[openssl] master update
The branch master has been updated via f22431f2cd9e96cf75fd020c6e5019ff58f710cf (commit) from ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit) - Log - commit f22431f2cd9e96cf75fd020c6e5019ff58f710cf Author: Shane Lontis Date: Wed Sep 18 15:57:08 2019 +1000 Add IDEA ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9917) --- Summary of changes: crypto/evp/evp_enc.c | 4 + providers/common/include/internal/provider_algs.h | 6 + providers/default/ciphers/build.info | 5 + providers/default/ciphers/cipher_idea.c| 46 ++ .../ciphers/{cipher_blowfish.h => cipher_idea.h} | 16 +- providers/default/ciphers/cipher_idea_hw.c | 56 +++ providers/default/defltprov.c | 6 + test/recipes/30-test_evp.t | 2 + test/recipes/30-test_evp_data/evpciph_idea.txt | 555 + 9 files changed, 688 insertions(+), 8 deletions(-) create mode 100644 providers/default/ciphers/cipher_idea.c copy providers/default/ciphers/{cipher_blowfish.h => cipher_idea.h} (55%) create mode 100644 providers/default/ciphers/cipher_idea_hw.c create mode 100644 test/recipes/30-test_evp_data/evpciph_idea.txt diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 9a4e40d9a9..b0eff2d528 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -235,6 +235,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_bf_ecb: case NID_bf_cfb64: case NID_bf_ofb64: +case NID_idea_cbc: +case NID_idea_ecb: +case NID_idea_cfb64: +case NID_idea_ofb64: break; default: goto legacy; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 5f54612b0a..9e0a96e9ad 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -122,6 +122,12 @@ extern const OSSL_DISPATCH blowfish128cbc_functions[]; extern const OSSL_DISPATCH blowfish64ofb64_functions[]; extern const OSSL_DISPATCH blowfish64cfb64_functions[]; #endif /* OPENSSL_NO_BF */ +#ifndef OPENSSL_NO_IDEA +extern const OSSL_DISPATCH idea128ecb_functions[]; +extern const OSSL_DISPATCH idea128cbc_functions[]; +extern const OSSL_DISPATCH idea128ofb64_functions[]; +extern const OSSL_DISPATCH idea128cfb64_functions[]; +#endif /* OPENSSL_NO_IDEA */ extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index a4ca5cc6c8..3722215daf 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -24,4 +24,9 @@ IF[{- !$disabled{bf} -}] cipher_blowfish.c cipher_blowfish_hw.c ENDIF +IF[{- !$disabled{idea} -}] + SOURCE[../../../libcrypto]=\ + cipher_idea.c cipher_idea_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_idea.c b/providers/default/ciphers/cipher_idea.c new file mode 100644 index 00..6bb5419b6d --- /dev/null +++ b/providers/default/ciphers/cipher_idea.c @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for Idea cipher modes ecb, cbc, ofb, cfb */ + +#include "cipher_idea.h" +#include "internal/provider_algs.h" + +static OSSL_OP_cipher_freectx_fn idea_freectx; +static OSSL_OP_cipher_dupctx_fn idea_dupctx; + +static void idea_freectx(void *vctx) +{ +PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx; + +OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *idea_dupctx(void *ctx) +{ +PROV_IDEA_CTX *in = (PROV_IDEA_CTX *)ctx; +PROV_IDEA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + +if (ret == NULL) { +ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); +return NULL; +} +*ret = *in; + +return ret; +} + +/* idea128ecb_functions */ +IMPLEMENT_generic_cipher(idea, IDEA, ecb, ECB, 0, 128, 64, 0, block) +/* idea128cbc_functions */ +IMPLEMENT_generic_cipher(idea, IDEA, cbc, CBC, 0, 128, 64, 64, block) +/* idea128ofb64_functions */ +IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, stream) +/* idea128cfb64_functions */ +IMPLEMENT_generic_cipher(idea, IDEA, cfb64, CFB, 0, 128, 8, 64, stream) diff --git a/providers/default/ciphers/cipher_blowfish.h
Still Failing: openssl/openssl#28381 (master - 793374c)
Build Update for openssl/openssl - Build: #28381 Status: Still Failing Duration: 29 mins and 31 secs Commit: 793374c (master) Author: Shane Lontis Message: Fix Coverity CID:1453685 'unreachable code' in aes_xts code. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9902) View the changeset: https://github.com/openssl/openssl/compare/d5d32e784dd2...793374c82abd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586375681?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#28380 (master - d5d32e7)
