date:20190319

The branch master has been updated
   via  c41f3ae0d92a87b903a9ed585622adae06791676 (commit)
   via  e55008a9f2ae299374dcf868b660389e84dd2e0b (commit)
  from  6a6d9ecd1dff669c162e8ab940dac5db2e82679d (commit)


- Log -
commit c41f3ae0d92a87b903a9ed585622adae06791676
Author: Richard Levitte 
Date:   Sun Mar 17 18:06:59 2019 +0100

Replumbing: Add a mechanism to pre-populate the provider store

OpenSSL will come with a set of well known providers, some of which
need to be accessible from the start.  These are typically built in
providers, or providers that will work as fallbacks.

We do this when creating a new provider store, which means that this
will happen in every library context, regardless of if it's the global
default one, or an explicitely created one.

We keep the data about the known providers we want to make accessible
this way in crypto/provider_predefined.h, which may become generated.
For now, though, we make it simple and edited manually.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8480)

commit e55008a9f2ae299374dcf868b660389e84dd2e0b
Author: Richard Levitte 
Date:   Thu Mar 14 10:53:27 2019 +0100

Replumbing: add fallback provider capability

To ensure that old applications aren't left without any provider, and
at the same time not forcing any default provider on applications that
know how to deal with them, we device the concept of fallback
providers, which are automatically activated if no other provider is
already activated.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8480)

---

Summary of changes:
 crypto/build.info  |   2 +-
 crypto/cpt_err.c   |   5 +
 crypto/err/openssl.txt |   3 +
 crypto/provider_core.c | 210 +
 .../testutil/apps_mem.c => crypto/provider_local.h |  15 +-
 crypto/provider_predefined.c   |  22 +++
 doc/internal/man3/ossl_provider_new.pod|  26 ++-
 include/internal/provider.h|   1 +
 include/openssl/cryptoerr.h|   3 +
 9 files changed, 234 insertions(+), 53 deletions(-)
 copy test/testutil/apps_mem.c => crypto/provider_local.h (60%)
 create mode 100644 crypto/provider_predefined.c

diff --git a/crypto/build.info b/crypto/build.info
index 39cd91b..535fa35 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -9,7 +9,7 @@ SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 
x509v3 conf \
 
 LIBS=../libcrypto
 # The Core
-SOURCE[../libcrypto]=provider_core.c core_fetch.c
+SOURCE[../libcrypto]=provider_core.c provider_predefined.c core_fetch.c
 
 # Central utilities
 SOURCE[../libcrypto]=\
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index bf7985c..3c3265d 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -57,6 +57,11 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
  "pkey_poly1305_init"},
 {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
  "pkey_siphash_init"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_ACTIVATE, 0),
+ "provider_activate"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_NEW, 0), "provider_new"},
+{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_STORE_NEW, 0),
+ "provider_store_new"},
 {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
 {0, NULL}
 };
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 4853a05..7309ed8 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -396,6 +396,9 @@ CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
 CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
 CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init
 CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init
+CRYPTO_F_PROVIDER_ACTIVATE:134:provider_activate
+CRYPTO_F_PROVIDER_NEW:135:provider_new
+CRYPTO_F_PROVIDER_STORE_NEW:136:provider_store_new
 CRYPTO_F_SK_RESERVE:129:sk_reserve
 CT_F_CTLOG_NEW:117:CTLOG_new
 CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 8af5b1f1..7a184a7 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -11,9 +11,14 @@
 #include 
 #include 
 #include "internal/cryptlib.h"
+#include "internal/nelem.h"
 #include "internal/thread_once.h"
 #include "internal/provider.h"
 #include "internal/refcount.h"
+#include "provider_local.h"
+
+static OSSL_PROVIDER *provider_new(const char *name,
+   OSSL_provider_init_fn *init_function);
 
 /*-
  * Provider Object structure
@@ -25,6 +30,7 @@ struct provider_store_st;/* Forward declaration */
 struct ossl_provider_st {
 /* Flag bits */

Still Failing: openssl/openssl#24178 (OpenSSL_1_1_1-stable - 1913df4)

Build Update for openssl/openssl
-

Build: #24178
Status: Still Failing

Duration: 24 mins and 5 secs
Commit: 1913df4 (OpenSSL_1_1_1-stable)
Author: Matt Caswell
Message: Update pkeyutl documentation about the digest option

DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.

Fixes #8425

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8432)

(cherry picked from commit 6a6d9ecd1dff669c162e8ab940dac5db2e82679d)

View the changeset: 
https://github.com/openssl/openssl/compare/a7e1cb8cbbef...1913df42336a

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/508342070?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#24170 (OpenSSL_1_1_1-stable - a7e1cb8)

Build Update for openssl/openssl
-

Build: #24170
Status: Still Failing

Duration: 23 mins and 34 secs
Commit: a7e1cb8 (OpenSSL_1_1_1-stable)
Author: Vitezslav Cizek
Message: apps/speed.c: properly address NO_EC2M on systems without SIGALRM

The ecdh_c array is allocated of the same size as ecdh_choices,
whose size depends on whether the support for binary curves is enabled
or not. (The same goes for ecdsa_c).
On systems without SIGALRM, ecdh_c is indexed by predefined constants
intended for representing the index of the ciphers in the ecdh_choices
array.
However, in case of NO_EC2M some of the #defined constants won't match
and would actually access the ecdh_c out-of-bounds.

Use enum instead of a macro to define the curve indexes so they're
within the bounds of the ecdh_c array.

Reviewed-by: Paul Dale
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8422)

(cherry picked from commit f5c9916742655f872018426838cff4ff04da5321)

View the changeset:
https://github.com/openssl/openssl/compare/5f702f16e7ed...a7e1cb8cbbef

View the full build log and details:
https://travis-ci.org/openssl/openssl/builds/508318239?utm_medium=notification_source=email

You can unsubscribe from build emails from the openssl/openssl repository going
to
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  1913df42336ab90e2f6d6c21de186f64c409e8e5 (commit)
  from  a7e1cb8cbbefda0f31489566ad08055239ee216e (commit)


- Log -
commit 1913df42336ab90e2f6d6c21de186f64c409e8e5
Author: Matt Caswell 
Date:   Thu Mar 7 14:02:56 2019 +

Update pkeyutl documentation about the digest option

DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.

Fixes #8425

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8432)

(cherry picked from commit 6a6d9ecd1dff669c162e8ab940dac5db2e82679d)

---

Summary of changes:
 doc/man1/pkeyutl.pod | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 664dbef..64d7912 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -272,20 +272,19 @@ value less than the minimum restriction.
 =head1 DSA ALGORITHM
 
 The DSA algorithm supports signing and verification operations only. Currently
-there are no additional options other than B. Only the SHA1
-digest can be used and this digest is assumed by default.
+there are no additional B<-pkeyopt> options other than B. The SHA1
+digest is assumed by default.
 
 =head1 DH ALGORITHM
 
 The DH algorithm only supports the derivation operation and no additional
-options.
+B<-pkeyopt> options.
 
 =head1 EC ALGORITHM
 
 The EC algorithm supports sign, verify and derive operations. The sign and
-verify operations use ECDSA and derive uses ECDH. Currently there are no
-additional options other than B. Only the SHA1 digest can be used and
-this digest is assumed by default.
+verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default 
for
+the B<-pkeyopt> B option.
 
 =head1 X25519 and X448 ALGORITHMS

[openssl] master update

The branch master has been updated
   via  6a6d9ecd1dff669c162e8ab940dac5db2e82679d (commit)
  from  9537fe5757bb07761fa275d779bbd40bcf5530e4 (commit)


- Log -
commit 6a6d9ecd1dff669c162e8ab940dac5db2e82679d
Author: Matt Caswell 
Date:   Thu Mar 7 14:02:56 2019 +

Update pkeyutl documentation about the digest option

DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.

Fixes #8425

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8432)

---

Summary of changes:
 doc/man1/pkeyutl.pod | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 13af327..033360f 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -296,20 +296,19 @@ value less than the minimum restriction.
 =head1 DSA ALGORITHM
 
 The DSA algorithm supports signing and verification operations only. Currently
-there are no additional options other than B. Only the SHA1
-digest can be used and this digest is assumed by default.
+there are no additional B<-pkeyopt> options other than B. The SHA1
+digest is assumed by default.
 
