkey_mac.c| 11 +-- crypto/include/internal/evp_int.h| 2 + doc/man3/EVP_MAC.pod | 8 -- doc/man7/EVP_MAC_CMAC.pod| 65 include/openssl/evp.h| 2 + test/recipes/30-test_evp_data/evpmac.txt | 2 +- 12 files changed, 248 insertions(+), 187 deletions(-) create mode 100644 crypto/cmac/cm_meth.c delete mode 100644 crypto/cmac/cm_pmeth.c create mode 100644 doc/man7/EVP_MAC_CMAC.pod diff --git a/crypto/cmac/build.info b/crypto/cmac/build.info index c8a4949..c460598 100644 --- a/crypto/cmac/build.info +++ b/crypto/cmac/build.info @@ -1,2 +1,2 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_pmeth.c +SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_meth.c diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index a58454a..7126584 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,6 @@ #include #include "internal/cryptlib.h" #include -#include #include "internal/asn1_int.h" /* @@ -25,8 +24,8 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { -CMAC_CTX *cmctx = EVP_PKEY_get0(pkey); -CMAC_CTX_free(cmctx); +EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey); +EVP_MAC_CTX_free(cmctx); } const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c new file mode 100644 index 000..7089936 --- /dev/null +++ b/crypto/cmac/cm_meth.c @@ -0,0 +1,164 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include "internal/evp_int.h" + +/* local CMAC pkey structure */ + +/* typedef EVP_MAC_IMPL */ +struct evp_mac_impl_st { +/* tmpcipher and tmpengine are set to NULL after a CMAC_Init call */ +const EVP_CIPHER *tmpcipher; /* cached CMAC cipher */ +const ENGINE *tmpengine; /* cached CMAC cipher engine */ +CMAC_CTX *ctx; +}; + +static EVP_MAC_IMPL *cmac_new(void) +{ +EVP_MAC_IMPL *cctx; + +if ((cctx =
[openssl-commits] Build failed: openssl master.20654
Build openssl master.20654 failed Commit 3bbd08abea by Paul Yang on 10/30/2018 3:21 AM: fix review comments Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 189b56b206e9d588560b609a3738fabceb76bcc3 (commit) from d308458ef138dfbe925203b5cb01a015f0aa93ac (commit) - Log - commit 189b56b206e9d588560b609a3738fabceb76bcc3 Author: Chocobo1 Date: Fri Oct 19 22:05:49 2018 +0800 Fix MSVC warning C4819 CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7444) (cherry picked from commit cf4eea12046445fc418507d2d5e14956b4353495) --- Summary of changes: crypto/bn/bn_exp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 2c92d7e..c026ffc 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * is not only slower but also makes each bit vulnerable to * EM (and likely other) side-channel attacks like One * (for details see "One: A Single-Decryption EM-Based - * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and * M. Prvulovic, in USENIX Security'18) */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cf4eea12046445fc418507d2d5e14956b4353495 (commit) from 3afd38b277a806b901e039c6ad281c5e5c97ef67 (commit) - Log - commit cf4eea12046445fc418507d2d5e14956b4353495 Author: Chocobo1 Date: Fri Oct 19 22:05:49 2018 +0800 Fix MSVC warning C4819 CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7444) --- Summary of changes: crypto/bn/bn_exp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 2c92d7e..c026ffc 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * is not only slower but also makes each bit vulnerable to * EM (and likely other) side-channel attacks like One * (for details see "One: A Single-Decryption EM-Based - * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and * M. Prvulovic, in USENIX Security'18) */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: openssl/openssl#21380 (OpenSSL_1_1_0-stable - 003f1bf)
Build Update for openssl/openssl - Build: #21380 Status: Fixed Duration: 14 mins and 51 secs Commit: 003f1bf (OpenSSL_1_1_0-stable) Author: Rod Vagg Message: Remove brace from bad cherry-pick of DSA reallocation fix Commit 56fb454 backported the DSA reallocation fix to 1.1.0, however a code block that has multiple statements in 1.1.1+ only has a `goto` in 1.1.0 so introduces a brace that causes a compile failure. CLA:trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7516) View the changeset: https://github.com/openssl/openssl/compare/56fb454d281a...003f1bfd1852 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/448136819?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 003f1bfd185267cc67ac9dc521a27d7a2af0d0ee (commit) from 56fb454d281a023b3f950d969693553d3f3ceea1 (commit) - Log - commit 003f1bfd185267cc67ac9dc521a27d7a2af0d0ee Author: Rod Vagg Date: Mon Oct 29 20:43:53 2018 +1100 Remove brace from bad cherry-pick of DSA reallocation fix Commit 56fb454 backported the DSA reallocation fix to 1.1.0, however a code block that has multiple statements in 1.1.1+ only has a `goto` in 1.1.0 so introduces a brace that causes a compile failure. CLA:trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7516) --- Summary of changes: crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index ff882cc..8350082 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -178,7 +178,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); if ((bn_wexpand(k, group_top + 2) == NULL) -|| (bn_wexpand(lambda, group_top + 2) == NULL)) { +|| (bn_wexpand(lambda, group_top + 2) == NULL)) goto err; if (!BN_copy(k, scalar)) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ec4583cb047f1dd56918b38f5a36941747d50d28 (commit) from 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit) - Log - commit ec4583cb047f1dd56918b38f5a36941747d50d28 Author: Matt Caswell Date: Mon Oct 29 21:52:29 2018 + Correct the security advisory name Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/91) --- Summary of changes: news/secadv/{20181030.pdf => 20181030.