Build Update for openssl/openssl - Build: #28380 Status: Still Failing Duration: 20 mins and 3 secs Commit: d5d32e7 (master) Author: Richard Levitte Message: crypto/bn/build.info: Correct use of SSE2 definition Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9879) View the changeset: https://github.com/openssl/openssl/compare/dbcc7b456704...d5d32e784dd2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586373831?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit) from 793374c82abd3215ec33d989810214a871849eda (commit) - Log - commit ecae0575103918868b29cc11aa35e3b91fe7dcc8 Author: Shane Lontis Date: Wed Sep 18 15:26:19 2019 +1000 Fix Compiler error/warning for windows icl build Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9907) --- Summary of changes: include/internal/refcount.h | 15 +++ 1 file changed, 15 insertions(+) diff --git a/include/internal/refcount.h b/include/internal/refcount.h index eddf12415f..1619b28932 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -73,6 +73,21 @@ static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } +# elif defined(__ICL) && defined(_WIN32) +# define HAVE_ATOMICS 1 +typedef volatile int CRYPTO_REF_COUNT; + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +{ +*ret = _InterlockedExchangeAdd((void *)val, 1) + 1; +return 1; +} + +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +{ +*ret = _InterlockedExchangeAdd((void *)val, -1) - 1; +return 1; +} # elif defined(_MSC_VER) && _MSC_VER>=1200
[openssl] master update
The branch master has been updated via 793374c82abd3215ec33d989810214a871849eda (commit) from d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit) - Log - commit 793374c82abd3215ec33d989810214a871849eda Author: Shane Lontis Date: Wed Sep 18 15:20:30 2019 +1000 Fix Coverity CID:1453685 'unreachable code' in aes_xts code. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9902) --- Summary of changes: providers/common/ciphers/cipher_aes_xts.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/providers/common/ciphers/cipher_aes_xts.c b/providers/common/ciphers/cipher_aes_xts.c index c85475442b..0d642368b3 100644 --- a/providers/common/ciphers/cipher_aes_xts.c +++ b/providers/common/ciphers/cipher_aes_xts.c @@ -176,7 +176,6 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl, else if (CRYPTO_xts128_encrypt(>xts, ctx->base.iv, in, out, inl, ctx->base.enc)) return 0; -return 1; *outl = inl; return 1; @@ -198,7 +197,6 @@ static int aes_xts_stream_update(void *vctx, unsigned char *out, size_t *outl, return 0; } -*outl = inl; return 1; }
[openssl] master update
The branch master has been updated via d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit) from dbcc7b45670483cc89428afe1d3c363ef83d76df (commit) - Log - commit d5d32e784dd2ac25b3c773893f94484bcda5a23d Author: Richard Levitte Date: Thu Sep 12 13:27:52 2019 +0200 crypto/bn/build.info: Correct use of SSE2 definition Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9879) --- Summary of changes: crypto/bn/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 669256d8e3..18b5950f6d 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -96,7 +96,7 @@ IF[{- !$disabled{asm} -}] $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_ec2m ENDIF IF[{- !$disabled{sse2} -}] - DEFINE[]=$BNDEF_{- $target{asm_arch} -}_sse2 + $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_sse2 ENDIF ENDIF ENDIF
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: dbcc7b4567 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present 8c95977fbf Fix Solaris aes_hw_t4 compile issue Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . skipped: Only supported in no-shared builds 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a dso build 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t
Build completed: openssl master.27804
Build openssl master.27804 completed Commit 51f766442f by agnosticdev on 9/18/2019 1:56 AM: issue-9893: Addressed documentation feedback Configure your notification preferences
Build failed: openssl master.27803
Build openssl master.27803 failed Commit fa0b42adad by Ilya Tokar on 8/14/2019 9:33 PM: Save frame pointer in sha1. Configure your notification preferences
Build failed: openssl master.27800
Build openssl master.27800 failed Commit ee9a4b666d by Robbie Harwood on 9/10/2019 9:46 PM: [KDF] Add KBKDF implementation for counter-mode HMAC Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: 3b2f8c771a Fix building statically without any dso support 1aa89a7a3a Unify all assembler file generators a1c8befd66 build.info: For all assembler generators, remove all arguments 593d5c2fad Build files: Unify standard arguments for assembler generating scrips 6ef03ea98f clearing the ecx private key memory 1ce6044206 Avoid mentioning ctrl_str in the MAC documentation. 2710e8a888 Use "PARAMETERS" in the documentation headings. Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t .. ok
[openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via a3b54f0f5de1ad17889fd23aee7c230eefc300cd (commit) from 4eabf3d6541e83ae4443384ca3c4cf516930bfd8 (commit) - Log - commit a3b54f0f5de1ad17889fd23aee7c230eefc300cd Author: Nicola Tuveri Date: Thu Sep 12 01:57:47 2019 +0300 Fix no-ec2m in ec_curve.c (1.1.0) I made a mistake in d4a5dac9f9242c580fb9d0a4389440eccd3494a7 and inverted the GF2m and GFp calls in ec_point_get_affine_coordinates, this fixes it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9873) --- Summary of changes: crypto/ec/ec_curve.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 2d28d7f70b..6a58b3a23e 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3200,11 +3200,11 @@ int ec_point_get_affine_coordinates(const EC_GROUP *group, #ifndef OPENSSL_NO_EC2M if (field_nid == NID_X9_62_characteristic_two_field) { -return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); +return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); } else #endif /* !def(OPENSSL_NO_EC2M) */ if (field_nid == NID_X9_62_prime_field) { -return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); +return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); } else { /* this should never happen */ return 0;
Build completed: openssl master.27791
Build openssl master.27791 completed Commit dbcc7b4567 by Jon Spillett on 9/17/2019 8:57 AM: apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Configure your notification preferences
Still Failing: openssl/openssl#28363 (OpenSSL_1_1_1-stable - 58f0a4f)
Build Update for openssl/openssl - Build: #28363 Status: Still Failing Duration: 10 mins and 26 secs Commit: 58f0a4f (OpenSSL_1_1_1-stable) Author: Jon Spillett Message: apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Currently the pkcs12 app will only ever print the first value of a multi-value attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but may miss values for other attributes. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9751) (cherry picked from commit dbcc7b45670483cc89428afe1d3c363ef83d76df) View the changeset: https://github.com/openssl/openssl/compare/8dcd57461972...58f0a4f16b6e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/585965865?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#28362 (master - dbcc7b4)
Build Update for openssl/openssl - Build: #28362 Status: Still Failing Duration: 14 mins and 52 secs Commit: dbcc7b4 (master) Author: Jon Spillett Message: apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Currently the pkcs12 app will only ever print the first value of a multi-value attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but may miss values for other attributes. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9751) View the changeset: https://github.com/openssl/openssl/compare/8c95977fbf40...dbcc7b456704 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/585963953?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 58f0a4f16b6e7f876f8ba68e4e850304a729cd5c (commit) from 8dcd57461972dceaaf014b71d173d0a8758e7054 (commit) - Log - commit 58f0a4f16b6e7f876f8ba68e4e850304a729cd5c Author: Jon Spillett Date: Mon Sep 2 10:06:29 2019 +1000 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Currently the pkcs12 app will only ever print the first value of a multi-value attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but may miss values for other attributes. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9751) (cherry picked from commit dbcc7b45670483cc89428afe1d3c363ef83d76df) --- Summary of changes: CHANGES | 4 +++- apps/pkcs12.c | 64 +++ 2 files changed, 41 insertions(+), 27 deletions(-) diff --git a/CHANGES b/CHANGES index 18e47078b6..a10d679ddb 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,9 @@ Changes between 1.1.1d and 1.1.1e [xx XXX ] - *) + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] Changes between 1.1.1c and 1.1.1d [10 Sep 2019] diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d0600b3760..3603b60c19 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc); +void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) return ret; } +/* Generalised x509 attribute value print */ + +void print_attribute(BIO *out, const ASN1_TYPE *av) +{ +char *value; + +switch (av->type) { +case V_ASN1_BMPSTRING: +value = OPENSSL_uni2asc(av->value.bmpstring->data, +av->value.bmpstring->length); +BIO_printf(out, "%s\n", value); +OPENSSL_free(value); +break; + +case V_ASN1_OCTET_STRING: +hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); +BIO_printf(out, "\n"); +break; + +case V_ASN1_BIT_STRING: +hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); +BIO_printf(out, "\n"); +break; + +default: +BIO_printf(out, "\n", av->type); +break; +} +} + /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, @@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, { X509_ATTRIBUTE *attr; ASN1_TYPE *av; -char *value; -int i, attr_nid; +int i, j, attr_nid; if (!attrlst) { BIO_printf(out, "%s: \n", name); return 1; @@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, } if (X509_ATTRIBUTE_count(attr)) { -av = X509_ATTRIBUTE_get0_type(attr, 0); -switch (av->type) { -case V_ASN1_BMPSTRING: -value = OPENSSL_uni2asc(av->value.bmpstring->data, -av->value.bmpstring->length); -BIO_printf(out, "%s\n", value); -OPENSSL_free(value); -break; - -case V_ASN1_OCTET_STRING: -hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); -BIO_printf(out, "\n"); -break; - -case V_ASN1_BIT_STRING: -hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); -BIO_printf(out, "\n"); -break; - -default: -BIO_printf(out, "\n", av->type); -break; +for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) +{ +av = X509_ATTRIBUTE_get0_type(attr, j); +print_attribute(out, av); } } else { BIO_printf(out, "\n");
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 3b2f8c771a Fix building statically without any dso support 1aa89a7a3a Unify all assembler file generators a1c8befd66 build.info: For all assembler generators, remove all arguments 593d5c2fad Build files: Unify standard arguments for assembler generating scrips 6ef03ea98f clearing the ecx private key memory 1ce6044206 Avoid mentioning ctrl_str in the MAC documentation. 2710e8a888 Use "PARAMETERS" in the documentation headings. Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t
[openssl] master update
The branch master has been updated via dbcc7b45670483cc89428afe1d3c363ef83d76df (commit) from 8c95977fbf401df72c9a236348130ba4483d7691 (commit) - Log - commit dbcc7b45670483cc89428afe1d3c363ef83d76df Author: Jon Spillett Date: Mon Sep 2 10:06:29 2019 +1000 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Currently the pkcs12 app will only ever print the first value of a multi-value attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but may miss values for other attributes. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9751) --- Summary of changes: CHANGES | 4 apps/pkcs12.c | 64 +++ 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 65b344efe4..c32f768fc8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1 and 3.0.0 [xx XXX ] + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] + *) Deprecated the public definition of ERR_STATE as well as the function ERR_get_state(). This is done in preparation of making ERR_STATE an opaque type. diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 407340b388..902b75029c 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc); +void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) return ret; } +/* Generalised x509 attribute value print */ + +void print_attribute(BIO *out, const ASN1_TYPE *av) +{ +char *value; + +switch (av->type) { +case V_ASN1_BMPSTRING: +value = OPENSSL_uni2asc(av->value.bmpstring->data, +av->value.bmpstring->length); +BIO_printf(out, "%s\n", value); +OPENSSL_free(value); +break; + +case V_ASN1_OCTET_STRING: +hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); +BIO_printf(out, "\n"); +break; + +case V_ASN1_BIT_STRING: +hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); +BIO_printf(out, "\n"); +break; + +default: +BIO_printf(out, "\n", av->type); +break; +} +} + /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, @@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, { X509_ATTRIBUTE *attr; ASN1_TYPE *av; -char *value; -int i, attr_nid; +int i, j, attr_nid; if (!attrlst) { BIO_printf(out, "%s: \n", name); return 1; @@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, } if (X509_ATTRIBUTE_count(attr)) { -av = X509_ATTRIBUTE_get0_type(attr, 0); -switch (av->type) { -case V_ASN1_BMPSTRING: -value = OPENSSL_uni2asc(av->value.bmpstring->data, -av->value.bmpstring->length); -BIO_printf(out, "%s\n", value); -OPENSSL_free(value); -break; - -case V_ASN1_OCTET_STRING: -hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); -BIO_printf(out, "\n"); -break; - -case V_ASN1_BIT_STRING: -hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); -BIO_printf(out, "\n"); -break; - -default: -BIO_printf(out, "\n", av->type); -break; +for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) +{ +av = X509_ATTRIBUTE_get0_type(attr, j); +print_attribute(out, av); } } else { BIO_printf(out, "\n");
Build failed: openssl master.27790
Build openssl master.27790 failed Commit 818506b837 by Jon Spillett on 9/17/2019 5:48 AM: Add option grouping to pkcs12 app Configure your notification preferences