 =head1 DH ALGORITHM
 
 The DH algorithm only supports the derivation operation and no additional
-options.
+B<-pkeyopt> options.
 
 =head1 EC ALGORITHM
 
 The EC algorithm supports sign, verify and derive operations. The sign and
-verify operations use ECDSA and derive uses ECDH. Currently there are no
-additional options other than B. Only the SHA1 digest can be used and
-this digest is assumed by default.
+verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default 
for
+the B<-pkeyopt> B option.
 
 =head1 X25519 and X448 ALGORITHMS

[openssl] master update

The branch master has been updated
   via  9537fe5757bb07761fa275d779bbd40bcf5530e4 (commit)
  from  6098b69e5817068c49e63487d3424b4122a1796d (commit)


- Log -
commit 9537fe5757bb07761fa275d779bbd40bcf5530e4
Author: Shane Lontis 
Date:   Fri Jan 4 18:41:21 2019 +1000

Single step kdf implementation

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8230)

---

Summary of changes:
 CHANGES  |6 +
 crypto/err/openssl.txt   |9 +-
 crypto/evp/kdf_lib.c |1 +
 crypto/include/internal/evp_int.h|1 +
 crypto/kdf/build.info|3 +-
 crypto/kdf/kdf_err.c |8 +
 crypto/kdf/sskdf.c   |  481 +
 crypto/objects/obj_dat.h |9 +-
 crypto/objects/obj_mac.num   |1 +
 crypto/objects/objects.txt   |3 +
 doc/man3/EVP_KDF_CTX.pod |   34 +-
 doc/man7/EVP_KDF_SS.pod  |  226 +++
 include/openssl/kdf.h|4 +
 include/openssl/kdferr.h |7 +
 include/openssl/obj_mac.h|4 +
 test/evp_kdf_test.c  |  167 +
 test/recipes/30-test_evp_data/evpkdf.txt | 1090 +-
 17 files changed, 2047 insertions(+), 7 deletions(-)
 create mode 100644 crypto/kdf/sskdf.c
 create mode 100644 doc/man7/EVP_KDF_SS.pod

diff --git a/CHANGES b/CHANGES
index 0f7b77a..95ae433 100644
--- a/CHANGES
+++ b/CHANGES
@@ -31,6 +31,12 @@
  'enable-buildtest-c++'.
  [Richard Levitte]
 
+  *) Add Single Step KDF (EVP_KDF_SS) to EVP_KDF.
+ [Shane Lontis]
+
+  *) Add KMAC to EVP_MAC.
+ [Shane Lontis]
+
   *) Added property based algorithm implementation selection framework to
  the core.
  [Paul Dale]
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7c915d4..4853a05 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -898,6 +898,11 @@ KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
 KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
 KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
 KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf
+KDF_F_SSKDF_CTRL_STR:134:sskdf_ctrl_str
+KDF_F_SSKDF_DERIVE:135:sskdf_derive
+KDF_F_SSKDF_MAC2CTRL:136:sskdf_mac2ctrl
+KDF_F_SSKDF_NEW:137:sskdf_new
+KDF_F_SSKDF_SIZE:138:sskdf_size
 KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
 OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
@@ -2128,7 +2133,6 @@ CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name
 CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long
 CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value
 CRMF_R_BAD_PBM_ITERATIONCOUNT:100:bad pbm iterationcount
-CRMF_R_MALFORMED_IV:101:malformed iv
 CRMF_R_CRMFERROR:102:crmferror
 CRMF_R_ERROR:103:error
 CRMF_R_ERROR_DECODING_CERTIFICATE:104:error decoding certificate
@@ -2136,6 +2140,7 @@ CRMF_R_ERROR_DECRYPTING_CERTIFICATE:105:error decrypting 
certificate
 CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY:106:error decrypting symmetric key
 CRMF_R_FAILURE_OBTAINING_RANDOM:107:failure obtaining random
 CRMF_R_ITERATIONCOUNT_BELOW_100:108:iterationcount below 100
+CRMF_R_MALFORMED_IV:101:malformed iv
 CRMF_R_NULL_ARGUMENT:109:null argument
 CRMF_R_SETTING_MAC_ALGOR_FAILURE:110:setting mac algor failure
 CRMF_R_SETTING_OWF_ALGOR_FAILURE:111:setting owf algor failure
@@ -2402,6 +2407,7 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
 EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
 EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
 KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_INVALID_MAC_TYPE:116:invalid mac type
 KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count
 KDF_R_MISSING_KEY:104:missing key
 KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
@@ -2414,6 +2420,7 @@ KDF_R_MISSING_SESSION_ID:113:missing session id
 KDF_R_MISSING_TYPE:114:missing type
 KDF_R_MISSING_XCGHASH:115:missing xcghash
 KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
+KDF_R_UNSUPPORTED_MAC_TYPE:117:unsupported mac type
 KDF_R_VALUE_ERROR:108:value error
 KDF_R_VALUE_MISSING:102:value missing
 KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size
diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index 811fe72..de2ab23 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -31,6 +31,7 @@ static const EVP_KDF_METHOD *standard_methods[] = {
 _prf_kdf_meth,
 _kdf_meth,
 _kdf_meth,
+_kdf_meth
 };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
diff --git a/crypto/include/internal/evp_int.h 
b/crypto/include/internal/evp_int.h
index e55c1d9..f6f99ed 100644
--- a/crypto/include/internal/evp_int.h
+++

[openssl] master update

The branch master has been updated
   via  6098b69e5817068c49e63487d3424b4122a1796d (commit)
  from  770dfe8dfae33e814198ad6e190d22981066a583 (commit)


- Log -
commit 6098b69e5817068c49e63487d3424b4122a1796d
Author: Rich Salz 
Date:   Thu Feb 21 13:23:06 2019 -0500

Move ASN1_BROKEN macros

They're only used in one place, and only for a legacy datatype.

Reviewed-by: Paul Yang 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8302)

---

Summary of changes:
 crypto/asn1/n_pkey.c| 6 ++
 include/openssl/asn1t.h | 7 ---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 12592d0..71f78f7 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -22,6 +22,12 @@ NON_EMPTY_TRANSLATION_UNIT
 
 # ifndef OPENSSL_NO_RC4
 
+# define ASN1_BROKEN_SEQUENCE(tname) \
+static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 
0}; \
+ASN1_SEQUENCE(tname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+static_ASN1_SEQUENCE_END_ref(stname, stname)
+
 typedef struct netscape_pkey_st {
 int32_t version;
 X509_ALGOR *algor;
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 1a836c9..8158c41 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -165,10 +165,6 @@ extern "C" {
 {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \
 ASN1_SEQUENCE(tname)
 
-# define ASN1_BROKEN_SEQUENCE(tname) \
-static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 
NULL, 0, NULL}; \
-ASN1_SEQUENCE(tname)
-
 # define ASN1_SEQUENCE_ref(tname, cb) \
 static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, 
offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \
 ASN1_SEQUENCE(tname)
@@ -200,9 +196,6 @@ extern "C" {
 #tname \
 ASN1_ITEM_end(tname)
 
-# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
-static_ASN1_SEQUENCE_END_ref(stname, stname)
 
 # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, 
tname)

[openssl] master update

The branch master has been updated
   via  770dfe8dfae33e814198ad6e190d22981066a583 (commit)
   via  229f7b38f0e1d65e2aac9d227f3963a1a578430b (commit)
  from  f5c9916742655f872018426838cff4ff04da5321 (commit)


- Log -
commit 770dfe8dfae33e814198ad6e190d22981066a583
Author: Dmitry Belyavskiy 
Date:   Mon Feb 25 18:24:46 2019 +0300

EVP_PKEY_get0_engine documentation

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8329)

commit 229f7b38f0e1d65e2aac9d227f3963a1a578430b
Author: Dmitry Belyavskiy 
Date:   Mon Feb 25 18:02:33 2019 +0300