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename news/secadv/{20181030.pdf => 20181030.txt} (100%) diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.txt similarity index 100% rename from news/secadv/20181030.pdf rename to news/secadv/20181030.txt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3afd38b277a806b901e039c6ad281c5e5c97ef67 (commit) from 88e3cf0a1024f4afaf8e44553526eb326db102bc (commit) - Log - commit 3afd38b277a806b901e039c6ad281c5e5c97ef67 Author: Vitezslav Cizek Date: Thu Oct 25 13:53:26 2018 +0200 DSA: Check for sanity of input parameters dsa_builtin_paramgen2 expects the L parameter to be greater than N, otherwise the generation will get stuck in an infinite loop. Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7493) --- Summary of changes: crypto/dsa/dsa_gen.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 46f4f01..383d853 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, if (mctx == NULL) goto err; +/* make sure L > N, otherwise we'll get trapped in an infinite loop */ +if (L <= N) { +DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); +goto err; +} + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via ebf65dbe1a67682d7e1f58db9c53ef737fb37f32 (commit) from 43e6a58d4991a451daf4891ff05a48735df871ac (commit) - Log - commit ebf65dbe1a67682d7e1f58db9c53ef737fb37f32 Author: Pauli Date: Mon Oct 29 07:18:09 2018 +1000 Merge to 1.0.2: DSA mod inverse fix. There is a side channel attack against the division used to calculate one of the modulo inverses in the DSA algorithm. This change takes advantage of the primality of the modulo and Fermat's little theorem to calculate the inverse without leaking information. Thanks to Samuel Weiser for finding and reporting this. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7512) --- Summary of changes: crypto/dsa/dsa_ossl.c | 34 -- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 100e269..80daf60 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -73,6 +73,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -333,8 +335,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, if (!BN_mod(r, r, dsa->q, ctx)) goto err; -/* Compute part of 's = inv(k) (m + xr) mod q' */ -if ((kinv = BN_mod_inverse(NULL, , dsa->q, ctx)) == NULL) +/* Compute part of 's = inv(k) (m + xr) mod q' */ +if ((kinv = dsa_mod_inverse_fermat(, dsa->q, ctx)) == NULL) goto err; if (*kinvp != NULL) @@ -468,3 +470,31 @@ static int dsa_finish(DSA *dsa) BN_MONT_CTX_free(dsa->method_mont_p); return (1); } + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ +BIGNUM *res = NULL; +BIGNUM *r, e; + +if ((r = BN_new()) == NULL) +return NULL; + +BN_init(); + +if (BN_set_word(r, 2) +&& BN_sub(, q, r) +&& BN_mod_exp_mont(r, k, , q, ctx, NULL)) +res = r; +else +BN_free(r); +BN_free(); +return res; +} _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit) via c84f2126b736207c23b1984cbc07d496c22ca85d (commit) from 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit) - Log - commit 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 Merge: c84f212 43a3ec6 Author: Pauli Date: Tue Oct 30 07:00:24 2018 +1000 Merge branch 'master' of git.openssl.org:openssl-web commit c84f2126b736207c23b1984cbc07d496c22ca85d Author: Pauli Date: Tue Oct 30 07:00:08 2018 +1000 Add CVE-2018-0734 --- Summary of changes: news/newsflash.txt | 3 ++- news/secadv/20181030.pdf | 32 + news/vulnerabilities.xml | 52 +++- 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 news/secadv/20181030.pdf diff --git a/news/newsflash.txt b/news/newsflash.txt index 311c39b..2c05c1a 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item -29-Oct-2018: Security Advisory: one low severity fix +29-Oct-2018: Security Advisory: one low severity fix in DSA +29-Oct-2018: Security Advisory: one low severity fix in ECDSA 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.pdf new file mode 100644 index 000..b33ac41 --- /dev/null +++ b/news/secadv/20181030.pdf @@ -0,0 +1,32 @@ +OpenSSL Security Advisory [30 October 2018] +=== + +Timing vulnerability in DSA signature generation (CVE-2018-0734) + + +Severity: Low + +The OpenSSL DSA signature algorithm has been shown to be vulnerable to a +timing side channel attack. An attacker could use variations in the signing +algorithm to recover the private key. + +Due to the low severity of this issue we are not issuing a new release +of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included +in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become +available. The fix is also available in commit 8abfe72e8c (for 1.1.1), +ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL +git repository. + +This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20181030.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 52cc185..97ec427 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,57 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Constant time issue +Timing attack against DSA + + The OpenSSL DSA signature algorithm has been shown to be vulnerable + to a timing side channel attack. An attacker could use variations + in the signing algorithm to recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 43e6a58d4991a451daf4891ff05a48735df871ac (commit) from 896e8c5713b50ff2ef1478d5c6709874ce57cf05 (commit) - Log - commit 43e6a58d4991a451daf4891ff05a48735df871ac Author: Pauli Date: Mon Oct 29 08:24:22 2018 +1000 Merge DSA reallocation timing fix CVE-2018-0734. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7513) --- Summary of changes: crypto/dsa/dsa_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 2dcfede..100e269 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; /* Preallocate space */ -q_bits = BN_num_bits(dsa->q); +q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; if (!BN_set_bit(, q_bits) || !BN_set_bit(, q_bits) || !BN_set_bit(, q_bits)) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: openssl/openssl#21366 (master - 88e3cf0)