Providing missing accessor to EVP_PKEY.engine

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8329)

---

Summary of changes:
 crypto/evp/p_lib.c | 5 +
 doc/man3/EVP_PKEY_set1_RSA.pod | 5 -
 include/openssl/evp.h  | 1 +
 util/libcrypto.num | 1 +
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9a882e9..c6ebfe6 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -396,6 +396,11 @@ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
 pkey->pmeth_engine = e;
 return 1;
 }
+
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
+{
+return pkey->engine;
+}
 #endif
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
 {
diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod
index 6363162..8f4d7f5 100644
--- a/doc/man3/EVP_PKEY_set1_RSA.pod
+++ b/doc/man3/EVP_PKEY_set1_RSA.pod
@@ -9,7 +9,7 @@ EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
 EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
 EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
-EVP_PKEY_set1_engine - EVP_PKEY assignment functions
+EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
 
 =head1 SYNOPSIS
 
@@ -45,6 +45,7 @@ EVP_PKEY_set1_engine - EVP_PKEY assignment functions
  int EVP_PKEY_type(int type);
  int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
 
+ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
  int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
 
 =head1 DESCRIPTION
@@ -81,6 +82,8 @@ often seen in practice.
 EVP_PKEY_type() returns the underlying type of the NID B. For example
 EVP_PKEY_type(EVP_PKEY_RSA2) will return B.
 
+EVP_PKEY_get0_engine() returns a reference to the ENGINE handling B.
+
 EVP_PKEY_set1_engine() sets the ENGINE handling B to B. It
 must be called after the key algorithm and components are set up.
 If B does not include an B for B an
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 72060e7..ca7655d 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1055,6 +1055,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char 
*str, int len);
 int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
 # ifndef OPENSSL_NO_ENGINE
 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
 # endif
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 711ccd9..bf14bbd 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4790,3 +4790,4 @@ OSSL_PARAM_get_octet_ptr4737  3_0_0   
EXIST::FUNCTION:
 OSSL_PARAM_set_octet_ptr4738   3_0_0   EXIST::FUNCTION:
 X509_set_sm2_id 4739   3_0_0   EXIST::FUNCTION:SM2
 X509_get0_sm2_id4740   3_0_0   EXIST::FUNCTION:SM2
+EVP_PKEY_get0_engine4741   3_0_0   EXIST::FUNCTION:ENGINE

[openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  a7e1cb8cbbefda0f31489566ad08055239ee216e (commit)
   via  958beb89b34aafe16b62416099e099ce0eb3e5e4 (commit)
  from  5f702f16e7ed108b2098042c2488fb5b86ac83c2 (commit)


- Log -
commit a7e1cb8cbbefda0f31489566ad08055239ee216e
Author: Vitezslav Cizek 
Date:   Tue Mar 5 22:52:33 2019 +0100

apps/speed.c: properly address NO_EC2M on systems without SIGALRM

The ecdh_c array is allocated of the same size as ecdh_choices,
whose size depends on whether the support for binary curves is enabled
or not.  (The same goes for ecdsa_c).
On systems without SIGALRM, ecdh_c is indexed by predefined constants
intended for representing the index of the ciphers in the ecdh_choices
array.
However, in case of NO_EC2M some of the #defined constants won't match
and would actually access the ecdh_c out-of-bounds.

Use enum instead of a macro to define the curve indexes so they're
within the bounds of the ecdh_c array.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8422)

(cherry picked from commit f5c9916742655f872018426838cff4ff04da5321)

commit 958beb89b34aafe16b62416099e099ce0eb3e5e4
Author: Vitezslav Cizek 
Date:   Tue Mar 5 17:14:33 2019 +0100

apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M

openssl speed doesn't take into account that the library could be
compiled without the support for the binary curves and happily uses
them, which results in EC_GROUP_new_by_curve_name() errors.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8422)

(cherry picked from commit d61f489b5a8d8369e75ee1e4991b3d4db95d7c7c)

---

Summary of changes:
 apps/speed.c | 63 +---
 1 file changed, 39 insertions(+), 24 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 506737d..e47ba30 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -489,30 +489,35 @@ static const OPT_PAIR rsa_choices[] = {
 static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_RSA */
 
-#define R_EC_P1600
-#define R_EC_P1921
-#define R_EC_P2242
-#define R_EC_P2563
-#define R_EC_P3844
-#define R_EC_P5215
-#define R_EC_K1636
-#define R_EC_K2337
-#define R_EC_K2838
-#define R_EC_K4099
-#define R_EC_K57110
-#define R_EC_B16311
-#define R_EC_B23312
-#define R_EC_B28313
-#define R_EC_B40914
-#define R_EC_B57115
-#define R_EC_BRP256R1  16
-#define R_EC_BRP256T1  17
-#define R_EC_BRP384R1  18
-#define R_EC_BRP384T1  19
-#define R_EC_BRP512R1  20
-#define R_EC_BRP512T1  21
-#define R_EC_X25519  22
-#define R_EC_X44823
+enum {
+R_EC_P160,
+R_EC_P192,
+R_EC_P224,
+R_EC_P256,
+R_EC_P384,
+R_EC_P521,
+#ifndef OPENSSL_NO_EC2M
+R_EC_K163,
+R_EC_K233,
+R_EC_K283,
+R_EC_K409,
+R_EC_K571,
+R_EC_B163,
+R_EC_B233,
+R_EC_B283,
+R_EC_B409,
+R_EC_B571,
+#endif
+R_EC_BRP256R1,
+R_EC_BRP256T1,
+R_EC_BRP384R1,
+R_EC_BRP384T1,
+R_EC_BRP512R1,
+R_EC_BRP512T1,
+R_EC_X25519,
+R_EC_X448
+};
+
 #ifndef OPENSSL_NO_EC
 static OPT_PAIR ecdsa_choices[] = {
 {"ecdsap160", R_EC_P160},
@@ -521,6 +526,7 @@ static OPT_PAIR ecdsa_choices[] = {
 {"ecdsap256", R_EC_P256},
 {"ecdsap384", R_EC_P384},
 {"ecdsap521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
 {"ecdsak163", R_EC_K163},
 {"ecdsak233", R_EC_K233},
 {"ecdsak283", R_EC_K283},
@@ -531,6 +537,7 @@ static OPT_PAIR ecdsa_choices[] = {
 {"ecdsab283", R_EC_B283},
 {"ecdsab409", R_EC_B409},
 {"ecdsab571", R_EC_B571},
+# endif
 {"ecdsabrp256r1", R_EC_BRP256R1},
 {"ecdsabrp256t1", R_EC_BRP256T1},
 {"ecdsabrp384r1", R_EC_BRP384R1},
@@ -549,6 +556,7 @@ static const OPT_PAIR ecdh_choices[] = {
 {"ecdhp256", R_EC_P256},
 {"ecdhp384", R_EC_P384},
 {"ecdhp521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
 {"ecdhk163", R_EC_K163},
 {"ecdhk233", R_EC_K233},
 {"ecdhk283", R_EC_K283},
@@ -559,6 +567,7 @@ static const OPT_PAIR ecdh_choices[] = {
 {"ecdhb283", R_EC_B283},
 {"ecdhb409", R_EC_B409},
 {"ecdhb571", R_EC_B571},
+# endif
 {"ecdhbrp256r1", R_EC_BRP256R1},
 {"ecdhbrp256t1", R_EC_BRP256T1},
 {"ecdhbrp384r1", R_EC_BRP384R1},
@@ -1501,6 +1510,7 @@ int speed_main(int argc, char **argv)
 {"nistp256", NID_X9_62_prime256v1, 256},
 {"nistp384", NID_secp384r1, 384},
 {"nistp521", NID_secp521r1, 521},
+# ifndef OPENSSL_NO_EC2M
 /* Binary Curves */
 {"nistk163", NID_sect163k1, 163},
 {"nistk233", NID_sect233k1, 233},
@@ -1512,6 +1522,7 @@ int

[openssl] master update

The branch master has been updated
   via  f5c9916742655f872018426838cff4ff04da5321 (commit)
   via  d61f489b5a8d8369e75ee1e4991b3d4db95d7c7c (commit)
  from  d7b2124a428f9e00ed7647554b5be7153aac71f6 (commit)


- Log -
commit f5c9916742655f872018426838cff4ff04da5321
Author: Vitezslav Cizek 
Date:   Tue Mar 5 22:52:33 2019 +0100

apps/speed.c: properly address NO_EC2M on systems without SIGALRM

The ecdh_c array is allocated of the same size as ecdh_choices,
whose size depends on whether the support for binary curves is enabled
or not.  (The same goes for ecdsa_c).
On systems without SIGALRM, ecdh_c is indexed by predefined constants
intended for representing the index of the ciphers in the ecdh_choices
array.
However, in case of NO_EC2M some of the #defined constants won't match
and would actually access the ecdh_c out-of-bounds.

Use enum instead of a macro to define the curve indexes so they're
within the bounds of the ecdh_c array.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8422)

commit d61f489b5a8d8369e75ee1e4991b3d4db95d7c7c
Author: Vitezslav Cizek 
Date:   Tue Mar 5 17:14:33 2019 +0100

apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M

openssl speed doesn't take into account that the library could be
compiled without the support for the binary curves and happily uses
them, which results in EC_GROUP_new_by_curve_name() errors.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/8422)

---

Summary of changes:
 apps/speed.c | 63 +---
 1 file changed, 39 insertions(+), 24 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 1125f5a..5674e32 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -492,30 +492,35 @@ static const OPT_PAIR rsa_choices[] = {
 static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_RSA */
 
-#define R_EC_P1600
-#define R_EC_P1921
-#define R_EC_P2242
-#define R_EC_P2563
-#define R_EC_P3844
-#define R_EC_P5215
-#define R_EC_K1636
-#define R_EC_K2337
-#define R_EC_K2838
-#define R_EC_K4099
-#define R_EC_K57110
-#define R_EC_B16311
-#define R_EC_B23312
-#define R_EC_B28313
-#define R_EC_B40914
-#define R_EC_B57115
-#define R_EC_BRP256R1  16
-#define R_EC_BRP256T1  17
-#define R_EC_BRP384R1  18
-#define R_EC_BRP384T1  19
-#define R_EC_BRP512R1  20
-#define R_EC_BRP512T1  21
-#define R_EC_X25519  22
-#define R_EC_X44823
+enum {
+R_EC_P160,
+R_EC_P192,
+R_EC_P224,
+R_EC_P256,
+R_EC_P384,
+R_EC_P521,
+#ifndef OPENSSL_NO_EC2M
+R_EC_K163,
+R_EC_K233,
+R_EC_K283,
+R_EC_K409,
+R_EC_K571,
+R_EC_B163,
+R_EC_B233,
+R_EC_B283,
+R_EC_B409,
+R_EC_B571,
+#endif
+R_EC_BRP256R1,
+R_EC_BRP256T1,
+R_EC_BRP384R1,
+R_EC_BRP384T1,
+R_EC_BRP512R1,
+R_EC_BRP512T1,
+R_EC_X25519,
+R_EC_X448
+};
+
 #ifndef OPENSSL_NO_EC
 static OPT_PAIR ecdsa_choices[] = {
 {"ecdsap160", R_EC_P160},
@@ -524,6 +529,7 @@ static OPT_PAIR ecdsa_choices[] = {
 {"ecdsap256", R_EC_P256},
 {"ecdsap384", R_EC_P384},
 {"ecdsap521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
 {"ecdsak163", R_EC_K163},
 {"ecdsak233", R_EC_K233},
 {"ecdsak283", R_EC_K283},
@@ -534,6 +540,7 @@ static OPT_PAIR ecdsa_choices[] = {
 {"ecdsab283", R_EC_B283},
 {"ecdsab409", R_EC_B409},
 {"ecdsab571", R_EC_B571},
+# endif
 {"ecdsabrp256r1", R_EC_BRP256R1},
 {"ecdsabrp256t1", R_EC_BRP256T1},
 {"ecdsabrp384r1", R_EC_BRP384R1},
@@ -552,6 +559,7 @@ static const OPT_PAIR ecdh_choices[] = {
 {"ecdhp256", R_EC_P256},
 {"ecdhp384", R_EC_P384},
 {"ecdhp521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
 {"ecdhk163", R_EC_K163},
 {"ecdhk233", R_EC_K233},
 {"ecdhk283", R_EC_K283},
@@ -562,6 +570,7 @@ static const OPT_PAIR ecdh_choices[] = {
 {"ecdhb283", R_EC_B283},
 {"ecdhb409", R_EC_B409},
 {"ecdhb571", R_EC_B571},
+# endif
 {"ecdhbrp256r1", R_EC_BRP256R1},
 {"ecdhbrp256t1", R_EC_BRP256T1},
 {"ecdhbrp384r1", R_EC_BRP384R1},
@@ -1524,6 +1533,7 @@ int speed_main(int argc, char **argv)
 {"nistp256", NID_X9_62_prime256v1, 256},
 {"nistp384", NID_secp384r1, 384},
 {"nistp521", NID_secp521r1, 521},
+# ifndef OPENSSL_NO_EC2M
 /* Binary Curves */
 {"nistk163", NID_sect163k1, 163},
 {"nistk233", NID_sect233k1, 233},
@@ -1535,6 +1545,7 @@ int speed_main(int argc, char **argv)
 {"nistb283", NID_sect283r1, 283},
 {"nistb409", NID_sect409r1, 409},
 {"nistb571", NID_sect571r1, 571},
+# endif

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io

2019-03-19 Thread OpenSSL run-checker

Platform and configuration command:

$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-posix-io

Commit log since last time:

8a74bb5c7b Clear the point S before freeing in ec_scalar_mul_ladder
1ff2c992c2 Clear the secret point in ecdh_simple_compute_key
5743d1268d add 'Signature Value:' line and correct indentation when printing 
X.509 signature value
0742eb9f66 update reference output of test_x509 in test/certs/cyrillic.*
86afd005fb remove 'keyid:' when printing simple X509 authority keyID (without 
issuer and serial)
a4c467c96a remove needless empty lines when printing certificates
c13d2ab439 Add generic EVP method fetcher
a383083194 Replumbing: better reference counter control in 
ossl_method_construct()
7bb19a0f95 Replumbing: pass callback data to the algo destructor too
f643deac41 PPC assembly pack: fix copy-paste error in CTR mode
e2f5081116 coverity fixes for bntest.c

Build log ended with (last 100 lines):