Build Update for openssl/openssl - Build: #21366 Status: Fixed Duration: 18 mins and 34 secs Commit: 88e3cf0 (master) Author: Richard Levitte Message: test/evp_test.c: Fixed strcmp() fault in mac_test_init() When wanting to compare the end of a string with another string, make sure not to start somewhere before the start of the first string. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7520) View the changeset: https://github.com/openssl/openssl/compare/ce5d64c79c4d...88e3cf0a1024 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447942857?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 88e3cf0a1024f4afaf8e44553526eb326db102bc (commit) from ce5d64c79c4d809ece8fe28a5b62915467a1c0e1 (commit) - Log - commit 88e3cf0a1024f4afaf8e44553526eb326db102bc Author: Richard Levitte Date: Mon Oct 29 16:27:43 2018 +0100 test/evp_test.c: Fixed strcmp() fault in mac_test_init() When wanting to compare the end of a string with another string, make sure not to start somewhere before the start of the first string. [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7520) --- Summary of changes: test/evp_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/evp_test.c b/test/evp_test.c index 311814b..25b10d3 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -863,7 +863,8 @@ static int mac_test_init(EVP_TEST *t, const char *alg) size_t sz = strlen(alg); static const char epilogue[] = " by EVP_PKEY"; -if (strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0) +if (sz >= sizeof(epilogue) +&& strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0) sz -= sizeof(epilogue) - 1; if (strncmp(alg, "HMAC", sz) == 0) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#21364 (master - ce5d64c)
Build Update for openssl/openssl - Build: #21364 Status: Still Failing Duration: 21 mins and 24 secs Commit: ce5d64c (master) Author: Richard Levitte Message: test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run() pkey_test_ctrl() was designed for parsing values, not for using in test runs. Relying on its returned value when it returned 1 even for control errors made it particularly useless for mac_test_run(). Here, it gets replaced with a MAC specific control function, that parses values the same way but is designed for use in a _run() rather than a _parse() function. This uncovers a SipHash test with an invalid control that wasn't caught properly. After all, that stanza is supposed to test that invalid control values do generate an error. Now we catch that. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7500) View the changeset: https://github.com/openssl/openssl/compare/10d5b415f9e9...ce5d64c79c4d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447891510?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via d308458ef138dfbe925203b5cb01a015f0aa93ac (commit) from 86743ef857ae3323e0d5afe73282d79b7245586f (commit) - Log - commit d308458ef138dfbe925203b5cb01a015f0aa93ac Author: Richard Levitte Date: Fri Oct 26 13:42:40 2018 +0200 test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run() pkey_test_ctrl() was designed for parsing values, not for using in test runs. Relying on its returned value when it returned 1 even for control errors made it particularly useless for mac_test_run(). Here, it gets replaced with a MAC specific control function, that parses values the same way but is designed for use in a _run() rather than a _parse() function. This uncovers a SipHash test with an invalid control that wasn't caught properly. After all, that stanza is supposed to test that invalid control values do generate an error. Now we catch that. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7500) (cherry picked from commit ce5d64c79c4d809ece8fe28a5b62915467a1c0e1) --- Summary of changes: test/evp_test.c | 33 ++-- test/recipes/30-test_evp_data/evpmac.txt | 3 +-- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 2ac69e1..e7e376e 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -73,8 +73,6 @@ static KEY_LIST *public_keys; static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); -static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, - const char *value); /* * Compare two memory regions for equality, returning zero if they differ. @@ -927,6 +925,28 @@ static int mac_test_parse(EVP_TEST *t, return 0; } +static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, + const char *value) +{ +int rv; +char *p, *tmpval; + +if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) +return 0; +p = strchr(tmpval, ':'); +if (p != NULL) +*p++ = '\0'; +rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); +if (rv == -2) +t->err = "PKEY_CTRL_INVALID"; +else if (rv <= 0) +t->err = "PKEY_CTRL_ERROR"; +else +rv = 1; +OPENSSL_free(tmpval); +return rv > 0; +} + static int mac_test_run(EVP_TEST *t) { MAC_DATA *expected = t->data; @@ -972,8 +992,9 @@ static int mac_test_run(EVP_TEST *t) goto err; } for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) -if (!pkey_test_ctrl(t, pctx, -sk_OPENSSL_STRING_value(expected->controls, i))) { +if (!mac_test_ctrl_pkey(t, pctx, +sk_OPENSSL_STRING_value(expected->controls, +i))) { t->err = "EVPPKEYCTXCTRL_ERROR"; goto err; } @@ -2614,8 +2635,8 @@ top: return 0; } if (rv < 0) { -TEST_info("Line %d: error processing keyword %s\n", -t->s.curr, pp->key); +TEST_info("Line %d: error processing keyword %s = %s\n", + t->s.curr, pp->key, pp->value); return 0; } } diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt index 6864070..4ec5fa4 100644 --- a/test/recipes/30-test_evp_data/evpmac.txt +++ b/test/recipes/30-test_evp_data/evpmac.txt @@ -157,8 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c MAC = SipHash Ctrl = digestsize:13 Key = 000102030405060708090A0B0C0D0E0F -Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E -Output = 5150d1772f50834a503e069a973fbd7c +Result = EVPPKEYCTXCTRL_ERROR Title = HMAC tests (from RFC2104 and others) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce5d64c79c4d809ece8fe28a5b62915467a1c0e1 (commit) from 10d5b415f9e973f44f18eeaf2713868ec813e1d7 (commit) - Log - commit ce5d64c79c4d809ece8fe28a5b62915467a1c0e1 Author: Richard Levitte Date: Fri Oct 26 13:42:40 2018 +0200 test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run() pkey_test_ctrl() was designed for parsing values, not for using in test runs. Relying on its returned value when it returned 1 even for control errors made it particularly useless for mac_test_run(). Here, it gets replaced with a MAC specific control function, that parses values the same way but is designed for use in a _run() rather than a _parse() function. This uncovers a SipHash test with an invalid control that wasn't caught properly. After all, that stanza is supposed to test that invalid control values do generate an error. Now we catch that. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7500) --- Summary of changes: test/evp_test.c | 33 ++-- test/recipes/30-test_evp_data/evpmac.txt | 3 +-- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index be18afb..311814b 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -73,8 +73,6 @@ static KEY_LIST *public_keys; static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); -static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, - const char *value); /* * Compare two memory regions for equality, returning zero if they differ. @@ -953,6 +951,28 @@ static int mac_test_parse(EVP_TEST *t, return 0; } +static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, + const char *value) +{ +int rv; +char *p, *tmpval; + +if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) +return 0; +p = strchr(tmpval, ':'); +if (p != NULL) +*p++ = '\0'; +rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); +if (rv == -2) +t->err = "PKEY_CTRL_INVALID"; +else if (rv <= 0) +t->err = "PKEY_CTRL_ERROR"; +else +rv = 1; +OPENSSL_free(tmpval); +return rv > 0; +} + static int mac_test_run_pkey(EVP_TEST *t) { MAC_DATA *expected = t->data; @@ -1004,8 +1024,9 @@ static int mac_test_run_pkey(EVP_TEST *t) goto err; } for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) -if (!pkey_test_ctrl(t, pctx, -sk_OPENSSL_STRING_value(expected->controls, i))) { +if (!mac_test_ctrl_pkey(t, pctx, +sk_OPENSSL_STRING_value(expected->controls, +i))) { t->err = "EVPPKEYCTXCTRL_ERROR"; goto err; } @@ -2766,8 +2787,8 @@ top: return 0; } if (rv < 0) { -TEST_info("Line %d: error processing keyword %s\n", -t->s.curr, pp->key); +TEST_info("Line %d: error processing keyword %s = %s\n", + t->s.curr, pp->key, pp->value); return 0; } } diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt index 6864070..4ec5fa4 100644 --- a/test/recipes/30-test_evp_data/evpmac.txt +++ b/test/recipes/30-test_evp_data/evpmac.txt @@ -157,8 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c MAC = SipHash Ctrl = digestsize:13 Key = 000102030405060708090A0B0C0D0E0F -Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E -Output = 5150d1772f50834a503e069a973fbd7c +Result = EVPPKEYCTXCTRL_ERROR Title = HMAC tests (from RFC2104 and others) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#21356 (master - 10d5b41)
Build Update for openssl/openssl - Build: #21356 Status: Still Failing Duration: 21 mins and 25 secs Commit: 10d5b41 (master) Author: Matt Caswell Message: Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7501) View the changeset: https://github.com/openssl/openssl/compare/ecc347f5f53a...10d5b415f9e9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447813877?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#21353 (master - ecc347f)
Build Update for openssl/openssl - Build: #21353 Status: Still Failing Duration: 26 mins and 13 secs Commit: ecc347f (master) Author: Richard Levitte Message: Windows build: build foo.d after foo.obj We made the build of foo.obj depend on foo.d, meaning the latter gets built first. Unfortunately, the way the compiler works, we are forced to redirect all output to foo.d, meaning that if the source contains an error, the build fails without showing those errors. We therefore remove the dependency and force the build of foo.d to always happen after build of foo.obj. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7469) View the changeset: https://github.com/openssl/openssl/compare/60690b5b8396...ecc347f5f53a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447790892?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 86743ef857ae3323e0d5afe73282d79b7245586f (commit) via 070ce40be1dce27cf321b437a4a5446add17e945 (commit) from 7e01266fa69db90533e53a37cc83d0df99b1c08f (commit) - Log - commit 86743ef857ae3323e0d5afe73282d79b7245586f Author: Matt Caswell Date: Fri Oct 26 12:45:27 2018 +0100 Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7501) (cherry picked from commit 10d5b415f9e973f44f18eeaf2713868ec813e1d7) commit 070ce40be1dce27cf321b437a4a5446add17e945 Author: Matt Caswell Date: Fri Oct 26 12:19:43 2018 +0100 Reset the HKDF state between operations Fixes #7497 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7501) (cherry picked from commit ca55d70be031746daddd8bd0611db54ed81f1737) --- Summary of changes: crypto/kdf/hkdf.c | 14 +- test/evp_extra_test.c | 46 ++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index ec6090a..ae46fad 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, return -2; } +static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) +{ +HKDF_PKEY_CTX *kctx = ctx->data; + +OPENSSL_clear_free(kctx->key, kctx->key_len); +OPENSSL_clear_free(kctx->salt, kctx->salt_len); +OPENSSL_cleanse(kctx->info, kctx->info_len); +memset(kctx, 0, sizeof(*kctx)); + +return 