../../openssl/test/recipes/30-test_pbelu.t  ok
../../openssl/test/recipes/30-test_pkey_meth.t  ok
../../openssl/test/recipes/30-test_pkey_meth_kdf.t  ok
../../openssl/test/recipes/40-test_rehash.t ... ok
../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok
../../openssl/test/recipes/60-test_x509_dup_cert.t  ok
../../openssl/test/recipes/60-test_x509_store.t ... ok
../../openssl/test/recipes/60-test_x509_time.t  ok
../../openssl/test/recipes/70-test_asyncio.t .. ok
../../openssl/test/recipes/70-test_bad_dtls.t . ok
../../openssl/test/recipes/70-test_clienthello.t .. ok
../../openssl/test/recipes/70-test_comp.t . ok
../../openssl/test/recipes/70-test_key_share.t  ok
../../openssl/test/recipes/70-test_packet.t ... ok
../../openssl/test/recipes/70-test_recordlen.t  ok
../../openssl/test/recipes/70-test_renegotiation.t  ok
../../openssl/test/recipes/70-test_servername.t ... ok
../../openssl/test/recipes/70-test_sslcbcpadding.t  ok
../../openssl/test/recipes/70-test_sslcertstatus.t  ok
../../openssl/test/recipes/70-test_sslextension.t . ok
../../openssl/test/recipes/70-test_sslmessages.t .. ok
../../openssl/test/recipes/70-test_sslrecords.t ... ok
../../openssl/test/recipes/70-test_sslsessiontick.t ... ok
../../openssl/test/recipes/70-test_sslsigalgs.t ... ok
../../openssl/test/recipes/70-test_sslsignature.t . ok
../../openssl/test/recipes/70-test_sslskewith0p.t . ok
../../openssl/test/recipes/70-test_sslversions.t .. ok
../../openssl/test/recipes/70-test_sslvertol.t  ok
../../openssl/test/recipes/70-test_tls13alerts.t .. ok
../../openssl/test/recipes/70-test_tls13cookie.t .. ok
../../openssl/test/recipes/70-test_tls13downgrade.t ... ok
../../openssl/test/recipes/70-test_tls13hrr.t . ok
../../openssl/test/recipes/70-test_tls13kexmodes.t  ok
../../openssl/test/recipes/70-test_tls13messages.t  ok
../../openssl/test/recipes/70-test_tls13psk.t . ok
../../openssl/test/recipes/70-test_tlsextms.t . ok
../../openssl/test/recipes/70-test_verify_extra.t . ok
../../openssl/test/recipes/70-test_wpacket.t .. ok
../../openssl/test/recipes/80-test_ca.t ... ok
../../openssl/test/recipes/80-test_cipherbytes.t .. ok
../../openssl/test/recipes/80-test_cipherlist.t ... ok
../../openssl/test/recipes/80-test_ciphername.t ... ok
../../openssl/test/recipes/80-test_cms.t .. ok
../../openssl/test/recipes/80-test_cmsapi.t ... ok
../../openssl/test/recipes/80-test_ct.t ... ok
../../openssl/test/recipes/80-test_dane.t . ok
../../openssl/test/recipes/80-test_dtls.t . ok
../../openssl/test/recipes/80-test_dtls_mtu.t . ok
../../openssl/test/recipes/80-test_dtlsv1listen.t . ok
../../openssl/test/recipes/80-test_ocsp.t . ok
../../openssl/test/recipes/80-test_pkcs12.t ... ok
../../openssl/test/recipes/80-test_ssl_new.t .. ok
../../openssl/test/recipes/80-test_ssl_old.t .. ok
../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok
../../openssl/test/recipes/80-test_sslcorrupt.t ... ok
../../openssl/test/recipes/80-test_tsa.t .. ok
../../openssl/test/recipes/80-test_x509aux.t .. ok
../../openssl/test/recipes/90-test_asn1_time.t  ok
../../openssl/test/recipes/90-test_async.t

Still Failing: openssl/openssl#24160 (OpenSSL_1_1_1-stable - 5f702f1)

Build Update for openssl/openssl
-

Build: #24160
Status: Still Failing

Duration: 23 mins and 56 secs
Commit: 5f702f1 (OpenSSL_1_1_1-stable)
Author: Dr. Matthias St. Pierre
Message: Configure: untabify indentation

The indentation in the Configure file is currently very strange when
viewed in an editor with a tab width of four spaces, because it has
mixed tab-and-whitespace indentation, which was apparently done with
a tab width of eight spaces.

This commit converts all tabs to spaces using expand(1) with default
settings. To verify that there are only whitespace changes, use

   git show --ignore-space-change  

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8512)

View the changeset: 
https://github.com/openssl/openssl/compare/0d0d12b80456...5f702f16e7ed

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/508266014?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

2019-03-19 Thread Dr . Paul Dale

The branch master has been updated
   via  d7b2124a428f9e00ed7647554b5be7153aac71f6 (commit)
  from  84f32c84511dbac33adee4268341bef3b49a0af2 (commit)


- Log -
commit d7b2124a428f9e00ed7647554b5be7153aac71f6
Author: Pauli 
Date:   Tue Mar 19 11:22:32 2019 +1000

Add documentation for the -sigopt option.

Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/openssl/pull/8520)

---

Summary of changes:
 doc/man1/ca.pod   | 8 +++-
 doc/man1/dgst.pod | 3 ++-
 doc/man1/req.pod  | 8 +++-
 doc/man1/x509.pod | 8 +++-
 4 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index d1e5a99..6e90c33 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -51,6 +51,7 @@ B B
 [B<-engine id>]
 [B<-subj arg>]
 [B<-utf8>]
+[B<-sigopt nm:v>]
 [B<-create_serial>]
 [B<-rand_serial>]
 [B<-multivalue-rdn>]
@@ -134,6 +135,11 @@ The private key to sign requests with.
 The format of the data in the private key file.
 The default is PEM.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-key password>
 
 The password used to encrypt the private key. Since on some
@@ -753,7 +759,7 @@ L, L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index c745cfa..601f254 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -22,6 +22,7 @@ B
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
+[B<-sigopt nm:v>]
 [B<-hmac key>]
 [B<-fips-fingerprint>]
 [B<-rand file...>]
@@ -235,7 +236,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index 3517627..8f30bd7 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -46,6 +46,7 @@ B B
 [B<-reqopt>]
 [B<-subject>]
 [B<-subj arg>]
+[B<-sigopt nm:v>]
 [B<-batch>]
 [B<-verbose>]
 [B<-engine id>]
@@ -82,6 +83,11 @@ This specifies the input filename to read a request from or 
standard input
 if this option is not specified. A request is only read if the creation
 options (B<-new> and B<-newkey>) are not specified.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-passin arg>
 
 The input file password source. For more information about the format of B
@@ -689,7 +695,7 @@ L
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 749d6cc..ed03928 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -63,6 +63,7 @@ B B
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
+[B<-sigopt nm:v>]
 [B<-rand file...>]
 [B<-writerand file>]
 [B<-engine id>]
@@ -364,6 +365,11 @@ and the end date to a value determined by the B<-days> 
option.
 It retains any certificate extensions unless the B<-clrext> option is supplied;
 this includes, for example, any existing key identifier extensions.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-passin arg>
 
 The key password source. For more information about the format of B
@@ -948,7 +954,7 @@ the old form must have their links rebuilt using 
B or similar.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

Still Failing: openssl/openssl#24155 (OpenSSL_1_1_1-stable - 0d0d12b)

Build Update for openssl/openssl
-

Build: #24155
Status: Still Failing

Duration: 21 mins and 39 secs
Commit: 0d0d12b (OpenSSL_1_1_1-stable)
Author: Hua Zhang
Message: Fix compiling error for mips32r6 and mips64r6

There are some compiling errors for mips32r6 and mips64r6:

crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: mips2 
(mips2) `mulu $1,$12,$7'
crypto/mips_arch.h: Assembler messages:
crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized character 
is `&'

Signed-off-by: Hua Zhang 

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8464)

(cherry picked from commit 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312)

View the changeset: 
https://github.com/openssl/openssl/compare/0584ce737efd...0d0d12b80456

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/508240541?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

2019-03-19 Thread matthias . st . pierre

The branch OpenSSL_1_1_1-stable has been updated
   via  5f702f16e7ed108b2098042c2488fb5b86ac83c2 (commit)
  from  0d0d12b80456c81faef31fddb9d8e2ccacc2eece (commit)


- Log -
commit 5f702f16e7ed108b2098042c2488fb5b86ac83c2
Author: Dr. Matthias St. Pierre 
Date:   Mon Mar 18 11:51:19 2019 +0100

Configure: untabify indentation

The indentation in the Configure file is currently very strange when
viewed in an editor with a tab width of four spaces, because it has
mixed tab-and-whitespace indentation, which was apparently done with
a tab width of eight spaces.

This commit converts all tabs to spaces using expand(1) with default
settings. To verify that there are only whitespace changes, use

   git show --ignore-space-change  

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8512)

---

Summary of changes:
 Configure | 1198 ++---
 1 file changed, 599 insertions(+), 599 deletions(-)

diff --git a/Configure b/Configure
index 6ef6415..c2716ad 100755
--- a/Configure
+++ b/Configure
@@ -54,7 +54,7 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 # [no-]threads  [don't] try to create a library that is suitable for
 #   multithreaded applications (default is "threads" if we
 #   know how to do it)
-# [no-]shared  [don't] try to create shared libraries when supported.
+# [no-]shared   [don't] try to create shared libraries when supported.
 # [no-]pic  [don't] try to build position independent code when supported.
 #   If disabled, it also disables shared and dynamic-engine.
 # no-asmdo not use assembler
@@ -62,8 +62,8 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 #   will ensure that all methods just return NULL.
 # no-egddo not compile support for the entropy-gathering daemon APIs
 # [no-]zlib [don't] compile support for zlib compression.
-# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-#  library and will be loaded in run-time by the OpenSSL library.
+# zlib-dynamic  Like "zlib", but the zlib library is expected to be a shared
+#   library and will be loaded in run-time by the OpenSSL library.
 # sctp  include SCTP support
 # enable-weak-ssl-ciphers
 #   Enable weak ciphers that are disabled by default.
@@ -90,18 +90,18 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 #   production quality.
 #
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-#  provided to stack calls. Generates unique stack functions for
-#  each possible stack type.
-# BN_LLONG use the type 'long long' in crypto/bn/bn.h
-# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+#   provided to stack calls. Generates unique stack functions for
+#   each possible stack type.
+# BN_LLONG  use the type 'long long' in crypto/bn/bn.h
+# RC4_CHAR  use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # Following are set automatically by this script
 #
-# MD5_ASM  use some extra md5 assembler,
-# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
-# RMD160_ASM   use some extra ripemd160 assembler,
-# SHA256_ASM   sha256_block is implemented in assembler
-# SHA512_ASM   sha512_block is implemented in assembler
-# AES_ASM  AES_[en|de]crypt is implemented in assembler
+# MD5_ASM   use some extra md5 assembler,
+# SHA1_ASM  use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASMuse some extra ripemd160 assembler,
+# SHA256_ASMsha256_block is implemented in assembler
+# SHA512_ASMsha512_block is implemented in assembler
+# AES_ASM   AES_[en|de]crypt is implemented in assembler
 
 # Minimum warning options... any contributions to OpenSSL should at least get
 # past these.
@@ -231,20 +231,20 @@ if (grep /^reconf(igure)?$/, @argvcopy) {
 die "reconfiguring with other arguments present isn't supported"
 if scalar @argvcopy > 1;
 if (-f "./configdata.pm") {
-   my $file = "./configdata.pm";
-   unless (my $return = do $file) {
-   die "couldn't parse $file: $@" if $@;
+my $file = "./configdata.pm";
+unless (my $return = do $file) {
+die "couldn't parse $file: $@" if $@;
 die "couldn't do $file: $!"unless defined $return;
 die "couldn't run $file"   unless $return;
-   }
+}
 
-   @argvcopy = defined($configdata::config{perlargv}) ?
-   @{$configdata::config{perlargv}} : ();
-   die "Incorrect data to reconfigure, please do a normal configuration\n"
-   if

[openssl] master update

2019-03-19 Thread matthias . st . pierre

The branch master has been updated
   via  84f32c84511dbac33adee4268341bef3b49a0af2 (commit)
  from  5d677186e9e50ac9ed1e48d535044d4927775c28 (commit)


- Log -
commit 84f32c84511dbac33adee4268341bef3b49a0af2
Author: Dr. Matthias St. Pierre 
Date:   Mon Mar 18 11:43:59 2019 +0100

Configure: untabify indentation

The indentation in the Configure file is currently very strange when
viewed in an editor with a tab width of four spaces, because it has
mixed tab-and-whitespace indentation, which was apparently done with
a tab width of eight spaces.

This commit converts all tabs to spaces using expand(1) with default
settings. To verify that there are only whitespace changes, use

   git show --ignore-space-change  

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8492)

---

Summary of changes:
 Configure | 1194 ++---
 1 file changed, 597 insertions(+), 597 deletions(-)

diff --git a/Configure b/Configure
index 6b533f4..5f0ca11 100755
--- a/Configure
+++ b/Configure
@@ -55,7 +55,7 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 # [no-]threads  [don't] try to create a library that is suitable for
 #   multithreaded applications (default is "threads" if we
 #   know how to do it)
-# [no-]shared  [don't] try to create shared libraries when supported.
+# [no-]shared   [don't] try to create shared libraries when supported.
 # [no-]pic  [don't] try to build position independent code when supported.
 #   If disabled, it also disables shared and dynamic-engine.
 # no-asmdo not use assembler
@@ -63,8 +63,8 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 #   will ensure that all methods just return NULL.
 # no-egddo not compile support for the entropy-gathering daemon APIs
 # [no-]zlib [don't] compile support for zlib compression.
-# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-#  library and will be loaded in run-time by the OpenSSL library.
+# zlib-dynamic  Like "zlib", but the zlib library is expected to be a shared
+#   library and will be loaded in run-time by the OpenSSL library.
 # sctp  include SCTP support
 # enable-weak-ssl-ciphers
 #   Enable weak ciphers that are disabled by default.
@@ -91,18 +91,18 @@ my $usage="Usage: Configure [no- ...] 
[enable- ...] [-Dxxx] [-lx
 #   production quality.
 #
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-#  provided to stack calls. Generates unique stack functions for
-#  each possible stack type.
-# BN_LLONG use the type 'long long' in crypto/bn/bn.h
-# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+#   provided to stack calls. Generates unique stack functions for
+#   each possible stack type.
+# BN_LLONG  use the type 'long long' in crypto/bn/bn.h
+# RC4_CHAR  use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # Following are set automatically by this script
 #
-# MD5_ASM  use some extra md5 assembler,
-# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
-# RMD160_ASM   use some extra ripemd160 assembler,
-# SHA256_ASM   sha256_block is implemented in assembler
-# SHA512_ASM   sha512_block is implemented in assembler
-# AES_ASM  AES_[en|de]crypt is implemented in assembler
+# MD5_ASM   use some extra md5 assembler,
+# SHA1_ASM  use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASMuse some extra ripemd160 assembler,
+# SHA256_ASMsha256_block is implemented in assembler
+# SHA512_ASMsha512_block is implemented in assembler
+# AES_ASM   AES_[en|de]crypt is implemented in assembler
 
 # Minimum warning options... any contributions to OpenSSL should at least get
 # past these.
@@ -236,20 +236,20 @@ if (grep /^reconf(igure)?$/, @argvcopy) {
 die "reconfiguring with other arguments present isn't supported"
 if scalar @argvcopy > 1;
 if (-f "./configdata.pm") {
-   my $file = "./configdata.pm";
-   unless (my $return = do $file) {
-   die "couldn't parse $file: $@" if $@;
+my $file = "./configdata.pm";
+unless (my $return = do $file) {
+die "couldn't parse $file: $@" if $@;
 die "couldn't do $file: $!"unless defined $return;
 die "couldn't run $file"   unless $return;
-   }
+}
 
-   @argvcopy = defined($configdata::config{perlargv}) ?
-   @{$configdata::config{perlargv}} : ();
-   die "Incorrect data to reconfigure, please do a normal

[openssl] master update

2019-03-19 Thread Dr . Paul Dale

The branch master has been updated
   via  5d677186e9e50ac9ed1e48d535044d4927775c28 (commit)
  from  1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312 (commit)


- Log -
commit 5d677186e9e50ac9ed1e48d535044d4927775c28
Author: Pauli 
Date:   Sun Mar 17 19:58:24 2019 +1000

Fix resource leak coverity 1443711.
Free the allocated pointer on error.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8503)

---

Summary of changes:
 test/params_api_test.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/test/params_api_test.c b/test/params_api_test.c
index 97c8a9d..e592661 100644
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -465,7 +465,7 @@ static int test_param_construct(void)
 OSSL_PARAM params[20];
 char buf[100], buf2[100], *bufp, *bufp2;
 unsigned char ubuf[100];
-void *vp, *vp2;
+void *vp, *vpn = NULL, *vp2;
 OSSL_PARAM *p;
 const OSSL_PARAM *cp;
 static const OSSL_PARAM pend = OSSL_PARAM_END;
@@ -557,7 +557,6 @@ static int test_param_construct(void)
 || !TEST_ptr_eq(bufp2, bufp))
 goto err;
 /* OCTET string */
-vp = NULL;
 if (!TEST_ptr(p = locate(params, "octstr"))
 || !TEST_true(OSSL_PARAM_set_octet_string(p, "abcdefghi",
   sizeof("abcdefghi")))
@@ -565,12 +564,11 @@ static int test_param_construct(void)
 goto err;
 /* Match the return size to avoid trailing garbage bytes */
 p->data_size = *p->return_size;
-if (!TEST_true(OSSL_PARAM_get_octet_string(p, , 0, ))
+if (!TEST_true(OSSL_PARAM_get_octet_string(p, , 0, ))
 || !TEST_size_t_eq(s, sizeof("abcdefghi"))
-|| !TEST_mem_eq(vp, sizeof("abcdefghi"),
+|| !TEST_mem_eq(vpn, sizeof("abcdefghi"),
 "abcdefghi", sizeof("abcdefghi")))
 goto err;
-OPENSSL_free(vp);
 vp = buf2;
 if (!TEST_true(OSSL_PARAM_get_octet_string(p, , sizeof(buf2), ))
 || !TEST_size_t_eq(s, sizeof("abcdefghi"))
@@ -604,6 +602,7 @@ static int test_param_construct(void)
 goto err;
 ret = 1;
 err:
+OPENSSL_free(vpn);
 BN_free(bn);
 BN_free(bn2);
 return ret;

Still Failing: openssl/openssl#24153 (OpenSSL_1_1_1-stable - 0584ce7)

Build Update for openssl/openssl
-

Build: #24153
Status: Still Failing

Duration: 22 mins and 58 secs
Commit: 0584ce7 (OpenSSL_1_1_1-stable)
Author: Richard Levitte
Message: Add missing '.text' in crypto/bn/asm/ppc.pl

Fixes #8495

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/8496)

(cherry picked from commit 2864df8f9d3264e19b49a246e272fb513f4c1be3)

View the changeset: 
https://github.com/openssl/openssl/compare/c8a9fa6910c3...0584ce737efd

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/508239840?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#24150 (OpenSSL_1_1_1-stable - c8a9fa6)

Build Update for openssl/openssl
-

Build: #24150
Status: Still Failing

Duration: 24 mins and 28 secs
Commit: c8a9fa6 (OpenSSL_1_1_1-stable)
Author: Shane Lontis
Message: Added NULL check to BN_clear() & BN_CTX_end()

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8518)

(cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c)

View the changeset: 
https://github.com/openssl/openssl/compare/202f7c56597e...c8a9fa6910c3

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/508238564?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  0d0d12b80456c81faef31fddb9d8e2ccacc2eece (commit)
  from  0584ce737efd26aa82d659087fc9f081ef8e30c4 (commit)


- Log -
commit 0d0d12b80456c81faef31fddb9d8e2ccacc2eece
Author: Hua Zhang 
Date:   Wed Mar 13 14:28:44 2019 +0800

Fix compiling error for mips32r6 and mips64r6

There are some compiling errors for mips32r6 and mips64r6:

crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: 
mips2 (mips2) `mulu $1,$12,$7'
crypto/mips_arch.h: Assembler messages:
crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized 
character is `&'

Signed-off-by: Hua Zhang 

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8464)

(cherry picked from commit 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312)

---

Summary of changes:
 crypto/bn/asm/mips.pl | 2 +-
 crypto/mips_arch.h| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 3875132..8574e57 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) {
$SZREG=4;
$REG_S="sw";
$REG_L="lw";
-   $code=".set mips2\n";
+   $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set   
  mips2\n#endif\n";
 }
 
 # Below is N32/64 register layout used in the original module.
diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h
index 75043e7..6145f4d 100644
--- a/crypto/mips_arch.h
+++ b/crypto/mips_arch.h
@@ -11,7 +11,7 @@
 # define __MIPS_ARCH_H__
 
 # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
-  defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
+  defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \
   && !defined(_MIPS_ARCH_MIPS32R2)
 #  define _MIPS_ARCH_MIPS32R2
 # endif

[openssl] master update

The branch master has been updated
   via  1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312 (commit)
  from  2864df8f9d3264e19b49a246e272fb513f4c1be3 (commit)


- Log -
commit 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312
Author: Hua Zhang 
Date:   Wed Mar 13 14:28:44 2019 +0800

Fix compiling error for mips32r6 and mips64r6

There are some compiling errors for mips32r6 and mips64r6:

crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: 
mips2 (mips2) `mulu $1,$12,$7'
crypto/mips_arch.h: Assembler messages:
crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized 
character is `&'

Signed-off-by: Hua Zhang 

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8464)

---

Summary of changes:
 crypto/bn/asm/mips.pl | 2 +-
 crypto/mips_arch.h| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 51a4b5f..bff624d 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -88,7 +88,7 @@ if ($flavour =~ /64|n32/i) {
$SZREG=4;
$REG_S="sw";
$REG_L="lw";
-   $code=".set mips2\n";
+   $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set   
  mips2\n#endif\n";
 }
 
 # Below is N32/64 register layout used in the original module.
diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h
index 0ac3bfa..df4ff7a 100644
--- a/crypto/mips_arch.h
+++ b/crypto/mips_arch.h
@@ -11,7 +11,7 @@
 # define __MIPS_ARCH_H__
 
 # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
-  defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
+  defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \
   && !defined(_MIPS_ARCH_MIPS32R2)
 #  define _MIPS_ARCH_MIPS32R2
 # endif

[openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  0584ce737efd26aa82d659087fc9f081ef8e30c4 (commit)
  from  c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe (commit)


- Log -
commit 0584ce737efd26aa82d659087fc9f081ef8e30c4
Author: Richard Levitte 
Date:   Sat Mar 16 10:15:19 2019 +0100

Add missing '.text' in crypto/bn/asm/ppc.pl

Fixes #8495

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/8496)

(cherry picked from commit 2864df8f9d3264e19b49a246e272fb513f4c1be3)

---

Summary of changes:
 crypto/bn/asm/ppc.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
index e370681..f43018a 100644
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -258,6 +258,7 @@ $data=<

[openssl] master update

The branch master has been updated
   via  2864df8f9d3264e19b49a246e272fb513f4c1be3 (commit)
  from  93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65 (commit)


- Log -
commit 2864df8f9d3264e19b49a246e272fb513f4c1be3
Author: Richard Levitte 
Date:   Sat Mar 16 10:15:19 2019 +0100

Add missing '.text' in crypto/bn/asm/ppc.pl

Fixes #8495

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/8496)

---

Summary of changes:
 crypto/bn/asm/ppc.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
index f251e8e..21f6963 100644
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -258,6 +258,7 @@ $data=<

[openssl] master update

The branch master has been updated
   via  93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65 (commit)
  from  ce1415ed2ce15305356cd028bcf7b9bc688d6d5c (commit)


- Log -
commit 93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65
Author: Richard Levitte 
Date:   Sat Mar 16 12:07:35 2019 +0100

Fix no-posix-io

'openssl pkeyutl' uses stat() to determine the file size when signing using
Ed25519/Ed448, and this was guarded with OPENSSL_NO_POSIX_IO.

It is however arguable if stat() is a POSIX IO function, considering
that it doesn't use file descriptors, and even more so since we use
stat() elsewhere without that guard.

This will allow test/recipes/20-test_pkeyutl.t to be able to do its
work for Ed25519/Ed448 signature tests.

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/8498)

---

Summary of changes:
 apps/pkeyutl.c | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 0c27589..7f1e621 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -13,9 +13,7 @@
 #include 
 #include 
 #include 
-#ifndef OPENSSL_NO_POSIX_IO
-# include 
-#endif
+#include 
 
 #define KEY_NONE0
 #define KEY_PRIVKEY 1
@@ -348,15 +346,12 @@ int pkeyutl_main(int argc, char **argv)
 
 if (pkey_op != EVP_PKEY_OP_DERIVE) {
 in = bio_open_default(infile, 'r', FORMAT_BINARY);
-#ifndef OPENSSL_NO_POSIX_IO
-if (infile != NULL)
-{
+if (infile != NULL) {
 struct stat st;
 
 if (stat(infile, ) == 0 && st.st_size <= INT_MAX)
 filesize = (int)st.st_size;
 }
-#endif
 if (in == NULL)
 goto end;
 }

[openssl] OpenSSL_1_1_1-stable update

The branch OpenSSL_1_1_1-stable has been updated
   via  c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe (commit)
  from  202f7c56597eb6f57eba1ea31503a734e5fbf930 (commit)


- Log -
commit c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe
Author: Shane Lontis 
Date:   Tue Mar 19 09:58:09 2019 +1000

Added NULL check to BN_clear() & BN_CTX_end()

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8518)

(cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c)

---

Summary of changes:
 crypto/bn/bn_ctx.c   |  2 ++
 crypto/bn/bn_lib.c   |  2 ++
 crypto/bn/bn_prime.c |  3 +--
 crypto/dh/dh_check.c | 18 ++
 crypto/dh/dh_gen.c   |  6 ++
 crypto/dh/dh_key.c   |  6 ++
 crypto/dsa/dsa_gen.c |  6 ++
 crypto/ec/ec2_smpl.c |  3 +--
 crypto/ec/ec_lib.c   |  3 +--
 crypto/ec/ec_mult.c  |  3 +--
 crypto/ec/ecdh_ossl.c|  3 +--
 crypto/ec/ecp_nistz256.c |  3 +--
 crypto/ec/ecp_smpl.c |  6 ++
 crypto/rsa/rsa_gen.c |  3 +--
 crypto/rsa/rsa_ossl.c| 12 
 crypto/rsa/rsa_x931g.c   |  6 ++
 16 files changed, 31 insertions(+), 54 deletions(-)

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 54b7999..90cecea 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx)
 
 void BN_CTX_end(BN_CTX *ctx)
 {
+if (ctx == NULL)
+return;
 CTXDBG_ENTRY("BN_CTX_end", ctx);
 if (ctx->err_stack)
 ctx->err_stack--;
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 8286b38..f93bbcf 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
 
 void BN_clear(BIGNUM *a)
 {
+if (a == NULL)
+return;
 bn_check_top(a);
 if (a->d != NULL)
 OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index b91b31b..236b711 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -135,8 +135,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 found = 1;
  err:
 OPENSSL_free(mods);
-if (ctx != NULL)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 bn_check_top(ret);
 return found;
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index fc45577..52cc0eb 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret)
 
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
 
@@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret)
 }
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
 
@@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, 
int *ret)
 
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 59137e0..b115028 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int 
generator,
 ok = 0;
 }
 
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4f85be7..182ce32 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM 
*pub_key, DH *dh)
 
 ret = BN_bn2bin(tmp, key);
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ret;
 }
 
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 383d853..30b20bb 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t 
qbits,
 if (seed_out)
 memcpy(seed_out, seed, qsize);
 }
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 BN_MONT_CTX_free(mont);
 return ok;
@@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 OPENSSL_free(seed);
 if (seed_out != seed_tmp)
 OPENSSL_free(seed_tmp);
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 BN_MONT_CTX_free(mont);
 EVP_MD_CTX_free(mctx);
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 0a05a7a..898e741 100644
---

[openssl] master update

The branch master has been updated
   via  ce1415ed2ce15305356cd028bcf7b9bc688d6d5c (commit)
  from  226f2bf191ba8c2b33749ddc80c9ace051bebf80 (commit)


- Log -
commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c
Author: Shane Lontis 
Date:   Tue Mar 19 09:58:09 2019 +1000

Added NULL check to BN_clear() & BN_CTX_end()

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8518)

---

Summary of changes:
 crypto/bn/bn_ctx.c   |  2 ++
 crypto/bn/bn_lib.c   |  2 ++
 crypto/bn/bn_prime.c |  3 +--
 crypto/dh/dh_check.c | 18 ++
 crypto/dh/dh_gen.c   |  6 ++
 crypto/dh/dh_key.c   |  6 ++
 crypto/dsa/dsa_gen.c |  6 ++
 crypto/ec/ec2_smpl.c |  3 +--
 crypto/ec/ec_lib.c   |  3 +--
 crypto/ec/ec_mult.c  |  3 +--
 crypto/ec/ecdh_ossl.c|  3 +--
 crypto/ec/ecp_nistz256.c |  3 +--
 crypto/ec/ecp_smpl.c |  6 ++
 crypto/rsa/rsa_gen.c |  3 +--
 crypto/rsa/rsa_ossl.c| 12 
 crypto/rsa/rsa_x931g.c   |  6 ++
 16 files changed, 31 insertions(+), 54 deletions(-)

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 9e908bf..62e29b5 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -184,6 +184,8 @@ void BN_CTX_start(BN_CTX *ctx)
 
 void BN_CTX_end(BN_CTX *ctx)
 {
+if (ctx == NULL)
+return;
 CTXDBG("ENTER BN_CTX_end()", ctx);
 if (ctx->err_stack)
 ctx->err_stack--;
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 6de17c3..17293ed 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
 
 void BN_clear(BIGNUM *a)
 {
+if (a == NULL)
+return;
 bn_check_top(a);
 if (a->d != NULL)
 OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 7a87b97..2c9f89d 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -170,8 +170,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 found = 1;
  err:
 OPENSSL_free(mods);
-if (ctx != NULL)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 bn_check_top(ret);
 return found;
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 31332cd..cd7f70b 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret)
 
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
 
@@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret)
 }
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
 
@@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, 
int *ret)
 
 ok = 1;
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 4e4aeb3..1e5c7ca 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int 
generator,
 ok = 0;
 }
 
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ok;
 }
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 58210fb..4b0b1f3 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM 
*pub_key, DH *dh)
 
 ret = BN_bn2bin(tmp, key);
  err:
-if (ctx != NULL) {
-BN_CTX_end(ctx);
-BN_CTX_free(ctx);
-}
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
 return ret;
 }
 
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 2c42049..858f127 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t 
qbits,
 if (seed_out)
 memcpy(seed_out, seed, qsize);
 }
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 BN_MONT_CTX_free(mont);
 return ok;
@@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 OPENSSL_free(seed);
 if (seed_out != seed_tmp)
 OPENSSL_free(seed_tmp);
-if (ctx)
-BN_CTX_end(ctx);
+BN_CTX_end(ctx);
 BN_CTX_free(ctx);
 BN_MONT_CTX_free(mont);
 EVP_MD_CTX_free(mctx);
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 7bd2a63..ebd6f21 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -204,8 +204,7 @@ int

[openssl] master update

The branch master has been updated
   via  226f2bf191ba8c2b33749ddc80c9ace051bebf80 (commit)
  from  16bfe6cee0853bd340e270f2deda6000ea6eeaa9 (commit)


- Log -
commit 226f2bf191ba8c2b33749ddc80c9ace051bebf80
Author: Benjamin Kaduk 
Date:   Thu Mar 14 12:55:03 2019 -0500

Fix strict-warnings build on FreeBSD

The 'key' member of the (system-defined!) struct session op is of
type c_caddr_t, which can be (signed) char, so inter-casting with the
unsigned char* input to cipher_init() causes -Wpointer-sign errors, and we
can't change the signature of cipher_init() due to the function pointer
type required by EVP_CIPHER_meth_set_init().

As the least-bad option, introduce a void* cast to quell the following
warning:
engines/e_devcrypto.c:356:36: error: passing 'c_caddr_t' (aka 'const char 
*') to
  parameter of type 'const unsigned char *' converts between pointers 
to integer
  types with different sign [-Werror,-Wpointer-sign]
return cipher_init(to_ctx, cipher_ctx->sess.key, 
EVP_CIPHER_CTX_iv(ctx),
   ^~~~
engines/e_devcrypto.c:191:66: note: passing argument to parameter 'key' here
static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/8509)

---

Summary of changes:
 engines/e_devcrypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index c0b0d1e..b1e8709 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -353,7 +353,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int 
p1, void* p2)
 to_cipher_ctx =
 (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
 memset(_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
-return cipher_init(to_ctx, cipher_ctx->sess.key, 
EVP_CIPHER_CTX_iv(ctx),
+return cipher_init(to_ctx, (void *)cipher_ctx->sess.key, 
EVP_CIPHER_CTX_iv(ctx),
(cipher_ctx->op == COP_ENCRYPT));
 
 case EVP_CTRL_INIT:

[openssl] master update