1; +} + static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = { 0, 0, -0, +pkey_hkdf_derive_init, pkey_hkdf_derive, pkey_hkdf_ctrl, pkey_hkdf_ctrl_str diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 7b847ee..e396b07 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/evp_int.h" @@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i) return ret; } +static int test_HKDF(void) +{ +EVP_PKEY_CTX *pctx; +unsigned char out[20]; +size_t outlen; +int i, ret = 0; +unsigned char salt[] = "0123456789"; +unsigned char key[] = "012345678901234567890123456789"; +unsigned char info[] = "infostring"; +const unsigned char expected[] = { +0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, +0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca +}; +size_t expectedlen = sizeof(expected); + +if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) +goto done; + +/* We do this twice to test reuse of the EVP_PKEY_CTX */ +for (i = 0; i < 2; i++) { +outlen = sizeof(out); +memset(out, 0, outlen); + +if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, +sizeof(salt) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, +sizeof(info) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, ), 0) +|| !TEST_mem_eq(out, outlen, expected, expectedlen)) +goto done; +} + +ret = 1; + + done: +EVP_PKEY_CTX_free(pctx); + +return ret; +} + int setup_tests(void) { ADD_TEST(test_EVP_DigestSignInit); @@ -941,5 +986,6 @@ int setup_tests(void) if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) return 0; ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); +ADD_TEST(test_HKDF); return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 10d5b415f9e973f44f18eeaf2713868ec813e1d7 (commit) via ca55d70be031746daddd8bd0611db54ed81f1737 (commit) from ecc347f5f53a9f2edc2805d50cba07db64267e8a (commit) - Log - commit 10d5b415f9e973f44f18eeaf2713868ec813e1d7 Author: Matt Caswell Date: Fri Oct 26 12:45:27 2018 +0100 Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7501) commit ca55d70be031746daddd8bd0611db54ed81f1737 Author: Matt Caswell Date: Fri Oct 26 12:19:43 2018 +0100 Reset the HKDF state between operations Fixes #7497 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7501) --- Summary of changes: crypto/kdf/hkdf.c | 14 +- test/evp_extra_test.c | 46 ++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index ec6090a..ae46fad 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, return -2; } +static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) +{ +HKDF_PKEY_CTX *kctx = ctx->data; + +OPENSSL_clear_free(kctx->key, kctx->key_len); +OPENSSL_clear_free(kctx->salt, kctx->salt_len); +OPENSSL_cleanse(kctx->info, kctx->info_len); +memset(kctx, 0, sizeof(*kctx)); + +return 1; +} + static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = { 0, 0, -0, +pkey_hkdf_derive_init, pkey_hkdf_derive, pkey_hkdf_ctrl, pkey_hkdf_ctrl_str diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 7b847ee..e396b07 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/evp_int.h" @@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i) return ret; } +static int test_HKDF(void) +{ +EVP_PKEY_CTX *pctx; +unsigned char out[20]; +size_t outlen; +int i, ret = 0; +unsigned char salt[] = "0123456789"; +unsigned char key[] = "012345678901234567890123456789"; +unsigned char info[] = "infostring"; +const unsigned char expected[] = { +0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, +0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca +}; +size_t expectedlen = sizeof(expected); + +if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) +goto done; + +/* We do this twice to test reuse of the EVP_PKEY_CTX */ +for (i = 0; i < 2; i++) { +outlen = sizeof(out); +memset(out, 0, outlen); + +if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, +sizeof(salt) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, +sizeof(info) - 1), 0) +|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, ), 0) +|| !TEST_mem_eq(out, outlen, expected, expectedlen)) +goto done; +} + +ret = 1; + + done: +EVP_PKEY_CTX_free(pctx); + +return ret; +} + int setup_tests(void) { ADD_TEST(test_EVP_DigestSignInit); @@ -941,5 +986,6 @@ int setup_tests(void) if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) return 0; ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); +ADD_TEST(test_HKDF); return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Still Failing: openssl/openssl#21351 (master - 60690b5)
Build Update for openssl/openssl - Build: #21351 Status: Still Failing Duration: 22 mins and 51 secs Commit: 60690b5 (master) Author: Richard Levitte Message: ssl/statem: Don't compare size_t with less than zero Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) View the changeset: https://github.com/openssl/openssl/compare/f842b6b2a4d7...60690b5b8396 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447789263?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit) from ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit) - Log - commit 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb Author: Matt Caswell Date: Mon Oct 29 12:09:44 2018 + Update vulnerabilities.xml The new CVE is only fixed in the dev version. 1.1.1a and 1.1.0j are not yet released. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/90) --- Summary of changes: news/vulnerabilities.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6067c1e..52cc185 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -22,10 +22,10 @@ - + - + Constant time issue _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 7e01266fa69db90533e53a37cc83d0df99b1c08f (commit) from 7ccfce81db635eb89401ed0bf2d9e256e962e5d8 (commit) - Log - commit 7e01266fa69db90533e53a37cc83d0df99b1c08f Author: Richard Levitte Date: Tue Oct 23 10:35:48 2018 +0200 Windows build: build foo.d after foo.obj We made the build of foo.obj depend on foo.d, meaning the latter gets built first. Unfortunately, the way the compiler works, we are forced to redirect all output to foo.d, meaning that if the source contains an error, the build fails without showing those errors. We therefore remove the dependency and force the build of foo.d to always happen after build of foo.obj. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7469) (cherry picked from commit ecc347f5f53a9f2edc2805d50cba07db64267e8a) --- Summary of changes: Configurations/windows-makefile.tmpl | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 13368fc..c270549 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -594,16 +594,14 @@ $obj$objext: $deps \$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm EOF } - return <<"EOF"if (!$disabled{makedepend}); -$obj$depext: $deps - \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext -$obj$objext: $obj$depext - \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs -EOF -return <<"EOF" if ($disabled{makedepend}); + my $recipe = <<"EOF"; $obj$objext: $deps \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs EOF + $recipe .= <<"EOF"unless $disabled{makedepend}; + \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext +EOF + return $recipe; } # We *know* this routine is only called when we've configure 'shared'. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ecc347f5f53a9f2edc2805d50cba07db64267e8a (commit) from 60690b5b8396d7d5234cd067206190fb8aca78d2 (commit) - Log - commit ecc347f5f53a9f2edc2805d50cba07db64267e8a Author: Richard Levitte Date: Tue Oct 23 10:35:48 2018 +0200 Windows build: build foo.d after foo.obj We made the build of foo.obj depend on foo.d, meaning the latter gets built first. Unfortunately, the way the compiler works, we are forced to redirect all output to foo.d, meaning that if the source contains an error, the build fails without showing those errors. We therefore remove the dependency and force the build of foo.d to always happen after build of foo.obj. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7469) --- Summary of changes: Configurations/windows-makefile.tmpl | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 44cc7d0..c4987f2 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -615,16 +615,14 @@ $obj$objext: $deps \$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm EOF } - return <<"EOF"if (!$disabled{makedepend}); -$obj$depext: $deps - \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext -$obj$objext: $obj$depext - \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs -EOF -return <<"EOF" if ($disabled{makedepend}); + my $recipe = <<"EOF"; $obj$objext: $deps \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs EOF + $recipe .= <<"EOF"unless $disabled{makedepend}; + \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext +EOF + return $recipe; } # We *know* this routine is only called when we've configure 'shared'. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 7ccfce81db635eb89401ed0bf2d9e256e962e5d8 (commit) via a862a1d517032ae4ba6ea4e7a32505bb8fedf8e7 (commit) via bbc1c56a3c2e722f22ebae44e55598c05a58cf2a (commit) from 6101850bafeb28fd5d752576037812c2672321e6 (commit) - Log - commit 7ccfce81db635eb89401ed0bf2d9e256e962e5d8 Author: Richard Levitte Date: Wed Sep 12 02:31:10 2018 +0200 ssl/statem: Don't compare size_t with less than zero Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) (cherry picked from commit 60690b5b8396d7d5234cd067206190fb8aca78d2) commit a862a1d517032ae4ba6ea4e7a32505bb8fedf8e7 Author: Richard Levitte Date: Wed Sep 12 02:30:25 2018 +0200 VMS & cryptoerr.h: include symhacks.h Needed to clear a clash between ERR_load_CRYPTO_strings and ERR_load_crypto_strings Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) (cherry picked from commit cc3a2e4f51679d99507a979f9a920f6068473aa2) commit bbc1c56a3c2e722f22ebae44e55598c05a58cf2a Author: Richard Levitte Date: Wed Sep 12 02:28:35 2018 +0200 apps/rehash.c: Convert ISO-8859-1 to UTF-8 Believe it or not, the VMS C compiler is remarking on this Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) (cherry picked from commit 4602cc85aff35b7aa5e27dc57ead89f0867637f9) --- Summary of changes: apps/rehash.c | 2 +- include/openssl/cryptoerr.h | 3 +++ ssl/statem/extensions.c | 6 -- ssl/statem/statem_lib.c | 5 +++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apps/rehash.c b/apps/rehash.c index de7217c..bb41d31 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -1,6 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Ter�s + * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index e127ff6..10723d0 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -14,6 +14,9 @@ # ifdef __cplusplus extern "C" # endif + +# include + int ERR_load_CRYPTO_strings(void); /* diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8422161..8d4939d 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, */ if (s->hello_retry_request == SSL_HRR_PENDING) { size_t hdatalen; +long hdatalen_l; void *hdata; -hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, ); -if (hdatalen <= 0) { +hdatalen = hdatalen_l = +BIO_get_mem_data(s->s3->handshake_buffer, ); +if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 508bb88..e6e61f7 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; } else { size_t retlen; +long retlen_l; -retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata); -if (retlen <= 0) { +retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); +if (retlen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, ERR_R_INTERNAL_ERROR); return 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 60690b5b8396d7d5234cd067206190fb8aca78d2 (commit) via cc3a2e4f51679d99507a979f9a920f6068473aa2 (commit) via 4602cc85aff35b7aa5e27dc57ead89f0867637f9 (commit) from f842b6b2a4d7cbb9d22e4605c502b73f25bb6a7b (commit) - Log - commit 60690b5b8396d7d5234cd067206190fb8aca78d2 Author: Richard Levitte Date: Wed Sep 12 02:31:10 2018 +0200 ssl/statem: Don't compare size_t with less than zero Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) commit cc3a2e4f51679d99507a979f9a920f6068473aa2 Author: Richard Levitte Date: Wed Sep 12 02:30:25 2018 +0200 VMS & cryptoerr.h: include symhacks.h Needed to clear a clash between ERR_load_CRYPTO_strings and ERR_load_crypto_strings Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) commit 4602cc85aff35b7aa5e27dc57ead89f0867637f9 Author: Richard Levitte Date: Wed Sep 12 02:28:35 2018 +0200 apps/rehash.c: Convert ISO-8859-1 to UTF-8 Believe it or not, the VMS C compiler is remarking on this Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) --- Summary of changes: apps/rehash.c | 2 +- include/openssl/cryptoerr.h | 3 +++ ssl/statem/extensions.c | 6 -- ssl/statem/statem_lib.c | 5 +++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apps/rehash.c b/apps/rehash.c index de7217c..bb41d31 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -1,6 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Ter�s + * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index e127ff6..10723d0 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -14,6 +14,9 @@ # ifdef __cplusplus extern "C" # endif + +# include + int ERR_load_CRYPTO_strings(void); /* diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8422161..8d4939d 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, */ if (s->hello_retry_request == SSL_HRR_PENDING) { size_t hdatalen; +long hdatalen_l; void *hdata; -hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, ); -if (hdatalen <= 0) { +hdatalen = hdatalen_l = +BIO_get_mem_data(s->s3->handshake_buffer, ); +if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 508bb88..e6e61f7 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; } else { size_t retlen; +long retlen_l; -retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata); -if (retlen <= 0) { +retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); +if (retlen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, ERR_R_INTERNAL_ERROR); return 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Broken: openssl/openssl#21345 (master - f842b6b)
Build Update for openssl/openssl - Build: #21345 Status: Broken Duration: 19 mins and 0 secs Commit: f842b6b (master) Author: Richard Levitte Message: Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl() These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and EVP_PKEY_CTX_hex2ctrl(). They will parse the value, and then pass the parsed result and length to a callback that knows exactly how to pass them on to a main _ctrl function, along with a context structure pointer. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) View the changeset: https://github.com/openssl/openssl/compare/f9e43929c46b...f842b6b2a4d7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/447767730?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f842b6b2a4d7cbb9d22e4605c502b73f25bb6a7b (commit) via 2bdb4af50364121a5f0e47024e9f71e1a6025fcf (commit) via 5e55159b3adbb30482992e8fa8621e47d331d012 (commit) via 0145dd324e8fcfd2c0dfe296c12586101f0cf3b9 (commit) via 567db2c17d4ea8a0164d7abd8aed65b7a634bb40 (commit) from f9e43929c46b38667f67e02765fe0f1c0d3061d6 (commit) - Log - commit f842b6b2a4d7cbb9d22e4605c502b73f25bb6a7b Author: Richard Levitte Date: Wed Oct 24 20:20:00 2018 +0200 Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl() These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and EVP_PKEY_CTX_hex2ctrl(). They will parse the value, and then pass the parsed result and length to a callback that knows exactly how to pass them on to a main _ctrl function, along with a context structure pointer. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) commit 2bdb4af50364121a5f0e47024e9f71e1a6025fcf Author: Richard Levitte Date: Wed Oct 24 18:36:31 2018 +0200 Adapt test/evp_test.c to deal with available EVP_MACs If a MAC isn't available as an EVP_MAC, the MAC test falls back to the corresponding EVP_PKEY method. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) commit 5e55159b3adbb30482992e8fa8621e47d331d012 Author: Richard Levitte Date: Wed Oct 24 18:35:32 2018 +0200 Add generic EVP_PKEY_METHOD for EVP_MACs The MAC EVP_PKEY implementations are currently implemented for each MAC. However, with the EVP_MAC API, only one such implementation is needed. This implementation takes into account the differences between HMAC and CMAC implementations, and observes that all other current MAC implementations seem to follow the HMAC model. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) commit 0145dd324e8fcfd2c0dfe296c12586101f0cf3b9 Author: Richard Levitte Date: Wed Oct 24 18:34:53 2018 +0200 Add automatic initializations support for EVP_MAC objects Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) commit 567db2c17d4ea8a0164d7abd8aed65b7a634bb40 Author: Richard Levitte Date: Fri Oct 12 22:27:18 2018 +0200 Add EVP_MAC API We currently implement EVP MAC methods as EVP_PKEY methods. This change creates a separate EVP API for MACs, to replace the current EVP_PKEY ones. A note about this EVP API and how it interfaces with underlying MAC implementations: Other EVP APIs pass the EVP API context down to implementations, and it can be observed that the implementations use the pointer to their own private data almost exclusively. The EVP_MAC API deviates from that pattern by passing the pointer to the implementation's private data directly, and thereby deny the implementations access to the EVP_MAC context structure. This change is made to provide a clearer separation between the EVP library itself and the implementations of its supported algorithm classes. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7393) --- Summary of changes: crypto/err/openssl.txt | 6 + crypto/evp/build.info| 3 +- crypto/{conf/conf_lcl.h => evp/c_allm.c} | 6 +- crypto/evp/evp_err.c | 6 + crypto/evp/evp_lib.c | 27 +++ crypto/evp/evp_locl.h| 5 + crypto/evp/mac_lib.c | 185 crypto/evp/names.c | 75 ++- crypto/evp/pkey_mac.c| 368 +++ crypto/include/internal/evp_int.h| 26 +++ crypto/init.c| 25 +++ doc/man3/EVP_MAC.pod | 348 + include/openssl/crypto.h | 9 +- include/openssl/evp.h| 47 include/openssl/evperr.h | 6 + include/openssl/objects.h| 3 +- include/openssl/ossl_typ.h | 2 + ssl/ssl_init.c | 3 +- test/evp_test.c | 192 ++-- util/libcrypto.num | 20 ++ util/private.num | 5 + 21 files changed, 1341 insertions(+), 26 deletions(-) copy crypto/{conf/conf_lcl.h => evp/c_allm.c} (77%) create mode 100644 crypto/evp/mac_lib.c create mode 100644 crypto/evp/pkey_mac.c create mode 100644 doc/man3/EVP_MAC.pod diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 489ccc0..151bc83 100644 --- a/crypto/err/openssl.txt +++
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 6101850bafeb28fd5d752576037812c2672321e6 (commit) from c7a7ed3870e51a91379aaddad2da3be0aba1daf6 (commit) - Log - commit 6101850bafeb28fd5d752576037812c2672321e6 Author: Bernd Edlinger Date: Fri Oct 26 21:06:14 2018 +0200 Rework and simplify resource flow in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7504) (cherry picked from commit f9e43929c46b38667f67e02765fe0f1c0d3061d6) --- Summary of changes: crypto/rand/drbg_lib.c | 19 ++- crypto/rand/rand_lib.c | 11 --- 2 files changed, 6 insertions(+), 24 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index e7f383a..4795213 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -357,15 +357,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, drbg->cleanup_entropy(drbg, entropy, entropylen); if (nonce != NULL && drbg->cleanup_nonce != NULL) drbg->cleanup_nonce(drbg, nonce, noncelen); -if (drbg->pool != NULL) { -if (drbg->state == DRBG_READY) { -RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, -RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED); -drbg->state = DRBG_ERROR; -} -rand_pool_free(drbg->pool); -drbg->pool = NULL; -} if (drbg->state == DRBG_READY) return 1; return 0; @@ -555,14 +546,8 @@ int rand_drbg_restart(RAND_DRBG *drbg, } } -/* check whether a given entropy pool was cleared properly during reseed */ -if (drbg->pool != NULL) { -drbg->state = DRBG_ERROR; -RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); -rand_pool_free(drbg->pool); -drbg->pool = NULL; -return 0; -} +rand_pool_free(drbg->pool); +drbg->pool = NULL; return drbg->state == DRBG_READY; } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 440c19c..555fea3 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -204,11 +204,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } err: -/* we need to reset drbg->pool in the error case */ -if (ret == 0 && drbg->pool != NULL) -drbg->pool = NULL; - -rand_pool_free(pool); +if (drbg->pool == NULL) +rand_pool_free(pool); return ret; } @@ -221,8 +218,6 @@ void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, { if (drbg->pool == NULL) OPENSSL_secure_clear_free(out, outlen); -else -drbg->pool = NULL; } @@ -547,6 +542,8 @@ unsigned char *rand_pool_detach(RAND_POOL *pool) { unsigned char *ret = pool->buffer; pool->buffer = NULL; +pool->len = 0; +pool->entropy = 0; return ret; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f9e43929c46b38667f67e02765fe0f1c0d3061d6 (commit) from 040a03470c7c5bf95fe8e6143db7bef357a22833 (commit) - Log - commit f9e43929c46b38667f67e02765fe0f1c0d3061d6 Author: Bernd Edlinger Date: Fri Oct 26 21:06:14 2018 +0200 Rework and simplify resource flow in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7504) --- Summary of changes: crypto/rand/drbg_lib.c | 19 ++- crypto/rand/rand_lib.c | 11 --- 2 files changed, 6 insertions(+), 24 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 796ab67..4a66604 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -415,15 +415,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, drbg->cleanup_entropy(drbg, entropy, entropylen); if (nonce != NULL && drbg->cleanup_nonce != NULL) drbg->cleanup_nonce(drbg, nonce, noncelen); -if (drbg->pool != NULL) { -if (drbg->state == DRBG_READY) { -RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, -RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED); -drbg->state = DRBG_ERROR; -} -rand_pool_free(drbg->pool); -drbg->pool = NULL; -} if (drbg->state == DRBG_READY) return 1; return 0; @@ -630,14 +621,8 @@ int rand_drbg_restart(RAND_DRBG *drbg, } } -/* check whether a given entropy pool was cleared properly during reseed */ -if (drbg->pool != NULL) { -drbg->state = DRBG_ERROR; -RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); -rand_pool_free(drbg->pool); -drbg->pool = NULL; -return 0; -} +rand_pool_free(drbg->pool); +drbg->pool = NULL; return drbg->state == DRBG_READY; } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 440c19c..555fea3 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -204,11 +204,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } err: -/* we need to reset drbg->pool in the error case */ -if (ret == 0 && drbg->pool != NULL) -drbg->pool = NULL; - -rand_pool_free(pool); +if (drbg->pool == NULL) +rand_pool_free(pool); return ret; } @@ -221,8 +218,6 @@ void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, { if (drbg->pool == NULL) OPENSSL_secure_clear_free(out, outlen); -else -drbg->pool = NULL; } @@ -547,6 +542,8 @@ unsigned char *rand_pool_detach(RAND_POOL *pool) { unsigned char *ret = pool->buffer; pool->buffer = NULL; +pool->len = 0; +pool->entropy = 0; return ret; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits